“Yet another flaw”:http://www.nytimes.com/2006/05/12/us/12vote.html?ex=1305086400&en=5b3554a76aad524a&ei=5090&partner=rssuserland&emc=rss has been discovered in Diebold’s electronic voting machines. Company spokesman David Bear presents the watertight case for the defence:
bq. “For there to be a problem here, you’re basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software,” he said. “I don’t believe these evil elections people exist.”
This guy should get some kind of prize. America is the country that gave us the word “ratfucking”:http://en.wikipedia.org/wiki/Ratfucking, where party operatives “jam the phone lines”:http://www.talkingpointsmemo.com/phonejamming.php of their opponents on election day, and where people say they want to die in Chicago so they can remain politically active.
{ 41 comments }
Uncle Jeffy 05.12.06 at 9:33 am
Here in Chicago people don’t just stay politically active after they die – they multiply. But ya gotta admit, the Diebold guy would fit right in – crooked, (brain-)dead, and probably multiples like other bacteria…
Guest 05.12.06 at 9:50 am
Jesus, how naughty do you have to be as a small child to deserve to grow up and become a company spokesman? I seriously feel bad for that guy. Can you imagine having to say something that dumb? His lips must have hurt for days afterwards.
M. Townes 05.12.06 at 11:03 am
Oddly enough, this would not be a problem if we did away with the secret ballot. Machine-based fraud would be virtually impossible in an open vote. Of course, whether other potential forms of corruption are worse is a reasonable question. I’m working on a paper that touches on this very subject: http://home.gwu.edu/~mdtownes/secretballot.doc
Timothy Burke 05.12.06 at 11:13 am
It takes work to be that stupid. It doesn’t happen naturally.
mrjauk 05.12.06 at 11:15 am
I really don’t mind if the votes of the dead are counted. I do, however, object when dead people are allowed to vote multiple times in the same election. That’s a line, I think, that shouldn’t be crossed lest our democratic system be seriously compromised…just saying…
Ginger Yellow 05.12.06 at 11:16 am
Machine based fraud would be completely impossible if America just used a pen and paper like most sensible countries.
Brett Bellmore 05.12.06 at 11:29 am
Optical scan. It’s got the best of both worlds; Machine readable, and filled in by hand, and a scanner kicks it back out when you try to drop it in the box, if you double voted.
Honestly, I have a hard time coming up with any good reason for going with computer based voting machines, except to make fraud easier. Well, maybe kickbacks…
willie mink 05.12.06 at 11:30 am
Mark Crispin Miller will get you going on this:
http://www.radio4all.net/index.php?op=program-info&program_id=18069&nav=&
abb1 05.12.06 at 11:41 am
He may or may not be stupid; most likely he is not. He’s just doing his job.
Kieran Healy 05.12.06 at 11:59 am
He’s just doing his job.
That’s why I said he should win a prize. Above and beyond the call, he’s going. Greater love than this hath no man, than that he should lay down his credibility for manufacturers of error-ridden machines.
abb1 05.12.06 at 12:18 pm
Many are called but few chosen. Nah, this one probably doesn’t fit here.
Anyway, you don’t know how much the guy is being paid for this. Few minutes of shame once in a while for a few hundred Gs – not a bad deal; all his friends are envious.
Niraj 05.12.06 at 12:35 pm
Ginger Yellow said:
What technophobes. India has been using electronic voting machines for a few election cycles now, and nobody seems be complaining. why can’t the United States– arguably the most technically astute nation– can’t make it work?
Tim Lambert 05.12.06 at 12:52 pm
Hey, John Lott says that Diebold machines are OK. Isn’t that good enough for you?
neil 05.12.06 at 1:33 pm
I don’t think you’re a ‘technophobe’ for wanting to look at the cost/benefit analysis behind technological improvements. What do you get with electronic voting that’s worth giving up the paper trail? Faster counting? Plenty of countries that still use hand-counted ink-and-paper ballots manage to do a full count the same day the vote is taken.
No, the main technological improvement granted by electronic voting is that votes are ‘smaller’ so they are easier to discard and to fabricate. Imagine the logistics of discarding a box of paper ballots and concealing the evidence, versus the logistics of simply erasing a memory card. Imagine the logistics of creating and adding phony ballots, versus the logistics of simply adding a few thousand rows to a database.
Arthur Davidson Ficke 05.12.06 at 2:27 pm
Just think of how bad Kerry would have lost if his minions hadn’t hacked the machines to increase his vote count!
P O'Neill 05.12.06 at 3:00 pm
The possibly unique Irish twist on electronic voting is
(1) Announce introduction of electronic voting
(2) Purchase machines
(3) Realize that for various reasons, including lack of public faith in the machines, that it’s not going to work
(4) Sign long-term leases on storage units for above machines
(5) Realize that machines need specialised storage facilities, necessitating buy-outs of previous leases …
(6) …. all the while maintaining that some time — 10, 20 years down the road — the public will be won over and you can use your expensively stored, outdated machines.
rvman 05.12.06 at 3:21 pm
>Plenty of countries that still use hand-counted
>ink-and-paper ballots manage to do a full count the
>same day the vote is taken.
Yeah, and most of them have one, maybe two races on the ballot – parliament and local council. We have anywhere from 10-50 depending on the location and election cycle. Now whether we gain moving from optical scan (scan-tron, for the recently schooled) to pure electronic, I doubt.
johne 05.12.06 at 3:22 pm
See tech guru Robert X. Cringely’s 2003 column subtitled, “Why the Best Voting Technology May Be No Technology at All”
http://www.pbs.org/cringely/pulpit/pulpit20031211.html
Jake 05.12.06 at 3:42 pm
I don’t know if it’s better than pen and paper, but open source voting has got to be better (and cheaper) than Diebold.
taj 05.12.06 at 4:10 pm
neil,
How many of those same-day-count countries have populations of a size comparable to the USA, let alone India?
Brett Bellmore 05.12.06 at 4:43 pm
“India has been using electronic voting machines for a few election cycles now, and nobody seems be complaining. why can’t the United States—arguably the most technically astute nation—can’t make it work?”
We’ve been a democracy for a lot longer. You’d think that would be a good thing, but it just means that we’ve had more time for cheating to get really organized and entrenched.
saurabh 05.12.06 at 5:07 pm
We’ve been a democracy for a lot longer. You’d think that would be a good thing, but it just means that we’ve had more time for cheating to get really organized and entrenched.
What the…? I guarantee you corruption is way worse in India than it is in the U.S. The Indians are just more sensible about their voting machines. I.e., they actually designed them to prevent fraud, as opposed to Diebold, which doesn’t seem to give two shits about security.
stuart 05.12.06 at 5:08 pm
If you have more people voting, you have more people available to help count as well, and the costs are shared over more people…size doesn’t really impact the speed or cost of voting, only complexity of the system you use, and how often you vote would really cause a shift towards making an electronic system more necessary.
Kenny Easwaran 05.12.06 at 5:41 pm
No one’s commenting on the typo in the subject line? What polite commenters you are!
I suppose I’ve always been in favor of electronic voting for sentimental and unrealistic reasons – basically, I prefer to have all the things I’m reading in electronic form so they can stay nicely sorted and I don’t drown in piles of paper, and I imagine I’d feel the same way about ballots. Of course, that’s probably no way to run a democracy, the way a grad student runs his “research operation”.
Kieran Healy 05.12.06 at 8:49 pm
Shurely is not a typo.
jake 05.12.06 at 8:58 pm
re #13–
but what does Mary Rosh say, and does she get a vote?
as for “shurely”, my problem is I think of the cheesy rapper Al B. Shure every time I see it.
john m. 05.13.06 at 2:54 am
I guarantee you corruption is way worse in India than it is in the U.S.
Really? What are you offerring by way of guarantee and what do you offer as proof of this assertion?
abb1 05.13.06 at 3:02 am
How many of those same-day-count countries have populations of a size comparable to the USA, let alone India?
Indeed. It may take weeks to the couriers from remote provinces to bring results to the capital.
goatchowder 05.13.06 at 3:24 am
Open the systems up and run them on Free Software.
http://www.openvotingconsortium.org
Brett Bellmore 05.13.06 at 8:55 am
“I.e., they actually designed them to prevent fraud, as opposed to Diebold, which doesn’t seem to give two shits about security.”
Because the election fraudsters weren’t organized and entrenched enough to make SURE any new machines would be easy to cheat on, natch.
We’ve known for DECADES of major election fraud in places like Chicago, and of a sort that’s easy to prove. Why hasn’t it been stopped?
It was obvious from the start that voting machines based on general purpose computers were a really bad idea. It went ahead anyway.
There may be a lot of people trying to steal elections in young democracies, but in old democracies they get really good at making sure nothing can be done about it…
taj 05.13.06 at 1:17 pm
I can’t say categorically whether India’s electoral system is more corrupt than that of the US (in fact, I feel the Electoral Commission is one of the arms of the administration that Indians should be proud of – they do their job under very difficult circumstances and the folks who win are usually the ones people voted for, a useful yardstick for a fair election), on the other hand we _are_ the nation that made booth capturing famous. I recall a story (no links, I shamefully admit) from a recent election where an attempt at capturing was averted by the local booth-in-charge escaping with the voting machine in it’s special briefcase with only a couple of bodyguards. This would have been much harder (impossible?) with boxes full of paper votes. The voting continued once security was beefed up.
Stuart’s assumption that more voters means more spreading out of cost is too idealistic. There is not much money to begin with, and the logistics are made worse by geography and lack of development – if you need to run a voting booth in a remote Himalayan village that is not accessible by road, a briefcase-sized machine is again much easier to handle than boxes of paper.
gmoke 05.13.06 at 2:32 pm
We need a 50 state strategy to ensure that all votes are counted accurately, honestly, and verifiably in 2006, 2008, and thereafter. I intend to steal my vote back from the thieves who’ve stolen it the last couple of times out.
dkos folk who are interested in this issue are pooling information at http://groups.yahoo.com/group/election_integrity_and_reform/
Dan Simon 05.13.06 at 3:47 pm
I’m not about to defend Diebold and its security practices, which are obviously in need of tightening (not to mention its PR efforts, which I gather are rife with overstated security claims). But…
[from the NYT article]
Computer scientists who have studied the vulnerability say the flaw might allow someone with brief access to a voting machine and with knowledge of computer code to tamper with the machine’s software, and even, potentially, to spread malicious code to other parts of the voting system.
{BEGIN sarcasm}
What a coincidence! I’ve recently uncovered a potentially devastating flaw in paper ballot voting systems. The flaw would allow anyone with brief access to a ballot box to insert large numbers of fraudulent votes, which would then be counted as valid, or to destroy all the previously entered votes, making them unreadable. Obviously, then, every company that has ever marketed paper ballot-based voting materials has been laughably negligent–as has any jurisdiction that has ever used them.
{END sarcasm}
Let me make a few assertions here, and see if we can all agree on them:
1. A voting technology is not a voting system. A voting system is one or more technologies combined with a collection of procedures for using them to run elections.
2. Any voting technology, no matter how carefully designed and implemented, is doomed to be insecure if embedded in a sufficiently broken system. (See, for example, Karlof, Sastry and Wagner.) Conversely, any voting technology, no matter how poorly designed and implemented, is probably securable (though possibly at a prohibitive cost) using sufficiently elaborate surrounding procedures.
3. Older technologies will inevitably seem more secure than newer ones, because the procedures surrounding them have evolved, in response to attacks, to the point where known attacks have generally been mitigated, and novel attacks are unlikely.
4. Therefore, in evaluating new voting technologies, we should treat newly discovered attacks not as refutations of the new technology, but rather as challenges to both the technology designers and the system designers to mitigate them (challenges which they may or may not be able to meet at an acceptable cost).
———
There is an unfortunate tendency in the computer security research community to overplay the significance of new attacks. This weakness is understandable: attacks, unlike claims of security, are empirically verifiable, often using spiffy demos; they can have immediate and substantial real-world impact, whereas new security technologies must first be built, tested, sold, deployed, and so on; and they place security researchers in the enviable role of scolding expert rather than supplicant technology salesman.
But they should remember that their job, first and foremost, is to provide the world with more secure systems–not simply to break things. And while I’m certainly glad that the weaknesses in voting systems like Diebold’s are being exposed, I wish security researchers would exercise a little more perspective each time they find one. After all, all technologies have such weaknesses, and new technologies inevitably have as-yet-undiscovered ones.
The far more interesting question is how the ultimate result of the vulnerability discover-repair cycle for this technology and its surrounding system will end up comparing with systems based on other technologies. Security researchers should have something interesting to say about that question, but so far, I’m sad to say, the community has generated a lot more heat than light on the subject.
Doctor G 05.13.06 at 8:31 pm
Dan, I find your perspective very valuable, but I think you are too hard on the security community. Those who specialize in finding defects do so, and they get some press. Those who specialize in creating secure systems also do so, and they get little press. And don’t forget the voting machine code that leaked out a while ago. I read that code, and I would fire the person who wrote it if I could. It was really that bad — so bad that there is no reason to trust the results of any election held with that code. The vendor claims to have cleaned it up, but unless they publish the code why should I believe them?
Dan Simon 05.14.06 at 12:15 am
Doctor G, My comments were directed largely at those who are drawing broad conclusions about the long-term viability of various voting technologies based on the Diebold case. I’m certainly prepared to believe that Diebold’s devices are a mess. But that revelation is akin to the discovery that a particular highway contractor is using inferior-grade concrete: it obliges the government to take remedial measures, and encourages it to select a different contractor next time, but it says little, fundamentally, about the safety of roads in general, or even about the viability of specific road-building technologies.
Given the narrow significance of the Diebold findings, then, why are security researchers so interested–indeed involved–in them? I believe it’s largely because, as I explained, security researchers are powerfully tempted to focus on attacking specific technologies rather than securing systems. And once they do so, they must then justify themselves by claiming broader significance for the attacks than they really deserve.
abb1 05.14.06 at 5:35 am
I like the system invented by Robert Sheckley in his “Ticket to Tranai”. On that planet anyone who wants can be the president, but he/she is required to wear the collar with a charge of dynamite around the neck. There are booths everywhere on the planet where citizens can express their displeasure by pressing red button. As soon as it reaches the threshold – the collar goes “boom!”. I think this could work.
Doctor G 05.14.06 at 11:33 pm
Dan, I think the quality of our elections is more important than the quality of our concrete, and so I don’t find the involvement of security experts in the fight for honest elections to be surprising, or a problem. And I haven’t detected any lack of systems thinking in the security literature. In the case of the Diebold software (and other programs like it), I don’t think that any system can be devised to use them safely, short of airport-style security checks at the polls. Why bother, when paper works so well?
ajay 05.15.06 at 4:11 am
Dan Simon:The flaw would allow anyone with brief access to a ballot box to insert large numbers of fraudulent votes, which would then be counted as valid, or to destroy all the previously entered votes, making them unreadable
Very astute – and satirical! Except that ballot papers have serial numbers, which can be matched to their counterfoils. The counterfoils, and the separate checklist of voters, act as a check of the total number of votes. So if you were to stuff a ballot box, a) it would be noticed that only 1500 people had voted at that station, but there were 25,000 ballot papers in the box; b) an investigation would discover that 23,500 of the papers did not have matching counterfoils, and they would be discarded. So your argument doesn’t actually work.
abb1: sounds like Utopia in “Utopia, Ltd.”: a Dictatorship tempered by Dynamite. An absolute monarchy in which every action of the King is observed by two Wise Men; if in their judgement the King becomes a tyrant, the Wise Men instruct the Public Exploder to explode the king.
Ginger Yellow 05.15.06 at 5:32 am
I’m in no way technophobic and I don’t mean to “draw long-term conclusions about the viability of various voting technologies based on the Diebold case”. Certainly it should be perfectly possible to create secure voting machines. But it seems to be a solution in search of a problem, and one driven more by technology companies with good lobbyists looking for new revenue sources than any benefit for the electorate.
Dan Simon 05.15.06 at 12:19 pm
Two final comments:
1. Substandard concrete in, say, bridge construction can be a very, very serious problem. Substandard electronic voting machines no doubt can also be a very, very serious problem. However, we currently have a much better understanding of what constitutes “substandard” for concrete than for voting machines–partly because we have a lot more experience building bridges than conducting electronic elections. Picking holes in Diebold’s voting machines is an important task, as long as those machines are in use, but it sheds little light on the overall question of what would be required of electronic voting machines and their surrounding procedures for us to trust them as sufficiently secure.
2. Of course there are well-known procedures which can compensate for the weaknesses of paper ballots. (Note, though, that those procedures have significant costs–in the form of lots of human oversight and auditing–which we simply take for granted because they’re so familiar.) Whether there are equivalent (or even possibly even simpler and cheaper) procedures that can compensate for the weaknesses of electronic voting machines remains to be seen. I would like to see security researchers concentrate on that question, rather than on the narrower question of whether Diebold’s machines in particular are up to snuff. (There are plenty of less academic types, I believe, who are fully competent to do the work of putting the current crop of voting machines through the ringer, and finding lots of the sorts of security holes that have already been found.)
3. There are several potential benefits to electronic voting machines, including much faster, less labor-intensive tallying, easily adjustable user interfaces to improve ease of use, and fewer moving parts subject to wear. There are also several potential disadvantages, some of which have been discussed here. Whether compensating for those disadvantages is difficult and expensive enough to negate all the benefits is simply unknown at this point. And to be frank, I’ve seen disappointingly little research addressing that question in a serious way.
Dan Simon 05.15.06 at 12:49 pm
Sorry–make that three final comments. (Insert Monty Python reference here….)
Comments on this entry are closed.