e-voting
Latest
Fresh study (still) finds Diebold e-voting machines hacker-friendly
The fact that some individuals still have any level of faith left in Diebold is quite baffling, but in case you were looking for just one more episode to dash your hopes of a hack-proof voting machine, open wide. As fate would have it, a fresh study in Florida has found that even optical scan voting systems "can be hacked into," which is causing quite a bit of concern considering that touchscreen alternatives aren't exactly an option in the Sunshine State. Reportedly, the document noted that "official memory cards in the optical scan machines could easily be exchanged with ones altering the vote count," and it was also stated that Diebold must "deal with the flaws" by August 17th. Yeah, we're sure it's all over that.[Thanks, Josh]
Voting machine producers criticize critiques
Voting machine makers scoffing at bad reviews? That's preposterous! Actually, it's not all that alarming to hear that Diebold, Hart InterCivic, and Sequoia Voting Systems all had less-than-amicable responses to a state study that "found that their machines could be breached by hackers." Of course, we're not exactly sure what all that groaning is about, as we've seen nothing but proof to back the investigation up. Nevertheless, Sequoia dubbed the review "an unrealistic, worst-case-scenario evaluation," Diebold kvetched that the study didn't look at its most recently developed software, Hart found "several inconsistencies, alternate conclusions, and errors," and Elections Systems & Software bypassed the rigmarole entirely by failing to provide their information to the secretary of state. Oh, the irony. [Warning: Read link requires subscription]
So it begins: Florida bans touch-screen e-voting machines
If you didn't see this one coming, we'll just assume the glaring sun had you blinded, as the Sunshine State has apparently had quite enough of the e-voting woes within its borders. Florida Governor Charlie Crist signed into law a bill "requiring that all voting districts in the state replace most touchscreen electronic voting machines with optical scan machines." From day one, the state has been plagued with one mishap after another, and while some touch-screen systems will be maintained for "handicapped voters that require its features to vote unaided," the vast majority of the Direct Recording Electronic (DRE) machines will be nixed in favor of a less hackable flavor. Flinging one last blow of frustration at the e-voting curse, Crist went so far as to suggest that ditching them would allow Floridians to "leave the polling place knowing that their vote had been counted and recorded and can be verified." Of course, we're sure the tax-paying citizens of the state are entirely more focused on the $27.8 million he approved to buy all new optical scan equipment.
California prepares to crack down on e-voting manufacturers
In an unprecedented attempt to shore up any possible flaws in its counties' electronic voting machines -- the same machines that have been examined and criticized nationwide on many occasions -- California will undertake a so-called "top-to-bottom" review of numerous systems from some half-a-dozen vendors, who must meet a set of seemingly rigid criteria if they want to receive certification for the 2008 election. Giving the proposed three-pronged approach -- initiated by Secretary of State Debra Bowen in collaboration with the University of California -- some real teeth is the fact that each of the three teams tasked with the actual work will be spearheaded by respected academics and leading private sector consultants, including none other than Princeton's Ed Felten, whose tireless efforts to expose the dangers of these shoddy machines are well known to readers of this site. Specifically, each system from manufacturers such as Sequoia, ES&S, and yes, everyone's favorite whipping boy Diebold will see a thorough review of their source code and documentation, along with what are being referred to as "red team penetration" attacks to test the terminals' hardware and software. Since companies are required to submit equipment for testing if they wish to partake in future elections, we could be seeing Diebold make the same begrudging exit from the Golden State as it did from North Carolina, for what we are not alone in suspecting is fear of exposing its flimsy code. Anyone who does choose to participate still risks being forced to make significant changes to their gear or perhaps even complete decertification, so when you Californians go to cast your votes in about eighteen months, don't be surprised if you have to mark up a piece of paper and drop it into a Equalivote-brand ballot box. [Via Slashdot]
French e-voting hit hard by vocal detractors
France has been using e-voting machines since 2003, and most notably in the 2005 European constitutional 2005, where 50 e-voting municipalities were in play, but now that the number has climbed to 80 (out of 36,000), and a presidential election is at stake, several parties are crying foul -- and quite loudly. No specific incidents of fraud have been cited yet, but protesters sued to ban the machines outright a week before the election, noting that some models don't comply with a dual-key requirement for safety from fraud, and others, such as the iVotronic machines, have new software, but haven't been re-verified since 2005. After the first round of voting on Sunday, objections have become even more vocal, with The Socialists, the Communist Party and the Greens all banding together to decry the e-voting method as a "catastrophe." Apparently the machines posed a particular obstacle to the elderly, with some researches claiming that as many as four out of seven people over 65 couldn't vote properly. Also, voting lines were long in general, and the two hour wait on some e-voting machines apparently caused some voters to leave. The interior ministry claims they have had no problems with the machines since they were introduced in 2003. With 12 presidential candidates in the election, the three parties speaking up here by no means comprise a majority, but we're guessing we won't be hearing the end of this for a good while -- especially if things don't go their way in round two of the votes.Read - French parties call voting machines a "catastrophe"Read - Protestors sue to stop e-voting
iVotronic e-voting software issues to blame in Florida polemic?
Oddly enough, it seems that the Sunshine State attracts more than just tourists and nice weather, as Florida is now facing yet another round of e-voting woes long after elections have ended. While Diebold machines certainly administered their fair share of fits, now iVotronic's own systems are purportedly to blame for a controversial election in Sarasota County last November. Upon further review, officials noticed "symptoms consistent with a known software flaw" in the aforementioned machine, which countered the "county officials' claims that a bug played no role in the election results." Of course, this won't mark the first time that late-blooming documents shed light on a potential voting mishap, but it seems that both parties are standing their ground on this one. Apparently, the issues were spotted during the primary election, but since they appeared on a "smaller scale," they weren't adequately addressed. Currently, no individuals have been legally blamed for their deceptive handling of the probable mishap, but we'd seriously suggest that Florida thinks mighty hard before loosing these flawed machines on the public next time around.
Diebold cries 'do over!' after losing Massachusetts contract
Now we know that we're not supposed to take pleasure in the misfortunes of others, but when habitually-shady voting machine manufacturer Diebold loses a $9 million contract and starts whining about it in court, well, we think it's okay to make an exception. As the nation's leading election thrower e-voting provider, old Diebold thought that it was a shoo-in to win the Massachusetts Secretary of State's bid for 3,500 terminals for disabled voters -- and was so shocked when the contract was awarded to rival AutoMARK, that it's actually going to court to have the contract overturned or revisited at the very least. The company's completely immodest argument against the state and Secretary William Galvin basically boils down to this: "Since we've beaten AutoMARK for contracts all over the country, it only makes sense that we get this one too -- and because we didn't, there must be some cheating going on." For his part, Galvin calls the suit "frivolous" and claims that the best candidate did in fact win: disabled voters who tested all the machines reportedly formed a consensus around the AutoMARKs, and those machines have the added benefit of employing the same paper ballots as regular units, helping to ensure users' privacy. Despite the fact that it has "no hard evidence of unfair treatment," Diebold is nonetheless seeking an injunction on the use of its competitor's gear (some of which has already been delivered), or optimally, a complete reversal of the state's decision. No timetable on a decision yet, but when Diebold's forced to crawl back to Ohio with its tail between its legs, we'll let ya know.[Via Slashdot]
Unearthed memo details possible e-voting negligence
In case the Brits were still wondering if we Americans finally had our act together in regard to e-voting, this should add yet another nail in the coffin. Among the bevy of states that saw all sorts of turmoil when voters turned to electronic machines to cast their support was Florida, and while a recent motion doesn't speak of that specific incident, it does highlight a good bit of potential negligence. Apparently, a note was "uncovered" last September (but was withheld until just last week) which documented a "possible problem" with Election Systems & Software's iVotronic touchscreen machine, but wasn't used to scrutinize the finicky system before loosed to the voting public. The eventually malfunctioning software was linked to a "dispute over the 13th Congressional District race in November," which supposedly caused a high rate of "undervoting," and allowed Vern Buchanan to take the questionable gold by a mere 400 votes. Regardless, it's a little late for a recount, don't you think? [Warning: PDF read link][Via Wired]
US government warns UK that e-voting is finicky
If there's anything we can appreciate, it's the irony of the United States trying to tell other nations how to run their e-voting setups, you know, considering that America can't even hire competent companies to run quality assurance tests on its own machines. Nevertheless, the US Government Audit Office (GAO) has warned in a recent document document entitled "All Levels of Government Are Needed to Address Electronic Voting System Challenges" that e-voting setups could cause some problems when it came to issues of integrity. Specifically, Randolph Hite, director of IT architecture and systems at the GAO, stated that "no voting technology, however well designed, can be a magic bullet that will solve all election problems," and even went so far as to suggest that e-voting technology "merits the combined and focused attention of federal, state, and local authorities responsible for election administration." Still, friendly advice typically sinks in better if the presenter tends to practice what they preach, so we'd suggest the Brits do everything they can to just, um, not do what we've done. [Warning: PDF read link][Via Inquirer]
Diebold considering dumping e-voting unit; Engadget says PLEASE DO IT
Apparently executives high up at Diebold, the company that brought untold amounts of frustration to voters and countless faulty elections across the US, are considering dumping their Diebold Election Systems business unit, which it seems is almost systematically attempting to tarnish its parent company's brand with its infamous e-voting machines. After strained relationships with government officials over the utter craptasticality of their boxen, Diebold expects to announce the future of DES early this year; although there's no way to guarantee the 150k deployed Diebold machines would be decommissioned if DES were dismantled or sold, we'd really like to see a progressive technology organization -- like, say, a major university, the Open Voting Foundation, or the EFF -- raise the funds, buy the assets, opens source the software, and ensure that by the time the 2008 elections roll around, every vote will be properly accounted for, even if cast on old Diebold boxes.
Estonians first to cast national votes online
For a lucky group of Eastern European cyber-voters, e-voting no longer entails traveling to an official location to poke at a screen -- let's just hope they managed to shake off e-voting's penchant for fraud while they were at it. Nationwide voting in cyberspace has finally become a reality in, of all places, Estonia. Eeeh? Yep. Estonia's been keen on the idea of voting via the internet since 2001 and became the first country in the world to hold legit general elections when they implemented the remote e-voting process locally in 2005. As of this week, they own yet again with over 30,000 of 940,000 eligible Estonians casting virtual ballots in the world's first online parliamentary election. Online voters even have the option to re-vote with a paper ballot in the event that hurried or pressured decisions were made from their remote voting locations. This option is evidently proving to be an effective way to boost voter turnout, which was only 58 percent in 2003. Let's hope this "using the internet to encourage voting" trend catches on in some other countries (ahem) that also suffer from less-than-impressive election turnouts.
Princeton prof picks up e-voting machines on the cheap
It's no secret that e-voting machines here in the US and around the world have more security holes than a slice of Lorraine Swiss, but it took a Princeton professor and $82 to discover just how bad the situation really is. Now, one would think that election officials would destroy their old terminals instead of selling them to the general public for practically nothing (the ~$5,000 devices are going for less than $20 apiece), yet that's exactly what Buncombe County, North Carolina did with 144 of its retired Sequoia AVC Advantages. First manufactured in the late 80's, the Advantages use old-school push buttons and lamps instead of the touchscreens found on more modern models -- and yet according to Princeton's Andrew Appel, they're actually more secure than those Diebold machines that fellow faculty member Ed Felten totally pwned several months back. Still, Appel and his students found numerous problems with these Sequoias that are still being used in parts of Colorado, New Jersey, Pennsylvania, and all across Louisiana: not only were they able to pick the machines' locks in under seven seconds, they discovered that the non-soldered ROM chips were easily replaceable, allowing a hacker-in-the-know to potentially swap them out with outcome-altering data. A Sequoia spokesperson claims that any tampering with the machines would set off an alarm at their headquarters, but Appel argues that this security precaution could easily be overridden with the right code. So this is just great: now we know that a determined individual could easily pick up still-in-use machines (for a song), reverse engineer them to figure out the security roadblocks, and then sneak into a church basement or gymnasium where many of these terminals gather dust for 364 days a year. This is a big problem, folks, and let's hope it doesn't take an election Enron for some serious changes and regulations to be enacted by the feds.
British locales to pilot internet / electronic voting schemes
While Americans (and the Dutch) are still trying to figure out exactly how to implement this "e-voting" thing without hackers exploiting them, people cracking them open (literally), and machines counting votes in triplicate, it looks like the Brits are disregarding all the red flags already waving and are giving it a go in select locations. New pilot schemes are slated to "help people vote more conveniently at the Local Government Elections in 13 local English authorities come May 2007," and while some areas simply get the option to vote in advance, Bedford, Breckland, Dover, South Bucks, Stratford-on-Avon District Council, and Warwick District Council will be graced with "electronic scanning technology to count ballot papers," while Rushmoor, Sheffield, Shrewsbury & Atcham, South Bucks, and Swindon will actually be able to "use the internet or telephone" to cast their vote if they so choose. The move is apparently tailored to fit the "more modern lifestyles" that most folks (mostly younger) are living, and officials hope that opening up the internet as a voting medium will convince chair-sitters to get off their butts surf on over and vote. Whether or not some trickster finds a loophole in the web-based voting system (or changes his / her voice up on a couple call-ins) to sabotage everything for everyone remains to be seen, but the Electoral Commission should be publishing the "findings" from these trials this August before choosing to keep (or axe) said methods.[Via Slashdot]
Hacking e-voting machines can be hard, Diebold shows you how
You know, we could almost admire Diebold's "in face of all odds" kind of determination to ignore the haters and continue to assert that its e-voting machines are secure -- but this is just taking it too far. Alex Halderman, who was part of a team that discovered Diebold was using a rather standard sort of hotel mini-bar key to "secure" its machines from tampering, has pointed out that Diebold is showing vote-tampering wannabes just how it's done. Halderman and company refrained from posting images of the actual key, just to deter any casual voting hax0rs out there, but Diebold one-upped 'em all by posting pictures loud and proud of the keys on its own website. You have to be a Diebold account holder to actually buy one, but anyone could copy the key design from the pic -- which sounded like a great idea to Ross, who made three homemade keys based on the online pics, two of which worked to unlock the Diebold machine. Care to comment, Diebold? Oh, that's right, you're doing that whole quiet, dignified thing. As an aside, up to one-third of the e-voting machines which were used widely in the Brazilian elections in October last year showed signs of manipulation, with all sorts of number disparities and obvious fraud or malfunction. Those poor e-voting machines just can't catch a break. Check out a video of this latest Diebold hacking after the break.Read - Diebold reveals e-voting keysRead - E-vote fraud runs rampant in Brazil
US chooses two hopefuls to review for future e-voting tests
Just days after the US government decided to bar Ciber from testing anymore e-voting terminals due to its perpetual negligence, it now seems that a pair of Colorado-based outfits are next in line to take over those duties. The National Institute of Standards and Technology (NIST) has recently recommended that iBeta Quality Assurance and SysTest Labs "be granted final clearance to test the systems" after a "comprehensive technical evaluation of the laboratories' processes based on the international standard ISO/IEC 17025, which covers general requirements for the competence of testing and calibration laboratories." Now it seems the final hammer resides in the hands of the US Election Assistance Commission, which is "a federal agency that has sole authority to grant full accreditation to the labs." SysTest Labs isn't new to this e-voting QA game, as the firm was already granted "interim" accreditation and is now awaiting the official seal to keep up the (presumably) good work. Notably, the EAC stated that they would be focusing their efforts now on "non-technical issues such as conflict of interest policies, organizational structure, and record-keeping protocols," but we're not so confident all the hardware checks are as robust as they should be just yet. Nevertheless, we shouldn't count on hearing anything final for quite some time, as this apparently lengthy "review process" somehow takes between 9 and 18 months to complete, so in the meantime we'll just see how many more Americans ditch the whole "voting" idea due to issues like voting in triplicate, getting distracted by board games, or simply obliterating their machine in frustration. [Warning: PDF read link][Via Slashdot]
US bars Ciber from testing e-voting terminals due to negligence
Call us crazy, but we had a sneaking suspicion all along that all these e-voting woes were due to a lack in quality control testing somewhere along the approval line, and now it seems the US government has found its scapegoat. Ciber, Inc., the Colorado-based company responsible for testing a majority of the nation's electronic voting terminals, "has been temporarily barred from approving new machines after federal officials found that it was not following its QC procedures, and moreover, could not document that it was conducting all the required tests." Aside from wondering where the oh-so-critical auditors were during this entire debacle (read: federal scrutiny of the testing began just recently), this brings into question the legitimacy of the votes that were actually placed and counted through the potentially faulty machines, but alas, what's done is (presumably) done. Eager to keep that expectedly gigantic government contract money pouring in, Ciber seems to be on top of the issues at hand, and a spokesperson for the outfit even stated that "the company believed that it had addressed all the problems, and that it expected to receive its initial federal accreditation later this month." We just hope that undercover chess functionality somehow goes unnoticed.[Via Slashdot]
Indian political party trades TVs for votes; free HDTV campaign in 2008?
Although bribery isn't exactly smiled upon here in the States, we've got a hunch that the Dravida Munnetra Kazhagam political party in India is on to something. In news likely to cause turmoil (or not) among culturally-planted Americans, the DMK promised a bevy of new electronics to folks who cast their vote for them, and apparently, it worked. After falling from power in 2001, the party has stormed back into prominence by offering poor citizens niceties (such as stoves and TVs) which most could never afford on their own. By wording the goodies as "social welfare" benefits, the sets they hand out supposedly aid the voters in receiving news critical to their life, health, and work, which in turn benefits society the DMK as a whole. While America hasn't had the best luck so far with all these e-voting implementations, and considering a good few don't even cast a passing glance at anything political, we'd bet a "Free HDTV" campaign would result in surefire admission into the Oval Office.[Via Fark]
Smartmatic bails from e-voting biz after media heat
Smartmatic, of Sequoia Voting Systems infamy, is taking its ball and going home, after becoming fed up with the intense public scrutiny its voting systems have received. "Given the current climate of the United States marketplace with so much public debate over foreign ownership of firms in an area that is viewed as critical U.S. infrastructure -- election technology -- we feel it is in both companies' best interests to move forward as separate entities with separate ownership," said Antonio Mugica, president of Smartmatic. Of course, we really would've just been happy with a voting system that didn't, say, have the ability to register multiple votes per voter, but we suppose that's too much to ask. A big stink has been raised in regards to Smartmatic's Venezuelan ownership and some supposed ties to Venezuelan president Hugo Chavez, and it appears Smartmatic isn't up for the fight. Smartmatic had previously agreed to an investigation by the US Treasury Department, but now that they're putting Sequoia on the auction block, they've withdrawn from the review process. Any takers?[Via Techdirt]
Feds reverse course, approve somewhat better e-voting regulations
We had thought that the whole e-voting thing was wrapped up at the federal level, but apparently everyone (including us) spoke too soon, again. The Technical Guidelines Development Committee apparently has met once more, and now unanimously says that it will start drafting regulations mandating that the "next generation" of voting machines be "software independent." In other words, one that can't be hacked via software. However, old machines that don't meet the new standard will not have to be upgraded or replaced, for whatever reason. "The Technical Guidelines Development Committee (TGDC) has considered current threats to voting systems and, at this time, finds that security concerns do not warrant replacing deployed voting systems," the resolution said. The committee's new resolution, however, did include language that recommends "usability and accessibility requirements to ensure that all voters can verify the independent voting record," which means we may see some paper trail after all. We're still not sure how well such a confused resolution will hold up once it gets out of committee, but we never understood how DC worked anyway. [Via Techdirt]
Feds eschew e-voting paper trail for the status quo
Remember that recommendation that we expected to see come out of the National Institute of Standards and Technology pretty soon -- you know, the one that would de-certify all those fundamentally flawed direct record electronic voting machines? Well, we apparently spoke too soon, as The Washington Post now reports that the recommendation didn't even make it out of committee. The Technical Guidelines Development Committee, a section within NIST that advises the US Election Assistance Committee, failed to reach the 8 votes necessary to pass the decertification measure. Seriously. Why didn't this blindingly obvious recommendation pass? Well, it's not entirely clear, but committee member Brit Williams, a computer scientist who certified Georgia's electronic voting system (we all know how well that went), said "You are talking about basically a re-installation of the entire voting system hardware." Um, dude, last we checked, if something's broke, you gotta fix it. Seriously, when was the last time you heard about a computer scientist that went out of his or her way to avoid fixing a system they installed? Don't answer that.[Via Techdirt]
