e-voting
Latest
NIST to recommend decertifying direct record electronic voting
We weren't sure that our government would ever actually, you know, listen to the people that it apparently serves -- at least so far as electronic voting goes. That may soon change, given that internetnews.com is reporting that the National Institute of Standards and Technology will recommend "the 2007 version of the Voluntary Voting Systems Guidelines (VVSG) decertify direct record electronic (DRE) machines." (Those would be the non-"software independent" boxes whose votes cannot be audited and certified, yet which are used in 30% of jurisdictions.) Why the sudden change of heart? Well, apparently all of the attention that's been put on the lack of a paper trail or some kind of verified voting system has actually made a difference -- huh, fancy that. Of course, predictably, there remains a naysayer in the midst, an election expert named Roy Saltman, who told internetnews.com: "If you insist on paper you're tying elections to an old technology." Um, Mr. Saltman, that may be true, but until we can get our new tech to work as well as our old tech, then the new tech is sorta useless, isn't it?[Via Techdirt]
Texas e-voting machines count votes three times for good measure
If you thought that November 7th was the final day that you'd hear about e-voting zaniness, you'd be incorrect. While a myriad of states (and foreign locales) have had their bouts with Diebold and other electronic voting machines, the internet hunting state is now reporting an oddity of its own. Apparently, voters using machines built by Election Systems and Software in Williamson County, Texas showed up three separate times to legally cast their votes for the same candidate, or performed some sort of "human malfunction" in order to make the machines think so, anyway. While we're inclined to think that the actual machines were the culprit, the company still insists that some form of "user error" caused each vote placed to be counted three times. Although the triplicates did not skew the percentages of votes cast for each candidate, it still seemingly signifies an apparent flaw in the e-voting system, yet election officials were quoted as saying that they'd "review their training procedures" -- you know, so we can all work together to circumvent the problem.[Via TechDirt]
Voter smashes Diebold machine as e-voting problems crop up nationwide
With this being the first major election to see a significant portion of the population casting their ballots on electronic voting machines, you might expect some problems to arise with the notoriously buggy and untested technology -- and you'd be right. The New York Times is reporting that polling places across the country are experiencing difficulties with their voting equipment, and while we'd love to place the blame squarely on shady manufacturers like Diebold, Sequoia, and friends, it seems that the complications are actually due to human error as much as faulty hardware. According to The Times, Indiana appears to be the state having the most trouble today, with 75 precincts using incorrectly programmed smart cards and nearly half of Marion County's 914 precincts having trouble getting their machines to boot up in the first place. In New Jersey, meanwhile, Republican officials are claiming that Democratic Senator Robert Menendez's name was already lit up when some voters entered the booth, causing them to accidentally choose the wrong candidate. Other areas such as Cleveland, Ohio and Hartford, Connecticut were either unable to start their machines or found the touchscreens to be improperly displaying candidates' names, forcing election workers to move back to old-fashioned paper ballots. The highlight of the day, though, has nothing to do with shoddy equipment and everything to do with a crazy voter who attacked a Diebold-brand machine in Allentown, Pennsylvania. Forty-three-year-old Robert Young, a registered independent, apparently believed that the e-voting machines had been deployed in a wild conspiracy by Republicans, and decided to make a statement by smashing the $5,000 device with a metal cat paperweight. A remorseful Young was quickly arrested by local police, and although the votes on the destroyed machine can still be saved, the feline paperweight did not fare nearly as well: officials have said that it will likely be impounded before being forcibly euthanized. Read- Voting problemsRead- Cat-bearing voter
Punchscan incorporates cryptography into e-voting
Considering the disaster that has been e-voting, we're not surprised to see another firm stepping forward with a slightly less complex alternative to confidently casting your ballot. Reverting back to the less problematic methods of paper-and-pencil voting, yet offering up a way to electronically store and track each vote, David Chaum and his research team have unveiled the Punchscan system to hopefully solve the world's e-voting woes. The cryptographic solution involves a double-sided ballot which is split into two halves using a hole punch, giving you one side to take home. The "receipt" reportedly doesn't disclose which candidate you voted for, and allows you to logon once home to verify that your vote was indeed cast, and cast for the intended party. So if you're worried that your hard-earned vote may be heading to File 13 rather than being counted, maybe you should start politicking to get Punchscan going in your neck of the woods, and if you're still confused about how this two-faced encryption dealio works, just peep the video, yeah?[Via Slashdot]
Sequoia voting gear allows for ballot stuffing, calls it a "feature"
There's an old adage in election-year politics: "Vote early, and vote often." While that second part is usually meant as a little humorous jab, Sequoia Voting Systems apparently wasn't in on the joke. See, in California and other states, some polling places have these e-voting devices (made by Sequoia) known as AVC Edge voting machines, and each machine comes with a yellow button located on the back of each device. The button is designed as a manual backup, which activists claim allows people to vote as many times as they like. Fear not, though: Sequoia will resubmit the system for certification (after the election), and doesn't really consider this button to be a flaw at all. As Michelle Shafer, vice president of communications for Sequoia, told internetnews.com: "It's a deliberate back-up feature to prevent the Edge from having a single point of failure -- an inoperable card activator -- at a polling location and preventing voters from casting their ballots." Plus, Shafer continued, even if someone did push the button, the machine issues a loud beep when it's pressed -- obviously a completely foolproof system. The California Secretary of State's office has already issued instructions to poll workers to listen for the fateful beeping, so voters can rest assured that no one will try this hack. Goodness knows what will happen if a bunch of voters come in with pagers that all go off simultaneously, though. [Via TechDirt]
Dutch pull 10% of their voting machines, more to come?
While the US struggles to work out the say, kinks with its own flavor of voting machines, the Dutch just decided to partially chuck some of theirs after the Dutch intelligence service (AIVD) discovered just how vulnerable they are. The 1,187 or so machines to be pulled are all manufactured by Sdu and only make up 10% of the machines used across the Netherlands. Just how insecure are they? Well, the Sdu e-voting machines not only leak radiation like a rogue state, but they also transfer cast ballots with the help of a built-in GPRS modem -- all this makes them easily hackable from up to 30-meters away. The 34 affected municipalities, including Amsterdam, can now install themselves some spankin' new chess playin' voting machines from Nedap which the remaining 90% of the Dutch population will already be bellied-up to during the November 22, general election. Thing is, they too, are currently under intense scrutiny due to their own form of "spurious emissions" amongst other security concerns. Uh, paper and pencil anyone?[Via The Register]
Florida Diebold machines help you pick the right candidate
Apparently Diebold's problems aren't limited to Maryland, Georgia or Alaska -- what a shocker. Down in the Sunshine State, during a week of early voting before next week's nationwide midterm election, certain Diebold machines have been registering some votes for Democrats as selections for the Republican candidate. For instance, Gary Rudolf, a voter at a polling site near Ft. Lauderdale, tried to vote for gubernatorial candidate Jim Davis (D); however, when the Diebold machine gave him the final review screen, it showed his vote was about to be cast for Charlie Crist (R). The problem took three tries to get resolved with the help of a local poll worker. Mary Cooney, a Broward County Supervisor of Elections spokeswoman, informed The Miami Herald that it's "not uncommon for screens on heavily used machines to slip out of sync, making votes register incorrectly. Poll workers are trained to recalibrate them on the spot -- essentially, to realign the video screen with the electronics inside. The 15-step process is outlined in the poll-workers manual." Huh? How exactly does a computer -- one that is being used heavily for one day a year, and not a $100 PDA -- "slip out of sync" ? Further, no one in Broward County is even sure how large of a problem this is "because there's no process for poll workers to quickly report minor issues, and no central database of machine problems." Is it any wonder that major candidates are urging voters to vote the analog old-fashioned way?[Via digg]
Diebold secretly "fixed" glitches in 2005, yet problems persist
Diebold's had so many problems recently that we're not even entirely sure which problem this latest "solution" was supposed to fix -- nor if it actually ended up causing even more headaches. It came out earlier this week that Diebold acknowledged quietly "fixing" 4,700 voting machines across four Maryland counties in 2005: Allegany, Dorchester, Montgomery and Prince George's. The problem was that sometimes the voting machines lock up, or as The Washington Post puts it "The screen freezes do not cause votes to be lost, officials said, but they confuse voters and election judges who sometimes wonder whether votes cast on a frozen machine will be counted." The newspaper continues, saying: "Critics said it raises concerns about whether the state and company officials have kept the public adequately informed about problems with a system that cost taxpayers $106 million." Um, yeah. If you're say, a state government and you've just spent over $100 million to buy voting equipment that allegedly improves our previous archaic system of paper voting, you might want to make damn sure that it actually does the job, and that you know what's going on at every step of the way. Now, this new problem/solution apparently is unrelated to that other vexatious problem involving unpredictable reboots. So, despite Diebold's assurances that all problems have been taken care of, the Post adds: "Even so, the two leading candidates for governor -- Gov. Robert L. Ehrlich Jr. (R) and Baltimore Mayor Martin O'Malley (D) -- have called on voters to use absentee ballots in the election, citing uncertainties about the reliability of Maryland's system." That's just great.[Via The Associated Press]
Quebec puts the brakes on electronic voting
While the U.S. mid-term elections are going full steam ahead with a myriad of maybe-reliable and not-so-reliable electronic voting systems in place, Quebec is pulling back from its adventures in e-voting, after the province's chief electoral officer Marcel Blanchet delivered a harsh report on the 2005 municipal elections. The voting machines were used in some 140 municipalities in the province last year but, according to the report, they went down like bad plate of poutine, suffering from blackouts and transmission errors, resulting in unreliable results -- although he adds that there's nothing that can be done about the results now except to move on. He also reported that the electronic voting machines weren't any faster or more economical than manual counting. As a result of the report, Quebec's Municipal Affairs Minister Nathalie Normandeau is accepting Blanchet's recommendation that the current moratorium on electronic voting put in place after last year's elections be maintained, apparently indefinitely. [Via Slashdot]
Virginia e-voting machines truncating candidates' names
We're not sure what the bigger story here is: the fact that some Virginia e-voting machines have been "broken" since they were purchased four years ago, or the fact that Diebold wasn't the manufacturer. It seems that three jurisdictions in the state -- Alexandria, Falls Church, and Charlottesville -- use machines made by Austin's Hart InterCivic, all of which cut off candidates' names and party affiliations on the summary screen used to verify a voter's choices before the ballot is cast. Since names are displayed properly on the pages of the individual races, this is admittedly not the world's greatest threat to democracy, but it does highlight the ridiculous amount of red tape required to fix a problem with these devices -- in this case, making adjustments for the larger font size being used. Even though this flaw was evident as far back as 2002, secretary of the State Board of Elections Jean Jansen said she only recently became aware it; meanwhile Hart InterCivic can't touch the machines until it performs a system-wide firmware upgrade next year, and even that is contingent upon certification from state regulators. The good news is that recent publicity about the issue has seemingly jostled Jansen out of her stupor and encouraged her to go on the offensive, as evidenced by her comment on the likelihood of fixes being in place by the 2007 elections: "You better believe it. If I have to personally get on a plane and bring Hart InterCivic people here myself, it'll be corrected." Hey, we're all for kidnapping programmers to fix these problems too, but bragging about it in the Post seems like a surefire way to get your felonious plans thwarted.
Dutch government orders reforms in response to hacked voting machines
Even though the issue of electronic voting security has yet to be taken seriously in the United States (we're looking at you, Diebold), the Dutch government appears to be very concerned about the shenanigans that hackers recently pulled with one of Nedap/Groenendaal's old-school machines, and has taken several steps to ensure that the equipment is as hack-proof as possible prior to the November 22nd national elections. According to a translated article on the site Nu.nl, officials have ordered Nedap to double-check every single terminal, replace all of the weak software, and install unflashable firmware so that the simple "Diebold memory hack" can't be replicated in the Netherlands. Furthermore, all of the machines will be retrofitted with an iron seal that will presumably prevent unnoticeable access to their innards, and two additional independent checks will be performed to add another layer of redundancy: a certification institute will make sure that Nedap has performed all of the necessary upgrades, and the machines will be spot-checked for accuracy once again on election day. Finally, the Dutch intelligence service AIVD will reportedly look into the RF emissions that enable snoopers to wirelessly establish a vote tally, although it doesn't sound like the inquiry will have any immediate effect on this gaping security hole. Despite these changes and increased oversight, though, it seems that the voting group responsible for the original hacks is still not confident that all of the problems have been solved; we certainly see their point, however, we'd suggest that a government that at least acknowledges and makes moves to alleviate these serious concerns is already far more progressive than one that seems to be waiting around for an e-voting "Enron" before taking the initiative to sort out this significant threat to the democratic process.[Via Slashdot]
Researchers show Diebold voting machines unsecure, citizens shocked
We're all for hacking stuff, generally, but hacking democracy for malicious purposes is just plain uncool. While no one's definitively proven that such a scenario has ever actually happened in real elections, vote-hacking remains a distinct possibility, given the state of our electronic voting equipment. If you were unconvinced the last time we covered this, of just how shoddy these Diebold voting machines are, here's another arrow in our quiver: Princeton University researchers have taken apart a Diebold machine, examined it from every angle, written a new paper on its flaws and have come to the following conclusions: 1) Malicious code "can steal votes with little if any risk of detection." 2) Said code can be installed in one minute or less. 3) The Dieblod machines run Windows CE 3.0 -- so, they're susceptible to viruses. 4) Some problems would require the entire replacing of hardware, yet another security risk. Still though, we would love to see a debate between the two candidates in this fictitious election: George Washington and Benedict Arnold.[Via Boing Boing]
Diebold Voting Machine hacked in four minutes flat
It's an old adage in politics that you need truckloads of money to get elected. Apparently you can now buy an election for what you'd spend in a few days on cups of coffee. Black Box Voting found that given $12 in tools, four minutes, and a little determination, you can access a Diebold voting machine's memory card, remove and replace it without a trace. This new development really isn't all that surprising given that it's been shown that these machines can be hacked in more than one way, even by monkeys. Concerned citizens, just switch to absentee paper ballots from now on -- it may be low-tech, but it's a hell of a lot more secure going the "old-fashioned" way.[Via Slashdot]
Diebold machines fail in Alaska primary
When you hear the words "electronic voting machines" and "problems" in the same sentence, you don't have to be a rocket scientist to infer that our old friend Diebold is somehow involved. The latest chapter in the company's woeful history of security lapses and tampering accusations comes courtesy of Tuesday's primary election in the great state of Alaska, where several of Diebold's "high-tech" touchscreen units were unable to use their dial-up modems to upload voting results to the Division of Elections' central servers due to an inability to pick up dial-tones and "other problems." Apparently thirteen total precincts experienced the issues, forcing election workers to toil into the wee morning hours manually uploading their data and getting it to sync with the overall numbers. The Director of Elections, Whitney Brewster, attempted to reassure voters that the integrity of the process had not been compromised by pointing out that "just because they're not being uploaded doesn't mean they're not being recorded accurately." That's probably true, but with all the scrutiny and negative publicity surrounding the company, it's going to be hard to convince some folks that any election involving Diebolds's products is ever on the level.[Via Slashdot]
More security woes for Diebold
It's no secret that Diebold's electronic voting gear is, um, a little lax in the security department, and now a non-profit group known as the Open Voting Foundation has found "what may be the worst security flaw we have [ever] seen in touch screen voting machines" in the company's older TS model. Apparently these devices -- which produce no paper record of voters' choices -- contain a switch on the internal motherboard (pictured above, with handy onboard instructions) that would allow nefarious hackers to toggle between the two pre-installed boot profiles and "change literally everything regarding how the machine works and counts votes." Even worse, the board also sports a slot for external flash memory from which a third profile could be "field-added in minutes," allowing unsavory characters to overwrite certified files with their own data before switching the machine back to its unaltered state -- with no one the wiser. It looks like Diebold has two options for addressing this nagging problem: either they can open up their machines and source code to a thorough external audit and adopt the resulting suggestions (unlikely), or they can take the simpler route and just get their friends in Washington make it illegal for rabble-rousers like the Open Voting Foundation to play with their toys.[Via The Register]
