
Diebold voting machines can be hacked by remote control - FreeKill
http://www.salon.com/news/2012_elections/index.html?story=/politics/elections/2011/09/27/votinghack
======
JonnieCache
For a very comprehensive rundown of all the awful things about electronic
voting from someone who has been researching it for 12 years, see the
following hour long talk given at google:

Electronic and Internet Voting (The Threat of Internet Voting in Public
Elections) <http://www.youtube.com/watch?v=_GjmRwfkRXY>

It goes through all the highly nontrivial challenges around holding an
election, and discusses the major failings of the technology over the years.
(Mostly diebold gear as you might imagine.)

------
Aloisius
Oh for the love of Pete. Why are the voting machines connected to the tallying
devices?

Wouldn't it be safer to have the voting machine output a machine readable
ballot that is then read by a generic non-election specific scantron-like
machine that has no understanding of what it is scanning?

------
ChuckMcM
Obligatory shout out: <http://homepage.mac.com/rcareaga/diebold/adworks.htm>

This is another interesting case to follow. Matt Blaze's work here is also
telling (they found a bunch of software exploits). I wonder about the forces
pushing electronic voting when there are so many issues unresolved. Perhaps
Anonymous should elect itself President. That would wake some folks up.

~~~
specialist
I like the "vapor" poster. I wish I had thought of "voter verified vapor audit
trail" back when I was fighting against these touchscreens.

------
DanielBMarkham
Having thought about this a bit, I don't see how you do electronic voting
without giving the voter a receipt that contains a sequence number, timestamp,
and current status of the machine. All encrypted, of course. That way the
paper trail can be reassembled if necessary to see if it matches the end
state. Hope that was explanatory enough. It also partially distributes
oversight authority to all the voters instead of having it all at the poll.

~~~
InclinedPlane
There's no point in maintaining a distributed paper trail, since actually
making use of it would violate anonymity and be a gigantic hassle, you might
as well just keep the paper trail centralized. And if you're doing that then
you might as well just go back to electronically scanned paper ballots.

------
misterbwong
Someone with more knowledge of this please tell me: Why is physical access to
the voting machine innards allowed at all? Why isn't the machine glued shut
with some color changing seals to show tampering?

It doesn't seem like poll workers (or anyone other than the manufacturer, for
that matter) would need access to the internals. If a machine is broken, send
it back or fall back to paper voting.

~~~
rhizome
For no particular reason, the prevailing stance is to avoid paper fallback so
they want to preserve the ability for pollworkers to deal with problems
themselves. I know, "what could possibly go wrong with that?"

There is nothing in the electronic voting debate that won't make you scratch
your head wondering why they don't use known-good techniques. The only time-
worthy thing to do is to oppose them until open-source solutions are accepted.
Everything else will be a through-and-through scam by Diebold or one of their
cohorts.

~~~
jerf
"The only time-worthy thing to do is to oppose them until open-source
solutions are accepted."

Meh, I'm still unconvinced by the virtues of electronic voting at all, open
source or otherwise. Little electronic currents simply have less mass than
pencil marks on paper, and I mean that in a number of ways, including the
fully literal one. A full accounting of cost/benefits shows the costs to be
staggering once one accounts for the risks of tampering and the difficulty of
preventing it, and the benefits mind-bogglingly tiny. (Heck, even if one
merely accounts for the costs of _materials_ the cost/benefit analysis isn't
all that great.)

If it wasn't so darned _shiny_ and _high tech_ nobody would even consider
electronic voting. It's just technofetishism run amok.

~~~
ceejayoz
> If it wasn't so darned shiny and high tech nobody would even consider
> electronic voting.

Were you in a Nepalese monastery during the 2000 election or something?

~~~
jerf
See, that's an example of what I mean. You simple take it as given that
technology will simply solve the problem by virtue of being _TECHNOLOGICAL_ ,
when a moment's thought starts poking huge gaping holes in logic.

Suppose Florida is a close race again in alt-2000 where electronic voting is
widespread. But wait! In three precincts, close examination of the voting
machines reveals that they have been systematically tampered with, in exactly
the way described in this article, and the voting totals are unreliable.
Aaaaaandd...

... now what? Count the ballots again? Can't. No such thing. Re-add the wrong
numbers together for the wrong result? Hold the vote again in those precincts?
That's fraught with its own serious problems. The vote is just screwed and
there's basically nothing you can do about it.

"But the vote can be screwed with paper ballots too!" Yes, but it's _much
harder_ , leaves a much larger and harder to forge trail, requires vastly more
effort, and is much easier to detect. (Ye olde "Benford's Law" trick will work
only once, you know.) The question isn't whether computer voting "works", it's
whether it's _better_.

And, secretly, I palmed a card. I tampered with those voting machines _after_
the vote occurred. The vote numbers are totally accurate in my hypothetical
scenario! But good luck proving that in real life.

One thing that people don't often get is that voting isn't about choosing a
winner. Choosing winners is easy. It's about convincing the losers that they
lost, and that the process is fair, and it's far better for them to
participate in the Great Debate and sway people to their position and try to
win the next election, rather than forming an armed mob and going on a
rampage. Electronic voting machines make that outcome much harder. For once,
Hollywood-hackability works on our side and the pervasive message that all
computers are intrinsically infinitely hackable is not so far from the truth.

(... oh, and if you stay tuned for long enough, we'll be able to answer that
"Now What?" question sooner or later, because it is only a matter of time
before the body politic is literally faced with that question, instead of
merely hypothetically.)

~~~
ceejayoz
That electronic voting has problems doesn't in any way mean that paper voting
didn't have problems. The statement "nobody would even consider electronic
voting" is false. Plenty of people consider electronic voting because of the
hanging chads, photos of people with magnifying glasses peering at ballots,
etc.

~~~
jerf
Some evidence that you've actually read what you're replying to would be nice.
I made your own point better than you did when I went into more detail on the
problems with paper voting!

------
chester_wilton
Paper.

It works.

There is a _physical_ backup for recounts. It's verifiable. Its trustworthy,
and it's secret. If you want results faster. Volunteer at the voting place. If
you don't trust a voting place. Send an observer. All of this can and should
happen in secret in plain sight.

I know this is hard for us nerds to admit, but there are systems that do not
need to be, nor should be computerized.

~~~
jonknee
> There is a _physical_ backup for recounts. It's verifiable. Its trustworthy,
> and it's secret. If you want results faster. Volunteer at the voting place.
> If you don't trust a voting place. Send an observer. All of this can and
> should happen in secret in plain sight. I know this is hard for us nerds to
> admit, but there are systems that do not need to be, nor should be
> computerized.

Sort of. But a poll worker could toss out ballots and you'd have no idea. A
voter could toss in multiple (stolen) ballots and no one could stop it. Etc
etc. There are serious problems with electronic voting, but paper ballots
aren't immune to problems. Physical backups mean shit when the source is
fraudulent.

~~~
aw3c2
No idea where you live but in Germany you can be a volunteer if you desire to
monitor the process. Also you cannot put in multiple ballots. Each voter is
checked off a list, a mismatch between "people who came to vote" and "ballots
in the box" would be easy to spot.

~~~
jonknee
You can volunteer here in the US too, but what if the volunteer commits fraud?

If there's a mismatch, what would you do? It's a secret ballot so you can't
throw out the extra votes, you'd have to throw out all the votes in that
ballot box.

------
rbanffy
It's really a shame, because Diebold knows how to do better.

While not perfect, I think the Brazilian electronic ballots are not vulnerable
to most of the attacks I see being demonstrated against Diebold machines used
elsewhere (they are certainly not as easy to attack as the one on the video).
And Diebold has the know-how in house because they acquired Procomp, the
company who won the last couple competitions to provide them.

I worked on the Unisys version (which was the last competition Diebold/Procomp
didn't win, IIRC) and I distinctly remember our discussions about possible
exploit scenarios and how to counter them (sometimes, with physical handling
protocols and tamper-proof seals).

------
mrinterweb
Tampering attempts could be easily detected with a paper log of votes. All
that is needed is a paper based receipt logger installed in each voting
machine. If tampering is suspected, review the paper log.

~~~
ejames
Unfortunately, it's not quite that simple.

An advantage of electronic voting is that the machines can be designed for use
by the blind. This is in fact one of the goals written into the act of
Congress which funded the development of the machines originally.

Political advocacy groups for the blind oppose using paper logging, because it
would mean that the only authoritative record of the vote is the one that
blind people cannot personally confirm.

A machine could read the paper out to the blind vote, but that just changes
which electronic device you have to trust to report the vote correctly.

A sighted person could confirm the ballot for them, but that was already
possible in the past (and was how the blind voted until now). Electronic
voting was an advance for the blind specifically because an individual could
vote on their own with no assistance other than that provided by the machine.

From a security perspective, it is at least as plausible that the sighted
assistant would manipulate the vote of the blind person as it is plausible
that a hacker would manipulate the votes on an electronic system.

It can be argued that although both scenarios are plausible, hacking is more
likely and has a larger impact, but arguments based on relative costs and
benefits are a poor match for an emotional debate on civil rights.

~~~
r00fus
Can't the printed log be output in braille as well as ASCII?

The blind voting advocacy groups sound like they are completely against
anything that allows a vote log to be confirmable outside the (extremely
vulnerable) blackbox voting machine. I begin to wonder where their funding
comes from.

~~~
eru
They might even make the Braille version the authorative one in case of
discrepancies. It's easy enough for a sighted person to learn enough Braille
to distinguish choices on a voting ballot.

------
janesvilleseo
Why can't I verify my vote?

Get a print out, then go online, punch in my number and confirm my vote.

Wouldn't this solve a lot of problems? Of course not everyone would confirm
their vote, but I am sure the math can be done to see if everything checks
out. Just like exit polls.

~~~
atlbeer
Not giving poll receipts comes from a sorted history of people coercing people
to vote got a certain candidate.

"Vote for the right person or you'll be fired. Show me the receipt"

------
sp332
Funny, the attack only requires an "eighth grade science education" to execute
but it took the Vulnerability Assessment Team of the Nuclear Engineering
Division of the Argonne National Laboratory to develop it.

edited for clarity.

~~~
blahedo
So? Some web exploits can be used by script kiddies while others require
active skilled-programmer intervention, although both kinds require a clever
hacker to figure them out in the first place, and we find that a useful
distinction to make as well.

------
gasull
More info (although old news):

<http://www.bradblog.com/?p=1839>

<http://www.bradblog.com/?p=3467>

------
sp332
I'll just leave this resource here: <http://www.blackboxvoting.org/>

~~~
waqf
If that resource wants to be taken seriously it could start by getting a web
design that doesn't scream "quack".

------
stinky613
Obligatory xkcd reference: <http://xkcd.com/463/>

------
Natsu
I thought they were called Premier Election Systems these days. Or am I
confused?

------
cantastoria
Ah I see they're already gearing up for their "Republicans stole the election
(again)" series when Obama loses next year. Although I think this is jumping
the gun a bit. Funny how these lab tests never seem to be done when it look
like a Democrat is going to win (or won).

~~~
jcromartie
There was plenty of voting machine hack news in 2008.

~~~
cantastoria
Maybe but nothing like 2004. The RFK Rolling Stone article, HBO documentaries,
hell Black Box Voting was founded that year.

In 2008, the NYT was publishing opinion pieces about "The Myth of Voter Fraud"
<http://www.nytimes.com/2008/05/13/opinion/13tue1.html>

Trust me this will be a front page issue again in 2012 The irony of course is
that calling into question the validity of an election is the oldest form of
election rigging there is.

~~~
bluedanieru
Nope, it was a big deal both times. This is confirmation bias on your part,
simple as that.

