ACTION: Diebold Fails Another Security Test -- Demand Answers From S.O.S.

video on their site is slow (0.00 / 0)

Try YouTube. Email the link to everyone you know, Democrats, Republicans, apolitical, whatever. People need to see this!

---

by: CarlsbadDem @ Thu Sep 14, 2006 at 17:38:25 PM UTC

thanks n/t (3.00 / 1)

---

by: Todd Beeton @ Thu Sep 14, 2006 at 18:23:06 PM UTC

[ Parent ]

do you have a list of who uses what? (0.00 / 0)

I've been trying all day (in between work heh) to find a list of which counties in CA will use what for Nov. It would also be nice to know which counties if any have used the AccuvoteTS in the past. I tried even just finding out what San Diego county is using. The registrar of voters site didn't have any specifics other than a call for volunteer poll workers, with assignments including "touchscreen inspectors" whose responsibilities, among other things, includes driving the machines in their car to the polling place the night before (!!), and driving them back to the registrar after polls close. But no naming the machine specifically, or even the vendor. Then I found this "how to vote" video, that appears to have a voter-verified paper trail, which is GOOD. But still no specific make & model #'s, are all preccints using this??, etc.

---

by: CarlsbadDem @ Thu Sep 14, 2006 at 19:54:12 PM UTC

OK, CA may not use this machine after all (0.00 / 0)

This study tested the Accuvote TS machine and as you can see HERE, McPherson certified TSX for use in California.

This may be what Diebold meant when they said in their response that the security software used in the test is "2 generations old."

I'll be back with McPherson's official response when it comes and will stay on this.

---

by: Todd Beeton @ Fri Sep 15, 2006 at 00:21:49 AM UTC

[ Parent ]

well its a mistake to think this is the only problem (0.00 / 0)

Any comparable product will have a comparable vulnerability. Any vendor, even the non-Diebold ones. If you have a single-pane glass window on your house, one potential way of breaking into your house is to break the window. It doesn't matter which builder built your house, or what brand the window is. The fundamental setup is the same, the vulnerability will be there. Same thing for voting.

Basically any system that doesn't have a VOTER-VERIFIED paper trail is totally unacceptable.

Other problems include machines being out of sight of the public AT ANY TIME. The whole "sleepover" thing (where machines are sent to polling places, including personal residences, day(s) in advance of the election) is horrible. As the video shows, you only need one minute. Imagine all night! Also, many machines have a demo/test mode. This is a horrible idea because it tells the machine this isn't a real election. So it is ridiculously easy for the hack software to appear normal for the test, and steal votes in non-test mode only. But even these problems are largely mitigated by having the voter-verified paper trail.

---

by: CarlsbadDem @ Fri Sep 15, 2006 at 04:37:51 AM UTC

[ Parent ]

I would assume the paper records would be kept (0.00 / 0)

just like a normal paper ballot so people could just count them?

I think?

---

by: Brian Leubitz @ Fri Sep 15, 2006 at 05:06:00 AM UTC

[ Parent ]

ya (0.00 / 0)

Voter-verified paper trail means that you use a touchscreen (or similar) to vote, but instead of just the software keeping count, invisible to everyone (therefore hackable and impossible to detect the hack), it prints out what you did on paper. The voter can view that paper through a window. They make sure that it matches what they want. If it does, they say accept and it drops into an attached locked ballot box. If not, it goes down a different chute into the trash (or shredded/overwritten/etc).

If there is any question about the total that the software kept, you open the box and recount the paper ballots. One nice thing is that this is better than voter-marked ballots, because machine marking is obviously more precise and uniform (no hanging chads, incomplete erasing of scantron, etc).

Basically it is like regular voting but the machine marks your ballot for you. Also the touchscreen can do nice things like easily show many different languages, protect against over-voting, etc. And again, the marking of the ballot is more precise/uniform than when you let people do it.

---

by: CarlsbadDem @ Fri Sep 15, 2006 at 06:08:36 AM UTC

[ Parent ]

You answered my question completely (0.00 / 0)

It's what I thought.  It makes sense, and seems relatively easy to accomplish.  Why could anybody be against this other than to pervert democracy?

Ah those perverts...

I think?

---

by: Brian Leubitz @ Fri Sep 15, 2006 at 15:22:02 PM UTC

[ Parent ]

glad to know countless thousands of dollars (0.00 / 0)

spent on my CS education wasn't a waste, haha.

---

by: CarlsbadDem @ Fri Sep 15, 2006 at 16:00:40 PM UTC

[ Parent ]

not sure exactly what your question is (0.00 / 0)

But just to be extra-clear, the Diebold TS machine (like in the video) does NOT keep a paper record at all! The printer you see in the video is only used at the very end of the election--it prints out the final tally. In the mean time, nobody knows what the hell was happening inside, least of all the voter. Doesn't take Sherlock to figure out that's the worst idea ever!!

---

by: CarlsbadDem @ Fri Sep 15, 2006 at 06:19:07 AM UTC

[ Parent ]

I was under the impression... (0.00 / 0)

that a paper trail is required in California. but perhaps not a "voter verified" one?

---

by: Todd Beeton @ Fri Sep 15, 2006 at 19:01:32 PM UTC

[ Parent ]

yeah that sounds very familiar (0.00 / 0)

... Ok I double checked the details and you're right. SoS Shelley announced in 2003 that he would require all machines used in CA to have a voter-verified paper-trail by July 2006. (link) That makes sense because I recently voted on a machine WITHOUT such a paper trail, but the policy wasn't in force until a month ago.

California will become the first state requiring all electronic voting machines produce a voter-verifiable paper receipt.
...
With a receipt, voters will be able to verify that their ballots have been properly cast. However, they will not be allowed to keep the receipts, which will be stored at voting precincts and used for a recount if any voting irregularities arise.

Beginning July 1, 2005, counties will not be able to purchase any machine that does not produce a paper trail. As of July 2006, all machines, no matter when they were purchased, must offer a voter-verifiable paper audit trail. This means machines currently in use by four counties in the state will have to be fitted with new printers to meet the requirement.

The article doesn't say anything about this being a law, it sounds more like it is just a policy announcement by Shelley. I don't know how binding it is now that we have McPhearson.

---

by: CarlsbadDem @ Fri Sep 15, 2006 at 21:02:15 PM UTC

[ Parent ]

intent vs implementation (4.00 / 1)

One of the things that's been disturbing to me, is that McPherson talks about these security precautions that should be taken with the machines, but is anyone enforcing those precautions at the county level?

For example, the SOS talks about maintaining the integrity of the chain of custody, but then the counties do a terrible job of enforcing that by allowing "sleepovers" for days and weeks before the elections. The county RoV's justify it by saying "that's the way we've always done it" or they talk about how we have to trust them.

My mama told me to never trust anyone who says, "trust me".

In addition to the obvious concerns about the machines themselves, I think there's a breakdown between what the state says should be done and what the counties are willing to do. There's a big gap between intent and implementation.

Right after the June election I sent an email to the SOS office asking about this specifically, but about 4-6 weeks later I got a form letter in response that didn't address my questions about enforcement of election security at the county level at all.

---

by: tface1000 @ Sat Sep 16, 2006 at 16:18:29 PM UTC