Voting machines easier to rig than slot machines?

[Joe Sick]

Does everyone agree that something needs to be done about how we vote?

You would think Diebold could at least come up with some type of paper trail, since they millions of ATMs.

How hard could this software be write?

(Please leave out comments about dead people voting and/or Bush being elected fraudulently.)

It's easier to rig an electronic voting machine than a Las Vegas slot machine, says University of Pennsylvania visiting professor Steve Freeman. That's because Vegas slots are better monitored and regulated than America's voting machines, Freeman writes in a book out in July that argues, among other things, that President Bush may owe his 2004 win to an unfair vote count. We'll wait to read his book before making a judgment about that. But Freeman has assembled comparisons that suggest Americans protect their vices more than they guard their rights, according to data he presented at an October meeting of the American Statistical Association in Philadelphia.

[carlsbadd]

edit...........

[carlsbadd]

The machines work best at correcting voter error. Voting errors went from 7% to .085% in the Ga elections.

These machines work very well when monitored properly.

The State of Maryland did extensive testing prior to elections on these machines to get the bugs out. These inspections were made by state officials, so that already is in direct conflict with the authors claim that the machines are calibrated by for profit compaines shosen by diebold

If properly tested and secured these machines cut voter error tremendously.

However , they are machines and by any means not foolproof, just like any other system there are going to be problems.

While a great stink has been made by giving voters receipts for their votes there is a problem there as well. What are you going to do with the receipts? What place does receipts have in a recount since they are not actual votes? I don't recall ever getting receipts in any election I have voted in to date.

If you want to give a paper receipt for conformation that you voted the way you intended then I can't see the harm in that.

I watched a lot of senate hearings on the use of these machines and it seemed that they worked pretty well overall.

[Larry]

While a great stink has been made by giving voters receipts for their votes there is a problem there as well. What are you going to do with the receipts? What place does receipts have in a recount since they are not actual votes? I don't recall ever getting receipts in any election I have voted in to date.

If you want to give a paper receipt for conformation that you voted the way you intended then I can't see the harm in that.

I watched a lot of senate hearings on the use of these machines and it seemed that they worked pretty well overall.

OTOH, it's a pretty safe bet that in all of the non-electronic voting you've done, there has been a paper record produced when you voted. (For example, you mark a sheet of paper, which is read by a scanner as it's sucked into the machine. The piece of paper, with your #2 pencil marks, still exists and can be audited.)

Diebold makes exactly one piece of tabulation equipment that doesn't at least offer the option of a paper audit trail. It's the voting machine.

FWIW, Larry's method for electronic voting: The machine produces a receipt showing who you voted for, and a carbon. (The carbon is retained by the machine.)

The voter verifies (or at least, he can, if he looks at the receipt) that what's on the paper matches the button he pushed. The carbon process pretty much guarantees that the carbon matches the receipt that the voter got.

After the election, the county (or whoever) publishes machine-by-machine vote totals. (On their web site, for example.)

A while after the election (like, a month later), the county picks a CPA firm. The CPAs pick 5% of the voting machines at random, and verify that the published, public, machine-by-machine totals match the paper record.

(If one machine out of 20 matches the paper record exactly, then it's a pretty safe bet that the other 19 machines haven't been skewed enough to tilt the election.)

After the audit, the carbon copies become public documents. If the local newspaper wants to go over the records for every single machine, then c'mon down to the courthouse and knock yourself out. If Joe Citizen wants to personally verify that the carbon copy down at the courthouse matches the receipt that he's kept for two months, then that's his right.

[Crazyhorse1]

The bottom line is that Diebold machines can be rigged and should be illegal in every state in the union. It's not enough to say that they haven't been; in our age, the American voter should be able to go to the polls with an absolute certainty that his vote will be recorded correctly. Anything else is total BS. and inexcusable. Every precaution, including a paper trail and adsolute guarantees of recounts, should be part and parcel of all elections.

[dreamingwolf]

OTOH, it's a pretty safe bet that in all of the non-electronic voting you've done, there has been a paper record produced when you voted. (For example, you mark a sheet of paper, which is read by a scanner as it's sucked into the machine. The piece of paper, with your #2 pencil marks, still exists and can be audited.)

Diebold makes exactly one piece of tabulation equipment that doesn't at least offer the option of a paper audit trail. It's the voting machine.

FWIW, Larry's method for electronic voting: The machine produces a receipt showing who you voted for, and a carbon. (The carbon is retained by the machine.)

The voter verifies (or at least, he can, if he looks at the receipt) that what's on the paper matches the button he pushed. The carbon process pretty much guarantees that the carbon matches the receipt that the voter got.

After the election, the county (or whoever) publishes machine-by-machine vote totals. (On their web site, for example.)

A while after the election (like, a month later), the county picks a CPA firm. The CPAs pick 5% of the voting machines at random, and verify that the published, public, machine-by-machine totals match the paper record.

(If one machine out of 20 matches the paper record exactly, then it's a pretty safe bet that the other 19 machines haven't been skewed enough to tilt the election.)

After the audit, the carbon copies become public documents. If the local newspaper wants to go over the records for every single machine, then c'mon down to the courthouse and knock yourself out. If Joe Citizen wants to personally verify that the carbon copy down at the courthouse matches the receipt that he's kept for two months, then that's his right.

You know I had the same thought when I was thinking how do we get the detractors to accept the electronic voting. The impasse I cant get arround is the voter having proof in possession of who he voted for, there are many bad things that this can lead to. Controlling husband demanding his wife to vote a certain way, parents dangling financial aide to see the reciept, the list can go on. Voting gets its truest votes when the voter believes his vote is secret, and that little reciept is a potential proof some voters might not want.

I think the happy middle ground is a paper back up of the electronic vote all contained inside the system. Kinda defeats the purpose of streamlining the system to save costs, and just like insurance its a waste unless something goes wrong.

[Winslowalrob]

Just vote by raising your hand. Thats how we got stuff rolling back in the day.

[Larry]

You know I had the same thought when I was thinking how do we get the detractors to accept the electronic voting. The impasse I cant get arround is the voter having proof in possession of who he voted for, there are many bad things that this can lead to. Controlling husband demanding his wife to vote a certain way, parents dangling financial aide to see the reciept, the list can go on. Voting gets its truest votes when the voter believes his vote is secret, and that little reciept is a potential proof some voters might not want.

I'd heard that argument used, and it makes sense.

However, I've thought of a counter-counter-argument to use against the (hypothetical) counter-argument (that a receipt would make "selling votes" possible):

The hypothetical abuses being cited are all possible right now, simply by using absentee voting proceedures.

Edit: The problem with an internal-only paper trail is that there's no proof that what's on the internal paper matches the button the voter pushed.

[Kilmer17]

Focusing specifically on one point (for starters of course), how does a paper trail eliminate fraud?

Couldnt the machines be rigged to say one thing on paper while registering another internally?

[Baculus]

Couldnt the machines be rigged to say one thing on paper while registering another internally?

In regards to the Diebold GEMS tabulation program, there is an exact mechanism in the application to allow this. There are two tables used for the voting tabulation in GEMS: One table displays the information to the application interface as the vote tally - the second table, which is not reported anywhere in ther user interface, is the ACTUAL tally that is reported as being the total reported votes. So you could, for example, report one set of numbers, which the election manager would see via a report, and the second set of numbers could be modified and totally different from the first. Voila, easy vote fraud. And the worst part is that, especially since the tables are Microsoft ACCESS tables, there is no report of such a modification being made.

It is a totally insecure program. (And it is easy to modify the password for these tables as well, thanks to poor Access security.) Because of this, it is impossible for anyone to deny that the possibility of fraud DIDN'T happen because the means and method to committ such fraud has been present for several years. (EDIT: I had to change some wording here.)

In essence the application has a double booking system, which is a very easy method for fraud. It is ridiculous and to me, meant for fraud - why else would you have two tables for such a purpose, with one possibly reporting the one number and the second reporting another? If you examined the GEMS program, you can see the two tables. In fact, I have modified the second table, as explained above, and I was able to "hack" the vote without any sign that such a hack had occurred.

Thus, the issue shouldn't necessarily be about the voting machines, but the voting tabulation server software as well. After all, if I was going to hack a vote, that is where I'd committ the fraud. (Especially since some of the Diebold GEMS servers had remote access available via DUN.) It is ridiculously easy with Diebold.

BTW, folks have been discussing this issue even before the 2004 election, but people either seem to ignore this issue or believe that it is a mere conspiracy theory. It is silly, considering that is a real issue and one that can be easily witnessed with a copy of the GEMS app. and a little bit of technical ability.

[Kilmer17]

Anyone who thinks fraud is something new to politics needs to do some more homework.

[gchwood]

I am still trying to figure out hanging and dimpled chads

[Baculus]

Yeah, fraud has been happening for years and years. If someone wants to win bad enough, they'll find a reason to committ such fraud, too. This is for both Democrats and Republicans.

Electronic voting, at least via companies such a DIEBOLD with poorly designly (or intentionally hackable) software just made it easier, too. And if you look at the head or corporate boards of the top eletronic voting companies, such as DIEBOLD and ES&S, and you discover they are all either involved with the Republican party in some capacity or former national security and intelligence (NSA, CIA, etc...), then it is easy to become suspicious. After all, if someone wants to control or change the vote, all you have to do is control the means of the voting in the right regions or states. It wouldn't take a huge conspiracy for such an event to occur.

[CaliforniaSkin]

Focusing specifically on one point (for starters of course), how does a paper trail eliminate fraud?

Couldnt the machines be rigged to say one thing on paper while registering another internally?

Sure it could. The idea is to have the voting machine produce a paper receipt that is then dropped into a ballot box of some kind. The receipts (a copy of which may more may not be given to the voter to keep) can later be counted to verify the total from the machine or a certain percentages of the machines. A paper trail doesn't eliminate fraud per se, but it allows a mechanism to check for fraud.

[Baculus]

The State of Maryland did extensive testing prior to elections on these machines to get the bugs out. These inspections were made by state officials, so that already is in direct conflict with the authors claim that the machines are calibrated by for profit compaines shosen by diebold

If properly tested and secured these machines cut voter error tremendously.

The Diebold voting machines have been decertified in several states due to fradulent inspections by individuals connected to Diebold. For example, in California, the inspector signed off that the security and other areas of the application were tested, when in fact they have not. This was also related to the reason why the Diebold machines were decertified in North Carolina, I believe.

Also, another issue with fraud can occur if the state body responsbile for oversight either refuses to act or actually creates fraud itself. Case in point, Ken Blackwell's actions in Ohio that broke actual state law. This has yet to be fully explained, and no actions were taken when such laws were violated.

[Larry]

Focusing specifically on one point (for starters of course), how does a paper trail eliminate fraud?

Couldnt the machines be rigged to say one thing on paper while registering another internally?

Well, in the Larry method (print a receipt and keep a carbon), the security is

• The voter verifies that what got printed equals what he wanted.
  
• The carbon process makes it a pretty safe bet that the internal, retained, copy matches the voter-supplied original.
  
• An audit after the fact of randomly selected machines verifies that the electronic total matches the paper total.
  

If the machine changes the vote before it prints it, the voter will (or at least, may,) spot it.

If the machine changes the vote after it prints it, then the audit will catch it.

[Larry]

Re: GEMS:

As I understand it, one of the most-publicised vulnerabilities of the program is that the tabulation total table doesn't keep track of how many voters voted for a candidate's name, but for a candidate number.

I've read that, supposedly, anyone who knows what he's doing can stick a standard PCMCIA memory card into the machine, copy the vote table to the card, transfer the card to a laptop that has MS Access installed, and alter the table that relates candidate number to candidate name.

Poof! George Bush and John Kerry just swapped votes.

Supposedly, there's not even a password required.

[Kilmer17]

Nothing stops the machine from printing out Dem and registering GOP.

The voter thinks the vote is counted, the machine counts it wrong, and the audit still shows it's fine.

Unless you are suggesting that the machines actually keep the carbon copies. In which case, what's the point of having machines in the first place?

Why not give everyone a pencil and piece of paper and have them write it down themselves?

[Larry]

I vote for Spock. I get a receipt that says "You voted for Spock". The carbon says "You voted for Spock."

The readout at the end of the day says "1701 votes for Spock". The audit verifies that the carbon says "You voted for Spock" 1701 times.

(The answer to your question "Why not give everyone a pencil?" is: Then some machine has to read the pencil marks. Such machines typically mis-read the voter's handwriting 2-3% of the time. And with elections nowdays being decided by one-half of a percent, 2-3% error looks bad.)

[Baculus]

I've read that, supposedly, anyone who knows what he's doing can stick a standard PCMCIA memory card into the machine, copy the vote table to the card, transfer the card to a laptop that has MS Access installed, and alter the table that relates candidate number to candidate name.

Poof! George Bush and John Kerry just swapped votes.

Supposedly, there's not even a password required.

From what I saw, the issue is how I described it earlier, except, in my rush from multitasking at work, I may have described it wrong. There are two different FIELDS, and not tables, that tally the votes, with one of the fields being responsible for the actualy vote tallies. (It has been a year since I have done it, so excuse any errors.) And you can copy the vote table to any method, including a 3.5" disc. (Some believe the accused voting fraud in Florida was conducted in this method when Gore lost about 40,000 votes in one district in that state. The official story released by the state was that this was caused by a "faulty floppy.") And, of course, such moving or overwriting of data, conducted in such a casual method, is still hard to detect...Especially considering that, and this is almost worse, GEMS was often running on WINDOWS 98, which is notorious for a complete lack of security.

There is a small attempt at a password, but that can be defeated with a copy and paste method for the password.

Nothing stops the machine from printing out Dem and registering GOP.

The voter thinks the vote is counted, the machine counts it wrong, and the audit still shows it's fine.

That is the exact problem and has been the basis for vaote fraud accusations. And as I mentioned earlier, the audit reports it as being A-OK, but the second tabulation field will report a different number. It is quite clever.

BY the way, if you guys want to download and try the GEMS hack for youself, visit the following page:

http://www.equalccw.com/dieboldtestnotes.html

Bradblog has been talking about this issue:

http://www.bradblog.com/archives/00001838.htm

And the website that first discussed the GEMS security and voting flaws:

http://www.blackboxvoting.org/

[Kilmer17]

It can still be hacked Larry.

After you vote for spock, the machine changes the vote to Kirk.

Then the audit shows 1700 Spock votes.

Are there places within the machines to keep the carbons and insure that they arent removed or simply fall out?

And at that point, we are right back to square one, why have a machine?

My own opinion is do it all by hand. We can wait a few weeks for election results.

[Baculus]

I vote for Spock. I get a receipt that says "You voted for Spock". The carbon says "You voted for Spock."

The readout at the end of the day says "1701 votes for Spock". The audit verifies that the carbon says "You voted for Spock" 1701 times.

This is all good, but it is more than that. First, the companies that are involved need to be removed. For example, when the recount was occuring in Ohio during the last Presidential election, employees of either Diebold or ES&S were going to different polling stations and telling the workers what number to report, no matter their recount tallies. So we have this culture of "vote determination" that appears to be developing and almost permissive.

Second, too many of the electronic voting companies have two many ties with the system - after all, if such corruption exists, what would stop a political party or special interest group from setting up these companies with the PRIMARY AIM of controlling the vote, either for state or national elections? An example of this would be Chuck Hagel being the head of the company that made the voting machines which tallied the majority of the votes in the state of Nebraska. Mr. Hagel runs for office in Nebraska and, surprise, surprise, he becomes the first Republican in 24 years to win. What a coincidence!

Third, we need folks, involved in this state election boards that are not involved with either party. Case in point, Bev Harris and Blackwell, both of whom were in extremely important, sensitive positions at crucial junctions of the vote in swing states.

Heck, this is just the state of the issues - I guess it is a matter of dealing with one problem at a time.

[Baculus]

My own opinion is do it all by hand. We can wait a few weeks for election results.

That is my thought - hand counting is still shown as being the most accurate method to use. It may seem primitive, but that may be the best way to do it. This protects everyone concerned, from every party, since voting fraud has been a multi-party issue.

[CaliforniaSkin]

It can still be hacked Larry.

After you vote for spock, the machine changes the vote to Kirk.

Then the audit shows 1700 Spock votes.

Are there places within the machines to keep the carbons and insure that they arent removed or simply fall out?

And at that point, we are right back to square one, why have a machine?

My own opinion is do it all by hand. We can wait a few weeks for election results.

There would either be places within the machines to keep the carbons or there would be ballot boxes in which to drop the carbons.

The reason to have a machine is to stop the errors that occur because of mismarked ballots, hanging chads etc..

You could randomly select machines to audit and assuming there was no error in 5% (or any other percentage large enough to be statistically significant) of the machines declare the voting safe.

[Kilmer17]

There would either be places within the machines to keep the carbons or there would be ballot boxes in which to drop the carbons.

The reason to have a machine is to stop the errors that occur because of mismarked ballots, hanging chads etc..

You could randomly select machines to audit and assuming there was no error in 5% (or any other percentage large enough to be statistically significant) of the machines declare the voting safe.

Until people start claiming the forgot and took the carbon with them instead of leaving it.