Examining The Possibility Of A Bug In Sarasota's Voting Machines
from the still-seems-possible dept
Earlier this week, we noted that the press was a little bit hasty in claiming that the e-voting machines in Sarasota County, Florida had no problems. That wasn't what the actual study found. It simply found no evidence of problems in the source code -- which is quite different. Ed Felten continues to examine the situation and details why the lost votes seem consistent with a typical computer bug in the software. He's not arguing that it definitely was a glitch in the code, but simply that there's enough evidence that you shouldn't rule it out. His reasoning is that similar bugs have been found in other e-voting software, the undercount behavior is consistent with a common type of computer bug and that the study report from last week would have been unlikely to find that bug. However, perhaps the most interesting point is his pointer to two studies of the e-voting machines that found that machines that showed more undervotes tended to have been treated slightly differently. Machines that were set up a certain way and which were cleared and tested right before election day tended to have higher incidents of undervotes -- suggesting that the activities in setting them up may have triggered a memory error or buffer overrun, which could explain the errors. It's this type of analysis that suggest that a more thorough examination of the machines and the software used would be quite useful -- rather than a very limited test of just the source code. There's no compelling reason why further test shouldn't be allowed.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Test, test, and test again
These voting machines should have been brutalized before ever being allowed into public. They should have had every security breach brought to light, so that whatever weaknesses they had could be monitored. Even if they think it would have posed a security risk to let outside testing take place, it would have at least given users a list of things to watch out for. As it stands, the same flaws exist, but now if they are exploited, no one knows it's there except the person exploiting it.
[ link to this | view in thread ]
WTF?
If Bittorrent verified files the way these voting machines count votes, nobody would ever be able to share any files!
[ link to this | view in thread ]
critical systems
The central fallacy is that voting needs to be cheap. It doesn't. The very idea is absurd. A primary function of a democratic state is to hold free and fair elections. That responsibility should be carried out at whatever cost, after which other budgets like military spending and healthcare come second.
In all countries you will find that poll and counting stations can be manned by entirely voluntary staff, usually older/retired people who will do it as a matter of patriotic duty. If they are recruited and screened from middle class backgrounds they are virtually impossible to corrupt or bribe.
The problems with electronic voting are so enormous that to even consider it at this stage of history is suicide for the democratic system, - (crucially) the faith of the people in that system.
As Casper points out, program proving is very difficult. Combinatorial explosion makes exhaustive testing of even a few hundred lines of code impossible in human timescales. Methods such as VDM /Z onto an ADA type language may be sufficient to give you the same confidence as that used for medical robotics and missile systems, but frankly that isn't good enough. Critical systems cannot be tested exhaustively and voting machines are *THE* critical system. What is the point of having virtually impenetrable security for your nuclear weapons system if a devils like the Bush administration can steal an election and then have access to the codes by the front door? If you use E-voting then right now the democratic process is actually the point of greatest weakness in all national security.
I am interested in Newobs comments. A distributed topology is a very interesting proposal. But the complexity explodes. With an n* topology, or a complete graph in which every node talks to every other node and replicates its data, yes you have a very robust system for maintaining data integrity, but at the expense of complexity. A proper E-voting solution, if we ever get to the stage where such a thing can be trusted, should be extremely simple and elegant, to the extent that a non-programmer can understand and check the code. It goes without saying that any E-voting system *must* be open source with the code published and verified that each machine is running that code on the day. Closed solutions are not acceptable in any form.
Every computer scientist who understands these issues is telling governments the same thing, that tin boxes, paper and markers are a superior solution. But governments are so enchanted by the technology snake oil salesman of companies who hope to make a huge profit on elections that they are blind to the perils.
I would not trust a computer system to elect my government, even if I designed it and hand wrote the code myself.
[ link to this | view in thread ]
E-fraud
ability to commit E-fraud. Dead people have been
voting and voting often for as long as there have been
elections. That messy paper trail makes it possible to
prove sometimes... or maybe a box of ballots ends
up in some basement.
Now there is no physical evidence of fraud and the
E-voting systems designers seem to have devoted
little thought to fraud prevention.
I'm voting for distributed storage and verification
as well... five or six times if I can manage it.
[ link to this | view in thread ]
E-fraud
ability to commit E-fraud. Dead people have been
voting and voting often for as long as there have been
elections. That messy paper trail makes it possible to
prove sometimes... or maybe a box of ballots ends
up in some basement.
Now there is no physical evidence of fraud and the
E-voting systems designers seem to have devoted
little thought to fraud prevention.
I'm voting for distributed storage and verification
as well... five or six times if I can manage it.
[ link to this | view in thread ]
I'm sure both major parties are participating in this 'bug'.
lol
I agree with the above - Electronic Voting is only a 'plus' for those looking to fraud the system.
You all are right though - they should have put the machines out there... set them up somewhere and offered 15,000 bucks to anyone that could hack it and show how.
Keep doing that a while...
I'm sure you'll work out the bugs :)
Err - well the software ones anyway. The 'bugs' in suits who's faces you see on TV every other year... we'll need a BIG can of bug spray for that lot.
Actually if Diebold and the others are so *confident* these machines arer in fact secure - why don't they put one out and offer 5 million to anyone that can hack it - or perhaps they aren't quite that sure it's secure, huh?
Maybe I'll start to believe them when they put their money where their mouth is. Otherwise, why bother voting? Some election fraudster will for you anyway. Guess it's just a question now of how many people are willing to risk jail time for 'their political party'.
[ link to this | view in thread ]
Yeah, evoting machines suck, but...
"Programmers know the kind of bug I’m talking about: an error in memory management, or a buffer overrun, or a race condition, which causes subtle corruption in a program’s data structures."
He didn't identify any one "bug", he listed a whole slew of possibilities. The equivalent car metaphor (sorry) is:
"Drivers know why their car didn't start; out of gas, no oil, or a cracked engine block"
Overvagueness doesn't help -- test the software & find the issues. Make the software opensource, have many people review, and have the top minds in information assurance scan the code as an academic exercise. It'll be fun!
[ link to this | view in thread ]
What's it mean to vote anyway?
People vote with their actions and the internet is becoming a medium for anybody to act or express themselves without fear of reprisal. That is why authority often finds the internet threatening. But this business of counting heads for this rich guy or that rich guy to be our puppet leader; or for this proposal or that proposal for the entrenched powers to approve, will never represent the majority of people want.
Nations will come to an end before voting practices, mechanical or electronic, are removed of corruption. Nations exist to separate people into arbitrary groups; nationality is not a genetic trait; it is a concept that binds people to one in-group and against other groups.
But the internet is bringing people of every nationality together. Soon the notion of one government per land mass will be ridiculous. Why should policies be based on such broad concepts of location and narrow concepts of humanity? We are all equally human beings. People can represent themselves and make their own rules for themselves and other people with like minds, if nations don't bring Armageddon first.
Most of the laws that governments enforce are a codification of one group's morality, and enforcement always comes at the cost of denying someone else's morality. But world societies are not really as different as authorities would lead us to believe; a drug that is illegal here is legal over there, but so what? It doesn't make the people a different species.
I guess what I'm getting at is that we have to broaden the meaning of what we consider 'voting.' Voting has come to mean a dry process of approval or disapproval. But no human being can be reduced to a series of approvals or disapprovals. Our interactions over great distances and in relation to local policies are becoming much more dynamic as more people communicate more freely. This is a good thing. No longer do we have to use crude tools like the military to explore foreign lands. We can talk to other people directly and say exactly what we want to.
Of course most people are not on the internet, but the principle is the same for everybody. We can vote with our actions, and our actions can be very complex. We can give food or water or other resources directly to people; or give them ideas if we want to; we don't all need to give the world one uniform treatment with our approval or disapproval by a pale process we call 'voting.'
[ link to this | view in thread ]
Re: Yeah, evoting machines suck, but...
You're obviously new to this whole e-voting testing issue - welcome to the wonderful world of e-voting, if you care about your country I guarantee you that 2 hours research will have you either crying or punching walls - entirely up to you which ;0)
Ed is one of the good guys - he is constantly demanding to congress, elections offices, courts (anyone who will listen and a fair few who won't) that these machines SHOULD be fully tested
His comments are based on the very limited amount of testing he and others have been allowed to perform. Due to the fact that they never get allowed to conduct a complete test (with all machines and software that would be used in an election) this is the best he is able to come up with. Basically that what he has seen is consistent with a software bug but but that he can't narrow it down with the information he doesn't have...
This is possibly one of the most key problems in the US today - I suggest you take off your partisan hat if you have one and start investigating, doing a search on techdirt (top-right) for the word 'vote' would be a good way to start
Good luck and remember to question everything!
[ link to this | view in thread ]
Voting Machines
[ link to this | view in thread ]
SARASOTA VOTING MACHINES
[ link to this | view in thread ]