Diebold Finally Dumps E-Voting Division... But Sells It To Equally Problematic ES&S
from the that-makes-it-better? dept
Ah, Diebold. One of the "big three" e-voting providers out there, its name was the first one that got associated with the problems of e-voting machines, despite problems being found across the board in players in that space. I could never understand why the company continued to fight and deny problems with its machines after so much evidence was presented against them. The smart move would have been to admit that the machines had problems, work with security experts to solve them, and come out with better, safer machines. But that's not what happened. Instead, it stonewalled, denied problems, mocked those who exposed security flaws and kept pushing out questionable machines. Eventually, the stories got so bad, that Diebold realized it was having a seriously negative impact on its other lines of business (including ATMs), so it renamed the e-voting division "Premier Election Solutions" (as if people would forget) and went about trying to sell the thing off -- though, for years it couldn't find any takers.It took a while, but Diebold has finally found a buyer. ES&S has purchased Diebold's e-voting business for a mere $5 million plus some outstanding revenue. In classic Diebold fashion, the company has announced that it "would not be answering questions about the sale" -- because that's how you go about rebuilding trust.
Meanwhile, it's not like ES&S is any better. It, too, has had massive problems with its e-voting machines, while the company has a history of stonewalling attempts by gov't officials to review their code. Oh, and there's this: company memos showed that the company knew about some of the problems with its voting machines that were used in elections. And the most fun of all? When we questioned why e-voting companies didn't allow independent security researchers to examine machines, an ES&S employee showed up in our comments to call us all idiots.
Now, with the combined ES&S/Diebold/Premier, a ridiculous large percentage of the country's e-voting machines now belong to one company, with an amazingly long family tree of faulty machines and a history of attacking anyone who points out those flaws.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: e-voting, merger
Companies: diebold, es&s, premier
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
ess
Really, money changed hands, but back to the originals.
[ link to this | view in chronology ]
Yeah but ..
[ link to this | view in chronology ]
ATMs
[ link to this | view in chronology ]
http://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems
[ link to this | view in chronology ]
Re:
http://naveen.ksastry.com/papers/cryptovoting-usenix05.pdf
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Damn
Of course, fixing the damn thing is probably going to be a bit expensive.
Would the bad reputation and nearly useless existing codebase make up for whatever their existing contracts call for if you were to practically throw most of the existing software out.
[ link to this | view in chronology ]
Here's a thought.
Can one fashion an actual secure voting machine on this platform? My impression was that most (all?) of the problems was in the software implementation.
[ link to this | view in chronology ]
Re: Here's a thought.
[ link to this | view in chronology ]
Re: Here's a thought.
No. One cannot. It's instructive -- VERY instructive -- to read Schneier's brilliant and frightening brief essay, "Stealing an Election". It's here: http://www.schneier.com/crypto-gram-0404.html#4
Here's the money quote: "So when designing the security behind the software, one must assume an attacker with a $100M budget."
Schneier wrote that in 2004, so adjust for not only inflation but for changing political conditions. Consider for example that the health care industry is currently spending approximately $1.4M per DAY on lobbying efforts, which means that they're spending roughly $500M per year. So clearly, influencing the direction of politics (of which a portion is affecting the outcomes of elections) has monetary value to some entities, and some of them possess the cash to play the game.
Given that existing commercial voting systems are routinely shown to have appalling security flaws at all levels (design, implementation, etc.) I doubt that it would even require anything approaching that kind of budget to implement a viable plan to compromise them en masse. And of course there's always the old reliable standby: "Here's a suitcase with $10M", or its modern equivalent, "Here's a cushy do-nothing job with full benefits and stock options and a nice office and no responsibility other than to make sure you're not in the same room with a decision. Oh, and a golden parachute you can deploy if things start getting dicey".
[ link to this | view in chronology ]
Re: Re: Here's a thought.
But the question still stands. If you have the hardware such as what was just sold by Diebold/Premier, can you put secure software on it?
As suggested by the other AC, you'll at least need some way of verifying that the software in your voting machine matches your source code-- and not have the code that a black hat had sneaked onto the machine.
[ link to this | view in chronology ]
Re: Re: Re: Here's a thought.
However...even if we presume those steps and all the details surrounding them are designed, implemented, and audited to whatever lofty standards we would insist on: it's not enough.
It's not enough because -- with the kind of budget that Schneier posits (see my posting a few articles up) -- attackers can go after the hardware. As in "custom chips". With that kind of money available, that's a threat that you have to take seriously and design/build against...and that's not going to happen with the hardware that those systems currently use. It may not happen with any hardware available at reasonable cost.
The best solution with this is to drop the machines entirely. Other, more civilized countries use technology like "pencil and paper" accompanied with long-tested procedures to provide a combination that's highly resistant to individual fraud and even more so to large-scale fraud. We should use this as well, and be patient enough to wait a few days for results.
[ link to this | view in chronology ]
Re: Re: Re: Re: Here's a thought.
When you say "go after the hardware" do you mean gain possession of the voting machine, alter the hardware and/or software and put it back before they extract the voting results?
I'm asking this because the pencil/paper method has a known method of attack which involves the bad guys gaining possession of the ballot box, altering the contents of paper votes, and put it back before they extract the voting results from the ballot box.
Here I'll ask if it is reasonable that we hold the electronic voting to the same standard as pencil/paper voting.
This means, of course, that we train the poll workers to keep an eye on the voting machine the same way they would do for a ballot box full of votes. It is not acceptable if they don't.
It is also not acceptable if a voter in the voter booth can compromise the voting machine. Or worse, be able to compromise the votes in the other machines in the precinct or county.
[ link to this | view in chronology ]
Re: Re: Here's a thought.
A solution is possible, one that provably shows that your vote counted though it's not fullproof against vote flooding.
One solution is to have all the people who voted in each city listed by first and last name on a website. I go to a website, select my city, and all the people who voted are listed there.
Then, when I vote I am first given a number. I type in my vote after being given that number and write it down. I go to a website where everyone's number is listed, I make sure my vote is there right next to my number. Anyone and their mother can tally up the votes and everyone independently checks that their vote counted. It doesn't matter what software is on the computer, open source or closed source, etc... If the numbers don't add up you know something is wrong, there is NO getting around that. Of course there is the potential of vote flooding, making up false names in a city and putting votes. Perhaps the address of every voter can be listed as well, or perhaps the block, right next to their name so that people can say, "hey, no one by that name lives there." It would be risky trying to attempt a massive voter fraud. Also if they put in a vote for a dead person their relatives will see it on the website and they can blog about it and protest. Or if they say grandma voted and she didn't people granddaughter will see grandmas name on the list and ask grandma, "you didn't vote that day, you were sick" and tada, blogs, protests, blah blah blah, especially if this sort of thing happens on a massive scale.
The problem with this approach is that it leaves the possibility for coercion or selling your vote to whoever would pay you to vote for whomever they want since you can prove who you voted for to someone else. What you want is a system where you can prove to yourself who you voted for and that it tallied up in the count but you can't prove it to anyone else no matter what. In that regard, I have given you links where people have tried to solve the problem, you should read about them before assuming anything. It's not about open sourceness, it's about developing an end to end user verifiable voter system where each user can verify individually that their vote counted (no matter what software is being run, open source, closed source, hacked, with viruses, etc...) and was included in the tally of votes yet it disallows the user to be able to prove to anyone else who they voted for.
[ link to this | view in chronology ]
Re: Re: Re: Here's a thought.
[ link to this | view in chronology ]
Re: Re: Here's a thought.
With a well implemented end to end user verifiable voter system they're going to need A LOT MORE than $100M to cheat the system being that everyone and their mother would be putting billions upon BILLIONS of dollars worth of time and effort (in real GDP) investigating the issue to ensure that voter fraud did not occur. The fact that I can check on a website to ensure that my vote counted alone is $ worth of time and effort, everyone voting would do the same thing = $$$ worth of time and effort plus bloggers and everyone else investigating for vote flooding attacks = $$$$$$ worth of time and effort. A mass scale fraud would likely make people suspicious and they would post it on blogs along with the evidence that everyone can independently verify and you would have blogs, protests, huge outcry's and a disaster.
[ link to this | view in chronology ]
Re: Re: Re: Here's a thought.
[ link to this | view in chronology ]
Supposedly Neff's scheme solves the problem but I'm still reading that one. You might also want to see this one ( http://www.usenix.org/event/evt07/tech/full_papers/riva/riva.pdf ).
[ link to this | view in chronology ]
"Confidence tricksters" got that name because their schemes asked people to trust them. To me, this ES&S employee was insisting that we had to trust ES&S, but he was being very defensive about it. While it's dangerous to try to guess emotion from a forum post, I wonder if that wording was a sign of fear.
"Pay no attention to the man behind the curtain, you idiots!"
[ link to this | view in chronology ]
I just LOVE EVoting
[ link to this | view in chronology ]
Voting Machines - Open Code
When public funds are used to buy products, the companies selling the products should have no right to insist that their products are "protected".
[ link to this | view in chronology ]
Re: Voting Machines - Open Code
[ link to this | view in chronology ]
Hardware -- and pencil/paper
But what if it doesn't? What if the hardware executing the code has a bug? What if that bug is deliberate? What if that bug is designed so that it only activates when the current time-of-day is (let's say) between 8 AM and 8 PM on an election day (whose dates are known very far in advance)? Or what if the bug only activates if candidates for party A are more than .5% ahead but no more than .75% ahead of party B? (I trust it's obvious why such a range is desirable.) Or what if...
The point being that it's not necessary to gain physical access to the machines and swap hardware. It can placed there well in advance and left there, because prior and subsequent testing of the unit probably won't reveal the problem. Sufficiently-crafty thinking can reduce the probability of detection while increasing the probability that the bug will have an impact on a closely-contested election. (Those that are outside that range aren't as susceptible to manipulation.)
With a $100M+ budget, or more realistically today, a $500M+ budget, all of this is easily possible: it's a realistic threat. So it's got to be defended against, and the vendors to date are not even in the same space-time continuum with this kind of thinking. It Will Not Happen, and they will continue to deny the issues, obfuscate, lie, etc. because of course it's profitable to do so.
As to attacks against pencil/paper systems: these are (a) well-known and well-understood which means that (b) there are any number of equally well-known and well-understood defenses against them which are (c) low-tech and (d) can be carried out by relatively untrained personnel. Moreover (e) carrying out large-scale fraud via attacks on pencil-and-paper systems is (f) difficult (g) unwieldly and (h) necessarily requires a substantial number of people, which increases the probability that someone will screw up, someone will blab, someone will be caught, someone will confess.
It's not that pencil-and-paper system are impervious: they're not. But they are MUCH harder to game, even with a $500M budget, and those trying to do so incur a MUCH higher risk of detection.
[ link to this | view in chronology ]
[ link to this | view in chronology ]