[ale] OT--- The voting issues

Jeff Hubbs hbbs at attbi.com
Tue Nov 5 23:26:00 EST 2002 

On Tue, 2002-11-05 at 22:36, H. Bieber wrote:

> I talked to a tech from Diebold about the software. They know that since it is Windoze it is unsecure, and unstable. The security (if you want to call it that) is that 
(A)It is hard to get your hands on one of the voting cards with the encoder. (B)Even if you did get one and get it encoded, you would have to break into the kernel with 
it by somehow rebooting the machine or making the machine read a program that it is not looking to read, with all that if you got in finally and registered 1000000 votes 
for Joe Schmoe (L) when the close out procedures are performed (which is before transmitting results) the poll manager would see it, and that machine would be pulled and 
audited by Diebold. and (C)You would have to be at the machine for a long time. We were averaging 4-8 minutes per voter. 

When presented with rhetoric like this, my intuition looks for
opportunities to subvert the system that aren't covered by the rhetoric.

Let's suppose for argument's sake that the cards and the OS are on the
up-and-up and there are no bugs skewing the voting records.  In other
words, let's restrict ourselves to the app itself.  Suppose that I have
access to the production voting machine code; hell, let's suppose that
I'm on the team that wrote it.  I've managed to put in some code that
registers off-mark screen touches as Democrat votes (substitute
Republican, Libertarian, write-ins for George P. Burdell, first guy on
the list, whatever), even though the display will show the vote I select
when I finally touch the screen in the correct place.  Now, plenty of
people are going to touch the screen in supposedly "null" areas, so
there's an opportunity there to skew the voting *by people's own hand*
even though they'll never know it and no one else is likely to either.  

> 
> I am not saying this is a perfect system, it is ALOT better and more accurate then what we had. There will be improvements and changes made, this is the first election 
with these machines. Don't be so hell bent on the speed, look for better accuracy. It could be alot faster if we only had one choice to make.. ie The Iraqi Election.. 
> President   Sadam or (if you check or you will be executed) 

I don't care for speed as much as I care for transparency.  I don't want
examination of the voting machine process to only be reasonably
accomplished within the domain of the sharpest computer techs; I want my
elderly but very mechanically-inclined uncle in North Carolina to be
able to see if the machine is honest and difficult to subvert in secret.

And I don't need to be able to identify people's votes for that to
happen, necessarily.  I'd be far more satisfied than I am now if I could
prove to myself that the machines actually report votes as cast, all the
time.

You know what I'd really like to see?  I'd like to see a team of really
sharp people be locked into a room with an end-to-end instance of the
touch-screen voting process, all ready to run, and with NO DOCUMENTATION
except at the component level, reverse-engineer the entire thing and
figure out how it worked.  I'd like for them to invent ways to cheat the
system and demonstrate them.

- Jeff


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list