Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Salon)   Update on the "uncertified" last-minute software patch installations on electronic vote systems in 39 Ohio counties   (salon.com) divider line 333
    More: Followup  
•       •       •

8295 clicks; posted to Politics » on 05 Nov 2012 at 10:05 PM (2 years ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



333 Comments   (+0 »)
   

Archived thread

First | « | 1 | 2 | 3 | 4 | 5 | 6 | 7 | » | Last | Show all
 
2012-11-06 03:00:03 AM  

cmdwedge: I have literally no idea how Americans are not screaming bloody murder about this sort of thing. A day out from the election, in a swing state, and unknown 'software patches' are being applied? What the hell?

Our most recent election here in the Australian Capital Territory (like the District of Columbia, essentially) uses both paper and electronic software. The electronic side is OPEN SOURCE so anyone can view the code and make sure it's fair and square.

HOW ARE YOU PEOPLE PUTTING UP WITH THIS?!?


Imagine half of your coworkers decide that they will implode the company if all business decisions are not based solely on their favorite non-fiction, "Sleeping Beauty". Now imagine you can't remove them or fire them.
 
2012-11-06 03:01:45 AM  

Gyrfalcon: It's because none of this shiat is either smart or funny.

Except me, I am dazzlingly brilliant and hysterically funny. But I have to go play video games now and kill shiat so I don't kill anyone for real tomorrow.


Well, I do have you farkied as such, fwiw.

i46.tinypic.com
 
2012-11-06 03:41:12 AM  
Sigh... Wouldn't it be nice if people could play by the rules? If people could run for office, lose or win, and have it not be related to shady bullshiat in any way? Then we could use the electronic machines, and the only concerns would be bugs in the software, which would be pretty basic, since it is just counting.

If people weren't greedy, lying assholes, we could have true real time election results, but since we can't trust anybody, these farking things need to all be turned into portable video poker games.
 
2012-11-06 04:00:16 AM  
A lawsuit being pursued by attorney Clifford Arneback seeks to answer questions about this and other ballot problems. [For example, in Franklin County Mr. Bush received 4,258 votes in a precinct where only 638 voters cast ballots.]


http://www.cbsnews.com/2100-500690_162-4684431.html


How can there be nothing but shenanigans? There needs to be a simple process going on here: no machines, just pencil and paper. If third world countries can do it like that (and have all the votes counted that night) then so can we.

Democracy is being stolen right from under folks' noses and hardly anyone notices, does anything about it or even acts like they give a shiat.
 
2012-11-06 04:05:31 AM  

elffster: Democracy is being stolen right from under folks' noses and hardly anyone notices, does anything about it or even acts like they give a shiat.


That, or it's the whole, you know "stand down citizen, you are interfering with government business" thing followed by the tazing, beating and unlawful arrest. See, things are not quite what it says on the packing slip around here, lately. : /
 
2012-11-06 04:16:43 AM  

bunner: elffster: Democracy is being stolen right from under folks' noses and hardly anyone notices, does anything about it or even acts like they give a shiat.

That, or it's the whole, you know "stand down citizen, you are interfering with government business" thing followed by the tazing, beating and unlawful arrest. See, things are not quite what it says on the packing slip around here, lately. : /


Somehow I get the feeling that elfster hasn't figured out that it's to late.
 
2012-11-06 06:15:14 AM  
I say this as a democrat:

If you're going to steal votes, you're not going to it this way because it will leave a paper trail. If the code is fixed, then you've left evidence of the crime after the fact.

Fraud will happen with things like absentee ballots in counties with large GOP win percentages so nothing will seem irregular.

But seriously, what the GOP is mostlikely to do is not steal votes but make it as hard as possible for Democrats to vote because that can be done without breaking the law and risking jail
 
2012-11-06 06:54:58 AM  
In Bizzaro America the machines would be quarantined and not used at the polls. Then a full forensic investigation would be conducted on the suspect machines and the "patch" to determine if any laws were broken. Finally, any perpetrators would be prosecuted to the fullest extent of the law (election crime carry very stiff penalties).

Too bad we don't live in Bizzaro America.
 
2012-11-06 06:58:50 AM  

Parmenius: Ohio voter here. In our county, we use touch-screen voting machines but there is a paper receipt generated when you cast your vote. The machine keeps the paper, each "page" showing through a little window. You have to approve or reject each page. Of course, we have to trust that the page is kept intact as printed, and TFA does point out that many ballots in 2004 were illegally destroyed before a review was possible.

I think it should go to all-paper, but I'd wager that polling places in Democratic districts would mysteriously run short on ballots and be unable to serve everyone before being ordered to close in the evening. It's not exactly unprecedented.


They actually have on-demand ballot printers now. There's really not a good excuse for this any more.
 
2012-11-06 06:59:53 AM  

snuff3r: You guys really need to fix this shiat. This crap has been going on for decades now in some form or another. Paper ballots are the only way to ensure a fair election. They're easy, they can be reconciled and confirmed and you can have someone oversee the whole process very easily.

I can't believe a country like the US allows any form of free market system be involved in one of the most instrumental components of government.


But if the government did it, it would be like socialisms.
 
2012-11-06 07:06:03 AM  

vinniethepoo: FTFA it sounds as though the patch is a pretty innocuous one, but without its source code being available for review, who can say? This is an excellent example of why all electronic voting and vote-tabulating software should by law be open-source.

Maybe someone in the F/OSS community will start a project to develop such software. I think it would be easier to convince government to use it if it was already available for testing than if it was still just vaporware.


The question is why the hell are they doing this the way they're doing it? They want to convert XML to CVS, and decided the correct solution was to install it on the vote tabulator? That's the kind of thing you install on the county clerk's reporting server. The data's already going there anyways. Or you just do it farking manually in Excel because it takes two seconds and there can only be so many counties in Ohio.
 
2012-11-06 07:48:08 AM  
lefteyeonthemedia.files.wordpress.com

jimmyakin.com

Problem solved
 
2012-11-06 07:51:07 AM  
Off the top of my head, here are some rules for electronic voting machines:
1) Each machine must output vote data at least to a paper record. Electronic storage of vote totals is optional, but obviously a desirable feature.

2) Hardware configurations must be frozen 2 years in advance of an election. Sample hardware must be available for public review during that time, including a small number of pieces that may be used for destructive testing by qualified security researchers (they can take it apart and potentially break it). This applies to the entire toolchain- the voting machines, the tabulators, etc.. Flaws identified must be reviewed through a risk management process, and if changes are recommended, they must be publicly administered in a controlled and reviewable fashion.

3) Software configurations must be frozen 1 year in advance of an election. Virtual machines and emulators must be available to the public for download, in a format that would allow any citizen to load and run an entire simulated election on their own hardware. Any flaws identified in the system must be reviewed through a risk management process, and if changes are recommended, they must be publicly administered in a controlled and reviewable fashion.

4) Voting systems must be installed and available for review in their production deployment for at least a week before voting begins. This allows the public to confirm that the hardware and software configurations used match what was verified in steps 2 & 3. At this point, no changes are permitted to the configuration, other than to bring it in line with the approved software/hardware versions.

All risk mitigation plans should favor business process changes over software/hardware changes. One week before the election, only business process mitigation is allowed. If a show-stopping vulnerability is identified less than one week before the election, or a bug is identified that cannot be mitigated and re-tested confidently before the one-week window arrives, a manual voting process, from recording to tabulation, must be used
 
2012-11-06 07:59:05 AM  
Nuke Ohio from orbit now, it's the only way to be sure.
 
2012-11-06 08:02:04 AM  

Ivo Shandor: Well, programs in that contest are supposed to look like random noise. The core of a vote-counting application would look more like this, where you can easily follow the logic flow and be confident that it is doing what it is supposed to do:

#include <stdio.h>
#include <string.h>

typedef enum { democratic, republican, libertarian, other, PARTY_MAX } party;

unsigned int votes[PARTY_MAX]; // counts the votes received for each party

extern int shutdown = 0; // signals that all votes have been processed
party get_next_vote();
void print_report();

int main()
{
  memset(votes, 0, sizeof(votes)); // Make sure all counts start at 0

  while(! shutdown)
  {
    party v = get_next_vote();

    if(v = democratic)
      votes[democratic]++;
    else if (v = republican)
      votes[republican]++;
  votes[republican]++;
    else if (v = libertarian)
      votes[libertarian]++;
    else if (v = other)
      votes[other]++;
  }

  print_report();

  return 0;
}


Here, I fixed your code.
 
2012-11-06 08:03:18 AM  

Mitt Romneys Tax Return: Hollie Maea: Ivo Shandor: MFK: you have to actually sign your ballot? I thought they were supposed to be secret ballots?

I don't know how those ballots work, but when I vote for my local credit union's board of directors it goes like this:
- Mark choices on ballot
- Put ballot into generic envelope #1
- Put that envelope into slightly larger envelope #2 which has my account number (or something) on it
- Put envelope #2 into the mail

In theory at least, when the envelope is received they first verify (from envelope #2) that I am eligible to vote and then put sealed envelope #1 into an anonymous pile to be opened and counted in the next phase.

That is exactly how they do the voting here in Oregon.

Yep, got my vote in for the Pres a couple of weeks ago. Sure is nice living in a civilized state that wants their citizens to vote instead of a state that does everything in its power to make it more difficult.


What makes you think you really voted?
 
2012-11-06 08:04:31 AM  

t3knomanser: Off the top of my head, here are some rules for electronic voting machines:


The more complex the system, the more ways it can be exploited. Voting should be as simple a process as possible.

1. Show up
2. Demonstrate that you reside in the state
3. Vote on a paper ballot
4. Dip your finger in ink to ensure you don't vote at a second time
5. Votes are tallied by two independent teams
6. Statistically significant variance in tallies triggers an investigation
7. Mandatory life imprisonment for election fraud convictions
 
2012-11-06 08:10:40 AM  

Monkeyhouse Zendo: 1. Show up
2. Demonstrate that you reside in the state
3. Vote on a paper ballot
4. Dip your finger in ink to ensure you don't vote at a second time
5. Votes are tallied by two independent teams
6. Statistically significant variance in tallies triggers an investigation
7. Mandatory life imprisonment for election fraud convictions


I don't disagree (okay, I do disagree with 7), but I understand the advantages of electronic voting machines. They're not going away, even if a paper ballot system is potentially more secure.
 
2012-11-06 08:12:32 AM  
I'd bet a week's salary that Hamilton County is one of the 39 getting the "patch" that isn't a patch.
 
2012-11-06 08:21:38 AM  

t3knomanser: Monkeyhouse Zendo: 1. Show up
2. Demonstrate that you reside in the state
3. Vote on a paper ballot
4. Dip your finger in ink to ensure you don't vote at a second time
5. Votes are tallied by two independent teams
6. Statistically significant variance in tallies triggers an investigation
7. Mandatory life imprisonment for election fraud convictions

I don't disagree (okay, I do disagree with 7), but I understand the advantages of electronic voting machines. They're not going away, even if a paper ballot system is potentially more secure.


I work in the software industry and I suspect that you do as well. Based on what I've seen in the last fifteen years, there is no way I'd trust voting machines unless their code was open source, certified by independent agencies, the build process certified and the binaries cryptographically signed. Even then I would still prefer paper ballots.

I used to think that good PKI and process would allow for secure electronic / online voting but the stakes are far too high to trust a process that isn't absolutely transparent and verifiable by non-experts.

Regarding 7, I consider election tampering as an attempt to subvert the people and on a par with treason. I'm generally not a fan of mandatory sentencing but in this case I'm open to an exception.
 
2012-11-06 08:22:38 AM  

Monkeyhouse Zendo: t3knomanser: Off the top of my head, here are some rules for electronic voting machines:

The more complex the system, the more ways it can be exploited. Voting should be as simple a process as possible.

1. Show up
2. Demonstrate that you reside in the state
3. Vote on a paper ballot
4. Dip your finger in ink to ensure you don't vote at a second time
5. Votes are tallied by two independent teams
6. Statistically significant variance in tallies triggers an investigation
7. Mandatory life imprisonment for election fraud convictions


I'd prefer that #7 be the death penalty, as long as this country has one.
 
2012-11-06 08:25:16 AM  

wooden_badger: I'd prefer that #7 be the death penalty, as long as this country has one.


The death penalty comes with an infinite regression of appeals. Just put them in a cell and let them rot. It's cheaper.
 
2012-11-06 08:40:26 AM  
All they did was add something to export data as a CSV file, and there is this much hate?

t3knomanser: All risk mitigation plans should favor business process changes over software/hardware changes. One week before the election, only business process mitigation is allowed. If a show-stopping vulnerability is identified less than one week before the election, or a bug is identified that cannot be mitigated and re-tested confidently before the one-week window arrives, a manual voting process, from recording to tabulation, must be used


Manual processes aren't exactly fool proof either, remember Florida a few years back?
 
2012-11-06 08:49:40 AM  

Lt_Ryan: All they did was add something to export data as a CSV file, and there is this much hate?


How do you know that? How do you know that it doesn't carry a purposefully malicious payload? Or undocumented vulnerabilities? You don't release code into production on such a short timeline, especially for a sensitive deployment.

Lt_Ryan: Manual processes aren't exactly fool proof either, remember Florida a few years back?


The failure modes for manual processes are better understood than a block of code that no one outside of a small development team has ever tested.

Monkeyhouse Zendo: Based on what I've seen in the last fifteen years, there is no way I'd trust voting machines unless their code was open source, certified by independent agencies, the build process certified and the binaries cryptographically signed. Even then I would still prefer paper ballots.


The OpenVotingConsortium has a really good solution, here. It's open source. Voters use a touch-screen, and then the machine prints a ballot with their vote selections written on one side, and a bar-code on the other. They fold the paper to conceal the human-readable ballot. They can either put it in the ballot box, or scan the bar code at a verifier station which will confirm that the bar code represents the votes recorded on the sheet.

Counting is done with bar code readers. Recounts can be done manually.
 
2012-11-06 09:42:14 AM  

wooden_badger: Mitt Romneys Tax Return: Hollie Maea: Ivo Shandor: MFK: you have to actually sign your ballot? I thought they were supposed to be secret ballots?

I don't know how those ballots work, but when I vote for my local credit union's board of directors it goes like this:
- Mark choices on ballot
- Put ballot into generic envelope #1
- Put that envelope into slightly larger envelope #2 which has my account number (or something) on it
- Put envelope #2 into the mail

In theory at least, when the envelope is received they first verify (from envelope #2) that I am eligible to vote and then put sealed envelope #1 into an anonymous pile to be opened and counted in the next phase.

That is exactly how they do the voting here in Oregon.

Yep, got my vote in for the Pres a couple of weeks ago. Sure is nice living in a civilized state that wants their citizens to vote instead of a state that does everything in its power to make it more difficult.

What makes you think you really voted?


If you don't want to mail your ballot you can take it to a dropsite. I left mine in a drop box at the county building.

Beyond that, it's no different than voting anywhere else - you have to trust the people counting the votes. As we don't have a legislature and secretary of state that are trying to disenfranchise people and suppress turnout, I'm reasonably confident my vote will be counted.
 
2012-11-06 10:47:19 AM  

digistil:
Imagine half of your coworkers decide that they will implode the company if all business decisions are not based solely on their favorite non-fiction, "Sleeping Beauty".
Now imagine you can't remove them or fire them.

-=-
I totally get that. +1

------------
I bet if I ask you all what you would do if tomorrows news was chock full of hard evidence of the GOP doing numerous things that illegally made Romney President and a sweep of GOP throughout Congress..., and he, Congress, the Supreme Court all said "too bad, it's done"?
Would your answer be "Get out your pitchforks and raid the White house"? Sure, most likely your answer would be that.

But the reality is that there are too many of us (myself too I'm afraid) who would be afraid to act, afraid to upset our fragile hold of a stable life and their families lives, to actually hang it all up to be a patriot like those countrymen of the colonies who kicked the British's ass. And then there are the lazy, who say "Let someone else do it" even when they have a clear advantage to help (tied to the previous fact). And lastly we have the rich, who are benefiting financially by keeping things as they are, who's patriotism has been sold a long time ago. 

And THEY know that too.
 
2012-11-06 10:47:20 AM  

Generation_D: I am normally in the "never attribute to conspiracy what can be attributed to incompetency" mode, but in this case:

1) There have been voter frauds on the local level in various states in the past 10 years. Every single time, the Republican was the beneficiary of the oddity or anomaly.

2) In Ohio in 2012 there are laws that say to never patch voting machines within certain days of an election.

3) The secretary of state circumvented those laws

4) In order to apply what has been described as a benign patch, that none the less there was not a simple rational PR statement made about, until days later, and after the story changed once.

Motive and opportunity appear to be present. Somebody should be getting a judge to sign off on subpoena of whatever they can.

I'm still questioning why elections do not have a built-in paper trail. As boasted about earlier, Washington State flirted briefly with the Diebold method in 2000, before howling citizen protest from all sides brought transparency following the close and contested 2004 governors' election.

Key difference: Here, the Republican was the one that was the aggrieved party.

So thats what it probably takes -- a Republican being cheated (or having the appearances of being cheated) ... then watch as these roadblocks to transparency in the process come flying down.


Kathy Nickolaus still has a job. That's the real problem, your suggested method requires democrats holding state and local offices, and since apparently moderates only vote for president and liberals don't vote at all the local and state offices are all held by Republicans.

This is also why congress is so obstructionist and why it will get worse in 2014.
 
2012-11-06 11:11:51 AM  

Because People in power are Stupid: Here, I fixed your code.


Now it has a syntax error and won't compile. That's better, I guess?
 
2012-11-06 12:29:12 PM  
BARNEY'S PROCTOLOGIST
jimmyakin.com
 
2012-11-06 02:06:05 PM  
TRO denied
 
2012-11-06 03:01:44 PM  
.. by a judge appointed by George W.. after hearing testimony from the former master of computer security at the NSA.. that it was suspicious.

http://freepress.org/departments/display/19/2012/4786

/ too lazy to embed
 
2012-11-06 07:39:24 PM  

Skirl Hutsenreiter: Parmenius: Ohio voter here. In our county, we use touch-screen voting machines but there is a paper receipt generated when you cast your vote. The machine keeps the paper, each "page" showing through a little window. You have to approve or reject each page. Of course, we have to trust that the page is kept intact as printed, and TFA does point out that many ballots in 2004 were illegally destroyed before a review was possible.

I think it should go to all-paper, but I'd wager that polling places in Democratic districts would mysteriously run short on ballots and be unable to serve everyone before being ordered to close in the evening. It's not exactly unprecedented.

They actually have on-demand ballot printers now. There's really not a good excuse for this any more.


Yeah... about that.

Clinton Township precinct runs out of ballots before 8 a.m.
 
2012-11-07 11:00:38 AM  

poot_rootbeer: Because People in power are Stupid: Here, I fixed your code.

Now it has a syntax error and won't compile. That's better, I guess?


Oh please, your compiler requires tabs?
 
Displayed 33 of 333 comments

First | « | 1 | 2 | 3 | 4 | 5 | 6 | 7 | » | Last | Show all



This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter






In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report