|
|
Log in / Subscribe / Register

Serious Error in Diebold Voting Software Caused Lost Ballots in California County (Wired)

[Posted December 9, 2008 by corbet]

This Wired article is about Diebold's proprietary vote-counting software, but it is an interesting example of how added visibility into a system can help to find fatal bugs. "Parke Bostrom, one of the Transparency Project volunteers, wrote in a blog post about the issue, 'This means the audit log is not truly a 'log' in the classical computer program sense, but is rather a 're-imagining' of what GEMS would like the audit log to be, based on whatever information GEMS happens to remember at the end of the vote counting process.'" Worth a read. (Via Felten).
to post comments

Serious Error in Diebold Voting Software Caused Lost Ballots in California County (Wired)

Posted Dec 9, 2008 21:44 UTC (Tue) by proski (guest, #104) [Link]

Intel was ridiculed for a division error in one of its processors. If Diebold engineers worked for Intel, their CPUs would have problems adding integers!

Serious Error in Diebold Voting Software Caused Lost Ballots in California County (Wired)

Posted Dec 9, 2008 22:32 UTC (Tue) by flewellyn (subscriber, #5047) [Link] (5 responses)

Wow. That bug is...astounding. I don't have access to the source, naturally, but I can't imagine how any sane, competent programmer could design a system that would simply lose data like that. Not to mention the "log" not being a real log. Exactly what kind of quality control does Diebold/Premier have in place for this?

Serious Error in Diebold Voting Software Caused Lost Ballots in California County (Wired)

Posted Dec 9, 2008 23:31 UTC (Tue) by leoc (guest, #39773) [Link] (2 responses)

Another scary thing is that Diebold makes the ATM machines for my bank.

Serious Error in Diebold Voting Software Caused Lost Ballots in California County (Wired)

Posted Dec 9, 2008 23:49 UTC (Tue) by nix (subscriber, #2304) [Link] (1 responses)

Oh, I'm sure they take a *lot* more care over ATMs. The certification
regimes for those things have serious teeth. (Also, money is at stake, so
they could be sued and lose substantial sums. Messing up democracy? Not
important.)

Serious Error in Diebold Voting Software Caused Lost Ballots in California County (Wired)

Posted Dec 12, 2008 23:38 UTC (Fri) by giraffedata (guest, #1954) [Link]

The possibility of a bug in an ATM is not scary at all, and not because they try harder in making ATMs. An ATM is just one part of a large network of consistency checks, and no matter how badly an ATM screws up, it cannot create or destroy money. Imagine that an ATM accidentally deleted all record of a $50 check having been scanned in. Subsequent steps in the process would find an account out of balance by $50 and that could be traced back to the uncounted check, which still physically exists. Not to mention that the depositor and drawer of the check, if they care to do any accounting, would notice.

These cross-checks are far more valuable than a log produced by the very system under scrutiny or any amount of engineering and testing effort.

Apparently, such checks don't exist in some vote counting, maybe because the governments and the people who fund them don't think it's important enough.

In this case, it was something very similar to the banking system that caught the error, because in this particular county there is a separate count of ballots done by a separate entity and that count didn't match Diebold's.

Serious Error in Diebold Voting Software Caused Lost Ballots in California County (Wired)

Posted Dec 10, 2008 5:44 UTC (Wed) by janpla (guest, #11093) [Link] (1 responses)

I am above imagining that this is not bad QA, but something they have carefully designed that way. The aim being to deceive, but make it look at if they were just idiots - it is after all better to be seen as an idiot than as a prison inmate.

Hanlon's Razor NOTwithstanding

Posted Dec 10, 2008 8:07 UTC (Wed) by AnswerGuy (guest, #1256) [Link]

The principle of Hanlon's razor would normally caution us away from casting such aspersions.

However the pervasive and persistent evidence of Diebold's behavior makes it foolish to follow Hanlon's principle in this case. Repeated, egregious displays of incompetence over long periods of time in matters that were recognized as critically important from the outset cannot be reasonably be excused as "non-malicious."

If I had my way every public official who had ever endorsed the purchase of any of the products would be subjected to the most excruciating scrutiny that our investigative agents could employ. Every time I see a news story about these voting machine it as uniformly demonstrated that the security measures are wholly, woefully inadequate.

Naturally I expect that those investigations would lead back to officials at Diebold. Even if, my some miracle, there were no improprieties in the the evaluation, selection and purchase of these units by various governmments to be discovered, it's clearly an incredible malfeasance to have done so. According to every media account I've read, these products simply do NOT work as intended. They are unfit for marketability. All of them should be destroyed as dangerous to any functional democracy and there should be the mother of all class actions suits with many state and county governments named as the plaintiffs.

More importantly there is NO REASON for us to use machines for counting ballots. It is one human activity that requires the most unassailable transparency and can be handle with embarassing simplicity with simple participation.

Ballots should be tallied at each precinct, and collected along a visible hierarchy right up to the top. All of the precinct volunteers would see and tally each vote ... and any interested parties could observe this. The totals can be checked, double checked, cross checked and reconcile right then and there. Those totals are posted to all present who can then check how they were recorded at the next stage up the tree. The arithmetic is trivial --- simple addition all the way across the board.

Counting them locally eliminates one of the major opportunities for tampering. (The most effective after-voting tampering technique in the U.S. system is to see to it that a number of ballots simply disappear in transit between the polling place and the precinct collection centers. This simply, blindly, depends on knowing the demographics and assuming that the ballots will match. You throw away votes of all sorts but have a very good chance of throwing away more of those against your patron than he's losing).

(Yes, there's also quite a bit of deliberate disenfranchisement to discourage voting in those "undesirable" precincts as well; no voting machine, ballot technology or counting process can solve those issues).

Our voting system is a disgrace. A friend once lamented that we should call for international observers to audit United States elections! Sadly I think he was right.

I fail...

Posted Dec 10, 2008 10:30 UTC (Wed) by eduperez (guest, #11232) [Link] (3 responses)

I fail to understand why a vote counting machine can be so hard to do right.

I fail...

Posted Dec 10, 2008 20:07 UTC (Wed) by AnswerGuy (guest, #1256) [Link] (1 responses)

You are merely failing to ask the right question. The question is not "How hard is it to design and build a robust, tamper-resistant device which can correctly tally voting results with credible auditing/logging features?"

If that were the question then we could evaluate this as an engineering problem.

In the case of these voting systems their real question is: "how much can we get away with?" And our question should be: "what are we going to do about the gross negligence, dereliction of duty, malfeasance and other corruption that has allowed any of these devices to enter service into our elections?"

I fail...

Posted Dec 11, 2008 6:21 UTC (Thu) by drag (guest, #31333) [Link]

> "what are we going to do about the gross negligence, dereliction of duty, malfeasance and other corruption that has allowed any of these devices to enter service into our elections?"

About the only thing you can do is fire the people working at the local election offices in your precinct and hope the next ones are better at choosing secure hardware.

Those are the ones that choose what voting machines get used, if any get used at all. Not at the state level or federal level, but at the local level. Although there is a shitty ton worth of regulation and certification requirements that come from state and federal levels.

--------------------------------

Keep in mind that nowadays the vast majority of ballots are taken care of by scanning in paper ballots. The type of DRE that you see shown in pictures and in newspapers and such are not that common.

For example NewYork news folk like to get sample DRE machines to take photos of and write articles about even though they are not used anywhere in their city, or in fact the entire state. People like to read about stuff like that, I guess.

Often the only electronic voting machines being used are reserved for people with special needs. There are very strict rules about privacy and anonymous voting... so if a person comes in that is blind, or otherwise disabled (say they are a quadriplegic) then it's not like they really will be able to fill out the ballots by hand unassisted. So most places that have paper ballots will have at least one or two electronic voting machines that those disabled people can use unassisted... using paddles or sip-n-puff devices or audio-only ballots.

--------------------------------

Another thing to keep in mind is that after the disaster in Florida with those hole-punch-style paper ballots there was a crapload of money dumped into trying to modernize the voting infrastructure in the USA.

With the 2002 Help America Voting Act (HAVA) a huge amount of money was made available and most larger computer makers tried to get in the act of making voting equipment to try to get a piece of the pie. People like Sun Microsystems, Dell, HP, etc etc.

I don't know the details about that sort of thing since corporations are rarely going to release detailed information about their failures, but the level of regulation and certification required for voting equipment meant those sort of players dropped out as it was to unprofitable for them to pursue. Sure they would be willing to put up with that for military and whatnot, but not for voting equipment.

So that should give a idea of why people like Premier (aka Diabold) are still in business. They are entrenched companies that are isolated from competitive forces by massive government regulation. The barrier for entry into the market is much too high for anybody else to consider playing so the same companies make the same fuck-ups and nothing really happens except more and more regulation.

I fail...

Posted Dec 11, 2008 16:40 UTC (Thu) by felixfix (subscriber, #242) [Link]

Because it's the public teat being milked.

There's this pervasive social problem that when people deal with other people's things, they take less care than when they deal with their own. Ever had a friend help with a remodel or work on your car or computer? Like as not, they simply didn't take as much care as they would have on their own project.

It works that way in business to some extent, but businesses have contracts and make money by doing well, so it's not quite as bad, most of the time. Some people try to cut corners, most will only do what (they think) the contract requires, but most take it pretty seriously.

Then you come to government. Everyone is disgusted by government because it is a monopoly and can't make everybody happy. Taxpayers can't switch city governments except at the polls; you can't get pissed at your Dell government and sell it on e-Bay and buy a Lenovo version to replace it, unless you are a hot shot in Chicago. Governments may find it tricky to raise taxes, but since they can't go out of business, they don't have the same consequences; they just do shoddier work and the customers have no choice.

Now mix a boondoggle like the mandated voting machine implementation with government bureaucrats who have many things to supervise other than technical aspects of voting machines, and you have a recipe ripe for abuse. Every scumbag comes out of the woods to rip off the government. Look at Haliburton in Iraq, or any number of defense contractors -- armies and navies are infamous for their shoddy supplies and overcharging. People have made careers writing about that. If they can't get the basic bullets and beans right, why should anyone expect voting machines tobe any different?

Whether or not Diebold's slop is intentional or not is an interesting question -- the owner is famous for having told the Republicans he would guarantee the election for them, but anyone who would foist shoddy products on governments isn't beyond foisting shoddy promises on other people with money to waste.

Too harsh: Voting happens so rarely no sane testing is possible

Posted Dec 18, 2008 16:57 UTC (Thu) by forthy (guest, #1525) [Link]

You are all too harsh with Diebolds/Premier. How often do you vote? Once every two years. How often do you use an ATM? Several times a week? All bugs of frequently used software get found and can be removed. Voting machines are not frequently used. Often, they are outdated after a few years.

The way Diebolds programs this stuff certainly is worse than imagined. A log that is really generated to match the results, not what actually happend. This is obviously cheating; I hope there are criminal charges against such a thing ;-). But the main point remains: This bug has been found because real paper ballots have been used and to some small extend accounting methods (double-check if your count is right). My recommendation: Use accounting methods thorroughly and systematically (accounting methods are checks and double-checks; all the math you need are sums and differences of natural numbers), treat the vote as a document (can be created if authorized, may not be destroyed) and avoid special-purpose election machines, because those never will be tested long enough.


Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds