Ohio Investigating Possible Vote Machine Tampering Last Year

MozeeToby writes "The Columbus Dispatch is reporting on a criminal investigation currently being performed in Franklin County Ohio. It seems several voting machines listed a candidate as withdrawn from the race when in fact he wasn't. By the time the investigations tracked down which machines had been affected, the candidate's name was back on the ballot. Normally, we could dismiss this as confusion or a mistake on the part of the voter(s) who noticed it. In this case, the person who first noticed the discrepancy was Ohio Secretary of state Jennifer Brunner. Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the ballot. Naturally, the county board remains skeptical of these accusations."

Skeptical?

These morons can't even program their VCRs and they're skeptical of tampering? I vote at a place where the people running the polls were alive when the results would have been passed using goddamn pony express, and they say the same crap here.

We seriously need to toss this crap in a landfill and go back to paper. Any idiot can figure out a paper system, and the system should have that sort of transparency.

Heh.

Dated myself...Should have said, "Can't even program their DVRs."

The fact remains that people who don't understand the issue have no basis for commenting on it. If there are reports of ballot tampering, and the machines are set up without logging (how is this even fucking possible in a supposedly secure system?), there is no way in hell that any non-technical user should be able to get away with being skeptical...If someone told them the goddamn machines were running Halo 3, they wouldn't have any way of te

Re:Heh.

The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed. Accidents do happen, so you can't say they never would be. We need a better voting system that takes advantage of our new computing technology.

I'm not saying that the current electronic systems are a good idea though.

The primary flaw of the currently available voting machines is that they are all proprietary. This means a company has a commercial interest in hiding flaws, and is more likely to push out a device with flaws (or fight to prevent their discovery), if they convince themselves that fixing the flaws isn't worth it, in view of the profit reduction that would result.

We need a voting machine system which is impartial, and not run as a for profit exercise.

I think the best method would be to set up a consortium of major technology corporations to create the voting machines, and have them run it as a tax break, with rental fee's going to charities, not to the corporations themselves. After all, they have all the smart people working for them, and if profit is not a factor, and no single company has control, the system is less likely to be flawed.

Before anyone starts foaming at the mouth about big companies I say this. They already run your health system, your financial institutions, your currency, transportation systems, and your food supply. It's not such a big leap.
Plus, co-operation is already happening with software technology.

Re:Heh.

The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed.

They aren't? How many man-seconds alone with the ballots does it take to change the result of a paper election by editing the ballots? How many cubic meters of stuff do you need to carry to swap in forged ballots? Now how about electronically stored ballots?

Re:Heh.

They aren't? How many man-seconds alone with the ballots does it take to change the result of a paper election by editing the ballots?

You mean to print ballots that are pre-filled out? I could print about one a second. Not that this matters as I could do it at my leisure.

How many cubic meters of stuff do you need to carry to swap in forged ballots?

If I pre-stuff the box with my pre-printed ballots before the polls even open... Zero. If you swap the ballot box out after the polling and dispose of the original, then you need a replica of the box.

Now how about electronically stored ballots?

Well, since you need physical access to the machines since they are not on the network, this could take a while. Once you get access, how long to upload whatever changes you want to make could take a while. Of course, you also have to make sure to clear all logs of your access and try to make sure that any changes you made are not detected by something as simple as MD5SUM on pre-polling files.

Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic election.

Personally, I feel that an electronic voting machine should print out a serial numbered, easy to read paper ballot that you have to drop into the box before you leave. Now you have the best of both worlds. If the electronic numbers do not match what is in the paper ballot box, investigate. Each serial numbered ballot should have a corresponding electric vote. Now to steal this kind of election, you'd need to stuff the ballot box with votes that are actually in the machines memory. Not impossible to hack, but much more difficult that hacking either a paper or electronic system alone.

Re:

It takes a single well paid experienced hacker a very short time to change A LOT of the ballots. It takes a retard at each polling place or box collection point to initiate each swap. Now, add in the fact that a box of ballots can be sealed with a label with a tamper evident serial number, the changes on electronic seem much more difficult.

Re:

The State of Maryland had a really good system (I think). Each person was handed a paper ballot, and you drew a line next to the person you wanted. The ballot was then scanned by machine. So this provided two benefits:

- it was quick to tally the results because it was done electronically

- but in the case of suspected fraud (like the main article) it was easy to go back and review the ballots. Like a paper receipt at a store provides proof of purchase, the voter ballots provided proof of how each person

Re:Heh.

These P.O.S machines didn't even have logging turned on. Fraud, no fraud, it'd be impossible to tell.

And while it may take an experienced person to write an exploit, it only takes a "retard" to load it.

Monkeying physical ballots can be done, sure. But you need a lot of people to do it. You need the poll workers, you need the ballot printers, you need the ballot box movers...And all this is for a polling place that may only serve a few hundred people. Now multiply that by the millions of voters in a general election. One person can keep a secret. A hundred? A thousand? Never.

I have to agree with the puppy on this one.

This mythical "retard" who is somehow a management/distribution savant?

More correctly stated, any "retard" can stuff a ballot box ... and be caught doing so.

It's like saying that any "retard" can rob a bank but it takes a skilled hacker to electronically loot your accounts. It is just wrong. It is far easier to secure a physical object because people have far more experience with doing just that.

Archer seems to be postulating a perfect scenario for electronic voting. Just read TFA and the others like it.

Re:

If they were Diebold machines, all of that is under 10 seconds. You can swap out the memory card without breaking the seals. Wireless networking is often enabled, so you can just sit in the parking lot. (Why in the name of all that is holy do these things have *wireless* capability?) Logging is done using a MS Access database. (Read 'editable without trace'.) Two sets of totals are kept: One for spot checks and one for the final total. They are never compared. If you have a swipe card with the mast

Re:

All very true, so one wonders how you got so thoughtlessly modded down to -1. Apparently Thomas Swidarski must have some extra mod points!

Re:Heh.

Ever been to a polling place where they didn't check to see if you were a registered voter? When that polling place has a record of serving 5000 registered voters and no ballots to show for it, that is a pretty clear indication of fraud, don't you think?

Pardon the pun, but paper ballots leave a huge paper trail. They're physical objects; they exist, and therefore it is much harder to make them disappear than it is an ephemeral digital record.

Re:

Lost ballots are easy to track; just number them. If you can't find them, you know there is fraud.

Paper is cheap, paper is reliable. Paper doesn't require a ton of training or big fancy machines. Paper doesn't require we put our trust in anyone.

The problem with the technical systems is that they're complex, far far far more complex than they need to be. The more complex you make them, the more likely you are to have bugs, the more likely you are to have fraud, and the less likely you are to have someone who

Bullshit.

The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed.

No. You do not understand "security". It is possible to have a representative from each candidate WATCH the ballot box to make sure that it is not "lost".

Even if someone is watching the computer, there is no way for them to tell if ballots are being "lost" or changed.

We need a better voting system that takes advantage of our new computing technology.

Why? What's wrong with pen and paper?

Counting

Re:

Please explain how a distributed pen and paper system breaks as the number of voters increases.

Please post as something other than AC to make me feel I should answer your question.

Please explain how a distributed pen and paper system breaks as the number of voters increases.
While you're at it, explain why you'll respond to someone who posts under a pseudonym with no real connection to his identity but won't respond to someone who posts as AC.

Re:Heh.

We need a better voting system that takes advantage of our new computing technology.

I have a pretty good idea where you'd begin.

• Two stations that must conform to a set standard and may not be built by the same vendor in any polling place.
• First station casts the vote, second station allows you to verify it. Both count the votes independently and report back independently to separate counting systems built again by separate vendors.
• The voting station must generate a unique symmetric key that must be registered upstream to the backend counting system, but may not be recorded on the vote token. That backend must then make it available to any other counting system that asks. Appropriate cryptographic protection must be used to ensure no unauthorized system can ask.
• The checking station must then request that key to decrypt the vote for verification purposes.
• If the vote verification shows that the vote was incorrect, the user cancels the vote and, upon returning to the voting station, revotes. The cancellation is propagated back to the voting station by the transportation of the vote token as a negative vote.
• After voting, you retain your voting token, and can connect it to a USB port (or a flash card reader, perhaps) and run a program that queries the vote counting system. Because the encrypted vote is still present, the servers can each independently verify whether the vote was, in fact cast. This path should not allow access to the key needed to decrypt the vote, however, thus preventing people from using this as a way to sell votes.

Of course, the security would still depend on the standards being defined by a group of people familiar enough with crypto to come up with a robust and reasonably secure standard for doing all this, but at least by requiring independent verification, this significantly reduces the likelihood of vendors being bought off successfully without getting caught, and by allowing vote counts to be verified independently after the fact against all of the counting servers, this significantly reduces the ways in which blocks of votes can get "lost" by corrupt election officials.

Re:Heh.

Dated myself

You shouldn't do that, it makes God cry.

Re:Heh.

Uh..."Satanicpuppy"

Just sayin...

Never leave a paper trail

Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot. Because we all know what a vastly time-consuming task turning on logging during setup must be.

You can't make this stuff up...

Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot [SIC].

Unbelievable. It's like they're trying to make the machines as unreliable and untrustworthy as possible. I know that the problem of properly implementing electronic voting machines is not a simple one by any means, but this is just plain ridiculous.

Re:You can't make this stuff up...

It's better than when Diebold leaked the election results. http://www.theonion.com/content/video/diebold_accidentally_leaks [theonion.com]

Re:

Ahhh...that was priceless. Thank you. ^_^

Re:

I know that the problem of properly implementing electronic voting machines is not a simple one by any means, but this is just plain ridiculous.

See... that's just the thing. I don't think it would be terribly difficult. I've been writing software for about 6-7 years now, and I don't think that there should be a huge issue coming up with standardized, secure voting machines that leave some form of detailed logging or trail of votes.

I think the main roadblock to it isn't technology or money or lack of decent workers, the real problem is outlined here. Politicians have a knack, whether intentionally or not, for getting into this kind of thing an

Re:

I've been writing software for 30 years, I can assure you there's no way to make totally secure software. The sooner we realize this, the sooner we'll move on to a real solution. It's almost like the media companies thinking DRM couldn't be hacked.

We need to get over uninformed thinking, and move to a VERIFIABLE system. Whether it's paper or plastic or silicon, all votes must be made public (with individual privacy protected by code numbers or some similar mechanism). With the voting results in full vie

Re:

If you can prove to yourself that you voted for candidate X, you can prove to someone else that you voted for candidate X. This leads to things just a vote buying, and coercion of voters. The vote is supposed to be anonymous. And it should be impossible to link back a vote to who cast it.

Re:

Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot [SIC].

Unbelievable. It's like they're trying to make the machines as unreliable and untrustworthy as possible.

The reports don't make it clear if this was Board policy or if this was simply one rogue employee who turned off the audit logs.

Re:

but this is just plain ridiculous

And hopefully criminally negligent. I'd like to see more people go to jail for these mistakes, intentional or otherwise.

Re:You can't make this stuff up...

...problem of properly implementing electronic voting machines...

There is no proper implementation for an electronic voting machine.

There can be proper vote printing machines.
There can be proper vote tabulating machines.

But the same device can never do both properly.
The votes must be inspectable by humans between these steps.
EOT.

Re:

"There can be proper vote printing machines.
There can be proper vote tabulating machines.

But the same device can never do both properly.
The votes must be inspectable by humans between these steps."

This is exactly right. To elaborate, vote printing machines are good, because they can validate input, warn voters when there may be an error (e.g. filling out a ballot but skipping the top race, which is usually not the voter's intent), can provide multi-lingual ballots, and can provide spoken prompts to assist t

Re:

That's the problem with computers, they're too good at counting. A suspicious human observer can't count along, and a computer with nefarious programming can slip one by you without noticing.

Bad Summary

The problem isn't really that the candidate got screwed -- he actually did resign form the race, but he missed the deadline after which the ballots were supposed to be finalized.

A pretty minor mistake (if you ask me), but the big deal is that all the machines are supposed to have exactly the same ballot. And they didn't. That's bad.

Re:

BZZZZZT. Try again.

Perez withdrew one day after Franklin County had finalized its ballots. He had hoped to avoid playing spoiler in fellow Democrat Patsy Thomas' race to retain her appointment to the Franklin County Municipal Court.
Instead, Perez's name remained on the ballots -- or allegedly, most ballots -- and Republican David Tyack won.

Re:

Huh? Isn't that what the GP said? That the candidate withdrew, but too late.

Re:

I don't think so. The GP was saying "no harm, no foul". Indeed there was - this potentially changed the outcome of the election.

Re:

No, the GP had it pretty much right. To recap, had things been done properly, Perez would have been listed as a running candidate on all machines, which might have cost the other Democrat candidate some votes. However in places he was listed as withdrawn, which in principle should help the running Democrat, who lost despite the error, not because of it. Had the Republican lost, you might wonder if Perez being listed as withdrawn despite missing the deadline had changed the results of the vote.

Elections need auditability

Skeptical? Sure... they should be. But shouldn't they be able to answer a question like this definitively one way or the other?

Elections need to be auditable.

Related story

If you're not yet completely convinced that the electronic voting currently being rolled out is a craptastic idea, here's a little story [zdnet.com] on how a simple malformed URL can get the online voting registration page in Pennsylvania to yield other voters' registration files on demand.

Ohio

I hate my state. On election night of the last election we almost immediately found a district near me where they had registered more voted for Bush than existed in the whole county. Gotta love when they're obvious.

Re:

Sounds like bullshit to me. Unless, of course, you can provide some sort of reference.

A secured voting system?

Maybe I'm wrong (please feel free to correct me if I am), but is it not possible to create some kind of secured voting system based on methods of cryptographic techniques that would allow the following properies of a voting system...

a. Your vote can be cast without anybody else knowing who you voted for.
b. At any point in time after you cast your vote, you can verfiy that your
        vote is counted with the candidate you voted for.
c. The government can "verify" that you voted.
d. You can vote over the internet.
e. Only one vote per citizen.
f. Any cheating is immediately detected.
g. others where needed and appropriate.

I'm wondering if some kind of one time pads could be generated by all parties involved, combined togther with public key cryptography, that would allow such a system.

It boggles the mind that more effort and resources are put into making sure the government gets their tax returns than whether the voting system works or not.

Why should I vote again?

Re:A secured voting system?

Any system where a person can verify their vote after it has been cast is open to a very real kind of attack:

"Vote for #{my_candidate} or you are fired. Signed, your boss"
Or, husband, wife, mother, creepy guy standing outside the polling place, etc.

Re:A secured voting system?

I'm wondering if some kind of one time pads could be generated by all parties involved, combined togther with public key cryptography, that would allow such a system.

Don't throw pseudo-cryptographic nonsense into it. The problem is a human one; it cannot be solved purely by technology.

You have a task that gathers data from many sources, and needs to verify the identity of those sources. Many people and groups will try to attack, corrupt or undermine that data. Furthermore, any verification in place to detect and prevent such attacks can also be considered vulnerable, but ALSO gets saddled with a deadline as laws in many states prevent recounts after a brief timespan.

The "attacks" could be purely technological -- (subvert the software), all the way to social (have poll workers set up certain locations in a way that delays people who are waiting to vote in areas that tend to be against your candidate).

People speak of the importance of a paper trail, but that merely diverts the point of vulnerability. How do we detect that a recount is needed in the first place? Who is doing the recount? How do we know it is any better than the first count?

Re:A secured voting system?

This is exactly right. All voting technologies, paper or electronic, will have vulnerabilities. The way to solve this problem is to have enough redundancy in the system that makes it very difficult for all mechanisms to fail, or be corrupted, simultaneously and similarly. We have learned this lesson from building fault-tolerant computer systems, and need to apply it here, too. We also need to include the human element in the fault-tolerant design, as people are also subject to failure and corruption.

For example, you could make a system that has simultaneous redundant and different technologies, such as both electronic and paper trails. Then each of these subsystems could have their information flows be split at the source and channeled through completely different paths to different counters. There could be multiple sets of people with different political allegiances doing redundant counting. With this kind of system failures would be discovered, and could be tracked back to their sources. This kind of redundancy would cost more, but it could be done pretty straightforwardly if it is really what people wanted.

The main problem of course and it is the big one, is that it is not clear that the authorities actually WANT the system to be incorruptible. There are a huge number of power plays that go on in government, and the bigger the election, the more power is involved. There is so much back-room bargaining, lobbying, and cronyism, both within government and between government and big business, that the people in power don't really want transparency and fault-tolerance because it would interfere with their power. Fair voting only helps the little people, not the people who are already in power, and the system can only be changed by the people in power.

Re:

'Secured' depends on your point of view. Some of the things you bring up are somewhat mutually exclusive. The cryptography involved isn't the problem, and assuming the systems use a real cryptoghaphy algorithm, its rarely the problem. Generally its implementation details not directly unrelated to the cryptography algorithms involved that cause the problems. For instance, the diebold photo on their website which showed a master key, in which someone was able to copy and open a diebold box. Atleast I thi

Ohio Voting machines are officially a crime scene

Ohio Voting machines are now officially a crime scene [freepress.org].

Or ARs technica [arstechnica.com]

Summary is very wrong

Did the submitter or editor even bother to read the article. The controversy is that the candidate *did* withdraw, but his name was left on some ballots. for those who can't click:

Perez withdrew one day after Franklin County had finalized its ballots. He had hoped to avoid playing spoiler in fellow Democrat Patsy Thomas' race to retain her appointment to the Franklin County Municipal Court. Instead, Perez's name remained on the ballots -- or allegedly, most ballots -- and Republican David Tyack won.

Basically, same way Perot caused Bush #1 to lose in '92.

Re:Damn

Make sure you bring me your receipt showing you voted for my uncle Tony or else your thumbs and you will be spending some time apart.

At least he HAD a grandson...

The other participant "The grandson of Al Capone" never actually existed, and the only person who could have fathered said mythical grandson was Capone's only kid: Albert Francis Capone. That poor kid later changed his name to "Brown" and his entire criminal record consists of one arrest for misdemeanor shoplifting.

The election guy sounds like a complete moron.

Re:

An adder is generally either used by a single user who wants accurate results or by a group of users who all want the same accurate results. Further, adders are generally designed as general-purpose components that will be used in hundreds of different applications - making one that output 3 for 1 + 1 would simply be a poor business decision when it was noticed rather than an effective attack against some specific application.

In contrast, voting machines are specific-purpose devices that are *always* used

Re:

That wasn't very nice - A voting machine is just an adder. The only trick is that it must add perfectly, be tamper-proof, and make sure that nobody is able to contribute more than once.

Wait... That does sound kinda tough...