Slashdot Log In
Brave New Ballot
Posted by
samzenpus
on Wed Sep 20, 2006 03:17 PM
from the fraud-is-easy dept.
from the fraud-is-easy dept.
Ben Rothke writes "In an important new book Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting, Avi Rubin writes 'too often in American life, when it comes to divisive issues, the facts can be less important than the weight of public opinion'. That basically sums up Rubin's story in this fascinating story of his frustrations in dealing with government and corporate officials in his quest to show that e-voting was not as secure as it was originally made out to be." Read the rest of Ben's review.
| Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting | |
| author | Aviel Rubin |
| pages | 272 |
| publisher | Morgan Road Books |
| rating | 10 |
| reviewer | Ben Rothke |
| ISBN | 0767922107 |
| summary | Electronic voting systems are being deployed with inadequate levels of trust and security |
Brave New Ballot (BNB) is Rubin's story of how in 2003, he and his graduate students at Johns Hopkins University demonstrated that the Diebold Election Systems electronic voting technology in wide use was full of security problems. It was just in 2002 that Sherron Watkins of Enron was named Time magazine person of the year for her work in uncovering fraud at Enron. It would have been thought that Rubin's work would have immediately won him some sort of patriot of the year award for his work.
While the accolades were indeed many, his team's research was maligned as being that of a homework assignment, and the Administrator for Elections for the state of Maryland (where Rubin lives and works) publicly stated that 'computer scientists (a direct reference to Rubin and his team) who question the security of electronic voting machines are undermining our democracy.' Such a scenario makes up much of the story that the book tells in Rubin's team's efforts to blow the whistle on unsecure e-voting machines.
As to the Administrator for Elections for the state of Maryland and her disdain for computer scientists, she would likely find constituents such as the zombie-like Stepford wives more to her liking. Unfortunately, she ended up with Professor Rubin.
It is not that secure electronic voting is inherently unattainable. Rather, nearly all of the commercial solutions that have shipped to date have not been adequate designed with security in mind. This is due to many factors, some of which are that the makers of these devices do not completely understand the security risks and countermeasures, in addition to public officials who are far too trusting of these commercial e-voting vendors.
The early chapters of the book detail how Rubin's team analyzed the security and cryptography used within extremely sloppy coding of the Diebold Accuvote-TS director recording electronic device. One particularly humorous incident is when the Diebold programmers reference Bruce Schneier's Applied Cryptography in their C++ code for their decision of which algorithm to use of a for pseudorandom number generation. The only problem is that Applied Cryptography states that the specific algorithm they used should specifically not be utilized for random number generation. Rubin comically states about that incident that Diebold should have consulted with Schneier, rather than have their staff misunderstand what they read in his book.
I had a similar frustrating incident when consulting on an e-voting systems some years ago. The lead developer (who obviously was no expert in cryptography) documented that the e-voting system used 120-bit encryption. Upon analysis, we found that the system was using 40-bit encryption. When countered about that, the developer replied that they perform the 40-bit encryption routine three times using the same key, for an effective 120-bit key length. Of course, 40-bit encryption will always be (insecure) 40-bit encryption, no matter how many iterations he put it through; but it is frightening that he did not know that.
After his team presented their report in 2003, Rubin writes in detail how Diebold started a smear campaign against him. Not only was it Diebold, but also election officials in municipalities that had deployed the Accuvote-TS system that also maligned Rubin. This was done primarily by misinterpreting his objections, and also by refusing to pay attention to other independent reports on the insecurity of the devices.
For a more timely and somewhat humorous account of how insecure Diebold really is, see 'Hotel Minibar Key Opens Diebold Voting Machines'.
Being a whistle-blower always takes a toll on a person and Rubin was no different. He work on e-voting consumed him and took a toll on his family, career and his students. The book chronicles how Rubin found himself caught in a crossfire between big business, partisan politics, and overworked election officials. Rubin also found himself between the crosshairs of the ITAA (Information Technology Association of America), powerful vendor-based lobbying group. The ITAA, of which Diebold was a client, attempted to discredit him on many occasions, but their evidence was always weak and reckless, and in the end only served to bolster Rubin's claims against the Diebold systems.
Part of the absurd claims of the ITAA was that the open-source movement is using the issue of e-voting security to wage a 'religious war' that pits open-source software against proprietary software. Rubin could have filed chapters with similar ITAA absurdities, but wisely chose not to.
Similarly, an article I wrote 'E-Voting: It's Security, Stupid' also was the recipient of the wrathful ITAA reply. In their so-called rebuttal mistakenly titled 'E-Voting Does Work', Harris Miller of the ITAA follows his modus operandi of first attacking the person, avoiding the issue, stating vague meaningless comments, and concluding the issue by missing the point.
99% of the voting public does not know about backdoors, insecure code, Trojan Horses, insider threats, and scores of other security issues that the e-voting vendors have yet failed to fully address. The election process as we know it is rapidly being migrated to these electronic voting machines that are replacing the older, but more reliable mechanical systems.
BNB is a timely and important book as it details the very real defects on which these e-voting systems are built on (and Windows is only one of them). The ITAA made claims such that the only vulnerability within e-voting is that of a rogue programmer conspiring to steal public office. Such politicking only serves to confuse the issue for a public that is inherently trustful of these voting machines. Yet if these e-voting machines were built to the same stringencies and regulations that the aviation and pharmaceutical industry faces, they would never make it within a mile of a voting booth.
Brave New Ballot is to e-voting what Rachel Carson's Silent Spring is to the global environmental movement. It is a vitally important book that details the problem of e-voting and what can be done in the future to make certain that it can one day be carried out in a secure manner.
Of course, the image of an embedded crypto key or plaintext password in an e-voting system does not convey the same impact on the public as that of a thalidomide baby. Pictures of thalidomide babies caused heads to roll at the FDA, and one should hope the that the publication of Brave New Ballot will awaken the public from their slumber on the topic of electronic voting, and encourage the Election Assistance Commission to immediately ban electronic voting until it can be secured.
Deforest Soaries, the first Chairman of the United States Election Assistance Commission sums it up best when he states 'If the integrity of our sacred right of voting is less important than partisan politics, corporate interests, or bureaucratic systems, then shame on us for presenting ourselves as the global standard bearers of democracy. As Brave New Ballot shows, there is a lot of shame going around.
You can purchase Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Related Stories
[+]
IT: Hotel Minibar Key Opens Diebold Voting Machines 341 comments
Billosaur writes, "As if Diebold doesn't have enough to worry about! On the Freedom To Tinker blog, Ed Felten, one of the co-authors of the recent report 'Security Analysis of the Diebold AccuVote-TS Voting Machine', reveals an even more bizarre finding related to the initial report. It turns out that you can gain access to an AccuVote-TS machine using a hotel minibar key. In fact, the key in question is a utilitarian type used to open office furniture, electronic equipment, jukeboxes, and the like. They might as well hand them out like candy."
[+]
Politics: Maryland Governor Wants Paper Ballots 433 comments
supabeast! writes, "Fed up with all the problems in the state's electronic voting system, Maryland Governor Robert Erlich wants the state to scrap the entire system and return to paper ballots. He's threatened to call a special session of the legislature to change the law to allow paper ballots. What makes this particularly interesting is that Erlich is a Republican — the party often maligned for exploiting flaws in electronic systems — and his attempts to clean up Maryland's voting problems are being opposed by Democrats, the party that is usually complaining about electronic voting!"
[+]
Politics: Maryland Fights to Keep E-voting 250 comments
crystalattice writes "Apparently Maryland election officials never have computer problems. That's why they're fighting so hard to keep their Diebold e-voting machines. Washington Post reporter Marc Fisher received nothing but bad attitudes, dodges, and excuses when he attempted to discuss the issue with the state elections administration and Diebold." From the article: "I asked the state's elections administrator, Linda Lamone, whether Maryland wasn't just a bit too quick to adopt electronic voting. Doesn't the computer at your desk ever freeze up on you? 'No,' she replied. Never? 'No.' But surely people in your office have had that experience? 'No.' (Maybe we've found the solution to Maryland's voting problem: Everybody head on down to Linda Lamone's office, where the machines work 100 percent of the time.)"
[+]
Interviews: Ask a "Star" of HBO's Voting Machine Documentary 342 comments
Herbert H. Thompson, PhD ("Hugh" to his friends), is one of the people featured in the HBO documentary, Hacking Democracy, that Diebold tried to keep from airing. Hugh is a long-time Slashdot reader who called me to volunteer for this interview — on his own, not through anyone's PR department. Here's a YouTube excerpt from a CNN Lou Dobbs show with Hugh in it. (Find more articles by and about Hugh here. And perhaps check this brand-new MSNBC story about e-voting, too.) Hugh suggests that you give him "your wildest questions about what went on behind the scenes and how safe the e-voting systems actually are." Let's take him up on that challenge, hopefully while following Slashdot interview rules. Note to Diebold and other voting machine companies: We welcome comments and questions from you, same as we welcome them from everyone else. If you feel you are being vilified unfairly by Slashdot readers, please respond and set the record straight.
[+]
Politics: Federal Panel [not NIST] Rejects Paper Trail For E-Voting 191 comments
emil10001 writes "The National Institute of Standards and Technology (NIST) has rejected a proposal suggesting that electronic voting have a paper trail. The draft recommendation was developed by NIST scientists, who called out electronic voting machines as being 'impossible' to secure." From the article: "Committee member Brit Williams, who opposed the measure, said, 'You are talking about basically a reinstallation of the entire voting system hardware.' The proposal failed to obtain the 8 of 15 votes needed to pass. Five states — Delaware, Georgia, Louisiana, Maryland and South Carolina — use machines without a paper record exclusively. Eleven states and the District either use them in some jurisdictions or allow voters to chose whether to use them or some other voting system." So ... accountability in voting will be a joke for the foreseeable future because it costs too much?
Update: 12/11 03:20 GMT by KD : Correction: It was not NIST that rejected NIST's recommendations, it was a federal panel chartered by Congress, the Technical Guidelines Development Committee.
Update: 12/11 03:20 GMT by KD : Correction: It was not NIST that rejected NIST's recommendations, it was a federal panel chartered by Congress, the Technical Guidelines Development Committee.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
public opinion is more important (Score:4, Insightful)
Harris Miller is not a good representative (Score:2)
(http://www.informationr.us/ | Last Journal: Monday November 05, @09:38AM)
Similarly, an article I wrote 'E-Voting: It's Security, Stupid' also was the recipient of the wrathful ITAA reply. In their so-called rebuttal mistakenly titled 'E-Voting Does Work', Harris Miller of the ITAA follows his modus operandi of first attacking the person, avoiding the issue, stating vague meaningless comments, and concluding the issue by missing the point.
Yep, that's exactly been my experience with the ITAA- they're not so much interested in facts as truthiness.
CS Supports Al Queda (Score:5, Insightful)
And don't forget support al Queda.
What an ass. Don't question the government. They know what's best for you.
Excessive Complexity for a Simple Solution (Score:5, Insightful)
1. Each electronic vote is recorded onto a paper log.
2. The voter keeps a paper receipt.
3. A challenge by any candidate results in a recount of the paper log.
4. A voter who doubts the accurate registering of her vote can go to the appropriate government office to check her vote against the paper log.
Why do we need a 272-page book to elaborate further?
What perplexes me even more is why some state governments actually allowed e-voting without a paper trail?
Re:Excessive Complexity for a Simple Solution (Score:5, Insightful)
(http://www.ceyah.org/~jandrese/ | Last Journal: Thursday September 13, @11:11AM)
A much better idea is to have it print out a short slip with your choices clearly printed on there. You then drop that slip in a box on the way out and if there is any question as to the accuracy of the machines the pollworkers just have to crack open the box and go through all of the recipts. After the voting is complete and the elections are done, a few random counties should have their boxes double checked as well, just to verify that nothing is screwey with any of the electronic tabluation equipment.
Can we PLEASE (Score:3, Insightful)
The general public does not know about the shit that goes on behind closed doors. They need to be told!
"Age of Electronic voting? (Score:5, Insightful)
(Last Journal: Sunday October 22 2006, @10:27PM)
Of course, I wouldn't be satisfied by anything but publishing the voters' choices. Not by name -- give them an anonymous unique voter ID so that they look at the database, they can say "ah, they got mine right".
Re:"Age of Electronic voting? (Score:4, Insightful)
And then, as you leave the polling place, a big guy mugs you, copies down your 'anonymous' voter ID along with your name (or just steals the voter ID and your ID), and delivers it to his boss. Hope you voted for the person they wanted you to... or else! In other words, you've just opened up the voting public to bullying.
The real solution to e-voting can be found at the Open Voting Consortium [openvotingconsortium.org].
Undetectable Fraud Undermines Democracy! (Score:5, Insightful)
(http://www.lazylightning.org/)
Our democracy has existed for 230 years. Electronic voting do little to nothing to expand democracy. What they do expand is the possibilities for hard to detect fraud -- something which *does* undermine our democracy.
Government and corporate officials (Score:4, Insightful)
People complain about the voting machine (Score:1, Insightful)
Shakin' in my boots... (Score:1)
That may be the scariest thing I've ever heard.
What book review? (Score:1)
My /. journal entry on this subject (Score:1)
(http://slashdot.org/~davidwr/journal/ | Last Journal: Friday November 09, @09:19PM)
--
Ballot ideas 9/6/06
Goal:
1) voting by handicapped voters with minimal assistance
2) voter-verified audit trail
3) cost-reduced versions available where needed
4) quick count available to the press within minutes
Read the rest... [slashdot.org] and give your feedback.
Not as secure as it was originally made out to be (Score:4, Insightful)
(http://cafepress.com/phototravel?pid=5934485)
Paper ballots? How quaint!.. The Floridian "poor", you see, were disproportionatly confused by them — much easier to have them use computers, which even a retired librarian, overseing the voting station on election day, will be able fix and to spot any and all possible tampering with...
Mexico and Thailand (Score:1, Informative)
No, you get what happened in Mexico, where the paper trail is not checked.
Mexico, the ballots report at random, it is clear the encumbant is losing, at about 75%, a funny thing happens, ballots start coming in with huge swings to the encumbant and the challengers vote switched to a third party. The vote swings.
The election authority says its counted 98.5% of the vote but has only counted 92.5%.
The challenger says '3 million votes are missing', the election authority ridicules this, then later 'finds' 2.5 million of the missing votes. Finally they refuse to manually publicly count the votes. Instead they count only a few with totals different from the tally sheet, but if you make up the numbers its a lot easier to get those numbers to match than if you're counting the ballots, and the interesting boxes are not examined.
http://www.gregpalast.com/we-dont-need-no-stinkin
Even if you get the ballot checked, look at Thailand.
Thaksin is unpopular in Bangkok, the army takes command, drives tanks into the government, TV and into the Kings palace. The popular king is no longer seen, the army is told they are following the kings orders, and the coup plotters pretend to speak for the king. If you believe the polls they are putting out, 85% of Thais like the coup, they think the king is controlling it. But if 85% of Thais wanted Thaksin out, then the vote was next month, they could vote him out. Where is the King?
Meanwhile the men with the big tanks claim this is a popular coup and election will follow next year. But election were due next month. Due you think they will allow a government critical of the army actions? No way, dictators can never leave power for fear of arrest. So Thailand will sink into a military dictatorship for years to come.
Democracy is a constant fight, it doesn't stop at the ballot.
Democrats pressed for e-voting ... (Score:1, Insightful)
Every step since then to press for e-voting was initiated, fought for, and demagogued by Democrats.
When paper ballots were left behind at their urging, displacing rhetoric about "disenfranchisement" and the "intent of the voter", the Democrats did a 180 and made their pet e-voting the culprit, invented balderdash hokum about Diebold and spun it all as a conspiracy by Bush.
The fact is, the system *worked* in 2000, we had a secure transition of power, we kept local officials and particularly local/state jurists from disrupting a federal Presidential election, and
Private Voting, Public Counting (Score:5, Informative)
(http://zappini.blogspot.com/)
Someone in this thread is going to state that HAVA 2002 mandates the use of electronic voting machines (aka "DRE" or direct recording electronic). That is false, as thoroughly explained in Voters Unite's Myth Breakers [votersunite.org] document.
Someone in this thread will make some statement about how electronic voting devices permit the disabled to vote in private. That's not exactly true. To the best of my knowledge, the existing products do not preserve the secret ballot. Nor are they particularly accessible. Meanwhile, there are solutions which do preserve the secret ballot and are accessible to disabled voters. Such as ES&S's AutoMark, the Vote-PAD, and EqualiVote. (There are some other novel systems, too. I just haven't researched them yet.)
Someone in this thread is going to state that electronic voting is just splendid, and we can make it work, if we just try harder next time. Fine. Show me. Then let's talk. Meanwhile, all current systems suck.
Someone in this thread is going to suggest that we have all paper ballots counted manually. Like Canada. Or Germany. It's not a bad idea. But it wouldn't work in the USA with our current constraints and expectations. To contrast, in Canada, the races are very simple and so the tabulation is feasible. In Germany, they have proportional representation and rely on their superior form of exit polls. Meaning their system is very tolerant of errors. And they have legions of civil servants working weeks to get the exact manual tally. Whereas here in the USA, politicians and news networks demand results now, now, now!
Someone in this thread may suggest it's all about the Republicans. Or the Democrats. It hasn't proven that simple. I believe it's a fight between the people in power, who want to stay in power, and us voters. I'm a pretty progressive guy. But I readily acknowledge the bad guys (with respect to election integrity) here in King County Washington are in the Democratic leadership. (My experience is that the rank and file of both major parties are completely on board with election integrity.)
Someone in this thread may also suggest that we eliminate the need for electronic voting at poll sites by transistioning to forced mail voting (100% vote by mail). Like Oregon State has done and where most of Washington State is heading. It's terribly idea. No more secret ballot. No more public vote count. Higher error rate. Huge more expensive. Long-term decline in voter turnout. It's a big topic. We've been researching it for about 9 months and have only scratched the surface. We discuss
Someone in this thread will also exhort the necessity of using a voter verified paper audit trail. They may even encourage others to support Rush Holt's HR 550. Unfortunately, the VVPAT is a placebo. What guarantees what's recorded is what's printed? Nothing. And experiences to date demonstrate that actually auditing the VVPAT is infeasible (1h 15m per ballot cast). That said, the efforts of VerifiedVoting.org and other are not misguided. Many states already have electronic voting machines without the VVPAT. So passing HR 550 would be better than nothing.
The take away point is this:
The most reliable, secure way to vote in the USA today is to use voter-correctable precinct-based optical scanners. That means paper ballots at poll sites fed into a ballot scanner.
Please support Voter Action [voteraction.org]. They have successfully prevented the use and procurement of electronic voting machines in a few states already. They are expanding the fight as fast as they can
FDA & Thalidomide (Score:4, Informative)
(http://www.saccade.com/ | Last Journal: Friday December 24 2004, @10:45PM)
Actually, thalidomide [wikipedia.org] was one of the FDA's great successes...the drug was never approved in the US; most of the birth defects happened in Europe. It's one of the reason the FDA's drug approval process is so slow relative to other countries.
Thalidomide an the FDA (Score:1)
It's worth noting that the FDA, and in particular, Frances Kathleen Oldham actually DID THEIR JOB, and did NOT approve thalidomide for sale in the U.S. I remember my mom mentioning this. Being born in 1961, that could have been me flapping around. Not to worry, that level of safeguard is probably not in place today with the drug compaines responsible for doing all of their own trials.
Proof that e-voting doesn't work. (Score:1)
The public doesn't get it.... (Score:3, Interesting)
Of course, this will mean jail time for the perps, but I have two things to say about that. 1) Some would consider that a small price to pay for preserving democracy. 2) You might be able to get a light sentence if you mailed, before the election, some letters (saying "Do not open until after the election" on them) to several news agencies declaring that you are going to rig the election in order to expose the dangers to our democracy.
A book about e-voting? (Score:1)
(http://googtube.blogspot.com/)
We have even more problems (Score:2)
How can anyone be so off? (Score:1, Interesting)
The people in government are choosing the machines based on their hackabality.
When the CEO of Dibold tells GWB that he can deliver OHIO, he gets it done.
Why does everyone always pussyfoot around this?
It's going to keep up until some college kids sneak a camera into an active voting booth and film the swap as it's being done by dedicated republicans.
At that point, it will turn out to be a single, horrible terrorist loving republican, no others would do that (Even though the descrepancies showed up across the nation in the last election)
So, this poor kid will be prosecuted as will this One Evil Republican (Much the way only enlisted people were prosecuted in the torture scandle) and it will all go away.
America has been taken over by fundamentalist extremists.
Learn to live with it or do something about it (and voting is NOT doing something).
----
Hell Yeah I'm posting this anynomously!
Another Source of info about E-voting Problems (Score:1)
Another source of info about e-voting problems is BlackBoxVoting.org [blackboxvoting.org]. They have a free pdf book on their webpage. A couple of years ago I skimmed through a few chapters of it. Starting on chapter 9 [blackboxvoting.org] they talk about accidentally finding an unsecured FTP server and downloading 40,000 files, including the sofware for the Diebold voting machines such as BallotStation.exe, GEMS.exe, and VCProgrammer.exe. They discovered that Diebold's secret proprietary software had various unacceptable security problems. It is surprising to see that a company, like Diebold, that makes ATM machines has created such insecure software and hardware. As voters we had just been expected to take the word of Diebold and other voting machine manufacturers that their proprietary software and hardware was secure. In the case of Diebold it came from and ATM manufacturer after all.
I also plan to buy Avi Rubin's new book "Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting" to see what what other new security problems they have found. The change to electronic voting machines has been pushed as a solution to the "hanging chads" [wikipedia.org] problem that Florida had in the 2000 presidential election between G.W. Bush and Al Gore [wikipedia.org]. Unfortunately, electronic voting machines are creating more security problems than they are solving. If we do use voting machines, then we should at least requre that they all generate a paper stub which which the voter gets to briefly view before it is deposited into a box. Only some of the voting machines currently in use do that. That way, election officials could still do a "real" recount.
Academics vs. Engineers (Score:1)
(Last Journal: Monday May 15 2006, @08:00PM)
I have worked on some rather large and complex systems. And I'm fairly certain if you turned some academics loose on said systems, they would find "critical flaws" that they would tout to anyone who would listen.
The thing is ... the systems I've worked on actually work. The "critical flaws" that I'm sure could be found don't actually break the system.
And so far it appears to be the same with the Diebold systems. All these Academics and Slashdotters are outraged about a system that, so far, hasn't failed in the way they predicted.
The fact of the matter is that grant-to-grant academics don't understand engineering, because they've never really had to engineer anything.
Oh, and, just something to savor : if it weren't for all the politicization that has resulted from this business (to which Slashdot contributed a not insignifcant part) some competent gov't contractor might have gotten in the business and blown Diebold out of the water. Of course, now they wouldn't touch it with a ten-foot contracting pole. Enjoy Diebold!
Re:Voter Fraud, it doesn't require Debold! (Score:2)
(http://snarfangel.blogspot.com/)
You forgot Ghouls, Mules, and Pools.
Re:Silent Spring (Score:3, Informative)
Here is what Rachel Carson actually said in her book: Let's look at the Wikipedia article on DDT: [wikipedia.org] So the politician you quoted was completely wrong on several different levels. In her book, Rachel Carson argues for limiting the use of DDT since excessive use can harm people and also make it less effective in fighting malaria.
It turns out that even the pesticide industry agrees with her.
Re:Voter Fraud, it doesn't require Debold! (Score:1)
Mod parent insightful (Score:1)
(http://slashdot.org/~davidwr/journal/ | Last Journal: Friday November 09, @09:19PM)
Voter intimidation and gerrymandering have been with us since the beginning of the Republic. Voter intimidation, at least on a small or individual scale, will probably never end. I do have some hope for the end of politically-motivated district lines, but only if the people rise up and demand it.
What we can do is get rid of large-scale barriers to voting, such as inadequate polling places, registration and registration-challenge rules that can be and are used to manipulate elections, and other barriers. I say if you bring the same documents you need to fill out the "I am a citizen" part of an I-9 form plus recent proof of address to the polls then you are good to vote. Homeless and college students need only prove they have an address of record where they vote. After-the-fact checks can spot people who vote twice using different addresses. The real threat of jail should be enough to deter such acts.