Avi Rubin/NIST 1, Diebold 0
By kowalski Comments (9) / Email this page » / Leave a comment »
"I think I got it right," said Aviel Rubin, a Johns Hopkins University computer scientist who has long questioned the security and reliability of some electronic voting systems.
Another shoe has dropped in the rancorous foot-stomping debate about the reliability and security of paperless electronic voting machines, and this time it's from another authoritative, hopefully nonpartisan source -- not a moonbat interest group with an axe to grind or a well-meaning but possibly overzealous (but waaaaaay qualified) academic raising an alarm about something that might occur with the approximate frequency of an atom of lead transmuting spontaneously into one of gold.
Today the Washington Post is highlighting a National Institute of Standards and Technology report on electronic voting machines and it seems that yes, indeed -- we are all in for yet another round of soul-searching, crow-eating, fingerpointing and, of course, money appropriating.
Read on . . .
Paperless electronic voting machines used throughout the Washington region and much of the country "cannot be made secure," according to draft recommendations issued this week by a federal agency that advises the U.S. Election Assistance Commission.
The assessment by the National Institute of Standards and Technology, one of the government's premier research centers, is the most sweeping condemnation of such voting systems by a federal agency.
I have not yet read the NIST assessment, examined its methodology or precise conclusions and recommendations. Nor do I want at this point to engage the NIST in a needless and counterproductive round of jeering at a federal agency. My Godfather is a researcher there, and I can assure you that he's neither a "partisan gunslinger" nor the sort of man who jumps to intellectually unjustifiable conclusions at the behest of "partisan gunslingers". He's a first-class scientist. As a result, I think it's going to be very difficult for any election official in this country to dismiss the NIST's recommendations out of hand. And now, let the finger-pointing and butt-covering begin.
[Update: I am looking for the NIST analysis as I write this. If anyone has a copy of it, please let me know.]
For the record, when I voted recently in Massachusetts, I marked my large, 11x17" ballot with an ink pen and fed it into an optical scanner which worked perfectly. The process was painless. It may be the better part of wisdom at this point for elections officials to settle on a less-technologically-ambitious, simpler and less expensive way of tabulating votes, just to put this problem to bed. Unfortunately we've already spent quite a bit of money. Government in action!
I await Diebold's response in Round II, and of course I welcome contrary opinions and other sanguinary observations.
While I haven't yet seen the NIST assessment I'm afraid I can't get all excited about it. I'll worry about the sanctity of stand alone i.e non-networked, Diebold machines after we get serious about:
- blatant voter fraud
- adamant refusal to require for any form of ID to vote
- illegal aliens, dead people and felons voting
- people with multiple registrations in one or more voting distict or even state
- registration and voting by mail
- Motor voter
- election day registration
To fret over the remote, remote possibility that these machines can be tampered with, and tampered with in sufficient number to change the outcome, without detection, all the while ignoring the very real problems of outright fraud, seems to me to be the height of "conspiracy theorism."
John
--------
Ethnic humor is part of human nature. The Dutch tell Belgian jokes. The Belgians tell French jokes. The French tell English jokes. The English tell Irish jokes. The Irish tell Irish jokes.
But voting machines ought to be able to do what (electronic, computerized) cash registers do - have a paper record as backup.
Tampering is a concern, but software or hardware failure is a bigger concern. If there's a paper record you know your vote won't disappear into the ether.
In my home state (Colorado) you register to vote when you get your ID. I don't think the DMV is the only place to register, but it's a good way to tie the two together and let the air out of the argument that it's an infringement on one's right to vote.
I don't buy the "illegal alien voting" argument, but the dead do vote.
I don't think there should be any law against released felons voting. They are citizens when they're out. But as long as there are such laws then they need to be uniformly and fairly enforced.
Lets assume for the moment that some nefarious person or persons "hacks" one or more voting machines to "twiddle" the vote. So, they have figured out how to hack these machines to take every third vote for X and secretly record it internally as a vote for Y but they are not going to be able to figure out how to have the paper record reflect that also? Or are we going to have the voters review not only the electronic display but the paper record as well before they leave the voting booth? And if we allow the voter physical access to the paper record then we can hardly believe that it too is secure.
Hardware or software failure? The paper trail is a mechanical device and inherently more prone to failure than the electronic voting machine itself. One should never back up a system with something less reliable than the system it backs up.
Motor voter is, in my humble opinion, one of the dumbest, fraud prone ideas in the history of elections.
Illegals do vote in every election. How many? No one knows obviously 'cause they don't announce themselves but one is one too many.
Felons voting? In many states they are not allowed to vote and the law should be repealed or enforced.
Dead people? A fine old core Democratic Party voter constituency whose rights to vote don't end at the grave.
John
--------
Ethnic humor is part of human nature. The Dutch tell Belgian jokes. The Belgians tell French jokes. The French tell English jokes. The English tell Irish jokes. The Irish tell Irish jokes.
Voter tampering on these machines would likely be done in aggregate after the time of voting during tabulation. Unless someone was to replace the voting machine code with their own, it is most likely you could give a vote a reciept of who they actually voted for. The biggest risks are not with the actual voting machines, but the systems that tabulate and report the results.
A stand alone voting machine can be made quite secure. Once you start transferring the voting data to multiple machines for tabulation is where you are introducing the biggest security and reliability problems.
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. - Douglas Adams
I have to admit I don't know what motor voter is.
I hope your belief about illegals voting has some documented basis. I can suppose that ilegals vote, but it would be foolish to act on that supposition without evidence. Someone must know something...
Back to my main point... I made the cash register reference for a reason. It can and ought to work just like that - enter your votes - get a receipt - have the same info reported on the machine tape. No one needs to access the machine for that. And when I spoke of mechanical (hardware) failure before, I envision that the record of votes cast up to that point would be on the machine tape. Those votes would be preserved and could be counted by hand - the old fashioned way. Cash register technology is pretty well established, much more so than any of the software solutions anyone is offering today.
Could the machine be hacked? Depends on how secure the network is. I for one agree with you that it's farfetched. If they did, they would have to know how to make the voter's receipt say one thing and recorded result say another.
You want to be very, very careful about issuing "receipts". Part of the reason for the secret ballot is so that your employer or the local thugs or whoever can't insist on you producing a receipt to keep your job or unbroken head. I believe the report has recommended inked ballot + optical scanner (as kowalski described!), which seems to me just as complicated as it needs to be.
As soon as it was made public that the system relies on Access databases, many security experts started questioning it, and for good reason.
This is an excellent little peice that basically says everything you need to know. Heck you don't even need an expert for this stuff. Anyone with the ability to log into this website and post has enough skill to rig a local election, should they be a volunteer and have access to the software.
On top of security concerns, there are also reliability concerns. I touched on them yesterday. For me, using MS Access on networked Windows computers as your election backbone sends up lots of red flags. I can't see how they managed to get these machines approved in the first place.
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. - Douglas Adams
We've seen electoral fraud in this country with paper ballots. Adding paper to an electronic ballot won't save it from that.
--
It is much more important to kill bad bills than to pass good ones. -- Calvin Coolidge
Just don't bother telling this to Team Jennings (FL-13).
-------------
"I don't know." -- Helen Thomas, when asked by White House spokesman Scott McClellan, "Are we at war, Helen?"