Thursday, November 09, 2006

City of Ottawa voting machines unhackable?

The recent voting machine controversies/disasters in the US (and Quebec) have, finally, woken Canadians up to the potential problems from the use of electronic vote counting machines.

The response from government and thought leaders is, as far as I can tell "don't worry, can't happen here, completely different, hey, look, is that a pony?"

a computer is a computer is a computer
Go take a computer science course and learn about Mr. Turing, if you don't understand that. Any computer can be hacked. You can change the software, you can alter the firmware, you can compromise the hardware. Plus which, you can't tell through external inspection whether a machine has been altered. Which means you need a perfect chain of custody for the machine, 24x7x365.

Now of course, auditing every single machine down to the assembly code level, and securing them in an e-voting machine Fort Knox for the thousands of days when they're NOT being used, just to ensure that they work for about 12 hours on one day, would be enormously, prohibitively expensive. This would also be the actual cost of voting machines.

But that would interfere with the bulls--t about voting machines being modern and efficient and cost-saving. So no one actually does it. At best, some machines are sort of checked by someone, and we sort of trust the people who are handling them on election day, and then they go to some warehouse somewhere and we forget about them.

With that in mind, read the incorrectly cheerful Ottawa Citizen editorial comment City of Ottawa Technology gets my vote, November 6, 2006, page A14 (not available online)

David Reevely, The Ottawa Citizen

Sometimes the old ways are the best, and that's never been truer about anything than it is about voting.

Tick a paper ballot, drop it in a box, wait for it to be counted. Simple. It's worked for as long as we've had democracies. Efforts to update it have largely been failures.


Under its old name [Global Election Systems, now part of Diebold], the company made the machines that Ottawa uses to count ballots in municipal elections. Ottawa's elections manager Shane Kennedy, who has overseen civic elections since 1994, is on his third using a tabulator called the Accu-Vote OS.

"We've used the same equipment all that time and it's been entirely successful," Kennedy says.

The machine looks a little like a fax: you slide your ballot in and it gets scanned and counted and spat out again. When the polls close, results are available in minutes, not the hours it used to take to count several hundred thousand pieces of paper. For the candidates, one way or the other, the drinking can begin immediately.

Although they're from the same manufacturer, Ottawa's machines bear none of the weaknesses the American critics point out.

"The hacking relates to touch-screen technology, primarily," Kennedy says in defence of Ottawa's machines. "It's a totally different animal."

None of the weaknesses? NONE OF THE WEAKNESSES? Wrong.
Did I mention that any system running computer code can be hacked?
Maybe not as easily as the crappy Windows touch-screens, but it's still possible.

Quebec's director-general of elections, Marcel Blanchet, examined Diebold's ES 2000, an updated version of the machines Ottawa uses, when he reviewed the province's municipal elections last year. Those elections saw an unprecedented deployment of e-voting machines across Quebec, and an unprecedented number of problems with them.

Things weren't bad enough to nullify any elections, Blanchet concluded, but he still advised that Quebec's cities stop using e-voting machines at least until the province sets standards of accuracy and security.

This is almost certainly overkill, especially for the simple tabulating machines. They need electricity and memory chips and they can jam, which ballot boxes don't, but other than that they're just fancy counting machines -- they don't replace the ballot itself, as touch-screen machines do.

Oh I see, they're just "simple tabulating machines". Sure, they have memory chips, but they're just "fancy counting machines".

What the f--k do you think a computer is?

If they're so simple, why not have humans count the votes? Why do we need simple technology to replace humans? But wait, they're fancy? If they're so complicated, aren't they vulnerable?

Machines have gears and levers and you have to be a mechanical engineer to compromise them, if you can alter their behavior at all. COMPUTERS have code. Any code can be changed.

In Ottawa's elections, the machines sit on tables out in the open, guarded by clerks and scrutineers. Before the machines could be hacked all the overseers would have to go bad together, and if that happened, the technology would be the least of our problems.

Another criticism of Diebold's touch-screen machines is that they don't make a paper trail. The only record that a voter has been in the booth is in the ephemeral form of electrons on a microchip: if somebody did crack open a machine and go to work on it, there'd be no other record to check the machine's results against. In Ottawa, Kennedy's returning officers at each poll keep the ballots in traditional boxes. If every tabulator failed, each ballot could still be counted by hand.

So, they machines are out in the open... during election day. And the other THOUSANDS OF DAYS they are unused? Where are they exactly? Are there clerks and scrutineers and overseers watching them, 24x7x365?

If every tabulator failed?
And how, exactly, are we going to know if the tabulator failed?
Will there be a flashing red light indicating "tabulator now failing to count ballots correctly"?

No. In fact, these "simple machines" betray no evidence of their internal workings.

Their only, ONLY saving merit is that IF YOU CHALLENGED THE COUNT, you could count the paper.

But if counting the paper is the last word in confidence, then


But wait, there's more
CFRA - City Defends Voting System - November 8, 2006

The City of Ottawa insists the electronic voting system for Monday's Municipal Election is safe.

Ottawa's Elections Office has issued a memo to all councillors and candidates after a recent documentary into the electronic tabulation system used in the United States.

The HBO documentary raises the possibility that an election system could be accessed with intent to alter the outcome of the vote tabulation.

The City Clerk says Ottawa's preparations for the municipal election by electronic vote have met the standards imposed by an independent third party auditor in the past and those standards are in place for this year's election.

The clerk adds security standards put in place by the municipal election administration make it impossible to hack into the system to access memory cards.

1. What standards? What auditor? Who decided the auditor was qualified and trustworthy? For this election? What about previous ones?
2. "impossible to hack"? hahah ahahahahahahaaha

I challenge the City of Ottawa to invite teams of actual computer security experts, using actual computer security standards, to openly do a threat-risk assessment on the voting system. I can guarantee it is not "impossible to hack".

Plus which, an auditor is a lot of extra expense, then re-assuring citizens reduces confidence in the elections, gee, this is a lot of hassle and money.

You know what would be cheaper and easier?


I will be writing to both the Ottawa Citizen, CFRA and to my city councilor (before and after the election).

Wednesday, November 08, 2006

close races and recounts

The electronic voting perspective on recounts seems to be
1) they will be easy
2) (perhaps) they happen rarely

But what's important recounts is not how quickly they happen (in fact, "speed" is an odd thing to make paramount in vote counting). What is important is how confident the people are in the result.

Anyone can understand a paper ballot recount, and the routes for challenge are quite limited. This is important, because elections ultimately transfer power from many people, to one. There are over 400 House seats in the US, and about 300 million citizens. That's a huge transfer of power, from hundreds of millions, to hundreds.

The routes of challenge for electronic vote counts are almost limitless.
You could challenge:
1) the manufacturer
2) the programmers
3) the software
4) individual machines
5) the people managing the machines on voting day
6) voters - potential hacking by individual voters
7) chain of custody on the machines or the memory cards

And probably more I haven't though of.
And even worse, many of those challenges are almost impossible to resolve.

This is bad, because close elections requiring recounts actually happen ALL THE TIME.

Tuesday, November 07, 2006

e-voting debacle

Gosh, if only this could have been predicted.
Oh wait, everyone who understands e-voting did predict this.

After warnings that electronic voting could cause trouble in Tuesday's U.S. elections, there are signs of "what now appears to be a growing debacle," the CBC's Henry Champ reports from Washington.

By mid-afternoon, officials in at least three jurisdictions — Denver, Colo., Muncie, Ind., and Davidson County, Tenn. — were asking federal judges for extended voting hours because, they said, voting machines in their areas have not functioned and they cannot handle the numbers of voters at the polls without more time.

Seventy-five precincts in Indiana — considered a bellwether state — failed to open on schedule because machines malfunctioned. In Cleveland, where there were problems with new machines in September's party primaries, things seemed no better.

"Again the same problem," Champ said. "Machines and machine supervisors unable to get the operations underway. Voters piling up in the doorways."

CBC News - Electronic voting shapes up as election debacle - November 7, 2006

comparing voting methods

DailyKos has a story Vote by mail is the answer.

Here's my opinion.

* Internet voting - so many things wrong with this I can't even begin.
* Electronic touchscreen - the absolute worst in-person voting. You have no idea what was recorded for your vote, and neither does anyone else.
* Scanned paper ballot - this is the least-worst electronic option, only because in the event of complaint, the paper could be counted. It still suffers from the other electronic flaws - malicious or accidental error could alter the vote counts. Also if the ballots are stacked one-by-one as they're scanned, you could in theory figure out who voted for whom.

* Vote by mail and Internet voting actually share common flaws:
1) No more secret ballot. Anyone can watch you vote. If they like, they can threaten you until you vote how they want.
2) Weak authentication. Someone got a voting code or ballot and voted. Maybe it was you. Maybe it wasn't.
3) Less connection with the vote gathering, chain-of-custody and counting process. Your votes go somewhere, and are counted by someone. Are they organized? Supervised? You don't get to see, unless you specifically make the effort, and probably you don't get to watch the chain-of-custody, only the final count. Any time chain-of-custody is interrupted, there is potential for fraud - in fact, that's how they tried to steal the paper-ballot, hand-counted Presidential election on Battlestar Galactica.

* Vote using paper secret ballot in public, with hand-count afterwards.
The public secret ballot is actually a remarkably well-tuned voting system.
I can't think of any that is better. No one knows how you vote. Chain of custody is usually right in front of your eyes. Anyone can see the votes counted. A child can understand how the system works.

I have written lots more on this topic previously in this blog.

remember, paper is obsolete

Yet it seems to work when our mighty technology fails.

Programming errors and inexperience dealing with electronic voting machines frustrated poll workers in hundreds of precincts early Tuesday, delaying voters in Indiana, Ohio and Florida and leaving some with little choice but to use paper ballots instead.

In Cleveland, voters rolled their eyes as election workers fumbled with new touchscreen machines that they couldn't get to start properly until about 10 minutes after polls opened.

"We got five machines -- one of them's got to work," said Willette Scullank, a troubleshooter from the Cuyahoga County, Ohio, elections board.

In Indiana's Marion County, about 175 of 914 precincts turned to paper ballots because poll workers didn't know how to run the machines, said Marion County Clerk Doris Ann Sadler. She said it could take most of the day to fix all of the machine-related issues.

CNN - AP - Polling places turn to paper ballots after glitches - November 7, 2006

These places spent thousands of dollars on electronic voting machines, only to end up voting on paper anyway. You know what would be dramatically easier and cheaper?

<- Older Posts - Newer Posts ->

This page is powered by Blogger. Isn't yours?