NYTimes article illustrates dangers of computers

This was in yesterday's "Circuits" section, about a hacker who rigged numerous Kinko's terminals throughout Manhattan. I am using it to illustrate the dangers of the computer as a vehicle for democracy, but the reading is absolutely fascinating, and frightening, because the means used were relatively low-tech:

"Had one target not heard his home computer inexplicably come alive late one night last fall, there is no telling how long Mr. Jiang might have gone on with his scheme..."

"...when computers are the weapons and the victims are far from sight, it is easy to operate quietly and, for a while at least, undetected."

"...There have certainly been farther-reaching cybercrimes, with deeper impact. But experts say the Jiang case is especially disturbing because it illustrates the potential damage that could be wrought by invisible spy tools."

Kinko's Caper: Burglary by Modem

NYfM says: I don't know a lot about computers but I know this: If you can imagine doing something with one, then you can. It's as simple as that.

Computer voting is a gigantic Trojan Horse which will end democracy for good. It's as simple as that.

not so much with computers themselves.

you cannot guarantee security. ever.

All major corporations have been using computers to run their businesses, process critical transactions, and send out pay checks for decades. This whole thread reminds me of Chicken Little.

The problem here is that a criminal got to sit down, use the Kinko's computer, and install software on it. If you do not let criminals use your computer and install software on it, you will be fine.

The only other way they can get access is through an internet connection, and you can prevent this with an anti-virus program, common sense not to open odd email attachments, and some firewall software that stops communication from all but predefined programs.

Microsoft has security flaws Linux/Unix and mainframes do not, but computers still only do what they are programmed to do. Keep people from installing malicious programs on your box and you'll be fine.

The most common security flaws are human errors, where someone peeks over your should, finds your password written down, or tricks you into revealing information by pretending to be from tech support.

which is why we shouldn't be voting on computers. :hi:

I disagree as well. Yes there are dangers inherent in computer based voting, however those dangers are no greater than those faced with any other voting system. Voting systems are only effective because they are closely monitored.

With a code review and oversight from multi-partisan standpoint and open source code review, this is not an issue and in fact can be a great boon to voting integrity.

The current diebold scandal shows directly the problems encountered when using private business to conduct public affairs related business. This should be a completely open-source system with code-review going on by independent AND partisan commissions.

Will anyone seriously argue that a computerized system that has been examined by multiple experts is less prone to abuse than paper-based balloting where the counts are done by whatever schmo who walks in off the street as a volunteer?

I personally don't really care one way or the other, the voting system is so skewed due to the disenfranchising of millions thanks to our insane criminal justice system that i've lost of lot of faith in the system overall and tend to think it should be a law that all citizens fill out a ballot even if they write "mickey mouse" on it.

I just find that knee jerk reactions to scary "technology" are a dangerous thing. Our society has a strange tendency to hear about an isolated example and assume it is the norm. for example: two teenagers listen to marilyn manson and kill a bunch of their classmates in a shooting rampage. Therefore any teenager who listens to marilyn manson must be troubled and potentially a murderer.

One of my favorite examples of this is the "Zimmerman law" zimmerman's daughter was killed by an ex-felon, a guy who was a scrawny little guy who went to prison and became a body-builder and got HUGE as a result. When he got out he killed zimmerman's daughter. Terrible crime. Zimmerman chose to believe that by providing exercise equipment to people in prison that the government effectively allowed his daughter to be killed. So a law was passed which bars prisons from purchasing any exercise equipment or providing fitness instruction to inmates.

There is no way that this isolated example should be used to punish people who are already being punished and to prevent them from bettering themselves physically. Mr. Zimmerman feels better at the expense of thousands of people who are in prison (mostly for non-violent crimes).

I admire Bev Harris for her tenacity but the solution is not to ban electronic voting systems, the solution is to make them work properply and remove as much as possible the potential for abuse.

and I do know SOMETHINGS about computers, I didn't say I know nothing. But thanks anyway for the digression.

BTW, I don't believe Bev Harris wants to ban electronic voting systems, she just wants a manual paper re-count be made available as a back-up in case of any disputed results.

because the scale of fraud is quite different. No other system allows such a small number of people access to so many votes at once.

When you have a company like ES&S, who counts 56% of the votes nationwide, if there is a problem in the program that can affect nearly 100 million votes. That is quite different than having to run from precinct to precinct hiding boxes of ballots in your trunk.

However, I agree with you that getting rid of computers is not needed. A paper trail is needed -- and the newest wrinkle, another electronic system by VoteHere to verify your vote, which relies on giving you a number to look up on the Internet to check your vote, along with cryptology and "trustees," is absolutely unacceptable.

The voting system needs to be transparent, and the voter verified paper ballot helps make it so. We cannot have a system that only computer scientists can vouch for; we need a system we can see, watch, feel. This is not a "run from technology" but simply an insistence on transparency and simplicity.

One more note: We could hire many times as many people to help with manual aspects of the election for the enormous cost of these machines. The touch screens, according to one Diebold rep, are six times as expensive as optical scans, and something few people know is that they come with pricey "service contracts" that make them still costlier. The state of Maryland's recent purchase included $25 million in service contracts.

One last point: When you have a technician come in to solve discrepancies, you break the law -- though everyone is doing it. In almost every state, a sworn election judge is required to make decisions when there are problems with the vote. Yet these machines, and their service contracts, hand that duty over to unsworn, unelected, unofficial technicians who often don't even work for the voting company full time.

Bev Harris
http://www.blackboxvoting.org

computers do not "level the playing field" that is a myth. What they do is put you on someone else's playing field, and you have to trust that what your eyes and hands tell you you just did actually happened and was recorded as you intended.

With computers, what goes IN is not necessarily what comes OUT.

I've always had a question about the paper trail idea. One of the things that you complained about with Diebold was the fact that the software kept three seperate tables of votes. You equated it to "triple books" in accounting scams. However, aren't you setting up a "double book" scheme with a paper audit trail. Aren't you creating a system whereby the paper count might say one thing and the electronic count say another? If this happens, how do you know where the fraud was?

If you can imagine doing something with a computer, then you can.

You didn't answer my question. How do you know where the fraud was?

3 sets of books will forever conceal the crime. Unless the paper ballots are counted as Bev wants.

What we should be engaged in here, regarding Diebold systems or any electronic vote counting system, is a three step process.

First we must make certain that any system used provide a voter-verified paper ballot which can be referred back to in the event of disputes.

But paper, by itself, is not a panacea. Here, in Arizona election law, the machine count (not the ballot as marked by voter) is the official document of record for the election. Any recount is required by state law to be conducted on the machines themselves. Any handcount of the ballots would require an order from the State Supreme Court. It is my understanding that in Indiana, it is a felony for any election worker to even touch a ballot without a court order.

Secondly, then, after we get legal requirements that voting systems produce a ballot, many - if not most - states are going to require election law reform to be able to use that ballot to verify election results. And the ballot as marked by voter has to be declared the legal document of record in election law.

Third, and this is the most important, there must be a legally required and closely supervised hand count of ballots (at the precinct level, before they are transported to county central) in a percentage of randomly selected precincts to establish a statistical baseline against which the machine count can be compared.

Almost all experts agree that with the current state of computer and communications technology there is absoulutely no way to guarantee the system can't be hacked. Code can be written that doesn't show up on a line by line examination of source code. The phone lines between precinct machines and county headquarters are vulnerable. Anyone, county or voting system company employee, who has access to the machine during or in the days immediately following the election would have the opportunity to tamper. Adding a law requiring a statistically significant number of precincts be handcounted, coupled with the legal right of a candidate to request a hand recount at his/her own expense (or campaign's expense), would make tampering with the vote an extremely risky proposition

Human nature, not technology per se, is the problem. We just have to be a bit more intelligent about how we use the technology.

Gordon25

is a HUGE issue which hasn't been tested in court yet.
Thanks for reading and for the excellent input.

for pointing out that just having the paper is not enough -- those that grudgingly say they are "for a paper trail" but don't agree that the machines are much of a problem,

sometimes clarify by saying that of course, we must stick with existing laws when using that paper trail. (You know, the laws that prohibit us from using it to audit the machines, unless we get a court order).

Bev

Ran across a good analogy to use when talking about state election laws which make the machine count the document of record in elections.

Imagine you are in a grocery store. You go to the check out stand and the checker scans each of your items. The price of each item shows up on a screen as it is scanned. The clerk hits total, a total comes up on a screen, and the clerk hands you a receipt with nothing but a total on it. You tell the clerk the total looks a little high to you, and you would like it checked. The clerk rescans all your items, hits total again, the same total comes up on the screen, and you are handed a second receipt which has the same total as the first. "Did a complete recount, the clerk says. Everything checks out."

Not the sort of store you'd want to do much shopping at.

Can't remember where I ran across the analogy, but it was being used in making a point about touchscreen machines.

Gordon25

Pay no attention to what happens in between :eyes:

why, it could be a slogan for Diebold: "leave the counting to us" :think:

I think you overstate the case by a lot. The current state of the technology is perfectly adequate. It's the current state of the law that's the problem (as you point out earlier).

We can definitely design and build a system that is at least as secure as any other technology including plain old hand-counted paper ballots.

The difficulty is that there are forces--and there are Dems among them--that don't want a secure system because they are not actually in favor of democracy. They are elite oligarchs, and to them we are the rabble. So they are happy to subvert any attempts to make the system accountable to us. (It's why we don't have IRV, why we still have the Electoral College, etc.) They profit by the current mess.

Technology is not the problem, believe me. No line-by-line comparison of source is needed. Make the source open, compile it using an open-source compiler, take 2 hashes of the binary to get a triangulation, and run it on standard off-the-shelf machines (or if you really want to be rock-solid sure, on special machines built to an open-source standard and verifiable using an open-source test suite). Phone lines are not vulnerable--SSL is a fairly robust encryption method; certainly plenty invulnerable enough for the transmission time involved. The 'philosopher's stone' here is that everything must be open to inspection and testable by anyone at any point. That's difficult from a social point of view, but the technology is very definitely up to the mark.

Code can be written that doesn't show up on a line by line examination of source code.

As a programmer of 13 years, I have no idea what you could mean by this.

Any code the is "written" shows up as a line of source code. Sure, you can write self-modifying or self-creating code, but that itself will show up in a line by line examination of the source.

...you should write some articles for the papers!

Kick

:)

And charged almost as much money to use the pieces of junk as to buy a Mac by comparison...

That aside, computerized voting without a paper trail or complete honesty by the people developing the system will exterminate democracy.

And the voting system should be a government project, not to be handed out to the most crooked bidder.

Let's be honest, they cheat.

Welcome to DU!! :toast:

No precinct takes all possible safeguards against fraud, but reasonably accurate voting seems to happen anyway. We are all always at the mercy of the barbarians because entropy is on their side. It's always easier to destroy than to build. But we can hold them off, if we want to.

If we decided that commercial interests shouldn't trump all other interests (my god, the millenium!) then we could make a much more secure world. Jail people who infiltrate spyware under the figleaf of a fine-print no-signature 'agreement'. Lock people up for a LONG time if they violate someone's privacy.

We already have the technology to make online voting work. Public-key encryption alone could do the job. Offer a line of Tempest-hardened single-purpose computers for $100, built to an open-source standard and verifiable using an open-source test suite. Preinstall an open-source operating system, set of web-and-voting-oriented applications, and a well-integrated copy of PGP. As long as no one hostile can gain physical access to the test suite, it can be used ad libitum to test the integrity of one's own system before use. Problem solved.

:)

Online Votine is subject to every evolution of hackers skills.

In hunting around Cisco sites last night, I came up with the information that on a per vote basis, current cost per vote is, like, CENTS, under 50 cents I believe.

The cost per vote of online voting is DOLLARS per vote.

Oh sure, let's do away with paper, Internet/phone voting will be cheaper because of it.

Read the fine print in the contract.

And, given human nature, any voting system that does not produce tangible evidence of the voter's choice, verified, will always be a continual target, a continual headache.

Like those maintenance contracts with the DRE's, these systems are sold on up front costs.

Where the companies are going to make a killing is in maintaining the systems.

It will take continual research and continual upgrades to even begin to stay even with hackers. And you shouldn't be having to upgrade a system every year. If those upgrades are not certified....

In the long run, sticking with some form of tangible evidence, like paper, is going to be the cheaper yet more secure way to go.

Can you dump a ballot box here and there? Yes. Can you always secure Internet and computer-only DRE's? No.

http://www.redherring.com/vc/2000/1122/vc-ltr-dealflow112200.html

Here's a quote that was almost the last item in the article:

"The Bellevue, Washington, company charges counties a process fee of $5 to $6 per vote. That's competitive with current processing fees of 3 cents to 25 cents per vote."

Now, either there happened to be a typo twice, or I just don't understand the logic here.

there's no way to justify that kind of "savings".

Your argument sounds much like ones that I made during the Diebold discussions. I hope you have better luck convincing people than I did.

But I don't think you can. And how will you be able to convince the public? You can't. Not in a million years.

Paper ballots. Paper ballots as the legal document of record in election law (to use Gordon25's language). The public (and I) trust paper ballots.

Multiple sets of eyes
Locked ballot boxes
Basic accounting

on edit: change of emphasis

:)