It’s commonly said that insanity is doing the same thing over and over again while expecting different results. Yet this is what we keep doing with electronic voting machines — find flaws and try again. It should therefore have been no surprise when, at the end of March, California’s secretary of state’s office of voting system technology assessment decertified older voting systems from Diebold’s Premier Election Solutions division. The reason: a security flaw that erased 197 votes in the Humboldt county precinct in last November’s presidential election.
Clearly, 197 votes would not have changed the national result. But the loss, which exceeds the error rate allowed under the Help America Vote Act of 2002, was only spotted because a local citizen group, the Humboldt County Election Transparency Project (humtp.com) monitored the vote using a ballot-imaging scanner to create an independent record. How many votes were lost elsewhere?
Humboldt County used Diebold’s GEMS operating system version 1.18.19 to tally postal ballots scanned in batches, or “decks.” The omission of votes was a result of a flaw in the system, where, given particular circumstances, it deletes the first deck, named “Deck Zero,” without noting it in the system’s audit logs.
Diebold recommended decertification of its older version, which should force precincts to upgrade and eliminate the flaw. But the secretary of state’s report notes flaws in the audit logs that will be harder to erase: wrongly recorded entry dates and times, and silent deletions of audit logs.
“It’s nothing new,” says Rebecca Mercuri, a security consultant who studied voting systems for her 1999 doctoral dissertation. “These are all security flaws that are well known in the industry. Why are they acting as if this is the first time they’ve heard this?” The audit log problems were documented in Bev Harris’s 2004 book, Black Box Voting (blackboxvoting.org).
Mercuri explains that election software belongs to the class of problems known as “NP-complete,” that is, problems computers cannot solve in a known amount of time. How much time have you got to test that a given voting system will function perfectly under all possible circumstances?
“What are people going to do about it?” she asks. “Say we fixed it when it’s theoretically not possible to fix these things at any real level?”
So, it’s not fair just to pick on Diebold. Last month, election officials in Clay county, Kentucky, were charged with conspiring to alter ballots cast on ES&S iVotronic election machines in recent elections. The key: interface design. In most cases, voters cast ballots by pressing a big red button labeled “VOTE.” But some versions of the system require touching a “confirm vote” box on the screen to complete the ballot. It is alleged officials hid this fact from voters and would then “correct” and confirm the ballot after the voter had left. The officials have pleaded not guilty.
Matt Blaze, a security researcher at the University of Pennsylvania, writes in his blog that if this were a strategy, “it’s a pretty elegant attack, exploiting little more than a poorly designed, ambiguous user interface, printed instructions that conflict with actual machine behavior, and public unfamiliarity with equipment that most citizens use at most once or twice each year. And once done, it leaves behind little forensic evidence to expose the deed.”
But Diebold’s current problems aren’t limited to voting machines. More startling was the discovery of malware designed to attack its ATMs. Graham Cluley, a senior technology consultant for the security company Sophos, says the company found a sample in its archives.
“If [the malware] were planted on the version of Windows on those Diebold machines,” Cluley says, “you could actually steal information from the cards being used on the device, and hackers with a specially crafted card would get a receipt with people’s information.” Diebold sent out a customer warning in January and provided a software update.
As in the Kentucky voting machine case, the attack on Diebold’s ATMs requires inside access. “We’re seeing more and more organized criminal gangs because of the money they can make,” says Cluley, pointing out how difficult it would be to spot a legitimate maintenance engineer who’s been bought off installing an extra patch off a USB stick in a back pocket.
For consumers, the problem is that both ATMs and voting machines are black-box technologies. You can count your cash and keep the receipt; but if someone else withdrew the money you can’t prove it wasn’t you. “It’s the same with voting,” Mercuri says. “You have no way to prove or disprove how you voted.”
At least with voting, citizen groups are motivated to push for greater transparency. In the UK, Jason Kitcat, Green councilor for Brighton and Hove, on the south coast of England, organized volunteers to observe e-voting trials in the 2007 local government elections in England and Scotland on behalf of the Open Rights Group.
“We saw the same audit log issues,” he says. “We know from a computer science point of view that making an audit log that can’t be changed is impossible. But it seems as if there’s a huge disconnect between people who are computer-science literate, and the people delivering the policy.”
Besides, politicians like making uncontroversial decisions. Who could fault them for trusting a company that makes ATMs worldwide? Again, it comes back to humans.
“The folks who buy ATMs [bank managers] and voting machines [election officials] don’t really want to pay for a facility that will make it easier for people to challenge them,” says Ross Anderson, a professor of security engineering at Cambridge University, England.
“In the long run, of course, this ends up costing them more: fraud can lead to challenges that are systemic rather than local. Nevertheless, the purchasers may be rational. Most of the bank managers who bought crap ATM systems in the ’80s are retired now — they got away with it. With voting machines, some vendors have been discredited in some countries, but lots of money has still been made.”
That is, from us — the taxpayer and the bank customer. Kitcat says: “It is shocking that in this day and age this has been allowed to continue.”
That US assistance was a model for Taiwan’s spectacular development success was early recognized by policymakers and analysts. In a report to the US Congress for the fiscal year 1962, former President John F. Kennedy noted Taiwan’s “rapid economic growth,” was “producing a substantial net gain in living.” Kennedy had a stake in Taiwan’s achievements and the US’ official development assistance (ODA) in general: In September 1961, his entreaty to make the 1960s a “decade of development,” and an accompanying proposal for dedicated legislation to this end, had been formalized by congressional passage of the Foreign Assistance Act. Two
Despite the intense sunshine, we were hardly breaking a sweat as we cruised along the flat, dedicated bike lane, well protected from the heat by a canopy of trees. The electric assist on the bikes likely made a difference, too. Far removed from the bustle and noise of the Taichung traffic, we admired the serene rural scenery, making our way over rivers, alongside rice paddies and through pear orchards. Our route for the day covered two bike paths that connect in Fengyuan District (豐原) and are best done together. The Hou-Feng Bike Path (后豐鐵馬道) runs southward from Houli District (后里) while the
March 31 to April 6 On May 13, 1950, National Taiwan University Hospital otolaryngologist Su You-peng (蘇友鵬) was summoned to the director’s office. He thought someone had complained about him practicing the violin at night, but when he entered the room, he knew something was terribly wrong. He saw several burly men who appeared to be government secret agents, and three other resident doctors: internist Hsu Chiang (許強), dermatologist Hu Pao-chen (胡寶珍) and ophthalmologist Hu Hsin-lin (胡鑫麟). They were handcuffed, herded onto two jeeps and taken to the Secrecy Bureau (保密局) for questioning. Su was still in his doctor’s robes at
Mirror mirror on the wall, what’s the fairest Disney live-action remake of them all? Wait, mirror. Hold on a second. Maybe choosing from the likes of Alice in Wonderland (2010), Mulan (2020) and The Lion King (2019) isn’t such a good idea. Mirror, on second thought, what’s on Netflix? Even the most devoted fans would have to acknowledge that these have not been the most illustrious illustrations of Disney magic. At their best (Pete’s Dragon? Cinderella?) they breathe life into old classics that could use a little updating. At their worst, well, blue Will Smith. Given the rapacious rate of remakes in modern
RSS