Comments on: Sequoia warns Princeton professors over e-voting analysis
E-voting machine manufacturer threatens legal action against computer scientists, state officials over a planned security analysis.
Most Popular
15 sites that went kaput in 2009
Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.
Top 10 news stories of the decade
Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.
About Politics and Law
News at the intersection of technology, politics, and law, ranging from intellectual property to censorship to tech policy.
Add this feed to your online news reader
Politics and Law topics
Because y'know what? The paper machines were just fine. Keep your e-vote machines, and keep your payroll, your unsold inventory, and your rising debt.
Let the market forces collude to make the changes happen.
-R
"In addition to the federal certification program, individual states have their own state certification programs which vary state-by-state but most often entail additional testing and review by qualified third party experts."
Now they should have to live up to that statement and allow NJ to hire third party experts (in this case the Princeton people) to independently certify that the systems work properly.
Until we can independently verify the code and that the code we verified is what is running on the machine, the system cannot be trusted.
Our elections process should not be subject to trade secret protection.
If I was New Jersey, I would send the machine to Princeton anyway and just DARE Sequoia to take the state to court, asking them, as you did, "What do you have to hide?"
forcing us to spend millions on inadequate machines that are not
reliable and not giving us time to review and improve the faulty
manchines, and they call this a democracy, dumnmockracy is more
like it.
Since perfect security is impossible, electronic voting machines need to have "hardcopy" redundancy in order verify the electronic vote counts. The solution is to provide two paper reports to the voter after they have voted. One is left with the voting center and processed independently to confirm the electronic vote. The other is for the voter to keep as a record of their vote. Also, if the one they keep has a common format, such a record could be scanned by news organizations as a kind of exit poll. This would serve to keep the powers in charge of voting honest.
One thing is very clear to me. Electronic voting, if done without proper safe guards like I have outlined above, has an extreme risk of being exploited and manipulated. And if it 'can' be done, it 'will' be done.
People need to take this very seriously!!
Mark
Being able to use e-voting to fix election results is their 'best' feature. having paper trail or any form of verification / security defeats the purpose of those machines. The only way to defeat those machines is to expose what and why. That's exactly what researchers are trying to prove, and why they,re threatened with lawsuits.
BTW, I still have no answer to a question I've had for years about Diebold e-voting machines. Why the hell do they need an infrared IRDA port ?
http://www.votetrustusa.org/index.php?option=com_content&task=view&id=960&Itemid=51
Everyone should have their vote counted, and that vote should be verifiable and trackable.
E-voting is obsolete as a service. Once you've voted with Oregon's vote-by-mail, you'll ask yourself, "Why do I have to stand in a line for hours to vote?"
If I write code that makes an ATM work, nobody else can use my code without permission to make their brand of ATM work. They can, however write their own unique code that makes their ATMs work the way my ATMs work (unless I patent a particular aspect of my ATM's function that is unique to all other ATMs on the market). The same concept is true for voting boxes -- nobody "owns" the rights to make voting boxes and they all pretty much work the same way (even non-electronic ones) -- therefore, the company can't claim IPR on the concept of voting machines, only the copyright to the code that makes their particular brand work and possibly any patents that make their brand unique from other brands -- and the copyright laws and patent laws protect the company even if the code is made public.
If it really couldn't be tampered with, they would tell the professors to do their worst.
However, any "intellectual property" here is of minimal value, except, perhaps, to the vendor. These machines are embedded systems which display a list of candidates, accept inputs from a touchscreen and write the results to a memory card. Nothing novel here. If there is, it's probably protected by patents. Any hacker worth his reputation could probably write better code than you'll find by examining what's currently in the machine.
In short, nobody's going to learn any earth-shattering coding secrets by examining the voting machine code. The vendor's most likely just afraid that an objective evaluation of the code will reveal defects, which might affect their future sales. I believe that concern, valid as it is from the vendor's point of view, is overridden by the public's right to know that their votes are being accurately tabulated.
The founders of the country probably would have prohibited Congress from passing a law allowing any state from entering into a contract reasonably calculated to increase the risk of voting fraud. But they probably thought nobody would be insane enough to actually ink an agreement like that, leading to another entirely different tirade questioning why any state agreed to this.
There will still be plenty of money to be made selling and servicing the integrated system, even if the source-code is entirely open source. In fact, the software probably should be open-source: let's allow the hackers to do their magic in public before some sleazy politician does it in private. The fees these companies could charge to patch their open-source systems would probably more than outweigh any lost revenue of what's really just a basic counting program.
Sequoia's products - and those of all election equipment manufacturers - go through a complete and independent review as part of the Election Assistance Commission's (EAC's) federal voting system certification process including rigorous testing and a line-by-line review of the voting system's source code by EAC accredited Voting System Test Labs (VSTLs)...
There is NO system on the market which has gone through the EAC testing and certification process.
ALL systems currently on the market were qualified using the flawed vendor-funded, ITA system sponsored by the National Associatiation of State Election Directors (NASED).
In fact for Sequoia to claim their systems have passed the EAC certification procedure is a violation of the manufacture's registration agreement Sequoia signed with the EAC.
Read section 2.3.2 of the EAC Testing and Certification program manual found at:
http://www.eac.gov/voting%20systems/docs/testingandcertmanual.pdf/attachment_download/file
- by jypeterson August 1, 2008 6:08 AM PDT
- What disturbs me is that the NJ county was performing its due diligence to protect its citizens and yet they were not protected as a government entity for doing what they thought was right, by ensuring that the voting process could not be circumvented. I wish that they would have proceeded and Sequoia sued. Then, the courts would have heard the arguments against e-voting and a public record and case law would have been established on the subject.
- Like this Reply to this comment
-
(22 Comments)Sure, hacking and changing votes could occur, but what is more frightening is that an error in the code could persist and an individual's suffrage would not be upheld.