Monday, August 25, 2008

Trouble With Voting Machines in Washington and Ozaukee Counties

This is extremely troubling

It turns out that the voting equipment used in Washington and Ozaukee counties has possibly been dropping votes for more than ten years.

The voting equipment used in all municipalities in Washington and Ozaukee county is the AccuVote OS optical scanner, the AccuVote TS touch screens, all tied together with the GEMS application on the county central server. This equipment is sold by Premier Election Systems (formerly known as Diebold Election Systems).

Last week, after vendor-independent testing by the state of Ohio, Premier (aka Diebold) admitted to the state that the GEMS system loses votes contained on removable memory packs as the votes on those removable memory packs are uploaded to the central GEMS server. The GEMS server is the application which prints all those nice municipal and county level summary reports.

Posted by Owen at 0617 hrs
(0) Trackbacks
Politics + Politics - Wisconsin + Technology
Add  |  Remove

  1. Diebold first blamed AV software--then admitted that yes, indeed, their own s/w was the problem.

    Apparently the fix is not too difficult--simply verify that the upload is complete before uploading another memorypack.

    Posted by dad29 on August 25, 2008 at 0651 hrs


  2. Really it is hard to believe that Washington and Ozaukee Counties are Trouble With Voting Machines.Thanks for informing us about it.waiting for your next post like this.

    Posted by Free Fruit Machines on August 25, 2008 at 0714 hrs


  3. Oh, I sense voter fraud going on.  Will Voter ID take care of this one?

    Posted by capper on August 25, 2008 at 0741 hrs


  4. "It turns out...?”

    People have been trying to get the powers that be to acknowledge problems with Diebold machines for nearly a decade and now you lead with, “It turns out?”

    Perhaps you should have led with.  “I’m sorry.  It looks as if they were right.”

    Posted by on August 25, 2008 at 0808 hrs


  5. Oh, I sense voter fraud going on.  Will Voter ID take care of this one?

    Wow, you’ll debase yourself into an idiot just to take a shot at the other side.  Cool, you’re very good at it.

    Posted by on August 25, 2008 at 0815 hrs


  6. Not quite, Dad29.  The letter linked on Washburn’s site says “According to a letter from Premier, the GEMS source code contains a “logic error” that causes dropped votes when two cards are simultaneously uploaded, but the first card takes longer to process than the second card.” I gotch yer logic error right here, bug-boy.

    Their Product Advisory says the only safe way to insure a memory card’s votes have been summed is to exit the application, then restart.  They’re asking to take an operation that was taking place in parallel - reading many memory cards at the same time - and turning it into a serial operation - and not only that, restarting the app to make sure it was summed and tallied. 

    Apart from the technobabble and poor tech writing in the advisory, I’ll also cast a skeptical eye on the 100 msec figure at the end.  That number is too round.  I bet I can think of things that would make the window of vulnerability larger or smaller.  They first wanted to blame antivirus software for the problem, but the number of votes and the time to tally causes the same lengthening of time. 

    Any programmer worth their salt recognizes this flaw and knows the right way this should’ve been written.  No semaphore.  Someone assumed a parallel operation would be instantaneous and never in contention.  Dumb design.  I’m sure other programmers will analyze this one to death in the days ahead far better than I can.  Score one for the open source side.  Many eyeballs, they say, improves the code.

    Posted by J. Foust on August 25, 2008 at 0851 hrs


  7. If that’s the case - such an easy fix - why would you take the lazy way out when you are writing code for something like a voting machine?

    Posted by on August 25, 2008 at 0930 hrs


  8. If that’s the case - such an easy fix - why would you take the lazy way out when you are writing code for something like a voting machine?

    There’s a lot of ways for this type of defect to be written into the code, and just because it’s an easy fix doesn’t mean a programmer was being lazy.

    Posted by on August 25, 2008 at 0932 hrs


  9. I dunno.  I understood race conditions when I was 12 or so.  I built a Jeopardy-style machine out of relays for my church.  They certainly teach this in programming classes.  Some bugs look simple in hindsight.  An experienced programmer knows what to expect and knows how to deal with it.

    Posted by J. Foust on August 25, 2008 at 0938 hrs


  10. Umm… Foust?  You are still banned.  Please don’t make me go through the effort of blocking your IP addresses and deleting your comments.

    Posted by Owen on August 25, 2008 at 1001 hrs


  11. Wow, you’ll debase yourself into an idiot just to take a shot at the other side.  Cool, you’re very good at it.

    And yet this to me is 1000 times more concerning than alleged vote fraud to be dealt with by photo ID.  Yet Owen graces this topic with a four word intro, while “voter fraud” got weeks and months of play.

    Posted by on August 25, 2008 at 1006 hrs


  12. Can I get a recount from the Spring 2006 General Election for Grafton Village Trustee where I lost by 54 votes?  tongue rolleye

    Posted by on August 25, 2008 at 1227 hrs


  13. I have yet see anyone from the right discuss the biggest cause of voter fraud--absentee balloting.  Why is this never addressed?  Oh, yeah, cuz that usually helps the Repubs.  Silly me.  Just debasing myself again.

    (Is that like defoliating?)

    Posted by capper on August 25, 2008 at 2318 hrs


  14. Absentee voting?  I thought the biggest fraud was democrats voting years after they were in the grave.

    Anyone looking for a fraud free voting method will be disappointed.

    Posted by on August 26, 2008 at 0614 hrs


  15. Since, Product Advisory Notices (PAN’s) from Premier (aka Diebold) have a history of being wrong, it is a leap of some faith to consider this on correct.  Hopefully, the speculation that serializing a parallel operation will avoid this defect is true.  I would like evidence that this work-around actually works.

    The primary design flaw is to use the Microsoft JET Database (aka Microsoft Access) as the underlying data store for the central server, GEMS.  This upload problem flows from this design flaw, because MS JET Databases cannot handle multiple, concurrent operations against a table in the database.  What are elections if not a multitude of concurrent events?

    Here is a better technical paper on the problems stemming from this decision.  Problem 3, no concurrency is on point for the upload error.

    This is why Microsoft says don’t use JET (aka MS Access) with IIS. (JET can’t handle concurrent hits to the website)

    The lack of concurrency for the of JET DB (aka MS Access) is a
    known problem since the late 90’s.

    Posted by John Washburn on August 26, 2008 at 1231 hrs


  16. To Josh Schroeder,

    If the county clerk followed the law, WI stats 7.23(1)(g), then there are backups of the memory cards from that election.

    Ask her for copies of the backups as an open records request.  If you want help, look me up and give me a call.  I am the only John Washburn in Germantown.

    Posted by John Washburn on August 26, 2008 at 1239 hrs


  17. Anyone looking for a fraud free voting method will be disappointed.

    True. 

    But the centralization that electronic voting presents, especially at the central server, changes the SCALE of the fraud possible. Electronic centralization means:

    Fewer people are needed

    Fewer illegal acts need to be committed

    The number of votes which can affected is larger (county wide)

    Tampering is harder to detect because evidence of tampering available ranges from non-existent to difficult and tedious to find and/or assemble.

    If tampering is suspected, there is the “Oops defense”; i.e. “Oops there was a glitch in the system, but none of the election outcomes were affected.”

    Posted by John Washburn on August 26, 2008 at 1432 hrs


  18. Actually, more of each are needed than with paper ballots.  An individual can stuff a box of paper ballots long in advance of a voting day and every election with paper ballots featuring a recount inevitably has that last box of ballots the was “just discovered”.  If anything electronic voting is more difficult for fraud because you need to either involve every voting machine or the entire tabulation of results because you don’t know the results ahead of time.  With paper ballots you just need to know the result and find a few more ballots.

    The scale of fraud possible is no greater.  Elections are either won or lost, there is no in between and no degree of losing that makes any difference. 

    Cicero wrote of being handed election results ahead of time in ancient Rome.  Little has changed because of electronic voting.

    Posted by on August 26, 2008 at 1916 hrs


  19. you need to either involve every voting machine

    Just what do you think electronic centralization means if not the ability to involve every voting machine?  That is exactly what defects and hacks on the central server mean; Acces to the programing of every voting machine used in the county.

    Catch a clue.

    As for the clerk: Who Watches the Wacthers?.  I am sure the person who handed Cicero the results was it the election clerk or the clerk was an accomplice.

    Posted by John Washburn on August 26, 2008 at 2103 hrs


  20. 1.  There is no need to tie electronic voting to a central server accessible to anyone from outside.  Your link doesn’t state if outside links exist.

    2.  Your own link explicitly states they are physically uploading memory modules from the machines to a central server.  There is no connection between the server and the machines, nor any need for one to count votes.

    Posted by on August 26, 2008 at 2244 hrs


  21. Why limit yourself to outsiders? Again: Who Watches the Watchers?

    Clearly you do not understand the functionality of the central servers.  The central servers from the four largest vendors are: GEMS (Premier/Diebold), UNITY (ES&S;), WinEDS (Sequoia), and BOSS (Hart interCivic).

    Here is a nice picture from NYC for the UNITY server from ES&S;.  This is the system used in the City of Milwaukee, but all of the four central servers have the same functionality: Defining jurisdictions, Ballot definition, programming every voting machine in the jurisdiction, printing ballots, colleting/uploading data, aggregating data, reporting results.

    The long, white horizontal line represents the hundreds of voting locations and the voting machinery in those locations.

    The specific defect under discussion is in the orange part of the picture: uploading and aggregated data.

    Mistakes or hacks in the blue, red, green or yellow section propagate to everything represented by the long horizontal line.  Thus mistakes or hacks on the central server, follow me here,

    involve every voting machine


    and affects

    the entire tabulation of results

    This is how electronic centralization changes the scale of election fraud.

    Posted by John Washburn on August 26, 2008 at 2334 hrs


  22. There is no connection between the server and the machines, nor any need for one to count votes.

    Yes there is: the memory cards.

    The term for this kind of connection is SneakerNet.

    The central server programs the memory cards (possibly with virus as in this research paper).  And yes it is PROGRAMMING.  For the City of Milwaukee it is a an EXE file which was compiled about two weeks prior to the election.  For Washington and Ozaukee counties it is a combination of EXE’s and interpreted scripts.  With the Sequoia systems of Waukesha county it is an EXE file as well.

    The memory card is plugged into the polling place machinery.

    The firmware in the polling place machinery, after boot up, transfers control to the program on the memory card and runs what ever programming is found on the memory card.

    The memory card is removed at the end of the night.

    The memory card is connected to the central server.  (possibly infecting the central server)

    The process repeats for the next election.

    The voting machinery in the polling location is tightly connected to the central server.  It is just not connected with a wire or a telephone line.  It is connected to the central server by PCMCIA memory cards and Epson D40 memory packs.

    Posted by John Washburn on August 26, 2008 at 2353 hrs


  23. My point is there is no need to do things that way.  Second, it would be a fairly easy process to run memory modules with a known vote tally through the central server at any time to check how the server tallies votes.

    I think we both think centralization is a poor idea for the voting machines.  I don’t believ electonic voting is a poor idea.

    Posted by on August 27, 2008 at 0823 hrs


Commenting is not available in this weblog entry.