lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: larry at larryseltzer.com (Larry Seltzer)
Subject: Will a vote for John Kerry be counted by a Hart InterCivic eSlate3000 in Honolulu?

Guess what? In most elections the old fashioned paper absentee ballots
aren't counted anyway, unless their number could make a difference in
the vote total. It's always been this way.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@...fdavis.com 
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Jason
Coombs PivX Solutions
Sent: Wednesday, October 20, 2004 9:25 PM
To: Full-disclosure@...sys.com
Cc: info@...tic.com
Subject: [Full-Disclosure] Will a vote for John Kerry be counted by a
Hart InterCivic eSlate3000 in Honolulu?

I just voted for John Kerry at a walk-in absentee ballot polling place
in Honolulu County using an eSlate3000 (unit serial number A05A0B) made
by Hart Intercivic: http://www.hartintercivic.com

I was told by the official who gave me the choice of voting on paper or
voting electronically that the electronic voting machines weren't
supposed to be here yet, but that since they arrived in time for the
2004 election, they were being used anyway.

Will my vote be counted? That depends on a number of unknowns, such as
whether or not the unit on which my vote was cast subsequently
malfunctions, rendering the entire vote tabulating memory card corrupt.

I did not receive a paper printout following the submission of my
electronic ballot.

Excluding the obvious possibility that fraud may occur, either to stuff
the electronic 'ballot box' with false votes, or to intentionally
destroy or fail to count votes for a particular candidate, there are
risks inherent to electronic voting that do not exist in the same way
with paper ballots. And although there are technical safeguards possible
that seem like common sense, these safeguards continue to be ignored.
Why?

Will we ever see common sense safeguards added to the electronic voting
process?

A search for known security vulnerabilities or potential flaws in voting
equipment manufactured and sold by Hart InterCivic turns up:

http://www.conspiracyplanet.com/channel.cfm?channelid=31&contentid=1570

Prior to casting my vote, I provided a written 'application' to vote
containing my current address and other contact information. Election
officials have every bit of information necessary to inform me in the
event of a memory card failure or other malfunction that causes my
electronic vote not to be counted properly.

We know the very equipment that I just used to cast my vote has
malfunctioned in the past. There have never been any reports that any
voter has ever been allowed to revote following the loss of their
electronic vote database record. Why not?

I find it absurd that common sense solutions to electronic voting
problems are not being used. The vote I just cast could be made
available for my anonymous review after it has been counted. For that
matter, all votes made by all voters could be aggregated and published
such that any voter could confirm that the vote that was counted was in
fact the vote that they cast.

Such a safeguard would ensure that no fraud could occur without timely
detection by those voters who are directly affected, and no vote would
go uncounted or be miscounted by mistake unless voters choose not to
perform such data validation.

If we're going to allow these electronic voting devices in our
elections, then we the people must be empowered to become the all
volunteer quality assurance army that validates the data output.

Reasonable people can live with the necessity to trust election
officials to be honest, and the criminal justice procedures to hold them
accountable when they are not, but who are we supposed to hold
accountable when equipment failures and flawed computer disaster
recovery planning result in the secret exclusion of members of the
public from access to their right to vote?

If anyone has any further information about Hart InterCivic and the
eSlate3000, please contact me directly.

Sincerely,

Jason Coombs
jasonc@...ence.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ