Re: does Diebold have 'quadruple redundancy'?

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Tue Aug 16 2005 - 09:52:25 CDT

On Aug 15, 2005, at 9:30 PM, Kathy Dopp wrote:

> =He is claiming that Diebold DREs have "quadruple redundancy" - that
> there are 3 computer chip records of every vote plus the paper trail.

This is true, but as I've long said, the mere fact of redundancy does
not mean that it does you any good. ES&S, in Miami last summer,
did a great job of demonstrating how not to use redundancy.

(If the machine found an error in one redundant copy, depending on how
you extracted the data, you got one or another copy, with no indication
which. Software in the central tabulator was unprepared to properly
read all but the default copy, and the misreadings caused symptoms
that could also be interpreted as evidence of fraud. All very strange
but sadly, very typical of how naive programmers handle redundancy.)

So, never trust a claim of redundancy unless you know that the folks
making the claim really understand the use of redundancy. In that case,
they need to explain the use of redundancy.

Here are some simple questions to ask:

1) Does the Diebold system use an atomic update model to guarantee that
proper synchronized update of the redundant memories? They either do or
don't. If they hem and haw about this, it means that they don't
the proper use of redundancy. The term atomic update is a standard
technical term that anyone who knows about fault-tolerant computing
will understand. If Diebold has nobody on hand who understands
fault-tolerant computing, they have no business trying to sell voting

2) Does the Diebold system conform with open records laws? The open
records laws of many states require that ALL records of an election
be available to the public, if requested. This would include the
records stored inside the machine. Unless Diebold wants to make a
of the open records laws, they will have to release documentation
the format of these records so that someone who requests them can
what they have requested.

3) Does the Diebold system preserve the secrecy of the ballot? If the
vote records in one of the redundant memories are shuffled differently
from the vote records in another redundant memory, investigation of
discrepancies becomes very difficult unless each vote record has an
attached "serial number". If the vote records are stored in order in
the order votes are cast, any observer at the polling place can
from public records of the election, which ballot went with which voter.
If the vote records are serial numbered with sequential numbers,
sequential pseudo-random numbers, there is the possibility of
who voted in what order.

4) The last publicly disclosed information about Diebold's system
that it was using the Park and Miller's minimal standard pseudo random
number generator. This generator is fine for games and simulation
but it isn't cryptographically secure. As a consequence, using it to
ballot serial numbers or using it to shuffle the ballots in the
ballot box does not prevent someone from learning the order in which the
ballots were cast. Has Diebold moved to a cryptographically secure

                Doug Jones

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Wed Aug 31 23:17:26 2005

This archive was generated by hypermail 2.1.8 : Thu Sep 15 2005 - 11:44:12 CDT