Slashdot Mirror
Electronic Voting's Fundamental Flaws
phil reed writes "Given the latest fiasco in Florida's continuing attempts to implement a decent voting system, I thought it would be appropriate to alert Slashdot readers to the work of Dr. Rebecca Mercuri. She's been studying voting systems for many years, and has developed well-considered positions on what makes a good electronic voting system (and what makes a bad one). Her comments on the Florida 2002 election can be found in the current Risks Digest. And, if you think that creating a computer-based voting system is easy, she provides a suggested list of questions that should be answered by any developer." Mercuri's statement in Risks is well worth reading. With all due respect, she is wrong in some respects: it is possible to create a fully-verified electronic system. Start with completely open code and thoroughly examined hardware, create an audited system for installing the code on the hardware, and make it tamper-evident so that you know the same code is still there when the machine reaches the voting booths. Bootable, hologrammed, serial-numbered CD-ROMs with individual private keys would do the trick. Mercuri is thinking in terms of vendors selling proprietary "solutions", where she's absolutely right: there's no way to verify that what people punch in is what is actually recorded.
If they couldn't get it right with a simple system before, who thinks they're going to get it right with a newer more complicated one!
Unfortunately, as long as their are humans involved, corruption will always be there. From the guys paid to write the software, to the DB admins, to our friends at M$ who will undoubtably provide a security-lacking OS to run the system on, voting will always be called into question when it gets as close as it did between Gore and Bush.
I've dirtied my hands writing poetry, for the sake of seduction; that is, for the sake of a useful cause. --Dostoevsky
http://catless.ncl.ac.uk/Risks/22.24.html#subj1
.. if they can't figure out how to vote by now, then maybe they shouldn't be voting.
I'm sick and tired of hearing about Floridians bitching about the voting process. 49 of the other states get it right, so either fix it, hire someone from the other 49 states as consultant to fix your problems or STFU.
I guess the million dollars they spent last year updating their systems didn't help much.
And don't blame Jeb for the problems, the asshole democratic voting nazi leader down there denied his help.
Live web cams
I just fail to understand why they choose aong little papers printed with the name of the candidate, sip the little paper in little enveloppe, and slip the enveloppe into a transparent box. I mean THIS has been working for more than a century. What's the problem with it ?
They would equate electronic voting to one of those annoying "joke applications" which move the close button whenever you get the mouse near it.
"I swear, I clicked the button for Bush! The cheating Gore one moved itself in front and confused me."
"PC Load Letter? What the $@#% does that mean?!"
Michael I think you don't quite know what you're talking about. First you say a recognized expert is kinda right, but lo and behold, if only we had open source, that would be the end of our woes.
You have to remember that most open source software doesn't provide any degrees of assurance other than "it's been used by alot of people". This really isn't an option for vertically integrated solutions such as digital voting. Just how many hobbests are going to "hack on" the GNU Vote system ?
The track record on contribution by the general public to OSS projects is pretty poor. Look at Mozilla, emacs, linux kernel, etc. Most of the significant contribution has been done by a relatively small number of persons. While lots of useful bug reports and patches have been submitted, I think for electronic voting we need a bit more than "lots of people have submitted bug patches."
What she is talking about here is engineered assurance. OSS is a source code policy, not an engineering style.
With that in mind, I think the best system is still a card system (specifically the "complete the arrow" system). It won't crash, it's recountible as many times as you need (no chads shaking loose in the counting machine) and it's so easy that even the retarded old people living in certain Florida counties can figure it out.
The best part is that it uses no complex parts (which, according to Murphy's Law, are prone to failure on election day). Just a paper and pen -- beat that. Add a reasonable amount of physical security (deputies at each location, plus maybe a representative from each major party to observe) and you're good to go.
This is one of those situations where overthinking and overengineering comes back to bite you.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
I think her suggested list applies to a lot more than voting. She deserves a lot of credit, because work like hers is the dirty work no one ever wants to do... real nuts-and-bolts stuff that takes lots of thought.
;)
I love it -- Take that all you kiddies who say "duh, how hard could it be? I could do it in perl in an afternoon, i'm so huge!" huge you are!
https://www.accountkiller.com/removal-requested
Consider a computer supplier that is co-opted by an unscrupulous political party. They create some sort of hardware mod that allows the contents of memory to be arbitrarily modified. Perhaps it can be controlled wirelessly. Suddenly bootable serial numbered CD-ROMS aren't a solution.
The advantage to the pencil-and-paper system is that to my knowledge, nobody has developed paper that can cause a mark on its surface to be erased and another mark drawn while the paper is in the ballot box. People can watch the ballot go into the box, they can watch it come out, and be sure that nothing has occurred to change the vote thereupon. When the vote is nothing but electrons inside a machine, this is much more difficult.
This sig is umop apisdn.
Having read the "well considered positions" I have to say I agree with Bruce. Paper is needed to provide an audit trail. Moving millions of electrons is "easy" to do without someone noticing. Physical ballots are just a little bit harder to play with. I think there's a confidence issue as well. If I just click a button I wouldn't have the same confidence that I have when I put a physical piece of paper in a box.
Never disturb your enemy while he is busy making a mistake.
It's all very well having an open source voting solution. Tell me this though: when I go to vote, how do I verify that the system is running the software whose source I was examining at home? How do I know the system isn't being abused by government intelligence agencies to track my voting habits? With the current system where I live of putting a cross in a box with a pen, I'm guaranteed this.
Yeah, I'm in favor of having unelected political hacks and the Supreme Court decide who our elected officials should be like last time. After all, voting only takes valuable time away from the important things in life.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
I thought of how to create a proper auditable system, and the idea I had was to take the best aspects of both. First, make use of an electronic system, even web based, and use it to create a "paper" vote, where the information about the desired votes is printed out in human readable format, and in electronic readable format. This could contain a section of a printout that even contains the voter and a unique identifier, and a second section that contains the vote and the same identifier. The voter would keep the unique identifier, and would be able to verify the proper vote was registered online, allowing each individual to audit their own vote.
With this paper vote, either generated at home, or at the poll site, they would submit it to the vote reader, which simply scans in the information, resulting in the vote. It would display the vote information to the submitter, ask for verification, and keep the sheet for audit purposes. Result: Complete auditing capability at several levels, but without any local individuals being able to track who voted for who, but they can't tamper with the votes either.
There's so much focus on the tools of voting, that people don't pay much attention to the fact that there are fundamental limits to voting systems themselves.
For example, in 1950 Kenneth Arrow proved that no voting system is fair.
This is know as Arrow's Impossibility Theorem and places fundamental mathmatical limits on what the democratic process is capable of.
Of course, we have the worst of the worst sort of voting system here with its single-member voting districts and "one man - one vote" philosophy.
An improvement would be proportional representation.
This can't overcome Arrow's theorem, but its better than what we have now.
Is it possible? Then why hasn't it been done before? At least in the PC industry, I can't think of a single example of an uncrackable software package... Basically, to develop an immune system would require something on the order of mil-spec hardware and a goverment contract with a single vendor and the mountains of paperwork associated with it. In other words, if the feds aren't going to organize and standardize this project, it will quickly get out of hand.
The main problem here is that people are using a complicated solution to a very very simple problem: counting! I imagine a compromise system: have a computerized voting thingie that simply prints out the completed ballot for you in an OCR (or MICR) compatible format when you're done voting. Then you have a legal record, no more chads, and the results are verifiable by traditional methods. If the government were to standardize this form of computerized paper ballot, that would allot vendors to create systems at their will, since security is no longer an issue. It's much easier to prevent tampering to pieces of paper as opposed to securing bits and bytes here and tere. Also, the public would be more accepting of such a system, and it eliminates human error from the process, and it keeps the nerds happy.
Obligatory link: http://www.acm.org/classics/may96/.
This ACM classic does a great work on showing that "You can't trust code that you did not totally create yourself".
Fh
I voted yesterday, and I live in Florida. It was my first time (Yes, I AM an American) so I never got to try the punch cards system. However, before I went to vote I figured any educated person would be able to vote successfully because all you have to do is darken a bubble next to canidate you wish to cast your vote for, just like all the multiple choice exams, Scantron forms, and SATs. Yes, you could say that the older voters were "educated" before scanning technology, but they should be able to read!. So,I've come to the conclusion that for the most part, Florida voters (with the exception of a few including me ;-)) are stupid. It is sad for me to say this as a Floridian. I'm sorry, but if you can't fill out a simple form to vote while immigrants natively speaking other languages struggle to take a US Citizenship test in English and pass, you probably should not be voting.
..And if you're running the polling places, and can't figure out HOW to press the Power button on a Big Black Scanning machine, perhaps you should give your job to someone who does.
$cat
Palladium
oh wait, then we'd have to trust Microsoft.
As an improvement to that, in this year elections in Brazil a new system will be tried where the ballot prints the vote on a paper which will be shown to the voter through a transparent window, but will not be otherwise accessible before it's cut loose and drops into a sealed canvas bag. Votes will be counted electronically as before, but the canvas bag will provide a way of auditing the whole ballot, if needed.
I live down here in south Florida. The problem isn't with the voting system. Its with the whiny people down here who can't ever accept that they lost. Feh. Im moving.
Actually, it was more to the tune of 39 million dollars.
The single biggest problem; every voting district is run by a different person. The districts with the largest populations have the biggest problems... coincidence?
Governor Bush did not deny "his help" as you so wonderfully state... in fact, he is spitting nails over this latest debacle.
In the end, there is no excuse.
But it really doesn't mean anything since everyone who points out the problems with elections equipment are routinely ignored.
Purchasing elections systems has nothing to do with quality, trustworthiness or even sanity. It is a political decision made by politicians. There are only two questions for politicians making this decision. Is it cheap enough that I can't get raked over by the cost? Will it help/hurt the people I need to vote/notvote for me in order to hold on to power?
That second question in particular is the true driving force for all election system purchase decisions. Every politician knows if he needs old folks, poor people, rich people, republicans, democrats, dog lovers, cat lovers and an endless list of possible groups. If the elections equipment is harder for old folks, a politician who needs them will never agree.
Fully electronic systems do not provide any way that the voter can truly verify that the ballot cast corresponds to that being recorded, transmitted, or tabulated.
This may be true, but what about current systems? What happens to your card after you punch it? Voters have no way of knowing if the card they punch is the one that ends up being counted...it all comes down to trust. I would rather trust a nonpartisan peice of open-source software than a group of human beings.
No electronic voting system has been certified to even the lowest level of the U.S. government or international computer security standards (such as the ISO Common Criteria or its predecessor, TCSEC/ITSEC), nor has any been required to comply with such. Hence, no current electronic voting system has been verified as secure.
True, this is needed. However, I am sure even current systems are more secure than punch cards. A standard A=1 B=2 cypher is more secure than a punch card.
There are no required standards for voting displays, so computer ballots can be constructed to be as confusing (or more) than the butterfly used in Florida, giving advantage to some candidates over others.
She brings up the point that Florida ballots were confusing. Exactly! We ALREADY have this problem with our current methods.
Electronic balloting and tabulation makes the tasks performed by poll workers, challengers, and election officials purely procedural, and removes any opportunity to perform bipartisan checks. Any computerized election process is thus entrusted to the small group of individuals who program, construct and maintain the machines.
An open source voting solution would be checked by everyone who had a mind to do it, and if it was non-partisan, than the actual voting procedure would be non-partisan. I would rather trust a computer to carry out a potentially emotional procedure than some human beings.
Although convicted felons and foreign citizens are prohibited from voting in U.S. elections (in many states), there are no such laws regarding voting system manufacturers, programmers and administrative personnel. Felons and foreigners can (and do!) work at and even own some of the voting machine companies providing equipment to U.S. municipalities.
Whoa...scary. That gets me thinking. What about the companies that make the punch cards? There could be FOREIGNERS printing those cards!
Encryption provides no assurance of privacy or accuracy of ballots cast. Cryptographic systems, even strong ones, can be cracked or hacked, thus leaving the ballot contents along with the identity of the voter open to perusal. One of the nation's top cryptographers, Bruce Schneier, has recently expressed his concerns on this matter, and has recommended that no computer voting system be adopted unless it also provides a physical paper ballot perused by the voter and used for recount and verification. Internet voting (whether at polling places or off-site) provides avenues of system attack to the entire planet. If the major software manufacturer in the USA could not protect their own company from an Internet attack, one must understand that voting systems (created by this firm or others) will be no better (and probably worse) in terms of vulnerability. Off-site Internet voting creates unresolvable problems with authentication, leading to possible loss of voter privacy, vote-selling, and coersion. Furthermore, this form of voting does not provide equal access for convenient balloting by all citizens, especially the poor, those in rural areas not well served by Internet service providers, the elderly, and certain disabled populations. For these reasons, off-site Internet voting systems should not be used for any government election.
Ok, it seems she is grouping electronic systems with internet-based systems. On her site, she says she is opposed to both. I admit I would doubt security of an internet-based approach, but ALL electronic solutions? Todays cryptographic algorithms are very, very secure. Just ask all the distributed computing efforts designed to break them. Once again, compare a modern cryptographic algorithm with a punch card in a locked box. Which is more secure to you? Also, an election only lasts a couple months. Afterwards, votes don't really mean much. People aren't going to crank their supercomputers for 5 years to find out if Mr. Gogfroggls Jones voted for Bush in the next Presidential Election.
I worked for the company that initially developed the device used in Florida. Our company did the UI, for creating ballots, and the reporting system.
Ready to laugh? Target platform was a C++ CGI running on Windows 95 with Personal Web Server, using SQL Anywhere and Crystal Reports.
I wish I could write a full article about it, but it would make a lot of people angry.
And by the way: open code has NOTHING to do with making electronic voting. It's not a code issue. It's not a hardware issue, either. Retirees and people who can't master the 'Start' button run elections. Paper ballots fit their mindset. I know this. I travelled all over the country setting up the system. Most of the places didn't even have networks. And why should they? It was 1998 and they were still running Windows 3.1, or sometimes just DOS (Wordperfect was popular in several precincts).
You want successful electronic voting? Then don't let your grandmother run the voting machines.
ZOMG I WOULD LOVE TO KNOW ABOUT YOUR FEELINGS ON MACINTOSH VERSUS WINDOWS, VI VERSUS EMACS, AND HOW YOU'RE NOT A DORK
This comment gives a link to the classic Trusting trust on this subject.
first off... that's connecticut for all of you who don't know...
we use voting machines with different rows. you go in, pull a lever that closes teh curtain behind you, and then you flip little "mini-levers" to vote for people. for the single party voters who don't care, there's a lever that will cast a vote for the whole party for every office that someone's running for. you can change your vote as much as you want until you pull the lever again to open the curtain. once you do that, the "mini-levers" all go back and your votes are tallied. sure i think it's possible to tamper with the machines, but i honestly don't believe that there is any truly tamper-proof method unless it's made by god and god does all the tallying. wait... that's a religious comment... those aren't allowed in the united states anymore, even though the country was originally founded under god for religious freedom... but that's another debate.
anyways, i think the CT method is really good and i am surprised all the states don't use it. they even provide a little "sample" one at the voting places so if you have no idea how to use it, you just play around. they aren't new machines, they've been use for as long as i can remember.
please me, have no regrets.
You are fundamentally wrong about what open source assures you. It has nothing to do with the bugginess, or how many people are using it, or how well it is integrated.
Open source is about YOUR FREEDOM TO REVIEW THE CODE FOR YOURSELF. You don't need to sit here and write masturbatory posts hypothesizing what bugs might be there or not. Instead you can go look it over and see exactly what it's doing. In fact, I'd encourage you to do just that.
Your complaints about contributions are not valid as well. It's just like our democracy. Not everyone votes, but it's important that everyone have the opportunity to do so if they feel it is important.
Which counties would it make more sense for a Republican to sabotage an election? Liberal or conservative ones? And for a Democrat? See?
To protect privacy, each ballot is identified by a single-use, random identifier known only to the voter. That way each voter can personally verify from the public data that his or her own votes were correctly recorded.
All you do when you make something open source is change the set of people who know how the thing works. This set still doesn't include the people responsible for election security because they most likely are not programmers and even if they are, how are they going to verify thousands of lines of code? And then they need to verify the compiler as well. I think you'd need to execute the machine code by hand to understand exactly what the processor. Then you need someone to verify exactly what the CPU does, presumably with a logic analyzer, etc. When she says FULLY verified, she is talking about all these details.
Vote for Pedro
"It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything."(Josef Stalin)
At our school, we don't earn a degree when we graduate—we earn pi/180 radians
I would say that have two options.
Stick to paper. Maybe scan/count it electronicaly, but keep an audit trail that can't be modified electronicaly.
Democracy isn't about no one telling you what to do. It's about everyone telling you what to do.
Put Delaware back on the flag you unpatriotic moron!
As long as there is a bush in charge of the state of Florida... Can we say Gerry Mander... and that goes for the rest of America too...
*** I had a
Is that a Krondor reference???
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Hey you bastard! I am in this excruciatingly boring class and was looking for a good troll to lift my spirits. Thank you very much for this poor-quality excuse for no real message to post, bitzinatch!
/. and the mental states of people everywhere, post either something interesting to the topic or a rather entertaining nothing.
Please, for the sake of
I can forgive you this time, but I expect you to do better in the future. Make the annals of trolldom swell with pride, and stop with these stupid FPs!
with hoards of overseers, db admins, hardware and software developers....and in the end it is still slower, less reliable, and less trustworthy than simply marking your vote with a pen on a sheet of paper. Need verification? Put a thumbprint on it - more secure than SS number, not immediately attributable to a single person, but always verifiable if need be by simply running it through existing databases. That's a sure-fire KISS [keep it simple, stupid] strategy.
Stop the Slashdot Effect! Don't read the articles!
On the other hand, it is possible to make a system that is at least as tamper resistant as the current system. In fact, in an earlier posting on a similar topic, I suggested such a system. I haven't done a proper risks analysis, but standard Project Management process would call for one, whether in voting or making a video game.
This system does not allow for internet voting, but I don't really care about people who can't make it to the voting booth. If they have a good reason, they can find another way to vote, and if they're too lazy, they shouldn't vote anyways.
=Brian
There is nothing so good that someone, somewhere, will not hate it.
Yes this is off topic, but I have tried emailing about the flag Icon, but I get no respose., red,white, red,white,red.
/. is in can be difficult to find, but at least take the 10 seconds it would take to look up what it is suppose to look like, sheeesh.
the American Flag has 13 stripes.
red,white,red,white,red,white,red,white
I know Information about the flag the represents the very country in which
The Kruger Dunning explains most post on
"With all due respect, she is wrong in some respects: it is possible to create a fully-verified electronic system."
With all due respect, *she* is a professional researcher who has studied this problem at length. Furthermore, she has proven her expertise in her field by obtaining a doctorate and, more importantly, having her work approved by her peers and published.
*You* are a Slashdot editor. And deep down inside, you know that outside of the 14-year-old l33t h4xx0rz who frequent your site, you haven't earned an iota of respect from anyone. In fact, in this case, you've just managed to exposit the true depth of your ignorance for all to see.
It fits in with the general attitude though. "I'm a Slashdot editor, so I *must* be an expert on all matters software/hardware/computer/science/etc." And that is precisely why no one of any import regards this site with even the slightest bit of respect. Way to reinforce negative stereotypes Mike.
All I want to know is what is wrong with paper? What about the tried and true system of having slips of paper where people place a mark next to the candidate of their choice and then fold that paper in half and put it in a box. As long as you have a publicly accessible count at each polling place this system would be preferable. I think the error rate would be something like one vote in ten thousand if representatives of all interested parties where counting.
Mechanical and computerized voting systems however add so much confusion to non-technical voting population that often their votes are not recorded correctly. Yes this seems quite ridiculous to us Slashdoters, but many people (and the often senior citizen election judges) become like a dear in head lights when you tell them to press any sort of button. They are afraid of these things, you and I think this is ridiculous, but they are and that is a fact we need to live with.
I hold the sanctity of accurate elections expressing the will of the people over technological efficiency any day.
Show me to the paper!
If you're interested in real electronic voting (not just replacing the punch card with a keyboard in the voting booth) I suggest you start reading here.
Open source is not the solution. Good crypto is.
-jfedor
Since Germany isn't significantly less populated than the US (at least in terms of order of magnitude) I don't quite see why this isn't possible here. Perhaps this whole mess is merely a case of someone violating Donald Knuth's oh so true statement: "Premature optimization is the root of all evil." How about giving good old manual labor a chance?
It is not possible to "verify" the correct function of any program or hardware beyond the simplest of machines. Punch card ballots come closest to being "verifiable" than anything electronic used for voting. No electronic voting system could ever be proven to be 100% correct O.S. or not.
Though we live with unverified and unverifiable systems all the time, planes, cars, every PC ever made, they work well enough. But the bottom line is, less complexity means less unreliability. And for that, the punch cards win hands down over ANY electronic voting system.
Fix the damn buttterfly ballot books, but otherwise the punch card system has been working amazingly well for a long time. It is NOT broken, it does NOT need to be "fixed" with complex and unreliable technology.
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
Funny, I thought it was founded on freedom for Puritans.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
... just make it another /. poll.
Many of the criticisms of off-site electronic voting systems, while completely valid in general, are moot in Oregon. We have vote-by-mail here. Thus, most of the putative problems with electronic off-site voting are already here, but at least folks mis-mark ballots and the post office loses things.
I have always thought that putting a properly-written open-source voting package on a Knoppix CD and instructing voters to boot their PC off it would solve most of the problems. The advantages would be automatic tabulation of a large percentage of the vote, saving a bunch of p-mail, and clearer, easier-to-mark ballots. Those who couldn't make this solution work could always vote by mail as they do currently.
For state-run voting kiosks, this also seems a sensible solution. A printer could be added to the system to provide an audit trail.
What am I missing here? None of this seems hard, and the security risks seem less severe than those of the current non-electronic systems, which as we know suffer from frequent failures and occasional serious fraud. Is it just a question of insufficient experience with "new-fangled" systems? Or is there something deeper?
Ass-sucking democrat anti-american scumbag commie pos!
I was more afraid of the Florida Supreme Court rewriting the law...
Like or dislike Harris, according to the law she and only she could decide to certify the results. The Florida Supreme Court did not rule the law unconstitutional, but tried to change its meaning.
My daughter, who has lived in Iowa, tells me that there they use a hybrid system: a simple computer system walks the the user through candidate selection, but punches a card itself. There's still a physical record of the voter's choices, but without hanging chads or overvotes.
The hybrid system seems to be the best solution. The computer assists the voter, but it does not actually cast the ballot itself. To this lifelong resident of Cook County, Illinois, it sounds like a much better system than either hand-punched cards or a purely electronic system.
[this
Naturally it occured to me. If you read my comment carefully, I was NOT stating there was sabotage. I was only pointing that the fact those are liberal counties and the fact that Governor is a Republican is an argument for the sabotage theory, not against it as you implied.
Let me check my vote with a key via the net after the poles close.
Let me download all the votes and tally them for myself.
Response swiftly to any reported inconsistancies between a voters actual vote and recorded vote, if you get enough then something is fishy (see next line).
AND smack any voter falsely reporting an incosistancy with a large frozen pike, south florida exempt and ignored.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
I've lived in several places that used hand-counted paper ballots -- mostly small towns in Colorado and Nevada. Make your mark, drop the paper in the box, and come back in the evening or early morning to see the results tacked to the front door of the court house.
Given the huge unemployed population, the number of retirees in Florida (where circumstances have caused me to unhappily live these days), I can not understand why they won't use paper ballots and human labor.
But then again, we Americans do tend to worship technology; the media bombards us with images of the latest and greatest, as if not having a PDA or a new car is the lowest of lows. I ignore such drivel, but it does seem to influence the buying habits of most people.
All about me
Look what Google turned up... An Open Source (GNU) electronic voting initiative
Four fifths of all our troubles in this life would disappear if we would just sit down and keep still. -C. Coolidge
Let me describe the voting system Canada has: You register much as you do here. You show up at the polling place. They cross your name off the list and hand you a hard to forge ballot. You walk behind a little screen, put an X next to the person you want to vote for and stick it in a box. At the end of the day, representatives from each party and the media open the box and count the ballots. The results are delivered in a tree - local place reports to city, city probably to county, county to province. They add up all the results and they declare a winner.
Nothing about this fails to scale. In other words, a population 10x the size of Canada requires about 10x the number of volunteers which works out to be the same number of volunteers per capita.
This system seems so much more workable to me, there are so many fewer opportunities for breakdown.
- Is it Auditable? Yes, keep the ballots locked up and recount them.
- Is it anonymous? Yes, at least as much as touch screen voting.
- Is there any software / printers / touchscreens / whatever to fail? No.
Why do we need millions of dollars of development and plenty of technology to fail when a bunch of pieces of paper and some pens would do fine?Fully electronic systems do not provide any way that the voter can truly verify that the ballot cast corresponds to that being recorded, transmitted, or tabulated.
How can I verify this under the current system?
JET Program: see Japan, meet intere
Answer it.
Governor Bush did not deny "his help" as you so wonderfully state... in fact, he is spitting nails over this latest debacle.
I said that the guy who was in charge of fixing the voting process [democrat], denied Jeb's help [Republican].
And it's actually 32 million if we're splitting hairs
If I didn't see that asshole, Tom Daschle, today talking shit about how he's scared as fuck going into Iraq, I probably wouldn't even have started this thread.
Hi, I have a huge stick up my ass
No offense.
Live web cams
Actually, it seems like you're the one not clear on the issues.
The purpose of open source voting software is peer review, and more basically, adherence to the notion that elections should be conducted in a fair, public and well-understood fashion.
There's no reason to keep the election-booth code secret and every reason not to. Notice I didn't say that the voting booths should be powered by "free software" - a whole other fish altogether.
It's abundantly clear from the article that the vendor of the FL voting machines refused to allow meaningful inspection of their equipment and software, both to the ACM (who volunteered to audit the devices) and to parties in an election-related lawsuit (!). It's also obvious why: clearly, from the magnitude of problems experienced, had such inspection taken place, the vendor's, and the government purchaser's, rank incompetence would have been more rapidly exposed.
Want to Know How to Cheat the GPL? Read On!
In my voting place there were no problems with the voting.
Some points that I observed: the machines take 1 full hour to "warm up" as they were calling it here (boot). That seems like a long time, specially since in many places the people in charge were LATE at opening the doors, so the machines were not ready by 7am. Some acusations of boycot on this (about 50 poll workers were late by 1 full hour).
The code is propietary, cannot be audited, and the
voting machines DO NOT make a backup paper print of every vote.
In some polling places the workers unplugged the machines BEFORE they were shut down, so the data was LOCKED and it took almost a day for the company technitians to retrieve.
There was a severe thunderstorm in some areas that nocked off power and disrupted the voting... remember the machines take 1 hour to boot.
I am more worried about the lack of paper printouts as backup than about the organization problems. The later can be solved eventually, the former is not noticeable until you have a catastrophe of sorts...
Just some observations from down here for everybody to consider.
~~~Please pass the salt, I hate unsalted MD5s
In reality, we don't really need electronic voting. The system as it stands now (manual counting of votes) works just fine.
The problem is in who we allow to vote. The problems in Florida stemmed from an inability by some of the electorat to be able to properly read instructions.
From that, we can assume that either A: These people are very stupid, or B: These people are unwilling to take the time to make sure they are casting a proper ballot (double check your votes, ask an election offical if you need help, and so on.)
In either event, these people should not be extended the privlidge of taking part in our democratic process. I'm not saying that we should limit who gets to vote on intellegence, but I do say that somebody must have a basic level of compantancy.
If, on the other hand, we are going to make concessions for those unwilling to learn basic skills (like punch a hole NEXT to the arrow for the canidate you want), then we need to make concessions for everybody. I missed this last election because I was called out of town at the last minute for business. I had Internet access, and would have loved to vote online.
But somehow it's perfectly fair to jump through hoops to accomidate some retired person with pleanty of time and very little personal responsibility, but it's 'unfair' (as has been stated in some objections to online voting) to accomodate busy young people with jobs.
The Internet is generally stupid
First off, you've got your head too far down in the bits and bytes.
Yes. Paper ballots are the only effective way to hold an easily scrutinized election. Period. Michael, it is essentially impossible to verify that the voting machine hasn't been compromised, even with an open solution. An open solution is more scrutinizable, but still not sufficient as you cannot scrutinize the whole process without thousands of hours of time - and you will almost certainly find a flaw or problem that will call the results of an election into question.
But as for attributing your vote to you:
No no no.
Your vote must not be directly attributable to you. That is the point of the secret ballot. Otherwise, it wouldn't be SECRET. And If you can't figure out why you want it to be secret, have a look at Russian 'elections' circa 1950, and what they did to people who didn't vote for the communists.
What is it about the US system that demand an automated system? Computerized, punch cards, touch screens, OCR -- any of them -- why are they needed?
In Canada, we use a simple paper and pencil ballot, that you mark off, and deposit into a ballot box. At the end of the day, they open the box, and count ballots. Within an hour votes start coming in, and within a couple of hours enough have usually come in that the winner can be accurately predicted. By the end of the night, all are counted.
This is a secure, auditable, verifiable, robust system. During counting, each candidate has the right to have a representative verify the count. If there is a dispute about how a ballot is marked, it can be put aside for review by a judge. And in any event, you can always recount. You don't have to worry about hanging chads, or OCR, or layouts not matching up with the location of buttons.
Why doesn't this work in the States? It can't be the population difference -- since there are 10 times as many people, there should be 10 times as many volunteers to help count. It can't be security (or what ever) -- you can't tell me that an opaque machine is more secure than having both (or more) sides looking over my shoulder as I count.
I know this is heresy for the Slashdot crowd, but why go for costly, problem riddled, high-tech solutions when perfectly good, simple low-tech ones work as well, if not better?
elsilver.
IMHO the best way to make an all-electronic voting system would be to use some sort of smartcard system. If there were a smartcard available that could sign stuff transmitted to it with the user's private key, the voting machine would not be able to change the votes. (the card would have to have an lcd display to verify what you were signing). The machine would still be able to throw votes out, but this could be overcome by a paper list of who voted (much less obnoxious than a paper ballot) or a counter of people entering the voting booth, separate from the main system.
Such a smartcard would actually be useful for other purposes. It would function nicely as a credit card: you could sign the bill. Nobody could steal your cash without your actual card (or with, if it had a PIN). Nobody could change the charges afterward.
It would also be great for signing other things, like legal documents.
That said, such cards are a long way off, unless public-key crypo dramatically improves or smartcard hardware advances rapidly. A 6805 or the like just couldnt handle it.
I hereby place the above post in the public domain.
The one thing electronic voting will never be able to overcome is that there is always the possibility that ANY electronic system could be either cracked, hacked, or subverted by a corrupt programmer -- AND THERE WOULD BE NO WAY TO FIND OUT!!! .
... the paper stays the same.
With paper, or some other physical object, even if some hacker corrupts the computerized counting machine, you can always do a manual recount. Plus, if power goes out and the computer loses count
Sure, in 2000 Florida showed us that paper isn't perfect either -- but with electronic voting, there could be just as many foulups, but never a recount.
Why not just have someone make the system, but to verify if it is correct or not, have it give you a *HARD* copy printout of who you voted for immediatly after you finish. Then, there is a pin or something to that effect on the card which enables you to *ALSO* go online and verify your vote. This would probably solve a majority of the issues regarding security.
You could guarantee what they punch in if you had a camera save a picture of the items selected. It would be hard to convince people that the camera's not aimed at them though.
Another way might be to have it printed on a roll of paper for internal use only. The voter could see it through a window and verify if they voted correctly. Cash registers sometimes print on two rolls: one for the customer and one for the company to verify.
In the year 2000, Florida had some problems with their election returns (tho nothing as massive as the problems of the September, 2002, primary).
Statistical Information
In November, 2000, Union County had about 5000 voters distributed amongst 11 precincts, which meant that on average they had about 450 people per precinct. (This is similar to the large county where I live, except that we have far more precincts.)
By way of comparison, in September 2002, Dade County had 754 precincts; the number of voters and intended voters is uncertain, but it appears to have been fewer than 300000, or about 400 per precinct.
History in Union County
During the November, 2000, election, Union used a system where each voter got a piece of paper and a marker. The paper had lists of candidates together with empty check-boxes next to the names. Voters marked their preference and deposited the papers in ballot boxes.
When the polls closed, the workers opened the ballot boxes, sorted the papers according to the marking for the first race, and counted them. They then shuffled the papers back together, sorted them according to the markings for the second race, and counted them. This sorting and counting was done for each race.
In November, 2000, the people in Union were in bed by midnight. No one doubted the correctness of their results.
In September, 2002, Union County employed a system known as ``iVotronic'', details of which are unclear. Unfortunately, only about 2000 people voted in the Democrat primary.
In September, 2002, Union County had results by 21.00 (9 p.m.) the day after the election. Scale this to a general election (5000 as opposed to 2000 voters), and one can reasonably expect results by Friday afternoon.
It is not clear that electronic ballot counting is in fact beneficial.
Part of the September, 2002 delay in Union was due to the fact that the machine counted everyone as a Republican. It was necessary to count ballots by hand. Fortunately, the system did provide for a paper ballot which could be counted.
Insupportable Speculation
For Dade, Broward, and Palm Beach, a system of electronic voting which does not produce any paper has several advantages, not least of which is the speed with which a re-count can be done. The same incorrect totals from each machine may be read and re-added in minutes, and no time-consuming counting of ballots is required.
A properly programmed machine also offers better assurance about the outcome of the election. Dade in particular appreciates this, though there are other counties where voters have made mistakes. In Volusia, for instance, it was necessary in 1996 for the Sheriff to have his deputies correct absentee ballots where the voter had voted for the wrong candidate.
Much safer, if one wants to affect the out-come in a close race, is to specially program only a few of the machines. The chance of detection is minimal, because testing only selects a very small number of units. The candidate that arranges for the machine to correct 30% of the votes for his opponent, but only on 10% of the machines, and only after the machine has been running for 2 1/2 hours, will be very unlikely to get caught. He's also going to win an otherwise close race.
The system used in Union in 2000 does not admit of such automatic ballot correction: if a precinct had a certain number of voters, and the ballot box does not contain that number of papers, then you know that Something Happened.
Knowing that Something Happened is of course not, without more, sufficient. The Sheriff in 1996 received the benefit of the corrected absentee ballots, which were essential to the outcome. I might argue that the knowledge did make a difference: he saw the hand-writing on the wall, and did not run again in 2000.
Not knowing that Something Happened is of course essential to the security of those who must needs have election results adjusted.
Tilt at windmills. Occasionally one will fall over out of sheer surprise.
To have a "succesful" voting system, there are several important criteria to accomplish:
Satisfaction on all accounts is difficult, and not just for electronic systems. Most current systems fail considerably on at least one of the above requirements.
The sad thing about this boondoggle is that there is a relatively good solution that can be made into a great solution with a little effort, but people seem to be ignoring it:
1920s-style mechanical voting booths
These booths are designed to mechanically prevent incorrect voting (e.g. you can't flip the level for multiple people for an office, unless specifically allowed for that election), they hardly ever break (and if they do, it is readily apparent to the voter in virtually all cases that something is wrong), they leave a mechanically punched card with the voter's actual vote on it for later recound (none of those stupid hanging chads with a mechanical puncher), and they provide a quick summary of the running total of votes on the back via odometer-style readouts. The voting itself is clear, as the voting panels tend to be large with lots of space for names (and even pictures), and a small lever for voting immediatly overtop of the candidate (e.g. if you vote for a candidate, the lever covers the person's name/picture).
Voting booths aren't perfect - you still need a good voter registration system, and an automated vote-reporting mechanism to report votes back to a central location would be good, but the overall solution is far superior to anything I've seen proposed so far, except in one aspect: price. Nobody makes these machines anymore, and they are large mechanical items which would most likely cost $10k or so each. But they last forever (I mean, I voted on one at home in 1990 which was made in 1934). What's the life expectancy of some of the proposed electronic machines? 10 years, maybe?
There are good solutions out there. We just have to look for one, and not be trapped by assumptions about how it must look.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
So let's say a voter doesn't understand that s/he needs to get their printed ballot from the terminal, and they leave the booth. Meanwhile, another voter enters the booth. For the sake of security, there goes two disqualified votes.
Another scenario: A voter leaves the voting station without depositing their ballot into the box. S/He comes back in and says "I forgot to put my ballot in the box!" Sorry, your vote won't count in this election. Even if you have people standing there making sure the ballots get into the box, they're not going to catch everyone and there will still be those clueless few who don't get in their votes. Now, whether those people should be allowed to vote is up for debate, but that's a completely different discussion...
Anyway, you'd inevitably end up with discrepancies between the terminal counts and the ballot box counts. Those individual ballots that didn't get in will need to be disqualified, and depending on that number, the election could indeed be affected.
I still think the good ol' pen-and-paper checkbox (or bubble, or whatever) method is the most foolproof. We have to keep in mind that a large portion of Americans (including most of Florida's elderly population) are computer illiterate. For them, even the "simplest" electronic voting system just isn't gonna fly.
* * * * *Blue are the life-giving waters taken for granted, they quietly understand...
Why do we need millions of dollars of development and plenty of technology to fail when a bunch of pieces of paper and some pens would do fine?
You're right, we don't need electronic voting. Some people weren't happy with the outcome of the last presidential election, and saw an opportunity to change the result. The system actually worked just fine, until the Florida supremes tossed out existing law and procedure.
Bootable, hologrammed, serial-numbered CD-ROMs with individual private keys would do the trick.
Um, how exactly? (the most obvious question is why you need a hologram, or a CD rom for that matter)
Of course, since you didn't even provide a process to knock down, just some techno babble it would be impossible to tell you exactly why you're wrong.
autopr0n is like, down and stuff.
A pure electronic voting system is always going to have problems, since there's no 'physical' or unchangeable data storage. Entries in a database can always be changed.
What I would do, if I were in that situation, would be to have the system print out a receipt after you're finished voting. The voter would then be expected to look over the receipt to make sure its correct, and then put in a box. If they're not happy with the receipt, they could put it into a shredder and start over again.
The counting would be done via scanners, which would be separate from the machine.
Alternatively, you could just use paper 'fill in the bubble' ballots in the first place.
There's no reason to use computers simply because they're 'cool'. Bubblesheet ballots work well and have little error. Using a touch screen computer is a waste of money and causes more problems then it solves.
autopr0n is like, down and stuff.
Vote by mail.
It's simple, they have plenty of time to count it all, and if you don't trust them to count them right, then you really ought to move to a different jurisdiction.
"Piter, too, is dead."
Why not leave all the code for the voting system at a central (secure) location and use dumb terminals at the ballot boxes?
Then the problem is one of comms security and authentication etc.
Also how is an electronic system *really* any more or less fallable than a paper based system?
Some mystique and extra value seems to be placed on having a paper based physical ballot paper, when to my mind an electronic copy has almost all of the same properties, good and bad... I cant see an electronic voting system being any worse than the current US system.
J
Voting is an essential part of Communism. Go read a book.
You want successful electronic voting? Then don't let your grandmother run the voting machines.
Uh, I don't want electronic voting, thank you, but I'd love it if my grandmother ran elections.
She doesn't take any crap. If she doesn't know you personally, she'd damn well verify your identity and residence. If you turned in your secret ballot, and it had lots of holes punched in it, she'd throw it in the trash where it belongs, not hold it up to her forehead like the amazing Kreskin trying to divine the anonymous voter's "intent".
And she's too old to give a damn if you feel "offended" when she tries to make sure you weren't bussed in from another city or Mexico to vote.
Oh yeah, let my Grandma run elections ... please!
I think the biggest problem you'd have in adopting a digital voting system would be making it simple enough so that most people could understand it.
I'm assuming that most US citizens (myself included) would probably not be confident in, or willing to adopt, a system that they can't easily understand and trust.
A pencil-and-paper system is simple enough that anyone can get it - check the box, a human counts it, there's your vote. Even our wacky electoral college system is probably within most people's grasp. But once you start talking about public-key encryption or digital signature algorithms, only a tiny percentage of citizens are going be able to keep up. (and most of that tiny percentage will be white males - providing endless ammunition for politically correct fear-mongering =).
A digital voting system of the necessary sophistication would be beyond most people's understanding, and thus subject to claims of manipulation. (regardless of the system's actual resistance to fraud)
That project is licensed with the GPL, but is not endorsed by GNU.
GNU has its own project GNU.FREE.
GNU.FREE definitely looks more mature than that 'Samba', take a look at it.
Fh
Just go read the recent article on the review (I think it was 30 years later) of a security review or Multics. 30 Years ago they knew how current exploits would work. Security ain't where it needs to be to get a system where it needs to be.
Wouldn't we all love to see "Welcome to Microsoft Voting 2004. Press CTRL-ALT-DEL to reboot before loging on."
El Berto!
We in Brazil are proud to have one of the world's oldest, largest electronic voting systems.
-----
Score 3? For what? Being wrong, at length? - smirkleton
During the election fiasco of 2000, Bruce Schneier went into the security side of this in great detail. You need human verifiable voting slips, but it can be done, at least for the most part.
sigs are a waste of space
Yeah, I'm in favor of having unelected political hacks [katherineharrissucks.com] and the Supreme Court [salon.com] decide who our elected officials should be like last time. After all, voting only takes valuable time away from the important things in life [tvguide.com].
You're a moron. The people of Florida decided what their election law would be, via their elected representatives. And they decided it before the 2000 presidential election. It is the Florida Supreme Court that decided to throw out preexisting law and procedure, and make up their own, after the election, because they didn't like the outcome, and they saw an opportunity to change it.
Dr. Ed Gerck of Network Manifold Associates (NMA) has solved the problem, and been written up in a number of books and magazines. He's opened a new company called Safevote that solves most of these problems (and is addressing core problems with SSL, which can be hacked far easier than I thought); it's done by defining "trust", doing away with stored password lists and the like, and breaking up authentication into multiple roles, sort of like the three branches of government. Check it out at SafeVote.
---- David Phipps david@infiniteresource.net
While internet voting is a very difficult subject, electronic voting is eminently possible now.
Many of the points Dr. Mercury raises are far-fetched and ignore the corresponding possibilities for election-fraud with paper ballots, as is amply demonstrated by the many unfair elections in developing countries.
With a few dependable officials (e.g. from the UN) in key-positions, and use of standardized software, electronic voting (and even internet voting) can be made to be much more tamper-resistant than existing methods (with the same number of independent officials).
Of course, Mercury's research is still useful, but her negative attitude towards the subject really prevents her from finding any solutions.
Others with a more positive mindset will make progress, and create a comprehensive and low-cost software-infrastructure for fair UN-certified elections in fledgeling democracies.
You may wish to look at http://evacs.samba.org/ and http://www.elections.act.gov.au/EVACS.html#code
The EVACS system was developed by some Linux developers here in Canberra, and was used very successfully in the 2001 ACT elections. The full source code is available at the above link (the tarball on the act.gov.au site is the most recent, and is the actual code used in the election).
The EVACS system includes a 'booth' system, with bar codes used as voting tokens, and a graphical system for vote entry, using a small keypad.
The backend system includes a counting system that implemets the rather complex 'hare-clarke' counting system that is used in ACT elections.
Cheers, Tridge
Well, eleven months ago Douglas Jones submitted an article to the RISKS digest pointing to an longer online article that explained in detail how all the spoiled Gore votes arose . It turns out the debacle was completely predictable. It was due to a known artifact of those particular voting machines. One which had caused a scandalous shortfall in those same counties, in a Senate election in 1988.
Briefly, Jones disassembled an example of the votomatic machines in question. He found that there was a structural bar behind the slots through which the chads were to be poked. Jones's investigation proved that candidates whose holes were to be punched over those bars were practically guaranteed to jam. Whoever designed the ballots laid them out so Gore's chads were directly over that bar.
Slashdot editor Michael's comment on voting reliability and trustworthiness strikes me as naive. Don't worship the technologoical fix! Michael addresses providing an audit trail for the vote casting and tabulation software. This is not as important as providing an audit trail of the actual votes cast.
http://catless.ncl.ac.uk/Risks/22.24.html#subj1
"...can you imagine a BEOWULF CLUSTER of these? That'd be some serious power!"
The less people involved the less people to bribe. Computers do what they're told, quickly and repeatedly. If you have a glitch/hack, deliberate or otherwise, it will be repeated consistently. While you may have slight inaccuracies in manual counting, you can repeat the count with a different set of scrutineers. You can't beat a physical ticket to count. Just remember it's "for the people by the people".
Everyone is looking at what happens on election day but what really needs to be looked at is verifying the votes actually occured. After you vote you should get a receipt with a number on it. Then the names of people who voted could be posted to the internet on one page and on another page there could be a list of these random numbers with who their ballots voted for next to them. Then, everybody could go onto the site after they voted and make sure, their vote was tabulated correctly. Political parties could check the name list and make sure no one who wasn't supposed to vote, voted and everyone could see that there would be the same number of names and numbers with votes. If anything ever happened the people would have the receipt from their polling place and they could quite easily show it didn't match what their vote was recorded as and so they could easily verify votes.
Florida's Democratic voters are dumb as a post.
And that's why they should develop a machine that asks the user for their chosen candidate and engraves it into a wooden ball. The unique grain patterns on the ball prevents it from being replaced by a fraudulent ball. This makes the process foolproof, and will undoubtedly be used in other applications in the future.
Silly question, but why is it important that votes be anonymous?
Voting transparency is an accountability and auditing issue on two separate but equal fronts: the ballots-and-chads process that uses paper/electronic ballots and the voting system process that tallys votes. Any person who thinks you can integrate both ballots and voting electronically into one centralized package doesn't understand the perceived status quo of maintaining double-blind impartiality in voting systems by using decoupled or physically, operationally separate mechanisms. They're called software interlocks.
Voting communications must be relayed using transparent voting protocols and verifiable electronic code. In more technical words... if you're in charge of developing the ballots-and-chads process electronically it should be on alpha server run by alpha organization and if someone else is developing the voting system itself that should be on beta server run by beta organization. An independent auditor (neither alpha nor beta) would verify alpha and beta are neither operationally nor ownership-wise connected to each other. Each server should have separate IPs and backbone providers, unique UIDs/GIDs, redundancy and built-in oversight/auditing (like data writable to read-only media which cannot be tampered or modified).
What happened in Florida 2000 (2002 too, I think) was registered and willing voters were mistakenly identified as felons and barred from voting. In 2000 Florida had the "butterfly ballots" issue which was a physical layout/design issue concerning the ballots themselves.
In Florida people can watch the ballot go in the box but they don't always see it come out the same way if at all. Many people's ballots were "lost" in Florida 2000 and this was using the "old" system. May I remind readers in the Florida 2000 "election" the poorer, more Democratic and largely African American counties had old world ballot counting machines from the 60s and 70s while richer, more Republican and mostly Caucasian counties had modern laser-fed counting machines so there are definitely representation and discrimination issues to be resolved here.
-~qrst
The advantage to the pencil-and-paper system is that to my knowledge, nobody has developed paper that can cause a mark on its surface to be erased and another mark drawn while the paper is in the ballot box. People can watch the ballot go into the box, they can watch it come out, and be sure that nothing has occurred to change the vote thereupon. When the vote is nothing but electrons inside a machine, this is much more difficult.
Do I have to post the code right here? Have we forgotten basic 4th grade concepts of counting and tallying results?
In another comment in this thread I cite definitive proof that the hanging chad problem was due to a known, predictable artifact of the voting machines. So, was the problem merely "stupid people" as cscx suggests? Or were the inability of some Democratic political appointees exploited by the cunning of shrewder or better informed Republican political appointees?
When world-wide attention was focussed on the hanging chad problem the Republicans outcry rang false with me. Florida Republicans kept saying "But Democrats also sat on the committee that approved the ballots! Democrats also reviewed the voting machines! Democrats also signed off on the voting procedures!"
Frankly I don't trust any ballot method in use today. Why? Because they don't count the ballots at the polling place in full view of the public. You place a check mark on paper, pull a lever in box, punch a hole in a card, color a circle on a card or push a box on a touch screen. All the results are then hauled off unseen to be counted in secret. Why is it REQUIRED that we get results instantly? It is just a bullshit system designed from the ground up to be rigged at the drop of a wad of cash. I'll never trust a electronic voting machine any more then I do a mechanical one and I don't trust the ballots to be the same ones that left any voting place to be the same ones to arrive at the court house.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
Computer voting is already happening in Australia. It occurred for the first time on October 20, 2001 in the Australian Capital Territory. You can see a summary of what happened here, and see the technical description here.
n/t
A thought just came to mind. Why not use something like Novell, with distributed databasing where there are burst synchs between the servers. If ever a server is detected to have somehow .. changed its settings without any approval from one of the distributed master servers, it could be easily overwritten. Granted, this would be quite a large network, and synchronicity traffic would take forever, but it was one of those sudden thoughts.
Unlike usage of the average random piece of software, *everyone* votes, and many feel it to be personally important, so I suspect quite a few people may hack on this particular system.
Curtains for windows?
From& ncid=5 14&e=2&cid=514&u=/ap/20020913/ap_on_el_gu/florida_ governor:
http://story.news.yahoo.com/news?tmpl=story
"Florida was plunged into its latest political cliffhanger Tuesday when polling stations opened late and elections workers had myriad problems with the new touchscreen voting machines. Many voters were confused by new precinct boundaries.
In some places, ballots were chewed up by optical scanners and others were modified by hand. One Broward County precinct worker took ballots home after he couldn't reach elections officials.
Florida had enacted new laws and spent $32 million to reform its election system, eliminating paper chads altogether and hoping to avoid other problems that held up the 2000 presidential election for seven weeks.
Instead, hundreds of people complained they were turned away from the polls and many problems were reported in Miami-Dade and Broward counties, which were considered key by Reno's campaign. "
I really hate Dan Patrick.
where my friend had to register to vote. I tagged along and I saw this voting machine with a monochrome LCD screen (showing what position you are voting for, President, Governor, Senator etc) and on the right hand side of the machine was a keypad (telephone style) with three buttons underneith. Confirm, Cancel, Correct.
Brasil can announce results within 4 hours of closing. Nationwide. And the infrastructure is definately less developed than stateside. They are also running TV commercials, showing the people how to vote (and come prepared, like know who you want to vote for). On top, since voting is mandatory, voter turnout is in the high 90 percentile range.
The funniest thing though was a local politician who gave himself the nick name Nobody. His slogan is " Nobody deserves your vote, Vote for Nobody".
Now, while I don't know HOW Brasil does it, the sheer fact that a third world nation, comparable in size to the US can get a handle on that while the worlds most developed nation cannot, just blows ones mind. Think about it.
I have never liked computers for voting just for the what happens if the program or hard drive crashes ect. All votes are lost and no way to be sure of what you get back. ,stop using that machine and just use others you will have no problem. Also you could probably burn the thing and still get the vote.
I like the machines where I vote. They are the ones with the little switches and the big leaver you pull to open the curtain and reset the board. It's all old gears and clock work. The only problem is if something strips during the vote and then if you catch it immediately
I'm just saying 19th century machines may be better for voting than 21st.
Like I said yesterday, here's my solution:
1. Increase the size of the ballot to 8.5" x 11".
2. The ballot is inserted into what looks like a larger version of the Votematic machine.
3. When you mark off the ballot, instead of punching out holes in the ballot you mark off your selections with a small permanent ink stamp.
4. The ballot is turned into the voting station worker at the voting site, where the ballot is read electronically (but without telling the worker what selections were made) to make sure all the ink marks are in the right locations; this will detect the possibility of overvotes, undervotes and improper marking of the ballot.
5. Once the voter verifies that the selections are what they want, the ballot is turned in and the voter gets a receipt of voting at the voting site.
The advantage of a ink-marked ballot is that not only are they machine-readable, but they can be easily read by hand counts as a backup. It's not completely perfect but it's way better than the punch card ballot and electronic balloting, both of which can be tampered with.
What gives with the kneejerk reactions, guys? Someone suggests electronic voting, and everyone is keen to point out that flash cards can be reprogrammed, that we could have devices that arbitrarily modify the contents of memory, and any other niggling problems that might occur to you. Someone suggests that open source software would be a good way to go, and everyone jumps on that too. Sheesh.
The point of an electronic voting system is that it is better than the current system, not that it is perfect. You might be worried about whether someone has built the voting machines so they lie about the contents of their memory, but at least you won't have endless chat shows with "experts" pointing out the finer points of dangling pieces of paper.
And the point of an open source software is not that this somehow automagically produces better software, but that we at least know how it works. I suppose you would all rather have M$ providing the software, with all their usual assurances of (in)stability, (un)reliability, (in)security and little paper clips that dance at the bottom of the screen eating your processor.
Some of the responses here are like a man about to try jumping as a way of getting down a cliff refusing a rope because it might break.
Tom
Slashdot - News for Nerds, Stuff that Matters, in ISO-8859-1 Has just realised that beta makes this signature redundant
http://www.sun-sentinel.com/news/local/southflorid a/sfl-govrace091202.story?coll=sfla%2Dhome%2Dheadl ines
-~qrst
I voted in the Tuesday primary and amazingly enough, I managed to do so with a minimum of fuss. It surprises me that we didn't actually have many more problems. After many years of using punch card voting, the state has inflicted a new computer voting system on us. The majority of the poll workers are elderly people who tend not to be very comfortable with new technology. The Miami Herald reported today that most of the poll workers received minimal training and it consisted of watching a video. If you were going to implement such a system, wouldn't you try it out or test it in a wide scale first?
Dade and Broward counties, where most of the problems occurred, are also two of the most populated counties in Florida with the highest numbers of elderly and poor people. Imagine implementing a whole new voting system without doing a wide scale dry run. The kind of massive problems that we witnessed here where to be expected. What also wasn't addressed where the kind of organizational details like having enough poll workers of both political parties at each polling place. That meant that some polling places could not open. We still had the usual record keeping problems, registered voters not appearing in the voter rolls and poorly trained poll workers. What is inexcusable is that with a new system being tried out for the very first time they did not have enough techs available to handle the inevitable problems. They didn't even have a good way to communicate to all polling places to stay open an extra 2 hours. Never mind that many of the voting machines were not ready on time and were sent out to the polling places without the right programming. Then strangely enough, the voting machines would not boot properly. Why weren't the machines tested before sending the out on the field? We are not counting girl scout cookies here! What kind of moron would take brand new untested technology and put it out to be managed by poorly trained technophobes and expect less that a complete disaster?
Before you start giving the poll workers a hard time consider the fact that they had to be at the polling place by 6:00 AM and that they would have to stay till poll closing time. There is only one set of people working the polling sites. There is no second watch. You go home after the polls close. After the last person votes you get to break down the machines and collect the votes and so forth. So conservatively, if the polling window is not extended like it was, the earliest you'd get out would be 8:00 PM. Thats 14 hours minimum. Then you add an extra 2 hours and you have to stay around till 10:00 PM. All this and you only had lunch around noon sometime. By 11:00 PM some of these old folks must have been hypoglycemic!
The problem is not only with the closed, non-auditable, poorly explained, even worse implemented voting system. Its with the people who picked it and the people picked to organize its implementation. To begin with the Florida government has to be the biggest group of imbeciles you could ever hope to put together in one room (that includes our esteemed governor, Jeb Bush). Their main purpose in life seems to be making other "more progressive" states like Alabama, Arkansas and Mississippi look good in comparison. The only thing more screwed up than our voting systems is our child foster care system, which is also managed and organized by the same group of geniuses in Tallahassee.
My problem with a closed implementation of a voting system is that I have no way of knowing that the machine recorded my actual vote. I have no way of knowing that the machine simply didn't make up a vote or just make believe it never existed. I know no voting system can ever be completely tamper proof and fraud free. You may not need computers to tamper with an election but they make doing so much more efficient. Some of the polling places with the most problems where in poor black neighborhoods. At some of these only one vote out of thousands cast were recorded. All the other votes vanished into the ether.
All I want to know is how come Afghanistan, a 4th wold nation in complete ruins, managed to have an election and we cannot.
Alex
(note, I have only voted in Somerville, at least until next Tuesday...)
:)
Since the late 80's at least, we've been using machine-scanned paper ballots. Nearly impossible to screw up -- except for the machine that collects and scans the ballots. I remember one of my ballots being shredded on being put into the feeder. They gave me another ballot on the spot
This gives you the best of all possible worlds -- user-friendliness (even great-grandmothers know how to use a felt-tip) and machine speed. And a tangible thing for humans to recount...
> My comment can be quoted whenever, wherever, so long as you bloody well provide attribution! >
These are wonderful devices that I can't remember ever breaking down. I have voted in every election possible for me to vote in since I became 18 (a long time ago). They are simple to understand, and are also fun to use. Unfortunately, here in NY, some dumb schmuck might think that because they are old, they need to be replaced. They don't seem to understand that if something has such a proven record of doing it's job, don't replace it.
Vidar
Why bother with electronic voting? The silly old country that I'm from assumes only that a voter can use a crayon to mark an 'X' on a piece of paper and that an auditor can discriminate between an 'X' and nothing.
In Florida in particular, dangling pixels cause as much of a problem as dangling 'chads'. Perhaps the Universities in the US will introduce Depertments of "dangling chad" studies to add to the "department-of-any-insubstantial-studies" that they already have?
All you do when you make something open source is change the set of people who know how the thing works.
It doesn't merely change the set of people who know it, it increases the set of people from just the people who created the code, to the people who created the code PLUS any programmers in the world who have the willingness and ability to understand it. The more people know, the better. Even if you don't understand the code, the mere fact that it is published will be a great deterrent to fraud at the software level.
This set still doesn't include the people responsible for election security because they most likely are not programmers and even if they are, how are they going to verify thousands of lines of code? And then they need to verify the compiler as well. I think you'd need to execute the machine code by hand to understand exactly what the processor. Then you need someone to verify exactly what the CPU does, presumably with a logic analyzer, etc. When she says FULLY verified, she is talking about all these details.
We won't be able to personally verify the machines and software, but technical representatives can be appointed by each party to do the physical verification. Once the verification has been done, the machines must be turned off and locked down until election day.
---------
There is inferior bacteria on the interior of your posterior.
I recently took a class taught by a computer science professor who is also on the state of Iowa election machine panel. He brought the worlds of mark sense scanning, human factors and politcal realities together. He has a wonderful page of resources, historical cases and technical mumbojumbo and I offer it to you, the /. community: Douglas Jones's Electronic Voting Resources
Since I live in the area I'll make a brief comment. The problems that I heard and read about in Broward(Fort Lauderdale) & Dade(Miami) counties were largely the fault of insufficiently trained polling 'employees'. Despite training, these people would not give the machines enough time to post and boot. Then there were a few stations that 'employees' failed to show and new 'raw' recruits had to work. What a bloody stupid live test.
I, as well as most people who got to use a working machine, thought the machines were great. Almost very nearly child/idiot-proof. My only real objection was that they were multi-lingual. Damn immigrants should really be required to learn at least a 5th grade level of English (reading, writing, speaking, understanding) before being given a 'green card' or becoming a citizen. But maybe thats just my last vestige of bigotry...
What sort of madness is it in the United States were we claim that we always need automated machines, because counting by hand would be too expensive.
What sort of twisted idiot decides that the basics of democracy are "too expensive" to be worthwhile.
Just pay to do it right, and shut the fuck up.
Rocky J. Squirrel
As it turns out, open code and "thoroughly examined hardware" do not a secure system make. The problem is that the code has to get compiled, and it has to run on an operating system, and that has to run on a computer. Even if the code and hardware (if one can examine the microcode) appears to be entirely pristine, Ken Thompson explained in his classic 1984 essay "Reflections on Trusting Trust" (available online, do a Google search) that the compiler that compiled all of that code can be rigged such that malicious code can be concealed. For example: Since the dates of US National Elections are fixed to infinity (they are always the 1st Tuesday in November) and since many voting systems (as well as computer systems) rely on real-time clocks, it is certainly plausible to create a hardware trap that only goes off on election day. And that trap doesn't have to be in the voting system either, there's tallying devices, reporting software, and so on. It's a nightmare. The only sane solution is to rely on a voter-verified physical audit trail that can be READ BY HUMANS in case of the necessity for a recount. There's a lot of ways this can be performed (including one by David Chaum that allows the voter to verify that their ballot actually was entered into the final tallies), and true improvements in voting systems will only occur when this is recognized and the "trust us" mentality (including one that says we should trust the people who will supposedly verify all the open code) is abandoned. Please read the extensive writings on Rebecca's website www.notablesoftware.com/evote.html as well as Peter Neumann's for more information on the subject. And for those of you who are convinced, PLEASE encourage all communities who happened to purchase fully-electronic voting systems to have them retrofitted with printers BEFORE the November general election. Brazil is doing just that, right now, with 3% of the 400,000 voting machines they purchased back in 2000 (more may follow).
It would be very important that we post the votes to multiple servers. Not all of them government owned. Scattered across the country is a whole network of vote receiver servers. Each server receives each vote cast. If the feds, or your district, or whoever, turns up with a different count than received by the collective "independent network" of vote listener servers, you know you have fraud on your hands. There can be as many of these independent listeners as you like. Joe Smith could run one on his linux box at home. This way, no single office ever has the opportunity to toss ballots into San Francisco Bay (yea it happened a year back). The coast guard found them.
http://www.calvoter.org/news/ap112901.html
We've already seen the present system tampered. (florida, san francisco, etc, etc, etc?) All we can do is improve it. We need our voting system to be fully transparent...from the client to the server to the final tally.
No more soggy ballots!
One of the few things that Mexico has better than the USA is the voting system. It's very simmilar to the canadian system, but they add more steps:
-The name list also have the picture of the voter (sp?)
-Voter ID cards are punched, after receiving the ballot papers
-Since the ID cards to vote are provided in good faith, they mark one finger in your right hand to prevent the casting of multiple votes by the same citizen.
-the boxes are transparent, placed in an highly visible place.
-the vote count in each polling boot is displayed in place, after being reviewed and signed by all the volunteers and representatives of the pollitical parties. the boxes are sealed in a similar fashion and submited to the electoral autority
-All the irregularities reported by citizens or parties go to the ellectoral courts.
-Bad losers winne and cry Fraud!! -_-
Mexico: 100% conservative's America now!
Oh no!
If Slashdot readers and developers get a chance to implement a voting system, the next president of the U.S. will be Cowboy Neal.
Ensuring the Integrity of Electronic Voting
I watch Brit Hume on Fox News
As mentioned previously on /. there's open-source e-voting code available on-line.
To recap the message:
Zoe Brain - Rocket Scientist
Check out http://www.eucybervote.org/ -- several very good mathematicians are already working on this!
I think everyone can accept that the 2000 US Presidential election was a complete and utter fuckup (surely even the 'winners' will agree). The solution now seems to be to come up with more and more complicated, computersied ways to fix it. Why not just use paper and goddamn pencils? It's works fine here in Australia; a good 10 million people vote in each election, but the election is almost always decided by about 11pm on the night of the vote!
.
The AEC (the national body in charge of running Federal elections) has reported that there is only one case of enrolment fraud in every two hundred thousand voters
I think people sometimes need to think 'do we want this complicated electronic system because it will produce a fairer, quicker result or is it just cooler?'
Given the latest fiasco in Florida's continuing attempts to implement a decent voting system, I thought it would be appropriate to alert Slashdot readers to the work of Mr. Dave Barry. He's been studying voting systems for many years, and has developed some well-considered positions.
The main thing is accountability.
With a paper vote absolutely anyone who can count can check the vote. There is a very low barrier to checking the result. With an electronic vote only a person with excellent exectronics and software knowledge can check the vote. Even then they will never know if the board in the computer reflects the one they have the schematics for. It would only take corrupting the one person who builds the PC and handing them some hardware.
With a paper vote it is possible to have many guards to guard the vote and it would be necessary to bribe all of them and replace the slips. There is nothing wrong with a piece of paper an a pen, so why change things?
A few years ago I was member of a Dutch student team called wISCIT which had several projects related to smartcards. One of the projects (not mine) goals was to setup a electronic online voting system, identification through smartcards. They had a succesful test with 13.000 students at Delft University of Technology
Most of the technical papers are unfortunately in Dutch, but this publication is a good read about the theory behind the system.
Greets,
Vincent Ludden
Repeat after me: We are all individuals
The American electoral system seems to me to be obsessed with mechanical and/or electronic voting systems.
Here in Australia, we use good ol' pencil and paper. It leaves a difficult-to-forge audit trail.
You go into a polling station, and there are a row of electoral staff behind tables. You go up to one, give them your name, and they cross you off a paper printout of the electoral roll. (Later, they will collate these crossings out to check for people who voted twice, or zero times. Voting is compulsory in state and federal elections. The paper roll is only printed out for your seat, but if you find yourself outside your seat , there is procedure to cover this.)
The elctoral staff give you two ballot papers, one for each house (plus a ballot for a referendum, if there is one). You walk to the voting booths, which are made of cardboard so that at the end of the day they can be folded and stowed for next year.
On the lower house ballot, you number all the boxes (we use a preferential voting scheme). The upper house ballot is more complicated, because we use a somewhat zany (but still quite nice) proportional system of electing people. But it's still philosophically straightforward for the voter to fill in.
Although all the ballots are paper, counting is quite fast -- lower house approximate results are available that night, and any close race results are usually available the following day. The upper house results usually take a bit longer, due to the way in which parts of votes get redistributed, which is a complete pig to do by hand. Despite this delay, doing everything on paper is totally worth it, because it makes the electoral system simple enough for any voter to understand, and makes the methods by which fraud might be perpetrated equally obvious. (Other posters have mentioned Ken Thompson's Reflections on trusting trust.)
Another poster mentioned Arrow's Impossibility Theorem. Of all the possible voting schemes, I like preferential best; because the voter's best strategy is always to vote for the candidates he wants, in the order he wants them. This is in contrast to the American first-past-the-post scheme, in which voters must decide whether to vote for the candidate they truly want, and "throw their vote away".
home voting is a no no!
How could you be sure that nobody
receive "presure" to vote for a certain
candidate ?
A secure place to vote is absolutly needed.
Did you forget your history ?
It is way too easy to force people to vote
with some "presure" (weapon, menace, etc..)
If they vote in a place where it is controlled
then "bad" people cannot force other to vote
for "their guy".
NASA spends millions developing a pen which works in zero gravity.
Other astronaughts use pencils.
The Risks archive liked above appears to be slashdotted, This alternative archive Should be better, and as it is on a UK university site, it should have suficent bandwith.
I hope this is usefull
Electronic voting booths are a hi-tech solution to a lo-tech problem.
Since general elections is government's way to ask confidence of the the people, you have to keep the system simple enough that everyone can (in principle) determine if it is trustworthy.
That means a lo-tech solution, with tangible ballots that are clear enough that no interpretation is needed.
Sweden has general elections on Sunday. The polling stations close at eight o'clock. Three hours later six million votes will have been counted. In three days, the votes have been recounted and any modifications of the orders of the lists (Sweden has list elections) have been counted.
It is manual. It is all paper ballots. The counting is public. Very few votes are unintentionally invalid (though there are always blank or phony protest votes).
In view of this it is very difficult to understand the need of electronic voting machines. You don't mend the foundation of a house by building the house higher.
There are a couple of differences of importance between Sweden and the US when it comes to voting:
1/ In Sweden different parties have different ballots. In Florida all candidates for the same office are on the same ballot, requiring you to make marks, which is (obviously) much more error prone and open to interpretation.
2/ In Sweden all ballots are in identical format nation-wide. No need for local experts to try to figure which way is the best to layout the ballot. Also much is easier to teach people how the ballot works. It also makes counting faster and more accurate.
3/ In Sweden, if, for some reason, error or fraud (significant enough to have an effect on the result) should be discovered, a reelection may be called in one or more circles.
Since Sweden has list elections, putting all parties on the same ballot simply is not feasible. It also means that there is no technical requirement for a party to pre-register to take part in the election. You can take a blank ballot and write your very own party name on it, and it will be counted.
There are a couple of complications to the Swedish system:
You can modify the order of the list by marking a candidate of a list, promoting him or her to the top (sort of). Counting the crosses take extra time, however it only modifies the order of a list, so it doesn't affect the forming of majorities in assemblies.
You can vote out of your district at post offices across the country up to and including election day. The votes cast in a post office on election day may not be counted until three days after election.
Anyway, I would recommend US politicians a trip to Sweden for the weekend (unfortunately, fall is finally coming, expect 10-15 degrees and showers). It might give some ideas how to implement a simple, cheap and trustworthy election system.
Mabye I'm just dumb but I can't work out what problems electronic or mechanical voting solves. In Australia we have a more complicated voting system (preferential and in some states optional preferential) and use paper ballots. We still manage to count most of the primary vote the night of the election.
Having been a scrutineer on such elections, I don't see how they would be any easier to defraud than electronic or mechanical systems. The ballot boxes are watched like hawks by the scrutineers and the scrutineers are present while the votes are counted, keeping a sharp eye out for fraud.
So what do these mechanical or electronic systems actually achieve that is different? Obviously the electronic systems would give a result as soon as polling closes, but is that really worth the expense and risk of implementing an entirely separate system that only gets used once every few years?
Name me one county in Florida that does not have a lotto machine. Any idiot can fill in a scan-tron card and pick numbers. Why not adapt the technology, and easy distribution system ("I'll take a pack of Camels, a Slim Jim, and cast my vote.") and you've got the problem solved. No voting only in your district, just your state. Proper ID, simple form, and send it all back to Tallahassee (who are still using the paper ballots, by the way).
You also have to look out for defective hardware.
In Florida two years ago there was an optical scanning machine with a bad (loose?) memory card. The election officials caught it only because it returned high results for unpopular candidates.
I believe ECC memory if operating correctly will catch & correct single bit errors (such as are caused by cosmic rays, etc.), but if the hardware itself is defective or has a poor connection, you need a good rigorous testing procedure if you want to catch it.
Printing out records of what vote was made sounds like a good idea, especially if the voters really verify that the printed record is correct.
imagine a beowulf cluster of Lenin clones.
I think tto, the pure eletronic are too much insecure, more risk then manual, because theres na audit system. The solution is printing a paper where you confirm your vote and have also barcodes to be quick to audit. Ok, in worst doubt condition, you can check by hands.
Just have a look at some cryptographic voting scheme
..."
www.win.tue.nl/~berry/papers/euro96.pdf
"... for multi-authority secret ballot elections that guarantee privacy, robustness, and universal verifiability.
I'm curious to know; what went into the decision for allowing political parties to see the source code, but not the voters? There's enough conspiracy-theory/don't-trust-the-government sentiment that the last thing we'd need is another thing that the government can know but we cannot.
Otherwise, I think this sounds like a great solution, to blend electronic efficiency with hard-copy trust. Any efforts to market this system to other countries?
$8.95/mo web hosting
Why not combine the best of both worlds: The user selects who they want from a PC based interface, and a computer prints out their choice on a small card which the user submits. You'd have the consistency of a computer in the printouts, built-in error checking (prevent the user from over-voting, warn about under-voting), and a physical record (the printout).
BTW, I work in a company (a very big company that you would undoubtedly know) that has a contract to make electronic voting stations. A few were demonstrated down the hall last week. They are VERY easy to use.
I think there's too much emphesis on preventing fraud, as if voting fraud is somehow a new phenomenon unique to electronic voting. While security is naturally important, I think it's equally vital to have a reliable, easy-to-audit and hard-to-break system.
Well, I agree on the paper ballot, but I disagree on the issue of security.
Consider by analogy the idea of on line banking. Bank theft, of the stick up variety, has been with us as long as there has been banks. Does this mean we don't pay any special new attention to security when we allow on-line banking? Of course not. The set of threats is new. A robber no longer has to risk his body, or even going to jail if he initiates his attack outside the jurisdiction of the local law enforcement. He may be able to cover his tracks so his theft is not detected for a long time.
There are three aspects or phases to security: prevention, detection and response. I think it is correct to say that it is possible and common to worry too much about the prevention phase. This is because at some point you will be foiled by your inability to imagine every attack an infinite number of hostile monkeys will come up with.
While a modicum of prevention is necessary, the cornerstone of real world security is detection. If you are a computer sys admin, you understand that looking at logs and modification times of key system components is important. If you are concerned with preventing financial fraud, while you may structure things to make it hard to accomplish without collusion, your most important tool is regular auditing. If you are voter, you need to be able to see that your vote was recorded properly.
I would go so far as to say that any voting system that doesn't provide the voter with an immutable physical ballot which he can inspect with his own senses is intrinsically unauditable. Even the providing voters with a cryptographic key as michael suggests doesn't do the trick; once the key has been provided to the machine, the machine can sign any kind of vote it wishes. Unless we give up the idea of a secret ballot (something I personally think that is not such a bad idea), we have no audit trail.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Damn some people are dumb.
A poorly engineered system is a poorly engineered system regardless of whether it is open or closed source.
Please oh please stop touting open source as the silver bullet to cure all. No amount of open sourcing can replace good solid software engineering.
How many people have to have access to the source before it is open source? You? Get a life moron.
I still think you all ought to take a look at the voting machines here in Marion County, IN. They're decades old but still work well, and should be noted as good examples in books on human-interface design. No half-votes, double votes, or hanging-chads possible.
No offense taken.
One key point that is missing with fully electronic systems is recountability. If the system malfunctions and produces an erroneous count, what are you going to do, ask it again? There must be a recountable physical token (i.e. printed "receipt" of the vote) that can be used in a recount if need be. Existing commercial systems (hardware and software) are simply not dependable enough to be used for something as essential as voting
Trying to secure an individual workstation is pointless and impossible. Trying to validate that the data stored in one place is correct is also pointless. You cannot secure one instance of the data. You can, however, secure and verify a distributed, replicated store of information.
The essential steps are:
1. Separate the validation of identity from identity codes. An agency can validate who you are...a private key is used to encode your identity into the voting system.
2. Use one part of a distributed system to enter a valid vote. The vote is replicated to all interested observing parties.
3. Use another part of a distributed system to verify that vote. Verification can be done against any observation point.
4. Continuously allow any group that wishes it to verify the contents of their replicated result set against any other set. Any discrepancies trigger analysis to determine the source of the fault.
Real-Time election results could (should?) be considered a flaw. Knowing how the vote is going can influence the way people vote; especially in cases where they choose not to vote, or rush to the poles to shore up their candidate.
So yes, I support the paper ballots with permanent markers. No one should know what is in the box until all of the votes are in the boxes. It will hurt the television coverage, but TV ratings shouldn't run the government.
The true advantages are (maybe) easier instant run-offs, multilinguality, disability and illiteracy issues, and the potential for turning out more voters by allowing voting from more convenient places (No designated voting places).
Of course allowing you to vote on Florida races while living in Texas might be an interesting issue to avoid.
This is not a political statement. This is not legal advice. It's a frick'n Slasdot post. However: I'm Running For
From what I have heard/read most of the problems seemed to be of the following nature:
1. Poll workers who didn't open polls on time, or who ignored the order from Gov. Bush to keep the polls open later. Janet Reno apparently was waiting until someone arrived to open the polling location. These are discipline issues, and should be dealt with accordinginly.
2. Poll workers who couldn't operate the power switch (!). My children at 4 and 7 can use the remote control, power switches, even turn on their Video Games and hit the correct Input number for it on the Remote. It's both frightening and scary that these *ADULTS* had problems of this nature.
3. Poll workers who were unable/unwilling to instruct user on how to use the new system. Sad, but true.
4. Voters who didn't understand the Touch Screen. I can't say much about this because I didn't see any representations of the 'screen'. One would think they would be like the touch screens I've seen at a local convienence store for ordering food. This has a picture of the food with a large button-looking picture underneath and the item name in the button.
Also, AFAIK, the problems only appear to be in the three counties noted the last time: Broward, Miami-Dade, and Palm Beach counties. This seems to say a lot, doesn't it??
No matter where you go, there you are.
If you disagree with an assertion made in an article, post it as a comment like the rest of us do.
I'm sick of the habit of some Slashdot editors, most egregiously yourself, Michael, to use their role as editors as a proselytizing pulpit. Your job is to focus our attention on the articles, not to draw attention away from them and onto yourself.
I mod you down -1, Offtopic.
Like when Bush and pals purposefully used technological miscalculations to remove thousands of Democratic Florida voters from the voting pool. That's what I call corruption on a DB admin level.
Zodiac Survey
A moderator actually identified sarchasm! Reminds me of the days of the *real moderators*....
Keep the polling places and personel. These are used for the voter identity check.
The voting booths are computers (a special purpose embedded system computer, not a PC) which are not connected to a network and the only input they accept is from the ballot marking user interface itself (no floppy drives, network cards, etc). This will limit crackers at the polls.
A voter shows up to the polls and gets a ballot with a random ballot number and takes it to polling computer. The polling place personel mark down that the voter has been given a ballot and other polling places should not give this voter a ballot. The list of random numbers should be from 1 to the number of registered voters for the election.
The voter may make selections until happy and then finalize the ballot. The computerized poll scruitinzes the ballot for errors and will not finalize unless the ballot is error free. All ballots shall be unit tested for all combinatorical possiblities.
Once the ballot is finalized, it gets encrypted PGP style with both keys given to the voter. The voter deposits, via sneakernet, the vote and one of the keys at the polling place resident ballot box and takes the voter reciept with its randomized ballot number and the other key home.
At the close of all the polls in the election, the poll personel will forward all ballots and their keys to the counting personel.
The counting personel use the keys to decrypt the ballots, count the votes and announce the results.
All votes are posted electonicly in encrypted form. A voter can identify his or her ballot by the random ballot number and using his key, decrypt and verify that the vote was counted correctly.
This process speeds ballot counting, limits human mistakes in voting and counting, prevents early returns from spoiling the rest of the vote, preserves the secret vote and allows the user to check his or her ballot to make sure it was counted accurately.
The problems I see with it are:
A) This doesn't prevent voter identity fraud, but it isn't any worse than the system we already have.
B) Chicago Style voting, i.e. vote early/vote often, is still possible, but once again it isn't any worse than what we have now.
C) There is the possiblity of crackers getting control of the counting machine and spoofing the ballots, showing the counting routine one set of votes while showing the voter his or her actual vote. but the encryption on each vote should make that very difficult.
D) Conspiracy by polling personel to stuff the ballot box with ballots for voters that didn't show up and vote will still be a problem.
Of course all the software will be Open Source so everyone can check for bugs.
Questions or Suggestions?
Ronald Rivest, creator of MD5 and RC5, wrote an excellent paper on this topic. It is available here.