Slashdot Mirror

← Back to Stories (view on slashdot.org)

Electronic Voting's Fundamental Flaws

Posted by ryuzaki0 on from the florida-is-exhibit-a dept.

phil reed writes "Given the latest fiasco in Florida's continuing attempts to implement a decent voting system, I thought it would be appropriate to alert Slashdot readers to the work of Dr. Rebecca Mercuri. She's been studying voting systems for many years, and has developed well-considered positions on what makes a good electronic voting system (and what makes a bad one). Her comments on the Florida 2002 election can be found in the current Risks Digest. And, if you think that creating a computer-based voting system is easy, she provides a suggested list of questions that should be answered by any developer." Mercuri's statement in Risks is well worth reading. With all due respect, she is wrong in some respects: it is possible to create a fully-verified electronic system. Start with completely open code and thoroughly examined hardware, create an audited system for installing the code on the hardware, and make it tamper-evident so that you know the same code is still there when the machine reaches the voting booths. Bootable, hologrammed, serial-numbered CD-ROMs with individual private keys would do the trick. Mercuri is thinking in terms of vendors selling proprietary "solutions", where she's absolutely right: there's no way to verify that what people punch in is what is actually recorded.

7 of 345 comments (clear)

  1. Re:Humans involved by plierhead · · Score: 3, Interesting

    Yeah, and the question remains - WHY even open ourselves up to this kind of risk ?

    Simple analysis shows that the morons who run these shows can even screw up simple paper-based systems that have been around for eons. And we expect to wave the "magic of open source" over them and have them turn into gurus who can build an unprecedentedly secure and massive electronic system that supports arguably the most important single process in the country ??

    Maybe if:

    • we voted every few days on some micro-issues like what the tax on gas should be for the coming month
    • it genuinely mattered that the results take longer than a few seconds after the booths close to come in
    • the current system was chronically broken
    ...then there would be some reasons to try and fix the process with compooter magic. Otherwise lets leave things be.
    --

    [x] auto-moderate all posts by this user as insightful

  2. My Brazilian experience by mangu · · Score: 5, Interesting
    I was in charge of a voting section in Brazil in 1998, when electronic voting was used in the whole country. I think security is an important matter, and source code for the whole system should be available to all parties. Auditing is a major concern in a totally electronic system. When I was in charge of that ballot, it recorded votes in a flash card, but I suppose that could be tampered, since the system was closed source (the OS was based on MS-DOS, although the application source code was available to political parties).


    As an improvement to that, in this year elections in Brazil a new system will be tried where the ballot prints the vote on a paper which will be shown to the voter through a transparent window, but will not be otherwise accessible before it's cut loose and drops into a sealed canvas bag. Votes will be counted electronically as before, but the canvas bag will provide a way of auditing the whole ballot, if needed.

  3. Re:With All due respect... by xinit · · Score: 3, Interesting
    It's not the contributions that matter.
    It's the auditing that matters.

    There are enough conspiracy theorists and paranoids among the coders out there that they would audit every line of code without necessarily contributing any code. That is where an open solution works - people know that the code is good because nobody's got valid paranoid rants about it.

    --
    --- http://foo.ca
  4. How quickly slashdot forgets. by oh · · Score: 3, Interesting
    This recent slashdot story links to this article about Ken Thompsons compiler hack. How quickly we forget.

    I would say that have two options.

    • You yourself have disassembled and audited the entire system, including CPU microcode.

    • You yourself have personaly programed, using only hardware (no software) that you yourself have audited, the entire system, including CPU microcode.


    Stick to paper. Maybe scan/count it electronicaly, but keep an audit trail that can't be modified electronicaly.
    --
    Democracy isn't about no one telling you what to do. It's about everyone telling you what to do.
  5. Re:Humans involved by Otter · · Score: 3, Interesting
    More importantly, there are far simpler ways to rig elections than any technical intervention: allowing individuals to vote more than once, allowing ineligible registrants to vote, the Cynthia McKinney approach of misleading phone calls to Republicans suggesting they couldn't vote in the Democratic primaries in Georgia,....

    All this hair-splitting about security comes from a simple-minded attitude that a) open-source is a magic wand that detects all software and hardware defects and b) constantly invoking a) covers the entirety of concerns about computing choices.

    One might ask -- wouldn't it be a good idea to wait a few days until it's clear what went wrong in Florida before analyzing the situation? Not at all, because it's easier to pretend it's just another IE security hole and announce that "the community" could fix everything, if only given the chance.

    --
    What I'm listening to now on Pandora...
  6. Re:Security not *that* important by Zathrus · · Score: 3, Interesting

    too much emphesis on preventing fraud, as if voting fraud is somehow a new phenomenon unique to electronic voting

    Of course it isn't, but the idea is that it might actually be viable to prevent fraud with electronic voting... although I suspect that, as geeks, we can't poke as many holes in an electronic system as you can in a paper system.

    With proper security, however, the bar gets raised a lot higher.

    I think the best system is still a card system

    Well, perhaps... except that even with arrow systems you wind up with cards that are invalid because someone mismarked them, didn't mark hard enough, the graphite wears off with enough recounts, etc. And even with these systems the recounts never produce the same numbers, and they take a considerable amount of time.

    Electronic systems have the potential of eliminating all of these issues (note trolls - I said potential, not absolute). The system will prevent you from entering a ballot that is invalid. You won't accidentilly vote for two different candidates in the same race - just not possible. And barring fraud (see above), the vote won't be questionable, it won't decay with recounts, and the recount will be nearly instantaneous (depending on how long system verification takes) and will add up the same every time (if it doesn't, you're in the land of fraud again).

    Eventually we might be able to do online voting, which would be pretty nice if done properly (big if). Sure as hell won't get that with a paper ballot. Of course, 80% of the reason to go to Internet voting could be solved just by getting into the 20th Century (yes, 20th) and allowing voting for more than 12 hours on a single workday. Come on -- week long voting shouldn't be an issue. If it's a cost problem, then a Saturday would still be better than Tuesday.

    That said, you're very right about Murphy's Law and KISS.

  7. Re:Bush and Gore by Brendan+Byrd · · Score: 3, Interesting

    Like when Bush and pals purposefully used technological miscalculations to remove thousands of Democratic Florida voters from the voting pool. That's what I call corruption on a DB admin level.

    --
    Zodiac Survey