Slashdot Mirror
Interview with Voting Machine Company Reps
laupsavid writes "Here's an interesting interview with government and industry reps on the Black_Box_Voting site. I think it's funny (yet terrifying), almost like an extended Shark-Tank Unclear on the Concept item. They interview Paul Miller, Registration and Systems Manager of the Office of the Secretary of State. Black Box Voting is dedicated to informing people of reasons to reject electronic voting systems. I believe Bev Harris runs the site, and she claims to be an expert on accounting fraud. Also, see this area of the a site called Ecotalk for a list of instances of purported fraud by electronic voting."
Let me see here, they reject electronic voting due to fraud.. so what do they support, the fraud free special hanging chads when using paper ballots (in Florida)?
It's not like many of us vote anyway..
and hate it at the same time.
This interview (while somewhat hostile), does illustrate why I hate it - we have voting system companies that refuse to make their systems open that are, in turn, monitored by officials that do not understand how the systems can be tampered with.
I think our elected officials just aren't ready to handle technology, unfortunately.
Oh, any voting system that doesn't provide a hard-copy output of how I voted to be used as a check is a voting system I don't trust - a pure touch-screen system should provide a printout that I can confirm, and hand in, where it will be filed much the way traditional ballots are file. The actual counting can be purely electronic for all I care, until a recount is requested, in which case the paper ballots should be used - any tampering significant enough to alter the election should be trivially detectable using this system.
A technological solution to a problem is accused of shortcomings under the assumption that the manual solution to the problem does not have the same shortcomings.
In my opinion, anybody that presents an argument that electronic voting is particularly subject to fraud must factor in the amount of fraud that already goes on in non-electronic elections.
One of my favorite stories occured in a western state, I believe New Mexico. The local election official was suppose to set up the "tailor" files for the electronic vote counting system. Afterward, he was suppose to run a variety of test cases to make sure it all worked right. So on election night, their counting the ballots and someone noticed that the totals don't add up right. As I recall, a large group of ballots were being ignored. In a panic, they ID the problem and call the equipment vendor asking how to make the necessary changes. The vendor begs them not to change a thing and call a judge, pointing out that any changes made on election night will probably led to a election fraud trial. They call in a judge, who brings in reps from the handful of political parties. It takes days to fix the problem.
It doesn't matter wether the votes are tallied electronically, manually or telepathically; if we have no [realistic] way to make the vote counters accountable, then it's all for nothing.
In other words, the problem isn't the mechanism, it's the implementers.
Comment removed based on user account deletion
In all seriousness though, with some hard-wirded electronics (rather than software), it should be pretty easy to construct a virtually fraud-proof voting machine that resembles the old-style ones but isn't as expensive to manufacture or maintain.
I voted in the last election for governor in Florida with the new voting machines.
As they stand right now, they give me the creeps: They do not give you a print-out for backup. And there is no way to look at the code by an independent auditor because the republican Kath "Cruella" Harris declared the code a propietary secret. Only the vendor has the right to audit their own code and certify it as bug free.
An open system should print a ballot that goes into a ballot box as a back-up and it should be open for any independent party to review. If not how do we know there is no fraud involved?
~~~Please pass the salt, I hate unsalted MD5s
Without a hardcopy of each vote as it is cast, a recount is nearly useless.
I propose that each voting station be issued a single unperforated paper roll of ballots, with the voting booths in a line. Each vote would be punched and signed on the same roll.
Instead of having a pile of cards that could be selectively lost or stuffed, the individual rolls would be easier to keep track of. Plus, hand recounts would be far easier.
This could be abused too, but I'm not offering perfection, just perhaps an improvement.
The more out-of-sight and automated a system is, the better is has to be. Just to break even.
If anything is hidden, there is at least the perception that evil-doers *can* do things they shouldn't.
While I don't necessarily trust either the Democrat or the Republican election officials, I do feel fairly safe trusting that both are in no mood to let the other side get away with much of anything.
I don't have any answers, but unless anyone can at most anytime publicly ask any election official just what they are doing and expect an explanation, there will be at least a suspicion that there's "funny business" going on.
Many ways to abuse this system. If your interested in voting fraud, a story can be found on the bbc website about implementing online voting in the UK.
There was also a discussion about election reform and voting voting fraud last summer and can be found on the cato site.
Or you can watch the even in Real video
-this comment would be modded up if I posted it earlier =)
Most European countries have voting machines. Our system (in the Netherlands) is electronic, but there is a printer inside the machine for backup.
The purpose of a democratic election is not to determine a winner. Every conflict, democratic or not, peaceful or not, ends up generating winners. No, the purpose of an election is to make everyone agree who lost, and to generate (through a future election) a preplanned battlefield for a future engagement.
Only through this process can the costs of conflict -- which are often substantial, sometimes far greater than the value of what's being fought over -- itself be minimized.
Some engineers with no knowledge of politics imagine voting is a counting problem. Given hundreds, thousands, maybe hundreds of thousands of individual polling sites, how can the numbers be collated and reported accurately? How can the top scoring candidate be identified and informed of his or her success? In short: Who won?
They miss the point entirely: The problem is never the winner. The winner is not the one to doubt or challenge the system. The winner is always happy to win -- it's never the party in the lead that calls for a recount. No. The problem is with those to whom power has been denied. They are the ones that the entire system exists for; they are the ones who the process is designed to satisfy. We hold out a carrot -- you will have your chance again in some time -- and ultimately, a stick: You failed to convince enough people that your cause was worthy, that your message was true. We brought your message to the people, and they turned away.
That doesn't say "You won." That proves "You lost." This is why it is so critical to have a genuine paper trail for voting systems: Any idiot can tell you who won, but once the facts disappear -- once the finger rises from the touch screen -- there is no mark, no evidence, no proof at all. That doesn't mean the election won't have an outcome: Courts can quite easily, by fiat, declare that the voting system may not be challenged. By fiat, then, they decide who won.
Fiat -- legalese for "Because I said so" -- does not a proof make. Fiat declares a winner; it cannot prove a loser. Thus it fails, utterly and completely, to serve the purpose of the election system itself. Open and unambiguous access to the voting architecture is critical if we are to provide an election system that defies the sour grapes of a failed candidate. Anything less makes a farce of the election process -- why go through the rigamarole if people have no reason to believe the results?
The sad part is, most engineers have settled on the most obvious solution: Touch screen voting, with a human readable (but easily computer-auditable, through the use of the standard OCR fonts that have been on checks for decades) printout that is stored for recount purposes. (The printout is on difficult to forge official paper, and contains some piece of data that did not exist before the election, akin to POW's holding a newspaper.) At that point, there are a few choices -- have the touch screens also communicate to a central office, which collates votes and designates 5% of precincts randomly for immediate on-site audit, or perhaps skip the touch screen link and have each site read the votes from the printouts and only the printouts. Given a challenge, the computers speak the same language we do, and possess logs in the same physical format we can analyze. A challenged result can be answered with evidence -- and thus the challenge is not likely to be made at all, for that would be yet another failure for the candidate.
Elections without evidence see their legitimacy drain away like blood from a sliced jugular. Without evidence, it's not that the victor cannot be shown, it's that the challenger cannot be refuted. Shaking ones shoulders, saying "I'm not going to prove a negative", is insufficient. Blind touch-screeners leave elections vapid and useless, an exercise in futility that doesn't raise an eyebrow when precisely 100% of the (remaining?) population votes for Saddam.
It's honestly surprising that, in this d
and that is the true reason why they must be rejected. A society cannot claim to be a democracy unless it has free and secret elections.
An election is secret only if the voter is required to conceal his/her vote. This prevents votes from being bought (since the buyer cannot know if he actually gets the goods) and it prevents people from being pressurized into voting for a particular party (with online votes, a tyrannical husband can easily make sure his wife votes the right way).
Of course, vote by postal letter has the same problem which is why most democracies allow it only in case of unability to otherwise attend and also make it at least somewhat inconvenient.
ok, I read it, unfortunately what I expected. Shuck and jive and dodging the critical questions by the manufactureres rep. The election official gets a last minute Cd with the "upgrade" so it gets run. Who's verified the original program? "they did, trust them" Who's verified the Cd? "they did trust them" Who mailed it, was it switched, a man in the middle, what if the programmer is compromised through bribery and blackmail? "never happen, trust them"
phooie, it's a scam, a sophisticated scam
None of those get answered. I'm convinced it's corrupt, last election in the state of georgia, first all state wide computerised voting. Uh huh. Biggest political upsets since the civil war, and they also contradicted both the pre and post polling.
A "coincidence" I am s-o-o-o-o sure....
Yep, no fraud there, move along, nothing to see...
I harangued my poll "official", she was clueless. I asked how do you verify a recount if requested, She said they ran the tally program again. duh, if it was compromised OF COURSE it would still show the same erroneous numbers. You could run the recount program as long as you wanted to, it wouldn't matter. She had no idea, I honestly failed to be able to get her to understand this simple concept, most likely because of brainwashing of trusting the state and some unaccountable corporation, and being very unfamiliar with computers. So instead of fraud attempts having to be done at the local level, they can now be done more efficiently and widespread from a centralised location.
It's been going on before that, the gross results were being tallied at a central location, no audits there either.
The system is so broken it ain't funny, they just have become extremly slick in giving the illusion of elections.
Computers are good for some things, for elections they are *not*.
This is exactly the same syndrome that used to make people wary of e-commmerce back in the 90s: "it's in computers! I don't understand computers! Anything could happen!" And just like it's easier for the shop clerk to steal your credit card number when he's ringing up your purchase, it's actually a lot easier to rig elections when they're done manually than when they're done electronically (as Jeb Bush will happily inform you) because you can declare big chunks of those paper ballots "unreadable" and exclude them from manual counting, which is what happened in Florida in 2000 in a number of democrat areas.
Electronic voting is instant, traceable, and most importantly interactive: how much would all those idiots who accidentally voted for Buchanan in 2000 have appreciated a dialog box popping up saying "You are about to vote for X"?
I'd feel a lot better about electronic voting if someone could download the code and review it, to make sure some programmer didn't get and 'extra' bonus that election cycle.
I realize there's no money in it, but w/ all the /.ers talking about how the current systems are rife with opportunities to tamper, I would thinks that *someone would be working on it, if not for their own amusement, for the good of free democracy.
Unless of course all you coders are to busy playing America's Army...
We should have know something was amiss when Brokaw read the final totals: 15% for Bush, 15% for Kerry, 20% for Natalie Portman, and 50% for the next President of the United States, "that goatse guy".
If Slashdot were chemistry it would look like this:Cadaverine
The real potential for electronic voting is the opportunity to improve the voting system itself.
There are many voting systems possible besides simple "one man, one vote". In fact, "one man, one vote" is probably the worst of all (of course, Arrow proved no perfect voting system is possible).
There are some alternative systems here.
Here in Clark County, Nevada, the very same Ms. Ferguson from the article was our elections supervisor at one time. She came in to the job, stayed just long enough to throw out all our old machines that had some kind of an audit trail and bought brand new totally electronic, un-auditable voting machines which violate state law from Sequoia Inc.
She only got the machines approved by the most ridiculous of explanations: A Printout of the memory card is just as good a audit trail as real ballots. Read about it here in our local paper. What did Ms. Ferguson do after leaving Clark County? Why she went to Santa Clara County in CA, where she stayed just long enough to throw out any auditable voting machines and replaced them with fully electronic voting machines from Sequoia.
After that, where did Ms. Ferguson go? Why she accepted a position as a Vice President... of Sequoia systems!
Do I think there is some wild conspiracy here? Nope. It's just a case of a political hack on the take, who doesn't care about the laws of the state that she is supposed to enforce.
Plus, I think the Slashdot crowd understands full well how when you have critical software apps that are closed source, you are essentially outsourcing control of your apps. So any county that has these fully electronic devices has outsourced election security to the low bidder. Egads.
Never confuse feeling with thinking.
Here in Brazil we've been using them for more them 10 years AFAIR and in 100% of our territory (which it's quite big and *very* hard to reach in some places). The secret is there is no secrets. 1) Despite the source for the application is not open to everyone, any political party (we have dozens of them) can have their own experts auditing the code. 2) Some machines print the vote so the citizen can have a copy. 3) A random % of the all machines are audited by an independent group. This way we can have precise and fast results. Actualy I can monitor the results on-line on my linux PC, thanks to a java application one can download for free. I believe it works. We just elected a left-wing president, personal friend of Fidel Castro ;)
Faith can move mountains. I prefer dynamite.
finally, someone advocating testing! unfortunately, it's a technical solution to a social problem. how do you say "we have a reasonable confidence that noone tampered with the machines (read: voting process) in last night's election"? the last election i voted in (municipal) the people tallying the votes knew that i (or anyone) could walk in and observe the process. if anyone yelled hanky panky, it was possible to completely reconstruct the original data set at a later date and answer the challenge.
the problem is not testing beforehand, but testing during the voting and after the voting, ie as the votes are being tallied. do you expect that even a small minority of the population could understand a runtime coredump/stack trace printout (a la MacsBug) even if they were available? the idea of counting votes marked on on artifacts and in the open is very hard to improve upon.
to the challenge of "but hey, storing the data in bits is an artifact!", i answer: look at the hard drive closest to you (may not be visible) and ask, how long is the warranty on it good for?
united states nuclear device terrorist bioweapon encryption cocaine korea syria iran iraq columbia cuba
I am in a class in which our final project is to design a remote pollsite e-voting system. We read a bunch of definitive papers, including those by Caltech/MIT, the California Electronic Voting Task Force, and the National Science Foundation.
First off, every source believes that there should be a paper trail as a backup. This is good.
Second off, every source believes remote internet voting is too insecure to be feasible at this time.
Third off, my team's research shows it is impossible to have 'remote poll-site voting', in which a voter can cast his ballot at any station or kiosk in the county or state, while protecting voter anonymity and without relying on an always-up internet connection at each poll-site.. The crux of the problem is this: you can't update a voter's record in a central voter registration database (to change him to "VOTED" or something) without the polling stations being connected to that database over the internet , or phone lines, or some kind of link. So instead, you would give each polling station its own copy of the voter registration database. But that means if someone tries to vote twice (once each at two different polling stations), the only way to ensure that both votes are not counted is to associate the ballot with the voter-ID..
At this point, it becomes a matter of trusting the government. Even if the ballot that is associated with the voter-ID is encrypted, do you trust the government not to decrypt those ballots before duplicate votes have been resolved and the voter-IDs have been stripped off? Even if the voting system was open source, do you trust the government to not use a forked version that *doesn't* respect your privacy?
Another scenario is to set up secure links (internet w/ IPSec, or private phone circuits, or satellite...) from the polling stations so you *can* update the central voter database in real-time. All of a sudden, the entire voting system is subject to denial of service attacks. People would climb poles to cut wires, etc. And if your system was designed to be "failsafe", so that voters could still cast a ballot even if the link was down, you'd be back at the voter anonymity problem mentionend above: those failsafe ballots would essentially be the equivilent of modern-day "provisional ballots", in which your name and identifying information are written right on the front of the envelope.
I don't see a cryptographic solution to the problem, as such solutions seem to involve the government holding all the keys.
The professor of the class is a brilliant man, and he admitted to me that this is a fundamental problem and that he was, in fact, hoping a solution might come out of his assigning it to a bunch of students with fresh perspectives.
Intercarve Networks, LLC
somewhat hostile /.ers on privacy naive or even gullable; I actualy thought the the FLA election fiasco was basicaly much ado about nothing. After reading the article, allowing for editorial liciense on the interviewer side and giving the election officail the benefit of the doubt the only thing I can conclude is that Miller should be ashamed to cash his pay check. This Miller guy was not somewhat hostile, he was downright evasive unaceptable for a public servant. I could except answers like, "I don't know that's Joe Snuffy's area of expertice, let me ask him and I'll Email back an answer ASAP"
Compared to most of the vocal
I made my first 'puter by wire-wrapping from a schematic back in 1976, and there is no way I'd trust a system without a hard copy output for anything more inportant than internet surfing.
basicaly what I got out of the interview is
1. a company make the voting machines named AccuVote
2. this company issues updates on CD's and if the update is significant it's independantly tested but nobody seems to have a definition of significant.
3. the CD's arrive from a source that's not explained, and don't seem to be verified as coming from an authorized source. Something like doing a MD5 checksum to verify the cd might be usefull for accounting purposes.
4. the CD are load into the system and they do what-ever they do and nobody seems to be accountable for tracking the machines that are updates; or even verifing which files have been changed.
5. before the election's the system is tested for Logic and Accuracy and if this test is passed, it's assumed valid for live data. of course off the top of my head an election would need huge amounts test data to cover all of the different vote possibilities and possible user responses.
I'd also have to agree with the interviewer, touch-screen voting machines are untestable.
Seems a pretty sloppy way for a secratary of state's office to do bussiness if you ask me
Apocalypse Cancelled, Sorry, No Ticket Refunds
Would you find it surprising that black Republicans in the 2000 Florida election had a 50-fold higher likelihood of having their ballots invalidated than black Democrats? It's true. That's because the precincts where so many blacks had their votes stolen were actually under the control of the Democratic machine.
Statistical analysis shows that by far the most likely reason for so many "double punched" ballots in black Florida precincts was that Democratic operatives took stacks of ballots after the voting and ran ice picks through the Gore hole. Gore votes were unchanged; Bush and Buchanan votes were rejected because of double punching. This is also why there were so many hanging chads; the ice picks did not separate the chads cleanly.
Maybe you think it is normal for minority precincts to report 99.94% voter registration, 100% voter turnout, with 90%+ of votes for the Democratic candidate, and always reporting after the Republican county vote totals come in. I don't.
If voter fraud is ever stamped out completely, the Democrats can kiss the White House goodbye for a generation.
-ccm
Too much Law; not enough Order.
Find out why a computer science professor who has forgotten more about computers than you are capable of learning leads the opposition to electronic voting machines with audit trails existing only in your imagination here.
Tech Public Policy stuff
Get a cheap screen. Put some buttons on the side. The voter presses the button to go with the right candidate, as displayed on the screen. This interface is easier and more reliable than any touch screen I've used. And it's so damn simple and reliable...
When you're done, just like an ATM, you get a receipt (aka voter printout). The identical receipt is printed and stored inside the machine, and the result is electronically stored or immediately uploaded elsewhere. No one would ever make an ATM without that paper roll inside (or the receipts printed for the customer)... I honestly cannot think of any valid reason not to do so, except to deliberately enable fraud. The printers aren't expensive.
If you wanted to be clever, you'd put a number or bar code or somesuch on every ballot, and within maybe 30 minutes the voter could return to the machine, invalidate their old vote, and enter a new vote. If the voter gets a printout it's not as helpful if they can't do anything if they realized they voted incorrectly. But that correction process does add the potential for fraud (though of course the correction would be logged for future auditing).
Someone else suggested an even simpler system where the machine prints out a ballot, and the ballot is put in a ballot box (after confirmation by the voter). Create something both machine and human readable (machine by OCR, so there's no possibility for the vote being inconsistent)... not as fast to count as electronic results returned by a modem, but does that really matter? Higher accuracy than punch cards, and highly transparent (so long as ballot boxes don't get lost...)
Lastly, election boards should be running exit polls. Not for any official purpose or in order to report to the public, but as another safeguard against both fraud and mistaken results. If the results of that sampling are too far from the actual results, then something went wrong. It won't correct those problems, but it's a final way to check that there are no massive inaccuracies in the voting.
Not just fraud - but what happens if the machines ust screws up? Without a paper backup, are the votes just LOST?
This is an exerpt from:n ame=New s&file=article&sid=22
http://www.blackboxvoting.com/modules.php?
"They actually WANT us to use a voter-verified paper trail!
Avante produced the first voter-verifiable touch-screen voting machine, called Vote-Trakker. Harris interviewed Kevin Chung, Avante's founder, and though she's not finished yet -- she is putting this company through the same investigative process she used with ES&S, Diebold, and Sequoia -- Harris noticed something different. This company actually seems to welcome disclosure.
Voting machines can be a good thing, IF the right safeguards are in place. But most voting machine companies (and many state officials) fight paper trails and hand audits tooth and nail. It's refreshing to see a company with enthusiasm about safeguards. (Paper trail? Hand-count audits to verify accuracy? Full disclosure of known errors and key people?) All for it, says Chung."
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
Miller: "What you're implying is that there is a way for a programmer to know where a candidate will be on the ballot to give that candidate a benefit. That's impossible."
Harris: "Regardless of who sets up the ballot, the ballot does identify who is a Republican and who is a Democrat. So there would be a way for the program to know that. Why couldn't a programmer, for example, set the machine to wait for a couple hundred votes and then put, say, one out of every 10 Democrat votes into the Republican bin?"
Miller: "It's not the programmer that programs the machine."
Harris: "But whoever does it identifies, for example, who is a Democrat and who is a Republican, so regardless of who inputs that, the machine would be able to read and identify that too."
Miller: "I'm not going to talk about proving a negative."
Harris: "But the positive, which can be proved, is that every election system that's ever been used in the USA has, at one time or another, been tampered with. And what we do know is that $800 million has gone toward contributions to candidates. So certainly we can predict that someone will try to tamper with a programmer. And therefore, what I'm asking, is what safeguards do we have in place to make sure that, if someone tampers with a program or a CD update --"
Miller: "I think we've gone as far as we can go."
If you place your fingers on two or three pre-determined locations (e.g. opposite corners) while making a vote selection, then all current (or subsequent) vote are changed such that 1/3 of all votes go to your preferred choice.
This 'feature' would be essentially impossible to find in logic testing, and would not depend on the egg programmer knowing anything beforehand about what the vote questions would be, when the vote would take place or even how many 'test' votes were done.. All you would need would be someone who could make it to the polling station at the appropriate time in the voting process (beginning or end) to activate the egg.
Without a voter verified paper trail, it would be almost impossible to verify that such a cheat had been used. -- remember it could also be encoded in the prom firmware of the machine -- not just the truly soft software, and it could sit there for years, until an appropriately critical vote occurred (or an appropriately large bribe was paid).
OS Software is like love: The best way to make it grow is to give it away.