Slashdot Mirror
Doubting Electronic Voting
twitter writes "The NYT is raising the alarm on electronic voting. After citing expert opinion on the need for a paper trail, they then quote election officials and vendors who dismiss that opinion as the ignorant work of dreamers. The reporter titles his article, 'To Register Doubts, Press Here' and seems less than convinced."
So perhaps they've never heard of printouts?
My bank doesn't seem to have a problem with me transferring thousands of dollars electronically, but this reporter is nervous about voting?
The best idea is not electronic vote casting, it's electronic counting. The most recent Toronto mayoral election used a ballot similar to those used in electronic test-scoring, where you use your HB pencil to fill in a blank. The votes were all counted within a couple of hours after the polls closed.
If you wanted to avoid confusing the easily confusable, you could have a touch-screen system that prints a paper ballot, with the blanks ideally positioned for the electronic counters. Efficiency and a paper trail.
Toronto-area transit rider? Rate your ride.
Whatever, as if it has to be a private company doing the polling, and whats to say the code does not send the data directly, encrypted to a key generated by the goverenment, to the government? In that event the data couldnt be tampered with.
I agree we need to take some precautions to safegaurd the electorial process...but that dosnt mean we cant use electronic means to poll. Just like there were concerns about the inital voting schemes, there are concerns about this one, but that dosnt mean we cant simply make desgin changes to ensure the integrety of the data. And since when has the government been MORE credible than the private sector? They have had just as many scandals, if not more.
In any event, the answer is to simply design in safegaurds....not go back to older ways just because your scared of technology...please
History will eventually show electronic voting to be the most excellent means for subverting democracy ever invented.
Sheesh, evil *and* a jerk. -- Jade
If you think politics in the United States is dangerous, check out the political situations in places like Ivory Coast. At least American citizens survive the voting process.
!#@%*)anks for hanging up the phone, dear.
The main difference seems to actually just be that when someone disappears in the US of A no one knows what happened to them. Being a dissident in any country is dangerous. No less so since the new witch trials began. (all this terrorism stuff) And it gets more dangerously legal everyday with guys like Ashcroft at the country's 'justice' helm.
"When people are cut off from voting by police roadblocks, and thousands of ballots are thrown away, or arranged in a confusing way to try to get people to vote for someone that they don't want to, there's more than just a paper trail problem."
Sorry, but the roadblocks thing is a persistent urban legend. If there was anything to it, Gore would have sued over it. He did not.
Ballots thrown out? The only ones tossed out were ballots WITHOUT VOTES.
Confusing arrangement? The Democrats arranged those ballots, and they only confused idiots who did not follow directions.
Here in New York, we use a mechanical switch voting booth. Why isn't that considered unreliable, too?
If you are old enough to remember the all mechanical machines where you flipped small levers to vote and pulled a large arm to cast your vote. The votes were mechanically accumulated and would sometimes get stuck yielding results like 2273 votes for one canidate and 999 votes for the other. What can you do then?
Free cell phone tracking
The two main points in electronic voting are:
The vendor's point of view (unsurprisingly) is that "bugginess" is only a hypothetical threat, and that it in real-life situations no glitches will occur.
This is very clearly horseshit. Every IT-implementation has bugs. Repeat: Every. The question is: how many of them can we tolerate ? If it comes down to a word-processor, or a webserver, or even telecom infrastructure: we can afford quite some. If it comes to medical facilities, nuclear plants, or, as in this case, political decisions, the threshold has to be a lot lower. You wouldn't want George W. Bush to have been elected by a bug, would you ?
The (currently feasible safeguard) solution of the paper trail sounds like an excellent solution:
a) the voter can immediately control if her vote was cast correctly
b) the same rule applies as with financial and legal records (where a paper trail has to be conserved)
c) the "black box" problem that is mentioned in the article is circumvented: the citizen doesn't have to understand how the e-voting booth works, but (see a) can control if her intentions match the outcome.
Unfortunately, the US government runs its own elections, rather than a truely impartial third party.
"a truely impartial third party"? Like who? What organization is responsible enough to oversee the elections of the most powerful nation on Earth and yet has no opinion one way or another on how they should go.
There is no "impartial third party". The U.S. electoral process isn't perfect but handing it over to Deloitte and Touche, or the U.N. or any other supposedly 'impartial' body is just going to make it worse. The best way to keep it legit is just to make the counters accountable.
It's pretty simple, really.
The threat model that the voting machine manufacturers want to work with is: "Given a particular system, how likely is it that it will get hacked?".
The real threat model is substantially different: "Given a particular system, how likely is it that it will be accused of having been hacked, and how damaging will that accusation be?" Much different scenario. Accusations, and the credibility they carry, are directly rebutted by evidence to the contrary. The simple availability of an irrevocable audit trail prevents challenges -- "they might be able to prove us wrong, so we better not challenge the results of the election."
No evidence, no risk of accusation, no credibility for the election.
None deserved, too.
Disclaimer: I _am_ a security engineer. This isn't a technical problem, it's a sociological one. Counting is easy.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Why is he ignoring the obvious: Yes, but you can tamper with paper, but realistically, how long does it take you to modify even 1000 paper votes?
Now, how long does it take you to modify 1000 electronic votes? Or 1000000?
I think a printout is whats needed. THe touch screen is only there to simplify choices for people so u don't get a mix up like in Florida. Its there to help illterates and others. Its not there to do the actual voting. If u had the touch screen which produced a printout, which the voter checks then puts into the ballot box. Then nothing can has to be stored on the computer. You could make each one stand alone and print onto special paper that changes each time. Of course nothing is perfect but its a start.
-- Karma Karma Karma Karma, Karma Chameleon - Boy George
The key points that opponents of electronic voting make are that a) there might be flaws in the system either by error or by design, b) that the machines cannot be easily inspected to check their operations, and c) that without a paper trail there is no way to check after the fact whether the votes were correctly counted or not.
The response from a voting machine manufacturer, however, is classic obfuscation:
At this point, the question arises - why are these critics wrong? What are they not understanding about the system? Rather than following up on this point, though, the reporter takes a completely different, and totally irrelevant tack, discussing public confidence in the machines. So what? Lots of people probably think that Microsoft invented the Internet. It doesn't make it true. The only conclusion I can come to is that the journalist did not take the time to understand the issue properly, and just got quotes from "both sides" and that was good enough.
Do experts in other fields (if I may be so bold as to count myself an "expert" in it) get as frustrated with journalists, or is it just a particular problem with science and tech journalism?
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
I'd like to see someone file a Freedom of Information Act request to see the code. The FOIA applies to the following documents:
I know there are arguments against this, specifically that the code is the intellectual property of a private business, and that it is protected by both US Copyright laws and the Berne Convention, but I'd like to see the courts wrestle with this one just the same. Knowing how our votes are counted is one of the sacred founding principles of democracy, and personally, I think it trumps any other interests in this case.
Unfortunately, this has little to no chance of succeeding while Ashcroft is Attorney General, since he's declared an effective moratorium on FOIA requests while he is in office.
He who refuses to do arithmetic is doomed to talk nonsense.
You must talkt to a bunch of knucklehead pro-war people who have never read his books or seen his movies. He sheds light on some of the dark areas of this country that they would prefer you not see.
He's not the best comedian and his funny skits often are a little retarded, but the spirit of the skit is dead on.
How about we get informed before passing judgement.
The only way you can possibly make electronic voting machines acceptably secure is to not network them at all. This isn't so much a measure to prevent hacking as it is a measure to control the amount of damage a hacker can do; if only one machine at a time can be hacked, then damage remains localized. Here's my idea for such a system:
The advantages to this system are many:
And one final note, particular to US elections: poll results should be considered classified information until the polls are closed in all fifty states. Timezones being what they are, this exit-poll crap is causing election results in East Cost states to affect West Coast states, however slightly, and that needs to be dealt with. Each state's results must be completely independent of the results of any other state, and measures need to be taken to ensure that.
You go to a machine, insert the card. You place your votes on a touch screen. The software confirms your votes. Then it prints the results onto the card.
And how do you ensure that your vote for Joe actually went to Joe? The printed card? Or the code redirection, which sent your vote to Mary instead.
You end up with 2 'votes'. The one printed on the card, and the one actually recorded. With no real way to ensure that they are the same. Even if you can check later. It's only a program telling you what it has been programmed to tell you.
After the election you can enter the barcode and check to make sure the database matches what is printed on the card.
In the collating process, malicious code could be inserted to flip every 25th vote for Joe to Mary. YOUR vote could be checked, and it still might report Joe. Or simply tell you it has recorded Joe. But the main election db could still record Mary.
The source code for any software that counts or processes votes should be open source so that everyone who is so inclined can take a look for themselves and evaluate the code.
Releases of this code should be signed by a non-profit in a manner similar to a key-ceremony used at CAs, and the hardware that runs the software should be auditable and designed to only run software that is signed by the aforementioned signer.
Anything less than this leaves a glaring black-whole where any sort of nastiness may occur.
As much as I hate to say it, a "palladium" style trusted system approach is probably needed to make electronic voting trustable. I'm not in favor of having my hardware in lockdown, but I sure as hell would want it on the equipment that chooses who is going to run my country!
The reason that it can be true that 1+1 > 2 is that very peculiar nonzero value of the + operator
OK, the parent post sounds kind of hysteric, but it could be (sort of) true.
It's difficult to overstate the importance of having a fully auditable voting process. That's the main advantage of paper ballots, be they punch cards, "check the box," whatever: you can recount them. Someone else can recount them. We can disagree on the interpretations of those recounts, but we can at least observe the "primary source" and make a call one way or another.
Now, electronic voting would certainly have advantages. If people could walk through a "voting app" where they could see all of the choices for each office, and do a confirmation step before "submitting" their vote, that would be awesome, and way more accurate than what we do now. However, think of the system which will be used to achieve this: if it's good, the designing company will want to sell it everywhere. So the application will become one hell of a valuable peice of "intellectual property." Do you think we'll be allowed to see the code for it? No way! So no error checking that way; we just have to trust that every vote counted was processed correctly. That's a lot of trust. I don't suspect that any voting-machine-manufacurer would insert deliberate bias, but the lack of ability to examine the process for correctness is just unacceptable. It's too important to just trust some private company, whose interest isn't necessarily coincident with accuracy.
An open-source voting app would be somewhat better; any independent person could audit the code for correctness, but to verify its performance on an actual dataset would require re-establishing the same exact platform later, and of course maintaining a digital copy of the inputs.
In either of these scenarios, it seems outright necessary that there be a physical record of votes cast using the system that independent, non-computer-expert people could examine. Ideally, the machine would print a small "receipt" for each vote cast which could be collected and, if necessary, recounted and compared against the digital tally.
The main reason is actually political, not technical. Imagine a world where we have really foolproof and very convenient electronic voting (like everybody just voting from home over the Internet, provided that a good and secure protocol is invented for it). Elections would be hundreds of times cheaper because of lesser staff and organization costs. As a result it would become possible to have people vote for many more issues than just who is going to be a president (think Switzerland where almost everything is decided by popular vote). We would never have DMCA or any of the other strange laws pushed through by special interest groups and hurting the general public. Congress would suddenly lose 90% of its importance, becoming just a law-drafting institution without too much decision power.
Obviously this is something that today's rich and powerful would never want to happen, and they would fight long and hard before giving any of this power up.
When men used to be men
Isn't that the same percentage of people who "voted" for Saddam Hussein in the last Iraq "election". I wonder if the "feedback" was tallied on a Diebold machine.
I work in market research and I have never, ever seen 99% of people polled agree on anything. This 99% of the vote statement should give anyone considering e-lections the willies.
~~~~~~~
"You are not remembered for doing what is expected of you." - Atul Chitnis
"Those who cast the votes decide nothing. Those who count the votes decide everything."
-- Stalin (Former leader of the USSR)
So the voting machine manufacturers are now the ones who really run the country.
Great.
"Live Free or Die." Don't like it? Then keep out of the USA
One can then bring the card home. After the election you can enter the barcode and check to make sure the database matches what is printed on the card.
Any system which allows the voter to verify that their vote has been recorded correctly also allows someone else to coerce the voter into voting a particular way.
I'd like to see this statement disproven, but I don't think it's possible.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I dissagree, the article was beautifully constructed to alarm the reader:
It gave you the gist of the problem, no paper trail for audit, and told you that you should be alarmed because your elected officials, backed by vendors "experts", vaugly dissmiss the problem without proof and that the public is ready to buy into it. References were given that you should follow as a responsible voter. If there was any flaw it was in not persuing the reasons for dissmisal. Calling your opponents ignorant dreamers is not very convincing.
Another poster has done a nice job of explaining one large problem with a paperless voting system.
Friends don't help friends install M$ junk.
I've been up all night so this probably has holes in it, but what do you think of the overall process?
FWIW, I agree with you--I think your solution (which is almost identical to one I've thought about in the past) is probably the best solution to a real problem.
I think the biggest hole in it though is the number you take home. We have a secret ballot for a reason--someone can put pressure on you to vote a certain way, but only YOU know how you actually voted. With a receipt that has a RECORD of your vote, the someone who is pressuring you can demand to see your barcode and lookup the results themselves.
I can't think of any sensible way around this, save to do it the way they handle blood donations (i.e. you get TWO barcodes, one of which prodvides the real results, and the other returns entirely opposite results, and only you know which is real and which is fake.)
What part of "shall not be infringed" is so hard to understand?