Hardly Anyone Cares About Computer Voting Problems

Avidwriter writes "It's a sad thought that Roblimo explores in a NewsForge article about computer voting fraud and how you'd think all honest politicians would be working to make sure computerized voting systems are open source, and why open source wouldn't hurt well-run voting machine companies' profits. Not that most people care, since they don't even bother to vote, right?"

Thus say...

[inertia187]

Not that most people care, since they don't even bother to vote, right?

I don't know off hand, so let's put it to a vote!

Re:Thus say...

Its sad that the same people who scream for open source voting and open source this and that are the same people who bemoan the cheaters once quake 1 and quake 2 source was made public (though not open source) .

You would think that voting machines you would want simple and private code with high encription.

Re:Thus say...

The difference is that Quake and similar games are inherently impossible to proof against cheats. Too much is done at the client side, so there's too many ways that the cheaters can cheat -- and no way to protect against them all. At what point is the line between incredibly good reflexes, and cheating? And how can you tell, unless you're physically there, at the client, watching them play?

Voting, on the other hand, is a much simpler problem, and the problems with fraud are much better documented and understood. Those that control the rules can control the voting -- but that's a problem with paper ballots as well as electronic. In this case, the risks of opening the code are outweighed by the risks of not opening the code.

Re:Thus say...

[texaport]

"What with voting turnout at an all-time
low, not voting makes me more American."

--
Hank Hill, King of the Hill

in australia I hear they have mandatory voting

[dreadnougat]

even if you vote "abstain", or you get a small fine (unless you CAN'T be there, ie are hospitalized)

At least it would stop the whining about voter turnout :)

Re:in australia I hear they have mandatory voting

[Mjec]

[In Australia there is compulsary voting,] even if you vote "abstain", or you get a small fine (unless you CAN'T be there, ie are hospitalized)

Yes, voting is compulsary, but thanks to protection of privacy there is no way for them to know whether you actually voted or no. You just have to turn up, and place a ballot paper - it can theoretically be blank, and for some people often is. But everyone turns out, and it is a much better system. We actually get a reasonable representation of the opinion of the people.


But with response to the article:
Yes! There is a need in the US for a better voter turnout, and if machines are in use it needs to be difficult to be forge or modify votes. Go me, master of the blindingly obvious!

Re:in australia I hear they have mandatory voting

[diersing]

Many countries do this, of course those same countries usually declare a national holiday and most business are closed allowing the population the time to carefully weigh all the candidates and dutifully select the nominee they want. Yes I'm lobbying for a day off

I got burned by this when my cruise ship pulled into harbor in Belize, only to find everything was closed until the polls closed at 6pm. Imagine my distain when I found out our ship pulled anchor at 5pm, the bastards!!!

Re:in australia I hear they have mandatory voting

[canning]

Yeah, the duty of the government is to protect the rights and well being of its citizens but it's also up to the citizens to protect each other.
Being required to vote is in the best interest of everyone in the country and it's a small price to pay. You can't tell me that you're life is so significant and hectic that you cannot accommodate casting your vote? Give me a break.
I truly believe that if you don't vote (or in an Australian citizen's case cast a blank ballot) you have no place to criticize politics or the actions of politicians until you do so.

Just my $0.02.

Re:in australia I hear they have mandatory voting

[cranos]

" If you want to talk about requiring things of your subjects for the common good of all, then you're talking about communism"

So a criminal justice system is commie plot now is it?

Seriously as members of a community we are expected to contribute to that community as well as take away, other wise the community collapses. Voting is your way of saying this is the person/group I want leading the community. If you don't vote then you have no right to complain about who gets in.

Re:in australia I hear they have mandatory voting

[Bush+Pig]

The best way to tell is by assessing how much property they own - the more property, the better the qualification. In fact, people who own a _lot_ of stuff should probably be given more votes than poor people. Maybe there should be a minimum amount of property you can own before you even get a vote at all.

Re:in australia I hear they have mandatory voting

[MikeFM]

I think people that show up to vote should get a tax break. That way if you had a voucher proving you voted (even if abstaining) you could write it off come tax time. Even if they only gave you $15 to cover your gas and time I think it'd still help motivate people.

Or to improve the college student turnout maybe they should offer coupons for a free pizza, drink, or whatever to each person that turned out? I'm sure you could get companies to sponsor the elections.

Of course I move every six months or so.. making it hard to get many chances to vote. I think maybe that's why I was refused voter registration during the last Presidential election (though the refusal had no reason writen on it).

Re:in australia I hear they have mandatory voting

[An+Onerous+Coward]

I think you're being unrealistic. Instead, I side with Scott Adams' comment on the importance of your vote: The value of your vote is actually negative if its influence on the outcome is outweighed by the time and effort spent casting it.

Throw in the fact that you can be a conscientious citizen, get yourself well informed on all the candidates and issues, and have your vote negated by some ninety-five year old lady who is voting for Al Gore because he wore the best tie... can you blame us for getting cynical?

Re:in australia I hear they have mandatory voting

[Slurpee]

gantrep obviously hasn't thought this through. Paying taxes to pay for roads and education is also a commie plot (according to his view). As is 911. Stupid government attempting to help people help others.

If you don't vote then you have no right to complain about who gets in.

I'm not so sure about this one. I use to think this, but have now modified my view somewhat. While holding that view, I couldn't see how I could complain about a government who I helped vote to power. IE, only those who did not vote for the ruling party can complain (or vice versa). Also, people I know in politics would also tell me that "I can't complain if I don't directly do something about it". IE Unless I'm attending peace marches, writing letters to papers, signing surveys, or even stand for government I shouldn't be complaining about it. Locally, it makes more sense. If I care about the dog droppings in my local park (I do), then why aren't I picking them up myself, or writing letters telling the pollies to do something, or even attempting to be voted in on a "no dogs" policy.

My modified view is something like "Everyone can complain, but the more someone does about something, the more they care about it". IE, listen to complaints of people who make a lot of effort regarding fixing the problem (Voting is an effort). If they can't even be bothered to vote, then I may not think their complaint is worth listening too.

Re:in australia I hear they have mandatory voting

[Steeltoe]

Just because your vote is just one in millions, a drop in the ocean, you fail to recognize this: Without the drops, there can be no ocean!

And the flavour of all the drops, is what makes the ocean. Now, the politicians ARE representing you. This is what leaders you get when you're cynical, care-free, repress your feelings and do nothing. Do you want it to get better or worse, it's your choice. At least, you COULD have said that you've done the best you could, but now you can't say that!

Re:in australia I hear they have mandatory voting

[aziraphale]

> The only canidate that made any sence was the Green Party canidate. As the Green Party is still treated like the lunitic fring by the media, the chance of one of their canidates rising above statistical noise is almost zero.

So you didn't vote for them, because it would have been a wasted vote - but then you wasted your vote anyway?

In the 1992 UK general election, there was a poll conducted by a national newspaper that revealed that 60% of the population would have seriously considered voting for the Liberal Democrats (the third party in the UK, typically gets 10-20% of the vote) if they thought they had a chance of winning.

If even people who think the green party candidate 'makes sense' refuse to vote for them because they won't win, there's little chance they'll ever be perceived as anything but a lunatic fringe...

It has to be said...

[kzinti]

...you'd think all honest politicians would be working to make sure computerized voting systems are open source...

That assumes you could find an honest politician.

You're asking for too much.

[psoriac]

Not that most people care, since they don't even bother to vote, right?

Most people don't even bother to click the link to read the article; you think they'd actually get up, leave the house, drive to the voting center, and push some buttons to vote? That's way too much effort involved.

I vote in Slashdot polls...

[flicken]

Does that count? Heck, i'm usually even honest in those polls. (-;

Open Source vs. Closed Source voting

[Dancin_Santa]

Security through Obscurity works as a temporary stopgap. It doesn't last long, but it does keep a system secure for a short time until someone discovers the security hole.

Voting takes place once every two years in the US (different for other countries). And it only takes place on one day. Security through obscurity can hold that long.

On the other hand, divulging the source code to the system beforehand (otherwise, what's the point to having the system being Open Source) makes it that much easier for evil-doers to find the holes in the system. Keep in mind that these fraudsters aren't going to fix the hole and "turn it back over to the community". They will have plenty of time to find the exploits and they will exploit it on election day.

Yes, in general Security through Obscurity is a bad idea, but in one-off systems like electronic voting, it is the best method of keeping the system secure short of armed guards and video cameras.

Re:Open Source vs. Closed Source voting

[Qzukk]

it does keep a system secure for a short time until someone discovers the security hole.

You're assuming that someone hasn't already bought the "hole". You're assuming that the ballot system developers are impartial. You're assuming that if the government won't abuse any knowledge that the public has no access to.

You're assuming too much.

Re:Open Source vs. Closed Source voting

[Mjec]

Keep in mind that these fraudsters aren't going to fix the hole and "turn it back over to the community". They will have plenty of time to find the exploits and they will exploit it on election day.

Yes, but so does everyone else, and most people will fix the problems. Especially international people reviewing it. So while there is a chance that some clever guy will spot a hole that no-one else can see and this guy uses it to further his own ends, I consider that less likely than some guy putting in a hole because he's the programmer and no-one will ever get to see the source.

My $0.02

Re:Open Source vs. Closed Source voting

[KoalaBear33]

What do security experts say about systems? They say that open, heavily scrutinized systems are more secure. For instance, any decent encryption is open. Keeping them open actually improves the encryption's strength. Same thing with open voting systems...

The number of people who find and fix flaws will far outweight those with malicious intents. As a matter of fact, non-profit organizations and academic institutions can study the code for loop-holes/bugs/etc. Academia is good at coming up with theoretical solutions to problems and would be perfect here. They will be able to analyze the software for flaws far better than any private company can (except possibly large ones like IBM, Microsoft, etc). They will be able to do it from the specifications even (how do you know the specs are correct? )

KoalaBear33

The even sadder fact is

[Sir+Haxalot]

Polticians even believe the voting system is totally secure, and even if it wasn't, it's not up to them to sort it out, it's up to those 'computer people'.

Of course they don't care

[KiahZero]

I remember seeing a study mentioned on the news about problems with computer voting, but I don't see it mentioned in this story.

Potential for fraud is a good thing in the eyes of sufficiently corrupt politicians. If it were completely impregnable, then those with the inclination wouldn't be able to fix elections. As much as I love throwing technology at a problem to try and solve it, I really don't think that eliminating a paper trail is *really* a good idea when we talk about electing such powerful people.

How about instead of changing the way we cast our ballot, let's focus on changing the ballot? Plurality voting is about the worst voting system there is. Of course, if we went with Condorcet, third-party politicians might actually get elected.

Executables from Open Src still has to be loaded..

[ivi]

Open Source can't hurt, but
you'd -still- have to be sure
that -all- the executables
were made from the final source,
that everybody has access to,
for the eVoting Boxes.

Then, you have to insure that
no changes are made just before
the machines are used... etc.

This guy cares

[offby1]

David Dill is rasing the alarm about voter verification. Granted he's not part of the gummint, but he's asking the right questions.

no kidding

[croddy]

the student government at my college switched to computer voting a couple of years ago. every semester it's the same story; some terrible problem with the system means we have to do it all over again, usually twice.

I've written to the voting committee, written editorials, but no one cares. they claim that it's better than paper voting because machines don't make mistakes.

once I voted 12 times. but that was because they were relying on cookies. that was fixed in the revote. once they used checkboxes instead of radio buttons, and I voted for everyone. but that was fixed in the next one.

people are lazy, and even if it's got problems, they prefer clicking on some web form to actually going and voting in person. I say if you're too lazy to get up and vote, then you probably shouldn't be voting anyway.

but nobody cares, machines don't make mistakes... yeah? well, I've got a 20 page study of georgia voting technology that disagrees.

it's high time we had an election server h4x0red to make people think twice about it.

For those who haven't heard of Condorcet

[Magic+Thread]

The Condorcet method of voting requires that each voter rank the candidates from best to worst. It's generally a good system, but has been criticised for being hard to understand (maybe not for those of us on /., but for the stupid voters). Another interesting voting method is range voting, which assigns a number value to each candidate based on that candidate's desirability.

Rated voting, which is a special case of range voting, was generally the best method (i.e., it maximised voter happiness) in a test of various voting systems. Also see ElectionMethods.org.

An improved voting system would certainly make lots of things better (though due to Arrow's paradox, a perfect system is impossible). I think we also need to improve the voters. The most heard criticism of Condorcet's method is that it's hard to understand, and it's really not all that complex at all.

Re:Why Should It Be Open Source??

[zcat_NZ]

My point exactly.

Give each person a randomly unique number when they turn up to vote. Have them enter the number with their votes, check that it's valid, and record both.

After the election, make all the votes available. Everyone can check the totals, and anyone who made a note of their number can check that their vote was recorded correctly. If there's any vote tampering going on, everyone who's vote got tamperd with will KNOW, not just suspect, that the election was rigged.

My full rant on the topic is at href="http://zcat.wired.net.nz/evote/

Re:Yes, That is true

[sbszine]

You either

1. Go to jail for short stay or
2. Pay a fine

In practice you don't even have to pay the fine. Almost any excuse is enough to get you out of the fine. In fact, I know people who have tried to 'do the right thing' and pay the fine, and been refused!

The fine notice may simply be a way of checking that you're alive, at the same address etc. Gets people's attention better than a survey.

Lefty and proud of it

[flicken]

Are you left eyed?

Of course i am. Why do you ask? (-;

...oh...righ^H^H^H^Hleft. (-; (-; (-;

I am left-handed, -footed, -eared, -toed, -kneed, -minded and -(*censored*)ed. And, like most /.ers, i often feel left out.

Re:Perhaps it's because fewer care about politics?

[s20451]

No, it's because people don't give a rat's ass about problems in the abstract. Yes, computer voting systems have problems, but so were butterfly ballots, and nobody had even heard of those until 2000.

Only in the 2024 elections, when Wil Wheaton defeats Britney Spears amidst questionable computer voting, will you get anyone to care.

Minor bit of reality check here boys...

[ComputerSlicer23]

I've done contract work for ES&S (actually most of the work I did for them was when they we're know as AIS). I've seen what they get to do for verification. Trust me, somebody reads every single line of code there is. They have specific rules, and very rigorus tests the machines get put thru. I worked for the guy who did most of the original coding for the E100. I helped to start the port for the E500, which turned into the E600 model. Actually I started to finish the port. It was originally in Z80 assembly, they completely ported it to C, and they lost the machine, and all the backups from about 6 weeks before it finished. I was the first guy to start finishing the port.

The company I worked for did all of the original design assembly of the PCB boards.

Everything is done on paper (on those models, I hear they have other electronic only models). So it is completely auditable via a recount. The Federal Election Commision certifies the software and the hardware as fit for use. Once certified, no changes can take place without a re-certification, and justification for all changes made.

They use QNX as their base operating system, and use essentially fax based technology inside the system. They scan it using the fax scanner, using timing bars to tell where the bubbles are. They then read the black/white values using an A/D converter (at some point, they switched to infrared technology instead of fax technology). Each machine gets fed test sets of thousands of ballots ( I want to say over 100,000 ballots go thru the system during the final testing phase). Which the exception of a mis-feed, or jam (which has to be detected), there can't be any mistakes.

They are pretty serious about it. At one point I knew every guy who did the day to day coding on the systems. They are plenty trustworthy. Maybe not coding gods, but naferious evil plots just won't happen. Sorry, take your conspiracy theories and go home.

Oh, and no one in their right mind would want to read the code. For a variety of reasons. First it's boring as hell. Second, the rules make it nearly impossible to write interesting code. All function can have on and only one return. No function can be over 200 lines long. No matter how clear the function is, it can't be longer then 200 lines. Why 200, got me, but it's the rule. There are rules against using macros, and rules about function pointers, and rules about recursion, rules about how data structures have to be stored. Rules about lots of different things. Rules about election layouts. Rules about ballot layouts. All kinds of mind numbing rules.

Open sourcing them, or making them available under NDA for a third party audit, sure seems like a good idea. However, there are plenty of safety measures in place to assure that the right things go on.

Christ the machines run while being hit by a giant as static electricity gun. (Vandigraph generator, I believe it was called).

Kirby

Ever Tried To Explain "Source" To A Politician?

[istartedi]

Have you ever tried to explain "source" to a politician? I have. Let me tell you. Just getting them over that hurdle is tough enough. Most of them are lawyers, and for some reason lawyers tend not to care much about tech. Sure there are exceptions, but I can't help but get the impression that most lawyers would still be using quills and ink if they could get away with it.

So. When you go to policitians with this issue and say "The system should be Open Source so someone can perform a security audit" what they hear is "Our special interest group has an opinion about how the system should work". Really. I don't see any way around this problem either. We could sit around and wait for the public school system run by these politicians to produce lawyers who aren't computer and science illiterate, except of course that by now most of the politicians are products of that very same system!

I see a positive feedback loop here, which like all positive feedback loops tends to create instability. Now... how many politicians have the background to understand that analogy?

Good reliable voting solutions

[einhverfr]

Here are the guidelines I came up for a fraud-resistant electronic voting system:

1: The traffic with the database server should be properly secured (ipsec, ssl w/client certs, etc.)

2: The data should be stored in an accountable way. For example, if the data is altered, there should be a way to determine this.

3: The system should allow manual verification of results.

So here was the system I designed:

1: Database server communicates with clients using ESP/IPSec protected communications.

2: Voting machines use touch-screens. At the end, the voting machine displays a list of candidates you voted for and asks you to confirm. Then when you do, it submits your data to the database and prints a ballot. The database also stores information relating to the ballot regarding which voting station you were at. You deposite the ballot in the ballot box.

The ballot contains: 1: An easy-to-scan bar code
2: A human readable ballot listing for manual verification. 3: The ballot serial number.

This gives you almost everything you get with the paper system as well as everything you get with the electronic system.

Re:Good reliable voting solutions

[plalonde2]

The missing element here is counting the ballots *at the polling station*

Paper ballots provide an audit trail, but the ballot boxes themselves can (and have) been tampered with.

The only useful purpose served by an electronic system is a "quick tally", and possibly less chance of a spoiled ballot, although butterfly-ballot like errors can be set up on a touchscreen as easily as on paper.

Providing a count at the polling place, by a multi-partisan local group (each candidate should be able to produce someone to go to each polling place) reduces the chance of fraud dramatically. Make the hand count the official tally, and the electronic count used only for quick totals.

For a little more accountability, apply modern cryptography to tie paper ballots to their electronic counterparts for cross-checking if required. Make a recount and cross-check mandatory for narrow spreads or manual/electronic dissagreements.

Demand voter-verified, locally counted paper ballots.

Re:Good reliable voting solutions

[cyril3]

The ballot serial number

Numbered Ballot Papers. I wonder why they didn't think of that before.

Oh, I remember. The greatest advance in democracy since, well democracy really ,SECRET BALLOTS.

I have enough nightmares about electronic voting already. You go into the polling station at 08.30am and they tick your name off against the roll. At 8.32am a vote is cast for Candidate X (as certified by the audit trail in the system.) Guess who voted for whom.

Re:Good reliable voting solutions

[RobinH]

Voting machines use touch-screens.

Have you ever setup touch screens? I do it quite frequently... they have to be calibrated before use, and periodically thereafter.

Now, if I were an unscrupulous voting machine operator, then no matter how good the software was, I could EASILY fool the calibration routines into thinking that real screen position X1,Y1 (vote for liberal) gets mapped to X2,Y2 (vote for conservative, nazi, etc.). The same could apply to the confirmation screen.

The fact is, the data you're entering (who to vote for) is transformed so many times during an electronic voting process (screen co-ordinates to memory locations to object references to PCI bus to telephone or network to ODBC to file, that there are far too many points for tampering. When I vote on paper, there's only myself, a piece of paper, and a pen involved. Maybe a ballot box. The only real place for tampering is the ballot box, and if you can't keep a friggin' box tamper proof, how do you expect to do the same with a computer?

Maybe Bush really DID steal the election

[kindbud]

Black Box Voting

The source code for the software used in one voting machine was discovered on the Internet, on an unprotected FTP site belonging to Ohio-based Diebold Election Systems Inc. The software, when compiled and run in tests, showed that it appears to be the code used in the company's AccuVote-TS touch-screen terminals.

This software has been analyzed in detail at Truthout.org: How to Rig an Election in the United States. I think your stomach will start turning just a couple paragraphs in. No, let me start it turning for you: the backend database for this state-of-the-art touch-screen votiong machine is Microsoft Access. But that's only part of the story. Wait until you read about the hidden tables. More details here: How We Discovered The Backdoor. The actual code from the FTP site is here: Original Data.

I don't know about you, but I became a little nauseous reading this.... It's quite the yee-opener.

Some more on "problematic" election results:
Florida Ballots Project

Greg Palast's The Best Democracy Money Can Buy

NY TImes: Computer Voting Is Open to Easy Fraud, Experts Say

The most stomach churning thing of all, I think, is the Christian Right connection to Deibold and ES&S.

If you find this stuff credible, spread the word around.