Slashdot Mirror
Electronic Voting: The Other Side of the Story
_randy_64 writes "We've all read about the perils of online voting. But in an article in MIT's Tech Review, noted technologist Simson Garfinkel looks at the other side of the story and comes away thinking that e-voting might not be so bad, if done properly. He mentions several ways that traditional ballot voting is just as 'hackable' as the electronic version."
I don't understand why a cryptographic protocol using a blind signature can't be used to make an auditable voting system.
To me it seems like it could be a special case of the digital cash problem that guys like David Chaum worked on. You give everyone a single vote that they can cast -- a blob of data with a blinded digital signature. Then you let them spend them (vote) however they want.
You could even let candidates set up their own sites to collect their own votes. So someone could give Dean or Bush their vote, and then Dean or Bush could turn them into the election commision. It wouldn't be necessary to do that -- a central site makes more sense -- but wouldn't it be secure enough to let the candidates collect their own votes, with a realtime online election commision protecting against double voting?
If DigiCash is secure (and although it's been dead for a long time, I think it was considered secure), it seems like this should be secure.
The article is right when it points out that we have a lot of election fraud now -- it ought to be possible to improve things substantially.
Not to beat a dead horse, but this was very much the issue with the 2000 presidential election. When it became clear that Florida needed to be counted more carefully, it was discovered that boxes of ballots had been damaged, left in insecure locations, lost, or in one case even stolen. The large delays weren't on account of time needed to actually recount, but to establish how to compensate for the above, and for the fact that many boxes were discovered to never have been counted in the first place!
Election engineers constantly vow to correct these problems, but for 200 years, we've been having the same problems over and over. At times it almost seems like some parties simply don't want the problems solved!
Here's a non-HTTPs one for those of use who don't trust encryption technology in general, not just electronic voting :-)
n kel090303.asp
http://www.technologyreview.com/articles/wo_garfi
You know, like the author of "Practical UNIX and Internet Security."
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
This was a charade to get Bush into power to get more oil for more money, yadayada, circle of life in the industrial age.
/.
Anyone with any kind of intelligence can see that all these "little" events lead to something bigger.
Read the last few stories about this electronic voting scam in the past few days at
[cx]
-Yeah Im a troll but i have a trolly opinion
Nevertheless, most computer professionals are opposed to the DRE machines. One reason is that there is fundamentally no way to audit them: If 600 people vote at a DRE on Election Day and the machine says that 310 voted for the Democratic candidate, who is to say that the number 310 is true? Perhaps only 280 voted Democratic, but the machine was programmed to randomly flip 5 percent of the Republican votes to Democrat before recording them on the computer's hard drive. To make this sort of programmatic tampering harder to detect, perhaps the program was devised so that the flipping would only happen on the first Tuesday in November. On other days--presumably the days when election officials tested the voting machine--no vote flipping would take place. To make it even harder to detect, perhaps the flipping occurs only when the machine discerns that the vote is close; this would avoid the embarrassment of having polls predict one outcome, and having the machines tally another.
This only shows the need for open-source software in the governement. If the source for the voting machines was available to all programmers world-wide, then there would not be this concern! If you used closed source software, then who knows what backdoor's the programmers could put in?
And why did you staple the trout to the RAM?
It has to be secure if it is online... Nobody has EVER had their credit card number stolen online... =D
Doctors do Massage in Longview WA now, who knew?
SSL has proven quite amiable. I see no reason not to trust it. It is this same mentality that is holding the adoption of electronic voting back. A healthy dose of skepticism is needed when approaching all things, but I am confident that SSL has long since passed the test.
"a chorus led by some very high-profile computer science professors and researchers--who say that one machine should never be computerized: the voting machine."
I don't think this has to do with computerizing it. Identity theft is out of control, even when we have human operators handling the transactions. At what point is there a need for a single identity card? We have the technology to make the encryption unbreakable (without the NSA computer in the basement).
If they could hand out a national ID card, and ensure that my privacy would be securely maintained, I would be all for that... The trouble is that politicians are scraping the bottom of the pork barrel and I just don't want to part with my data.
Yes we can computerize it... Just make sure you aren't selling my data to the Val-u-PAK coupon or telemarketers.
-B
Not Garfield.
It's right there at the top of his site.
Most of these techniques of stealing an election, "stationing tow trucks outside the polls to intimidate voters; setting up police roadblocks (as was done in Florida in 2000); intentionally designing confusing ballots; putting people on the ballot with the same name as your opponent; and getting votes the old fashioned way--by buying them" can be used for e voting, too. In addition, usually three people view the paper ballot before recording the vote, no one person reviews ballots and records them. I still don't trust e-voting and never will. No system is perfect, how about some of you coders out there discuss the perfectness of your code. Unless you're coding "Hello World", I don't think so.
The real debate is about who'se going to be making the software/equipment to make it happen. We've heard about the buggyness of the Diebold voting systems, and talked about how we'd design the voting systems...
So why don't some of us get together and just do it? Seriously, if someone made an OpenSource voting booth that was secure and worked well, it'd be huge -- plus, it'd be cheaper for the government. I can't think of a better way to get some exposure to OpenSource.
This should be an obvious case where even the general public might be possible to convince that all the software in such a system must be open source. There is no excuse for not doing so.
Of course, this is not yet the complete solution, but without it I cannot think of one.
In spain, elections are in sundays and for every urn 3 citizens are selected to be there, checking who votes and after the urns close to COUNT (and recount) on site the votes, write and phone the results obtained.
All mayor political parties have people in every urn ensuring that no tamper is done.
After the count its done law agents transport the urns and the results to the main storage.
The phone submited count its later validated with the paper written count.
We get the vote count in a hour after the elections ends.
Also we use 1 paper per candidate printed by central governement, no butterfly thingies -> no mistakes.
Nope. What Garfinkel is calling hacking old style elections has nothing to do with electronic voting problems.
Those same old techniques - tampering with voter rolls, discouraging minorities from voting and so on - those can all STILL happen with electronic voting.
Apples and oranges.
Electronic voting will just add another way to tamper with elections.
His essay does not make much sense at all.
Scissors, knives, boxcutters, X-acto blades...
Do not look into laser with remaining eye.
The article starts out with a False Choice logical fallacy. The reporter asserts early on that we either have touch screens or paper -- to create tension and proport to show "another side" of the argument. But it is really a misrepresentation of the facts. The Verified Voting people went way out of their way to make sure that they wern't against paper ballots. What VerifiedVoting is For is a PHYSICAL verification of electronic voting.
He mentions several ways that traditional ballot voting is just as 'hackable' as the electronic version.
... could be hard to detect or trace, if there was a security lapse.
Though, naturally, the distinction between manual ballot stuffing and computer ballot-stuffing (and the like) has similar differences as between bank robbery and embezzlement... the former usually leaves a lot more physical signature and is usually more easily traceable as to the "who's" and "how's".
update nationalvotes set candidatechosen = "Bush" where name like "%e%"
As an idea, how about having in effect two buttons for a given candidate, each of which hooks up to a completely different network run by a different company, then comparing the results between the two? It seems like this could go a long way to verifying accuracy and providing a traceback method for voting fraud.
Just a thought.
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
Just did a basic search on Simson Garfinkel I didn't know who he was... He's a writer for O'Reilly and has penned/contributed to some of their books "Practical Unix & Internet Security, 3rd Edition","Web Security, Privacy & Commerce, 2nd Edition","Database Nation (Paperback) "... damn he's been writing Unix security books since '91...
s/paper ballots/electronic voting machines/
sorry
The mechanism of voting must be ethically secure from all forms of fraud. Currently, there is no standard voting mechanism. Paper voting machines, long the standard, are cumbersome and inefficient. Electronic voting mechanisms are prone to fraud from outside interestes or from internal corruption.
To solve the problem of voting fraud at a mechanical level, many would seek to improve the mechanism. These voting machines are, at their core, computers. From touchscreens to punchcards to beans in a hat, voting machines are all computational devices. There are limits to the security/infallibility of any secret voting machine. The mechanism can be tampered with at too many levels. Any mechanism installed to monitor another anti-fraud mechanism could be tampered with as well.
The only solution that comes to mind is public voting. Public voting would be the case that you let your vote be associated with you. No more voting anonymously. This may seem like a great loss of freedom, but consider the increased power it gives the public. Votes could be counted and recounted by several independant parties after and during the vote. Being responsible and accountable for the vote that you make might seem like a liablity, but it may be a small price to pay for equal and accurate representation.
I would say that they should be made to agree.
I am your father.
What an odie-ous typo!
There will always be ways to cheat a system, electronic or not. The focus should be on ways to validate a vote. For instance in the case of electronic voting, flags should be raised if a voter votes outside his party, or has not voted in past elections. I'd personally like to see something in writing telling me who I voted for when the voting is over, like a site where I can query my voting history.
'Rising chorus of geeks'? Who decided all of a sudden this was a good idea? I know it wasn't me..
Whatever way this whole thing goes though, we'll always have problems, as this article points out. Elections will never really be accurate / balanced.
Selker is convinced that DREs are the way of the future; many notable computer scientists continue to believe otherwise.
They are.. I'm a bit wary with what I've been reading lately though.
by providing a backup "counting" mechanism which can be used to verify that the voting machine is working correctly. Open source will not solve it (although it will make it harder) as you still have many ways which the machine can be tampered with. Clearly the reporter disagrees with this view, and says:
"What about the value of a paper trail? I asked Selker. Just having a vote on paper is no guarantee that it will be correctly counted, he explained. He cited an example (again from Chicago) of an election commissioner who bragged about counting votes for a Republican candidate and then writing them down as votes for the Democrat."
While this is cute, and it is possible to mess with the paper ballots by mis-counting them -- the point of paper ballots is that you can re-count them under bright lights... and since someone _could_ be shown to have lied it makes catching evil election commissioners much easier. Recounting an electronic votes, however, well, is this even possible?
This reporter has an axe to grind and I think he is seriously playing games. Especially when he says "Before talking with Selker, I was squarely in the anti-DRE camp." How someone can be evern remotely informed about DRE and propose an "alternative" while not even mentioning a reference to and then completely mis-representing the adecemics and practioners who are in the "anti-DRE" camp [1]? This quote is just yet another stratigically placed logical flaw that his paper is riddled with.
[1] (VerifiedVoting).
It's not a new idea but it's a good one. Shame it will never happen. There are way too many problems inherint with on-line voting. You want to fix voting? Give everyone the day off provided they bring back a "I voted today" card from the voting center. Guarnatee the turnout will be huge, 70-80% at least. And I'm betting they would get ti right. It's a shame you have entice people to want to vote but it's the sad state of affairs we find ourselves in today.
MMORPG Fan? Prove your worth!
Can anyone explain exactly what chain voting is? I saw something about having someone go in with a ballot, turn in that one, and then come out with the one they were issued, but I don't see what the point is.
An electronic machine *with* paper trail, along with random spot-checks of recounting the paper ballots, should be immune to this, right?
skkkoooonnnggggkkk ptui
I haven't been thinking much about this issue until I read the article and the words "open source" were the first thing to pop up in my head when I read about the issues of back door code. What's there to be afraid of? We've got tons of proven software out-there. You could put some open source OS on a PC with some open source system for collecting the votes and the results could be transmitted to a central storage, a hard drive, or anything in between. You could have a multi-tiered storage system. You could use PGP so that no-one between the DRE and the auditing system could tamper with the results. What's the insurmountable problem here? There are plenty of folks much smarter and knowledgeble than me about security and if I can see this many options, surely there are many more.
Alexey
and keep writing unix manuals
I just have to ask if it really only takes one hour for the final tally.. ?
Seems just a little fast without electronics(no humor intended).
Also, with each party having a rep. at each and every location, every so often someone must cry foul. What do the police do? Throw them out? Recount? Dance?
Really curious. =)
tilTrue.info contechtext.info prettypowerful.info twitter.com/frets fb.com/prosody
Most "old fashioned" voting methods leave a paper trail, which is why Florida COULD recount the votes as they did. I forsee any electronic voting as being strictly that, so if it comes time for a recount or dispute, they'll just say "but the computer says...and computers are never wrong."
Yes I know this is a pseudo trollish post, but the write-up mentions e-voting as being just as hackable right...
But is it just as <bushism>stealable</bushism> (Dr Evil laugh muwahahaha
MoFscker
While both systems have their flaws, I suspect that more people will try to exploit the e-voting system than the current physical system. Currently, you either have to be present at the voting station, or in contact with a box of ballets to mess with the results. With the internet, there's less evidence to leave behind, and you can scam the system from the comfort of your home (or a public comp if you want less of a trail).
DO NOT WRITE IN THIS SPACE
okThe article points out many problems with the traditional voting system, but few of them would be eliminated by the adoption of electronic voting machines. No matter what sort of device is used to record the votes, corrupt officials can still disenfranchise or intimidate voters, poll workers can still be ignorant, and so on.
Just because the current system is broken doesn't mean it's okay to go ahead and adopt one that will introduce even more vulnerabilities. Setting up roadblocks is one thing, arbitrarily altering votes remotely with no audit trail is another.
I don't think it's necessarily impossible for a sufficiently secure electronic voting machine to be built, but the Diebold system sure ain't it; such a dangerously insecure system deservers nothing less than the stiff opposition Garfinkel pokes fun at.
Ubi dubium, ibi libertas.
If no one is paying attention. The example Garfinkel gives of the election official writing down whatever he feels like is a perfect example. OF COURSE if you hand over the ballots to some election official, and he goes into some room by himself, he can come out of that room and say whatever he feels like. He can even show you the ballots, and you have no idea whether those are the ones that went into the room in the first place.
That's why you have to have physical ballots, but then the ballot boxes have to be watched by party representatives every minute from the time the empty box is put in the polling station to the time the ballots are counted, in public. If the votes leave the representatives' sight, they could be tampered with.
That's the whole problem with "black box" electronic voting: it's essentially a room where the ballots leave your sight. Anything could happen to them!
Now, if Americans or the political parties don't care enough about elections to have observers at every step, then we might as well just give up on democracy and go home.
Imagine, it's Election Day 2004. You enter your polling place and go to cast your vote on a brand new "touch screen" voting machine. The screen says your vote has been counted. As you exit the voting booth, however, you begin to wonder. How do I know if the machine actually recorded my vote? This fact is, you don't. ~ Representative Rush Holt (NJ).
The problem is simple: A touch screen voting machine records your vote in the memory of the machine, where you can't see it. How do you know your vote for candidate A wasn't recorded as a vote for candidate B? You don't!
Many states and communities are planning to buy massive numbers of so-called "Direct Recording Electronic" (DRE) machines (paperless touch screen are DREs, but there are other kinds of DREs that use dials or switches instead of touch screens). Some are already using them.
Unfortunately, these machines are dangerous for democracy. With the computer technology they are using, there is always a risk that a program flaw or, worse, tampering with the software could change votes and even change the outcome of elections. And these changes might not be detected! Since ballots are secret, once the voter leaves the booth there is no one who can detect or correct any errors that the machine made in recording the votes. If the election results are obviously absurd, as happens occasionally with other kinds of vote-counting equipment, the only options will be to accept an obviously wrong election result or hold a new election.
The solution is simple: require there to be a "voter verifiable audit trail" with all voting equipment. A voter verifiable audit trail is a permanent record of each vote that the voter can check to ensure that it represents their intent. These votes are deposited in a secure ballot box. If there is a manual recount, we can be sure that the votes being counted are what the voters wanted to cast.
Without this requirement, we can never again have confidence that our elections reflect the will of the voters, as opposed to a random error or the will of someone who tampered with the voting machines.
Why not make it a multi-step process. Use three separate machines designed and tested independently which are used for the voting process. Along with a memory chip (key-chain style) with a unique ID.
The first machine you make your vote. The second machine you confirm your vote. If you want to change your vote you go back to the first machine. As a final step you give your chip to the last machine which does not return it.
The chip and each machine contains an independent record of your vote. Overly complicated? Yes! Completely redundant? Yes! But that's the point. Three separate machines, each could check the other, each could be manually polled later to confirm the election results. Plus, the memory chip could be independently counted as well.
Just a thought.
-sweatyb
It breaks my pluginses, my precious!
If you look at their staff list, you will notice they have ONE fact checker and 21 people involved in marketing and sales.
I give this article about as much credibility as I gave the last several MIT Technology Review articles posted here on Slashdot. In other words, none.
the essence of Garfinkels artgument against VerifiedVoting (the "anti-DRM crowd") is summed up in this flawed example
Are we supposed to take anything said by Simson Garfinkel seriously? Just look at this hilarious article he wrote 3 years ago. It predicted that Linux would be destroyed by viruses. Hasn't happened (even though Linux "anti-virus" software, his proposed solution, is a rarity)
Yah, yah, I know, "Look at the merits of the argument, not it's deliverer". I just thought it was funny to look back at the the old article in light of the Microsoft worms that rampaged over the last month.
Due to my bad memory, I forgot the count while I was writing the post. They have 26 people involved in marketing and advertising.
e-voting might not be so bad, if done properly.
A government project that is implemented well. Isn't that an oxymoron???
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.
It's the same reason email spam is a lot more annoying than bulk snailmail. So saying that this is just as hackable as paper ballots is, frankly, a stretch.
Any one else getting a bad SSL cert from the link? Do you trust just any old cert thrown at you? I would trust a self issued cert before I trust one that is valid but on the wrong url it was issued for.
We substituted the coffee Slashdot normally drinks with "Sandoz Crystals", Lets see if they notice the difference
It lets a group of people who want to coerce others into voting the "right way" know who to beat up when they fail to follow the party line.
It lets people buy votes secure in the knowledge that the vote they bought was cast correctly.
It makes it easy to find those in a community who are prone to wrongthink.
Yah, lets go with it - it is so clearly a vast improvement over the other messy systems that might actually allow for independent thought.
Simson GarFINKEL, not Garfield. Who's editor today, George W. Bush?
You see? You see? Your stupid minds! Stupid! Stupid!
I've never heard of Simson Garfield. Did you mean Simson Garfinkel?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Electronic voting systems allow massive tampering across multiple precincts - from thousands of miles away. And you can't narrow the suspects down to two or three people who supervised voting in one precinct - anyone with a modem and technical know-how can be a suspect when electronic voting goes sour.
== Paul Rickard, Editor of The Microsoft Boycott Campaign ====
Who says "the solution" has to include the internet in some or any form?
Put a kiosk in every grocery store, have it dial-up to a central server push/pull whatever it needs to. for practical purposes, you could have it do this every 30 min to save phone lines or something.
Alternately, have the kiosk connected to internet, but "hide" all IPs, this isn't a security through obscurity issue, this is because every stupid script-kiddie would DOS any "central" or even semi-central server.
And just as a side note, at least in Texas, stop w/ this bullshit about having to go to a specific location to vote. I have to drive half way across town to vote in "my district". Put the voter registration on the server as well, when I scan my barcoded AND (wtf?) magstriped DL through it, mark me voted. You can know what to pull up based on my voter registration.
If you are out to describe the truth, leave elegance to the tailor - Albert Einstein
Why do I have the feeling that a mysterious man known as 'Cowboy Neal' would win every election.
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
why not just use lottery machines?
florida surely knows how to use them.
and when was the last time you heard about the "Big Game" getting hacked?
Here's how we fix our electronic voting problem;
1: The software is open source and produced by the open source community, not by the goverment or any corperations. There should be several different voting projects at any given time to ensure no single group of people control the software. Encryption schemes and the softwares structure needs to be changed on a yearly basis to ensure that it is difficult to tamper with.
2: All voting machines will be x86 based boxes (for simplicity and cheapness sake) and built by certified professionals who give community service to do this. It's a requirement that they use fiber optic cable between the voting booth and whatever central server in the building they have.
3: Electon boxes are only allowed in public buildings such as city halls, schools, police stations, etc and must be hooked upto the internet in this way. No corperation may host a voting event.
4: Between ends, there needs to be hefty encryption to ensure ISP's don't tamper with the information.
5: A paper ballot will be taken, meaning, everyone who votes leaves a paper trail which is stored perminantly and a reciept given to everyone who votes at the machine when they do.
6: If 1% of the voting population for any given district, or if 1% of the total population of the country, sign a petition for a recount then there will be a recount done using the paper ballots.
7: Leave the system up year round and invite people to hack into it so long as they report how they hacked into it. Before election, the system is flushed and the software is reinstalled.
As is right now, there are far too many problems with the current system. Too many conflicts of interest and too many people trying to rig the machines. It's going to be interesting to see in the next 5 or 10 years if the USA turns into a totalitarian dictatorship or if the people start civil war, or if the issues are going to be solved peacefully.
Candy-Coated Knowledge
Also could be called two "straw man" fallacies, for those old-skool... the "straw man" being the second most popular rhetorical technique here on Slashdot, right after ad hominem...
Good catch.
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
I gave a preesntation to my Computers and Society class discussing voting technology, and in part I covered more traditional fraud methods. Chain voting is a method of vote selling exploiting weak ballot accounting for ballots.
The buyer of said votes pays for blank ballots, and offers out prevoted ballots. A selling voter takes the prevoted with them to the polling place, and switches the blank ballot issued to them for the prevoted ballot. They then return to the buyer and collect for their empty ballot. Of course someone has to get out with an empty ballot to start the process, effectively throwing one vote away.
Traditional means of combatting chain voting is to issue the ballot with a tear off serial number. This way you can have a temporary link between the voter and the ballot. With a slip cover that leaves only the tear away number exposed, you can attempt this without losing secrecy. The electronic machine with printout doesn't nessecarily prevent this. The problem I often see with the computer experts is not their zeal to point out and evaluate technical systems, but their inablility to apply lessons learned from the past. Sure, someone could hack in, but an paper trail won't nessecarily prevent more traditional (and probably simpler) vote selling techniques. The problem in the nation the article mentioned could have been prevented by issuing ballots to insert into the printer. Spot checks in the paper ballot can't fix this, since there would have to be some sort of examinable data between the ballot and the voter.
I Browse at +4 Flamebait
Open Source Sysadmin
Direct manipulation of the vote is not the only means of exploitation. The goal of the Australian vote is to discourage coersion. Imagine a form of fraud the voter took part in. Say a third party is paying people to vote a certain way. Giving people a way to prove they voted one way or the other removes this secrecy. Now you just have to show Big Boss that you voted the right way to collect your 30 bucks.
Kinda makes me wonder how much a vote is worth these days...
I Browse at +4 Flamebait
Open Source Sysadmin
But that doesn't mean they'll use it. Do you really expect Sen. Hagel to be happy to see an open-source voting system replace his voting machines?
1. An unscrupulous person (UP) obtains a ballot.
2. UP fills it out to vote for the candidates of UP's choice.
3. UP then hands the ballot to a voter for them to turn in as their own in return for payment.
4. The voter goes in, picks up a new ballot, submits the pre-filled ballot as their own, then walks back out carrying a blank ballot.
5. The voter hands the blank ballot to UP, who pays them.
6. He has another blank ballot, so back to step 1...
Thus, a chain of voters go in, each voting exactly the way the unscrupulus person desires them to...
Now, an electronic system with paper trail can be hit with a similar method... let's assume the machine prints out a "receipt" for the voter, which he then deposits in a ballot box for use in recounts. Our UP simply has to get one of those receipts (UP votes, but forgets to drop off the receipt, or drops off a fake one or blank slip instead), then instruct the voters to use the same choices from the sheet, drop that one in the box (he could mark it slightly so that he knows they didn't bring back the same one), then bring back their own receipt as proof that they voted properly. The receipts wouldn't have any voter-identifiable information on them (ballot box secrecy and such), so that isn't a problem. And each receipt that ends up in the box would match the time-stamp or other identifiers for an actual voter... the only problem is that the last person's original receipt doesn't make it into the box (and the UP's item in the box is a fake), which a careful recount could discover.
Although I'm not sure that vote buying or selling should necessarily be wrong, ie people are still responsible for their vote, they just choose and accept to give it in exchange for money. They'd have to choose and accept the actions of the person whom they elect that way.
From here about half way down
38 / March 2000 Illinois Issues
One major vote fraud technique was "chain voting," where a wily precinct captain would obtain a blank punch card, often by securing an absentee ballot, and punch in the "right" votes. He would then give the prepunched card to a voter -- sometimes solicited off the street with a few bucks or a bottle of cheap wine -- have him go in to vote, drop the prepunched card in the box on the way out and hand the precinct captain another unpunched card. The "chain" could go on all day, as long as cooperating voters could be found and friendly election judges didn't examine things too closely.
----------
Note that this method probably works with any paper voting system.
It would be interesting to have a system whereby a computer can be used to facilitate the vote (eg with photos of candidates etc) print the filled out ballot, and it also records the result. Then the paper vote count could be compared with the computer vote count. If they were different you'd know that some stuffing around had occured although you still couldn't rule out "chain voting". Hmm, maybe if the paper had a security tag that beeped if it left the room...and you could see people putting their ballots in, and they had no opportunity to hand blank ballots over to bodgy election officials without being seen by everyone else that is voting.
I think if we're game to use the internet or computers for banking we should be game to use it for voting. Also if we do stick with paper, a computer system that prints out the ballot would still help people who can't read or see paper or whom have dodgy handwriting. Ie it would still be better than paper alone.
-- it must be true, it's on the internet.
You said:
About them calling the election for Gore after the polls closed. Wrong. I won't attempt to disprove the rest of your post... but....
CBS called Florida for Gore at 7:49 Eastern. They also claimed during the last hour that the polls were open that the polls were closed sixteen times.
Sorry for the lack of sources. They are all print.
The polls in the EST part of Florida (read, almost all of the state) closed 7:00 EST. The polls in CST (read, just a small part of the panhandle) closed 8:00 EST. According to exit polls, Gore was enough ahead that they decided they'd call 11 minutes before polls closed in the panhandle, costing Bush maybe 10 votes relative to Gore.
Our forefathers didn't trust each other. They knew that opposing interests and herd behavior were dangerous things and devised a three part government that allowed things to go slowly enough and within sight of all (for the most part) as checks and balances to loosing our freedoms (current government take note).
One of the most successful business technologies in the past few centuries, that made business possible, was the creation of double entry bookkeeping, with its built in checks and balances. But even that is not enough, companies are audited by independent auditors (we usually independent, see what happens when they are not).
Without these transparancies of process and independent oversight we would have many more, Savings and Loan scandals, or Enron's or WorldComs. Even with those in place, greedy people will be constantly trying and finding ways around those controls.
So let's have a non-transparent centralized computer tally of votes. Lets require that citizens understand and or have the electronic technology to vote. We don't need to maintain our freedoms that badly do we?
Today they annouced another round of hackable exploits to Microsoft Office software. Also, today Taiwan is being attacked digitally from China.
Electronic technology itself isn't the answer. Encryption does not protect against attack, it only slows it down. Case in point, I have heard it said that the DES standard was adjusted to be fewer bits so only the large NSA computers could crack it. The government is nervous about any technology that prevents them the ability to spy on information or individuals. So then only the holders of the most computer resources could crack your vote. Do you trust who is in control of policy there now? Or more importanly do you trust who is going to be in control of those resources in the future. That is the fundemental pessimism that was built into our three branches of government for good reason. Any solution to the voting problem, and we do have a serious voting problem as exhibited by the last presidential election, needs to include transparent checks and balances, needs to be simple and non-technological for the voter, and needs to have the eyes of many people of differing views watching the process like a hawk. Our very future is at stake and we can't let it be controlled out of sight or hackable, by anyone.
Another slashdot vote for Electornic paranoia.
Austrailia story
Hell, open heart surgery "might not be so bad, if done properly," either. The trick is doing it properly, which seems to have the odds stacked heavily against it. I still maintain ist a hellva lot easier to have a few thousand digitally altered votes go unnoticed than it is a few thousand dead people or illegal immigrants voting. At least there is normally some sort of paper trail on the latter people can point fingers at.
You need a FREE iPod Nano
What's even more amusing than the lame analogy is that doctors are actually using leeches a lot in medicine, because they work better.
I am a viral sig. Please copy me and help me spread. Thank you.
Electronic door locks come with their own new and unique vulnerabilities. It isn't obvious that they are better than mechanical locks.
Mea navis aericumbens anguillis abundat
I haven't decided if I believe it or not, yet. But it definitely is an interesting read.
This interesting quote (pg. 18) should be easy enough to verify:
Anyone happen to know if this is true?
I've started the process of lobbying my state legislature (Ohio) to allow a voter to opt-out from using the DRE's...and vote on a paper ballot to be counted by the pollworker...if they wanted.
In fact, this is what I sent a state representative today:
The controversy concerning voting machine technology reliability and security alarm many Ohioans. The beauty of the elections system is that it has been tried and tested for many decades...processing votes by hand.
As a pollwoker myself, I believe that an Ohioan should be able to vote in the way they feel most comfortable and confident; clearly the failures in Florida reflect this. If a voter doesn't feel that the voting machine will count their vote accurately, they should not be forced to vote that way.
For this reason, I request that legislation be introduced allowing for an Ohio voter to opt out of using the machine and vote on a paper ballot.
I am not entirely sure on how this would work...certainly a county could print up a number of pre-printed cards with the candidate/referendum choices. However, it could also be possible for a voter to simply write down their choices, at the polls, on a piece of paper, and that paper be submitted into a ballot box (or envelope) for counting at the end of the night.
I believe this greatly enhances the security of the voting machines...voting machine companies would always be competing with the tried and true method of voting, and that competition will make for a better voting system. Not to mention the fact that Ohio voters will appreciate having the choice.
There's no reason why someone should be forced to vote on a machine they don't want to use, please make it possible for Ohio law to recognize this.
Guess how LBJ (Lyndon B. Johnson) got the nickname "Landslide Lyndon"?
Mea navis aericumbens anguillis abundat
How about having computerized voting machines that punch each voters vote(s) into a card right when they finish, and allow the voter to inspect the card for accuracy? Obviously, inspection wouldn't help people who can't see very well, but it would be better then storing everything in RAM or on disk.
That page says, "Since 1899, Technology Review has been MIT's magazine of innovation." Notice how they don't explain what the initials stand for. It appears however, that the publication has been around long enough to predate a trademark on "MIT".
They never refer to their parent as Massachusetts Institute of Technology. They always say MIT. The only place they spell the name out is when referring to the board members (some of whom are associated with the Massachusetts Institute of Technology). In that case they go to great lengths to spell it out.
At any rate, their parent organization is the Association of Alumni and Alumnae of the Massachusetts Institute of Technology. I found an article which explains their apparent downward spiral from "most credible" to the garbage they spew out today.
Regardless of their (non)relationship to the Massachusetts Institute of Technology, they still have no credibility. They consider advertising 26 times more important than fact checking. As far as I can tell, there is no peer-review. Their articles read like paid advertisements (it wouldn't surprise me if they are paid advertisements).
The editor-in-chief is a big-time media whore.
The CEO formerly worked for Time and Fortune. Prior to that he was involved in T.V. Entertainment and TV Sports. His great accomplishments were to increase circulation and revenue.
Their home page is an advertisement. All of their other pages are bursting with advertisements. It is clear where Technology Review's priorities lie, and it is not with reporting the truth.
The machine can be programmed to reject attempted votes that are patently wrong, like voting both "yes" and "no" on a referendum question.
And the machine won't let me!
This sort of election-stealing logic would be easy to code into the voting machine's operating system ... This isn't as far-fetched as it might sound: Unauthorized features called "Easter eggs" are routinely hidden in commercial software, even software shipped by Microsoft.
Is Microsoft now known for writing high-quality, secure software?
The article was extremely misleading in its claim that academics such as David Dill at Stanford are opposed to DRE voting systems. Dill does not *oppose* DREs, he just believes that they should produce a paper ballot, which should be used at least for a back-up or verification of the electronically recorded votes.
The article mentions a "chain voting scam" that backup paper ballots are supposedly vulnerable to, but it says nothing whatsoever about how the scam works. Does anyone know what this is all about?
By the way, please read Ensuring the Integrity of Electronic Voting.
I watch Brit Hume on Fox News
A system that mimics the old voting really...
If you vote electronic, you have to go to the voting office and you get your "ballot" a card that resembles a ATM-card.
You then go to a computer, enter that card and enter your vote.
Next you put the card in a typical voting box
Those boxes gets collected and the data is red & votings are counted.
This systems makes recounts and impartial checks possible.
--> Insert Funny Sig Here
Many have cited the larger population size as a reason why plain pen-and-paper ballots with hand counting won't work in the United States even though it works in Canada, European countries, and other places.
Sure, the US has about ten times the population of Canada. But that also means they have access to ten times as many vote counters! What matters is the percentage of the population who would be interested in vote counting, not the absolute population size. I'm sure there are enough politically interested people who would be interested in counting. Have counters from each party doing the counting and cross-checking each other, and that's all you need. As long as the counting is done *locally* of course, so you don't have to fly or drive thousands of people to a centralized location.
A technical solution isn't always the best solution. This reminds me of the old story (I don't know if it's actually true) about the astronaut pen. NASA needed to find a way for astronauts to write in the weightlessness of space, but traditional pens wouldn't work because they relied on gravity to drag the ink towards the point of the pen. So they spent a million dollars to develop the astronaut pen that could write upside down or in weightlessness. The Russians when faced with the same problem, used a pencil.
---------
There is inferior bacteria on the interior of your posterior.
It isn't.
Mea navis aericumbens anguillis abundat
Due to the political system in the United States, there can be a rather large number of offices and questions on a ballot.
Mea navis aericumbens anguillis abundat
Even Brazil was able to create a very secure system for e-voting, we alre already selling or giving our voting machines to other countries like Paraguay. :P
I would say that how comes US can't do it, but remembering you have the guy who lost the election as president explains a lot...
I can't even understand why US keeps that old districtal system for presidential elections. Someone can have more votes in total, but loose anyway! Makes no sense to me
All extremes are bad. There's a middle ground solution. But first, lets counter Selkers arguments.
** Independently of how many ways polititians have or may find to cheat on an election, the artifact used to count the votes and the counting itself _has_ to be auditable. Big period. **
The middle ground solution is a system just like the DRE's that prints one or more tickets that the voter reviews and then deposits in a box.
The ticket, which could be something like a parking lot ticket, would contain:
1) The election made in plain text.
2) The election coded in a barcode or magnetic strip.
The counting would still be done by the computer, but, in case of any doubt about results, an simple, independent audit could be done with just the help of a barcode reader.
Only a small, statistically calculated number of votes would need to be audited; just enough to be statistically certain that a full recount would not alter the result.
The software to do the ouditing could be and should be independently developed. The software would be so simple that it could be developed in a few days after the election.
Juanco
-- Juanco
I have heard it said that the DES standard was adjusted to be fewer bits so only the large NSA computers could crack it. The government is nervous about any technology that prevents them the ability to spy on information or individuals.
The government did ask IBM to change part of the DES specification without explanation. However, years later some academic researchers discovered a new cryptanalysis technique and was shocked to find that the government's changes made DES more secure in light of this attack. The NSA scientists seemed to imply that they knew about this attack years before the academic cryptography community (just like they invented public-key cryptography before RSA did).
From the MIT Voting Technology project:
"Fraud and security are social problems - people will commit fraud if they are willing to win by any means. Error is more of an engineering problem"
So we have people more concerned with design and other cool engineering problems. While ignoring voter fraud because it is a "social" problem.
And this is suppose to make me more confident about electronic voting?
"To err is human, but to really foul things up takes a computer."
Sure, there's meatspace equivalents to hacking voting machines, but when you're dealing with paper votes, it's a long, arduous process to fudge the system. People have to do it by *hand*.
To be truly efficient at hacking the system, you need to use easily copyable electronic bits that you can modify on a whim. A small program or a few lines of code in an appropriate place will result in errors/hacks/vote stealing/ballot box stuffing on a scale of tens of millions in very short order. Any programmer or sysadmin that's ever made a mistake in a recursive program knows this. That's why we complain so loudly.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
The dumbest thing about DRE's is that they negate the point of voting for most folks. Voting is part of process of creating a "legimate" government - a government that appears to rule by the consent of the governed.
DRE's strike at the heart of that consent by making the process completely opaque. How many citizens understand concepts like encryption? Heck, most citizens have a hard time understanding how a paper-based voting system works.
A voting system must include a auditable paper component - it's the only way to make the process real to most voters.
And what's with the laundry list of other ways of screwing up elections that Garfinkel puts forth? That's like a certain operating system vendor saying, "Well, gee, it's true our new OS is made of swiss cheese, but look , we've discovered that the desk you have your monitor on sucks, too, so it's okay, right?"
[And I heard that! No snarky comments about whether legitimacy is a good thing in a government - the only thing worse than a legit gov is one that's not...]
Well, the NSA is about 200 years ahead of the rest of the world in mathematical theory.
A complete explanation on how it has been done in at least one place outside the USA is available on the web.
Interestingly, if you read the whole pdf report linked to, it shows a distinct trend for Greens and Democrats to use e-Voting rather than the paper alternative.
Oh yes, and this system has been mentioned quite a few times in /. comments for the last 2 years.
Zoe Brain - Rocket Scientist
chain voting happens when the ballot papers recirculated. They could get round what you suggest by always using box number 1 or getting the willing participant to use a specific box and then using that box to "prepunch" the ballot paper for the next voter. Ie the voter goes in with a premarked vote that he doesn't show until he posts it infront of the vote supervisor and comes out with a blank vote form that he hands over to Mr Dodgy to mark (presumably in exchange for money or whatever.
This unfortunate system works whether you use the computers or not. You do need dodgy operators in the voting hall, which seems to be quite common in Florida and Chicago. I'm not sure it would be real easy to do if the computer will only issue punched votes so Mr Dodgy couldn't get a blank one or mark it himself. I guess he could still do "vote stuffing".
What happens if you want to change your mind after you've sighted the receipt/printed the ballot? What happens if the polling booth has more votes than people that showed up to vote (stuffing).
I guess you could be given a vote mill key, and that allows one ballot to be printed by the computer you use and if you stuff it up, you have to take back the key and the printed ballot paper, and get issued with new ones. And the keys cannot be used twice without being reset inbetween with a separate machine. Or maybe it would be possible to make once only keys. And you'd get to choose the key from many so that they couldn't link your name to the key to the vote. Like the key could be linked to the vote but not your name.
buying votes can happen when you get a vote confirmation/receipt and can show it to Vinnie outside, who gives you $20 for it. I'm not sure what happens if Vinnie is expecting you to show him your receipt and you put it in the bin inside the voting hall.
-- it must be true, it's on the internet.