Slashdot Mirror
Electronic Voting: The Other Side of the Story
_randy_64 writes "We've all read about the perils of online voting. But in an article in MIT's Tech Review, noted technologist Simson Garfinkel looks at the other side of the story and comes away thinking that e-voting might not be so bad, if done properly. He mentions several ways that traditional ballot voting is just as 'hackable' as the electronic version."
I don't understand why a cryptographic protocol using a blind signature can't be used to make an auditable voting system.
To me it seems like it could be a special case of the digital cash problem that guys like David Chaum worked on. You give everyone a single vote that they can cast -- a blob of data with a blinded digital signature. Then you let them spend them (vote) however they want.
You could even let candidates set up their own sites to collect their own votes. So someone could give Dean or Bush their vote, and then Dean or Bush could turn them into the election commision. It wouldn't be necessary to do that -- a central site makes more sense -- but wouldn't it be secure enough to let the candidates collect their own votes, with a realtime online election commision protecting against double voting?
If DigiCash is secure (and although it's been dead for a long time, I think it was considered secure), it seems like this should be secure.
The article is right when it points out that we have a lot of election fraud now -- it ought to be possible to improve things substantially.
This was a charade to get Bush into power to get more oil for more money, yadayada, circle of life in the industrial age.
/.
Anyone with any kind of intelligence can see that all these "little" events lead to something bigger.
Read the last few stories about this electronic voting scam in the past few days at
[cx]
-Yeah Im a troll but i have a trolly opinion
Not Garfield.
It's right there at the top of his site.
In spain, elections are in sundays and for every urn 3 citizens are selected to be there, checking who votes and after the urns close to COUNT (and recount) on site the votes, write and phone the results obtained.
All mayor political parties have people in every urn ensuring that no tamper is done.
After the count its done law agents transport the urns and the results to the main storage.
The phone submited count its later validated with the paper written count.
We get the vote count in a hour after the elections ends.
Also we use 1 paper per candidate printed by central governement, no butterfly thingies -> no mistakes.
He mentions several ways that traditional ballot voting is just as 'hackable' as the electronic version.
... could be hard to detect or trace, if there was a security lapse.
Though, naturally, the distinction between manual ballot stuffing and computer ballot-stuffing (and the like) has similar differences as between bank robbery and embezzlement... the former usually leaves a lot more physical signature and is usually more easily traceable as to the "who's" and "how's".
update nationalvotes set candidatechosen = "Bush" where name like "%e%"
As an idea, how about having in effect two buttons for a given candidate, each of which hooks up to a completely different network run by a different company, then comparing the results between the two? It seems like this could go a long way to verifying accuracy and providing a traceback method for voting fraud.
Just a thought.
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
The mechanism of voting must be ethically secure from all forms of fraud. Currently, there is no standard voting mechanism. Paper voting machines, long the standard, are cumbersome and inefficient. Electronic voting mechanisms are prone to fraud from outside interestes or from internal corruption.
To solve the problem of voting fraud at a mechanical level, many would seek to improve the mechanism. These voting machines are, at their core, computers. From touchscreens to punchcards to beans in a hat, voting machines are all computational devices. There are limits to the security/infallibility of any secret voting machine. The mechanism can be tampered with at too many levels. Any mechanism installed to monitor another anti-fraud mechanism could be tampered with as well.
The only solution that comes to mind is public voting. Public voting would be the case that you let your vote be associated with you. No more voting anonymously. This may seem like a great loss of freedom, but consider the increased power it gives the public. Votes could be counted and recounted by several independant parties after and during the vote. Being responsible and accountable for the vote that you make might seem like a liablity, but it may be a small price to pay for equal and accurate representation.
There will always be ways to cheat a system, electronic or not. The focus should be on ways to validate a vote. For instance in the case of electronic voting, flags should be raised if a voter votes outside his party, or has not voted in past elections. I'd personally like to see something in writing telling me who I voted for when the voting is over, like a site where I can query my voting history.
it was discovered that boxes of ballots had been damaged
left in insecure locations
lost
one case even stolen
The large delays weren't on account of time needed to actually recount, but to establish how to compensate for the above, and for the fact that many boxes were discovered to never have been counted in the first place!
I want facts, not propaganda or liberal conjecture.
Right now a vote can be thrown out because the voter makes a stupid mistake. Perhaps the voter is stupid or maybe the ballot format is. A vote can be ignored if a vote counter at each counting location doesn't like the vote and slips it into the garbage or, as the essay says, just records the Republican votes as Democratic votes. The numbers can be messed up anywhere along the line.
With electronic voting the only thing that fundamentally has to be checked is that the whole world agrees the code is correct without little treasures to modify votes. You make the code simple (it doesn't have to be complicated), you bring in software developers that represent each political party, you give them each the code to browse to their heart's content. Each software developer then compiles the program with their own copy of the code (which they inspected and can archive and take with them) and they all come back and all the executables better be identical. That way everyone agrees we're talking about the same thing. Then you do an MD5 on that bugger and somehow work that into the encrypted vote that is recorded on the system. That takes care of the actual program that is being used being known to be valid and accepted by everyone.
Once you political parties are confident that the program itself is sound, getting the kinks out to keep vote selling out of town are minor details.
If the program can be certified by all concerned as described above there is virtually no way anyone could modify the results on election day.
I admit that I haven't read the article yet but I'll say this. Much of the voter fraud in paper ballots would stop if they simply counted the ballots at the polling place first, in public view, before they load them up and haul them to the court house. If the ballot box never leaves the sight of the public then it is much harder to mess with the vote. Any system can be fouled with but the more eyeballs on the event the harder it is to pull off.
I am not a programmer so I will never trust a computerised election. I personally have no ability to confirm what a select group of appointed overseers(programers) will tell me about the security, or lack of, the computerized or even mechanical election system.
All the machines and computers are just a shell game to steal elections. A paper and pencil and public counting and who the hell cares if it takes 10 hours to do it. They count paper ballots in Canada often in under 4 hours.
Our right to vote was stolen years ago. Elections are a sham and our last presidental election proved it. I'm a Bush supporter and even I think that he stole the election. Not that Gore didn't try. Bush was just better at it. Just like Clinton was better then Bush or Dole at it.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
Imagine, it's Election Day 2004. You enter your polling place and go to cast your vote on a brand new "touch screen" voting machine. The screen says your vote has been counted. As you exit the voting booth, however, you begin to wonder. How do I know if the machine actually recorded my vote? This fact is, you don't. ~ Representative Rush Holt (NJ).
The problem is simple: A touch screen voting machine records your vote in the memory of the machine, where you can't see it. How do you know your vote for candidate A wasn't recorded as a vote for candidate B? You don't!
Many states and communities are planning to buy massive numbers of so-called "Direct Recording Electronic" (DRE) machines (paperless touch screen are DREs, but there are other kinds of DREs that use dials or switches instead of touch screens). Some are already using them.
Unfortunately, these machines are dangerous for democracy. With the computer technology they are using, there is always a risk that a program flaw or, worse, tampering with the software could change votes and even change the outcome of elections. And these changes might not be detected! Since ballots are secret, once the voter leaves the booth there is no one who can detect or correct any errors that the machine made in recording the votes. If the election results are obviously absurd, as happens occasionally with other kinds of vote-counting equipment, the only options will be to accept an obviously wrong election result or hold a new election.
The solution is simple: require there to be a "voter verifiable audit trail" with all voting equipment. A voter verifiable audit trail is a permanent record of each vote that the voter can check to ensure that it represents their intent. These votes are deposited in a secure ballot box. If there is a manual recount, we can be sure that the votes being counted are what the voters wanted to cast.
Without this requirement, we can never again have confidence that our elections reflect the will of the voters, as opposed to a random error or the will of someone who tampered with the voting machines.
Who says "the solution" has to include the internet in some or any form?
Put a kiosk in every grocery store, have it dial-up to a central server push/pull whatever it needs to. for practical purposes, you could have it do this every 30 min to save phone lines or something.
Alternately, have the kiosk connected to internet, but "hide" all IPs, this isn't a security through obscurity issue, this is because every stupid script-kiddie would DOS any "central" or even semi-central server.
And just as a side note, at least in Texas, stop w/ this bullshit about having to go to a specific location to vote. I have to drive half way across town to vote in "my district". Put the voter registration on the server as well, when I scan my barcoded AND (wtf?) magstriped DL through it, mark me voted. You can know what to pull up based on my voter registration.
If you are out to describe the truth, leave elegance to the tailor - Albert Einstein
Well here in California some ballots were found floating is SF bay, and a ballot box left too long in the trunk of a pollworker's car. I don't have the facts, but I read it in several different local newspapers. No, I don't have sources, since I through out newspapers more than a week old.
But simple logic should tell you that after a few recounts in Dade county involving manual handling, the odds of unpunched chads becoming loose or even falling out, are not insignificant.
I also have experience on the latter. I spent a few months working for a major printing press that had the contract for the upcoming state primary elections for several states. All the ballots were punch-style. Loose chads were all over the floor at the end of the shift. Just sliding a ballot sheet over another would guarantee a chad dropping out. Fortunately there were a lot of QA procedures in place. Overall the damaged ballots would be an insignificant factor in an election. But when the 2000 Florida race was so close, that factor could make a whole bunch of people get their panties in a twist.
Don't blame me, I didn't vote for either of them!
I've started the process of lobbying my state legislature (Ohio) to allow a voter to opt-out from using the DRE's...and vote on a paper ballot to be counted by the pollworker...if they wanted.
In fact, this is what I sent a state representative today:
The controversy concerning voting machine technology reliability and security alarm many Ohioans. The beauty of the elections system is that it has been tried and tested for many decades...processing votes by hand.
As a pollwoker myself, I believe that an Ohioan should be able to vote in the way they feel most comfortable and confident; clearly the failures in Florida reflect this. If a voter doesn't feel that the voting machine will count their vote accurately, they should not be forced to vote that way.
For this reason, I request that legislation be introduced allowing for an Ohio voter to opt out of using the machine and vote on a paper ballot.
I am not entirely sure on how this would work...certainly a county could print up a number of pre-printed cards with the candidate/referendum choices. However, it could also be possible for a voter to simply write down their choices, at the polls, on a piece of paper, and that paper be submitted into a ballot box (or envelope) for counting at the end of the night.
I believe this greatly enhances the security of the voting machines...voting machine companies would always be competing with the tried and true method of voting, and that competition will make for a better voting system. Not to mention the fact that Ohio voters will appreciate having the choice.
There's no reason why someone should be forced to vote on a machine they don't want to use, please make it possible for Ohio law to recognize this.
how about, the computer prints out a piece of paper, behind glass, so you can verify what it says, but you never get to touch it in any way? all the pieces of paper are collected in a secure location in each machine. verifying that the computer has no way to mess with the paper once it's printed shouldn't be very hard.
it looks like the chain voting thing works because the manipulator can verify to some extent that the voter picked the right candidate. if you don't give the voter any kind of paper to carry out, the system collapses (and of course even now a wily voter could keep the bribe and vote for whoever they wanted simply by soiling the prepared ballot and asking for another one).
I suppose that brings me to another thought -- whether buying votes should be wrong. i think that, morally speaking, taking someone's money and then voting for whoever you feel like is pretty nifty. taking someone's money and then voting for whoever they feel like is a very bad thing, however. think about the obvious influence corporations have now in the US -- all the issues we talk about here with the senator from Disney and so on. would you like to see what happens when a corporation's power to influence elections is multiplied ten-fold? when exxon mobile, walmart, and general motors are the three biggest forces in American politics?
heh. ok. so would I. but I think it would be the kind of movie featuring arnold schwarzeneger rather than robin williams, don't you?