Observer Pans Touchscreen Voting Test

riversidevoter writes "I recently observed the Logic and Accuracy 'test' given to the touchscreen voting machines in Riverside CA. Riverside County uses voting machines and software from Sequoia Voting Systems. The voting kiosks do not produce a voter-verified paper trail. As a computer programmer familiar with software testing, I was really disappointed at what I saw." Read on for his critical observations of the demonstration.

riversidevoter continues: "WinEDS, the program that is used to count votes, was only tested in a pre-election mode. The software was not tested in the configuration that it would be in on election day.

In addition to that, people signed a form that said that they had verified the results of the test before the test had finished running. Mischelle Townsend, the Riverside County Registrar of Voters, told Salon that the form that people signed was just an attendance form. But the form clearly states 'We the undersigned declare that we observed the process of logic and accuracy testing of voting equipment performed by the Riverside County Registrar of Voters, as required by law and that all tests performed resulted in accurate voting of all units tested, including both touchscreen and absentee systems.'

You can see a copy of the Salon article here. You can see a copy of the form that people signed here.

I also believe that the observation group that witnessed the test was given a misleading description of Sequoia's system. For example, the fact that the votes are transferred from the DRE to a SQL Server database to be counted was never fully disclosed to all the members of the group.

Also, the sheer number of times that the phrase 'proprietary operating system' was used, among other things, helped to create the impression that Sequoia's system is not as reliant on Microsoft Windows as it really is.

I have created a website about this issue; please take a look at it.

On the website you can find my report on what happened that day (which outlines several problems I haven't mentioned in this posting) as well as some supporting documents. There is a letter and a note from Mischelle Townsend in which she mentions mailing the results to people or having the test results be picked up 'afterwards'...."

Accuracy could be easily assured...

[tizzyD]

First, after you vote, a 2-D bar code is printed. That code contains a record of your vote, with an encryption of the machine you voted at and your selected key. Nothing big, 4 digits. The critical part is the hardware key used on the machine.

A copy of this bar code is printed at the same time inside the system.

If there was an audit, randomly call people to determine their key. Although you could decrypt it, it's better than just leaving the votes lying around. Then, verify the accuracy.

Since I have a printed record at the time of the voting, I can use it to verify my votes. The local voting office could decrypt it, and then I can verify my votes.

Thoughts on this approach are very much welcome.

A method for electronic voting accountability

[rednox]

Here's an idea to make the process accountable, without requiring a mound of paper at the voting site.

1. Vote at the machine
2. The machine asks you for a PIN number.
3. The machine concatenates your voter registration number with the person you voted for and your PIN number, and computes a SHA-1 hash of the result.
4. The machine prints out your vote, your voter registration number, your chosen PIN and the hash on a reciept and gives it to you.

Later on, a text file is made publically accessible with a row for every vote. Each row would have only the hash and the person they voted for. The algorithm for computing the hash would also be published.

Anyone who is interested in confirming that their vote was properly recorded can look up their hash in the text file to make sure it lists the person they voted for.

Anyone who has a spreadsheet can do a recount.

Any third party with a bit of cryptography knowledge can write a web app for people to confirm that their hash was computed properly.

This method has the advantage of remaining completely anonymous and completely accountable.

Any thoughts?

I release this idea into the public domain.

Re:Unfortunate.

[An+Anonymous+Hero]

Mind you, there's no way the current system can be hacked at all. Just ask President Gore.

You might want to check the next story's article:

"a Diebold machine registered 16,022 negative votes for Al Gore in Precinct 216 in Florida in the 2000 presidential election."