Slashdot Mirror
E-Voting Done Right - In Australia
tehanu writes "After all the furor over e-voting in America, Wired News has an article about e-voting done right in Australia. An important factor is that all of the software is open-source. The company responsible actually seems to have given consideration to the integrity of the democratic process, too - from the lead engineer: 'Why on earth should (voters) have to trust me -- someone with a vested interest in the project's success? A voter-verified audit trail is the only way to 'prove' the system's integrity to the vast majority of electors, who after all, own the democracy.' They also have scathing words for Diebold: 'The only possible motive I can see for disabling some of the security mechanisms and features in their system is to be able to rig elections. It is, at best, bad programming; at worst, the system has been designed to rig an election.' In general they are 'gob-smacked' by the whole situation with electronic voting machines in the US right now."
Don't kid yourself: open source is nice, but it doesn't guarantee a fault-proof or secure voting system (suppose somebody installs wrong or malicious software on one of the machines?). The only way to do that is to provide voting receipts which can be counted independently, by hand -- and that does not exclude closed-source solutions.
Toronto-area transit rider? Rate your ride.
Now that's what I call engineering ethics, letting people know the truth about what you're doing. Fine, maybe a computer should at least keep the software code to themselves (patent it so no one else could use it, I do believe in some intellectual property rights), but Diebold should have at least let us see the code so we can tell them how holey it is.
In US, you can easily buy enough major firearms to wipe out your neighbourhood but a few little fireworks are banned.
Aussies Do It Right: E-Voting By Kim Zetter
Story location: http://www.wired.com/news/ebiz/0,1272,61045,00.htm l
02:00 AM Nov. 03, 2003 PT
While critics in the United States grow more concerned each day about the insecurity of electronic voting machines, Australians designed a system two years ago that addressed and eased most of those concerns: They chose to make the software running their system completely open to public scrutiny.
Although a private Australian company designed the system, it was based on specifications set by independent election officials, who posted the code on the Internet for all to see and evaluate. What's more, it was accomplished from concept to product in six months. It went through a trial run in a state election in 2001.
Critics say the development process is a model for how electronic voting machines should be made in the United States.
Called eVACS, or Electronic Voting and Counting System, the system was created by a company called Software Improvements to run on Linux, an open-source operating system available on the Internet.
Election officials in the Australian Capital Territory, one of eight states and territories in the country, turned to electronic voting for the same reason the United States did -- a close election in 1998 exposed errors in the state's hand-counting system. Two candidates were separated by only three or four votes, said Phillip Green, electoral commissioner for the territory. After recounting, officials discovered that out of 80,000 ballots, they had made about 100 mistakes. They decided to investigate other voting methods.
In 1999, the Australian Capital Territory Electoral Commission put out a public call for e-vote proposals to see if an electronic option was viable. Over 15 proposals came in, but only one offered an open-source solution. Two companies proposed the plan in partnership after extensive consultation with academics at Australian National University. But one of the companies later dropped out of the project, leaving Software Improvements to build the system.
Green said that going the open-source route was an obvious choice.
"We'd been watching what had happened in America (in 2000), and we were wary of using propriety software that no one was allowed to see," he said. "We were very keen for the whole process to be transparent so that everyone -- particularly the political parties and the candidates, but also the world at large -- could be satisfied that the software was actually doing what it was meant to be doing."
It took another year for changes in Australian law to allow electronic voting to go forward. Then in April 2001, Software Improvements contracted to build the system for the state's October election.
Software Improvement's Matt Quinn, the lead engineer on the product, said the commission called all the shots.
"They, as the customer, dictated requirements including security and functionality, (and they) were involved at every step of the development process, from requirements to testing," Quinn said. "They proofed every document we produced."
The commission posted drafts as well as the finished software code on the Internet for the public to review.
The reaction was very positive.
"The fact that the source code had been published really deflected criticism," Quinn said.
A few people wrote in to report bugs, including an academic at the Australian National University who found the most serious problem.
"It wasn't a functional or a security issue but was a mistake nonetheless, and one that we were glad to have flagged for us," said Quinn.
In addition to the public review, the commission hired an independent verification and validation company to audit the code, "specifically to prevent us, as a developer, from having any election-subverting code in there," Quinn said.
"We were concerned that it wouldn't be secure enough," said Green, the electoral commissioner. The audit
Isn't the voting system run by the state? Shouldn't the source code be available by the Freedom of Information Act or something?
This petition is the only way to guaruntee that your vote will be counted--it mandates that machine give the voter a human-readable receipt which the voter drops into a lock box in case. In the case of a recount, the paper receipts are counted. It also mandates a manual recount in .5% of districts to verify the accuracy of the machines.
The petititions are linked to at the bottom of the VerifiedVoting site.
Keep the freedom to vote.
"If a voting system precludes any notion of a meaningful recount, is cloaked in secrecy and controlled by individuals with conflicts of interest, why would anyone buy it?," Quinn said. "At the very least give citizens the right to choose whether they want to use paper ballots ... thus allowing each elector to be personally satisfied as to the integrity of the process in which they are participating."
That just makes... sense.
The company responsible (namely Software Improvements) is clearly pushing to pick up a contract for machine development in the U.S., and saying All The Right Things (tm) to get it.
Don't blame them really, Diebold left themselves wide open - should be easy pickins.
---
Believe me, I'm as surprised by my comment as you are.
so his comments don't apply here. An electronic system in the US that statisfies the owners of the democracy in the US needs to staisfy the Republican party and its big money supporters. The Diebold system is perfect for this and hence is the choice in the US. Why bother how people vote when you can control how the votes are counted? So long as the difference between the opinion polls and exit polls and the official "results" aren't too large you can get away with stealing elections for as long as you want.
development.lombardi.com
Don't panic. It isn't on the company's website, it's on the ACT Electoral commission's website - the tar.gz is here, linked from this page.
The Austrailian ballot is where candidates (for all elections) are listed entirely on one ballot and you get to choose which candidate you want regardless of party.
It may bewilder some people that before the 1920's when you went to vote, a member of the Republican or Democratic party stood outside your polling in place and handed you a "Republican" or "Democratic" ballot. Said ballot would have only the party nominations for President, Senator, House Representatives, State Governor, State Senator, etc. As a result you "voted the party line."
The Austrailian ballot was introduced between the 1920s and 1940s in the US (different municipalities adopted it at different times). It changed US politics because now people could vote for a Democratic President but a Republican Senator. One major result is that since WWII there have been very few times when the party of the president coincided with the majority party of Congress. In fact the Bush administration which has had a Republican Congress for most of the three years it has been in office is an exception not a norm.
This could greatly improve efficiency of vote buying. The money for the vote could be transfered directly into your account.
Foreign readers might also be interested in checking out the Australian preferential voting system. This is, in my opinion, a much fairer system than the "first past the post" system of the UK or US. In the preferential system, votes for minority candidates are never wasted as the vote cannot be split. This would be especially valid for a presidential system as in the US. For more details, check out: http://www.australianpolitics.com/voting/systems/p referential.shtml
Election Systems and Software, the other major electronic voting company, is also, coincidentally, run by a big Repub' contributor. Senator Chuck Hagel of Nebraska has a stake in that company. Can you imagine that? A sitting senator with financial interests in a company responsible for counting votes? Unbelievable.
Sort of makes me think about how incredibly brazen Halliburton's role is in Iraq now. These people don't even attempt to maintain the illusion of impartiality. So, see, you're right -- this Australian company's ideas about the proper way to ensure confidence, they just don't apply. As long as our Repubs can fly under the radar, they don't care whether it's right or not.
"Fundamentalism" isn't about divine morality. It's about human authority.
In most elections that I have witnessed in Canada, either municipal, provincial, or federal, there is ALWAYS a paper trail. I mark my ballot with a big fat X in the appropriate spot on a voting card.
Then the magic begins: the cards are each fed, as collected, into a vote counting machine. The ballots are held in the case a recount (automated or manual), and the results are known just as soon as it takes to communicate the results from each of the machines at each polling station.
We usually have the final, _official_ results within an hour or two of the poll closing time, and you can always go back to the paper ballot to verify the count. And who the heck has a hard time with a piece of paper and a pencil?
No hanging or dimpled chads here, and this to me seems the best of both worlds - technology aiding the speed of vote-counting (isn't that what this is all about, anyway?), but with the safeguards (and transparency) of a manual voting system.
Nobody says open source is better because it's open source. It has to be open source because is MUST be open source by principle.
Get that in your damn head. Every citizen (who cares) should have the right to get a deep insight into how his vote is eletronically processed. If you're not allowed to know how your vote is processed you have no democrazy.
A true patriot is one who never misses an opportunity to find fault with his country.
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
Think of the implications of a true democracy.
Think of the masses voting on each and every topic.
How much does your average citizen know about foreign policy? Health care? Criminal and civil law?
A true democracy would be the worst form of government I could think of, unless you happen to have the exact same opinions as >50% of the population, you're fucked.
Realize that around 70% of Americans are christian. Now, lets vote on whether or not to allow that mosque or synagogue (sp) to open its doors on the corner, or whether gays should be allowed to parade, etc..
I don't need no instructions to know how to rock!!!!
... the fact that you can read "the" source code doesn't guarantee that's the version of the software -- or even the software itself -- actually being run on the machine. Is there some audit procedure for the compile/link/install process?
licet differant, aequabitur
I dislike IRV as much as you do, but at the moment you can't blame Australia - no country is doing any better than IRV for their national elections.
Good methods (like Condorcet) should start in small organizations and work their way up, so that people are already familiar with how good preferential voting works.
Debian, for example, has already worked out lots of kinks and unfairness in their voting system by switching to Condorcet. Some "rules of order" books now advocate using Condorcet when possible. Encouraging this is what will get good preferential voting accepted, not pointing an angry finger at the government that's using a slightly better method than everyone else but still isn't good enough.
Win dain a lotica, en vai tu ri silota
... I dont think anyone thinks its a good idea that people can vote from anywhere other than a standard voting center, like schools and fire stations like you do now....
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms,
Aside from the double-meaning of my title (e.g. SI = metric system, something the US is also adverse to adopting), I see a couple obstacles facing the Aussie company if they want to break into the US market.
1) Imagine the outcry from Americans when they learn they're contracting a foreign company to handle their voting system. Oddly enough they won't have cared that Diebold's being all secretive and evasive about their own flaws while SI is open and honest and better suited to uphold the fair democratic system the US claims to cherish. To them I'd say ditch the NIH (not invented here) syndrome--if it works better than what you have, either make a competing product that's truly better or shut up about it.
2) Diebold will use MS' tactics, calling SI's system "un-American". Again, double meaning, but this time I mean because it's open source.
3) Watch Diebold play points 1 and 2 to the hilt, calling on its political ties to ensure SI never gets a foothold in the US. In so doing they pull a two-fer, by simultaneously kicking out a leg from under the democratic underpinnings of the US, as well as another leg from the "capitalist" system the US also claims to be, e.g. where companies compete based on the merits of the product and marketing, without political interference.
Incidentally, the Australian system requires you by law to vote. Maybe that's something the US ought to consider importing too. Argue if you want about being free to NOT vote, but voting is a duty, not just a right, and you should be compelled to do it. Just like you are to report to training if you get drafted, or filing a tax return--you're not free to refuse either of those without legal consequences, right?
What's sad about my writing this is that I have no influence in US politics, being a Canadian, but I seem to have more interest in your politics than the majority of voting Americans, who don't even bother to go to the polls.
The answer to your question is no. The technical legal reasoning for this is below. The practical reasoning for this follows. There is only one federal election: President(*). That election only occurs every 4 years. Creating a federal agency and bureaucracy just for that is pretty ridiculous. Because local elections happen several times per year (at least in my district, school elections are held in April, and general elections in November), the local election boards are much better equipped to run the presidential election.
*(Legal Reason) Because of the way the electoral college operates, the presidential election is technically a state level election. When you vote for president, you are actually voting for your state's electoral college members, who will then vote for their party's choice for president when the electoral college vote formally takes place in January. The constitution mandates that states shall select electoral college members in ways that the respective state legislatures shall establish. Obviously, for all states, this method is popular vote. In most states, the winner of the popular vote takes all the electoral votes, but there are a few states where the electoral votes are proportional to the popular vote (Maine and I think one other that I just cant recall right now). Anyway, because of that clause in the constitution (Amendment.. 12? or 16?), the states are essentially responsible for the presidential election.
I don't know if the problem is really that the software needs to be open source, or simply the fact that there is software at all.
I mean, think about it. What do you really want the system to do?
State: Waiting for User
State: Present User with Options
State: Ask User to Confirm
State: Record User Choice
Four states. That's all you've got. Four states. Why, precisely, are they using cheap hardware for something that a pair of dual flip-flops could handle?
Honestly - think about this. The only reason there are "security concerns" at all is because they were too cheap to design a dedicated system, no software, just pure logic, that can be run on a logic checking system looking for races, possible vulnerabilities, etc.
Paper trail? Well, paper's not exactly THAT good (it does burn, and as Florida proved, it's not always verifiably correct). What about a write-once, read-many device? Like, I don't know, a CD-R, with packet-based writing?
Embedded systems are becoming so much more popular over discretes because hardware is cheap, and bad software is cheaper. But in a case like this, I don't understand it. An idiot could design dedicated hardware voting terminals, which don't even have the possibility of tampering. It's just incompetence.
(P.S.: Sounds like a decent business plan, doesn't it? "Tamper-proof Voting Terminals" - "No more software crashes, no more unreliable messes - works the same way, every time, guaranteed.")
Yes, I know things are a bit more complicated than I'm pointing out here. But it is still correct: E-Voting doesn't HAVE to be fundamentally flawed. It just is when they use cheap hardware. C'mon. Haven't they seen the i-Opener BBSes? Hardware based on the "limit possibilities by creative software" is screaming to be hacked.
Could someone explain to me why you can't just write an X on a bit of paper with a pencil, put it in a sealed box, and count up the totals at the end like we do here in the UK?
I just don't see why you need to use any more technology. What is the point?
I'm not one for playing the mindless patriotism card, but I really do feel that (for the Americans out there) it is our duty to do something about this.
Mindless patriots support the government, while real patriots support the people, and challenge the government to do what's right for everyone. The implementation Diebold has come up with is not good for any of us, and is not right.
It's nothing but crumpled porno and Ayn Rand.
Australians invented the secret ballot - which was referred to originally as "the australian ballot". Australian electoral processes have complete preferential voting - or automatic runoff. Upper house ballots are generally on a multi-member electorate - for the Australian Senate, 12 senators are elected from each state at large, this way you get more than just the two major parties, and they generally hold the balance of power.
Any technology introduced to improve the act of voting cannot make the act of counting less transparent or democracy suffers.
It is apparent that Diebold's systems (not to mention Diebold's paranoia for secrecy) render the act of counting less accountable and less transparent. Ergo, democracy suffers.
If used in a close election - where exit polling and other secondary measurements are unable to confirm the results of the counting - the wrong person might actually get elected President of the United States of America.
With no sense of responsibility to the coutry at large, this illegitimate President might launch a series of Napoleonic wars to to compensate for his own feelings of inadequacy.
I digress into fantasy... the little blue ones I washed down with all those adult beverages must be kicking in.
"There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence."
At least with a paper audit trail there can be physical evidence of vote disposal. A group in a room behind closed doors might manage to dispose of a handful, or even in an open-forum if they're good magicians.
Disposing of hundreds / thousands / tends of thousands of paper votes is a bit trickier if you don't want to be discovered.
Paper is good because we have centuries of experience in knowing how to secure a paper audit trail. Experience that probably shouldn't be thrown out (baby with the bathwater) just to implement some new cool digital voting technology.
Wolde you bothe eate your cake, and have your cake?
I think using computers to count vote is a mis-application of technology. My reasons are:
- Security. None of the operating systems and hardware in use are designed from the ground up to be secure. The reason is that security and ease-of-use are at loggerheads - get more of one you lose some of the other. One of the key features of every OS I've worked on is the ability to install a daemon somewhere in the message queue so you can remap devices to other purposes. For example, keyboard drivers are easily changed to morph a 'p' into a long sequence of instructions. No matter how well you try to detect a daemon/hook/wedge or whatever you want to call it, if the developer is intent on inserting his code and there are provisions for mapping into user space (I've yet to run on an OS that that couldn't be done) the code can be inserted. That means that open source, closed source, audited source, tested source are all susceptible to modification by a malacious bit of code. It just requires access. Touch screen/punch card/optical scan - it doesn't matter - if you're relying on a computer to do the tally and you can't guarantee that no one has inserted a daemon, you don't have a secure vote.
- Little gained. A lot of "improvements" to what's out there right now discuss the idea of a voter-inspectable audit trail. Voter uses a computer to vote and the computer produces a paper ballot that the user can inspect to make sure the computer isn't cheating. There are two things wrong here. First if a computer is going to tally the paper ballot, you're back to point 1. You've just moved the location of the fraud. If the computer is going to tally and the paper is just a backup, then in most cases, a fraud will go undetected. If the fraud is small enough to be within the bounds of statistical uncertainty but large enough to sway the vote, you're not going to catch it unless you hand count the entire population of ballots. Secondly, you're in essence using a machine to mark a piece of paper which a human can just as easily do - you haven't gained anything by introducing the voting machine into the mix.
I think the Canadians who just use a paper and pencil and cross-checked human counters to tally the vote have it right. The whole system is very simple. You mark your ballot, put it in a box. When the poll closes, at least 3 pairs of eyes look at it, one person is the election official, the other two are from opposing parties. When all 3 agree what the vote is, it's tallied as such. They can cross check tallies as they go so you're not running into a transcription problem down the road. The precinct reports its tallies to a higher level up the tree and the results are published so that the three (or more) counters can check the tally was accurately registered at the next level. Anyone who wants to can check the process from start to finish. Open, transparent, accurate and simple. Contrast that to encrypted keys, password maintenance, static discharge induced miscounts, lack of audit trails and the rest of the mess that characterizes the spectrum of American voting techniques and you have to ask - why the hell do we bother using machines to do this when we can do a better job by hand?There are lots of times that tech is part of a solution. Then there are times, like vote counting, where it is part of the problem. It may be retro and old fashioned but I think it's time we just used paper and pen again. It worked all the way up to the sixties and the country managed then. If our parents and grandparents could manage it, shouldn't we be able to hand count as well?
In australia (and the rest of the world) we are extremely sensitive to the american political decisions, especially those relating to foreign trade and policy.
The concept of a closed source system, developed by people who openly pledge to "deliver votes to the president" (you don't need references, it's all over the /. front page), can covertly apply patches and allegedly have back-doors, seems pure insanity to me.
Just my AU$0.02...
Q.
Insert Signature Here