Slashdot Mirror
Los Alamos Reconsiders Touch Screen Voting
goombah99 writes "Los Alamos county, which boasts the highest geek PhD per capita in the world and considerable clout in secure computing, has voted to rescind its previous plans to purchase Touch Screen voting systems and will ask the New Mexico's secretary of state to address its concerns regarding an imminent state-wide purchase. They may get forced by the Clerk's office to use them anyway if the state makes its bulk purchase of Sequoia AvcEdge touch screen systems with a Windows-based WinEDS database. The Los Alamos position is welcome news since it casts the rejection of these systems in a more sober light; widespread right-wing conspiracy theories have done great harm by galvanizing election officials to be dismissive of re-opening their consideration of the issue. What won the day was convincing the county they had until 2006 to comply with HAVA, and that better machines with voter verifiable audit trails and even open source, were on the way. There is also more in the local newspapers."
was that the local officials saw a way to keep their skin intact. Defer the decision and allow a (new! in-depth!) study to recommend something else because the time-frame allows it.
Simon the cynic.
Physicists get Hadrons!
They aren't conspiracy theories. There is plenty of evidence about the Bush-Diebold connection. The theories are based on solid, classical campaign finance skulduggery and not on the technical merits of the system at all. There was a good SecurityFocus article on the register about it as well, focusing on the technical aspects. I propose the establishment of independent technical federal commissions to review all voting technologies.
he he he...
I think this is the first time that I've ever seen CBS News, home of Dan Rather, called "right-wing"
*Sigh*
Imagine the fun you could have selecting a president by poking a picture in its belly, and being rewarded with a Pilsbury-esque "Tee hee! Thanks for voting for me!"
Better to do it right and build trust in the system than implement something with known flaws.
This is the future. It's only a matter of time until it's perfected. Let's be patient.
Nostalgia isn't what it used to be.
the ultimate irony would be if the Los Alamos council used the Sequoia voting system to take the vote....
Rule #1 -- Politics always trumps technology.
With friends and co-workers (the yound and old) I've noticed a minorly disturbing trend. My cell phone has a touch screen, a kiosk at the cafe, and the copier at work also has a touch screen. When using either I've found that they actually PRESS on the surface of the screen as though they were trying to physically maniuplate a mechanical assembly, instead of placing their finger on the screen and letting the sensors do their job and notice the motion/lacation.
I can't imagine a touchscreen tough enough to allow thousands of voters beat the hell out of it and it withstanding an election.
Maybe have them use an HTML (or XUL or some other text-based language that can be interactive) based system on a local intranet? That would solve the software update issue.
Having "Geek County" rescind their plans for this carries much more clout in the mainstream than does Butthole, Alabama or wherever.
Trolling is a art,
Sounds old doesn't it? Hey Bill, I'm still waiting for Trustworthy Computing to start providing me with a secure OS. ;).
But seriously, this has been one of the major sticking points of e-voting besides security. I can't understand why the major players in this industry don't get it. Governments want traceability and backups in case the something goes wrong.
Well, there's spam egg sausage and spam, that's not got much spam in it.
I don't CARE if the code is open source. That's just asking the voter to trust different people. AND there is no easy way to guarantee that this is the code in the machine. Also, it doesn't protect against breakdowns of equipment.
What is needed is a voter-verified paper ballot printout that goes into a separate locked ballot box. This way, after voting on the machine the voter can check the ballot to be sure that the voter's choice is correctly recorded.
Using the electronic voting machine reduces the error rate to near-zero. Printing the ballot reduces the counting problems (hanging chads...) because they are standardized, uniform and can be run through counting machines quickly.
With a system like this in place the security of the electronic machines doesn't MATTER.
Touch Screen systems just aren't reliable, there's no paper trail, they're closed source, etc. How Diebold has managed to penetrate so deeply is amazing to me. Are our elected officials really that stupid, or has Diebold really swindled them?
I believe electronic voting systems can work, but only highly secured, rigorously tested, and open source systems that leave a paper trail. If nothing else, a piece of paper that the voter can use to verify the votes he or she cast.
For now, I'll stick with punch cards or penis pullers, thank you very much.
...to change the way they vote? Only in geek county would you have recursive voting.
I don't know that it was the conspiracy theories that made the election officials so dismissive of concerns about electronic voting. It seems to me they were dismissive of the concerns about e-voting before any of these conspiracy theories began to propogate. I think the main reasons why election officials like electronic voting so much is that it makes their job easier, and it seems all high-tech and modern. The concerns about it seem like the typical luddite worries about change to them.
If anything, I think that the conspiracy theories will do more to get their attention - after all, it's their job to make sure that people have confidence in the election results. Having a bunch of backwoods farmers saying "I don't trust the results from your damn computers" is one thing. Having Los Alamos computer scientists saying "I don't trust the results from your damn proprietary software" is quite another, and I think they are waking up to that.
whack-a-pol
Some drink at the fountain of knowledge. Others just gargle.
We need your help!
HR 2239 is a bill which requires all touch-screen voting machines to produce a paper receipt which the voter can read and verify, then drop in a lock box. The receipts in that lock box are used in a recount. This bill also mandates a recount in 0.5% of districts chosen at random to verify that the touch-screen voting machines are reporting the results accurately.
Sign the online petition to support the bill. Contact your representatives, educate them and demand they support the bill.
We also need legal help with injunctions against the machines, starting with the 37 Diebold states. The organizers of BlackBoxVoting.org have 65,000 documents to make the case.
Keep the freedom to vote.
I keep seeing people say that such electronic voting systems should be open, etc- so why hasn't someone made an open system yet (and marketed it)?
Perhaps I don't completely grasp the technical issues of such a system, but it doesn't seem terribly hard to implement.
Oh, another thing- if a user touches the touchscreen in two places at once, a popup window should say "Follow the directions, stupid"
A witty saying proves you are wittier than the next guy.
This bad scenario already has happened in New York City during the mayoralty of Ed Koch.
A machine voting company, lever machines I think, arranged with the Koch admin to make sure only Demcocratic Party insiders won their primaries, in return for the voting machine contracts. This went on for years, the president of the company did go to jail.
Wait, this was done by Democrats, so it's OK. Today's Democrats are accusing others of their own crimes. Oops.
The summary implies that it's conservatives who oppose these systems. Read the linked story, and you'll see that the "conspiracy theory" is one that Republicans are behind some sort of sinister plot to fix the vote. If anything, this makes it conspiracy theory on the part of the left wing. Personally, I'll be happy if these machines never see use. Punch card ballots seem to be usable without major problem everywhere but Florida. Let them have the electronic voting machines if they want, and leave the rest of us with systems that've worked just fine for decades.
Witness Enron.
Bush's Justice Dept. doesn't go after his buddies. That should be obvious to everybody by now.
There is a demonstrable and proven effort under way to compromise democracy in this country. That you are too blind or too stupid to see it doesn't make it not so.
Is this truly the only Earth I can live on?
Headline News
Council yanks voting machine funding
By ALLISON MAJURE, lareporter@lamonitor.com, Monitor Staff Writer
Revisiting a motion that had narrowly passed by a 4-3 vote last month, Los Alamos County Council rescinded funding for the purchase of 17 Sequoia Pacific "Edge" touchscreen voting machines by a vote of 7-0 Tuesday.
Councilors Nona Bowman, Diane Albert and Mike Wheeler opposed the original motion on Oct. 28. At a meeting Nov. 4, Councilor Fran Berting asked councilors to support her motion to revisit the issue. They voted 5-2 to do so with Councilors Geoff Rogers and Jim West opposed. In light of newly received information, Berting sought an opportunity for further discussion on the voting machines, as well as an opportunity to change her vote.
The 17 machines would have been purchased by the county as back-up machines for each of Los Alamos' precincts. The State of New Mexico has already funded the purchase of 19 "Edge" touchscreen voting machines for Los Alamos through federal funding received as part of the Help America Vote Act.
The HAVA was enacted shortly after the presidential election of 2000 when discrepancies in Florida called the count into question. Among its requirements is the provision of voting machines for the visually impaired so that they may vote independently without personal assistance.
During public comments, Kathy Campbell read her letter to the editor to the councilors and highlighted the fact that the proprietary software that tabulates the votes is not failsafe. Any tabulation errors indicated, would need to be researched by Sequoia Pacific technicians, because the software is proprietary, she said.
"Australia, Canada and New Zealand use open source software for their voting machines, which are reliant on an open source operating system such as Linux or UNIX," she said in an interview today.
Charlie Strauss also provided information for the councilors, saying the state deadline for the use of these machines is 2006, not 2004 as was previously asserted. He said, "There's no need to rush, we're going to have good machines soon," indicating that machines with a ballot-level voter verification capacity might be on the market shortly.
Strauss urged councilors to send a letter to the New Mexico Secretary of State expressing concerns about the validity of the "Edge" machine's output. He referred to New Jersey Rep. Rush Holt's bill, HR 2239, which is sponsored by 61 other congressional representatives, as useful for its language which objects to touchscreen machines made by Diebold, Sequioa-Pacific, ESS and others.
The councilors unanimously endorsed a motion to rescind funding for the voting machines and to draft a letter to the New Mexico Secretary of State, articulating Los Alamos' concerns.
"With a system like this in place the security of the electronic machines doesn't MATTER."
Wrong. An attacker could still hypothetically gain remote access to a voting machine, and use this access (along with an observer at the polliing location) to track which voter voted for which candidate. Besides the obvious privacy issues, this raises a huge issue of potential fraud or buying of votes... that's why we use a secret ballot system in the first place. If the voting machine isn't secure against attacks, the idea of "secret ballots" is essentially null and void.
Touch screen will have dust and grease spots in place where people vote most. It's slightly not fair...
reprint of letter to the editor in same paper
Voting systems not ready for prime time
The country and our county are on a buying spree. At several thousand dollars a throw, new electronic voting systems are being purchased or planned for every polling place in the country. You might think that these systems, designed to be integrated into the heart of our democracy, have been carefully designed according to the highest standards of security and accuracy. You might think, observing the rush to adopt these systems before the 2004 election cycle, that the problems that have surfaced can't have been all that significant.
You would be wrong.
All of the recent election fiascos have occurred on machines that had been officially tested and certified by experts and checked again for "logic and accuracy" by county officials. Yet several jurisdictions have reported problems just this month. Boone county Indiana reported 144,000 votes had been cast, an exceptionally good turnout for a county with 19,000 registered voters. In Fairfax County, a seat was lost by a 1 percent margin, yet tests later showed the voting machines malfunctioned and erased "one out of every hundred" of the losing candidate's votes. California halted its certification process for one system when it was found that the vendor had altered previously certified software to fix bugs without telling the county. The Washington Post reports a lawsuit by the GOP after a malfunction during this month's election was fixed mid-election by technicians who removed the vote-containing machines for repair. Citing a 66percent malfunction rate, the Louisiana secretary of state intends to scrap all of that state's new touch screens.
Bugs are always present, even on the space shuttle. Mission-critical systems are not bug free - that's impossible - but they undergo multiple reviews and they are designed to be fault-tolerant using fail-safe, redundant subsystems. For electronic voting systems, this means open-source software and a voter-verifiable audit trail. Lacking these, these new systems are not ready for prime time, and neither Los Alamos nor New Mexico should be purchasing them.
I read the CBS News article in the included link, and I don't see the "great harm" anywhere in that article. I'm wondering if the submitter is showing a bias by his comments.
I am not aware of any solid proof that the right-wing has used electronic voting machines to ensure election, but it stands to reason that it has and will happen. Why? Because politicians on both sides have tampered with election results and methods for decades (centuries, millenia). So it would be quite naive to think that the right-wing wouldn't try to use whatever advantage it had. The left-wing too, when they are in power, would do the same thing. Power corrupts.
This is a non-partisan problem. Either side is likely to try to use closed-source technology to their favor. It is short-sided to think this is only a right-wing problem -- it's not. Whoever is in power will use whatever means are accesible to maintain that power. Therefore it is imperative that the voting method being used does not give them an obvious tool to corrupt in maintaining that power. Diebold (and other manufacturer) machines are bad news, no matter which side you are on. Elections are stolen routinely throughout human history. Don't give them another tool to do the job, for they will most assuredly use them.
Think about it: Do you really want to give politicians a method to hide voting result confirmations? To be able to say, "Here are the results and, hey whaddya know? I won!" and have no possible way to verify that? That's called power without accountability, and we all know where that leads.
Shithead.
Ok great you have standard ballets that the computer spit out. What if it was runing low on toner? What if the print head was damaged? What if the software redirected 1 of 100 votes from cannadite X to cannadite Y? What counts the votes? What software does that run? There are so many questions that are still unanswerable. I don't think we can ever have a perfect election in which all votes are correctly tabulated. We just sort of have to do our best to insure that it is very difficult to cheat, and ensure that any systematic error is evenly distributed geographically.
Well.. maybe. Or Maybe not. But Definitely not sort of.
The very fact that the officials have signed contracts that forbid any investigation of the equipment and that there are no verifiable audit trails makes me think that there is some truth in these "conspiracy theories".
When government is not open and transparent it is usually because those people who make up the government are trying to hide something, usually fixing things in their own self interest.
Would you trust your money to a bank that had no audit trail and whose systems and accounts were not open to independant audit?
The Diebold machines are... or at least have the capability of being controlled remotely, with no authentication or encryption. See 25 pages worth of problems with the voting machines from Avi Rubin's site: http://avirubin.com/vote/ A sentence from the abstract sums it all up: "We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes."
Are our elected officials really that stupid, or has Diebold really swindled them?
I'd say that if anybody is being swindled, it's you. The politicians who allowed Diebold access in the first place are probably a little richer.
Nice to see Los Alamos is going with caution, amazing how many areas jumped on a bandwagon even when this wagon seemed to only have 3 wheels.
I just don't see why the voting machine folks can't get the message. Simply include a cash register tape, just like most stores have!
Everywhere across the country, hundreds of millions of people get paper receipts with their purchases at the store. This happens, because Republican (and Democratic) store owners "Don't trust" the electronic tabulations in the machines and demand a verifiable "paper trail" from each of their cash registers. If store owners don't trust a $0.99 purchase to be recorded electronicly, why should we trust voting machines. It's simple, effective, and not expensive either. It happens HUNDREDS OF MILLIONS OF TIMES PER DAY.
Why can't everyone simply get a printout of their votes?...Why the foot-dragging...other than proving the conspiricy theories!.... To the voting machine folks, just add a paper tape, just like an ATM or cash register!....It's the right thing to do.
As far as I know there was a crackdown on Enron as a company.
If you're talking about how the execs should have been hung and quartered but were not, I don't think that's any evidence of a bias on behalf of DoJ. It's more like common sense. It would be just plain silly to hold few individuals personally responsible for colossally mismanaged business of a company as large as Enron. Who would it benefit if the executives were thrown in prison for life and told to pay billions in damages (which they'd never be able to do)?
The owls are not what they seem
It's a very important issue. It casts doubt on the entire democratic process! Sheesh..
Trolling is a art,
Touchscreen station sends vote to database. writes one record to a 'has voted' table, indicating voter registration number. writes a different record in a 'vote' table indicating the actual vote. (no common index, no datestamp).
touchscreen prints out scantron styled paper ballot.
you record 'has voted' in the database simply to indicate if anyone is gaming or circumventing the software. not only can you detect the problem, you can id the perp.
and if you think that's too much, then hell - just drop the 'has voted' table. it'd only be an 'early warning' widget anyway.
the paper forms would be collected in traditional ballot boxes for manual recounts should problems be seen. simply run the forms through a scantron reader for a machine recount, or count by hand. easy peasy japanesey.
no pregnant, dimpled, hanging chads - no worrying about ruined elections via computer hax0r1ng... simplified interface for the voters, hardcopy backup.
// "Can't clowns and pirates just -try- to get along?"
The fact that these machines are designed so carelessly and without regard for security is a danger, not to Liberals because of a vast right-wing conspiracy but to us all. These machines were designed by people with little regard for Democracy. The Diebold Memos more than show that. What endangers the sanctity of Democracy hurts us all.
Something intelligent here.
However, I can't for the life of me figure out why they would use Windows in a voting machine. When you sell a hardware solution where the buyers probably don't care either way you are just reducing profit by using a piece of software you need to license. UNIX is easy to develop for, you can pick a distro that is stripped down to provide only the necessary services to support your software, and it will be nice and stable and secure.
Why on earth would they choose Windows in the first place? Even as a windows user I can't understand it.
What is needed is a voter-verified paper ballot printout that goes into a separate locked ballot box. This way, after voting on the machine the voter can check the ballot to be sure that the voter's choice is correctly recorded.
If the paper ballot is used only as an audit trail then it is completely worthless. The voter has no way of knowing that what is on the paper acurately reflects what is tabulated. The obvious solution to this is that you actually count the paper ballots, but then the machines are just really expensive punch card punchers.
Anyone who thinks that voters are actually going to check their ballots is deluding themselves anyway. The ballots in Florida were NOT confusing, and if people had checked them their would not have been a problem. When you have a reporter ask someone if they are sure who they voted for and the answer is, "No." The problem is with the voters, not the counting.
Where I vote there are clear instructions, and people who will show you how to vote (on a sample ballot) if you can't figure it out yourself. Maybe what we need is to spend some money educating voters instead of building more expensive, more easily corruptable voting apparatus.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
Hopefully now people in the press are beginning to realize that the concerns of engineers and scientists are fundamental concerns about the ability of these tools to be used to support free and fair elections. This isn't a terribly complicated problem that is hard to understand. People understand quite easily the issues of accountability when paper ballots are used in simple way.
Heck recently there was a story that made the local papers about an election worker that improperly broke the seals on some ballot boxes is some election. It turns out that the worker probably did nothing to change results and was just trying to find some papers, but people were rightly indignant that an elections official wasn't following an agreed upon procedure wich left the boxes open to tampering after the fact... With some of these computer system designs that same election worker could have physically done the same thing thousands of times without any one being able to tell. Of course, there wouldn't have been any newpaper stories since there would have been no evidence of the tampering unless the elections worker had come forward herself.
Computers are physical things. Similar rules should apply computers as they apply to paper ballots.
Read your link and missed anything that could be construed as evidence. The only fact is that there was a technical glitch. Everything else is complete speculation.
I mean, even think about it: if they were going to rig 16,000 votes, where would they do it - in a precint with a population of 600, or a population of 100,000? Which would make more sense? There's no way they "get away" with it the way it went down, and it was so blatant that there's no way it would have even had the presumably desired effect.
I'm not saying to believe everything "the man" says, but fuming over evidently nothing denies credibility to real causes.
-Looking for a job as a materials chemist or multivariat
a bad thing. I think that CBS article is somewhat slanderous too.
BC
All hail Neo Garcia, our pre-annexation comma induced leader that has finally waken up to face the sentinels in the final battle between good-and-evil to be waged here on Slashdot.
I hope that that slashcode matrix can take it.
Pragmatism as an ideology is not particularly pragmatic in the long term. Keep it in mind when you dismiss Free Software
Politicians making a knee-jerk reaction to a non-existent problem and botching the attempt is hardly a new phenomenon.
Voters: "We can't stand xxxx yyyy"
Politicians: "Don't worry, we'll save you"
Vendor: "Here's some campaign cash and a half-assed solution to your problem"
Politicians (pocket cash): "Voters, we have saved you from yourselves again"
Voters: "Yeah!.... Uh waituminute, this solution is a P.O.S. and causes more problems than it solves."
Politicians: "Don't worry, we'll save you..."
It's the only way to be sure that the system hasn't been corrupted.
By publishing votes you make it possible for a person to check at any time to make sure his vote was registered correctly.
The arguments against doing this aren't very persuasive. For instance, the idea that people won't vote if their choices are made public is nonsense. Who wants these people voting anyways? If you can't stand up for your beliefs, you have no business voting.
The notion that you would be pressured by an employer is equally ludicrous. There are already laws on the books that make it a crime to do this. And with all votes being made public, it becomes so much easier to prove: you can look at how all employees of a company vote and if they all vote for the same candidate then you have good evidence against the employer.
The very idea of the secret ballot is suspicious to me. It only serves the interests of those who would choose to aggregate power unto themselves.
The issue isn't one of computerized voting vs. non-computerized voting. It should be one of open polls vs. closed.
Is this truly the only Earth I can live on?
I just submitted comments referencing this article to all the relevant CBSnews.com emails. If more do the same, perhaps there will be some media coverage.
Unless this is included in a sound bite or news clip, no typical uninformed American will care.
On strictly apolitical terms: every vote should count. It's as simple as that.
I find it funny that all that is required to put to end the crap is a print out or allow all source code to be examined. Personally, I would take an english printout that a voter could check, over source code reading until we have been on electronic systems for a while.
I prefer the "u" in honour as it seems to be missing these days.
While secret voting is important to prevent the buying of votes, it's not as important as preventing the stuffing of the ballot box.
To sway an election, lots of votes would have to be bought. That's a lot of victims that know they were victimized.
To stuff a ballot box, very few people need to know about the crime. And they're not victims.
One secret is much, much harder to keep than the other.
The question isn't whether the machine should print out a paper copy of the ballet. I think that the answer to that is a given.
The REAL question is what to do when that paper receipt doesn't agree with what the voter claims they entered. How do you "erase" the voters previous vote? And how do you ensure the integrity of a recast vote? Without answers to these questions, creating a paper trail is moot.
and plenty more-- I'm sure you can come up with more than me.
At least mafia-owned pizzarias make excellent pizza. Compare to Bill Gates.
What is needed is a voter-verified paper ballot printout that goes into a separate locked ballot box. This way, after voting on the machine the voter can check the ballot to be sure that the voter's choice is correctly recorded.
What would happen to the receipt in that case? I presume you are talking about using them to actually tally results where the box is used only to generate a receipt to be counted and to get a quick count.
So under this scenario, what would prevent ballot stuffing? I guess you'd need some sort of checksum on the receipt to ensure that it's valid. Another thing you'd have to be careful about not using anything that was non-human readable on the receipt to perform the tally. But then you have that checksum to worry about and a malicious (or poorly coded) hack could spit out invalid checksums.
Another problem with making non-human readable info on the hard copy is that you could end up with a false sense of security. For instance, the receipt might contain the name of the candidate and a barcode where the name is used for verification and the barcode was used for the tally. One way to get the best of both worlds (quick count and low-tamperability) is to use a scantron, but now you have the problems of readability because if the ballot was smudged or the toner ran a bit light, you might get an ambiguous result.
Is why the voting machine doesn't just use a touch screen to accomodate the people that are too feeble to completely punch a hole through a piece of paper. The touchscreeen voting machine would then print out a complete listing of what you've entered, in plain text, along with a barcode scannable line next to it. Once the person verifies that the ballot is correct, drop it in a box and have a nice day. This way, you get the ease of use of electronic voting, along with a verifiable paper trail.
As if there weren't already plenty of doubt about the democratic process.
Give me Classic Slashdot or give me death!
I'm not sure that "Open Source" would help anything. Sure, others could audit the system, but there's still the opportunity for a unscrupulous person to insert a piece of innocuous looking code that is actually a major security breech. The only way to do this correctly (IMHO) is to contract with a third party that has no commercial interests, and will do the work and research to prove a safety level of ~95% or higher.
A good example of this situation is when DARPA contracted with Berkley to develop BSD into the primary ARPANet operating system. The code was built around solid research and engineering practices instead of a commercial interest to "ship it if it compiles". Take DieBold as an example. They were probably the lowest bidder in the commercial war for voting machines. What foundation do their machines use? Microsoft Access! And that's despite the fact that Access has practically no security features WHAT SO EVER! It's a completely wrong technology.
Now think about a design that ships out a sealed box to a voting office. This sealed box has connections for the network and nothing else. Once powered on, it will expose only an XML-RPC API over SSL for tabulating votes. It will also use the network to contact the main office and upload votes.
Data will be stored internally in an encrypted database, and all encryption keys and configuration information is permanently burned into the firmware chip. Minor actions such as uploading to the main office can be done via a "administrative voting machine" that would require a username and password. That same voting machine would be responsible for activating the individual booths. i.e. I can vote once, but after I confirm my vote, the machine will no longer accept a voting request until the operator tells it to. This allows the same physical security that is afforded by paper ballots today.
An extension of that physical control is that the voting machine and the primary box will share a secret via public key encryption. This secret code will be given to the machine once it registers over XML-RPC with the primary box. Thus any machine can be connected to the server, but only ones that the operator approves will actually get to enter a vote.
Similarly, the voting machines themselves should also be sealed boxes running out of encrypted firmware. There should be no way of changes the settings short of swapping out the physical hardware. This will ensure that the user isn't presented with their vote while the machine actually votes for someone else.
This whole concept though, still falls flat on the social engineering phase. Just like today, if the operator of the ballots is corrupt, there is very little you can do to prevent them from stuffing the ballot. (e.g. They vote multiple times themselves, or someone upstream at the voting machine provider modifies the firmware before it goes out.) In these situations, the only solutions are the same ones we have today. Make sure the number of votes and registered voters match. Do an audit of the supplier. Etc.
A good voting machine is possible. One simply has to remove parties with conflicting interests from the equation.
Javascript + Nintendo DSi = DSiCade
you miss the point. or perhaps he should have written more clearly. widespread conspiracy theories that accuse right wing (i.e. republican) partisans of being in bed with the voting technology companies have galvanized election officials against reconsidering their decisions to purchase these machines. that is, it's made it easier for them to scoff and say "oh, that's just a bunch of rabid conspiracy theory nonsense".
the reporter wasn't saying that the conspiracy theories were coming from right-wingers, or that cbsnews.com is a right-wing news source, or that being of a more rightist persuasion is bad. so ease up.
When the CEO of one of the largest voting machine manufacturers (Diebold) sends out a fund raising letter saying he is "committed to helping Ohio deliver its electoral votes to the President next year." you have to be at least a little skeptical. http://www.portclintonnewsherald.com/news/stories/ 20030827/localnews/140871.html
Great point. Let me clarify for sure, my first post wasn't a defense of the proposed electronic scheme, as I don't trust anything without audit possibilities. These electronic voting schemes aren't ready for prime-time, methinks.
I still don't find that to be an acceptable voting tabulation method, even given the large assumption that no one is guiding the 'errors'.
Right, the lack of intent here is actually less comforting - if it were fraud, we could potentially add security, or oversight, or whatever. If it's code screwups - well, who the hell knows where that is, eh?
On this issue, I go with my motto of "Never attribute to malignance what can be explained by incompetence."
-Looking for a job as a materials chemist or multivariat
So, who's better at balancing their budget? The rich Republicans or the rich Democrats? Either way, I don't see anyone in Congress on welfare.
Even if there is no connection between the two and you completely discount all of the conspiracy theory stuff, I would think that even the APPEARANCE of a connection would be enough to scare people away. Politics is perception, so why even allow the perception of one party having an undue influence over the voting systems? Whatever system is used should be beyond the possibility of reproach.
A vote is something else...there's lots of motivation to steal an election. There isn't any way of knowing, given today's operating systems, that no one has either hacked the code in ROM or loaded a hook that'll modify the vote as desired. For every measure you propose to thwart theft, there's a counter measure. That's just the intentional attacks. There are hardware failures to contend with as well. There isn't a straightforward way to backup a vote and know for certain that the backup is accurate. Distributed tallying/backup just introduces another error source.
Voting is an activity that is best left to humans doing the tallying. When properly implemented, it's trustworthy unlike what we're currently doing. I know this is /. heresy but there are tasks where a technological solution should not be applied - voting is one of them.
I posted this in a reply and I think its been on /. before but there is a wealth of information on this issue at BlackBoxVoting.com. If you haven't seen the site I think you will be surprised by how much clear evidence there is to various improprieties and general incompetence.
Drill baby drill - on Mars
The So Called Liberal Media must be at it again.
While I agree with the article's point of view I'd like to mention that I have never seen anything more complicated that a pencil used in a Canadian election.
"The ballots in Florida were NOT confusing"
Oh pleaase. The Palm Beach "butterfly" ballots were very confusing. It just was not clear what you were supposed to do. Many people intending to vote for Gore voted for Buchanan.
I work as an election official and I see what people do. They take their voting responsibility very seriously! This "Democratic voters are too stupid" smear just doesn't wash. You should give people more credit.
As much as many of us would like to see open source prevail in the electronic voting system market (as the Aussies have decreed it must), it is not, by itself, a cure-all for the kinds of abuses it tries to address. Who's to say, for example, the the code that's published matches the firmware in the machine. I know my county auditor wouldn't know the difference. No, what's needed beyond open-source is a verifiable chain of trust from the published code to each individual machine. I don't know how to make that happen, but I'll bet there are some crypto gurus out there who can figure it out.
The day we stop believing in democracy is the day we lose it.
Drill baby drill - on Mars
Comment removed based on user account deletion
Drill baby drill - on Mars
Care to provide any sources for your story?
Question - how did Democrats vs Republicans get into this? Are electronic voting machines that don't allow the voter to verify that their vote is correctly recorded somehow a Democrat/Republican issue? How did that come into this?
Comment removed based on user account deletion
Thank you for disecting the heart of the "conspiracy theory" issue. How can normally skeptical people call this a "conspiracy theory"?
Fact: A company is producing voting machines which are easily tamperable and which allow such tampering to go completely undetected except through observing anomalous results.
Fact: There are people who would benefit greatly from utilizing this ability.
Fact: The company in question has given a good deal of money to one of the groups of people who would benefit from exploiting the flaws in the company's system. Even stated that they want to help said group win.
How could a rational, skeptical person look at this and not think "something isn't right here"?
Perhaps you are right, and alleged skeptics have suddenly become convinced that everyone in politics (or just their favorite politicians?) have become saints.
The enemies of Democracy are
Hey folks, how tough can it be to write some software to gather votes and put them in a database? AND print TWO identical receipts, one for the voter, and one for a backup ballot box, in case of recount?
.DLL to handle a touch screen, it seems to me that there is plenty of room to put Diebold and the others, cheaters or not, out of the voting-machine business!
I know of local bowling alleys that use touch-screen Point-of-Sale systems, so you know the hardware can't be all that expensive, either.
So, considering how expensive those "Certified" voting machines are, AND how cheap ordinary personal computers are, AND how secure BSD or other free Operating Systems are, AND how simple it should be to write some Open Source voting software, with some semi-standard
What part of "Voter verified" did you not understand? The point is, the Vote doesn't go into the lockbox until the person voting has looked at it. Maybe they actually take the time to make sure that it says what they wanted it to say, maybe they don't. But if even one person in twenty is that careful, it's sufficient to catch any attempts at tomfoolery by the machine itself.
So we rely on the machine's tabulation, but have the ability to spot-check it if there is any reason to be suspicious. Perhaps one machine in twenty could be hand-counted for quality control. If we crack open the box and find 3% more votes for the losing candidate than the machine itself reported, then we know something went wrong.
There's nothing wrong with electronic voting, so long as it is done in an open manner, and can be verified by a separate audit trail.
Another security measure I would implement is to have the system boot from a CDROM (read-only drive). That way, the software could be examined after the fact, with a firm knowledge that the software being examined was actually the software being used during the election.
BTW, 1000th post!
You want the truthiness? You can't handle the truthiness!
Wow, you don't have many /.'ers who will admit that the 1960 election was a fraud. Don't get me wrong, I'm NOT supporting internet voting or any such thing (guess I should have made that clearer) In fact, I agree, there are about 2.5 politicians in the country who wouldn't rig an election, given the opportunity. Fraud could have happened on both sides in FL - we just don't have any real *proof* of it.
I really think we're attacking the same problem from different angles. I completely grant everything you said - which is why it's important to not go nuts over every election in which we backed the loser. Because if people are claiming fraud on every election, it kind of takes the sting out of it if we really DO have evidence of clear malfeasance (like 1960). Case in point being the guy who I originally responded to - that isn't helping.
-Looking for a job as a materials chemist or multivariat
They are following the standard practice that worked well on the Mob.
Start at the bottom and go up... Kenneth Lay will get his due.
Your viewpoint is obviously slanted by the "Hate Bush by any means" school of thought which is damning most of the Democratic party from putting up some good candidates and platforms.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Who are we waiting on?
WE are the only people who can see this done correctly. Sitting around waiting for ourselves doesn't cut it.
Appropriate patience in this case is realizing that we will have to keep yelling throughout the process and not get distracted along the way.
Yes, it will take time for us to fix this. So we'd better start now.
This is not a political statement. This is not legal advice. It's a frick'n Slasdot post. However: I'm Running For
"Australia, Canada and New Zealand use open source software for their voting machines, which are reliant on an open source operating system such as Linux or UNIX"
New Zealand does not use any form of electronic voting, it is considering some form of electronic voting in the future, but no decisions about what software etc. to use have been made. I am fairly sure Australia is in the same position.
It would be a shames if a good decision at Loas Alamos was based on lies....
Left... right... all irrelevant. The actual conspiracy is the top, against the bottom.
-Hentai [in vita non pacem est]
wouldn't it also be fair to say that the "rich" 50% have at least 96% of the wealth, so therefore should pay 96% of the taxes?
Jack Valenti and Orrin Hatch will be first up against the wall when the revolution comes.
Comment removed based on user account deletion
A bit of news from New Scientist about e-voting in the UK. http://www.newscientist.com/opinion/opletters.jsp? id=ns24227
My fav units are dead Mavs
Doesn't your statement depend on whether the term "right wing" is referring to the "consipiracy" or the "theory"?
The use case seems so obvious to me:
1. User-Friendly Device receives user's vote choices.
2. Device records choices.
3. Device prints receipt reflecting votes for user.
4. User inspects receipt and (with the aid of Judge) can correct their vote.
5. User decides receipt properly reflects their desired vote.
6. User places receipt in sealed ballot box.
7. Device reports end-of-day results to Parent Device.
8. Parent Device reports detail and total results for district.
9. Judges audit detail against paper reciept according to local procedures.
10a. Results pass audit Judges certify the results.
10b. Results do not pass audit. Judges direct paper receipts must be counted entirely.
10b1. If discrepency would not effect outcome, election is certified.
10b2. If discrepency would effect outcome, election is declared null and void. A new vote is scheduled.
Above use case is copyrighted by author and hereby declared to usable by anyone without compensation or reference.
Nope. Look at the linked spreadsheet. The richest 50% account for 96% of the income tax base, but only 87% of the income. So the poorest 50% earn 13% of the nations income, but only pay 4% of the nations tax.
Then numbers become more disparaging the higher you go. The top 5% of wage earners pay 56% of all taxes (yes, over half!), but only earn 35% of the income. The top 1% pay 35% of all taxes while earning only 20% of the income.
or in the voting system is the real issue.
The fact that it could add 16,000 votes & that that was only noticed b/c the number was so large begs the question of what happens when it adds smaller numbers of votes?
eg how many times did the software just add 20-50-200-etc. votes without anyone noticing?
Exactly how does earning USD 27,600 per year qualify one as being rich?
You will notice that I didn't use the term income in my previous post. I used wealth. There is more to being rich than just having income. My parents do not have a high income, but do have lots of accumulated wealth. When you factor in wealth and not just income things scew more towards the rich.
For instance lets say bill gates has a salary of $500,000 a year. that is his income. Unless he is selling off stock or receiving intrest payments on other investments he has a small income. Even if his stock doubles in price, he didn't earn any money so he doesn't have to pay taxes.
Jack Valenti and Orrin Hatch will be first up against the wall when the revolution comes.
The system is designed so that everyone (theoretically) has the same protections against getting railroaded. In reality, it can happen if you have bad counsel, corrupt police, etc., but I have a feeling those aren't as common as TV would make them appear to be. Any system can be taken advantage of by those on the inside. It's like the saying about government goes - ours is the worst system of justice, except for all the others.
Obvious exits are NORTH, SOUTH, and DENNIS.
In spite of what everyone wants to think about it (and in spite of the fact that it will never fly), this is essentially all that MS/Intel are trying to do with Palladium.
Smart bunch there. A wee bit more politically conservative than I am now, but a smart bunch none the less.
And it has to be one of the most newsworthy small-towns of 20,000 people anywhere.
First Atom Bombs, now voting machines. I wonder what they'll do next to protect Democracy?
Start Running Better Polls
We are taxed on income, not wealth, so your point is irrelevant. Even if we were taxed based on wealth and not income, we would see an even more slanted scale with the rich paying an even higher percentage of the income tax base.
The greatest fuel for conspiracy theories is the adamant eschewing of a required paper trail. Why is it that printing a record that the voter can verify, that is the source for recounts, so opposedl.
Including an auditable paper trail would just leave the actual veracity of the machine tabulation in question. The lack of a paper trail allows for manipulation and the consistent dismissals of such a simple method of verification certainly implies to me that their is an intent to allow deception. The assurances of self-interested CEOs who are also adamantly partisan aren't assuring.
The potato it is uninformed.
Nobody expects this stuff to be Phd thesis standard, but a bit of accuracy and honesty is not too much to ask.
Drill baby drill - on Mars
As they should... just because you technically did not have income doesn't mean you didn't improve your worth. If I own 15 properties and millions of dollars worth of stock I should pay more taxes than someone who has no accumulated wealth and makes the same amount of money. Of course this is almost impossible to do, so we work on the assumption that those with higher incomes are able to accumulate more wealth and therefore pay higher taxes.
Jack Valenti and Orrin Hatch will be first up against the wall when the revolution comes.
4. Explain how you do this securely. How do you make sure that the judge doesn't wait until the user leaves and changes votes.
9. They would have to count all of the votes. If they are going to count all of the votes then why have the computer tally them in the first place. Remember from step 5 that we know the paper ballot reflects the voters intention. We do not know that the computer tally reflects the voter intention, therefore the paper ballot is the "real" vote. Why do we need the computers at all? Just to fill out the ballots?
10b2. Nope, sorry, not an option.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
Sure, the *vast* majority of people won't verify their ballots. But, if I've got a copy of the ballot that I turned in, and I *do* verify it, then I have *proof* of an error instead of just an accusation. Without knowing what ballots will be verified, there is no 'safe' way to falsify ballot information that is publicly viewable. If 1 in 100 check the recorded vote against their copy of the ballot (which they checked before turning in the other copy) you've got a statistically sound sampling of accuracy. If 1 in 10 of those votes doesn't match the corresponding paper ballot, you've got proof of an error in the system.
If 1:100 voters checks his ballot, and you only modify 1:10 ballots then the probability of a voter noticing a change is 1:1,000. So what do you do when the 1,000th voter's ballot doesn't match his vote? You can't invalidate the other 999 votes, that would be unconstitutional. Worst case, you can invalidate that vote and take that machine out of the system. Too bad you've already counted 99 bad votes.
If you did this with 1:10 machines, or even 1:100 that's a lot of bad votes that you can't invalidate. In a close race you could modify 1:100 ballots, and then probablity of detection goes down to 1:10,000. Even if the problem is detected after only 5,000 votes you still can only invalidate the ones you KNOW are bad. In many polling places a single machine won't even be used 1,000 times in a day.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
In his issue position statement brings up many tried and true points the /. crowd are well aware of, including H.R. 2239, otherwise known as the "Voter Confidence and Increased Accountability Act of 2003"
Start Running Better Polls
Your overly emotional tirade needs to stop.
It's not just me and it has only just begun.
Grow up and participate in the ADULT world. Your exactly the type of person who gets laughed at. I bet your easily tweaked about other subjects as well.
If the other subjects involve runaway aggregation of power or the wholesale killing or brutalization of people, then yes, you are correct.
It would be absolutely hilarious watching you attempt to argue your point with intelligent people - in other words you would be "toast".
So if we look at the banter you and I are having, we can only come to one of two conclusions: either I am "toast", which certainly isn't the case as you've largely evaded the substantive points I've made, or, you're not an intelligent person.
I love the line about he didn't win the popular vote, guess what, neither did Kennedy - hell Kennedy lost by a bigger margin.
Speaking of not being very intelligent, this is incorrect.
Finally, don't look for salvation in either the Democrats or Republicans. They both suck...
At least we agree about something.
Is this truly the only Earth I can live on?
GOD DAMN IT PEOPLE!!! IT'S A JOKE!!!
Us New Mexicans (yes, I live in New Mexico) have been getting this for YEARS...
One of us goes and makes a joke about it, and you all make it out as FLAMEBAIT.
Moderators on Slashdot suck.
(BTW, this is a rant, not a flame, not a troll... so go bite your mod points!)
I am unamerican, and proud of it!
New MEXICO yo yo yo mod me up if you are a PIMP.
The more you know, the less you understand.
Your math is way off. The chance of a PARTICULAR voter noticing a change if only 1 in a hundred voters checks their ballot and 1 in 10 ballots are modified is 1:1,000. However, there are 1,000s of voters. Also, the odds of detection are better if the proportion of ballots modified is larger and if more than 1 in a hundred voters checks the ballot.
About the unconstitutionality of invalidating the votes for a machine with an error: this situation is analogous to having a ballot box stuffed. You temporarily set aside these votes. If the number of set aside votes is not large enough to affect the election, there isn't a constitutionality problem. If the winning margin is smaller than the number of suspect votes, you have to have a special election, just like when voting fraud on paper goes on. The important thing is that you can catch fraud, which discourages it, and you know when appreciable fraud/error takes place.
The key is that fraud/error only matters if it affects enough votes to influence the election.
Talk about letting your biases show! The commentary above says "widespread right-wing conspiracy theories have done great harm". Yet the link is to a story that describes LEFT wing fears! (Specifically, that Diebold et. al. are all GOP contributors, and the machines "are being used to fix elections all over the country in Republicans' favor.")
Now, this is not to say there aren't a TON of right wing conspiracy theories out there, about these voting machines; of course there are. But why mislabel the link as describing right wing kooks when it actually describes left wing kooks? It's easy enough to find a link that actually supports the submitter's predisposition concerning the nuts on the right...
It must be a conspiracy!
A separate paper trail is good, but it would seem simpler to just make the main voting record be paper. There are plenty of automated multiple-choice tests where you fill in a box with a pencil and the machine reads your answers. This could be done for voting and realize just the same cost savings as touchscreen voting, but with a built-in paper audit trail. Furthermore, the ballots could be processed by two systems from competing vendors to make sure the results agree. As a last resort they can be counted by hand.
I just don't understand why touch screens are so favoured compared to paper.
-- Ed Avis ed@membled.com
Of course, they contribute less to the overall tax collection. That is because they make a lot less. It's called progressive taxation. If you removed your ideological prism, you would see that taxing everybody equally is not fair.
A 17% tax for a person making $20,000 is quite a bit of money and it has a direct impact on their ability to house and feed themselves. A 45% tax on a $1m income still lets you lead a good live, while contributing according to your wealth.
Thus, half the country is not riding on anybody's cottails. They work hard and simply do not make enough to bear a higher burden. If you consider the huge tax gifts that the rich have been given over the past few years, it stands to reason that there has been a veritable tranfer of wealth.
Pragmatism as an ideology is not particularly pragmatic in the long term. Keep it in mind when you dismiss Free Software
How facetious can you be? Those numbers don't mean what you think they mean.
When you say that the poorest 50% earn 13% of the nations income, but only pay 4% of the nations tax, you forget to tell us what is the purchasing power of the poorest 50% and whether their income is sufficient to provide for housing, food and medical care. As you relate the increasing cost of these to their income over a historical period, say the last 30 years, you see that their standard of living has gotten steadily worse.
But it is easier to twist the numbers and pontificate than to look at reality.
Pragmatism as an ideology is not particularly pragmatic in the long term. Keep it in mind when you dismiss Free Software
Response:
4. The point here is not to offer more security than is available today. Today a judge could wait until the end of the day, bribe the other judges and replace current paper ballots. If we want a system more secure than today's systems, I agree we need a whole new plan.
9. The point of an audit is that you check a small (0.5% - 10% of the ballots against a report. If the vote report for a location listed all the VOTE_IDs above the total for the candidate. The audit compares the receipts to the reports. Even one mis-match (a VOTE_ID on the receipt in conflict with the report) reveals tampering. Much more reliable than today.
10b2. Of course, this is doomsday, this is a faulty report. The only choices are reschedule or accept a tampered vote. I think the choice is obvious.
Does this answer the objections raised above?
4. The point here is not to offer more security than is available today. Today a judge could wait until the end of the day, bribe the other judges and replace current paper ballots. If we want a system more secure than today's systems, I agree we need a whole new plan.
Why would we spend billions of dollars on a system that is less secure or differently insecure than the current system? That's just stupid.
9. The point of an audit is that you check a small (0.5% - 10% of the ballots against a report. If the vote report for a location listed all the VOTE_IDs above the total for the candidate. The audit compares the receipts to the reports. Even one mis-match (a VOTE_ID on the receipt in conflict with the report) reveals tampering. Much more reliable than today.
You can't print a unique id on the print outs because the votes have to be anonymous. You also can't know that the end of day print out isn't altered in the same way as the voter print outs. They only way to be sure, would be to count _all_ the paper ballots and make sure the total sent to the master counting system jibes with the e-total. You can't count a subset because you can't link a e-vote to a paper ballot. Even if you could, we're talking about software so the fraud can take place at any point, and the system can remember the real count and the fraudulent count.
10b2. Of course, this is doomsday, this is a faulty report. The only choices are reschedule or accept a tampered vote. I think the choice is obvious.
There is no reschedule option (-- That's a period) The only choice would be to throw out all the suspect votes, but the reprecussions from that are obviously huge.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
Why would we spend billions of dollars on a system that is less secure or differently insecure than the current system? That's just stupid.
My understanding is that the major design objective here is to have a user-friendly device that correctly records the intent of the voter. There doesn't seem to be a massive election fraud issue in the US. We just need to ensure that in making the system easier to use (especially for those with disabilities) we don't make it less secure than today.
You can't print a unique id on the print outs because the votes have to be anonymous.
When I vote today, I am handed a ballot after I present my credentials. I trust that there is not a mark that ties me to the ballot. Same thing with a VOTE_ID, it would be generated sequencially. I would have to trust that there is no cross reference to my identity. Hopefully the voting process should make that obvious.
You also can't know that the end of day print out isn't altered in the same way as the voter print outs. They only way to be sure, would be to count _all_ the paper ballots and make sure the total sent to the master counting system jibes with the e-total.
I think a reporting / audit process could easily be designed but it would require a VOTE_ID to be able to use a sampling process.
When I vote today, I am handed a ballot after I present my credentials. I trust that there is not a mark that ties me to the ballot. Same thing with a VOTE_ID, it would be generated sequencially. I would have to trust that there is no cross reference to my identity. Hopefully the voting process should make that obvious.
The cross reference is you standing there with a ballot with a unique ID. Plus if you want to be able to correct said ballot, you must be able to somehow prove that it is YOUR ballot after the vote is cast.
I think a reporting / audit process could easily be designed but it would require a VOTE_ID to be able to use a sampling process.
So I write my trojan to report the correct vote whenever you query it with a particular VOTE_ID, but always report my adjusted total. Unless you check every single vote, I always win.
In my county we use scantron type ballots (really easy you just color the circle next to the right name). When you are done you feed the ballot into the reader attached to a locked box. The computer counts the votes, but the original ballots are safely locked away in case a manual recall is called for. A new very expensive computerized system would have to be BETTER than this system or it's worthless.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
So I write my trojan to report the correct vote whenever you query it with a particular VOTE_ID, but always report my adjusted total. Unless you check every single vote, I always win.
The report I'm picturing is a final group of reports where there is a list of each VOTE_ID for a candidate and a total at the bottom. It would be easy to check that the number of listed VOTE_IDs equals the subtotal and that the subtotals equal the total. The audit of the paper receipts would indicate the VOTE_IDs are authentic. It would be a powerful audit because one misplaced VOTE_ID (counted for the wrong candidate) would reveal tampering. Accountants do this all the time with invoices.
It's probably too late to clarify what I meant - I should log in more often!
I didn't mean that the people who thought elections were going to be rigged by the makers of these machines were TFH's. There have been attempts to rig elections right back to the days of the Abolitionists. There's no reason that it will change now, and we can see that Diebold has the means and the motive.
I was referring to something in the article dismissing concerns as 'conspiracy theory' with all the Roswell/JFK/Zionist Elder overtones it carries. Looking back at my post though, I can see the ambiguity.
My apologies to anyone who was offended and still checks the replies to their comments. The potential for vote-rigging is scary as Hell here.
Although hopefully some people realized what I meant or else why was I modded up so much.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
As long as you are not checking every vote the probability of detecting the cheat is (ratio of fraudulent votes) * (ratio of checked votes), so you haven't improved over the existing system, but you've given up on anonymity.
The computerized system starts out at a significant disadvantage to the paper ballot system because there are a finite number of ways to cheat a paper system. That's why all of the computerized systems are trending towards glorified systems for filling out paper ballots.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
I think we agree that all the systems under discussion are overkill, but that's federal law for ya. If VOTE_ID is not tied to a person, anonymity is not surrendered.
As for the sample required, only a small sample is required to find the first fraudulent vote. Take this calculation
...from MS Excel. In other words the sample size is a function of the winning margin and seems reasonably small.
Report Sample
Machine 1
Candidate 1 VOTE_IDs
1001
1003
1005
1009
Machine 1, Candidate 1 Total: 4
Candidate 2
1002
1004
1006
Machine 1, Candidate 2 Total: 3
Machine 2, etc....
Location 1, Candidate 1 Total: x