Slashdot Mirror
Can America Trust Electronic Voting?
A anonymous reader writes: "The Sacramento Bee wrote an excellent article about the issues surrounding electronic voting. It was written by the Yolo County clerk/recorder and a professor of law at UC Davis. They quote sources such as Peter G. Neumann and Diebold's president Walden O'Dell."
Maybe I'll be a little 'off-topic' but I would like to add some reflexion to this article.
E-Voting and its problems are a clear example of what is happening: we are giving to our computers and networks more and more 'power' over our own lives. This wouldn't be a problem if security was some exact science.
We still have big problems with computer security and while we didn't fix them yet (anyway can we really fix them ?) the overall 'value' of the data that goes through our networks is fast increasing.
This, I think, will be even worse in the near future because the software, systems and networks we use will be more and more complex and it will be harder and harder to maintain a good level of security on them.
You could argue that the problems exposed in the article are not related to security. I would say 'not yet'.
But something really interesting is said: "These machines leave no 'paper trail,' that is, no voter-verifiable record allowing a retrospective audit of the votes recorded as cast for each candidate or ballot proposition.".
Everything in these system is 'virtual'. It makes it easier to loose, to replicate (to steal) or to alter information. I'm quite afraid about that.
Maybe the E-Voting system is not connected to Internet, which increase security of course, but maybe one day it will...
Iraq: war to save the U
To hopefully fixing this problem. This week, the state mandated that all voting machines print a human-verifiable paper ballot. This is good, but the regulation is supposed to take effect in 2006.
While it's a step in the right direction, it's also ridiculous. A voting technology that is unacceptable in 2006 is also unacceptable today. I certainly hope they push up the deadline to before the 2004 election. There's plenty of time to fix it by then.
If you live in California, please bug the appropriate government officials about this.
What sucks is we give up the verifiability of that paper trail in exchange for anonymity.
Voting shouldn't be anonymous.
I wouldn't have a problem with that either. Problem is, somebody will point out "Ah, but what if people can't figure out how to use it or they mark it incorrectly?"
Anyway you cut it, voting is not rocket science people. All I want (as a concerned citizen) is someway to verify the process.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Yes, if the greedy corporations are removed from the process, and an OSS solution based on an openly auditable platform like Linux or FreeBSD is adopted. We are not too far away from this eventuality.
...which brings you back to the question, "what advantage is the electronic system then?" Right now we have a paper trail, and it works well. (OK, maybe you Americans should work on the Usability of your forms :-))
That we will be able to get voting results faster? Well, let's see. In Germany, polls are always on Sunday and the booths close at 6pm. By that time, you already get projected results that usually differ from the final results by less than one percent. By 11pm the final results ("Vorlaufiges amtliches Endergebnis", "preliminary official results") are available. Is it worth spending millions of dollars just to get the results, say, four hours earlier? OK, there's one advantage if the results can be seen in "real time," e.g. over the day, while elections are still running. Because then the knowledge that the current results are very close to each other (think Gore-Bush) might have an influence on who decides to actually go voting later in the day.
And then there's the argument that E-Voting will make it easier for people to vote and thus more people will vote. But on the other hand there have been studies showing that when people had to make more of an effort to go cast their vote, turnouts actually increased.
That being said, www.free-project.org is a good source of pro and contra arguments regarding E-Voting.
Granted, I'm not going to vote electronically without an open source system in place, but this _really_ isn't that hard.
As an example implementation.. When you register, you get a plastic card with a magnetic stripe on it. It has two 32-bit numbers on the card, with your name, picture, and address. One of the 32-bit numbers is your personal identifier, and the other is your signing key.
Now, for the ballot, every candidate also has a 32-bit number. When you want to vote for your candidate, you swipe your card, then select the candidate on the screen. Your pid is appended to the end of the candidates pid, and then it is hashed with your signing key. At the same time, a publicly available signing key from the government signs the 32-bit pid of the candidate. Two slips are then printed out, both with one barcode indicating your hash of the candidate + your pid, and a barcode with the hash of the government signed pid.
One slip is given to the poll people, and you keep the other. Also, a copy of the slip is sent over some network to the vote counting place. If you doubt that your vote has been tallied correctly, all you have to do is search for your signed 64-bit candidate + personal id in some government database.
Paper trail. Verifiability. Randomness. What am I missing? Was t overly complicated? Input, please!
P.S.: Want to vote for someone not on the ballot? Do a write in. They're rare enough that counting by hand isn't an issue.
This statement is false.
While people were worrying about people who had mistakenly misvoted in Palm Beach County, Diebold delivered -16,022 votes for Gore in Volusia County, Florida. Do you suppose that might have had an effect on the election?
http://blackboxvoting.com/
Another issue brought up is that there's no way of being sure that the source isn't tampered before it's installed on the machines. It isn't like you're going to be givin a root account on the machine, allowed to browse the source, then compile it when you're satisfied.
Learn something new.
I think that the voting companies will eventually lobby to regulate out any scrutiny of their process. Will every attempt to investigate the security of such systems by an average citizen be dealt with as a "hacking" crime eventually? With today's fear of the "terrorists" exploiting things, the time for this type of legislation is ripe.
How's the weather in Ontario? Is rent cheap?
US Democracy:The best person for the job (among These pre-selected choices...)
That's an excellent and most obvious point. Yet you would not believe the institutional resistance to this idea among the three e-voting OEMs (Diebold, ES&S, and Sequoia) to the idea of creating some sort of printed record. They insist on doing it all digital, even though their systems are ridiculously, incredibly insecure--probably because, in the event of a recount, a paper trail would provide concrete proof of how poorly their systems perform. There was an excellent overview of all this in Act One of the latest This American Life. You aren't going to believe your ears when you hear how lame these companies are (esp. Diebold), they to whom we are poised to entrust our most important the most important cornerstone of our democracy.
I think there is a world market for maybe five personal web logs.
at http://www.securityfocus.com/columnists/198
... but how do you know that those choices are actually tabulated? The answer: trust the companies that make the machines. But that attitude, if it ever made sense, has been shown to be not just wrong but foolhardy in the past several months... "
Electronic Voting Debacle
Grave concerns over the security of electronic voting machines in the United States means the heart of American democracy is at risk.
[snip]
"...The Big Issue: Security
So, how do you know that the machine actually counted your vote? You don't! Oh sure, you may see a screen at the end of the process that shows you what you selected
While dozens of /. readers are busy spinning theories, touting the presumed superiority of open-source voting systems, and arguing over the relative advantages and/or disadvantages of various electronic voting schemes, we seem to have forgotten to ask ourselves a simple question: what's the point of it all? Why not just use paper ballots?
The answer is, to a great extent, impatience. We've been conditioned to think that it's important to know the election results before we go to bed on election night. It isn't. TV networks cover elections with the maximum of hoopla they can muster: pundits, talking heads talking to pundits, statistics, counts, partial results, and forecasts based on partial results. All of it meaningless to the democratic process. Feeding this hoopla is one of the reasons that we have electronic systems - election officials decided to spend money on unproven systems simply to get results faster to keep reporters off their necks.
What's wrong with paper ballots, marked with a rubber stamp and counted by volunteers supervised by other volunteers? Nothing.
Since 2000, municipal elections here are counted with a mark-sense reader.
Voters get a letter-sized ballot, and they mark their vote with a sharpie. Then, they insert the ballot in a carrier-envelope.
Each ballot has a detachable stub with a sequential serial number, which is initialed by the scrutineer. When the voter returns, he tears-off the stub, and hands it to the scrutineer; this way, everyone can be sure it's the same ballot that was given (instead of a telegram, where you put in a pre-marked ballot, and prove you did it by bringing back the blank ballot).
The ballot is then passed though a mark-sense reader which tallies the counts, and drops into a sealed box, along with the other ballots.
This way, the results are known within seconds when the polls close, AND you STILL HAVE the paper ballots to be recounted, if the need arises.
The machines are not open-source, but starting tomorrow, I am pursuing the matter with the authorities.
On Friday, U.S. Representative Dennis Kucinich from Ohio requested that the House Judiciary Committee take notice of Diebold's misuse of the DMCA:
From Kucinich's press release:
Write your own Congressman, and ask him or her to call for this hearing!
Furthermore, each voting system should have a secret key. On the recipt there should be a hash (ala MD5) of the information and the secret key. A recipt with this hash would be *proof* that a vote was cast, on which machine it was cast, and what you voted for. This way there would be no way for someone to come in later and change votes in the database without that change being evident. Voters could punch in their recipt code into a web interface and have the system automatically check that their vote was cast and counted correctly.
The central votes database would need to record:
- What voting machine cast the vote
- The unique ID of the vote
- What was voted for
Things not recorded in the central votes database:- What time the vote was cast (this would be too easy to tie to who came in and voted when)
- Weather the recipt was printed (If that was in the DB someone could go in and only change votes where there was no proof of what the original vote was for)
- The voting machines secret key (this should be a well guarded secret.)
The recipt should have:- The id of the voting machine used
- The unique ID of the vote
- The MD5 of what was voted for, the uniqe ID, and the secret key
- (Voter Optional) A printout of what the votes were cast
The voting machines would need to disable themselves if for some reason it's printer didn't work. The key to not being able to tamper with the votes is that verification must be possible. Without that, votes could be altered with impunity.set softtabstop=4 shiftwidth=4 expandtab nocp worlddomination
/. If the government wants us to respect the law, it should set a better example.
But there is no such commensurability between the false vote tallies that electronic voting systems might yield when things go badly, and the benefits of speed and efficiency that they might offer when things go well.
Why are there benefits to speed and efficiency?
My understanding is that the people who work at the Polls are either volunteers or temporary employees who earn a 'civic duty' stipend for providing their services. Efficiency is something you worry about at a hamburger stand, not at a polling place.
As to speed: why the hell does it matter that we get a 'speedy' result. The whole obsession over 'speed' seems to be driven by the 'news' media and their incessant need to report results. In actuality, it is always weeks or months before the result of the election is put into action.
Screw speed. Screw efficiency. Let a bunch of community volunteers tally the paper ballots. Fine any news organization that 'reports' official results before they're posted by elections officials. The vision I get of a group of old ladies saying 'hold on and we'll have the numbers in a few hours' to some yuppie fuck journalist is wonderful, and should be the reality.
A Good Intro to NetBS
One may argue that the public has only to gain if the public official brings his expertise into the private sector. My concern is, however, that the public official will use his expertise in side-stepping regulations or choosing the way of minimal resistance, to maximize profits at the expense of following rules and regulations.
Kind of like a hardware vendor optimizing their wares for benchmarks as opposed to real life situations!
"One of the symptoms of an approaching nervous breakdown is the belief that ones work is terribly important." -BRussell
In my town, we have electronic OCR ballot *counting* machines. The ballots themselves are pieces of paper with ovals on them (just like in school). The counting machines are, in fact, Diebold "AccuVote" products [I love the name...sounds like something out of "The Simpsons"]. The point is that all the machines do is count the votes. The ballots are paper and remain the final (anonymous) documents recording each vote. They can always be recounted by hand if the machine totals are in doubt, or the machine malfunctions before the end of voting.
You will never convince me that touch screen machines provide the same combination of security, accuracy and speed. I have nothing against Diebold, but sometimes, we all need to step back and remember the KISS principle and not to make a solution more complex than it needs to be...
Note page 15 of this PDF'd election manual. (The document is an election workers manual from the County of San Francisco, I've worked polls in Santa Clara County myself.) Note that it does not state that ID is illegal to ask for, but does say that "Voters are NOT required to provide proof of identity or residence."
I will add that many voters do bring their voting booklet, or present an ID, and it definitely helps poll workers when you do that, it's somehow just slightly quicker to look something up when you have a nicely printed version fo what you're searching for, particularly with hard-to-spell names.
Here is the text of a proposed law, from February 2003, to require IDs to be checked by precinct workers.
I can't, in the few moments I've looked today, find an explicit prohibition, although I believe I've seen one, I'm willing to drop the assertion that it's directly illegal until I can find direct proof of that statement. I will note, however, that if it's not required, it'd be a pretty bad idea to demand it of voters, since it'd be a direct opening to charges of discriminatory, selective checking of IDs.
On the other hand, a mistake by a polling worker on this point is far more likely to be a mistake than a serious attempt at fraud, poll-workers don't get a ton of training.
I'm a nature photographer.