Can America Trust Electronic Voting?

A anonymous reader writes: "The Sacramento Bee wrote an excellent article about the issues surrounding electronic voting. It was written by the Yolo County clerk/recorder and a professor of law at UC Davis. They quote sources such as Peter G. Neumann and Diebold's president Walden O'Dell."

Some paranoia...

[zeux]

Maybe I'll be a little 'off-topic' but I would like to add some reflexion to this article.

E-Voting and its problems are a clear example of what is happening: we are giving to our computers and networks more and more 'power' over our own lives. This wouldn't be a problem if security was some exact science.

We still have big problems with computer security and while we didn't fix them yet (anyway can we really fix them ?) the overall 'value' of the data that goes through our networks is fast increasing.

This, I think, will be even worse in the near future because the software, systems and networks we use will be more and more complex and it will be harder and harder to maintain a good level of security on them.

You could argue that the problems exposed in the article are not related to security. I would say 'not yet'.

But something really interesting is said: "These machines leave no 'paper trail,' that is, no voter-verifiable record allowing a retrospective audit of the votes recorded as cast for each candidate or ballot proposition.".

Everything in these system is 'virtual'. It makes it easier to loose, to replicate (to steal) or to alter information. I'm quite afraid about that.

Maybe the E-Voting system is not connected to Internet, which increase security of course, but maybe one day it will...

California is on the right track...

[tinrobot]

To hopefully fixing this problem. This week, the state mandated that all voting machines print a human-verifiable paper ballot. This is good, but the regulation is supposed to take effect in 2006.

While it's a step in the right direction, it's also ridiculous. A voting technology that is unacceptable in 2006 is also unacceptable today. I certainly hope they push up the deadline to before the 2004 election. There's plenty of time to fix it by then.

If you live in California, please bug the appropriate government officials about this.

Re:Redundant, I know

[Shakrai]

So why not just do what we do here in Canada: make the ballot as simple as possible, just mark an X by your candidate. All that's on the ballot is a list of names and a box by each one.

I wouldn't have a problem with that either. Problem is, somebody will point out "Ah, but what if people can't figure out how to use it or they mark it incorrectly?"

Anyway you cut it, voting is not rocket science people. All I want (as a concerned citizen) is someway to verify the process.

Can America Trust Electronic Voting?

[morelife]

Yes, if the greedy corporations are removed from the process, and an OSS solution based on an openly auditable platform like Linux or FreeBSD is adopted. We are not too far away from this eventuality.

Re:Hasn't Australia just mandated a paper trail

[mindriot]

...which brings you back to the question, "what advantage is the electronic system then?" Right now we have a paper trail, and it works well. (OK, maybe you Americans should work on the Usability of your forms :-))

That we will be able to get voting results faster? Well, let's see. In Germany, polls are always on Sunday and the booths close at 6pm. By that time, you already get projected results that usually differ from the final results by less than one percent. By 11pm the final results ("Vorlaufiges amtliches Endergebnis", "preliminary official results") are available. Is it worth spending millions of dollars just to get the results, say, four hours earlier? OK, there's one advantage if the results can be seen in "real time," e.g. over the day, while elections are still running. Because then the knowledge that the current results are very close to each other (think Gore-Bush) might have an influence on who decides to actually go voting later in the day.

And then there's the argument that E-Voting will make it easier for people to vote and thus more people will vote. But on the other hand there have been studies showing that when people had to make more of an effort to go cast their vote, turnouts actually increased.

That being said, www.free-project.org is a good source of pro and contra arguments regarding E-Voting.

Now, really..

[NegativeK]

Granted, I'm not going to vote electronically without an open source system in place, but this _really_ isn't that hard.

As an example implementation.. When you register, you get a plastic card with a magnetic stripe on it. It has two 32-bit numbers on the card, with your name, picture, and address. One of the 32-bit numbers is your personal identifier, and the other is your signing key.

Now, for the ballot, every candidate also has a 32-bit number. When you want to vote for your candidate, you swipe your card, then select the candidate on the screen. Your pid is appended to the end of the candidates pid, and then it is hashed with your signing key. At the same time, a publicly available signing key from the government signs the 32-bit pid of the candidate. Two slips are then printed out, both with one barcode indicating your hash of the candidate + your pid, and a barcode with the hash of the government signed pid.

One slip is given to the poll people, and you keep the other. Also, a copy of the slip is sent over some network to the vote counting place. If you doubt that your vote has been tallied correctly, all you have to do is search for your signed 64-bit candidate + personal id in some government database.

Paper trail. Verifiability. Randomness. What am I missing? Was t overly complicated? Input, please!

P.S.: Want to vote for someone not on the ballot? Do a write in. They're rare enough that counting by hand isn't an issue.

Re:Now, really..

[Aguila]

The absentee voter system already opens the door to bribery. I am not a resident of California, but I believe that you can register to be a permanent absentee voter in CA, for no grounds beyond you feel like it. So, if I were a CA resident and wanted to sell my vote, I would register to be a permanent absentee voter. Then, I would fill out the absentee ballot, show it to the person buying my vote, and then drop it in the mail while they watch. They get one confirmed bought vote, and I get my cash...

Therefore, bribery is equally possible under the current system. I don't even need the California law I cited, it just makes it easier to sell my vote election after election instead of having to obtain absentee voter status for each election.

ATM Analogy

[BrynM]

From the article:

"Dollars and cents are 'commensurable.' A bank doesn't care if it loses $200 to a hacker who makes unauthorized withdrawals, so long as it gains back something more than $200 in cost savings from using the ATM that the hacker attacked. There is no difference except in amount between the dollars lost and the dollars gained. Their value is commensurable.

But there is no such commensurability between the false vote tallies that electronic voting systems might yield when things go badly, and the benefits of speed and efficiency that they might offer when things go well.

So the ATM analogy fails."

I don't think that this analogy fails. From my experience, banks tend to think of the money they hold as "their money". Their business is to use the money that they hold to generate income (fees/investments/interest charges on loans). To me this is the major danger of the voting companies. Do they consider the votes they process as "theirs"? Just look at what O'Dell wrote. To me the issue is control and the ATM analogy fits that well. Ever try to prove a fraudulent transaction to a bank? Were they evasive and controlling of the situation? Did they deny culpability? Did they deny a weakness in their process?

I think that the voting companies will eventually lobby to regulate out any scrutiny of their process. Will every attempt to investigate the security of such systems by an average citizen be dealt with as a "hacking" crime eventually? With today's fear of the "terrorists" exploiting things, the time for this type of legislation is ripe.

How's the weather in Ontario? Is rent cheap?

Another good article...

[dgreenwood]

at http://www.securityfocus.com/columnists/198

Electronic Voting Debacle

Grave concerns over the security of electronic voting machines in the United States means the heart of American democracy is at risk.

[snip]

"...The Big Issue: Security

So, how do you know that the machine actually counted your vote? You don't! Oh sure, you may see a screen at the end of the process that shows you what you selected ... but how do you know that those choices are actually tabulated? The answer: trust the companies that make the machines. But that attitude, if it ever made sense, has been shown to be not just wrong but foolhardy in the past several months... "

The yankees have it backwards.

[Pig+Hogger]

You guys are having it backwards.

Since 2000, municipal elections here are counted with a mark-sense reader.

Voters get a letter-sized ballot, and they mark their vote with a sharpie. Then, they insert the ballot in a carrier-envelope.

Each ballot has a detachable stub with a sequential serial number, which is initialed by the scrutineer. When the voter returns, he tears-off the stub, and hands it to the scrutineer; this way, everyone can be sure it's the same ballot that was given (instead of a telegram, where you put in a pre-marked ballot, and prove you did it by bringing back the blank ballot).

The ballot is then passed though a mark-sense reader which tallies the counts, and drops into a sealed box, along with the other ballots.

This way, the results are known within seconds when the polls close, AND you STILL HAVE the paper ballots to be recounted, if the need arises.

The machines are not open-source, but starting tomorrow, I am pursuing the matter with the authorities.