Slashdot Mirror
Cringley on E-voting
alfredo writes "I am shocked that this story from I Cringley hasn't been sent in and posted at Slashdot. I thought the slashdot crowd would be all over this. Robert X Cringley has a take on the voting scandal a bit different than what we have seen in the past, and promises more to come."
Simple way to make it secure... The electronic machine FILLS OUT A PIECE OF PAPER CORRECTLY AND COMPLETELY. The person INSPECTS this for correctness before making it his/her vote. -- E-voting keeps the democrat from crying "hanging chads, dimpled chads... RECOUNT, RECOUNT, RECOUNT!"
Another concern that I have is the desire of government to jump from the trailing edge of voting technology to the bleeding edge of voting technology. The Florida election results clearly showed the problems with punch card voting. However, many of these problems were due to poor ballot design, poor maintenance of voting equipment, or poor training or poll workers and voters. (A large number of hanging chad problems were caused by the simple failure to clean out the chads from previous elections.) Boston, Massachusetts switched from lever driven mechanical voting machines to paper ballots and optical scanners. There were problems with the transition, but most of the problems were procedural in nature and not technical in nature. The combination of paper ballots and optical scanning has a very good track record. The paper ballots provide a nice audit trail that can be used to verify the results of the optical scanning and computer tabulation.
I live in Somverille, Massachusetts where paper ballots and optical scanners have been used for years. The systems is backed up by experienced poll workers. I've never heard of any problem, let alone a serious problem, with this system as it is implemented in my city.
Congress should have proposed moving to the best voting technology available that has a proven track record. This would avoid the issue of bleeding edge technology that has an unproven track record. The biggest problem with computer based systems that have closed source code and no paper trail is the inability to properly inspect and test these systems to make sure that they are as good or better than the technology that they seek to replace.
First, the reason there's no paper trail despite all of Diebold's other machines having a paper trail is that the Diebold voting machines aren't made by the same people. Diebold bought another company that was already making voting machines, and they haven't had anything like enough time to "merge" the two companies' engineering groups. You see this all the time in IT, some company (Cisco, for example) buys another company, and starts selling their product (the PIX, for example) with their name on it (so now it's the Cisco PIX), but it takes years to actually do more than piddle on it to make it smell like the parent company. Looking at the Cisco example, the PIX is still an odd-man-out product in the Cisco product line.
Second, it's not hard to produce an audit trail *and* assure the votes cast will be anonymous. You just have to make two decisions:
1. The auditable ballot is the real ballot.
2. The vote is complete when the auditable ballot is complete and saved, not when the "user-friendly" ballot is complete.
There's two basic ways of doing this.
One way is to make the touchscreen machines a more convenient way to generate your traditional ballots. That is, the touch screen produces a human-and-machine-readable form (OCR, punch card, whatever). You're taking advantage of the fact that the machine's card punch always punches clean through, that its printer always colors inside the lines, but no more than that.
The other is to let the user see the auditable ballot, but keep it inside the machine. Once it's printed, the user punches "VOTE" or "CANCEL" below the window, and the ballot is delivered (visibly) to the ballot box or the shredder.
Intermediate between these, have a printable ballot that's got a random machine-readable tag on it that the user can deliver into one of two slots, the ballot box or the shredder. After the machine has read the tag it verifies that the voter didn't just shred a blank piece of paper... but the tag is not stored after the ballot has been accepted and it's generated anew using an external entropy source (such as the timing of the voter's screen-taps or keystrokes) for each ballot, so there's no trail leading to the voter.
Any of these would work. The first one could be retrofitted to existing optical or punch card systems, which would allow for precincts to complete their votes even if their electronic machines are down.
What is probably even more crucial is a discussion about voting being accessible and easy. What's amazed me in the post 2000 election discussion is how fast we've stopped talking about all of the voters who were disenfranchised by having huge difficulties getting to a working election center.
The underlying reason why all of use really want to see internet voting is because it would be easier for us to vote. We can pay all of our bills online. We can file our taxes online. Why can't we vote?
The reason is because it is a really difficult security problem to solve. I'm just amazed there isn't more discussion about how to solve that problem than the discussion talking about a poor implementation of the short-term, band-aid solution.
Specifically, I thought http://www.eucybervote.org/xootic2000.pdf has described a really good start to how to really solve the security problem.