Cringley on E-voting

alfredo writes "I am shocked that this story from I Cringley hasn't been sent in and posted at Slashdot. I thought the slashdot crowd would be all over this. Robert X Cringley has a take on the voting scandal a bit different than what we have seen in the past, and promises more to come."

Moot?

[CoboyNeal]

The touch-screen voting is by far the worst possible way to do voting. Most common folks can't say "electronic voting" without biting their cheeks, and to say e-voting, is somewhat redundant because e-voting could be mistaken for election voting. When I worked E-day for Ontario's elections in October, I remember it was e-this, e-that... everywhere.

So call it e-voting and wonder why there is confusion.

"So the U.S. government threw $3.5 billion on the table to pay for modernizing voting throughout the land, which is to say making it more expensive and more complicated. That's a lot of money and it attracted a lot of interest. One company in particular, Diebold Systems, went so far as to buy a smaller company that made voting machines just to get into the market. Diebold thought that being in the automated teller business was a good starting point for changing the way America votes."

Why not? They handle lots of money every day, why not give them valuable votes to control too? Oh wait a minute. They are republicans, these Diebold folks, aren't they? Once you take E-day away from little old ladies, you lose all honesty in it, imho.

And little old ladies are really the reason why elections have worked in the past because they are far better at auditing things than any automated paper-trail could be. If you would mess with the machine to fix votes, you could mess with the audit paper to fix the audit. So maybe Cringley's point has some surface validity, but it's moot, IMHO.

He concludes that a paper trail would be necessary for voting machines. That's fine with me, and everything, but the one thing in this article that grabbed me was when he said: "...there is lots of money to be made whether the darned thing works or not, and not much of a penalty if it doesn't work. Two hundred and seventy-five billion is a lot of money to spend on software development, especially if 72 percent of that money will be either wasted completely or used to develop something that doesn't work intended."

This could be seen as the fatal flaw of humanity: we don't care if we fail. We all die anyway, so who cares? Live life, make money and make love and make war and have fun and that's about that. Who cares if we just spent more money on a project that totally failed, when most of the world is starving elsewhere? What does it matter to us?

Personally, I'd like to devise a way so that it *would* matter.

Re:Moot?

[Joel+Bruick]

Although your post is mostly a rant about Republicans trying to steal elections through e-voting and the cliche "stop being selfish and solve world hunger," I think this sentence is important to comment on:

This could be seen as the fatal flaw of humanity: we don't care if we fail.

This is an absolutely fundamental part of the free market economy of the US. Unlike some parts of the world, it's not a huge black mark on your record if you fail. In fact, it's sometimes a badge of honor.

We're entrepreneurs that eagerly take risks, because those risks may just turn us into millionaires. Those risky endeavors are also where the huge innovations that change the world are created.

Sure, a lot of people that tackle this problem will fail. But it's the few that create real breakthroughs that will make us wonder how we ever got by punching holes into paper cards.

Re:Moot?

[Clever+Pun]

The biggest problem with computer based systems that have closed source code and no paper trail is the inability to properly inspect and test these systems to make sure that they are as good or better than the technology that they seek to replace.

You know, this really concerns me. Even WITH a paper trail, it wouldn't be hard to lie to people. All you really need is one extra variable in your program, and the foresight to make sure that the numbers aren't *too* overwhelmingly in one candidate's favor. Pseudocode might look like this:

int x=((rand()*10)-4); //happens 60% of the time
if (x>=0) {
voter_candidate=foo;
voted_for=bar;
display "you voted for " && voter_candidate && ".";
submit voted_for; //submits 1 vote for voted_for to the electoral college
}

and the best part is, we might not notice until we have a string of politicians affiliated with one party that lasts a few terms! Give me pen and paper any time.

Re:Moot?

I think you missed the point. Because nothing is on the line when it's tax money, there is no risk. Losing someone else's money isn't the same as losing your own.

They just polish up their resumes and look elsewhere for work.

Scott Adams had a point in Dogbert's Management book that covered this. Attach your name to a monumental failure and everyone will want to hire you. Case in point, if your name is attached to a project that succeeds, too many people are trying to get recognized for working on it so the noise blocks you. Attach your name to a monumental screw-up and because everyone is hiding from exposure, you at least go down in history as someone with experience.

Like how George Bush has experience going to war.

Re:Moot?

[Zeinfeld]

I live in Somverille, Massachusetts where paper ballots and optical scanners have been used for years. The systems is backed up by experienced poll workers. I've never heard of any problem, let alone a serious problem, with this system as it is implemented in my city.

You forget that here in Massachusetts, cradle of the revolution all the congressmen, both senators, a clear majority of the state house and practically all the statewide officials are Democrats and the only reason that Republicans seem to get elected seems to be people prefer to have someone to serve as a counterweight to one party government.

The point is not what the outcome of elections are when they are practically a formality. Nobody expects Massachusetts to be voting for Bush next November. The only reason political ads run on the Massachusetts TV stations is that people in New Hampshire watch the stations.

I think the concern over Diebold is misplaced. Rigging the voting machines is a really hard way to rig an election, you need a lot of people to be in on the fix. Diebold management might be solidly Republican but there is no way they could trust their engineers to join them in a criminal conspiracy. Its just too many people.

Its not like the situation in Florida where Katherine Harris was reportedly involved with the office manager of Choicepoint, the company who now admits it rigged the infamous 'scrub lists' used to keep legitimate black voters of the rolls on the grounds their names were similar to (four characters matched) those of convicted fellons (many of whom were still serving time and thus not merely ineligible to vote, incapable of doing so unless the Florida authorities sent out a postal ballot). See my sig for details on the Florida scandal.

The way that the vote is rigged in every country is you keep the wrong voters from the polls. In the US that means keeping black voters at home if you are Republican. You make it hard to register, you make the polling stations inconvenient for blacks and easy to get to for whites. At one time the KKK would appear at polling stations dressed in their pillow cases etc. Today there are 'poll watchers' who tend to challenge the credentials of black voters, or be assigned to the polls in black areas.

Then there was a whole different set of tricks used by Mayor Daley in Chicago. Basically the scheme there was they used a machine, a highly organized political group which would vote for people so they didn't have to. 'Vote early vote often'. That is why Nixon tried to have the Illinois ballot challenged in the 1960, only his problem was that the rural vote had also been fixed for his side... Actually although the 60 election was very close in the popular vote the electoral college was a much wider spread.

Yet another way of rigging the result was the way the Republicans stole the 1876 election. Of course this was before the parties switched over and the Democrats became the progressive party and the party of Lincoln became the party of pandering to diehard seggregationists. So you could call this one either way. The fix here wa to have the Supreme court throw out the ballots for enough sothern states to keep Tilden out of office. In the end the South got the best of the deal, in return for keeping quiet the Democrats agreed to end the 'reconstruction' penalties on the South. Part of which being allowing the south to start establishing the institutions of seggregation.

Re:Moot?

[John+Courtland]

But the past isn't in the future. People can more easily see how they're being fucked over now than ever before. Things will change soon, for better or worse, I'm sure of it.

Hmm...

[autopr0n]

I can't imagine too many business owners liking those odds, but the picture does get darker. If 28 percent of software projects were complete successes in 2000, then 72 percent were at least partial failures. And in software, even partial failure generally means getting absolutely nothing for your money.

What does this mean? If you want a program that does X, Y and Z, and you get one that does X and Y, it could still be useful and worth the money you spend.

I think that when you look at lots of 'business' apps, all it has to do is get it close to right, it doesn't need to work 'perfectly' every time as long as it doesn't corrupt the data, and a lot of the QA work is simply mess with it until it gets stable, rather then having any kind of real proof that it works correctly.

That said, I think a lot of slashdot users, or at least me, noticed a lot of "hackwork" style coding with the Diebold voting system. Especially the use of Microsoft tools and MS access.

Its like they slathered together a bunch of components they already had, did a little debugging, and tried selling the the things.

What's frustrating about it is we all know that it's possible to do this simply, and well, but Diebold chose to do a crappy job and lie about it, rather then doing it right the first time.

just wondering

[geoff+lane]

You have to question exactly why it seems to be impossible to build a box that can accurately record keypresses - 'cus that's what we are taking about. It doesn't have to count or tabulate or generate reports; all it has to do is accurately record votes for a few thousand people.

And what is so difficult with printing a dated slip of paper containing the vote and a validation checksum proving the paper was printed at a given time on a particular machine and a specific vote or list of votes were recorded for that voter?

Re:just wondering

[AvitarX]

because if it accuratly records the time of the vote you break anoniminity.

When I heard about all the diebold stuff They said it kept everything time stamped as an audit trail. What I was listening to was talking about how it was an editable spread sheet so anybody could change it, but the first thing I though was, how is this anonymous?

If you can pay an election official to record the time that people vots and what machine, and then use FOIA to get access to the slips when it is done. You can enforce voting the way you want it to.

It breaks one of the most important parts of the election.

Re:Electronic Voting already exists and works

[aheath]

The system you describe sounds exactly like the one that is used where I vote. The key lessong to be applied to all voting systems is "Don't expect what you don't inspect." If you can't or don't inspect the system, then you can't expect any particular outcome from the system. Any voting system should produce a locked box paper trail that allows voting results to be manually compiled and compared to the automated results.

Re:Electronic Voting already exists and works

[NortWind]

Even better, if you do something wrong (such as vote for 2 candidates, or miss the fill in area) the voting card validation box spits it back at you so you can try again. It protect the voter against mistakes.

Re:Bad Invention

[sydlexic]

It's only bad because it lacks auditability. With a paper trail, any fraud could be uncovered.

As it stands, the owners of these companies (who heavily back the Republicans) have carte blanche to steal elections because we now have no way to prove it happened. We'll just keep having these funny little incidents where a white republican male gets 83% of the vote in a black district against a democrat incumbent (yes, it happened ... it was the former CEO of Diebold and the election used his machines). Sounds like an election Saddam would be proud of.

Why no paper trail?

Now here's the really interesting part. Forgetting for a moment Diebold's voting machines, let's look at the other equipment they make. Diebold makes a lot of ATM machines. They make machines that sell tickets for trains and subways. They make store checkout scanners, including self-service scanners. They make machines that allow access to buildings for people with magnetic cards. They make machines that use magnetic cards for payment in closed systems like university dining rooms. All of these are machines that involve data input that results in a transaction, just like a voting machine. But unlike a voting machine, every one of these other kinds of Diebold machines -- EVERY ONE -- creates a paper trail and can be audited. Would Citibank have it any other way? Would Home Depot? Would the CIA? Of course not. These machines affect the livelihood of their owners. If they can't be audited they can't be trusted. If they can't be trusted they won't be used.

Now back to those voting machines. If EVERY OTHER kind of machine you make includes an auditable paper trail, wouldn't it seem logical to include such a capability in the voting machines, too? Given that what you are doing is adapting existing technology to a new purpose, wouldn't it be logical to carry over to voting machines this capability that is so important in every other kind of transaction device?

This confuses me. I'd love to know who said to leave the feature out and why?

ATMs? The CIA? Tickets for trains and subways? Building access cards?

All transactions which tie the individual to the action.

Why no paper trail in voting machines?

Maybe because voting is supposed to be anonymous?

Let me tell you a little story...

In the town where my mother grew up, the population was in the thousands. Not more than ten thousand, in the mid-thousands.

During one election, one of the parties came to my mother's house, and picked up my grandmother to go take her to vote, because they had been watching the poll place, knew everyone who showed up, and knew what the exact vote was, before the vote was counted, because of who showed up to vote. They knew my grandmother didn't vote yet, and made sure they took her to vote because they needed her vote, it was that close.

Now let me tell you another story. The first time I voted when I turned 18 here in the US, I noticed that the voting place workers were putting the signature cards in precise order on top of the voting machines (the ones with the arm you pull to close/register vote/open curtain). They placed them in precise order according to the order that each person went into the booth. On those cards was your signature, that they used to compare against your voter card. So they could go back, and according to the order of the cards, and the order of the registered vote, figure out what your vote was. Of course, this is supposed to be impossible, your vote is supposed to be anonymous.

Fat chance. If you believe your vote is ever anonymous, you are a fool.

I later was able to obtain more information that confirmed my theory about whether votes are anonymous or not, and whether they can be fixed or not.

The touch screen voting simply brings new technology to a problem thousands of years old. Power corrupts, absolute power corrupts absolutely.

If you are an idealist, then you believe in the voting system. And if you believe in the voting system, you believe in anonymous voting. A paper trail obliterates anonymous voting, not just in small towns like my first story, but in all towns in cities, because of the breakdown by precinct making it possible to localize and fragment the US population.

For you younger folk, do you remember the 2000 election?

Remember the husband/wife absentee votes from two people in a foreign embassy in a small country? The husband was appointed by Clinton. The two votes came back, and were added in whe

Re:Why no paper trail?

[mcc]

Now let me tell you another story. The first time I voted when I turned 18 here in the US, I noticed that the voting place workers were putting the signature cards in precise order on top of the voting machines (the ones with the arm you pull to close/register vote/open curtain). They placed them in precise order according to the order that each person went into the booth. On those cards was your signature, that they used to compare against your voter card. So they could go back, and according to the order of the cards, and the order of the registered vote, figure out what your vote was. Of course, this is supposed to be impossible, your vote is supposed to be anonymous.

That's an implementation problem. Make it instead so that the vote paper trail is dropped into a locked box that's counted elsewhere, and the implementation problem goes away. Physical/paper voting systems are easy to change; call the local paper, complain to the city council or whatever, and you can probably get something implemented to fix that problem. If you find that no one is listening to a lone election monitor, or the town's too small for someone to "rock the boat", the ACLU will be more than happy to make some noise on an anonymous tip.. and oh, of course, you aren't trying to INSINUATE anything! You just want to ensure the process is as trustable as possible.

Yeah, watching who goes into a polling place is an effective method. But as long as there's a decent-sized number of people per polling place, you can't be *sure*. If 300 people voted in this one station, and 5 of them voted "wrong", how do you know which ones?

Absentee voting is ALWAYS problematic from the anonymity standpoint.

Re:Why no paper trail?

[Doc+Ruby]

Guessing how people will vote, even in a small, close-knit community, is different from actually knowing. And shows why tiny communities' votes must be aggregated into larger ones, for the statistical method of majority rule to work. As for your interesting observation of the ordered registration cards stacked on the booths, the hole you found in the voting cryptological protocol also requires an ordered list of otherwise anonymous votes to be kept in the booth - does that actually exist? Have you reported this abuse to the FBI? You're voting and paying taxes to keep the FBI around to protect you, and your neighbors, from exactly that kind of fundamental abuse. Do something to keep your freedoms, or you'll have a lot more to be suspicious of. And your apocryphal story about a "Clinton" voter in the 2000 election has more loose links than the fact that the Clinton who had appointed ambassadors did not run in 2000.

I am a cynic, and I rely on the voting system to be a statistical model of the consensus of the people. The mechanics are less than ideal, but our job is to constructively criticize them. So we can achieve a "more perfect union". A paper trail might possibly work against anonymitiy, although not necessarily. Lack of it seems to ensure the inaccuracy of the statistical model, which is unacceptable.

Re:Misleading

[aredubya74]

But much of the remainder of the support on this issue have come from people using the advantages of touch-screen voting to sell "electronic voting", acting as if the touch-screens are inseperable from the idea of storing votes for tabulation on fragile, black-box electronic media, and banking on public confusion about All Things Computer to assume people won't notice this. [emphasis mine]

It's not confusion - it's ignorance. The plebes that make up our electorate think computer = Microsoft Windows. They don't think of the thousands of different specialized computers that are used in everyday life.

The proponents of touch-screen voting are trying to capitalize on the most successful computing paradigm of the last 20 years: the point-and-click GUI. People trust that if you point-and-click, the program runs (the "click" being analogous to a toaster or TV power button - you click it, it works). If you drag-and-drop, the file is copied (or moved or run or deleted, depending on where you dropped it). People know how it should work, so they trust that it does work. That implicit trust is where it goes wrong, as we've discussed innumerable times ("Hidden bits can't be trusted").

Btw, I do like the idea of dumbing down Scantrons you propose. The point is to have an accountable paper trail, and that does it quite nicely.

why no audit trail

[TheSHAD0W]

If EVERY OTHER kind of machine you make includes an auditable paper trail, wouldn't it seem logical to include such a capability in the voting machines, too?

The reason why the voting machine doesn't produce an audit trail is that it's rather difficult to produce such an audit trail AND assure that votes cast will be anonymous. Elsewhere in the world people who voted for the "wrong" candidate faced retaliation, and the US voting system was set up to try and prevent that. Some systems that will "chop up" receipts have been proposed, but a failure in the mechanism might cause it to lose anonymity. I've proposed a method of having both audit and anonymity, but it's a bit on the complex side.

Re:why no audit trail

[stefanb]

The reason why the voting machine doesn't produce an audit trail is that it's rather difficult to produce such an audit trail AND assure that votes cast will be anonymous.

I don't think this is the reason the vendors have not included a paper trail (if only for the reason that I don't believe they're that smart).

But once again, why do not use the time-proven method of making marks on a piece of paper, and counting the ballots manually, under supervision?

People here have pointed out that paper ballots can be manipulated, and that the process of paper voting can be manipulated. However, these processes have been used for centuries, and the security vulnerabilities are well understood. I do not believe that the security implication of the machines and the new processes are well understood at this time.

I've not heard any really convincing argument why computerized vote casting is better, or in which way. Random assertions of "Jane Doe, 84, cannot figure out how to mark the ballot" do not instill confidence in me that any different process is necessarily better. I do realize that being able to include illiterates to make a competent choice is a laudable goal; I just think that designing the ballot to be usable without being able to read is a lot more effective approach than using an untested, poorly thought-out touch-screen display, and then claiming that "using a touch-screen is easier". (Just to give one example.)

Now available with Printed Receipt(tm)!

So who decided that these voting machines wouldn't create a paper trail and so couldn't be audited? Did the U.S. Elections Commission or some other government agency specifically require that the machines NOT be auditable? Or did the vendors come up with that wrinkle all by themselves?

I would bet the manufacturers came up with the "no receipt" requirement. That way, when there is a fiasco with the next election about someone getting a negative number of votes and no paper ballots to do a recount, there will be a move to replace the paperless machines with machines that do have a paper trail.

It's all about repeat business.

How is it hard?

[mindstrm]

For every vote cast, you print off a paper ballot, marked with only the machine ID, no identifying information. The voter is permitted to see this ballot through plexiglass, and decide if it indicates the correct choice. If they hit the "NO" button is it shredded, and they start over. If they hit "YES", it goes into a bin, and they can leave.
You audit hte machine by comparing the tally in the machine with the tally in the bin.. you don't need to be able to check every individual vote and decide which.. just knowing you have discrepancies is all that matters.

Re:E-voting

[splattertrousers]

Or even more simple: have the person fill out the ballot (punch cards, optical, whatever) and insert it into a machine right there in the little booth. The machine says who it thinks the person voted for. If the person agrees, then the person submits the ballot to the ballot taker. If not, the person rips up the ballot and tries again.

Solves the problem without making too many changes to the current system.

No paper record of vote, but pre-audited software

The Australian Capital Territory Electrol Commission is on the web - and this page might be of interest

http://www.elections.act.gov.au/Elecvote.html

and it has links to the source code and the process of viting and FAQs. They appear to have a full disclosure and a public debate on this. It can potentially - arguably - be made a bit "more better" by printing the vote on paper.


From the FAQ:

Does the system print out a copy of my vote?

No. There is no need to print a copy of any votes. The Electoral Act 1992 does not provide for a "paper trail" of electronic votes cast. This is not required as the software for the voting and counting systems has been rigorously tested, independently audited, and published for anyone to see on the internet. In addition, audit trails and security systems will be in place to verify that the software used in production is identical to the tested and audited software, and to verify that the data actually counted is the data cast by voters in polling places. This approach is intended to ensure that there will be no way in which electronic votes can be tampered with. The system is intended to be more transparent and secure than the existing paper ballot method. ...

How do I know that what goes in is what comes out?

EVACS was extensively tested by the developers and the ACT Electoral Commission before the Commissioner was satisfied that it was suitable for use at the election. More information on testing.

A reference group, consisting of representatives from parties, MLAs and special interest groups, including ACT Blind Citizens Australia and the Proportional Representation Society, provided feedback during development and testing of the system. More information on consultation.

The Commission contracted an independent software auditing firm to audit the software code of the system to ensure that the software did not contain code that would have the affect of altering the result of the election. For example, checks were undertaken to ensure that no code had been included that would change the votes recorded by electors or would insert or substitute fraudulent votes, or would in any other way alter the election outcome. More information on auditing.

Election officials in electronic polling places account for barcodes in much the same way as they do for paper ballots. They provide records of barcodes issued, which are compared with the number of electronic votes cast.

Voter data on removable media is stored in sealed pouches for transport. Seals are placed on the pouches in the presence of scrutineers and removed in the same way, much in the way the seals on ballot boxes are used. Multiple copies of the data are made, which are transported separately to the counting centre. These multiple copies could be compared with one another to prove that no tampering had taken place.

Following the 2001 election the Commission surveyed a random sample of 95 batches of ballot papers, containing 4,640 ballot papers from the three electorates, and compared the written ballots with those that had been data entered. No data-entry errors were found. More information is in the Electronic voting and counting system review(pdf - 921 kb)

Systems Engineering & Software Engineering

[rwa2]

As someone who's studied both, it seems very strange how much they borrow from one another, and yet most practicioners I've met from each field has been thoroughly ignorant of the other.

From one side, Systems Engineering is quite an old field, mostly championed by the government itself to attach "best practice" management processes to increase the viability of major complex construction projects (since a lot of civil engineering projects were failing at the time). It's basically the simple process of structured decomposition of a complicated problem into a variety of simple ones: problem analysis, requirements, specifications, functional/structural decomposition, building & assembling components, verifying that your system meets the specifications/requirements, and finally validating whether your system actually solves the problem. As systems get more complex, doing all the bookkeeping to keep track of those handfuls of tasks becomes an information management project in and of itself.

Software engineering came along, and suddenly they were going through major SW projects in 1-2 year cycles, instead of 10-20 year cycles for bridges, dams, buildings, etc. Needless to say, the SW engineers gained experience in full life cycle systems engineering of projects much more quickly than most of the old traditional SE's could build in an entire lifetime. This was both good and bad... As you may well be familiar with, we've raised our SW engineers to enjoy reconstructing things on their own from scratch, and to be somewhat resistant to doing the research on how other related projects / fields have fared in the past. As a result, they've rediscovered many of the SE fundamentals on their own, but at the same time, we're going through the same mistakes that had caused massive project failures in the past to do so.

Re:Systems Engineering & Software Engineering

As a software and hardware engineer with wide experience I think I understand the principle you're talking about.

I think software engineers have a flippant attitude that comes from the nature of software. Mostly it is non critical. Stages of the lifecycle overlap and there is parallelism. In other words there is leeway and slack such that mistakes can be made and dynamically solved on the fly. Even the most formal practices usually permit some degree of incremental dev.

Civil engineering, govermental planning, military and the whole systems engineering mind you speak of differs not only in the timescale of lifecycle but in its intollerence to failure. Its basically brittle. Tracking moving targets over time like budgets, tech growth and so on is the least of the problems on a big timescale operation I think, fact is you may see a generation of employees/coders come and go, documentation has to be spot on, something I've had an insight into when on defence related ADA stuff.

I guess my point is that systems level thinkers need to lighten up. Things happen faster in the world and people need to be more tolerant of mistakes/bugs. If people would accept this culture government organisation could inherit so much good from software engineering principles. Some European countries like the Nederlands and Germany are quite good at this, testing experimental technology in small trials (one town or area), study, feedback/referena, and into the next cycle.

The problem is with something like a national voting system is people perceive it as ABSOLUTELY SAFETY CRITICAL. More so than if it directly controlled a nuclear arsenal. Although it metaphorically _does_ have that power and should be treated as a very serious project I dont think Diebold have exercised any good SE principles at all in this, the code is lame, the consultation and test looks scrimshankingly piss poor and theres a lot of 'funny' unanswered questions about the design. If I lived in America I would feel very let down.

My daughter's take, and my solution

[RealProgrammer]

Last night my daughter asked me whether we would have electronic voting. I said we would, but that there will be more controversy about it than we ever had about paper voting. She asked why.

I told her that computer people and academics have known for decades that the way to ensure the correctness of a process is not just to examine the input and output, but to let everyone see the inner workings of it.

That made sense to her. She's 15, headstrong, and as honest as a light switch. She asked how we can believe the voting machine company won't cheat unless we know how the machine works.

I also said the worst thing they'll try to do is to send the results over the Internet.

Then it occurred to me. They should send the results

• over the Internet
• And by telephone
• And by burning CD's and mailing them
• And by printing the individual ballots on paper, hand-tallying the votes, and carrying the results to Washington with briefcases handcuffed to little old ladies.

Overkill with quadruple checks, all of which have to agree.

Can we just get a cringley icon?

[Vaystrem]

I mean, since everything this man says warrants /.

A possible solution

[eean]

So each voter has a unique id, negating the possiblity of stuffing the 'recount ballot box'. The computer could encode everything in a bar code (id and votes), so re-counts could be done automatically in case the electronic system fails. And if /that/ system fails, the actual votes could be counted by hand easily, since it could be printed cleary on the card, perhaps in a system that makes hand counting easier.

One of the outputs should be declared the legally authoritative source, so it would make sense this would be the human-readable format that the voters themselves would be checking.

Another system would be to keep the unique ID thing, but to get another print out you would have to put the card through the shredder that recognized the ID. But really, thats not necesary.

Everything in the system should be open source as possible, from the video driver to user interface. so that groups like the EFF could check it out. The results could be stored on the machines themselves, sneaker-net could be used to bring the ballots in, perhaps encrypted by a private key unique to each voting machine. These encrypted results could be made available directly to interested parties, along with the public keys.

Instead of sneaker-net, each ballot box could run a server allowing any interested party to download the encrypted results. The problem with this is the possible security hazard of having the systems online at all, the advantage of the snearker-net is that it wouldn't have to have anything to do with the internet.

Another idea would be for every voter to have their own private key encoded on their voter registration card. The encrypted results could be made available using one of the methods above, public keys would be made available to the general public. This has the benefit of every citizen having a private key, which could be used for encypted online communication as well. Granted, if your the NSA this would be a disadvantage. The other problem is how the inital creation of the private key would take place. It would have to be done by some trusted party. Ideally, the voters themselves, though I'm not sure how that would work. Though really, at some point you have to trust your county clerks office, so they may as well do it.

Granted, lots of ways to do it. Not easy, but far from impossible.

Debunking Krugman's Voting Machine Column

[Nova+Express]

Here's an article by Donald Luskin debunking the Krugman column, mentioned at the top of Cringley's artilce, just as he's debunked a number of Krugman's other columns in the past.

Who votes doesn't count;who counts the votes does

[Simonetta]

It is becoming obvious that the 2004 US election has already been decided.

Bush will have been elected (not re-elected because he was appointed by the Supreme Count for his first term) by 51% to 49%.

The touchscreen voting machines have no paper record of the votes entered. They are made by a company that gave the maximum amount permitted to the Republican party. The CEO of the company is a conservative Republican. The Republican congressional representive in the district where the machines were tried in the 2002 election was elected by an 80% margin.

The software used to count the votes is closed and proprietary. Anyone who challenges it could be sent to prison for DMCA violations.

If the Soviets did this thirty years ago, the Republicans would jumping all over it as evidence of the total institutional corruption of the communist system. They aren't saying shit now.

I do encourage you to vote. It's a great habit that you don't want to get out of.

Just don't seriously expect it have any meaning.

Thank you,

Why a paper trail is really needed

[cait56]

You cannot provide a paper record to the voter, because it would undermine the ability to vote anonymously. An employer/union/church/spouse/etc. could demand it be provided as proof that you voted correctly, not just that you voted.

When ballots were entirely paper there was a practice called "chain balloting" where a loyal party member would take their ballot out of the polling place and allow their precint captain to fill it in correctly. The next loyal party member would then take that ballot in, place it in the box, and take their ballot back out to the precint captain...

It was an illegal practice

The real reason that a paper trail is needed is that unlike normal commercial transactions, a voter must be able to vote when they show up at the polling place. You can't give them a rain check 1 time in 1000, or even in 1 in 10,000 due to equipment failure.

If we have a voting system that is dependent on power, it won't be long before somebody deliberately triggers a power failure in the portion of the state that was going to vote the "wrong" way.

Re:Why a paper trail is really needed

[dkf]

You cannot provide a paper record to the voter, because it would undermine the ability to vote anonymously. An employer/union/church/spouse/etc. could demand it be provided as proof that you voted correctly, not just that you voted.

The way to work around this is to split the paper ballot into two parts. One, the main ballot, has a large high-quality random number on it as well as the vote indication. It does not hold the identity of the person who voted, and it is delivered into the ballot box. The other part contains the name of the person who voted and that magic random number, but not an indication of how the person voted; that indication is the only record kept of the association between name and number. Maybe the machines produce a tally themselves, but it is always possible to get the ballots from the boxes and count them by hand in front of witnesses from all the parties on the ballot.

If any voter has any reason to suspect that a machine has miscounted, they can demand a hand count and also see that their ballot was correctly in the box.

The mechanism isn't perfect (assault voter in secret after they leave, steal their receipt, and then demand a hand count so you can match the receipt) but I seriously doubt that you can get closer given that you need both auditing and security. (There's other tricks you can add like writing a cryptographic signature of the ballot on each main ballot, signed with the identity of the election officer(s) running the polling station, but that's countering against different kinds of problems.)

Re:Voting Errors Mostly Human

[thales]

"...if you were voting for the first guy on the list - who happened to be Bush. (No conspiracy about the design meant to be implied, it just worked out that way..."

It didn't just work out that way, it was required under Floridia Law. The Party that won the last election for Governor gets the number one ballot postion. A Republican won the last Governors's race so a Republican got the top spot on the next race. That WAS a conspiracy, but one by the Dems not the GOP The Dems passed the law when they controlled the state government to give Dems an edge in the next election.