Slashdot Mirror
Cringley on E-voting
alfredo writes "I am shocked that this story from I Cringley hasn't been sent in and posted at Slashdot. I thought the slashdot crowd would be all over this. Robert X Cringley has a take on the voting scandal a bit different than what we have seen in the past, and promises more to come."
Simple way to make it secure... The electronic machine FILLS OUT A PIECE OF PAPER CORRECTLY AND COMPLETELY. The person INSPECTS this for correctness before making it his/her vote. -- E-voting keeps the democrat from crying "hanging chads, dimpled chads... RECOUNT, RECOUNT, RECOUNT!"
If anything encourages those 70-year-olds not to vote it's electronics. I think we should port this technology to the dmv, medicare, and the internet.
I can't imagine too many business owners liking those odds, but the picture does get darker. If 28 percent of software projects were complete successes in 2000, then 72 percent were at least partial failures. And in software, even partial failure generally means getting absolutely nothing for your money.
What does this mean? If you want a program that does X, Y and Z, and you get one that does X and Y, it could still be useful and worth the money you spend.
I think that when you look at lots of 'business' apps, all it has to do is get it close to right, it doesn't need to work 'perfectly' every time as long as it doesn't corrupt the data, and a lot of the QA work is simply mess with it until it gets stable, rather then having any kind of real proof that it works correctly.
That said, I think a lot of slashdot users, or at least me, noticed a lot of "hackwork" style coding with the Diebold voting system. Especially the use of Microsoft tools and MS access.
Its like they slathered together a bunch of components they already had, did a little debugging, and tried selling the the things.
What's frustrating about it is we all know that it's possible to do this simply, and well, but Diebold chose to do a crappy job and lie about it, rather then doing it right the first time.
autopr0n is like, down and stuff.
Australians designed a system two years ago that addressed and eased most of those concerns: They chose to make the software running their system completely open to public scrutiny.
Although a private Australian company designed the system, it was based on specifications set by independent election Hot Cocks, who posted the code on the Internet for all to see and evaluate. What's more, it was accomplished from concept to product in six months. It went through a trial run in a state election in 2001.
The whole system is open to public scrutiny - several people have reported bugs, including an academic. Nice contrast to the DMCA...
Another concern that I have is the desire of government to jump from the trailing edge of voting technology to the bleeding edge of voting technology. The Florida election results clearly showed the problems with punch card voting. However, many of these problems were due to poor ballot design, poor maintenance of voting equipment, or poor training or poll workers and voters. (A large number of hanging chad problems were caused by the simple failure to clean out the chads from previous elections.) Boston, Massachusetts switched from lever driven mechanical voting machines to paper ballots and optical scanners. There were problems with the transition, but most of the problems were procedural in nature and not technical in nature. The combination of paper ballots and optical scanning has a very good track record. The paper ballots provide a nice audit trail that can be used to verify the results of the optical scanning and computer tabulation.
I live in Somverille, Massachusetts where paper ballots and optical scanners have been used for years. The systems is backed up by experienced poll workers. I've never heard of any problem, let alone a serious problem, with this system as it is implemented in my city.
Congress should have proposed moving to the best voting technology available that has a proven track record. This would avoid the issue of bleeding edge technology that has an unproven track record. The biggest problem with computer based systems that have closed source code and no paper trail is the inability to properly inspect and test these systems to make sure that they are as good or better than the technology that they seek to replace.
If EVERY OTHER kind of machine you make includes an auditable paper trail, wouldn't it seem logical to include such a capability in the voting machines, too?
The reason why the voting machine doesn't produce an audit trail is that it's rather difficult to produce such an audit trail AND assure that votes cast will be anonymous. Elsewhere in the world people who voted for the "wrong" candidate faced retaliation, and the US voting system was set up to try and prevent that. Some systems that will "chop up" receipts have been proposed, but a failure in the mechanism might cause it to lose anonymity. I've proposed a method of having both audit and anonymity, but it's a bit on the complex side.
First, the reason there's no paper trail despite all of Diebold's other machines having a paper trail is that the Diebold voting machines aren't made by the same people. Diebold bought another company that was already making voting machines, and they haven't had anything like enough time to "merge" the two companies' engineering groups. You see this all the time in IT, some company (Cisco, for example) buys another company, and starts selling their product (the PIX, for example) with their name on it (so now it's the Cisco PIX), but it takes years to actually do more than piddle on it to make it smell like the parent company. Looking at the Cisco example, the PIX is still an odd-man-out product in the Cisco product line.
Second, it's not hard to produce an audit trail *and* assure the votes cast will be anonymous. You just have to make two decisions:
1. The auditable ballot is the real ballot.
2. The vote is complete when the auditable ballot is complete and saved, not when the "user-friendly" ballot is complete.
There's two basic ways of doing this.
One way is to make the touchscreen machines a more convenient way to generate your traditional ballots. That is, the touch screen produces a human-and-machine-readable form (OCR, punch card, whatever). You're taking advantage of the fact that the machine's card punch always punches clean through, that its printer always colors inside the lines, but no more than that.
The other is to let the user see the auditable ballot, but keep it inside the machine. Once it's printed, the user punches "VOTE" or "CANCEL" below the window, and the ballot is delivered (visibly) to the ballot box or the shredder.
Intermediate between these, have a printable ballot that's got a random machine-readable tag on it that the user can deliver into one of two slots, the ballot box or the shredder. After the machine has read the tag it verifies that the voter didn't just shred a blank piece of paper... but the tag is not stored after the ballot has been accepted and it's generated anew using an external entropy source (such as the timing of the voter's screen-taps or keystrokes) for each ballot, so there's no trail leading to the voter.
Any of these would work. The first one could be retrofitted to existing optical or punch card systems, which would allow for precincts to complete their votes even if their electronic machines are down.
The point is more than moot; I'm a software engineer and like most people here I love fixing problems with computers and electronics. But the important point here is that electronic voting is a solution to a problem which does not exist.
Having attended several election counts in the UK, I have to ask why you guys don't you do what we do - have the electorate mark their ballot papers as appropriate, and then count the votes BY HAND a a count session to which *all* of the candidates are invited ? This way all of the candidates can clearly observe the ballots being counted, and can quickly flag the official(s) in charge of the election if there's something fishy afoot. There's no room for any fiddling of the vote to take place, and thus no room for suspicion or paranoia. It's sane, understandable by the non-IT literate (in other words, the majority of the public) and there are NEVER any disputes about votes being counted wrongly. The views of all of the candidates are sought on the counting of erroneously marked or spoilt ballots.
Even better, since the votes are all simply deposited in a sealed box (opened after the count) parties who are particularly paranoid and suspicious about the count can put their own seal on the ballot box. That way they can be satisfied that no-one has attempted to interfere with the votesHow could this be achieved with electronic voting or even the existing mechanical mechanism in the US ?
Machine-based counting has only one benefit - the results are known more quickly. I doubt the election is cheaper to run, as the machines need to be maintained and the ballots specially printed to work with them. The worst problem with the whole caboodle is that neither the candidates nor the public can easily examine what the machines are doing while counting. In that respect electronic votes are *even worse* as you press a button and your vote disappears into a black electronic box - anything could happen to it, open source or not!
The single most important priority here is that the general public can see that their vote isn't being fiddled and have confidence in the democratic process. A regime where there is widespread discontent over the way the votes are counted isn't a democracy.
At least four things, actually:
Thing is, with the screwy layout you didn't have to carefully consider your vote if you were voting for the first guy on the list - who happened to be Bush. (No conspiracy about the design meant to be implied, it just worked out that way. Had it worked out with Gore in punch position 1, and a bunch of Bush votes being miscounted, I'm sure Democrats would be pointing fingers at "Republican voters who were too dumb to follow instruction" while Republicans would be crying for accessible voting.)
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
What is probably even more crucial is a discussion about voting being accessible and easy. What's amazed me in the post 2000 election discussion is how fast we've stopped talking about all of the voters who were disenfranchised by having huge difficulties getting to a working election center.
The underlying reason why all of use really want to see internet voting is because it would be easier for us to vote. We can pay all of our bills online. We can file our taxes online. Why can't we vote?
The reason is because it is a really difficult security problem to solve. I'm just amazed there isn't more discussion about how to solve that problem than the discussion talking about a poor implementation of the short-term, band-aid solution.
Specifically, I thought http://www.eucybervote.org/xootic2000.pdf has described a really good start to how to really solve the security problem.