Electronic Voting in the News

heymarcel writes "After a negative review of the Diebold voting machines by the State Gaming Control Board, it looks like Nevada has gone with a competitor for the upcoming election. And Secretary of State Dean Heller is requiring paper receipts. According to the Associated Press story, Nevada is the first state to do so." There's another story about Nevada voting machines as well. zapf writes "It appears that the major e-Voting machine vendors have banded together to form the 'Election Technology Council.'" Reader SemperUbi writes: "Demand for a voter-verified audit trail is really gaining momentum these days. The Voter Verification Act, introduced yesterday by Senator Bob Graham (D-Florida), would require a voter-verified paper audit trail, ban the use of 'undisclosed' software and wireless communications for voting machines, and require mandatory surprise recounts -- all in time for the November 2004 election. Rep. Holt's HR2239 in the House requires much the same thing. Resistance to both bills may focus on the aggressive timetable, but the effort is worth it -- as Warren Slocum once said, democracy ain't cheap. Take that, Diebold!" And finally, a Maryland newspaper dredges up an internal Diebold email that recommends gouging Maryland if the state wants paper printouts for its Diebold voting system.

The Lesser Evil?

[RobertB-DC]

According to news reports, a hacker broke into the Ohio company's servers using an employee's ID number and copied a 1.8-gigabyte file of company announcements, software bulletins and internal e-mails dating back to January 1999.

I'm sure the subject has been discussed before, but what if the original hacker is caught? It's clear that the information "stolen" is of critical importance in the debate over the trustworthiness of Diebold, and electronic voting in general. But will that hacker be able to use the importance of his/her discovery as a mitigating factor in court?

It seems like a parallel situation would be this: My neighbor has a tall fence, topped with electrified razor wire, plastered with "NO TRESPASSING" signs, and a tiger prowling the grounds for added security. I suspect that he is planning to commit a crime on his property -- say I've heard he's planning to kill his wife for the insurance money. If I ignore the signs, scale the wall, avoid the tiger, and take pictures of his detailed murder plans (which he conveniently leaves on his dining room table), I may prevent Ms. Neighbor's untimely demise.

Am I guilty of trespassing? And even if I am, was it worth it? I'd say yes -- I'd commit a small crime to prevent a much larger one. Was the Diebold hacker thinking along those lines? Or were they just out for a walk with the tiger?

Generic voting machines

Buying voting machines at $3,500 a pop is just plain silly. Why don't some of you code monkeys quickly gen up some software that will:
1. Interface a generic touch-screen monitor
2. Run on FreeDOS (linux is overkill for this one)
3. Allow the Supervisor of Elections to load a database with the election particulars
4. Allow any old cheap PC to read the election database and arbitrate an election via the touch-screen.
5. Print out a ballot which the voter then verifies and drops into a box for later counting by humans.
If all voting and counting are done at the precinct level, in public with witnesses, then it will be damn hard to cheat on the election. By the way, to those who cringe at the thought of counting all those votes, most precincts have no more than 3000 voters registered . . . and only half of them ever vote. The last Canadian Federal Election was counted in less than four hours. One other detail, give each voter a bar-coded tag when he checks in to vote. The tag is his ticket to drop one (1) ballot in the box.

Re:Vote logging

[dafoomie]

The problem with that is, you have a way to prove who you voted for outside of the voting station, so it makes bribery possible. What I'd do is have two counts, an electronic count, and a paper count. You make the selection on the screen, it prints the paper ballot, which you can verify is correct, then it is deposited into the box. The two counts are made, and if there is a discrepancy, the paper ballot can be hand counted.

Still don't really see the need

[Space+cowboy]

for electronic voting. Sure, it's "modern" to have a computer-driven thing, but the old-fashioned way seems to have far less problems in theory. I'll grant that the implementations have sometimes been poor (I now have a new phrase 'hanging chads', which sounds rather unfortunate), but if you're going to spend this much money, why not simply make a good implementation of a normal system ?

In the UK (about 1/6th the population stuffed into 1/50th the area, so our voter-density is far higher, and hence counts will be higher) there has never been much of a problem. Sure, it takes 12 hours or so for the tallies to come in from all around the country, but how else to deploy the 'swingometer' :-)

Simple system. Pencil. Anonymous paper. big dirty cross in the box for the candidate you want. Big separation between the candidates. 2 crosses or ambiguity means a spoiled vote (effectively "none of the above"). Count them all (done by volunteers) and you're done.

Sure, we get some recounts, but the system is so simple it's hard to justify flipping a vote from one candidate to another.

Just seems like it's a mountain out of a molehill ...

Simon. (dons flameproof suit :-)

Hasn't someone stepped up?

[msimm]

To code an OSS solution? Or someone at least funding an OSS voting system? Seems like there would be a lot of prestige, not to mention publicity. How about one of the colleges? It makes since to have big business in a lot of things, but not our ballot boxes.

Re:Who says geeks can't make a difference?

[belmolis]

I'm surprised that the response has been so tame, actually. Given what is in the leaked email, I would think that the jurisdictions that had dealt with Diebold would be suing for breach of contract, demanding their money back and terminating existing contracts. And I wonder if some of the activity disclosed doesn't warrant criminal charges. Isn't screwing around with what is supposed to be a frozen, certified system election fraud?

In a similar vein, is Maryland really locked in to its deal with Diebold the way the Diebold people seem to think it is? If the system was secured as advertised and if Diebold screwed around with it in Maryland as they apparently did in some places, I would think that Maryland could easily void the contract.

Re:Vote logging

[IthnkImParanoid]

The problem is not that someone is going to break into the database and look for your name, or use your name to find out how you voted. The problem is that someone is going to come over to your house, take your receipt, sit down with you, and see which way you voted.

We're talking about Mafia-like tactics here, not some 14 year old script kiddie invading your privacy.

Re:Source code to the people!

[barawn]

I find it appalling that the public is not allowed access to the source code to the software that runs these e-voting devices.

I find it appalling that there is software that runs these e-voting devices. You're talking about, in the simplest form, maybe what, a 4 state device? Why in the hell are they using an embedded system for something that would make a very good undergraduate EE project? C'mon, two flipflops and a bunch of EEPROMs containing pretty images would be good enough!

I don't want to check software code. That's stupid. More importantly, it is not possible, looking at the software code, to determine how the program would run. This is the Halting problem. You need to know the code, the compiler, the architecture, and the exact conditions at runtime in order to reconstruct its behavior.

Contrast that to a hardwired design, built on bare metal. There, you just need to publish the schematics, and *anyone* can *actually* figure out how it works, with no ambiguity.

That's the only way e-voting should work. No bugs, no problems, just hardware.

Re:Source code to the people!

[Jeppe+Salvesen]

If you have a paper trail, along with surprise reviews of the paper trails, you've cut costs and increased efficiency without compromising the integrity of the election.

I would rather have a closed-source voting machine with a paper trail than an open-source voting machine without a paper trail.

An open-source voting machine is best (I like OSS too), but if we concern ourselves with the integrity of the election, the above described measures are sufficient.

Until it is actually fixed, ...

[burgburgburg]

I'll stick with the paranoid world view.

Especially since I haven't heard one remotely reasonable explanation why companies (like Diebold) that make a large number of electronic transaction devices (ATMs, food/entry access, etc.) all of which have/require paper trails and full auditability suddenly found themselves incapable of providing paper trails and auditability to something as important and potentially controversial as elections.

When this is actually fixed, maybe I'll be less cynical. Maybe.

Re:Who says geeks can't make a difference?

[Fancia]

How about the many geeks who mirrored and attemped to publicize the leaked Diebold documents despite Deibold's attempts to stop it? I'd say that probably had a fair effect.

Re:Source code to the people!

[thrillseeker]

That's the only way e-voting should work. No bugs, no problems, just hardware.

How about this? The hardware is really simple - you have a piece or thin cardboard that has these spots that are easy to punch out - you provide a simple jig that lines this card up with a printed list of names - you take the simplest of tools - a sharp object - and poke a hole in the cardboard next to the name you want. When you're done, you look at the piece of cardboard and if it looks ok you put it into a box where another simple machine is used to count it.

Why, these actions are so simple I believe a monkey could do them, being simple tool users themselves. Anyone who can't probably shouldn't be casting a vote in the first place.

Re:Security is goes beyond the voting machines

[randall_burns]

Bzzt! Sorry, but I doubt a dead person will ever show up for an e-vote. The paper printout for use as a hard, long-term copy/record is secure. As secure as e-voting can possibly get.

A "dead" person votes by either:

1) falsification of of records(say by a corrupt county clerk)

2) someone showing up with the dead persons voter
registration card and using it(along with
supplementary ID).

3) in areas that use vote by mail, by diversion of the mail records

I don't see that e-voting solves any of these except to the extent it handles 1(but a corrupt county clerk can still issue invalid voter registration and absentee ballots).

If a "dead" person can vote via punch card ballot or any other paper type ballot, they can certainly vote just as well on an e-voting machine. You must actually USE the e-voting machine to get the printout.

That is kind of my point. The goal here is to have more accurate election-there are lots of different kinds of vote fraud-and you need to handle them all as a comprehensive package. I don't see that being done here.

We just need contrarian, iconoclastic politicians

[Cryofan]

like Dennis Kucinich, who really started the ball rolling on the Diebold situation by publishing links to the memos on his Congressional website.

You want democracy? Then vote for politicians who have made a career of fighting corporate power.....like Dennis Kucinich....