Slashdot Mirror
Maryland Electronic Voting Systems Found Vulnerable
snoitpo writes "My fine state (Maryland) has hired some people I can respect to hack into Diebold voting machines. The Washington Post (read it free for 2 weeks) has the details. From this story and the one on NPR, the state hired a company and set up a test voting precinct and had the group try whatever they could to break into the machines. Most of the attacks would probably be noticed by an even-half-awake poll staff, but some vulnerabilities were exposed. The net seems to be that you could really mess up individual machines, but the grail would be to get to the central collection servers and send a megavote to your favorite candidate. The last paragraph mentions problems that voting machines had in the last election in Virginia; it's interesting to note that those use wireless networking--my jaw has dropped onto my keyboard and I can't comment any further." Other readers sent in two stories in the Baltimore Sun (1, 2), and one in the NY Times.
At a minimum, electronic voting machines need to print out a paper receipt. That would allow a recount and increase accountability in the system. Without a paper receipt, you may not even be able to determine that an attack has occurred.
Bruce Schneier, author of Beyond Fear and the fantastic Applied Cryptography, has an old but good commentary on the some security issues of electronic voting machines in his Crypto-gram newsletter.
I'd like to take this opportunity to coin the phrase "War Voting". :)
"History doesn't repeat itself, but it does rhyme." Mark Twain
Just print out a freaking report of what was actually registered in the voting machines database. If it doesn't match up to what you input, get it fixed. Sheesh, how hard is that? Heat registered paper just like at the gas stations, it's almost free.
Paper receipts open the system up to vote-selling. Not good, and not allowed!
The voter might be able to see the paper (under glass), but that's about it.
J
Screw wireless (wtf are they thinking) voting.
If you want accountability, put in some form of VERY hard to break security and go with it.
Voter apathy is going to occur whether people can vote online or not.
This is a rehash of all the other Diebold crap down in Fla. Until it's secure, imo this is non-news.
Is it because it's in a different state? Or because it's an attempt at accountability?
Sent from your iPad.
if one could mess up one poll booth really easily what is the point of voting? hoping that your booth wasn't the unlucky one?
can we demand a vote recount BEFORE the election then?
Electronic counting is okay, but they need to be counting physical ballots, not bits. There needs to be a physical paper trail that leads back to clearly-marked ballots that indicate what the voters intended.
The phone-in system is also a bit nonsensical. Ideally, the local counts should be published in each locality as quickly as possible, so that news organizations can do the math on their own, and any error introduced at any step in the way would quickly be noticed when numbers that are supposed to be the same don't check.
Diebold seems to be in the business of selling solitions that are worse than the problems they claim to solve.
Electronic voting will not help if two candidates are neck and neck or the election becomes complicated in some other way. They also throw in a very significant variable: hackability.
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
Paper voting works very well here, we are very wired but we use paper to vote and if a recount must be made we recount the paper. Why so much money on computer systems? Computer systems are very hard to secure. Paper has already been secured.
Isn't this a perfect example of the benefits of open source? Yes, you can hire a team of hackers to attack a black box, but it's just an ad hoc approach, and tomorrow or next week or next year some other hacker will find another weakness that wasn't found in the first pass. Wouldn't you end up with a much more secure system if you could openly and systematically apply those same efforts to reviewing the code inside that black box?
Thinking outside my Head
Great idea... cover the locks with tamper tape. So rather than rigging the election outright by going to the trouble and difficulty of changing the votes on the server, etc., criminals can do it by disqualifying voting machines by breaking the tape, disenfranchising thousands of voters at a time.
(Can they cover the software issues with tamper tape, too? That might be helpful.)
-Trick
There is a bill before the Maryland State House that would require a voter verifiable paper trail on all electronic voting machines in the state of maryland. The bill also calls for a random sampling of the paper ballots to ensure that the electronic count has not been tampered with. House Bill 53 was just read into the ways and means committee two weeks ago but with the release of the reports I hope there it can gain more support and pass the house.
Zambozay! My brain must've been eatin' a sandwich!
I don't understand why voting machines are being introduced in the first place. Is it just the stupid perception that "if it's automated, it must be better"? In fact, by introducing machines, you're just introducing a hell of a lot more problems, and possible failure points, as well as making the whole process more opaque.
In the Canadian federal elections, IIRC, as well as the Ontario provincial elections, voting and counting is still done by hand. At every stage a paper record is created, so that if any irregularities are suspected, the whole process can be audited. I believe such an inquiry was undertaken in Quebec after some tricky vote counting in Quebec after the last referendum.
What's going to happen? We'll elect someone who didn't get the most legitimate votes...?
wait..
Why not just do it all in the old fashion?
It has been mentioned before, and judging from these stories it seems as if there are NO pros at all from electronic voting.
Pen, paper, and someone to count it (volunteers from the various parties) nothing else.
That and a remaking of the election system in the US case, whats up with Bush winning anyway...
" Removable memory cards inside the machine can be tampered with if a lock is picked or if one of thousands of keys is stolen." - From the Article
If I could pick the lock or steal a key to the paper ballot box, I could tamper with the votes too.
...it's just that older systems were less open to one weakness making a massive difference to the outcome.
Even electronic banking (trusted by the masses) isn't utterly secure - just look at all the e-mail scams purporting to be a bank asking to confirm details (social hacking, if you like).
Unfortunately there will always be those in society that wish to cheat and are willing to invest the time, money and effort to do it.
biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
Sorry, it's taken. "War voting" already means casting a vote for W.
My home and native land,
We use a simple paper ballot,
That all can understand.
Can't think of anything else to add to that comment.
"If you want to vote for Candidate A, you throw a pine cone in this box. If you want to vote for Candidate B you throw a birch branch in this box. After a while though, the boxes get pretty heavy and weigh a couple of kilometers."
paper = ballot , ballot is folded and goes in locked ballot box to be available if recount or audit is needed.
;-)
Paper ballots and ballot boxes are used around the world. I am sure that American voters could cope with the inconvenience of being able to check that what they inputted was what got registered. (... and therefore no danger of vote selling, or at least no printed receipt to present for payment
I've finally got around to changing my sig
I RTFA. But regardless of how poor this "AccuVote" implementation is, electronic voting can work -- and will prevail, if technophobic feelings are kept at bay. All it takes is some smarter dude to do the development.
The reasoning is simple:
ATMs exist.
Quem a paca cara compra, paca cara pagará.
From the second Baltimore article:
... system? The answer is yes."
Western Maryland Republican Del. LeRoy E. Myers Jr. said he thinks many of the threats Wertheimer outlined are too complicated to carry out.
"If this were Halloween, you'd be scaring us all to death," Myers said. "I think we're kind of overreacting. Isn't this a much more sophisticated
I'm sorry, but did Mr. Myers just issue a challenge? Didn't he just say "Bring 'em on!" to a bunch of hackers?
And Maryland elects Gary Coleman in 3... 2... 1...
Washington Post, NPR, NY Times... All so-called "liberal" media outlets, huh? Any news about this in the Washington Journal or Fox News? Doubt it, cause we all know who Diebold's friends with...
Who's looking out for you?
+1 Insightful, -1 Troll. What can I say, I'm an Insightful Troll.
Receipts are vital!!!
A polling district with roughly 300,000 people had over 17,000 ballots disqualified, due to alleged double punching by the voters.
The percentage is way over the top... Independent researchers went door to door, and could find only 7 people who said they may have double punched.
The NYTimes article mentioned in passing the work started Bev Harris, as described in her book ,and said that "Diebold stated that the code used by the researchers, which had been taken from a company Internet site and circulated online...". What actually happened is that supposedly private code, which no one should have been able to get to, was left in a wide open FTP server. And these are the guys we're supposed to trust with our elections. At this point I can't figure out whether Diebold's lack of security is due to malice or incompetance.
I am officially gone from
"That's Unpossible!" --bonus Karma points for whoever can guess where that quote is from.
"Klaatu, verada, necktie!" -Ash
It seems now that Maryland is finally catching on, too.
"Teleporting Rodents with D-Cell Battery Displacement" theory -- IgnoramusMaximus (692000)
Internet voting system for overseas Americans is vulnerable, security experts say - and their comments extend to a scathing debunking of *all* internet voting methods.
A slightly older, but very thorough, article by Scott Granneman entitled the Electronic Voting Debacle.
Oh, and I can't leave without mentioning the essential Black Box Voting site...
[posted as an AC as I don't want to whore the karma]
I worked for a nameless financial institution. We had a certain number of Diebold Windows XP ATM's. 100% got infected with a virus that exploited a well-known vulnerability. We demanded Diebold agree to forfeit admin control of the systems or patch them within a short window of patch release.
Their response: "We'll put firewall software on the machines."
Since the contract was already signed we had no leverage and that ended up being the solution. Nice, eh?
akad0nric0
This sentence no verb.
I heard the NPR story on yesterday's ATC and was struck by the reporter's failure to ask some hard questions. For instance, there was a statement by a Diebold spokesdrone to the effect that "we fix any security issues that we think could be a problem." There was no followup regarding earlier reports of a Diebold built-in backdoor to the systems "for maintainence purposes.' A back-door which, IIRC, required no password or user id to gain access to the server's databases.
Also, there was no discussion of the debate between those of us that believe that the e-voting systems should be required to use Open Source software vs. folks at Diebold and other vendors, who foist off the "trust us, we know what we're doing" line on the public. There was no real discussion of the effect that questionable e-voting results could have on the American political system. There was also no mention of the fact that Diebold's president is involved with raising money for the G.W. Bush re-election campaign and has pledged, IIRC, "to do everything I can to deliver the vote to George Bush." All in all I'm afraid that NPR really dropped the ball on this particular issue.
Just my $.02,
Ron
Impeach Barack Obama for violating the Constitutional requirement to be a "natural born" citizen to hold the office of P
Suppose I know the tendency of a district and I would rather that districts results are lost. Examples of activity to interfere would include:
- Cutting Power
- Electromagnetic Interference (burst device wiping out memory cards)
- Knocking out wireless infrastructure (cell towers, radio repeaters, whatever they use)
Some folks would say that we are overreacting and that all of these criminal activities have current-day equivalents. But without a paper-trail you only need to wipe one memory card remotely to kill hundreds of votes before they are sent to the server.Come play Moral Decay!
I'm one of the people who did this and you should take a look at the acutal report before you start ranting.
We witness not a fallen world, but falling every day - The Call.
Linda H. Lamone, the administrator of the Maryland State Board of elections, said that the group had produced "a very good report," and that the state would take its recommendations seriously.
Still, she noted that tampering with voting equipment is a felony. "I'm not sure how many people would be willing to get a felony conviction and risk going to jail over an election," she said. Citing the problem of easily opened locks on the machines, she said an attempt to unlock a machine "would be very unlikely to succeed, because it would have to occur in a public place."
This woman should be fired from her job. She basically states that because some act would be a crime that no one would do it!!!
Did that stop Richard Nixon?
Did that stop whoever blew valerie Plame's cover?
Did that stop the authors of MyDoom from writing the virus?
Did that stop all the people in the US who committed crimes last year?
Did that stop Ken Lay and the fine folk at Enron?
Did that stop Halliburton from overcharging the Army?
What a fucking joke. It could have been a Microsoft security advisory for all the good it will do.
My premontion: There will be massive irregularities in the 2004 elections and guess who will win again?
Considering there's a vulnerability in almost anything (and just a matter of time before someone finds it), I think at *this* point in time it is a very bad idea to make something as important as VOTING something we can do online.
The last thing we need is a botched up election with later claims that the system was found vulnerable, etc..
It's handy, no doubt, but maybe we should wait a bit...
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
"Talking to Americans" my friend. See what happens when we make that mistake? You get laughed at.
Let the governments buy the machines, and then hack them so Mickey Mouse (or some other fictional character) wins the presidental election in a landslide. Prove beyond a doubt to even the dullest mind that these machines are flawed in ways that can not be easily fixed.
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
I really don't get it. Why are people so hard for getting the frickin' election results the night of the election? What is the rush? Why not do it the old fashioned way... paper ballots, counted by hand, by a team of old ladies. So we get the results a week after the fact. So what? Again, what is the big rush? I say, chill out, and do it by hand, with paper and pencil.
One more thing. Where are these people from, who authorized computerized voting. Have these people never used a computer before? Have they never lost their work due to a system problem? I can only assume that they don't give a damn about election integrity, and that is telling.
Mod down people who tell people how to mod in their sigs
http://www.wired.com/news/business/0,1367,62109
Furthermore, it is probably the tech-savvy people who will be most reluctant to use these machines. They're the ones who know what's at stake...and why.
People say I'm crazy, I got diamonds on the soles of my shoes...
Despite all the issues with online voting and such, wouldn't it be great if we could do it.
Some design notes:
1) Show ballot
2) Detect OS
3) If OS = Windows Then check browser settings
4) if settings are all default then output in font size 42, red: Are you sure you want to cast your vote for $selPresCandidate
5) email the user and ask them to open an attachment to verify their vote (from address suitably screwy)
6) if they open the attachment, put the same message up again, make it flash, and add little text at the bottom explaining the dangers of their idiocy both in voting and opening unknown attachments
Tada, now that should cover about 49 of the states that don't have consistent voting issues...
Whee signature.
Mainly because of my concern about the electronic
voting machines, I've volunteered to be an
election judge in Maryland this year, to see the
system from the "inside". A few things I've
learned about the Diebold machines:
- Each machine as two locked compartments: one
for the printer and one for the two PCMCIA
slots.
- One key opens both panels on all the machines
in at least my county. I don't know if other
county's machines are keyed differently.
- It's just a simple pin-tumbler lock, not any
type of high-security (ex: Medeco) lock.
- The printer is used to record the vote totals
for each machine, so at least theoretically
it is possible to audit the votes from the
point they leave the individual polling
stations.
- In my county, nothing is being done wirelessly,
though the votes are being transmitted over the
phone lines.
Most simple cash registers have TWO paper receipts - One that gets handed to the customer and one that stays in the machine.
I dont think anything less would be safe.
William A. Arbaugh, an assistant professor of computer science at the University of Maryland and a member of the Red Team exercise, said, "I can say with confidence that nobody looked at the system with an eye to security who understands security."
Mr. Wertheimer said the application of security was inconsistent, with encryption applied in some places without the accompanying technology of authentication to ensure that the machines that are communicating with each other are the ones that are supposed to be communicating and that an interloper has not jumped in. "It's like washing your face and drying it with a dirty towel," he said.
Whenever I hear about the latest and greatest electronic voting scheme, it gives me pause to wonder who is behind this.
Mechanical voting machines have proved effective and relatively reliable for many, many years. I've heard the claim that the company that once manufactured them has gone out of business and that spare parts are no longer available. I say, BUNK. Given the amount of money that will undoubtedly be spent on engineering incredibly vulnerable systems which will be obsolete in a few years as compared to the previous systems which worked fine for a few decades, it would be a trivial task to have new parts designed and produced for the older machines.
Whose boondogle is the whole idea of electronic voting?
Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
Prof. Doug Jones at the University of Iowa has a great list of papers about electronic voting flaws.
One attack considers a evil OS coporation having the API hijack certain things that should be displayed...thus even fooling the voting software.
"I don't disagree with what they say -- they're the experts," Lamone said after the Senate hearing. But, she added, "I think it's a very good system."
Did she twirl her hair in her fingers and chew bubblegum when she made that last statement?
(Washington Post article)
People say I'm crazy, I got diamonds on the soles of my shoes...
http://www.capc.umd.edu/rpts/MD_EVoteEval.pdf
Que Deus te de em dobro o que me desejas
[May God give you double that which you wish for me]
...The net seems to be that you could really mess up individual machines, but the grail would be to get to the central collection servers and send a megavote to your favorite candidate...
I'm much more worried about the people already in power or who want to be in power screwing with the election than I am about "hacker" vulnerabilities.
When a vote is submitted, the "owner" of the vote *must* be given a receipt, with a randomly generated serial number, showing how his or her vote was logged.
..." there is no reason for an ideologically driven fanatic not to use the electronic device as a means to tamper the voting process toward his personal ends.
Immediately after the election, the election board must publish how each vote was counted, listed alphabetically by their serial number. Each owner can then confirm that his or her vote, known only to him or her by the random serial number, was not tampered.
Without a serialized receipt, whereby a voter can certify later in court if necessary : "This is how I voted
In addition, without publication, via internet and public libraries, of each serialized vote, there is no way to affirm a necessary public confidence in the cummulative tally of the votes.
Without both of the above, serial numbered receipt and republication of each vote by serial number, there is no reason to vote, if electronic devices are to appear anywhere in the chain of custody of the voting process. In that case, electronic devices in the chain of custody of the voting process become a veil, behind which economically insane ideologs and fanatics will congregate.
...we will never have the perfect voting system. If these electronic voting systems prove to be worse than the infamous punch-card ballots (which is what people seem to be suggesting) then electronic voting may have defeated its purpose. Maybe we should stick to the kind of ballots we have where I live in Iowa: you mark the ballot with a marker, and it gets read by computer, much like standardized tests do. It's reasonably accurate and can be counted by hand if needed, and is not so prone to hacking. P.S. - sorry if I submitted an empty comment earlier - my mistake
hacking into the voting computers. It's the insiders with an agenda that I am concerned about. The ONLY way to get around this is with a voter-verifiable paper trail AND taking the vote counting away from corporations that create the machines and putting the counting where it belongs: citizen groups.
Diebold and ALL the other commercial vote machine vendors are heavy Republican donors and, particularly in the case of Diebold, run by individuals devoted to getting Republicans elected and Bush elected (I can't say "re-elected" as he didn't get elected in the first place). THESE criminals have the means and motive to taint the vote...in secret! They are in control of the machines and the vote tallies. They cannot be trusted, given how openly partisan they are.
It is NOT the random outside hacker we need to worry about that much (sure, protect against it), it is the machine makers and vote counters themselves that have to be protected against. Ask yourself this: Why is it that EVERY vendor of voting machines are so adamantly opposed to any paper trail possibility? Why are they so strenous in their arguments against it? Because it would queer their ability to tamper with the vote tallies.
Voter-verifiable paper trail. It's the only way to be sure.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
Because an electronic voting system without a paper trail makes it easier for the Republicans to steal the elections. Why argue over chads and dimples when you can just say "computers never make mistakes"?
Is it any surprise that the biggest supporters of electronic voting are Republicans, and that the biggest providers of electronic voting machines are major donors to the GOP?
--R.J.
Electric-Escape.net
keira knightley is cheap... much hotter women out there, even here on slashdot.
Hence the quotes around the quote. You could just as easily say Rick stole it from the guy who write the joke for him. But he didn't steal it. It's all public domain, so enjoy. Or congratulate us Canadians for legalizing staplers.
Most ATMs contain IBM's super-whiz-bang secure processor (or an equivalent device certified to FIPS 140 per NIST,) complete with multiple levels of physical tamper detection. The action of opening the chassis - by an administrator or anyone else - should have immediately zeroized the keys stored internally. That's a pretty basic security element. Of course, it sounds like Diebold's position is "you're not supposed to do that." Note to Diebold - the bad guys don't play by your steenking rules. They're a lot smarter and more determined than you think. They probably won't attack a single machine in a public polling forum. I'd bet the aggregation server is a much more lucrative target. Better be prepared for "man in the middle" attacks.
Now my thinking is, "Hell, let's see how bad it really can get"!! That'll give those pot-smoking hippy America-hating pinko traitors something to really whine about!!!!!
was in August when we really need the fanning:t e.zhtml?ti cker=DBD&script=410&layout=-6&item_id=4897 44
http://www.corporate-ir.net/ireye/ir_si
MOD PARENT UP -- 100% CORRECT
Seems to me if you address the security issues, the paper trail can be eliminated if a dual-phase auto-log of EVERY session on the voting machines would save some trees and provide the auditability sorely needed. No voting machine should be implemented that cannot be traced. Diebold's 'We cannot answer how the results were reached' is unacceptable. Use a high-quality, high-security database, have 2 separate auto logs of the voters transactions (selected 'Pat Buchanan', sobered up, selected 'Anyone but him') should be tracked, along with machine ID, card ID, GPS position, date/time, voter ID. I do not give a RFA (rat's f***ing ass) about elephant or ass - every president in my life time has been a giant CF. Last election proved people are too dumb to figure out paper voting. That's why McDonalds uses food pictures for their register jockeys.
Would using a wire make the transmissions inherently more secure? Barring wierd quantum devices, of course not. VPN-over-WiFi is exactly comparable to VPN-over-wire. You have to assume that your physical media will be compromised when you design these networks.
Dewey, what part of this looks like authorities should be involved?
How do you spell Maryland in hackerese? m@r\/l@nd.... hell, I don't know.
I mean, we remember what happened a while back right? If I recall there were a number of security related risks regarding customer information... or did they release that information on a voluenteer basis?
if not the whole voting enchilada, at least a tamper-proof voting solution, which seems to be the the primary weakness of digital computers.
who knows? It might just take a result of "George Bush: 99.9%, xyz 33.5%, 105% of precincts reporting, 803 million registered voteres" for people to wake up and realize that there is a problem here.
That explains the Democratic ticket this year.
Hmmmmpppfff.
What's so hard about SSL that they can't use it between the voting machine and the master voting server? This needs to be in place, and as long as it is, whether any part of the link is wireless shouldn't make any difference from a security standpoint. AFAIK, this also resolves the issue of authentication.
Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
Manage to locally infect one voting machine with a worm. Then when it dials in directly to the main server, it can infect the server, which can then infect any other voting machines that connect to it. Then have the worms DDOS the main servers. Then wipe the results from the memory cards. Fun for everyone. Since most, if not all of the machines run Windows, how hard can it be.
If you mod me down, I shall become less powerful than you could possibly imagine.
Would you like to steal an election? Here's a quick survey of how to do it. I'm absolutely serious: I've been involved in political campaigns for years, and have held elected public office. And one of the reasons I'm no longer actively involved in party politics (per se) is that I caught one of my committee people doing some of the shenanigans I mention below.
First--don't waste your time trying to cheat inside the polling place.
You would think the obvious place to steal votes would be in the voting booth, right? After all, bank robbers rob banks--so election crooks would gravitate toward polling places. Right?
Wrong. The place to steal elections is in absentee ballots.
Absentee ballots: the mother lode of vote fraud
Let's suppose that you learn that you've been scheduled for a trip out of state that will keep you from voting. You can call your county courthouse and ask for an absentee ballot application. They'll send you a form, which you fill out and return, and then you'll get an absentee ballot in the mail. You fill out the ballot and send it back to the courthouse by the due date--congratulations! You have voted absentee, and your vote has made the nation stronger. In a perfect world, that's how absentee ballots are supposed to work.
Over the past twenty or twenty-five years the absentee ballot process has, um, changed. In a blowout absentee ballots are meaningless--but in a closely-contested race a handful of absentee ballots can be the difference between a "moral" victory and the real thing. (As a college student I functioned as an "absentee ballot captain"--identifying college students in the Philadelphia area who lived in the 10th congressional district in Illinois. I got them registered to vote at home, and made sure they voted absentee. I put in scores of hours of work--and turned in something like a dozen votes. In 1978 we lost the election by 6 votes--in a special election in 1979 we won by something like 120.) As the value of absentee ballots has become more apparent, people have started to cheat. (The rules for absentee ballots, and the opportunity to cheat, really expanded dramatically with the "Motor Voter" bills that got jammed through state legislatures in the early 1990s.)
How to steal absentee ballots
The simplest way to steal absentee votes is to work your way through nursing homes. The ideal method is to have a dedicated party worker who is a resident of the nursing home--but you can also send in a "volunteer." Nursing homes love volunteers who come to visit--so it's easy to plant somebody. However you do it, your party worker announces that she (or he) wants to help everybody participate in the election. Nothing wrong with that, right? So she distributes voter registration cards (perhaps with your party already checked), and promises to make sure that all the cards get turned in to the courthouse. When election time rolls around, she points out that senior citizens can get absentee ballots without question, and without anything like a doctor's note. All you have to do is ask. So Helpful Sally signs up everybody for absentee ballots. And since the absentee ballot is a bit confusing, Helpful Sally helps everybody fill out their ballot. As a general rule, Helpful Sally is going to get in trouble if she tries to buffalo people into voting for her candidate for governor--but practically nobody knows the names and/or positions of candidates for judge, for district magistrate, for local races--even for state legislative positions. All Helpful Sally has to do is say, "if you don't know the candidates, just leave the ballot blank." Oh, how helpful Sally really is. And to be really helpful, Helpful Sally offers to save the voter the cost of the stamp: she'll take the ballot to the courthouse herself, so your vote won't get lost in the mail.
Once the ballot is done, Helpful Sally can do two things. If the voter picked the wrong office, Helpful Sally can simply "lose" the ballot. Unless the senior citiz
Pulling out wires? Just what wires come out of the bottom of these computers and how hard would it be to insert a dongle between the computer and server? It sounds fairly trivial to hack the hardware stream, then, and cause every, say, second vote to be automatically cast in a particular way.
Which is, of course, why a user verifiable paper trail is required.
Maybe instead of putting fully networked machines in front of the voter, we should look at this a different way:
1) Start with each machine being configured to run stand-alone.
2) The voter places their votes, and is issued a paper reciept containing who you voted for, and what booth you used (perhaps a machine readable only side to give to the attendant, and a human readable side that you keep, for privacy) with their entries encoded into a bar code of sorts, as well as being recorded locally.
3) They bring the reciept to the person administrating the voting at that location, who takes their reciept and runs it though a reader which tabulates the votes for the whole voting session.
In the end those results are tallied against the individual voting booths, and as well as having a paper trail to fall back on, and it prevents someone in the booth from being able to do any more damage than corrupt whatever was done on their machine. And if the attendant tries anything with his machine, the count between the different booths will also be thrown off, and it would be very difficult (never say impossible) to destroy reciepts for one specific person because of the encoding.
Throw strong encryption and a minimal and hardened OS into the mix, and it might actually be reliable.
cragen
The most frustrating part is that my county already had perfectly good voting machines: paper-based scantron-type forms where you mark the appropriate rectangle and a simple scanner tabulates the results. Effective, verifiable, well-understood, and relatively inexpensive. In other words, the complete opposite of what the state just bought for us.
--Approve Approval Voting Now!
In my state the polling staff is wide awake, but half dead. They are almost entirely over 65 and slow. It's probably the bored people waiting in long lanes that would see anything amiss. The staff are still trying to figure out how alphabetical order works so they can find a name without searching the entire voter rolls.
As a longtime Maryland voter, in my observations this situation has far outstripped the technical problems with the Diebold systems. The problems have been well documented--from the issues in California, to testimony of various experts before our own state legislature, and now another group of experts. We've had secret e-mails exposed, we've had experts from Johns Hopkins (Maryland's academic Holy of Holies), and ample warnings from all manner of well qualified individuals. Now people from the NSA (Maryland's second governmental Holy of Holies, next after Social Security) have weighed in.
What does all this tell us? Well, I think anybody with a modicum of sense can see that the Diebold system is badly flawed. The Baltimore Sun has spelled it out in words that even non-technical people can understand.
What we have here is an elections board made up of political hacks, all trying to cover their individual and collective arses so they can continue to feed at the government trough. They made an ill-considered and ill-advised purchase of these machines, and they'll stop at nothing to excuse themselves and to see that we're forced to vote under the ridiculous circumstances they've imposed on us. Trying to make logical sense of what they say is an exercise in futility.
Didn't somebody once say that the OSI model had an eighth layer--the political layer? Well, fellow Marylanders and assorted interested parties, that's where we're functioning now. The merits (and lack of merits) of the Diebold system are a moot point, and I fully expect to be voting on one in November.
I have to echo a question asked by someone else: What is/was wrong with the voting machines we used for so many years?
Anne
DUCT TAPE: The Election Supervisors' Secret Weapon
Anybody know what OS these things use?
You can count that against the blacks in Florida who were incorrectly placed on a felons list, and denied their right to vote. They were able to get things corrected - after the polls were closed.
I was unaware of any university ringers. Can you quantify it? The disenfranchised blacks ran in the hundreds to low thousands.
Vote tampering is wrong, no matter who does it.
For that matter Gerrymandering is wrong, no matter who does it. IMHO, they should take voting districts and settle on a simple perimeter/area ratio. Too high, and it's back to the drawing board - for either side.
It would seem yet again that a cowardly moderator with an opinion contrary to mine chose to anonymously label me a Troll instead of debating me and proving me wrong, almost as if to say "I know you're right, but I can't admit it, so instead I'll silence your opinion by moderating you down."
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
From the old software deployment methodology, why can we have the computer stations that work on the Operation (that childrens game) model. After you punch down your punch is counted in the computer and you still have your card. Spend a few years counting both and see how that works out. By then should be on version 3 or so and service pack 5.
It's insiders we should be most concerned with, especially patronage twits like this Linda H. Lamone who has already shown herself either unqualified for her position, already bribed, or, most probably, both.
Why is everyone so concerned with fraud in the voting machines? The real fraud is in voter registration and ID. Who gives a shit that someone can rig the machine to vote twice in one session, when the busload of 16 year old kids can vote four or five times in one day. Haven't y'all ever heard of the "Graveyard Vote?" And don't tell me that they check ID, I've been a poll watcher in several elections. No one checks ID. Hell, some states don't even require it.
"In two hearings, a consultant assured lawmakers the machines would be "worthy of voter trust" in the March 2 primary, but outlined physical weaknesses and electronic vulnerabilities that would allow a determined hacker to corrupt or destroy election results."
These two statements would seem to contradict each other.
Maybe we crackers should take this as a once-in-a-lifetimne opportunity to rescue this country from the radical right.
If the ballots were limited to a few items, I would agree with you. The problem is that the number of items on many ballots is huge. That is why the Canadian system would not work very well in the United States.
Mea navis aericumbens anguillis abundat
Here's the problem with that - and it goes back to the other issue of letting you take a completed ballot out of the polling place with you - it lets you prove to someone that you voted a certain way. This then leads to people being asked to prove to someone (their boss, church leader, local block bully, etc.) that they voted for candidate X and facing reprisals (or at least, deep suspicion) if they cannot prove that they voted the "correct" way. I'd love it if somehow the state could prove to the public after an election that each of their votes was correctly counted, but I don't know how that's possible to do without creating the situation where someone is able to prove to another party that they voted a certain way.
Also, I'll note that your system provides no way for the public to know that, say, 10% of the numbers on that list (all with votes recorded for candidate X) are made up out of thin air and don't actually represent votes legitimately cast on election day.
I wish there were some way I could take a number home with me after voting that would let me verify how my vote was counted after the election.
;-)
I am picturing the government publishing a DVD of election results that anyone can buy after the election. You can use the number on your receipt, together with the DVD, to verify how your vote was counted.
I realize some care had to be taken to avoid compulsary vote selling schemes.
Let's say my boss says I have to vote for X, and I have to give him a voting receipt proving I voted for X, or he will fire me after the DVD comes out.
When I vote, I vote for Y and get a receipt. Then I ask for another receipt that says I voted for X, and I give that one to my boss.
In other words, the machine lets me print phony receipts and true receipts and I am the only one who knows which is the real receipt.
Why is this useful? Well, everyone would be able to verify how their own vote was counted. Let's say a large election is hacked by the forces of evil and 100000 votes are changed. Let's say one in ten people bother to check their vote. Then there are 10,000 people who know their votes were changed.
I think that would be a useful check and could avoid the vote buying problem. Well, if you could work out the bugs, that is
You're confusing NPF with Journalism. An easy enough mistake to make when they bandy about the term "news" so often...
Perhaps the hackers were respectable, finding the clearly serious flaws. But at least one decision maker still seems to have reached the wrong conclusions:
It's apparently "impossible" to put some of the recommendations in place in time, but they're sticking with the system. How do they add a paper trail without patches of some kind, assuming they don't just make everyone vote twice?
"I don't disagree with what they say -- they're the experts," Lamone said after the Senate hearing. But, she added, "I think it's a very good system."
And how do they put "tamper tape" on a phone number whose answering system the consultant says is "easily" breakable and can't be patched in time?
Their higher priority appears to be that the Diebold systems will fly in March, not that they will use a trustworthy system.
We had them too, moron. Florida...2000... you can remember back that far can't you?
There are many problems with the voting system that is now in use here in Virginia. I am an Election Officer for the Commonwealth of Virginia, hence I am writing as an AC.
I have talked releatedly to the officers in the electoral board here in my county to convince them of the error they have made with deploying the WinVOTE machines. The problems that I have observed during the machines' deployment in this past November's election were the following:
1) There is no screen or curtain to prevent other voters, precinct party observers, and election officers from watching you make your vote. Even if the person observing is far across the room, it is easy to tell which part of the touch screen the voter has selected to press hence you know who/what they voted for. Party observers could stand in the polling place and gather this data and relay it to their own organization. If the party observer is familiar with the people in the precinct they will be able to target a voter, since they know how they vote, for strong arming etc. This problem is the worst of all the problems with the new system and the easiest to correct.
2) There is no paper reciept of the vote made. I am not an advocate for a reciept being printed for the voter to take with him/her, since this will invite logistical problems if the machine fails and people wat to revote. What needs to happen is an internal paper tally needs to be kept as people vote, in case the machine dies and is not recoverable. This paper trail can also be used for later verification etc.
3) The wireless technology should be disabled.
4) Use open source software. This is the one that will most likely be impossible to have changed. In 10 years or so, when these machines age out this will be possible, but this county and many others have already bought the machines, we're basically stuck with them.
Here, north of the 49th, we use paper ballots. All candidates names and party affiliations for a particular riding (electoral zone for those not familiar with Canadian terminology) are rpinted on the ballot. There is an empty square next to each candidate's name. Using a pen, you mark an X inside the box next to the name of the candidate of your choice. At the end of the day, scrutineers from each party count the ballots, and report the results to the returning officer for the voting station. If there is a dispute, they count them again. Finally, the returning officer may also count if the dispute is not resolved. Now, we have several time zones here, last polls closing 8pm Pacific. The results of an entire federal election are known by 11PM Pacific that day. Robert Cringely actually wrote an article on our elections here. He seemed to like it, and proposed using it in the US. I do believe his article was slashdotted as well. It is simple, straightforward, and idiot proof. Unlike electronic voting seems to be. Amazing what you can still do with a simple slip of paper.
No, we DON'T need paper trails or receipts or anything like that. There is absolutely no sense in using a backup that is guaranteed to be wrong.
No, there is NO problem with using a wireless network; if a vulnerablility is created just because it happens to be wireless then you have bigger problems to deal with.
All that is needed is a good implementation of public key and a very small amount of thought as to where an individual vote needs to be guaranteed accurate.
It's perfectly feasible to create an all electronic system that's perfectly accurate, nearly hackproof, massively verifyable, and almost instantly countable. It's a problem a high schooler could lay the foundation for.
So why are we wasting our time with the trash presented so far? Because the states haven't been asking the providers to go through the extra trouble. Let them take the easy way out and of course they will.
But get off this nonsense about paper trails, receipts, and outrage over wireless.
A voter is given a random card with a unique id on it.
They take this and feed it to a machine.
They proceed to vote and the tally is stored electronically and physically on the paper.
At the end of the session the computer shows the logged results that the person matches, clicking "OK" each time the result on the card matches the result stored electronically.
They then take the card to an attendant who places it into box, the attendant uses a clicker to tally the cards they placed in the box, the box also keeps a count for each card that is passed in.
In the end the results are tallied electronically. If the time comes for a recount we have the exact number of votes cast (electronically, by clicker count, by box count, and by physical paper count), that would effectivly eliminate a good amount of fraud (as far as "lost" votes). Then the actual paper results can be counted and compared to the electronic count.
If there are discrepencies I would say the effects should be extreme, such as a re-vote in the affected area or some other measure equally as drastic.
If we did that results should not be real time, we shouldn't who leads and where they lead. We should figure out where there are problems, correct the problem areas and then decide who is the winner...
Doesn't seem to be all that hard really.
Any thoughts?
Every controlled system is vulnerable. For each (usable) system there is a threshold of security. If a determined enough party exists, it can and will compromise the security.
If a hypothetical 100% secure system may be controlled by even 1 human, the interested party will compromise this person's integrity.
An ancient workaround is to have systems rely on the input of many people (2 lock safes, numerous people present at the election locations etc.) as at one point it becomes too difficult to compromise enough people and keep it secret.
The paper based voting has been tested in the last few decades and has proven satisfactory.
So, if the goal is controlled and successful election process, the answer is clear.
But is this what the rattle is all about?
Here are a few "benefits" from radically changing the technology:
- votes will be counted faster
- a sihtload of money will be made by private manufacturers and empowered individuals may get a big kickback
- a closed source solution may provide some individuals with power to anonymously abuse the system
I, personally am OK with waiting a few days longer.
This reminds me of a bumper sticker I keep seeing on cars saying "War is not the answer!" Actually, war is exactly the answer... To a different goal set.
Please write in Al Sharpton for President!!! Finally the techies will run the world!
In science, all good measurements come with error bars. Why can't we count votes the same way? It should be possible to predict the margin of error in hand counted votes, punchcard votes, scantron votes, and so on. If the results of the election are decideded by a gap less than twice the error, everyone votes again.
Better yet, why not switch to a voting system that isn't broken? The "one person one vote" system forces strategic voting instead of preference voting. Don't vote for the third party candidate or you throw your vote away, even though you really wanted them. Preference voting allows you to rank the candidates in order of preference. If your 1st choice is at the bottom of the heap and there's no winner, your vote is moved to the next person on your list.
We don't do this, or any other system that takes more time because democracy is a spectator sport. More people watch election coverage than vote. It's like the superbowl. You don't know who will win so it's exciting. The "experts" argue, but you get to see one of them proved wrong. The vague notion that the outcome will impact your life just adds to the drama.
Use the Firehose to mod down Second Life stories!
It also seems to suggest that purging of voter registration lists is a corrupt idea, when in fact a quick search of the news reveals that many precincts in the U.S. are struggling with problems of convited felons or dead people voting.
The 2000 elections in Florida deserve a thoughtful, informed examination, while this book seems to provide more of a frenzied, mis-informed opinion.
--Chouser
"To stay young requires unceasing cultivation of the ability to unlearn old falsehoods." -LL
The problem with paper voting wasn't the counting system, but the innacurate/non standardized methods of presenting the cadidates, and making people put a hole through a piece of paper paper. Instead, let voters select their candidates on screen, have the ballot be printed (maybe with a barcode!) and have them hand it in to the moderators. It solves the problem of clarity/standardization, and you're not doing electronic tabulation.
Electronic voting is ill-fated on many levels. If you have the time please, PLEASE listen to "The Annoying Gap Between Theory and Practice" audio found here. Just do a search for "The Annoying Gap Between Theory and Practice" in the search window in the left column. It fills many gaps as far as understanding the fundamental "problems" with e-voting, and it's quite an eye opener. Good luck.
"The greatest obstacle to discovery is not ignorance - it is the illusion of knowledge." - Daniel Boorstin
Here we hire based on any criteria of our choosing because we have freedom to do this. We can hire on religion, or appearance, or work ethic, even professional demeanor. My employer however is unconcerned with this because there are far, far more programmers in Tirupathi than there are jobs, so he is mainly concerned with finding the most best programmers who will work the hardest and code the smartest. However at our prices since only Indians like myself can compete, it makes sense for us to have a professional web site as we are a group.
Government doesn't seem to care, Diebold doesn't care, but wouldn't the American people notice if, say, they go into the voting booth to do their democratic duty and find the latest slashdot poll instead?
Google for "Clinton military strike", or "Clinton military invasion". Amazing how much blood the peace-loving Democrats have on their hands, isn't it? Notice the lead articles about near-unanimous support for limited strikes into Iraq? Planned invasions of Haiti, Iraq, Afghanistan. Failure to pursue bin Laden. Bombing a pharmeceutical plant. Kosovo.
No, nothing that compares in scale to what Bush has gotten us into. Just the random, half-hearted slaughter of thousands of people across the world by an amoral leader terminally afraid of comitting himself to anything that might bring criticism his way.
"Great men are not always wise: neither do the aged understand judgement." Job 32:9
From Diebold's press release : "Today, the Maryland Department of Legislative Services, based on the analysis by RABA Technologies, concludes that the March primary election can be held successfully without any changes to the Diebold Election Systems software."
From the Washington Post Article: "Linda H. Lamone, the administrator of the Maryland State Board of Elections, assured lawmakers that the board would comply with many of the recommendations but said that some of them would be impossible to put in place before the primary."
I know who I believe.
Actually, voters in Oregon are required to sign the envelope before they put it in the mail. While it's not foolproof, it's obvious if every ballot has been signed by the same person.
Nathan
What do we do if the Tamper tape gets ripped? So you mean if I am a poll worker who tends to vote for party A, and I know that I work in a precinct that predominately favors party B, All I have to do is wait until no one is looking, (except people who I like or can pay off) and rip that tamper tape slightly. Bingo! I have just disenfranchised hundreds of voters, a majority of whom voted in a way that I don't approve. Good Idea, tamper tape. They didn't think that one through very carefully did they?
Stop Continental Drift! Reunite Gondwanaland!
Think about how you vote already. At my polling place, I fill out what amounts to a Scantron form and feed it into a machine. The machine goes beep, a counter increments, and I'm left with a little torn-off strip of paper that says "you voted." And that's it. There's no paper record of who I voted for. There never has been, and that's on purpose.
Imagine how your vote might be influenced if you knew you had to walk home from your polling place past a bunch of thugs who would demand to see your voting receipt -- "correct" choices implied -- and weren't going to take no for an answer. That's why there's no visual confirmation.
I understand some of the hubbub over "electronic voting," and some of it I don't understand. I mean, in my district we have electronic voting right now. Would it be significantly harder to rig a Scantron machine than to rig a computerized voting machine? I don't know. I guess that's the point of these studies. But I can't believe there's no way to implement a new ballot-taking UI without compromising the entire voting process that's gone on for 200 years.
How about this: You show up at your polling place. You're given a two-part card, perforated; one with the voting receipt on it (same as with the Scantron) and the other with a barcode on it. You go to your computer terminal. You feed it your barcode. You punch in your votes. It beeps. You get up, and you go to another machine at the same polling place. You feed it your barcode. At this point, it pulls up the choices you just voted for from whatever database, and re-presents them to you. This is to confirm that your choices were stored in whatever database properly. You can't change them at this point. You can only confirm or deny the whole ballot. If you abort it, you'll need to talk to your polling place staff about getting a new ballot. If you confirm, you're done and off you go. If you do neither, the ballot is invalid. Once you confirm or deny, the barcode is invalid, and nobody can see your choice again.
Breakfast served all day!
We don't have to worry about hanging chads. We just put a goddamned X in the box. How fucking complicated does this election shit need to be??
Do daemons dream of electric sleep()?
How about print a paper receipt and feed that receipt into another counter. The tallies from both systems should be separate and could be compared, any fraud would be obvious. Two separate systems that can be compared. the receipts remain at the booth and are available for recount and verification if necessary.
Of course a completely online system would be preferable so people could vote more often on more issues and have more say.
i read many of the posts here about disrupting the process, or tampering with votes between submission and counting.
my question is: suppose someone DOES manage to wipe out or tamper a bunch of votes, and the volunteers realize it. would the county actually admit they just lost 10,000, 20k, 30k votes by accident? there's no way you could sue the county, so all these folks would be denied their constitutional rights with no way for recourse.
in the neon of agrajag:
be afraid, be very afraid...
https://www.accountkiller.com/removal-requested
I don't think the grandparent had any idea that this was the case. None at all. Not any chance whatsoever, really. No, seriously. (Okay, was it obvious enough that time?)
Have you been touched by his noodly appendage?
Al Gore?
Eloi are stupid, throw morlocks at them!
NO NO NO! You got the message all wrong!
Maryland officals did not what to know
if they're e-voting system was a bust,
but how to bust the system for the next
election.
Maryland is the NAZI State of the US!
They depend on $$$ payout from George
Bush to maintain their bogus State
Captial Operations, ergo the pension
program for Top state employees, state
funded sex parties in France, and
loading the GOP coffers in Huston.
Want to live in a 1970's Eastern Block
Communist Country? Then move to
Maryland!
If the DOD's Thermo Nuclear Warheads are
targeted at Moscow, then I'd say "Wait!
Target Maryland! Blow the Boozos to
Kingdom Cum!"
Ha!
Of course voting machines are vulnerable. They were designed by Diebold that way, so Bush can once again steal an election.
With no audit, no paper trail, and no accountability, it'll be a cake walk. Of course if they get exposed, they say "We didn't know" and then put the decision into the hands of the Supreme Court of Kangaroos and you know how that story goes.
The 2000 election controversy has nothing to do with the popular vote. Officially, electors of the electoral college go to congress and cast their votes. Whoever gets the most votes from the electors becomes President. Note that the electors are free to vote for anyone they want (although they will have to answer to their constituents afterwards).
It is up to the states to determine who the electors for their electoral votes will be. I believe all of the states currently choose electors this way: the party for each candidate selects a bunch of people (one person for each electoral vote) to act as electors. If the candidate gets the most votes, then that candidate's electors are registered with congress. When it finally comes time to vote, the electors go to congress and cast their ballots.
As Anonymous Coward pointed out, the controversy in the 2000 election occurred because the Supreme Court interfered with Florida's right to choose its electors (ironically, the same justices who constantly harp about states' rights ruled opposite of their usual manner in this case). While seven of the nine justices agreed that Gore could not pick and choose which counties to count votes in, the justices were sharply split on how to deal with the issue. Four of them ruled that the case should go back to Florida to let the state decide how to remedy the issue. The other five ruled that the state didn't have time to remedy the issue so they would have to stick with the previous count.
It is worth noting that there are actually two deadlines for electors to register with congress. The preferred deadline was one or two days after the Supreme Court ruling. If a state registers it's electors by the preferred deadline, congress has to let them vote. The second deadline was about two months later. If a state registers its electors after the preferred deadline, congress could hold a vote to decide if they would refuse to let the electors vote. Again, whether or not to register its electors by the preferred deadline was an issue for the state to decide (all indications were that Florida law would have permitted waiting).
It's worth noting that Bush appointed two of those justices' children to positions in the executive branch. On June 1, 2001, Bush appointed Janet Rehnquist, U.S. Chief Justice William H. Rehnquist's daughter, to be inspector general of the Department of Health and Human Services. Earlier, he appointed Eugene Scalia, son of Justice Antonin Scalia, to the top position for the US Department of Labor. Also, Scalia was recently seen duck hunting with Cheney. Rhenquist and Scalia (both strong supporters of states' rights) voted in Bush's favor in Gore v. Bush.
No-one Votes No errors can be Made.. Simple!
But really it would seem all of these companies trying to make "Secure" Evoting work are ignoring the most simplistic rules of security. If you Plug it in It becomes Vulnerable.. Simple There is Absolutly nothing you can do about that.. After you Break that rule the only thing you can do is minimize Risk of security of being breached.
1) Do not use anything/platform that there is an abundant amount of information on in the public domain.
2) Secure All Documenation related to structure and operability of your product.
So far from what I have seen everyone involved in Evoting systems scores a 0 so far. I am no genius but these concepts are very simple and are being overlooked. Just starting from that and having a very good set of programmers that have a good historical background in programming secure systems would lead you off into a great start.
Who needs WiFi when we can have Packet Over Sheep! http://datacomm.org/PoS-InternetDraft.txt
Here is a link to the actual report.
It simply doens't matter who, what, when, where, or HOW you vote. If you control the people/machine *COUNTING* the votes, you control the election. So just STFU about the paper receipt and using an optical scanner, etc. Hell it doesn't matter if they were all counted by hand - your count is still just added to the totals on the state board's computer. The problem is still on the final tabulating computer. An insider controls your vote - you don't.
I am very concerned about the trend to using e-voting in this country. It seems to me that it is way too easy to hack something like that with no way to trace what happened. I would like to suggest the following solution (perhaps someone else has already thought of this, but I don't know why no one seems to be talking about it). It uses standard, off the shelf hardware, relatively simple software that does not have to be proprietary, and guarantees a paper trail. Please let me know what you think and if you think it's a good idea, lets try to push for its adoption.
Voting would be a 2 part process.
Part 1 would involve printing of the ballot. The voter would go to a booth with a touchscreen where he/she would choose candidates from a menu corresponding to the choices in that particular election district. After the voter has chosen, he/she would push the print button and a ballot would be printed on standard 8.5 x 11 paper with the appropriate boxes checked. Included on the ballot would be a bar code indicating the voter's choices. If the voter makes a mistake or changes his/her mind, a new ballot could be printed and the old one discarded. This part could even be done at home.
Part 2 - The voter takes the paper ballot and deposits it in a ballot box. There would need to be security measures to ensure that a voter only places one ballot in the box at a time, but this should not be hard to do. At the end of the day, all the ballots would be fed through a bar code reader and tabulated. Ballots would be kept for verification purposes. If need be, they could be rescanned, or if someone suspects foul play with the bar codes, they could be hand counted.
That's it. It would be cheap, efficient, and many companies could produce the software (or it could be open source). And the whole process would be transparent and auditable. Let me know what you think.
YHL. HAND.