Slashdot Mirror


Avi Rubin's Thoughts On e-Voting

nazarijo writes "Avi Rubin, a well regarded Johns Hopkins computer science professor and leading critic of e-voting, has written an account of his experience as an election judge on super tuesday. Maryland was experimenting with e-Voting machines. Rubin puts it this way, 'this was one of the most incredible days in my life.' He wrote his experiences immediately after the day was over, capturing his perspective on the subject. A very interesting read."

41 of 471 comments (clear)

  1. Great article, but beware the majority. by dada21 · · Score: 4, Insightful

    This is a great article. I don't like E-voting, but not because I fear of fraud or deceit -- I don't like the majority or the form of democracy our country has taken on in the last 100 years or so.

    Not wanting to troll or start an argument, I just wanted to remind people that this country was founded on a Constitution that should severely limit what the federal government can do. Some of the Constitution's protection of natural rights extends to limit the individual State powers as well.

    E-Voting is just one step towards "complete" democracy, where the majority makes all the rules. This frightens me more than I can explain on paper. The majority should never have any control over the minority (even over a minority of one) property rights or natural rights. If the majority ruled, 51% of the country can take away what 49% own. This is not America. This is not freedom.

    Democracy unrestrained will fold into some sort of socialism eventually, as we have seen in the past 100 years. We need to hit the brakes and return to a strong local government and a weak federal government, and we need to do it now.

    1. Re:Great article, but beware the majority. by duffbeer703 · · Score: 3, Insightful

      Fortunately, we have mechanisms in place, like the electoral college to prevent such tyranny of the majority out of the executive branch.

      Consider the 2000 election, where the overwhelming population of highly populous democratic states like California and the highly corrupt states like New York were not allowed to overwhelm the rest of America.

      IMHO, the worst alteration ever made to US government institutions was the direct election of Senators. Instead of the highly intellectual and conservative Senate that we had during the 18th and 19th Centuries, we are left with the political pit of the modern Senate, which was resulted in a exponential growth in the size and scope of Federal government.

      --
      Conformity is the jailer of freedom and enemy of growth. -JFK
    2. Re:Great article, but beware the majority. by Shakrai · · Score: 3, Insightful
      Fortunately, we have mechanisms in place, like the electoral college to prevent such tyranny of the majority out of the executive branch.

      Really? Is that why the executive branch is growing in power at the expense of the Judicial and Legislative branches? Is that why the Executive Branch seems to think that it go to war without permission from Congress even though the Constitution gives the sole authority to declare war to Congress? And before I get modded flamebait I'm not talking about George W. -- every US President since FDR has done this. Truman (D) and Ike (R) did it in Korea, JFK (D), LBJ (D) and Nixon (R) did it in Vietnam, Reagan (R) did it with Libya, Bush Sr. (R) did it with Iraq, Clinton (D) did it with Yugoslavia (not counting the little air strikes on Iraq, the Sudan and Afghanistan either) and Bush Jr. (R) did it with Afghanistan and Iraq.

      That's my pet peeve. If it's worth fighting for it's worth debating in Congress and the streets (if Congress is debating it then by definition the people are debating it). Anyone else notice that since we stopped declaring wars we stopped winning them? Have we had a cut-clear victory since WW2? Why didn't Bush ask for a declaration of war against the Taliban? He would have gotten it -- and the world would have known we were serious.

      That issue aside the Executive Branch continues to grow and usurp power from the rest of the Government. The larger picture has the Federal Government taking away rights and responsibilities from the states.

      IMHO, the worst alteration ever made to US government institutions was the direct election of Senators. Instead of the highly intellectual and conservative Senate that we had during the 18th and 19th Centuries, we are left with the political pit of the modern Senate, which was resulted in a exponential growth in the size and scope of Federal government.

      I'd tend to agree with that. I don't see it changing anytime soon though. John Q. Public is too ignorant to the fact that this nation was actually founded as a Republic. Most people don't understand why separation of power is a good thing. They probably couldn't even recite the preamble to the Constitution.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    3. Re:Great article, but beware the majority. by Eagle5596 · · Score: 4, Insightful

      Fortunately, we have mechanisms in place, like the electoral college to prevent such tyranny of the majority out of the executive branch.

      And if Gore had been elected over Bush, you'd be arguing for the abolishment of the electoral college.

      While allowing for the majority to vote on individual bills would be useless, when it comes to elected officials, majority rule is more than appropriate, it is necessary. The electoral college is a method of disenfranchisment for people who do not hold the same opinion as the majority of those living in their states. This problem becomes increasingly obvious for those that live near a state border between states with radically different political opinions.

      Consider an individual who voted Republican, and lived on the Washington side of the Washington - Idaho border. His vote is totally nullified by the electoral college, eliminating his opinion in the electoral college as Washington voted for Bush, yet were his voted counted a mile east, in Idaho, he would have been part of the Republican majority. The inverse also applies. The end result for the election was, even though Gore recieved .5% more of the popular vote than Bush, the oligarchical system of the electoral college swung the vote to be .9% in favor of Bush.

      This is disenfranchisment of the minority opinion in each state, and is as wrong as was taxation without representation. The reason that congress and the senate are so bad these days is not a result of direct election, but because they are the ones with the most cash for campaigning, and the toleration our country has of such abomiable practices as gerymandering.

    4. Re:Great article, but beware the majority. by Anonymous Coward · · Score: 3, Insightful

      "A witty saying proves nothing"
      - Voltaire

    5. Re:Great article, but beware the majority. by shystershep · · Score: 3, Insightful

      At the risk of being trolled, I'll respond. Do you have any idea what it takes to change the Constitution? I won't even get into your apparent belief that just mentioning God somehow violates a document written when religion wasn't a questions, but rather a simple a fact of life. To amend the Constitution, like the DOMA, takes a 2/3 majority of congress (house and senate each) just to begin the process. The president has no role, other than the obvous one of suggesting that his fellow party members follow along. Once the amendment gets a 2/3 majority in congress (or application by 2/3 of the states' legislatures), it's considered proposed. Once it's been proposed, a full 3/4 of the states must approve it.

      So that begs the question, how can a president who actually lost the popular vote, facing a very evenly divided country, push through an amendment? The answer is, he can't. It's a election year politics, pure and simple. Everybody that is not running around in circles, panicked, knows that it's not going to be ratified (including Bush & co.). It's a sop to the religious right, nothing more and nothing less.

      The PATRIOT Act is a hideous piece of legislation, but parts are already being attacked as unconstitutional. The DMCA, passed by the previous administration, probably violates the Constitution even worse (copyright is granted, and limited, in the body of the Constitution, while the Patriot Act violates 4th Amendment rights) and it too is being slowly picked apart by the courts.

      As for just ignoring the Constitution, or doing away with it, you probably aren't aware that anyone who takes an oath of office, including the military, swears an oath to defend and uphold the Constitution -- not the president or any other part of the government. No the Constitution can't defend itself, but with everyone and their grandmother watching, how is anyone going to tamper with it? It's not all powerful or foolproof, and people have been debating what it means since it was written, but at the same time it is a powerful shield. You're right in that it won't protect anyone if everyone just sits back and takes it for granted, but not everyone is. The kind of hysterical panic that the Left is in now is just like the hysterical panic the Right was in under the Clinton administration. Everyone runs around yelling that the sky is falling, with absolutely no sense of perspective.

      Read some history. Learn how things actually work. Then, if you still believe that everything is bad and the world is going to end, do something about it. Or, at the very least, you'll have some idea of what you're griping about, and make intelligent commments instead of ranting hysterically.

      --
      The bigotry of the nonbeliever is for me nearly as funny as the bigotry of the believer. - Albert Einstein
  2. Uh, no. by splortnik2003 · · Score: 3, Insightful

    It's entirely desirable to fit the tool to the task at hand. There's not the slightest reason some /.ers yapping away needs the same level of validation as a federal election.

  3. Vote Early, Vote Often. by blcamp · · Score: 4, Insightful


    The whole concept of Internet Voting frightens the hell out of me.

    The Internet has been around for what - 35 years now? And we *still* haven't solved e-mail spoofing and spam. Nor have we found a way to keep 5cr1p7 k1661e5 from busting into National Freaking Defense servers. How many times have we heard about Yet Another Batch Of Stolen Credit Card Numbers?

    Still, some folks think those little "speed bumps" shouldn't stop us from using the same technology to select the leader of the free world?

    Someone tell me this is just a bad dream. Please.

    I love technology. But not for this purpose. And certainly NOT NOW. Not yet...

    --
    The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
    1. Re:Vote Early, Vote Often. by wwest4 · · Score: 3, Insightful

      The article is about electronic balloting, not Internet voting.

      There's nothing terribly scary about the technology, but rather under what circumstances it is being deployed - the trust relationships are not properly arranged, because the system is closed and it is written and operated by a large corporation. Voters should not trust a corporation.

      Otherwise, I'd say electronic balloting has a potential to be more secure and accurate than mechanical machines and plain ballot boxes.
      The technology to do so exists now, it's just being employed poorly.

  4. Eye Candy Security by Lord+Grey · · Score: 5, Insightful
    I think this snippet from Avi's posting highlights something fairly important:
    In the beginning of the election, we printed a "zero tape" of each machine. I found this to be the kind of charade that a confidence man would play when performing some slight of hand. So, the machines printed each candidates name with a zero next to it. Somehow, that is supposed to mean that there are no votes counted on the machine? I don't know. I think I could write a five line computer program that would print the zero tally, and I don't see how that ties into the security of the election.
    The average person out there uses computers. They don't necessarily understand them. People tend to trust a computer's output if it matches their expectations. The "zero tape" is a great example of that, and Avi's subsequent comment about it being "eye candy" is spot-on.

    Unfortunately, it takes a technically-astute person to identify a potential security flaw like this. It also takes a technically-astute person to implement the flaw. To the average person, the whole situation seems alarmist. It's in the same category as astroids striking the earth: Sure, it could happen, but....

    Only after a failure of the e-voting system, a failure that's obvious enough for the average person to understand, will the public demand either better controls or removal of the system.

    --
    // Beyond Here Lie Dragons
  5. low-tech voting by SenorFluffyPants · · Score: 5, Insightful
    I was a site manager at the New Mexico caucus, and we used straightforward pen and paper. Reconciling was a simple affair at the end of the evening.

    Kucinich got one vote all day. That ballot somehow failed to get into the sealed envelope I returned to the party that night. All in all, 3 points:

    • low-tech voting works just fine and leaves an unmistakable trail
    • mistakes happen with any method, but are much easier to catch via low-tech means
    • Kucinich has been shorted one vote and it is my fault. Perhaps that one would have started the groundswell, but we will never know...

  6. Re:hmm... by orthogonal · · Score: 5, Insightful
    I'm sorry but who cares if this artical [sic] [by computer scientist and election judge Avi Rubin, questioning the trustworthiness of e-voting] got slashdoted [sic]...

    I'm going to guess that
    • you're not yet of voting age;
    • and that when you do reach voting age, you won't bother to exercise the franchise;
    • and that your voluntary departure from the voting pool will -- oddly enough and for different reasons -- likely be appreciated both by politicians hoping for more passive, indolent "sheeple" and by those of us citizens who work hard to ensure a representative and responsive government.


    But by then you'll probably have ended up joining the Army for lack of better prospects in Bush's economy, so that you can lay down your life ostensibly to protect democracy in Iraq, and surely to protect Halliburton's contracts there.

    While I'm sure that somewhere Mr. Jefferson is cringing at your example, please don't feel too bad: Fascists everywhere rely on people just like you; without you they'd never get beyond the Bier-Hall Putsch.
  7. Disasters waiting to happen... by dpbsmith · · Score: 5, Insightful

    eVoting on machines that do not produce auditable paper trails are disasters waiting to happen. As in many other intrinsically dangerous situations, years may, and probably will go by with no apparent problems.

    Our lives are full of protections that are seemingly "no needed." How often does an elevator cable actually break, for example? Does that mean we don't need overspeed brakes on elevators?
    Or inspectors to see whether the brakes are there and working?

    One little-noted contribution by Edward Teller was his almost single-handed insistence that civilian nuclear power plants be enclosed in containment buildings. This is particularly interesting because he was, of course, a strong advocate of nuclear power. And, of course, nuclear reactors are supposed to be safe in the first place, so why go to the huge expense of a containment building that isn't supposed to be needed? Then a Three Mile Island comes along, and we find out why.

    Black-box voting is a disaster waiting to happen. The disaster probably won't happen tomorrow, or this year. And when it does happen, it probably won't happen in a district with plenty of careful, well-trained, honest conscientious poll workers.

  8. Re:US citizen prefered party registration by gl4ss · · Score: 3, Insightful

    *If you don't like the idea of your party preference being on the rolls you just don't register for one. In my state there is a specific box on the form that says "Do not enroll in a party" -- there's also a separate box for the "Independence Party". If you don't want it to be on the rolls you just check off the "Do not enroll" box -- it's that simple.*

    however that(having an option for that) really goes against on why you have a closed ballot in the first place, to prevent people being intimitaded into voting someone they wouldn't(or at least prevent from voting someone) like to vote(by husband, wive, the mobster, boogie man or whoever..).

    not that I'm a big fan of a 2 party system with nearly identical parties(that work pretty much as a cartel..). Though maybe I'm just stupid as I don't really see the point in why goverment is paying for elections that are an internal issue of the party(deciding who they should back). Maybe that proves some continuity regardless of who wins(stagnation..)..

    --
    world was created 5 seconds before this post as it is.
  9. That man is a patriot by GuyZero · · Score: 5, Insightful

    OK,so I'm not American, but that guy is one hell of a great patriot. Amazing how many people hate the guy when he's out to defend America's #1 institution. Oh wait... democracy was replaced by "don't bug me about my quasi-legal business practices" a few years back. Right.

  10. Re:Typical Newspaper. by Anonymous Coward · · Score: 5, Insightful
    The question is not whether or not e-voting machines will prevent all fraud. The question is whether or not e-voting machines will be susceptable to less fraud than the paper ballots, and I think it is obvious that is the case.

    Not at all. The real question is whether or not the e-voting system will be a vehicle for widespread massive one-stop-shopping and completely untraceable fraud as opposed to the small-scale fraud that you seem to feel they will prevent.

  11. Re:Isn't It Ironic by SoTuA · · Score: 3, Insightful
    At least with paperless voting you need something more sofisticated and educated that a horde of gorillas that can barely read and write their names

    But when a bunch of gorillas steal a booth, you can SEE a booth is missing, you can see that a shitload of vote serial numbers aren't accounted for, etc. There is evidence, if not of who commited fraud, that fraud has indeed happened. With electronic stolen elections, it is much easier to cover tracks.

  12. are you a politician? by Provincialist · · Score: 5, Insightful
    Elections hold an enormous amount at stake - indeed, entire political careers - and thus the temptation for covert meddling is inevitable.

    If you think that careers are the most enormous stakes in an election, you're a little too close to the process for your own good. b-)

    kind regards,
    Jess

    --
    I am programmed for etiquette, not destruction!
  13. Re:US citizen preferred party registration by wolf- · · Score: 3, Insightful

    Except in the great, rebellious state of Georgia.
    A republican can walk into the primary, vote the democrat ticket, then in the fall can vote the Republican ticket.

    Allows all voters the opportunity to vote in November from the best offerings of the two major parties.

    Some folks on both sides switch hit to put up a weak candidate for the opposition. I prefer to do it so that I can have the best from the other side should my party not win.

    However, in THIS presidential primary, because a number of honest, highly qualified men did not even make it to "super Tuesday" on the Democratic ticket (Sorry, Joe, I'd have voted for you), there really was no reason to vote the blue ticket. Kerry seems to have things wrapped up. But the party bosses planned it that way. *sigh*

    But hey, we got to vote for the lesser of two evil flags in Georgia. Because, after all, FLAGS are so much more FREAKING IMPORTANT then law and order, corporate corruption investigations, and national security!

    --
    ----- LoboSoft specializes in Digital Language Lab
  14. Not problems in the US by edremy · · Score: 4, Insightful
    The issues you mention aren't really problems in the US.

    Large numbers of ballots and ballot boxes going missing would throw serious red flags- the local news would catch serious shenanigans. Ditto burning down warehouses. (And e-voting doesn't solve these problems either: simply disappear the smart cards or machines.)

    We already have very fast reporting, so the "Green" vote problem won't crop up either.

    Where the US has been vulnerable in the past is voter rolls (Just how many dead people voted for Kennedy in Chicago?) and direct manipulation of voters (How many minority voters were "discouraged" in Florida last election?) E-voting doesn't solve these problems either.

    --
    "Seven Deadly Sins? I thought it was a to-do list!"
  15. Re:E-Voting here to stay - stop fighting it by corebreech · · Score: 5, Insightful

    It is impossible to argue that moving to an electronic system is not inevitable, any more than it is possible to argue in favour of abandoning cell phones and reverting to tin cans and string, or abandoning email in favour of carrier pigeons.

    Impossible? To start with, we've already adopted cell phones, whereas we haven't yet truly embraced electronic voting. Moreover, cell phones don't present the kind of threat to our democracy electronic voting does.

    It has to be said, over and over again, that once we lose the right to vote, the only way to get it back will be through violence. So it's important that we do everything we can to see to it that the right isn't lost in the first place.

    With a corrupt incumbant, people could be intimidated into voting for them, out of fear that the government might quietly (or worse - aggressively) discriminate against anyone who voted for their opponent.

    I think that's ridiculous. People register in different political parties all the time, without ill effect.

    I would argue in fact that it is vital we publish the ballots that people cast. It is the only way to be certain that an election is on the level. The arguments we always hear against this doing this never stand up to scrutiny.

    The only people who benefit from the secret ballot are those who seek to game the election.

  16. Techno-solutions to problems by dpilot · · Score: 3, Insightful

    This story reminds me of an article I read (dead-tree) a while back on preventing terrorism.

    The article was critical about all of the techno-solutions for preventing terrorism, and very much in favor of the simple solution: Make sure you have good people in the right places keeping an eye on things.

    In a nutshell, Avi Rubin's article comes down to the very same thing. He had tremendous respect for and confidence in the people working at the election. He (still) had little respect for the techno-solution.

    Yesterday I voted using an optical scanner, which I never truly appreciated until reading all of the e-Voting flap. I've always appreciated the fact that I've always known at least one of the poll workers, and they knew me. After reading this article, I appreciate that fact even more.

    --
    The living have better things to do than to continue hating the dead.
  17. Re:Isn't It Ironic by roystgnr · · Score: 3, Insightful

    At least with paperless voting you need something more sofisticated and educated that a horde of gorillas that can barely read and write their names

    More sophisticated and educated, but less numerous. The problem with paperless voting as currently implemented is that to tamper with the results you don't need a "horde" of anyone; you just need one or two of those sophisticated people to get the right level of access and abuse it.

  18. Re:Typical Newspaper. by Paul+Crowley · · Score: 5, Insightful

    Your "obvious" impression is directly contrary to that of pretty much the entire computer security community. Read what Schneier has to say on the subject, for example - stealing a bunch of ballots is one thing, but silently altering the entire result of the election without having to expose yourself by moving a single physical ballot and while leaving absolutely no physical sign that anything might be amiss is quite another.

  19. Martyrs wanted by st0rmshad0w · · Score: 3, Insightful

    OK, I know these things are a bad idea, so do you. Sadly, the mass media and the general level of understanding among the population in general is not going to change what's happening at the moment.

    I fear that the only way any of the security concerns, raised by everyone from your slightly savvy Joe Sixpack to experts in the security field, will ever be addressed properly is to actually have someone go ahead and blatantly compromise some of these things.

    I'm not an advocate of election fraud or system cracking but there is probably no other way to get the messege thru the spin and media brainwashing to the general populous.

    I fear where all this will head. Anyone have an acounting of where all 32,000 keys are? Would having just one turn up missing be enough to invalidate an entire election? What was so bad about paper ballots anyway?

    Complicating matters to simplify a process is counter-productive.

  20. Homeland Security? by henryhbk · · Score: 5, Insightful
    It is interesting to me that we have decided to spend billions of dollars in securing federal and other governmental institutions from terrorist attack, and yet a vital institution of the government is left relatively unguarded. Although the paper system before can also be flawed (see Florida), in the post-9/11 era, where we willingly made air-travel painful, have metal detectors and ID checks in all governmental buildings, truck-barriers out front we entrust our governmental selection process to an unencrypted storage and encryption system. This is not to say the prior system could not be manipulated, and the massivel volume of paper information made a true recount virtually impossible, but making a printout means that an individual machine, or spot audits can look for tampering.

    Amusingly, as a physician, the rules for how I can transmit simple data require both a stricter level of paper-trail (I have to document in the medical record the consent of the patient to release records and where I sent them) and a stronger encryption (sending medical information via unsecured Fax or modem is against HIPPA rules) than people tolerate on their votes.

  21. Re:E-Voting here to stay - stop fighting it by dnoyeb · · Score: 4, Insightful

    I my by chance play craps at the craps table. But I will not waste time in any electronic gambling machine.

    I feel the same way about voting. Unless the code and the whole process is open sourced, as a transparent government should be, I will not support it no matter how secure they can prove it is.

  22. Free Software Voting? by Captain+Rotundo · · Score: 3, Insightful

    Why isn't there a project to create a Free Software electronic voting system that fixes all the Diebold issues? Seems to me we need an open system, visable source has proven to be far more secure than closed source, and it would be accountable to the public.

    Where are the people willing to start a company that produces an open product with the flaws fixed?

  23. Re:E-Voting here to stay - stop fighting it by Smitty825 · · Score: 4, Insightful

    Maybe you are just overthinking it...

    Why doesn't each machine print out who each person voted for? That way, a manual recount can occur, any counting errors in the software aren't a major issue, etc.

    To me at least, this is the most obvious solution

    --

    Doh!
  24. Re:Typical Newspaper. by Tackhead · · Score: 5, Insightful
    > Not at all. The real question is whether or not the e-voting system will be a vehicle for widespread massive one-stop-shopping and completely untraceable fraud as opposed to the small-scale fraud that you seem to feel they will prevent.

    Furthermore, small-scale fraud is pretty much guaranteed to cancel itself out. A corrupt Republican stuffs 20 dead peoples' ballots in one precinct, and a corrupt Democrat gets another 20 corpses to vote in the next precinct. Net effect: ZERO.

    Electronic voting practically guarantees that the corrupt side with the best crackers to win. The only proof of electoral fraud in an electronic system is likely to come in the form "A team of hackers for Our Guy knows it stuffed 100,000,000 ballots. We hired them and watched it happen, but the popular vote came out 101,000,000 to 99,000,000 in favor of Their Guy. Obviously, Their Guy also hired crackers to rig the election! We want a do-over!"

    Personally, I'm OK with a society in which the Side That Gains The Political Allegiance Of The Best Hackers gets to rule the world. I think a society in which the Democratic candidate campaigns on a platform "We'll execute all RIAA members in exchange for your help in rigging the vote", only to be countered with a Republican candidate running on "We'll execute all RIAA members, and because we're also pro-gun, we'll let you pull the trigger on them in exchange for your help in rigging the vote!" would be pretty fucking cool.

    Would it be a free society? Given the influence the techno-elite would have, it might be even more free than our present one. But I'd never pretend to call it a democratic one. I'm OK with that, because I happen to believe that democracy is overrated. The Constitution in its current form differs with me on that point. The one that governs the country in which I live says the society is supposed to be a representative republic in which the votes cast by the people for their representatives count.

    Because I also believe in the rule of law , and because that Constitution is the law, however cool a society ruled by h4x0rz might be, I must therefore oppose electronic voting. Pisses me off to be consistent in my beliefs sometimes, but there you go.

  25. Vulnerabilities by Todd+Knarr · · Score: 4, Insightful

    I'm not sure Prof. Rubin's right about the smart cards not being a big vulnerability. If someone manufactures altered cards it's easy to come in with one in your pocket, get a legit card, use the altered card to vote and return the legit card. You couldn't stuff the ballot box this way, but you could vote a different ballot than the one you were assigned. This would get caught when checking the voting machine's tally of ballot types against the number of each type issued, but there'd still be no way of correcting the results.

    The zero machine is the big problem. I think it's why Diebold makes such a big deal out of the security of the actual voting process: the zero machine makes the security of the voting itself irrelevant. That one machine tallies all votes, and it gets access to all of the PCMCIA cards that hold the tallies from the other machines. It's in a position to simply discard all the actual results and replace them with whatever it wants, and once it has there's no way to tell it's happened. I can think of several easy ways to keep that code undetected, too. Unverified code loaded at the last minute (after all the testing had been done) to fix a convenient bug, for example. Just disallowing updates won't stop me, though. Prof. Rubin mentioned using PIN 1111 during training but a different PIN when setting the machines up for an election. So, I put the result-replacement code into the zero machine before it's delivered to the state, but put in a check: if the PIN is 1111 then disable the replacement code, otherwise enable it. During training, during test elections, during everything that uses that special PIN 1111 the machine will behave exactly as if no malicious code was present. Set it up for a real election using a real PIN other than 1111, and suddenly code that's never been active before is active and waiting to force the results. Note that it doesn't have to be Diebold loading the code, anyone who can get enough access to the zero machine to load a program update into it could do this. Given Diebold's track record for doing on-the-sly updates to the code, I think there's a non-negligible chance of someone being able to slip their code into an update and have it go through even if we assume Diebold themselves wouldn't (and I'm far from willing to assume that).

    The big danger in my opinion isn't so much that this is possible, but that it's possible without leaving any evidence it's happened. The one thing paper ballots do well is give us an audit trail from the actual cast ballots all the way through the final results. The results can be altered, but it's very difficult to alter them while keeping the audit trail intact and consistent. It's not the electronic voting machines that are the major problem, it's the lack of a verifiable audit trail. With paper ballots you don't need to trust the counting process to verify whether the final results are correct. With the current electronic machines this isn't the case.

  26. Avi's honesty, analogies by MattW · · Score: 5, Insightful

    First, I'm impressed by Avi's candor. His admissions of his own error, his discussion of mitigation of some risks, and so on point to someone, I feel, who is trying their utmost to be forthright and thorough. By the same token, clearly these doing really lessen the great danger of an e-voting machine. We need to stop for a moment and consider the sinister possibilities. When, say, Microsoft buys Diebold, purportedly for technology or such, who's to say they're not buying themselves a congress that will outlaw open source? That's only the most mild of such scenarios.

    Second, I wonder if there's a sacraficial lamb out there who'd be willing to hack a Diebold box. If someone could successfully seriously skew the outcome such that people went, "Wait, that's *really* the result?" and then claim credit, that might be the death blow to unaudited evoting.

    Third, I'd like to simply point out an analogy that's appropriate when consider that e-voting on super tuesday was "successful". Windows works pretty well when you sit down and use it, most of the time. That doesn't mean it's secure - witness the rash of viruses as of late - and it doesn't mean it isn't *disastrous* when that insecurity is exploited.

    Thanks for doing what you can to keep the spotlight on this issue, Avi - America needs you.

  27. Re:E-Voting here to stay - stop fighting it by amplt1337 · · Score: 3, Insightful
    There should be no question in anyone's mind that electronic voting is the future. It is impossible to argue that moving to an electronic system is not inevitable, any more than it is possible to argue in favour of abandoning cell phones and reverting to tin cans and string, or abandoning email in favour of carrier pigeons.
    Restating your premise doesn't count as a supporting argument. Anyway, I personally would not send privileged and powerful information, such as my vote, via a medium like email that could easily be intercepted or forged.

    The benefits of electronic voting are obvious and numerous: real-time tallying, greater security (a staffer couriering a box of ballots could theoretically manipulate them, but a staffer transmitting an encrypted database is powerless to alter it), elimination of ambiguous selections (eg., "Hanging/Pregnant Chads"), less time required per voter, fewer staff required to manage an election, and less paper waste.
    Real-time tallying doesn't seem that important -- but perhaps it could be used as an election-protection measure, if every voter got a tally of the total votes after they'd voted. Tallies could be compared to ensure election integrity. As to your other points: there are other ways to eliminate ambiguous selections; staff requirements do not strike me as particularly significant; and paper waste isn't reduced by as much as you'd think. As to time spent voting, most of that time is spent reading the ballot and making a final decision, not physically coding the choices -- at least in my experience. I'll grant the rest. Mmm, skipping good points...

    The complete widespread adoption of electronic voting is inevitable.
    It is not a question of "if," but rather "when."
    To me the question is not "when," it is "how." Perhaps electronic voting is inevitable -- I don't see it having tremendous advantages over other systems, but given our fondness for gizmos it probably is inevitable. I have no real objection to electronics being used in voting -- provided they are used in a way that is secure and verifiably honest. I think we share this concern.
    --
    Freedom isn't free; its price is the well-being of others.
  28. Re:I would like a paper form system by Sique · · Score: 3, Insightful

    There is a counter example to the feasably of standard 8 1/2" by 11" ballots. In some states of Germany the elections to the local administrations (towns, counties, villages) use the so called "non genuine town part election" (unechte Teilortswahl). After reorganizing towns and villages and regrouping them to larger communities in the early 70ies the former villages got a fixed number of seats in the new town's councils. So the votes are counted in every former village separately to determine which candidates get sent to the town council. On the other hand the complete town council should represent the votes cast proportionally, so if one party wins more seats in the town council per winning them in the town parts than their quote is in the popular vote, then the other parties get a proportional number of seats in the now enlarged town council (those seats are called "Ueberhangmandate", roughly translated to surplus seats). (To make it more easy, groups that get less than 5% of the popular vote are ignored, except if they manage to get more than three direct seats).

    On the other hand the voters have so many votes as the orinigal town council has seats. The voter is allowed to put the votes freely on the ballots to whatever candidate she thinks they should go without respect to the party membership of the candidates. If she thinks a candidate should definitely get some votes, she can even cummulate more than one vote (mostly up to three) to a candidate (but then she has less votes left for other candidates). If she thinks that's too complicated she can also cast a single vote to a 'list', a group of candidates for a single party or political group. A list basicly consists of the nominates of a single party for all the seats in the town council.

    If she agrees with none of the candidates, she can also write the names of her own candidates in a free list.

    Because the parties and groups have to nominate candidates for every seat to allow this list voting, the ballots can get extremly large. There once was an election for a town council in Southwest Germany where the ballots were about 4ft by 3ft (DIN A0), because about 20 groups had sent in lists for the 40 seats of the council.

    After calculation all the proportions and giving underrepresented groups and lists the surplus seats the town council grew to 132 seats.

    Normally such a complicated way of voting would call for an electronic voting system. But nothing beats the opportunity for the electorate to come to the voting booths after the booths have closed for voting, and watch the voting staff crew to open the sealed boxes and count the votes manually. This is controlling the democratic process at its finest. The local voting result will be announced to the autitorium before the votes get sealed again in a box and sent to the central election offices. The so called preliminary voting result (vorlaeufiges amtliches Endergebnis) is determined by adding the local results, and then the central election offices open the sealed boxes and again count the votes while the electorate has the chance to watch.

    This is my greatest issue with electronic voting: You can't watch the count. From my experience nothing beats watching the count. In the former GDR (East Germany) the population knew the elections were rigged because enough people showed up at the election offices and watched the officials counting. Even though the people then only knew the local result, they could easily see the difference between the local result and the officially anounced one. If the official result announced for instance a 98,85 percent result for the ruling party in a town of 10,000 people, and you knew that your local office had counted at least 120 votes cast against them, then you saw the result being rigged. This showing up during the counting and collecting the results was done throughout the whole GDR in the last communal elections on May 6 1989, and the public uproar after the officially anounced result was contradicting the results the people were calculating themselves triggered the inner tensions the GDR didn't survived but for another half year.

    My lessons are: However you vote, whenever you vote: Make sure you are able to watch the count!

    --
    .sig: Sique *sigh*
  29. Re:Typical Newspaper. by SpaceLifeForm · · Score: 4, Insightful
    Furthermore, small-scale fraud is pretty much guaranteed to cancel itself out. A corrupt Republican stuffs 20 dead peoples' ballots in one precinct, and a corrupt Democrat gets another 20 corpses to vote in the next precinct. Net effect: ZERO.

    You're not thinking outside the box (the ballot box in this case).

    In your example, maybe it's a wash. But, at a larger level (states), it is *very* significant. Why? Because you don't really vote for President. And since two given states may not have the same number of electoral votes, a fix in one state that is balanced in another state does not wash out.

    So, a supposed 'small fraud' can actually have very large effects. See Florida.

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
  30. Re:E-Voting here to stay - stop fighting it by MindStalker · · Score: 4, Insightful

    You've obviously never lived in a small town. Or been part of a labor union. But there are plenty of people who would be professionally or physically damaged if their vote wasn't along the lines of what was expected of them. We are just lucky to live in a country were its not quite as obvious, probably because of the secrecy of our ballots.

  31. Why are we scared of eVoting? by dave420 · · Score: 3, Insightful
    If you read the comments here, you'll see recurring themes - "I'm scared of electronic voting" ... "it's the end of democracy!" ... "you insensitive clod!" ... etc. The real point here, is people aren't scared of electronic voting, but of closed-source electronic voting.

    Closed source is fine when all that's at risk is your shopping list, or what pr0n sites you view, but national elections are another thing. For this, the mechanism for voting has to be user-verifiable.

    Take a look at Brazil. 100% (I believe) electronic voting, using an OPEN SOURCE voting solution. There, if you have any doubts about the system, you just pull up the entire source code and look for the $republicans++ line or whatever.

    Electronic voting could be the best way to defend democracy, but it has to be achieved in a democratic fashion. It can't be controlled by someone looking to make money from it. There have to be NO conflicts of interest. Just a single conflict of interest and the whole integrity of the system comes into doubt, and therefor the outcome.

    Having electronic voting that's run by 3 companies spread across the US is a really, truly horrible idea. It puts the ballot paper in the pocket of the politician - surely exactly what it shouldn't be doing.

    I'm done ranting now. I want electronic voting to be global. I just want it to come from the people, not some guys in suits trying to get more money.

    If you can make sense of that, you're a better man than me :-P

  32. Vote buying or coercion by SpaceShaver · · Score: 3, Insightful

    One argument is that if you leave the polling place with something that shows how you voted then vote buying is more possible. Another is that you can be threatened or coerced.

  33. Re:anonymous receipts anyone by Catamaran · · Score: 3, Insightful

    The short answer is that it is probably illegal because it allows you to prove to a third party how you voted and thus violates the secret ballot principle. Read the intro to Secret Secret-Ballot Receipts and Transparent Integrity where he describes a different type of receipt.

    --
    Test 1 2 3 4
  34. Re:anonymous receipts anyone by travisd · · Score: 3, Insightful

    Think "$EMPLOYER says you're fired if you don't vote for $CANDIDATE and bring him the paper to prove it" or "hey, I'll give you $50 for every voting receipt proving a vote for $CANDIDATE"

  35. I fear he is not getting it... by dillon_rinker · · Score: 4, Insightful

    "I believe that if any voter somehow managed to vote multiple times, that it would be detected within an hour. I have no idea what we would do in that situation. In fact, I think we'd have a serious problem on our hands, but at least we would know it."

    Right. If I shot you through both your femoral arteries, you'd know within a second that you were bleeding to death. There's nothing you could do about it, but at least you'd know.

    In a close election, all you'd have to do is identify those precincts where your opponent had a strong lead. Find a way to screw up the vote on the Diebold machines. Demand that those votes be thrown out. Demand a recount. Sue all the way to SCOTUS if those votes are included. Lather, Rinse, Repeat. Watch the republic turn into an empire.