Slashdot Mirror


Avi Rubin's Thoughts On e-Voting

nazarijo writes "Avi Rubin, a well regarded Johns Hopkins computer science professor and leading critic of e-voting, has written an account of his experience as an election judge on super tuesday. Maryland was experimenting with e-Voting machines. Rubin puts it this way, 'this was one of the most incredible days in my life.' He wrote his experiences immediately after the day was over, capturing his perspective on the subject. A very interesting read."

22 of 471 comments (clear)

  1. Great article, but beware the majority. by dada21 · · Score: 4, Insightful

    This is a great article. I don't like E-voting, but not because I fear of fraud or deceit -- I don't like the majority or the form of democracy our country has taken on in the last 100 years or so.

    Not wanting to troll or start an argument, I just wanted to remind people that this country was founded on a Constitution that should severely limit what the federal government can do. Some of the Constitution's protection of natural rights extends to limit the individual State powers as well.

    E-Voting is just one step towards "complete" democracy, where the majority makes all the rules. This frightens me more than I can explain on paper. The majority should never have any control over the minority (even over a minority of one) property rights or natural rights. If the majority ruled, 51% of the country can take away what 49% own. This is not America. This is not freedom.

    Democracy unrestrained will fold into some sort of socialism eventually, as we have seen in the past 100 years. We need to hit the brakes and return to a strong local government and a weak federal government, and we need to do it now.

    1. Re:Great article, but beware the majority. by Eagle5596 · · Score: 4, Insightful

      Fortunately, we have mechanisms in place, like the electoral college to prevent such tyranny of the majority out of the executive branch.

      And if Gore had been elected over Bush, you'd be arguing for the abolishment of the electoral college.

      While allowing for the majority to vote on individual bills would be useless, when it comes to elected officials, majority rule is more than appropriate, it is necessary. The electoral college is a method of disenfranchisment for people who do not hold the same opinion as the majority of those living in their states. This problem becomes increasingly obvious for those that live near a state border between states with radically different political opinions.

      Consider an individual who voted Republican, and lived on the Washington side of the Washington - Idaho border. His vote is totally nullified by the electoral college, eliminating his opinion in the electoral college as Washington voted for Bush, yet were his voted counted a mile east, in Idaho, he would have been part of the Republican majority. The inverse also applies. The end result for the election was, even though Gore recieved .5% more of the popular vote than Bush, the oligarchical system of the electoral college swung the vote to be .9% in favor of Bush.

      This is disenfranchisment of the minority opinion in each state, and is as wrong as was taxation without representation. The reason that congress and the senate are so bad these days is not a result of direct election, but because they are the ones with the most cash for campaigning, and the toleration our country has of such abomiable practices as gerymandering.

  2. Vote Early, Vote Often. by blcamp · · Score: 4, Insightful


    The whole concept of Internet Voting frightens the hell out of me.

    The Internet has been around for what - 35 years now? And we *still* haven't solved e-mail spoofing and spam. Nor have we found a way to keep 5cr1p7 k1661e5 from busting into National Freaking Defense servers. How many times have we heard about Yet Another Batch Of Stolen Credit Card Numbers?

    Still, some folks think those little "speed bumps" shouldn't stop us from using the same technology to select the leader of the free world?

    Someone tell me this is just a bad dream. Please.

    I love technology. But not for this purpose. And certainly NOT NOW. Not yet...

    --
    The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
  3. Eye Candy Security by Lord+Grey · · Score: 5, Insightful
    I think this snippet from Avi's posting highlights something fairly important:
    In the beginning of the election, we printed a "zero tape" of each machine. I found this to be the kind of charade that a confidence man would play when performing some slight of hand. So, the machines printed each candidates name with a zero next to it. Somehow, that is supposed to mean that there are no votes counted on the machine? I don't know. I think I could write a five line computer program that would print the zero tally, and I don't see how that ties into the security of the election.
    The average person out there uses computers. They don't necessarily understand them. People tend to trust a computer's output if it matches their expectations. The "zero tape" is a great example of that, and Avi's subsequent comment about it being "eye candy" is spot-on.

    Unfortunately, it takes a technically-astute person to identify a potential security flaw like this. It also takes a technically-astute person to implement the flaw. To the average person, the whole situation seems alarmist. It's in the same category as astroids striking the earth: Sure, it could happen, but....

    Only after a failure of the e-voting system, a failure that's obvious enough for the average person to understand, will the public demand either better controls or removal of the system.

    --
    // Beyond Here Lie Dragons
  4. low-tech voting by SenorFluffyPants · · Score: 5, Insightful
    I was a site manager at the New Mexico caucus, and we used straightforward pen and paper. Reconciling was a simple affair at the end of the evening.

    Kucinich got one vote all day. That ballot somehow failed to get into the sealed envelope I returned to the party that night. All in all, 3 points:

    • low-tech voting works just fine and leaves an unmistakable trail
    • mistakes happen with any method, but are much easier to catch via low-tech means
    • Kucinich has been shorted one vote and it is my fault. Perhaps that one would have started the groundswell, but we will never know...

  5. Re:hmm... by orthogonal · · Score: 5, Insightful
    I'm sorry but who cares if this artical [sic] [by computer scientist and election judge Avi Rubin, questioning the trustworthiness of e-voting] got slashdoted [sic]...

    I'm going to guess that
    • you're not yet of voting age;
    • and that when you do reach voting age, you won't bother to exercise the franchise;
    • and that your voluntary departure from the voting pool will -- oddly enough and for different reasons -- likely be appreciated both by politicians hoping for more passive, indolent "sheeple" and by those of us citizens who work hard to ensure a representative and responsive government.


    But by then you'll probably have ended up joining the Army for lack of better prospects in Bush's economy, so that you can lay down your life ostensibly to protect democracy in Iraq, and surely to protect Halliburton's contracts there.

    While I'm sure that somewhere Mr. Jefferson is cringing at your example, please don't feel too bad: Fascists everywhere rely on people just like you; without you they'd never get beyond the Bier-Hall Putsch.
  6. Disasters waiting to happen... by dpbsmith · · Score: 5, Insightful

    eVoting on machines that do not produce auditable paper trails are disasters waiting to happen. As in many other intrinsically dangerous situations, years may, and probably will go by with no apparent problems.

    Our lives are full of protections that are seemingly "no needed." How often does an elevator cable actually break, for example? Does that mean we don't need overspeed brakes on elevators?
    Or inspectors to see whether the brakes are there and working?

    One little-noted contribution by Edward Teller was his almost single-handed insistence that civilian nuclear power plants be enclosed in containment buildings. This is particularly interesting because he was, of course, a strong advocate of nuclear power. And, of course, nuclear reactors are supposed to be safe in the first place, so why go to the huge expense of a containment building that isn't supposed to be needed? Then a Three Mile Island comes along, and we find out why.

    Black-box voting is a disaster waiting to happen. The disaster probably won't happen tomorrow, or this year. And when it does happen, it probably won't happen in a district with plenty of careful, well-trained, honest conscientious poll workers.

  7. That man is a patriot by GuyZero · · Score: 5, Insightful

    OK,so I'm not American, but that guy is one hell of a great patriot. Amazing how many people hate the guy when he's out to defend America's #1 institution. Oh wait... democracy was replaced by "don't bug me about my quasi-legal business practices" a few years back. Right.

  8. Re:Typical Newspaper. by Anonymous Coward · · Score: 5, Insightful
    The question is not whether or not e-voting machines will prevent all fraud. The question is whether or not e-voting machines will be susceptable to less fraud than the paper ballots, and I think it is obvious that is the case.

    Not at all. The real question is whether or not the e-voting system will be a vehicle for widespread massive one-stop-shopping and completely untraceable fraud as opposed to the small-scale fraud that you seem to feel they will prevent.

  9. are you a politician? by Provincialist · · Score: 5, Insightful
    Elections hold an enormous amount at stake - indeed, entire political careers - and thus the temptation for covert meddling is inevitable.

    If you think that careers are the most enormous stakes in an election, you're a little too close to the process for your own good. b-)

    kind regards,
    Jess

    --
    I am programmed for etiquette, not destruction!
  10. Not problems in the US by edremy · · Score: 4, Insightful
    The issues you mention aren't really problems in the US.

    Large numbers of ballots and ballot boxes going missing would throw serious red flags- the local news would catch serious shenanigans. Ditto burning down warehouses. (And e-voting doesn't solve these problems either: simply disappear the smart cards or machines.)

    We already have very fast reporting, so the "Green" vote problem won't crop up either.

    Where the US has been vulnerable in the past is voter rolls (Just how many dead people voted for Kennedy in Chicago?) and direct manipulation of voters (How many minority voters were "discouraged" in Florida last election?) E-voting doesn't solve these problems either.

    --
    "Seven Deadly Sins? I thought it was a to-do list!"
  11. Re:E-Voting here to stay - stop fighting it by corebreech · · Score: 5, Insightful

    It is impossible to argue that moving to an electronic system is not inevitable, any more than it is possible to argue in favour of abandoning cell phones and reverting to tin cans and string, or abandoning email in favour of carrier pigeons.

    Impossible? To start with, we've already adopted cell phones, whereas we haven't yet truly embraced electronic voting. Moreover, cell phones don't present the kind of threat to our democracy electronic voting does.

    It has to be said, over and over again, that once we lose the right to vote, the only way to get it back will be through violence. So it's important that we do everything we can to see to it that the right isn't lost in the first place.

    With a corrupt incumbant, people could be intimidated into voting for them, out of fear that the government might quietly (or worse - aggressively) discriminate against anyone who voted for their opponent.

    I think that's ridiculous. People register in different political parties all the time, without ill effect.

    I would argue in fact that it is vital we publish the ballots that people cast. It is the only way to be certain that an election is on the level. The arguments we always hear against this doing this never stand up to scrutiny.

    The only people who benefit from the secret ballot are those who seek to game the election.

  12. Re:Typical Newspaper. by Paul+Crowley · · Score: 5, Insightful

    Your "obvious" impression is directly contrary to that of pretty much the entire computer security community. Read what Schneier has to say on the subject, for example - stealing a bunch of ballots is one thing, but silently altering the entire result of the election without having to expose yourself by moving a single physical ballot and while leaving absolutely no physical sign that anything might be amiss is quite another.

  13. Homeland Security? by henryhbk · · Score: 5, Insightful
    It is interesting to me that we have decided to spend billions of dollars in securing federal and other governmental institutions from terrorist attack, and yet a vital institution of the government is left relatively unguarded. Although the paper system before can also be flawed (see Florida), in the post-9/11 era, where we willingly made air-travel painful, have metal detectors and ID checks in all governmental buildings, truck-barriers out front we entrust our governmental selection process to an unencrypted storage and encryption system. This is not to say the prior system could not be manipulated, and the massivel volume of paper information made a true recount virtually impossible, but making a printout means that an individual machine, or spot audits can look for tampering.

    Amusingly, as a physician, the rules for how I can transmit simple data require both a stricter level of paper-trail (I have to document in the medical record the consent of the patient to release records and where I sent them) and a stronger encryption (sending medical information via unsecured Fax or modem is against HIPPA rules) than people tolerate on their votes.

  14. Re:E-Voting here to stay - stop fighting it by dnoyeb · · Score: 4, Insightful

    I my by chance play craps at the craps table. But I will not waste time in any electronic gambling machine.

    I feel the same way about voting. Unless the code and the whole process is open sourced, as a transparent government should be, I will not support it no matter how secure they can prove it is.

  15. Re:E-Voting here to stay - stop fighting it by Smitty825 · · Score: 4, Insightful

    Maybe you are just overthinking it...

    Why doesn't each machine print out who each person voted for? That way, a manual recount can occur, any counting errors in the software aren't a major issue, etc.

    To me at least, this is the most obvious solution

    --

    Doh!
  16. Re:Typical Newspaper. by Tackhead · · Score: 5, Insightful
    > Not at all. The real question is whether or not the e-voting system will be a vehicle for widespread massive one-stop-shopping and completely untraceable fraud as opposed to the small-scale fraud that you seem to feel they will prevent.

    Furthermore, small-scale fraud is pretty much guaranteed to cancel itself out. A corrupt Republican stuffs 20 dead peoples' ballots in one precinct, and a corrupt Democrat gets another 20 corpses to vote in the next precinct. Net effect: ZERO.

    Electronic voting practically guarantees that the corrupt side with the best crackers to win. The only proof of electoral fraud in an electronic system is likely to come in the form "A team of hackers for Our Guy knows it stuffed 100,000,000 ballots. We hired them and watched it happen, but the popular vote came out 101,000,000 to 99,000,000 in favor of Their Guy. Obviously, Their Guy also hired crackers to rig the election! We want a do-over!"

    Personally, I'm OK with a society in which the Side That Gains The Political Allegiance Of The Best Hackers gets to rule the world. I think a society in which the Democratic candidate campaigns on a platform "We'll execute all RIAA members in exchange for your help in rigging the vote", only to be countered with a Republican candidate running on "We'll execute all RIAA members, and because we're also pro-gun, we'll let you pull the trigger on them in exchange for your help in rigging the vote!" would be pretty fucking cool.

    Would it be a free society? Given the influence the techno-elite would have, it might be even more free than our present one. But I'd never pretend to call it a democratic one. I'm OK with that, because I happen to believe that democracy is overrated. The Constitution in its current form differs with me on that point. The one that governs the country in which I live says the society is supposed to be a representative republic in which the votes cast by the people for their representatives count.

    Because I also believe in the rule of law , and because that Constitution is the law, however cool a society ruled by h4x0rz might be, I must therefore oppose electronic voting. Pisses me off to be consistent in my beliefs sometimes, but there you go.

  17. Vulnerabilities by Todd+Knarr · · Score: 4, Insightful

    I'm not sure Prof. Rubin's right about the smart cards not being a big vulnerability. If someone manufactures altered cards it's easy to come in with one in your pocket, get a legit card, use the altered card to vote and return the legit card. You couldn't stuff the ballot box this way, but you could vote a different ballot than the one you were assigned. This would get caught when checking the voting machine's tally of ballot types against the number of each type issued, but there'd still be no way of correcting the results.

    The zero machine is the big problem. I think it's why Diebold makes such a big deal out of the security of the actual voting process: the zero machine makes the security of the voting itself irrelevant. That one machine tallies all votes, and it gets access to all of the PCMCIA cards that hold the tallies from the other machines. It's in a position to simply discard all the actual results and replace them with whatever it wants, and once it has there's no way to tell it's happened. I can think of several easy ways to keep that code undetected, too. Unverified code loaded at the last minute (after all the testing had been done) to fix a convenient bug, for example. Just disallowing updates won't stop me, though. Prof. Rubin mentioned using PIN 1111 during training but a different PIN when setting the machines up for an election. So, I put the result-replacement code into the zero machine before it's delivered to the state, but put in a check: if the PIN is 1111 then disable the replacement code, otherwise enable it. During training, during test elections, during everything that uses that special PIN 1111 the machine will behave exactly as if no malicious code was present. Set it up for a real election using a real PIN other than 1111, and suddenly code that's never been active before is active and waiting to force the results. Note that it doesn't have to be Diebold loading the code, anyone who can get enough access to the zero machine to load a program update into it could do this. Given Diebold's track record for doing on-the-sly updates to the code, I think there's a non-negligible chance of someone being able to slip their code into an update and have it go through even if we assume Diebold themselves wouldn't (and I'm far from willing to assume that).

    The big danger in my opinion isn't so much that this is possible, but that it's possible without leaving any evidence it's happened. The one thing paper ballots do well is give us an audit trail from the actual cast ballots all the way through the final results. The results can be altered, but it's very difficult to alter them while keeping the audit trail intact and consistent. It's not the electronic voting machines that are the major problem, it's the lack of a verifiable audit trail. With paper ballots you don't need to trust the counting process to verify whether the final results are correct. With the current electronic machines this isn't the case.

  18. Avi's honesty, analogies by MattW · · Score: 5, Insightful

    First, I'm impressed by Avi's candor. His admissions of his own error, his discussion of mitigation of some risks, and so on point to someone, I feel, who is trying their utmost to be forthright and thorough. By the same token, clearly these doing really lessen the great danger of an e-voting machine. We need to stop for a moment and consider the sinister possibilities. When, say, Microsoft buys Diebold, purportedly for technology or such, who's to say they're not buying themselves a congress that will outlaw open source? That's only the most mild of such scenarios.

    Second, I wonder if there's a sacraficial lamb out there who'd be willing to hack a Diebold box. If someone could successfully seriously skew the outcome such that people went, "Wait, that's *really* the result?" and then claim credit, that might be the death blow to unaudited evoting.

    Third, I'd like to simply point out an analogy that's appropriate when consider that e-voting on super tuesday was "successful". Windows works pretty well when you sit down and use it, most of the time. That doesn't mean it's secure - witness the rash of viruses as of late - and it doesn't mean it isn't *disastrous* when that insecurity is exploited.

    Thanks for doing what you can to keep the spotlight on this issue, Avi - America needs you.

  19. Re:Typical Newspaper. by SpaceLifeForm · · Score: 4, Insightful
    Furthermore, small-scale fraud is pretty much guaranteed to cancel itself out. A corrupt Republican stuffs 20 dead peoples' ballots in one precinct, and a corrupt Democrat gets another 20 corpses to vote in the next precinct. Net effect: ZERO.

    You're not thinking outside the box (the ballot box in this case).

    In your example, maybe it's a wash. But, at a larger level (states), it is *very* significant. Why? Because you don't really vote for President. And since two given states may not have the same number of electoral votes, a fix in one state that is balanced in another state does not wash out.

    So, a supposed 'small fraud' can actually have very large effects. See Florida.

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
  20. Re:E-Voting here to stay - stop fighting it by MindStalker · · Score: 4, Insightful

    You've obviously never lived in a small town. Or been part of a labor union. But there are plenty of people who would be professionally or physically damaged if their vote wasn't along the lines of what was expected of them. We are just lucky to live in a country were its not quite as obvious, probably because of the secrecy of our ballots.

  21. I fear he is not getting it... by dillon_rinker · · Score: 4, Insightful

    "I believe that if any voter somehow managed to vote multiple times, that it would be detected within an hour. I have no idea what we would do in that situation. In fact, I think we'd have a serious problem on our hands, but at least we would know it."

    Right. If I shot you through both your femoral arteries, you'd know within a second that you were bleeding to death. There's nothing you could do about it, but at least you'd know.

    In a close election, all you'd have to do is identify those precincts where your opponent had a strong lead. Find a way to screw up the vote on the Diebold machines. Demand that those votes be thrown out. Demand a recount. Sue all the way to SCOTUS if those votes are included. Lather, Rinse, Repeat. Watch the republic turn into an empire.