Hackers, Public Differ Greatly On E-voting

cweditor writes "Sorry to be touting one of my own Computerworld stories, but I only covered it because I found it so interesting. The Ponemon Institute surveyed 2,933 members of the general public and then 100 DEFCON and Black Hat attendees to get their views on electronic voting. 'The degree of difference was startling,' said director Larry Ponemon. It was the biggest split between 'experts and the public he'd ever found. For example, 83% of the experts said e-voting is less or much less secure against election tampering than paper ballots, compared with just 19% of the general public."

Imagine that.

[2names]

The experts know more than the general public. Will wonders never cease?

Re:Imagine that.

[lazyl]

Yeah, but how much do these 'experts' know about how secure paper ballots really are? They should also interview a third group: those who are experts in the paper system.

Re:Imagine that.

[aardvarkjoe]

What makes it even less informative is that these "experts" are not experts in the field that's being discussed. The numbers would at least be interesting if they had actually used experts knowledgable about voting security.

Re:Imagine that.

[Phisbut]

Maybe people don't hack into the old unpatched NT box because there would be no valuable reason to do so. Or maybe it does get hacked but when the hacker sees there's nothing of interest, he leaves and hunts for another target.

But election tampering, *now* you've got something valuable. Being able to bypass democracy and nominate (in opposition to elect) the guy who has the power to say "Let's bomb Iraq some more", now you've got a good reason to worry about security.

I have a little server at home that basically only runs to gather high-scores from a little amateur online game I made. There's no reason for me to patch it ad-nauseum since I don't really care if the machine crashes or gets hacked or anything. Just as a hacker would care about somebody's high score when he sees my server.

Being paranoid is trying to secure something nobody would want to tamper with. Making sure nobody can hack into the e-voting system that will elect the next president is *not* being paranoid, it's plain ol' common sense.

Re:Imagine that.

[Teancom]

Did you actually read the article? All the way to the end, that is? The only thing that actually went wonky was the machine that projects the totals up on the wall. And it was smart enough to know that it hadn't been reset, so it delibaretly put up huge numbers to attract attention to the fact. As the article said, at no time was the actual voting machine off in any way. In short, there are plenty of reasons to dislike or distrust electronic voting, but this is a particulary bad example to use as one of them.

Re:Imagine that.

[Phisbut]

Sometimes, the old fashioned way is the best way. We had a federal election a couple of months ago in Canada, and it was all paper & pens.

People could come from 9AM to 9PM to take the piece of paper, go behind the curtain over there, mark the paper with the pen (make an X in a cirle next to the one you want to vote for... not all that complicated), and put the little piece of paper in the sealed box.

At the end of the day, human beings opened the sealed boxes, with several witnesses (at least one representative of each party, plus other government officials), and hand-counted each ballot. Take one paper, show it to everybody, add 1 to the score of the guy on that ballot, put the ballot in a pile. Repeat the process about 500 times per box, for each of the thousands and thousands of boxes around the country. The whole process of counting takes about an hour, and there's very very few occurences of a party requiring a recount, because everything has been done in front of at least 10 witnesses.

Where's the need for all that electronic voting stuff? Maybe it goes faster, and maybe the paper-way requires the hiring of more people (thus costing more in salaries), but consider the cost of buying the electronic stuff, then the cost of all the judicial stuff that happens because votes are missing or something got hacked or so.

Go back to plain ol' paper & pens, and let democracy reign.

Re:Imagine that.

[abb3w]

since they only interviewed 100 experts to the 2,933 everyjoes,

Error bars on statistical samples IIR are (N^0.5); thus, percentages have error bars of (N^-0.5). Thus, the 83% expert opinion on 100 experts is +/- 10%; the 19% opinion on 2933 everyjoes has an error of about 1.8%. So, even worst case, the experts are more than three times as likely to distrust the computer voting.

"Anyone who cannot cope with mathematics is not fully human. At best he is a tolerable subhuman who has learned to wear shoes, bathe and not make messes in the house." --Heinlein

I have said it before, and I will say it again

[YankeeInExile]

Electronic Voting is a solution in search of a problem.

Why this fetish for applying complicating technology to simple problems?

The point is...

[Decameron81]

The point is that the general public doesn't know what happens behind the scene when they click on a button with their mouse. Maybe the reason those experts don't trust e-voting is because they know it takes only so much to be able to read and modify data going through the net.

Just my 2 cents.

That's why they call it the 31337...

[CharAznable]

It's disturbing when technical issues become central to a wider political issue that involves everybody, yet very few people have the background to understand it or have an informed opinion about it. Software patents is such an issue. This one is too, and much more important. It's quite easy to lie and mislead the general public with it, since few people have the knowledge to see through the bullshit.

I have a feeling...

[odano]

That e-voting isn't the only topic which hackers and the general public disagree.

A Survey at DEFCON about HACKING???

[Lord+Grey]

The Ponemon Institute surveyed 2,933 members of the general public and then 100 DEFCON and Black Hat attendees to get their views on electronic voting.

DEFCON is hardly the right place to be conducting a survey about the "hackability" of an electronic voting system. 50% of this year's attendees could probably figure out how to hack the vote before their third Mountain Dew.

The thing I don't get

[dg41]

Is why elections officials are so adamantly opposed to a paper trail? Sure, it creates extra expense in the short term, but it simplifies matters (by using electronic voting, hands down then the chad-bearing cards) and provides an auditable trail.

P2P voting

[revery]

To quote a popular saying, He who counts the votes, elects.
The only way to ensure the safety of ballots is to distribute the counting of ballots among a larger number of people.

The more centralized the ballot counting, the easier it is to corrupt, the more distributed it is, the more difficult it is to corrupt and the greater the likelihood of exposure.

And by distributed, I'm not talking about computers networks, I'm talking about people.

--

Was it the sheep climbing onto the altar, or the cattle lowing to be slain,
or the Son of God hanging dead and bloodied on a cross that told me this was a world condemned, but loved and bought with blood.

What "Paper ballots" did John Q think was meant?

[Ungrounded+Lightning]

Yeah, but how much do these 'experts' know about how secure paper ballots really are? They should also interview a third group: those who are experts in the paper system.

I think a more telling question is: What "Paper Balots" did John Q Public think he was comparing to the e-voting systems?

And as usual we have a "game of telephone" going on here:

- We don't KNOW what the actual question on the survey was.
- The Computerworld article said "traditional paper ballot machines". (Maybe that was what was actually in the question. Let's assume it for the moment.)
- But when the Computerworld article's own author posted it to slashdot, he warped it to "Paper Ballots". And this thread is following his lead.

Now you and I know that paper ballots - the ones with the square boxes with hand-drawn Xes - are subject to some tampering, but it's hard to do it without leaving tracks, while a purely electronic systems is subject to all sorts of invisible breakdowns, from mechanical problems, software bugs, and malicious tampering.

But if you're talking "traditional paper ballot machines" you just completely dropped that system. Now you're talking about either punchcards, or optical mark sense systems.

What experience does John Q. have with either?

With punched cards, his sole reference point on reliability is the media storm over the presidential election in Florida. You know - the one where the democrats are STILL claiming the Republicans stole the election. Optical sense cards are subject to mis-scanning. Both can be hit by operational irregularities (such as not running one stack through while running another through twice.) Both are subject to cheating by replacement of physical ballots (as are all the other systems except e-voting without printed audit trail). Both are subject to exactly the same opportunities for accidental or malicious corruption of the vote counting hardware and software.

(And don't even get me STARTED on mechanical voting machines...)

So why SHOULD John Q. think that the e systems AREN'T better than the "traditional paper ballot MACHINES" - whose software has had more time for malicious bug injection and whose hardware and operational systems have been the subject of a recent major scandal?

IMHO John Q. may be right: All the objections except lack of an audit trail apply to the other paper ballot MACHINE systems, and they also have a better opportunity for misreading through mechanical failure or "user error" than the e systems. And since the audit trail is rarely checked, who's to say that the elections haven't been corrupted for decades.

IMHO the important thing about this flap is that it could lead to a less corruptable counting system than we've had since I became eligible to vote back in the '60s. The extra opportunity for unchecked vote corruption has lead to a move to eliminate the problem with the new machines by adding an audit trail, and to regular random surveilance of that audit trail. This, combined with the lower MECHANICAL error rate of the systems and the redundant counting mechanism will set a new, higher standard for the OLDER systems, and should lead to a much more accurate count.

Then, if we move on to eliminating the OTHER sources of election corruption (ineligible voters, multiple registrations, etc.), we might actually come up with fair and accurate elections within what remains of my lifetime. B-)