Slashdot Mirror
Hackers, Public Differ Greatly On E-voting
cweditor writes "Sorry to be touting one of my own Computerworld stories, but I only covered it because I found it so interesting. The Ponemon Institute surveyed 2,933 members of the general public and then 100 DEFCON and Black Hat attendees to get their views on electronic voting. 'The degree of difference was startling,' said director Larry Ponemon. It was the biggest split between 'experts and the public he'd ever found. For example, 83% of the experts said e-voting is less or much less secure against election tampering than paper ballots, compared with just 19% of the general public."
The experts know more than the general public. Will wonders never cease?
"I'm just here to regulate funkiness."
...but were those polled by e-voting machines? :)
What data or insider knowledge does Joe Public have about how this wouldn't be secure? I think they assume its simplified and therefore more secure.
Electronic Voting is a solution in search of a problem.
Why this fetish for applying complicating technology to simple problems?
How does the Slashdot Effect happen given that no slashdotters ever RTFA?
The point is that the general public doesn't know what happens behind the scene when they click on a button with their mouse. Maybe the reason those experts don't trust e-voting is because they know it takes only so much to be able to read and modify data going through the net.
Just my 2 cents.
diegoT
ever gone to a hacker con? all those kids do is play dance dance revolution. id hardly call them experts
It's disturbing when technical issues become central to a wider political issue that involves everybody, yet very few people have the background to understand it or have an informed opinion about it. Software patents is such an issue. This one is too, and much more important. It's quite easy to lie and mislead the general public with it, since few people have the knowledge to see through the bullshit.
The perfect sig is a lot like silence, only louder
That e-voting isn't the only topic which hackers and the general public disagree.
it's obvious that the blackhat people tampered with the results of the poll concerning the tamperability of polls
This would be the same "general public" that uses Gator to store their passwords and really believe that someone they know would suddenly send them a poorly formatted email message with an executable attachment of a naked Anna Kournakova? Where's the "in other news, the sky is blue and water is wet" post?
I disagree with what you say, but I'll defend your right to say it to the death - Voltaire
It seems as if they blindly trust our gov't to protect them from voting fraud. It's my opinion that the voting booth is really (short of violence) the ONLY tool that the population has to control their government.
To trust the gov't to keep the vote safe is kind of like putting the fox to work gaurding the henhouse.
The right to a secure, private, verifiable vote is the very foundation our country was built on. It's a shame that more people don't take it seriously.
Visit the Open Voting Consortium" for more indepth thoughts and ideas on this topic.
[runs away and hides]
If Jesus wants me it knows where to find me.
Is why elections officials are so adamantly opposed to a paper trail? Sure, it creates extra expense in the short term, but it simplifies matters (by using electronic voting, hands down then the chad-bearing cards) and provides an auditable trail.
This seems to be an example of how technology has been sold to us ("the public" in this story) as an always-win net gain.
New is better than old. Expensive is better than cheap. Big is better than small.
This attitude is dangerous. Our collective faith is being misplaced in science and technology - both of which are important, but not perfect.
Sorry to be touting my own 14th post, but I'm only covering it because it's so damn interesting!
Actually, it is a good article, and it should be widely distributed. Obviously computer experts can see the flaws in e-voting, but it's the non-computer experts that we need to reach. Most people out there have no clue at all that something is wrong. An article like this, simplified a bit, could change a lot of uninformed opinions.
No weapon in the arsenals of the world is so formidable as the will and moral courage of free men.-Ronald Reagan
Look at the graph in the article. The biggest fear of the voting public is "Declines in voter turnout because of fear or distrust of e-voting systems."
In other words, their greatest fear is that people will realize that e-voting is a recipe for fraud and will stay home. Their greatest fear is that people respond rationally to what I think most of us believe is the truth. That just astounds me.
To quote a popular saying, He who counts the votes, elects.
The only way to ensure the safety of ballots is to distribute the counting of ballots among a larger number of people.
The more centralized the ballot counting, the easier it is to corrupt, the more distributed it is, the more difficult it is to corrupt and the greater the likelihood of exposure.
And by distributed, I'm not talking about computers networks, I'm talking about people.
--
Was it the sheep climbing onto the altar, or the cattle lowing to be slain,
or the Son of God hanging dead and bloodied on a cross that told me this was a world condemned, but loved and bought with blood.
AFAIK, in the US of A, the elected administration chooses closed source methods/implementations of e-voting. That is plain madness and gives way not only to intransparent, uncheckable elections and manipulations.
My wife has been terribly excited by electronic voting because it promises to be accessible. She takes great offense that because she is blind she has to get assistance to vote under the current system.
It's taken a while, but I've finally convinced her that being able to "vote" is pointless if the "vote" is not counted or they system itself is fundamentally flawed.
It's interesting that the local newspaper, the Berkeley Daily Planet took the position that being opposed to electronic voting was a scheme to disenfranchise the disabled. It took a while, but following many insightful letters, they finally admitted that electronic voting as currently proposed in Alameda had the more serious potential to disenfranchise everyone!
As technical professionals it's important we become informed as possible on the subject. That way when your dad or neighbour ask about electronic voting you can explain the dangers and current issues. The more the general public learns about electronic voting, the better off we all will be. (and these survey numbers will be more favourable)
-- "Most people prefer a popular myth to an unpopular truth"
Looks like he's already done his part by building crappy machines with no paper trail. Now all the GOP needs to steal the election is some average-ability hackers.
I am amazed that it's only 6 out of 10 computer security professionals. I attended defcon and the 'hack the vote' lecture. Anyone who saw that lecture has to agree that there are serious flaws in e-voting.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
I read somewhere that only 5% of the general public has a basic understanding of the concepts behind major everyday items such as a television or a refrigerator. Unfortunately I can't find the source of that figure (but paraphrasing Homer Simpson - "87% of all figures are made up anyways")
However, this underscores an important weakness in our society. When a TV or fridge was simply a consumer item, it was less important to know how it works. Now that large parts of our economy (finance, software, inventory, logistics), society (arts and culture) and democracy itself is largely controlled by computers this knowledge gap become increasingly important. People looking to control these sectors can increasingly rely on the general populace to not understand the issues involved. Just look at the bills passed regarding the use of technology (DMCA, HAVA, etc.) and you'll see that basic weakness exploited.
If voting is anonymous it cannot be completely auditable and secure. The same can be said about paper ballots; however, it is harder to physically stuff a ballot with the required number of paper ballots compared to electronic tampering (once you are in, you can easily generate the required number of votes to tip the scale).
Optical scan ballots that are verified by the voter seem like a reasonable middle ground. When voting I know immediately if the machine accepted my ballot and the totals are electronically gathered for rapid accumulation; however, there remains a paper trail that can be used for recounts and an audit trail.
Home Automation & Linux -- now I know I'm a geek
"Those who cast the votes decide nothing. Those who count the votes decide everything."
d e+ quotel y/aa121 800a.htm
I've attributed it to him in the past, but it's probably not. Hooray for google leading me to the right page.
http://www.google.com/search?q=count+votes+deci
http://urbanlegends.about.com/library/week
That would actually be good. Hack the vote, not to throw the election one way or the other, but to clearly show the public what the problem is. If Mickey Mouse is elected president, that would illustrate the issue nicely, in a way that the public can grasp.
But you'd better not get caught...
//Information does not want to be free; it wants to breed.
A piece of paper by itself does nothing. The paper has to show the voter how they voted in a human readable way and a way that can be verified against the machine. However, if no audit is conducted, the paper does absolutely nothing but give voters a false sense of security.
#1 Don't expose voting machines to the internet.
#2 use fingerprint + SSN to log into the system (double bonus, you'd get a better database of fingerprints for law enforcement)
#3 Report your vote to a watchdog group after leaving the booth, whether they're private industry or media.
If the watchdog groups projected talleys are within an error % of the actual vote totals, then you can feel secure that the e-vote wasn't tampered with anymore than paper ballots probably are.
My vision of secure electronic voting involves lots of public keys of ridiculous length, a hard copy receipt available (hex or something printable with lots of redundancy to ensure that an unreadable letter would not mess with a re-count and a barcode like label on there to be easily read by a scanner is a re-count was necessary), a few datacenters around the nation that each receive the results individually from each vote (the vote is sent to each of them with a different key from the user's computer) and no user names or passwords are used, simply a code from you voting card coupled with your SSN and name, perhaps each voting card would be unique to the year (automated sending every year for registered voters, etc to not complicate the matter for regular voters). I cannot see where RSA encryption would be insecure, and our government can trust a LOT more sensitive data to datacenters. The results could be tabulated on-site at each of the data centers and announced. Hell, we could probably get away with a STRIGHT VOTE in stead of this Electoral Collage crap. If there is one week spot its in sending your voting card to you via the mail, but most people trust their tax returns with the mail and more sensitive data than even that! I'm not seeing how getting E-voting to work is hard, ad even if only a few use it at first they will convince others! This whole being stuck in the 1900's blows, lets modernize this "Democracy" for the love of pie!
md5sum
d41d8cd98f00b204e9800998ecf8427e
Among the witnesses, the people representing their parties were not paid by the government, maybe they were being paid by their party, I don't know. The other officials acting as witnesses were also being paid by the government. All those people took oaths, and it was all done in a very strict manner.
And yes, people from the public were allowed in the room (up to a certain limit) during the counting.
After 3 days without programming, life becomes meaningless
- The Tao of Programming
Yeah, but how much do these 'experts' know about how secure paper ballots really are? They should also interview a third group: those who are experts in the paper system.
I think a more telling question is: What "Paper Balots" did John Q Public think he was comparing to the e-voting systems?
And as usual we have a "game of telephone" going on here:
- We don't KNOW what the actual question on the survey was.
- The Computerworld article said "traditional paper ballot machines". (Maybe that was what was actually in the question. Let's assume it for the moment.)
- But when the Computerworld article's own author posted it to slashdot, he warped it to "Paper Ballots". And this thread is following his lead.
Now you and I know that paper ballots - the ones with the square boxes with hand-drawn Xes - are subject to some tampering, but it's hard to do it without leaving tracks, while a purely electronic systems is subject to all sorts of invisible breakdowns, from mechanical problems, software bugs, and malicious tampering.
But if you're talking "traditional paper ballot machines" you just completely dropped that system. Now you're talking about either punchcards, or optical mark sense systems.
What experience does John Q. have with either?
With punched cards, his sole reference point on reliability is the media storm over the presidential election in Florida. You know - the one where the democrats are STILL claiming the Republicans stole the election. Optical sense cards are subject to mis-scanning. Both can be hit by operational irregularities (such as not running one stack through while running another through twice.) Both are subject to cheating by replacement of physical ballots (as are all the other systems except e-voting without printed audit trail). Both are subject to exactly the same opportunities for accidental or malicious corruption of the vote counting hardware and software.
(And don't even get me STARTED on mechanical voting machines...)
So why SHOULD John Q. think that the e systems AREN'T better than the "traditional paper ballot MACHINES" - whose software has had more time for malicious bug injection and whose hardware and operational systems have been the subject of a recent major scandal?
IMHO John Q. may be right: All the objections except lack of an audit trail apply to the other paper ballot MACHINE systems, and they also have a better opportunity for misreading through mechanical failure or "user error" than the e systems. And since the audit trail is rarely checked, who's to say that the elections haven't been corrupted for decades.
IMHO the important thing about this flap is that it could lead to a less corruptable counting system than we've had since I became eligible to vote back in the '60s. The extra opportunity for unchecked vote corruption has lead to a move to eliminate the problem with the new machines by adding an audit trail, and to regular random surveilance of that audit trail. This, combined with the lower MECHANICAL error rate of the systems and the redundant counting mechanism will set a new, higher standard for the OLDER systems, and should lead to a much more accurate count.
Then, if we move on to eliminating the OTHER sources of election corruption (ineligible voters, multiple registrations, etc.), we might actually come up with fair and accurate elections within what remains of my lifetime. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Thanks for your comment.
The Slashdot rule : if you post an unsupported opinion (the Republicans sux0r!!! Democrats are ph@gs!!), you're modded insightful. If you post actual news reportage that shows that in fact the evidence so far suggests that the liberal Democrats (Dean, etc.) have been pretty aware of this issue, but the Republicans haven't been, you're modded Flamebait.
For Republicans who can't bear to read anything critical about their party, here's something about some Republicans who have their heads on straight, from the St. Pete Times:
While Gov. Jeb Bush reassures Floridians that touch screen voting machines are reliable, the Republican Party is sending the opposite message to some voters.
The GOP urged some Miami voters to use absentee ballots because touch screens lack a paper trail and cannot "verify your vote."
That's the same argument Democrats have made but which Bush, his elections director and Republican legislators have repeatedly rejected.
"The liberal Democrats have already begun their attacks [sic] and the new electronic voting machines do not have a paper ballot to verify your vote in case of a recount," says a glossy mailer, paid for by the Republican Party of Florida and prominently featuring two pictures of President Bush. "Make sure your vote counts. Order your absentee ballot today."
The GOP tactic is the reverse of what Bush and state elections experts have said as they have repeatedly opposed Democratic moves, in the Legislature and courts, to require a paper trail on the machines.
GOP flier questions new voting equipment
Of particular interest in the article is this quote, though, on the official Florida GOP position with regard to e-voting:
"The governor certainly does not support that message," said [Jeb] Bush spokeswoman Jill Bratina. "People need to have confidence in these machines."
Maybe we just need fewer government officials.
Give me Classic Slashdot or give me death!
Have you never heard of the "tyranny of the majority"? The United States is a Republic, not a Democracy, and the Electoral College exists specifically for this reason. Its job is explicitly to prevent the direct election of the President, because it's too important to entrust to the largely ignorant general populace. In high school, they teach about separation of powers and checks and balances; well, this is a check against the power of the people! The electoral college system was broken when the responsibility for choosing the electors transferred from the state legislature to the people; please don't break it any further!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Actually its a lot harder to hack into. I have been to the DieBolt, the maker of Some of the Evoting machines, I know the machines. It basically works the same way NSA keeps machines offline and manually have to transfer files.
SimonTek