Joseph_Daniel_Zukige writes
"I'm still trying to figure out who is doing what here. It looks like the typical bureaucratic mess, but it looks like NIST, operating under the Help America Vote Act has set up a Technical Guidelines Development Committee to advise the 'independent bipartisan' United States Election Assistance Commission. So, the TGDC is going to hold some public hearings, and they've invited members of the public to help them out: 'One hour will be reserved at the conclusion of each day for members of the public to provide up to five minutes of testimony.'" Read more below, including how to register (today is the deadline) for the meetings, which will take place in central Maryland later this month.
Update: 09/15 18:04 GMT by
T : Irvu writes
"You can submit online comments to NIST's Technical Guidelines process. The link is here. Just click on the link marked 'Submit Comments or Position Statements.' Alternately you can e-mail your comments to vote@nist.gov."
Joseph_Daniel_Zukige continues "I can't make it. (Very long drive across a very deep ocean, or plane tickets I can't afford.) Twelve people per session is not going to allow a lot of people to testify. I'm sure Microsoft has someone going to sell a MSWxx based voting machine. I hope somebody from the EFF is going. Think it would be possible to pack this thing with enough Slashdot geeks to convince the government at least that electronic voting absolutely requires a human-readable ballot to be produced?" The meetings are taking place on the 20th through 22nd of this month; you have only until 5 p.m. today to register, though.
From the linked PDF: "The meetings will be held at the National Institute of Standards and Technology North Campus, 820 West Diamond Avenue, Room 152, Gaithersburg, MD."
Slashdot Mirror
Although I bet if it were possible, vote by TV would increase the quantity of votes, but I can imagine TV ads running through the day, with scantily clad women with 'press the red button to vote for bush, and see *her* bush!'
Seriously, getting people to vote for the right reasons.
IT is less of a concern, I would preffer people vote responsibly, than use funky technology.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
then yes, usability and human factor issues are paramount, if a colour of an alert box can sway the vote by a percent, then we need to be careful.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
The only election equipment I want to see are the sheet of paper theballot is printed on and a pen.
Canada gets it's paper ballots counted extremely fast. They need to hire some election consulatants from Canada and find out how they process paper ballots so quickly, and follow their recommendations.
- Publicly accessable source - Whatever licening terms you use, the source code must be easily available to anyone and everyone who wants to read it.
- Verifiable binaries - Election inspectors must be able to verify the binaries installed on the machine by generating an MD5 (or equivelent) hashcode and comparing it to the published source.
- Paper Trail - The voting machine must keep a human-readble printed record of every vote cast. This is the only meaningful way to do recounts. In case of a discrepancy, the paper record should act as the real ballot...the electronic vote is just a fancy method of counting.
One thing I am opposed to is a "voting receipt" that the voter gets to confirm that thier vote has been cast. While this sounds good in theory, it's too easy for powerful organization (unions, corportations, etc...) to sway elections by paying people for voting by having them turn in thier voting receipts after an election.I'm all for new techologies, but I don't trust electronic voting. I'm happy to live in a country where voting is done with a ballot made of paper and a pen to make a cross-mark.
You have a paper-record with valid or un-valid votes that are easy to count. No interpretation of punch-cards needed because the voting machine was too complicated or otherwise flawed.
I agree with your list of safeguards.
Who is proposing a "voting receipt"? That would be a terrible idea. I don't think any political party would support that.
While this sounds good in theory, it's too easy for powerful organization (unions, corportations, etc...) to sway elections by paying people for voting by having them turn in thier voting receipts after an election.
`Bring in your vote for Bush and get a free Liberty Burger!' is what I'm afraid of.
-Colin
I think that this box should accept the ballot kinda like a vending machine accepts a dollar bill. This way both the touchscreen system and the ballot box will keep a tally, if the results are different then the poll workers will 'flag' those results and note the difference for that race. If a recount is done then what's in the hopper of the ballot box would be considered offical.
The grass is only greener, if you don't take care of your own lawn.
Verifiable binaries - Election inspectors must be able to verify the binaries installed on the machine by generating an MD5 (or equivelent) hashcode and comparing it to the published source.
How can you be sure that function hasn't been tampered with? If the machine has it's own "self-check" program, if you were going to tamper with the box, wouldn't that be the first thing you'd fix? The only way to be sure is to have a computer engineer with hardware-level access manually check the thing out.
Electronic voting, while more "new fangled" is just not worth it. All of the "comprimises" -- we'll have a $4,000 box that just prints your ballot for you! That you could have done yourself with a $0.89 bic pen! -- just reveal how infeasible the whole idea always was. But, so long as the public is willing to make decisions based on the right cue word "Newer! Better! Gets tough! Thinks of the children! Now with 54% more Riboflavin!" they'll be no stopping this kind of nonsense.
the 'independent bipartisan' United States Election Assistance Commission.
Good use of scare quotes. As a member of a third party, I've learned to be wary of any "independent" organization that calls itself "bipartisan". The very name implies that they will be offering "election assistance" to plans that entrench the current R-D duopoly.
So don't look for them to advocate any sort of Instant Runoff Voting (or Condorcet Voting, for those who want to require higher mathematics to understand the results). Don't expect their suggestions to simplify the process for choosing a write-in candidate. And I'm sure the question of ballot access for anyone but R's and D's will be swept under the rug entirely.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Really folks, this isn't so hard.
All you need to do is have the voter machine print the voter's response on a cash-register-type tape roll that is visible under glass (but not accessable - so as to prevent the kind of dirty tricks that Bejing is putting on Hong Kong's pro-democracy advocates). That way you have a hard, difficult to falsify record of every voter's preference.
The software to do this is almost immaterial, but the source code needs to be accessable to anyone for review.
Yes, I think a voting recipt that the voter leaves with is a silly idea. However, I would be in favor of some kind of window that lets the voter see the paper copy as it's printed out. I mean, what if someone tampered with the code in such a way that you could vote for candidate A, it would get counted for candidate B, and the printout said you voted for candidate B?
So, not only should there be a paper trail, but the voters should be able to visually confirm that the printout was correct.
I have been swayed to think that a receipt is a bad idea, too. I've tried to imagine a system that would A) allow a voter to verify that his vote was counted correctly and B) maintained the secrecy of the voting booth, but I can't.
There is a maxim that goes, "A man with one watch knows the time; a man with two watches is unsure."
What's going to happen when the electronic count and the paper count are wildly different? Suppose the electronic tally has candidate A over B by X number of votes. What happens if the total number of paper ballots is less than the electronic count by an amount O(X)?
I agree that we want the paper ballots to be authoritative, but what if they are physically destroyed?
It's not enough just to say the voting machine has to be open source. Electronic voting introduces the uncertainty of a 2nd watch; which one is accurate? Are they both wrong?
sigs, as if you care.
The only way to be sure is to have a computer engineer with hardware-level access manually check the thing out.
And that's exactly what the election inspector would do.
Depending on exactly how the device is designed, the inspection should consist of two parts: Checking the hardware, and checking the software.
The hardware would be checked in the same manner that current voting hardware is checked. It's not all punch-cards out there, you know. There's lots of old school equipment that is used to collate the results (punch card readers, etc...) that needs to be checked. The only 'new' thing here that needs to be checked is the software, and since you can't inspect that physically, you have to use another verification system.
One option would be to have the inspector remove the hard drive/flashcard/other storage device, and hook it up to a laptop or something and verify it's contents. Another option would simply be to boot the machine, knoppix style, off a read only medium and just validate that.
I don't see any provision for it in the announcement, but does anyone know if the NIST committees will look at written submissions?
Or at any rate, maybe they could be asked to do that?
-wb-
You can send Online comments here by clicking on the "Submit Comments or Position Statements" link. Alternately you can e-mail your comments to vote@nist.gov.
I spoke to one of the committee members Allan Eustis. He stated that their mandate is to provide "Initial Recommendations of Voluntary Guidelines" this coming April. These guidelines will likely follow and overlap with the FEC2000 Guidelines and will apply to all parties in the "voting community" (States, Vendors, etc.). He stated that they would be unlikely to do a great deal before the election other than gather info as they have no budget until then.
While he was on the phone with me another individual in his office was complaining about the security challenges that they will have in dealing with some public comment (I am assuming this one). Apparently checking in guests at the gate ain't easy.
Then point out that, instead of running an Easter Egg and Taxi across your screen, if you were dealing with a E-ballot box, it could have brought up a screen allowing you to modify the vote count.
This cannot be tested for after delivery because, no matter what testing regime you come up with and execute, I can come up with an easter egg that will be missed by that regime. (This actually fits the mathematical definition of 'infinite').
Question:
Should we be willing to bet our democracy on the hope that nobody would pay to do what is provably possible? More importantly: should we place our nation, states and municipalities at the mercy of the people who would be willing to engage in such a usurpation of democracy?
Free Software: Like love, it grows best when given away.
The online registration form was not working. I had to email the contact Allen Eustis with my information to get registered. He emailed me back saying I would be set to attend. I am only planning to attend the first two days (if my work and wife will let me!) since they seem to deal more with the specific aspects of electronic voting I am concerned with.
:)
Also, Mr. Eustis did indicate that though the draft agenda said they would have an hour for public comment each day, he was going to try to allocate more time as necessary to try to allow all those who wanted to comment to do so. He also said that after comments you should expect to receive some questions from the panel members (he indicated it would be in a format similar to congressional hearings), and you would also be able to submit more responses or comments following the meeting for consideration.
Not sure if I will comment or not (or event be able to attend at this point), but I wanted to be there especially after hearing that a Maryland judge ruled that it was too close to the election to require all voting machines to have paper trails.
I am just waiting to see the final results of voting in Maryland. I predict that the Maryland vote will be divided exactly 50/50 between Kang and Kodos.
Kodos: "It's true, we are aliens. But what are you going to do about it? It's a two-party system; you have to vote for one of us."
Man1: "He's right, this is a two-party system!"
Man2: "Well, I believe I'll vote for a third-party candidate!"
Kang: "Go ahead, throw your vote away! HAHAHA"
--David
Yes, I said a character display. As in, not a GUI. It's much simpler to have a person press 1 if they want to vote for, say, David Duchovney than having people fart around with a GUI, unable to double click the "foot pedal", and besides, it tends to require more code for a GUI than for a character display.
The only problem I forsee with this kind of system is that, no matter how well you market it, people will associate "identification card" with "lack of confidential ballot" - or, in some extreme cases, the whole 666 thing. I suggested scanning an ID card in order to authenticate the user, and every state in the nation has an identification mechanism like a drivers' license. And there are other issues with that too (costs $12 just to get an ID card here in California). So there's a bug already.
Until then, go back to paper. I rather liked my punch card ballots we had up until the 2002 gubernatorial election here in California.
This sig no verb.
We'll formalize this later but in "rough draft" form, here's our recommendations:
1) Open source. Not necessarily GNU licensed, but the source code of all voting systems must be publicly available on the vendor's website plus at least one gov't website if not multiple - choices include the county elections department's websites, the Federal Election Commission, state SecState sites, etc. ALONG WITH the compiler and operating system makes and versions under which the code was compiled; that will allow us geeks to do our own compiles and generate our own hash results so that we can compare with "in the field" binaries. (I have to disagree with Dr. Dent on his point #2 in that I don't want to have to trust somebody else's hash numbers...I want to roll my own.)
2) Voter verifiable paper trails. The best such schemes are similar to the one Avante developed - your vote is printed on a paper strip "behind glass". You get to look at it, make sure it's OK and if you like it, hit "OK" on the touchscreen. A "robot snipper" clips off that piece of paper, it drops to the bottom of a sealed bucket and it's the official vote of record in case of recount. You don't use a take-up reel because then you can cross-ref the voter order with the vote order and figure out who voted for what. The voter cannot later prove who they voted for (it's not a "reciept") - that way "Guido" can't breaka you legga for voting "wrong" or pay you for voting "right". Oh, and the paper vote of record has an encrypted bar code strip to ID false "extra bits of paper", and minor mistakes in the dot-matrix print that are hard to spot but form their own second tamper-code.
3) This is the major piece that Bev Harris has contributed. Harris used to be a forensic accountant, meaning she dug into financial fraud for a living. In any accounting system, there are auditing procedures and steps at EVERY step of the way as cash is handled. Votes need to be handled the same way - there's documentation every time they change hands, there's a REAL audit trail, and similar steps that need to come from the CPA community. As one example: in a real audit trail, if data entry was done wrong and needs to come out, it isn't erased. It's MARKED (and datestamped) as "not valid" but it's still in there so you can see what happened. None of the current systems do this, with the possible exception of Avante (I'd have to take another look on that point.) Diebold, Sequoia, ES&S and Hart sure don't!
4) Mandate Read-Only-Memory storage of votes at the terminals! This is another thing Avante got right - and no, they ain't paying me or BBV.org a red cent. Their voting terminals burn the vote data to CD-ROM. Diebold, ES&S and Sequoia burn data to PCMCIA memory cards...which can be stuck in a laptop, encryption cracked and the data messed with as happened in Volusia County FL, Nov2000.
---------------
This is PRELIMINARY and should be viewed as such, but it's a pretty good guide to where our heads are at. Blackboxvoting.org (not just a website, we're a non-profit public interest educational/research foundation) will be meeting to discuss a formal proposal ASAP.
Jim March
Member of the BBV.org board of directors (Bev Harris is our Executive Director)
I'm also a co-plaintiff (with Bev Harris) in the current lawsuit against Diebold in California which State Attorney General Bill Lockyer just joined.
http://www.opinionatedbastard.com/archives/000103. html
If this was under a YRO section, and not Politics, I'd almost guarantee that there would me more than 30+ commnets by now, and a larger readership. That readership could then effectively be mobolized to comment to the board. Weren't voting machines under YRO and not Politics? Judging by the number of comments, the number of readers has probably dropped too. While YRO and Politics are intertwined, if something was under YRO it should probably be left there, as people know where to find it.
Slashdotting the politicians is not bad. Live appearnces, followed by letters and phone calls, e-mail last in effectiveness, but for some it's better than what we can do. I know I won't have the chance to be one of the 12 for a given day, and would defer to someone who speaks better than I do anyway.
I am, and always will be, an idiot. Karma: Coma (mostly effected by
However, I digress.
Electronic voting does not encourage more people to vote, they still have to get off their backsides and go to a polling station regardless of whether they are greeted by a CRT or a pencil and paper. This idea that electronic voting is better for democracy is nothing but a myth.
Drill baby drill - on Mars
But won't be complete until we can vote in our homes and have the vote instantaneously and securly posted to the election center.
But a far easier and cheaper democratic tool lies on the horizon, thanks to computer technology: taxpayer (as opposed to legislative) control of the budget. Many of us already file our tax returns electronically- it wouldn't be hard at all to add a few thousand questions to te form on how the government is allowed to spend the money.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Better yet, have it print out so that they can physically place it in the ballot box themselves.
It's good to use your head, but not as a battering ram.
How about explicitly reminding NIST that letting a convicted embezzler add a backdoor to eVoting software, that creates insecure, editable "double books" that are reported instead of the official counts, should disqualify that vendor from bidding on eVoting contracts? And should probably earn jailtime and corporate dissolution? And is actually practiced by Diebold?
--
make install -not war
don't ship with binaries installed, compile source at the precinct, it should be compiled first thing in the morning or the day before with an audience of interested citizens. Much easier to verify the source, you never know if a precompiled binary matches, it's too easy to fake a checksum or a hash.
If you must moderate, please moderate as irrelevent, not something bad, because I'm sure someone will find this interest
the machine has it's own "self-check" program
"its".
verify it's contents
"its".
So we just have to make election officials all computer engineers. Simple.
Needless to say (I thought) the costs of doing this would totally outweigh a tradional voting system. Every attempt trying to make computer voting more reasonable only ever shows how innately infeasible the whole idea is. The benefits (what benefits?) do not outweigh the costs.