Slashdot Mirror
NY Times Endorses Open-Source Election Software
jdauerbach writes "On its editorial page today, the New York Times called for election system reform, saying among other things that 'Congress should impose much more rigorous safeguards, including a requirement that all computer code be made public. It should require that all electronic machines produce a voter-verified paper trail.'"
The New York Times wasn't hacked?
While I don't disagree in the least with the spirit of the concept of making the system(s) open source, it should be noted that, contrary to popular belief, Diebold asserts that its systems have been scrutinized, including at a source code level, by independent authorities, and that there is also a paper record:
http://www.securityfocus.com/archive/1/375954
I don't know if the paper record is "voter verified", or what mechanism it uses, but there is apparently a paper record nonetheless.
Notwithstanding Diebold's CEO's extremely inappropriate campaign comments, I really do think they're trying to put out the best electronic voting systems they can, but are suffering from the same problems that any large, proprietary system suffers from when it languishes in the comfort of large government-guaranteed long-term contracts: namely, inattention to the details that need to be addressed, that sometimes get lost in not seeing the forest for the trees.
Perhaps opening the source to these critical systems and having it overseen by an independent election agency would be an idea worth considering...
How do we know that the code that is actually on the machines we're voting with is the same as the public code? Even if the public code is compiled and built, then tested to see if it's the same binary instructions as what's going on the mass-produced machines, how do we know that each, individual machine that actually ends up at the voting booth won't be rigged? Who's to say that some dishonest, partisan fuck won't change it at the last minute?
I think Badnarik's solution is the best. Get rid of the official ballots and let everyone bring their own ballot with them so that they can vote for whoever they want, not whoever the ruling government wants to let them choose from. And naysays... believe it or not, but that system is probably less prone to corruption than what we have today.
Click here or a puppy gets stomped!
The coming election is probably one of the most important ones in the last few decades, and nothing can really be done to save it from abuses any more.
And after the vote is over, the topic will probably disappear from public consciousness anyway.
When men used to be men
Congress has sole authority over copyright. Thus, Congress could simply mandate that all e-voting software be in the public domain if used by any state government for elections.
If someone says he and his monkey have nothing to hide, they almost certainly do.
You're kidding! It endorsed an opposition candidate?? Are they even allowed to do that???
Whence? Hence. Whither? Thither.
Despite the fact we have groups tearing up voter registration forms, the actual voting system is the best in the nation. It records your vote in three ways. First, electronically, second it prints who you vote for in plain english on a piece of paper viewed by the voter, and once the voter reviews this paper and accepts the choices, the votes are encoded into a 2D barcode printed after the list of votes, this barcode contains the list of votes for which offices.
The Doormat
If you're not outraged, then you're not paying attention.
...is not the same thing as Open Source. If you doubt me, Microsoft has made their code "public" with shared source. This doesn't mean that Joe Hacker will get a chance to look at it, just that someone outside the voting machine company will.
Granted, I'd prefer if it were truly open source, but I suspect that we're a bit of a ways away from GPL voting code.
Find out about the Lexus Rx400h Hybrid!
Despite the inherent liberal bias of the "New York Times", the "Times" correctly asserts that all voting machines should leave a paper trail. Without a paper trail, we would have no way to verify the validity of the votes cast for a candidate. We also would have no way to identify tampering.
The issue with paper trails has been known in the academic community for a long time. Noted computer scientists from CMU, MIT, and other vanguards of American technology had signed a petition demanding that all voting machines leave a paper trial. The ACM finally officially committed to the cause recently (according to SlashDot). Now, the liberal print media has committed to the cause.
Perhaps, someone can explain why the Department of Defense is still allowing overseas military personnel to cast their ballots by Internet on servers without any paper trail.
There should be no lock in /wrt vote processing.
The only thing I could imagine being ok to sell with respect to voting, is facilitation. But the act of vote counting MUST be transparent. As a result the US government MUST OWN the code that counts the votes. This can never be proprietary.
They can buy communication and data storage and data security products from diebold to protect the voting data and its transmission. But the vote processing portion must always be open for complete public scrutiny.
I really don't understand the infatuation with high tech voting. For something as critical as voting in a democratic election, I think the engineer's mantra KISS (keep it simple, stupid!) applies. Use paper ballots with the name and picture of the candidate in large print. Above their name, have a big checkbox, and indicate "Check here to vote for candidate". Count the number of ballots issued at each polling station, count the number of ballots that go into the box, and and count the number of ballots that come out of the box. Sure, it will take longer, but how hard is it to screw that up? It could be argued that using a simple enough ballot, anyone who fucks their ballot up is not "disenfranchised", they just fucked up, and it would rightfully be their own fault.
NO CARRIER
There are two kinds of paper trails. One is a readable ballot that must be submitted into the ballot box, and the other is a sort of receipt to let you know whom you voted for.
The first kind is acceptable, and I believe the open voting consortium has this idea correct: the machine should print out a barcode, that can then be verified by another scanning machine. This barcode must then be submitted into the ballot box.
The second kind is flawed for two reasons. First, there is no way to verify that what the computer printed is actually what's recorded on the bar code, or what has been submitted electronically. Second, and more importantly, it provides an easy way for proving whom you voted for. I could tell all of my employees to bring in their receipts, and those who vote for candidate A will receive benefits. Yes, this is illegal, but we shouldn't make it any easier.
what's a sig?
> systems have been scrutinized, including at a source code level, by independent authorities
These machines are tested in secret and because of IP law and NDAs you will never know the results. The Australians have open source voting machines. Its not that hard to pull off, that is if you CARE about elections. Seems many in power see fraud as par for the course in the US.
So, please excuse me for not trusting my one lousy vote to the CEO of some company which is more secretive with its machines than a 16 year old girl with her diary. Pardon me for taking his partisan comments ("I will deliver Ohio for Bush") as just that: an inapropriate partisan comment.
No conspiracy theories needed. If you keep things secret, someone will find a way to abuse them.
>and that there is also a paper record
Err, people want paper tickets they can verify and put in a box for recounts. Attaching a printer to a voting machine at the end of the day is hardly a "paper trail."
International election observers noted several issues with the US election process this year. One of the criticisms in their report is electronic voting without any transparency or a paper trail. One of their recommendations was also to use open source code software for the voting machines. Here's the link
Your pizza just the way you ought to have it.
One of the major problems with keeping track of voting records is that you don't want to give away too much information to the public on who voted what, while at the same time, keeping everything hidden will draw cries of foul play, tampering, et cetera. So here's an idea - one-time voter cards.
Lemme explain. They would be plastic cards, about the size of a credit card, with a random ID and password on them in print - long enough not to be memorized by passer-bys, but short enough to make it humanly possible to type later on. Also on the card is a magnetic strip - think something like a credit card. Now, when you show up at a voting center, they hand you one out of a pile - it's in a sealed envelope, so they haven't a clue as to which one they hand you. You go in the voting booth, slide your card through the machine, and vote. A paper trail is produced with your barcode and adjacent votes - but not anything that could be used to ID you later on - and you slide your card again. It registers your votes on the card, and you leave.
Now, the votes are tallied, and the results are given. However, the election isn't over yet. An open database is publically produced, with barcode/vote combinations, and the voters then mail their cards to be tallied and compared to the database. If the paper trail doesn't match up with the card count, something has gone wrong, and all votes without cards, cards without votes, are cast out.
I know this still has some flaws, but I'm curious as to what the Slashdot community thinks. One thing I was worried about is that in checking on your barcode, you may become ID'd in that manner - although compared to other methods, I think the chance of something like that, for example, through an encrypted channel online, is a lot less likely. Comments?
NIST did a great job with the AES competition (to develop and standardize a new block cipher to replace the aging DES) - why don't they have a competition to standardize a electronic voting machine platform? There's no reason this shouldn't be done on a national basis.
I think that if we as a community put enough pressure on NIST, they'll do it. And since NIST is a non-partisan body, there's no good reason for congress to not support a design that is sponsored by NIST.
Such a process would promote both openness of participation and review of designs. The winning design could then be standardized and vendors could simply implement them to spec.
What people mean by "verified voting" is:
a) the voting machine produces a 'voucher'
listing the canidates whom the voter selected
b) the voter can, in the privacy of the voting
booth, review this voucher for accuracy
c) the voucher is placed into a ballot box
for the vote to be counted, the voucher
itself _is_ the legally binding vote
You are absolutely correct to rail against a receipt which the voter takes home with them. I've personally witnessed Diabold people purposefully mis-represnet verified voting as providing a take-home receipt. Worse, I've had people I've talked to randomly on the air plane talk about it as if it is a good idea!
While I certainly understand your concerns I would disagree with your assertion that the government MUST OWN the code. The government has the highest vested interest in controlling the results of voting, even more so than the simple and predictable profit motive of Diebold. I do not trust "the government" to be a good custodian of the source code contolling voting. I trust the people of the United States and noone else. Open Source comes the closest to granting all rights to "the people" and is thus the best method of ensuring a valid vote.
All of our rights as Americans flow from the ability to control who leads us. The importance of a clean vote that everyone believes in cannot be overstated. This is far too important to be entrusted to Diebold or the government- don't trust either.
The most important aspect of a voting system is that how one voted remains anonymous. If it is possible for an employer, spouse, parent, or anyone else to have someone 'prove' that they voted red or blue, then organized coersion is likely.
Another important aspect is that the person's vote should not be "sellable". If this mechanism admits the possibility of a card to be sold, then it is a non-starter.
There will be lots of allegations of election fraud and election screwups for the upcoming vote. The closer the races, the louder and more widespread the allegations will be.
However, we won't be hearing "The voting system is confusing and insecure. We need to change it!". We'll be hearing the Democrats say "The Republicans screwed with the results and stole the election!". The Repubicans will be making the same allegations about the Democrats. And both sides will be so busy pointing fingers and slinging mud, the process itself will be completely ignored and will remain as broken as ever.
I am NOT a man!
I am a free number!
Wish we had that here in Venezuela las august.
The voting machines here for the presidential referendum produced a paper trail.Suddenly when there was a doubt of the transparenncy of the whole process (because the voting machines were black boxes, noone knew what the code on them did) the government refused to count the papers from each machine.
Instead, they performed an "audit" where a member of the national electoral council on TV announced that a certain number of boxes would be chosen at random...by another computer running who knows what code on it and after the program was done "generating" the number of the boxes to be audited he proceeded to open a Word document with the numbers on it.
Of course, when the audit was done nothing was found amiss.
Transparent indeed...
Diebold's "paper trail" is an end-of-day record on a long thin "cash register strip" showing how many votes each machine took in for each candidate and issue.
:).
...and:
Problem 1: it's glitchier than a Microsoft Windows early beta. I've talked to Alameda and San Diego County pollworkers who tried to collect these at the end of the day, only to find that in some cases nothing printed and in others the printout didn't agree with the on-screen end-of-day tallies! And that was different machines in a single polling location.
Problem 2: this printout isn't done as the votes happen, but rather as a single end-of-day "run" under polling place supervisor control. If the machine crashes at any time during the day (which happens often enough), that'll cause the tallies between the memory card "electronic ballot box" (PCMCIA) and printout to vary.
Problem 3: this printout isn't open to public scrutiny. I've seen Public Records Act/FOIA type queries for copies fought by county elections officials across the nation, probably because photocopying a 12ft strip of 3" paper is a bitch
As to code scrutiny by independent labs:
The Federal Election Commission approves testing labs for reviewing voting machine code and products. They're the only ones allowed to see the source code on this stuff. The two biggest are Wyle Lab's elections operation in Huntsville, AL and "Ciber Inc" (formerly Metamore) also in Huntsville.
First, all of the voting machines in current use are certified by these labs to standards written by the FEC in 1990. You heard that right. There's also a 2000 standard by the FEC but since all of our electronic voting machines were built prior to 2000, they can be re-certified under the 1990 standards "forever", until the vendors announce significant enough upgrades/revamps to trigger the Y2000 review process. Which NONE have seen fit to do so far.
It gets worse.
We have 13,000 leaked Diebold memos floating around that document, among other things, Diebold lying to the testing labs. In one case, huge amounts of customized code used in WinCE was declared to be "Commercial Off The Shelf" ("COTS") and not subject to source code review.
The exact phrasing of these internal memos and a security analysis of their implications can be found at:
http://www.equalccw.com/sscomment.html
http://www.equalccw.com/sscomments2.html
Ain't puked quite yet?
Diebold Corp. in Ohio bought Global Election Systems in 2002 (Canadian company) and renamed it Diebold Election Systems. Global's first voting products were written on Unix boxes, where they wrote their own "Accubasic" compiler for some core vote-tally processes. When porting to Windows, they went to great lengths to get Accubasic working on the new platform. OK, query me this: if I'm writing the compiler and I'm publishing source code for scrutiny that's run through that compiler, how in the hell is the source code reviewer supposed to know what's REALLY going on!?
Ahh, but this presumes "bad intent" on Global's part, which normally isn't something you presume. Except that Global was founded in 1988 by three guys name of Norton Cooper, Charles Hong Lee and Michael K. Graye, all three of whom have prior felony convictions in the US and/or Canada for stock fraud, investment scams and the like. By 2000, Global hired a guy name of Jeffrey Dean as lead programmer on the central vote-tally product (GEMS, "Global Election Management Software", still part of the Diebold product line). Dean was a charming chap - convicted of 23 counts of computer-aided embezzlement from a Seattle law firm in what a court called a "sophisticated computer-aided accounting fraud". He was literally recruited while still in prison by another Global employee also doing time. See also this document for more details on these clowns:
Feel free to send me an email if you ever want to say something on this topic that I could use while talking to a Free Software fanatic that believes having the source code is enough to guarantee democracy or to publish on our web site.
After a talk with Richard Stallman about the use of Free Software for Electronic Election, I emailed him. RMS sent me the following:
Free software is not enough to ensure that elections are carried out properly.
The software used in and for government should always be free software; the government should always have the freedom to run it, study its source code, change it to suit government needs, and distribute copies to others either unchanged or modified. That way, software owners will not have power over the government's computers. But that is not enough to ensure that computerized elections are fair and honest.
It is easy for a programmer to change a program so that it tells the user "You voted for Mr Smith" but actually record a vote for Mr Brown. Unfortunately, free software does not prevent this. There is no known way to prevent this.
With free voting software, a government election committee can study the source code. If the program has been published, anyone can study the source code. But there is no way to be sure that the program actually running when you cast your vote is the same program that you and the election committee studied. Someone could have installed a fiddled version an hour before the election and replaced it with the authorized version an hour after it ended.
To assure honest elections, we need physical ballots that can be used for a recount.
Don't let the computer/expert control the election. Information for Belgium in french: http://www.poureva.be/
Look at the 2000 election. Look at current presidential polls. The country is pretty much evenly split.
Those of us on the right have been feeling the Republican party jump left for quite some time now.
The Republicans are traditionally the US's conservative party, in favor of (generally) keeping things as they are. The Democrats are traditionally the US's progressive party, trying to change things. The conservatives hold back the progressives so they don't adopt too many short sighted ideas while the progressives keep society adapting to new problems. So Democratic ideas get slowly adopted by the culture and the Democrats of 40 years ago are Republicans today.
This post written under Gentoo-linux with an SCO IP license.
....your quote:
"I am not trying to imply that Diebold was purposely obfuscating their code for any reason..."
I WILL
I will state the diebolds actions to date, and what we have found out, are way more than enough evidence for a serious grand jury investigation that they have tried to obfuscate the code and that it is for some particular reasons, ie, the profits to be gained by controlling the US elections. Let's talk untold trillions of dollars and the most powerful nation on the planet, and what control of the political process is really worth as an incentive for criminality. No other possible criminal "prize" comes close to these potential profits of power and money. these folks should have long ago been investigated VERY seriously, not pseduo play acting investigastions, but serious and highly detailed investigations into attempted electioneering fraud, and RICO violations at a minimum, and if implemented honestly, would probably result in the indictments of a lot of diebold officials and some high level politicians and businessmen.
They are, IMO, attempting to hijack the national vote for massivepolitical and economic gain. They are far worse than Microsoft or SCO in this regard.
And it looks like they will be successful at it, because, frankly, the US people have hit a cognitive dissonance point of disbelief and little action with the sheer overlapping and overwhelming levels of corruption and malfeasance coming from the collusion of government and very large business in this nation. The people have reached a saturation point, gone beyond a pain threshold, been terrorized into sub servience and obedience. Not everyone but such a high percentage of the general population and an even higher percentage inside the governmental and justic system apparatus have been swamped into disbelief and inaction that nothing of any worthwhile results will come of this other than we will have a full bore dictatorship shortly.
It is 2/3rds the way there now, once they finalise their ability to completely manipulate the news, the casting of ballots, the count, the results of the count, and can also control any opposition from any scale by disappearing them or arresting them on bogus charges, then they will have completely won, and it sure looks like they are about exactly at that point in time now.
That is my opinion, based not only on just diebolds actions and realities, but on the state of the nation as a whole, the gestalt now. We have been kicked from so many angles simultaneously and continuously that there's no adequate defense other than curling up into a ball, metamorphically speaking. Yelling STOP THAT isn't working and hasn't worked. "Sueing" the perpetrators WON'T work as they control the justice system almost entirely. Relying on the "enforcers" to notice reality and act accordingly is beyond ludicrous, they just follow orders. Hoping that millions of drones in the bureaucracy will one day act in the interests of the nation rather than their checks is a lost cause, forget about it.
And I'm not being cyncical, I am trying to be as realistic and down to earth as possible.
There is no fix available following traditional business as usual methods. None. It has gone too far for that.
As a result the US government MUST OWN the code that counts the votes. This can never be proprietary.
The US government isn't allowed to own copyrights to anything -- anything they develop directly or that's done as a work-for-hire for them is automatically public domain. (For this reason, there's a lot of code that's written by government contractors and remains under their ownership, even though the reason behind its production was government use).
Effectively, then, any government-developed voting system code would be public domain -- which would be, IMHO, entirely ideal.
And the easiest way I can think of doing that is with a nice, old fashined punch card.
The voter chooses at the computer, the computer records the vote electronically, punches the card, and prints the names of the candidate chosen on it.
That way, the voter looks at the card, checks whether the person they've selected is printed on it and then drops it in the box.
Each machine can be verified by matching:
#1. The electronic count to
#2. The punch cards to
#3. A hand count
It's quick and easy to tally punch cards if that's request and if a hand vote is necessary, it's just as easy (but not as quick).
That way, any problems can quickly be tracked to the machine(s).
Let's say there are going to be ballots provided by the election officials (I just noticed someone talking about Badnarik*'s idea of every voter bringing his own ballot, never thought of that angle before). I'd rather have a slightly more involved, even if more expensive, elections process that invited two or more companies to supply the machines used *at every polling place.* In the fashion of the time-stamp cards in some workplaces -- like the Hallmark store I worked in during high school -- such a device could tell you with a satisfying "WHOMP!" that Yes, this vote has been registered on one side or the other, and visibly increment the "total votes" column by one. Then let the second machine WHOMP the same ballot, and finally put the ballot into locked box for later recount purposes if the two machines disagree.
The kicker: pay only expenses up-front, with a bonus going only to the most accurate machine. There will be votes that are lost / spindled / folded / mutilated; sorry. Mistakes and bugs may be inevitable, but that doesn't mean that "just any system" is good enough.
timothy
* My candidate of choice
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5