Avi Rubin and More on Electronic Voting

jgo writes "Johns Hopkins Computer Science professor Avi Rubin, posted his experience as an election judge on his website. It's an interesting read and exposes some potential security problems with electronic voting. At one point he held in his hand the five memory cards containing all of his precinct's votes." Rubin had posted his experience in the primary election earlier.

There problem is more than the machines

[nerd256]

"At one point he held in his hand the five memory cards containing all of his precinct's votes"

whats keeping him from replacing one/all of them with doctored records. He complains that the voting machines could be tampered with, but there needs to be more safeguards than just the code.

How hard is it to add a little printer? it would be much more conspicuous replacing a four-foot stack of receipts with ones from the back of your van.

Re:There problem is more than the machines

[bheading]

I keep hearing this argument that electronic voting machines should have a paper trail. Apart from the fact that it is meaningless (any programmer knows that the printout doesn't have to match the vote that was recorded internally) there is a more fundamental problem.

By adding a printer, you're conceding that the electronic voting machine may not innately be able to provide complete confidence in the result.

By conceding that the electronic voting machine's results cannot be trusted, you're saying that you have no basis upon which to reject a request for a recount of the paper receipts. In other words, you're back to hand-counting paper votes each time.

The belief that electronic voting (or indeed automated vote counting of any kind) can work or deliver any kind of benefit is a serious mistake. A huge amount of cash need to be spent to test it, get it working and provide some degree of confidence that the result isn't wrong, and even then you can never be 100% sure. What's wrong with a pencil, a piece of paper, and a count process to which the candidates (and their lawyers) can be invited to ?

Re:There problem is more than the machines

Or you're just designing a system with a layer of redundancy.

Do you say the same thigns about the redundant systems on an aircraft, a nuclear power plant, cruise missiles, nukes? No? Ok then.

In the case of something improtant, no matter how well you've designed the system, you always have layers of redundancy. In this case, it's leaving a paper trail.

Re:There problem is more than the machines

[nerd256]

I take it you don't like to run test cases on your code.

(1) the paper trail advocates argue mostly for the post-electoral controversy. The voter will confirm that his/her paper ballot matches the intended vote before it falls into the receipt bin. Thus, afterwards, if a hacker/act of god changes the electronic vote, one can verify them with the paper ones. It is much harder to inconspicuously change the paper printout.

(2) The votes would only be checked on seeing a noticable anomaly or severe difference of votes than one would expect.

(3) "you have no basis upon which to reject a request for a recount of the paper receipts." True, however, not if a politician knew this was futile, he would not sacrifice the time and sanity of people by asking for a recount. Case in point: Kerry steps down to Bush though he could have easily pressed legal action.

Electronic voting is not perfect, but with the right safeguards it can become a practical alternative to the time-consuming sole-paper methods.

Re:There problem is more than the machines

[bheading]

We're not designing a plane or a nuclear power plant. We're trying to come up with a reliable method to count votes. Your argument simply doesn't apply; redundancy is simply completely unnecessary.

If everyone insists on having a manual recount afterwards, given that the existence of the paper trail confirms that the electronic vote cannot be inherently relied upon in all reasonable circumstances, why bother with the electronic count to begin with ? What purpose is the electronic count serving ?

Re:There problem is more than the machines

[jbr439]

In Canada we take a piece of paper, mark an X on it, go home, and wait for a bunch of people to count the results. It doesn't get much simpler than that.

Canada does any number of things wrong, but I've got to say, the US fixation on a high-tech solution to a low-tech problem is mind-boggling. There must be lawyers involved somehow.

Re:There problem is more than the machines

Personally I don't think that electronic voiting is reliable enough. No matter how hardened the system is there will be potential for tampering. Voting is one of the more important things American citizens do. I think we should keep the paper ballots. If we mangaed the polling places a little better and design the paper ballots a little better there should be any problems.

And as far as hooking up a printer, it is just a layered bit of redundacy. And again, voting is important enough to have redundacy.

Re:There problem is more than the machines

[bheading]

Thus, afterwards, if a hacker/act of god changes the electronic vote, one can verify them with the paper ones.

Respectfully, what I'm trying to say doesn't seem to be getting through, but I can't see how I can make it clearer. Think out of the box. This is not about test cases or paper trails.

Given an electronically recorded vote, how can anyone say that a hacker or act of god changed the vote ? Presumably what you have in mind is a panel (we'll assume for the sake of argument that it is independent and bias-free). What criteria does that panel look at to decide whether the paper ballots should be checked or not ?

The electronic vote machine spits out a number at the end of the vote declaring the results. On what basis do you look at those results and say "hmm, we need a recount" or "I'm happy with that, we don't need a recount" ?

The loser says "I'm not happy with that result, let's recount based on the paper trail". On what basis can this argument be reasonably rejected ?

Re:There problem is more than the machines

Well, last election, we saw that there does need to be a layer of redundancy built in with paper ballots also. Florida proved that when paper fails, it fails hard. If they had some redundant system that would let the voter know that the ballot was filled out properly, then we wouldn't have had the fiasco.

So, the 2000 election proved that even in the case of a paper ballot, we need some redundancy that makes sure the voter's intent is heard.

With electronic voting machines, the layer of redundancy is a paper trail. With a manually filled out paper trail, it's something that verifies that the voter filled it out correctly (OCR, scantron, something like that).

We may not be designing a plane, but it is much more imperative that this work properly, especially in situations where a could of doubt has been cast on the whole process.

Re:There problem is more than the machines

[cookd]

The same way we decide about a recount in any other situation. Whether electronic voting machines are involved has nothing to do with it. If (we need a recount) { do a recount; } The type of vote tabulation system doesn't enter into the equation, unless the system doesn't allow for recounts, which is a Bad Thing(TM).

There are laws about how to determine the value of (we need a recount). Generally, if one of those laws applies, a party can sue for a recount, and if the judge agrees that the law applies, a recount is ordered.

Current methods of determining (we need a recount) include:

-- Was the vote sufficiently close that the margin of error in the vote tabulation system might have been enough to swing the vote? (Most systems have a reasonably well known margin of error. A few tenths of a percent of bubbles don't get read correctly by the bubble-sheet scanners, a few percent of holes don't get read correctly on punch cards, etc.)

-- Were the results of the vote significantly different from exit polls or opinion polls?

-- Was there evidence of fraud?

Re:There problem is more than the machines

[j1m+5n0w]

redundancy is simply completely unnecessary.

Redundancy is necessary to prove that the votes were not tampered with. Let's say we had a voting proceedure something like this:

Each voter fills out a ballot and places it in a box. At the end of the day, an election official takes the box into a locked room, counts all the votes, then puts all the ballots in a shredder, then burns the results. That person comes out of the room and reports the results, which everyone is expected to accept as perfectly trustworthy.

This is what electronic voting is like, if there isn't a paper trail.

If everyone insists on having a manual recount afterwards...

And why shouldn't we do a count of the paper ballots in all cases? It's not that much work, given that someone already has to manually verify the identity of the voters and look them up on a list as they come in.

...given that the existence of the paper trail confirms that the electronic vote cannot be inherently relied upon in all reasonable circumstances...

The untrustworthiness of the electronic vote should be apparent with or without a paper trail. The paper trail lends credibility to the electronic vote (or at least it does if they match).

...why bother with the electronic count to begin with? What purpose is the electronic count serving?

Electronic interfaces can be friendlier and mor e accomodating to people with disabilities, and they allow a rapid (and accurate to the extent that it hasn't been tampered with) count.

-jim

Re:There problem is more than the machines

I keep hearing this argument that electronic voting machines should have a paper trail. Apart from the fact that it is meaningless (any programmer knows that the printout doesn't have to match the vote that was recorded internally)

That's what audits and recounts are for. Match the printed vote with the electronic one. If the printed vote shows someone voted for "A" on machine 3 at 12:34:56pm, but the electronic vote shows that someone voted for "B" on machine 3 at 12:34:56pm, then you have a problem.

there is a more fundamental problem.

By adding a printer, you're conceding that the electronic voting machine may not innately be able to provide complete confidence in the result.

Not at all. Or does the existance of an 'emergency brake' "concede" that the brakes in a car are faulty? If it did, no manufacturer would install such emergency brakes, because their cars would be seen as faulty.

Besides,it's not the electronic part alone that should be judged a reliable or not, but rather, tht whole system, which is made up of the electronic part, AND the paper receipt part.

By conceding that the electronic voting machine's results cannot be trusted, you're saying that you have no basis upon which to reject a request for a recount of the paper receipts. In other words, you're back to hand-counting paper votes each time.

Assuming this happened, how many times would it take (of the paper votes matchign the electronic ones) to convince people that electronic voting is reliable? What if they did ONE election by both ways, and compared the results, and they were dead-on, in every state? Would you not trust electronic voting then?

Re:There problem is more than the machines

[plastik55]

You can duct tape a Timex onto an atomic clock but that doesn't make it a redundant system.

It's simply false that redundancy is an indicator of reliability. Did you know that the rate of deaths in twin-engine aircraft is an order of magnitude greater than the rate of deaths in single engine craft?

In the cases of aircraft, powerplants, and weapons, the designers of the system have carefully considered the failure modes of their system, and ensured that if there are redundant systems, that they are effective.

I work in the medical devices industry--before we can bring a device to market, we must convince FDA that the design followed an accountable process and that the potential risks to patients from failure of the device are suitably small. The procedures for documenting the process and performing the risk analysis are fairly well established and work well. Similar sorts of standards are enforced by the FAA, DOE, and the military for the systems they deal with.

The lack of such a standard for elections, and the complicit lack of a risk-management mentality, is glaring. But each of the aforementioned agencies seeems to have arrived at its procedures seperately and independently, after a spotty history of accidents, so it's not a big surprise that we'd have to re-invent the wheel yet again for elections. Multiply that by the fact that each municipality determines the standards for its own elections and there's a lot of re-learning to be done.

Presumably the intent of a paper trail is to reduce the probability that votes are lost or falsified.

So do the risk analysis: How likely is it that the electronic system will have its results lost or falsified? Now, what measures are in place for detecting a failure?

How likely is it that IF the electronic system fails, then the failure will be detected? How likely will it be that a failure is indicated when no failure has actually taken place?

Now how likely is it that if the failure is correctly detected, that the paper trail will provide useful results?

Get in the habit of asking these questions and you soon realize, the mode in which the vote is implemented doesn't matter, it's the process. Two systems can be wed to provide a more reliable whole, but more often when you tie two systems together you just have a larger system that exhibits all the failure modes of its components, PLUS all the failure modes of their composition.

At work I'm constantly shooting down hare-brained redundant systems. Typically we are considering some safety issue and a check that has been put into place to try to address it. Only problem is the mitigator is only effective in a very idealized case (oh teh noes!!! haxx0rs in teh yu0r voting boxxen!!!!1!!one), while a more typical falure takes out the mitigator as well. Considering the inherent unreliability of additional complexity, these schemes are less than worthless, and should be replaced with a proper design for the original system.

I find it absolutely hilarious that the huge push towards electronic voting was motivated by the perceived unreliability of paper-based voting systems in the 2000 elections, yet the techno pundits are insistent on wedding them to paper records like some kind of magic talisman.

Doubts

[base_chakra]

From Professor Rubin's account: "If we continue to use the kind of insecure DREs that were used in this election, it is only a matter of time before somebody exploits them. And the worst part is that we may never know it." [emphasis added]

It seems that no one really wants to come forward and raise this as a serious concern for this election, despite the fact that it's entirely plausible. Unfortunately, it seems highly unlikely that anyone who dares cast doubt on this election will be regarded as objective.

Re:Doubts

[bheading]

It is probably for the best to try to forget about it, and make sure that these stuff is fixed for the next election

Huh ? This debacle happened in Florida 2000 and basically nothing was done. I can't believe Americans would argue that they can blindly trust the government to make sure that the means by which it acquires power is fair and balanced.

Re:Doubts

[drew]

Considering they filed the requests well before the actual result of the election was known (they may have had a good idea of the popular vote percantage, but the electoral vote was still definitely up in the air), I would say, yse they would have. In fact, I suspect thaat they were going to file the requests no matter what the outcome of the elections was.

Electronic Voting == Trouble

[DigitalRaptor]

With stuff like this already being detected, and such weaknesses in the system (one man being able to "lose" or otherwise destroy or alter all votes in an entire precinct), non-open source electronic voting is a dangerous situation.

We're on the verge (or way past it) of the average citizen losing all power and control within their country, and electronic voting is just another step.

The only hope is for citizens and groups to adamantly insist on open source, safety procedures, regular audits, and paper trails. Unfortunatley, I see few if any of those things happening anytime soon.

Distribute the load -- count manually

[tinrobot]

When all of the votes are on one machine, one person can contol the votes. We need checks and balances.

With a manual system, it takes hundreds of people to count the vote. Sure, it takes more time, buit I can wait. Sure there may be a few people with nefarious intentions, but those few people might be able to throw a precinct, not a whole state (or country!) Usually when hand counting, two or three people count anyways, so there's even more checks and balances built into the system. Our country is built on checks an balances. We need that in the voting system as well.

I truly belive voting problems are the number one issue facing our country. If can't trust the vote, then we don't have a democracy. If one election can be stolen, the next one will be stolen as well. Very slippery slope.

We can't summon the will and the money...

[nusratt]

...for standardized, reliable, secure, auditable national voting procedures & infrastructure --

but we have plenty to use for Pentagon studies on psychic teleportation.

Re:A Suggestion

[macdaddy357]

None of these high-tech whizbangs is trustworthy, and all of them are too expensive. Marking paper ballots with No. 2 pencils is a simple and effective solution. If the scanning whizbangs screw up human eyes won't.

Re:A Suggestion

This still brings up the issue of coercion to "vote the right way". If someone else can confirm how you voted, they can punish/reward you. Admittedly, such a situation would require you to hand over the GUID but if someone is threatening you to vote for a particular candidate they can threaten you to get the GUID.

In current systems, there is no way for a voter to present evidence of how he or she voted - thereby protecting them from such tactics as above.

Re:A Suggestion

Good, but then your boss could require your GUID to ensure you voted the right way.

A better option is to give everyone lots of GUID's. This way, you know your real one, but when someone's looking over your shoulder, you can use an alternate one that shows what your boss wants, but not what you did.

Undetectable tampering

[FiReaNGeL]

The scary part isn`t the stuff that you can trace back (i.e he exchange some of the memory cards for some containing results in favor of Candidate A or B), but stuff you can`t nor detect, nor trace back.

Remember, NO LOGS of the voting process are kept on these machines. Think of "Irregularities" in the code that add a vote for Candidate A when a certain vote pattern is met. Or as Mr Rubins said, physical tampering allowing you to "one could change a few bytes in the ballot definition file and votes for the two major Presidential candidates would be swapped. In that case, none of the procedures we had in place could detect that votes were tallied for the wrong candidates."

Great. Maybe this time no one abused the system. But think long-term; in 50 years, when e-voting will be predominant and everyone will be confident in it...

Re:VIVA....

[bitwiseNomad]

not just 60% like down here

Wow. Only 60%? How lucky!

It's like socialism without all the benefits of socialism.

If you think America is a democracy ...

[2TecTom]

then you are simply naive, imho. It seems clear to me that no matter who you vote for, the powerful remain in control and the powerless carry the costs.

Re:What the hell ever happened to honesty?

[Why2K]

But, we should get receipts showing how we voted for our own records.

No, we shouldn't. This would cause more problems that it would solve. Being able to prove to someone who you voted for would make it possible for them to buy your vote. Right now, you could take their money and then still vote for someone else, since no one will know who you vote for. This makes it much more difficult to conduct this kind of fraud.

I hate to say it, but this is one problem

[PotatoHead]

that Open Source is not going to be able to address.

The reality is that electronic records of the vote require the humans trust the machine. Open Source or closed, the binaries on the machine can not be directly examined, rendering the nature of the code used a moot point.

Voting by machine is voting by proxy. We must trust the proxy and cannot observe its operation. Subtle manupulations of the vote will go unnoticed, unless we keep paper records and perform mandatory audits.

This means the only electronic solution is one that records the vote on a ballot that both humans and machines can read. Those ballots can be machine counted and audited as we have always done.

What's the point really? Why not just use paper ballots and make them easy to use and read by both machines and humans and spend the money reforming the process to make it fast, taking humans into account.

Remember, there are plenty of old folks willing to do their civic duty. We can get fast and trustworthy results with a far smaller investment than we have made on electronic solutions to date.

This is not a hard conclusion to come to. The fact that it is ignored means those in power WANT IT TO BE THAT WAY.

It's wrong and we need to demand change continiously until we get it; otherwise, we lose our democracy.

No more machines

[tinrobot]

I'm as much of a geek as anyone here, but there are some problems that cannot be solved by technology. I don't care if the voting machine is open source, voter verified, paper backup... whatever, when the votes are counted on a machine, there is more chance for abuse. Single point of failure,

I am a voting Luddite. Vote on paper, count on paper. Distribute the load.

Ever hear of Quality Control?

[evilquaker]

I keep hearing this argument that electronic voting machines should have a paper trail. Apart from the fact that it is meaningless (any programmer knows that the printout doesn't have to match the vote that was recorded internally) there is a more fundamental problem.

The idea is that the voter can verify that the printout matches their wishes. The printout is the master copy, not the internal count. The latter is just more convenient -- for the voter and for the tallier.

By adding a printer, you're conceding that the electronic voting machine may not innately be able to provide complete confidence in the result.

No piece of non-trivial software can ever be considered bug free, and therefore, no software ever deserves complete confidence. For that matter, hand-counting shouldn't have your complete confidence either. People make mistakes; shit happens. That's the whole reason for QC.

By conceding that the electronic voting machine's results cannot be trusted, you're saying that you have no basis upon which to reject a request for a recount of the paper receipts. In other words, you're back to hand-counting paper votes each time.

You should have no basis upon which to reject a recount. The paper ballots are the masters. If there is a serious challenge, then they should be recounted. But in any case: you should verify a selected sample of the machines' votes in every polling station to make sure that they are giving reasonable numbers. This is just the application of industry-standard quality control procedures to voting machines. It boggles my mind that electronic voting was ever considered without them.

Re:Ever hear of Quality Control?

[bheading]

No piece of non-trivial software can ever be considered bug free, and therefore, no software ever deserves complete confidence.

100% correct, and that is why I am arguing that software (or any kind of machine) should not be used to count votes.

For that matter, hand-counting shouldn't have your complete confidence either. People make mistakes; shit happens. That's the whole reason for QC.

Hand counting is not infallible, but at least a layman can go and watch the people doing the counting. How do you determine whether your voting machine is working or not ? You have to employ an engineer ($$$), and then you have to trust that he's not lying to you or incompetent when he tells you it's working just fine. Why bother ?

You should have no basis upon which to reject a recount. The paper ballots are the masters. If there is a serious challenge, then they should be recounted.

Define "serious challenge". I double-dare you.

But in any case: you should verify a selected sample of the machines' votes in every polling station to make sure that they are giving reasonable numbers.

Who gets to decide which sample gets tested, and how can we be sure that they don't tip off any would-be vote riggers ? And what if your sample finds problems. What do you do then ? Stop the election ?

This is just the application of industry-standard quality control procedures to voting machines. It boggles my mind that electronic voting was ever considered without them.

I don't want industry standard QC procedures applied to my voting. I don't want any automatic machines used to count my votes at all. I want a transparent, public count process easily understood by the layman with as near as possible to zero potential for any candidate or interest to interfere with the vote. No automated vote counting system can provide this.

Re:Ever hear of Quality Control?

[symbolic]

boggles my mind that electronic voting was ever considered without them.

And is still being considered. That's what happens when you get self-serving politicians making very unfortunate decisions. After all that's been said about Diebold, security, the dangers of having proprietary software govern the voting process, and the lack of quality control, I can't believe that ANY government in the US is still buying. But they are.

Actually that would be an interesting OS project - voting software.

Re:Ever hear of Quality Control?

[TheFlyingGoat]

Keep the polls open for a few days? That does nothing to help the problem. You realize that in many areas of the country they're struggling to get the required election inspectors at each polling station? You realize that these people already give 12 hours of their day, and that many of them are senior citizens? You can't ask them to work three 12 hour days in a row, and you can't find the workforce to fill in where needed.

The nation as a whole already acknowledges every citizen's right to vote, hence the creation of absentee ballots, ballots for prisoners who don't have a felony conviction, and ballots for homeless citizens.

The solution to the problem is to have an electronic voting machine that produces a voter-verified paper slip that is placed in a locked box in case of a recount. Slot machine inspectors in Las Vegas have recommended them for Nevada, which is sufficient recommendation for me.

Another solution to many voting problems is the creation of a national identification card, and require that it be shown when voting, but most people on Slashdot will complain about potential privacy issues. Did you know that you don't need to show photo ID to vote? You could easily vote multiple times, just as a Marquette student did in the 2000 election. He wouldn't have gotten caught if he didn't brag about it.

Re:My Idea for non-electronic voting

[tinrobot]

Paper Ballot

Ink pen

Ballot Box.

Cheap, reliable, fair, honest.

Joseph Stalin once said

[melted]

It doesn't matter how you vote, it only matters who counts the votes.

The man knew what he was saying. While US election system is more robust to fraud than, say, popular votes in other countries (fraud can only occur on state level) with electronic voting this may change. One CIA agent will be enough to affect the vote of the entire states. Heck, CIA agents may not even be necessary, because there just may be a secret fragment of code in software which will basically go:

if(democratWins())
{
throttleDemocratVotes();
}

Look at countries which merely have electronic vote counting systems (even though the ballots are actually paper), like Russia. Whoever controls the system wins, always, repeatably, with predetermined percentages.

In the US correspondingly whoever controls the companies that make voting machines will win. Right now these companies are controlled by Republicans. Democrats, take note.

Re:Gotta Love That Electronic Voting!

Sure, because the results were way off. Now, a difference of, say, 1.5% in a few large counties, in a swing state ....

These aren't the votes you are looking for

[Ranger]

It's ironic that some are paranoid that their purchases are tracked electronically, but that others are also paranoid that their votes cannot be tracked electronically.

Move along. These aren't the votes you are looking for.

Re:It seems to me...

[ratsnapple+tea]

I don't see what this proves. How would this be any different from taking a flamethrower to a paper ballot box?

It could just print out a ballot

[chip33550336]

It seems like the major benefit of the electronic voting machines is that they provide a good user interface. Much better than your standard ballot. I think you could just have an interface that prints out a ballot. Then the voter could validate the ballot if they wanted to. Then have another machine do the counting.

Re:How redundancy can contribute

[bheading]

I don't see what the contribution is. If the requirement is to have X counts to achieve a confident result, you can just get X sets of people to count it. No need to bother with the computer.

In the UK and Canada where hand counts are the norm, debates like the one we're having about the accuracy of the count itself never arise, because none of the candidates or the electorate including the losers see the need to challenge the vote. That situation would change quite rapidly if automated vote counting was brought in.

There are rules for recounts

[ProfDumb]

You are arguing that the existance of a paper record would result in all elections being recounted. This is false. The point of an electronic system with paper ballots is to provide very quick results in most cases while still allowing for recounts and audits in special cases. At least one state requires electronic machines with paper ballots, and it works well, so your concern is misplaced. There are rules for recounts and audits, they don't just happen.

But without paper ballots, a significant fraction of the population will lose confidence in election results. (Go over to the dailykos blog if you don't believe me.)

With paper ballots, false concerns about elections can be rejected as false and this increases confidence in our democracy. What is do bad about that?

Re:There are rules for recounts

[mpe]

You are arguing that the existance of a paper record would result in all elections being recounted. This is false. The point of an electronic system with paper ballots is to provide very quick results in most cases while still allowing for recounts and audits in special cases.

Paper based ballot systems are actually quite quick to count. Certainly quick enough for governments where the results of the election take effect within hours of the polls closing. It is also perfectly possible to operate paper ballot systems in ways which make fraud very hard. (To the point where any kind of "vote rigging" would require hundreds of people to conspire in ways against their own interests).
Why should speed be considered more important than accuracy. Especially somewhere like the US where there is actually several months to count the votes.

It's not fair to the election workers.

Assuming people are so reliably trustworthy that you project: What happens when somebody accuses an honest election worker of fraud? How will that worker defend himself against such allegations?

For all parties involved, it is better to explicitly deny the possibility of undetectable fraud.

Re:Black Box Voting

[aronc]

Please read the article you cite. You did not read the article, or you do not understand English. The article said that one machine had obviously malfunctioned in reporting its totals. They were able to check the machine and determine that Bush got 115 votes on that machine, not 4008 votes on that machine. With its report corrected, the total for the machines together was 365, not 4258. The report on the Ohio vote was about one machine, not two.

As has been pointed out, if one malfunctioned how can you trust the other? Or any of the rest? Yeah, we caught these two errors, since they cast thousands of votes more than were even possible but then how many errors were there that were not stupidly obvious? As the main article we're all talking about says - the scary part is we have no idea and now way to check.

Re:Gotta Love That Electronic Voting!

[Skuld-Chan]

What I found funny about this article is they were quick to say no other counties were affected. How do they know? The only reason someone noticed this is because the machine gave Bush votes to 4000+ people more than the town had.

Also - it isn't curious how the machine errored on the side of Bush?

Plus there's no talk on what kind of bug could automatically enter in votes for Bush? I support point of sale software for a living, and despite the many bugs they do have I've never once, ever, ever, ever seen the programs I support enter line items automatically, or create invoices automatically - or even create more than one invoice when the user only wanted to create one.

From someone that works at an election company...

[bwilliam13]

What everyone doesn't understand/get: 1. The paper receipt is there as a justification tool against what's on the memory cards or electronic storage media. It doesn't guarantee though that the vote hasn't been tampered with. It could very weel be tampered with while the person is pushing the "vote" button. 2. The purpose of the DRE (touchscreen), is to prevent over and undervotes. Overvotes *confuse* optical scan machines. Remember the standardized tests back when you were in grade school? This is why they told you to darken ONE oval...the machines are intelligent enough to determine what's what...so if someone darkens two ovals for the same candidate, it doesn't count either...it records it as an error--in this case an overvote...so that vote doesn't count. DRE's prevent this from happening. You can only choose Kerry OR Bush...you can't choose both. 3. You can't just take the memory cards out and change the ballot or the results. It doesn't work that way. Different companies use different ways of encryption and verification. Basically, if that key on the memory card doesn't match one on the aggregating machine that also programmed those memory cards, as well as every file validity check --depending on the company, this could be CRC, PGP, MD5, and the list goes on--but the files just aren't there waiting to be modified/deleted/replaced. The machine/process ceases to work if one file is changed/deleted/modified in any way...period. That's how at least two company's technology works. One thing I find funny, is that since all this proverbial shit has hit the fan starting a couple years ago, Avi Rubin in one year has all of a sudden become it seems the world's expert on voting machines. There are very talented programmers who work on this stuff every day...and have worked on this every day for the past 20 years. And before you can understand the issues that may plague an election system, you have to understand the laws in whatever jurisdiction those election systems will be deployed in. And that's one HUGE issue that no one wants to address or take the time to learn. I'm pretty confident Avi Rubin doesn't know why some Florida laws prevent touchscreens from being used in say, Texas...and vice versa. Any jackass can get on 60 minutes and say "This sucks, that sucks, it all sucks, and my vote isn't secure." But it takes a person of a little bit more intelligence to understand why it is that way. Example: I hear arguments all the time (from Computer Science people like Avi Rubin) that say that relational databases and other technology like that should be used to validate votes vs voters coming into the polling place. Wrong. The whole democratic system in the USA is based upon the fact every voter should be able to remain anonymous in the polling place regarding what/who they voted for. Introduce a database to keep track of voter and their ballot results and you've just violated the very law/premise that our democracy stands on. My message to everyone including Avi Rubin and anyone else in Academia who thinks they are an election system expert after one year: Learn every state law...then try to build an election system that conforms to every single state law with the same piece of software. If anyone can do that within 5 years, I'll be very impressed... If you want a system that can't be electronically compromised, do it like the jurisdictions in the UK. They scan all the paper ballots electronically, then recount them by hand until the numbers match. That's the only way to ensure they aren't electronically altered, and that no over/under votes are incorrectly counted.

Topical comp.risks post

[Noksagt]

In the most recent posting on comp.risks, the lead article is a compelling summary of the issues surrounding evoting & contains a link to an extensive document that summarizes many problems from the past decades.

VoterGate video

[not_hylas(+)]

The elephant in the living room that no one will acknowledge:

http://www.theinquirer.net/?article=10393

Also:

"Our video files have been attacked and taken out. Who doesn't want you to see this film? We are working around the clock to get the video files back online right away. Please check back soon."

http://www.votergate.tv/

http://www.blackboxvoting.org/

the problem with any computerised balloting..

[zogger]

..is obvious. The tally is not human readable. It has to be filtered through the computers programming. Programming can make any output reflect any input. The amount of money and power that is represented by controlling the US government is simpy staggering. It is the largest potential jackpot a criminally bent individual or group can approach. The temptation is overwhelming,and now *they* have the complete technical ability to achieve that goal and to get away with it, the perfect crime.

A traditional paper ballot in a locked box is human readable/countable by anyone who can count at the end of the day. It requires very little in the form of specialised skills or hardware. It is very inexpensive. Challenges can be mounted and results verified quickly and transparently. Once you get into machine reading, whether tabulated bubbles or punched out cards or pure digitial like with the diebold machines-then you have your potential problems, and with the last few elections we can see we have new problems, and they look a lot more like "on purpose" troubles than accidental. They especially look on purpose given the revelations of what was found on diebolds website and published, and with other anecdotals showing some rather distrubing intent as to election honesty. The consortium pushing electronic closed source computer voting is a who's who of the mega-profits from tax money and governmental contracts military industrial complex. This is three serious alarm bells to anyone really thinking about this subject.

The old way had it's faults, but computerised has introduced faults above and beyond that can not be addressed without trusting what is inherently untrustworthy by it's design criteria.

Re:How redundancy can contribute

[PPGMD]

Why bring humans into the loop if you don't have to. Have the computer print out human readable receipts, that are also electro-optical readable.

Then if an automatic recount is trigger, simply scan the ballots, you will have a recount much more quickly (it hurts the stock market for the count to be in limbo for so long), and it's unlikely that two independent systems would fail, but at worst case, you can always hand recount.

Re:How redundancy can contribute

[superpulpsicle]

That's right. Evoting is discussed everyday on slashdot. It doesn't freaking matter. Every system the US deploys is corrupted. We know democrats won in 2000 and now 2004 again. And the 20-30 year old citizens are blamed every election for not showing up, thus allowing republicans to win. There are just too many conspiracies going on. Way too many to bring up.