Slashdot Mirror
Schneier On Electronic Voting
Bruce Schneier of security and other fame has posted a web log entry on the problems with electronic voting machines. The post is an excellent one, and does a very good job of covering all of the issues associated with the machines. I think it's fair to say that at some point electronic voting will be ready - but it's not ready now.
He brought up one important point then that I didn't see in his blog -- accuracy is the most important thing.
This might seem obvious, but most people seem more concerned with knowing the results of the election on election night than having every vote counted reliably.
In soviet russia, You ask not what country do for you, but what you do for country!
Oh wait...
This isn't a statistical proof anymore. CNN rigged the exit polls to hide the extremely unlikely discrepancy between votes and its published exit poll numbers!!!
1 36
/least/ 462 men say they were for Kerry in the first sample, and the number DROPPED to a maximum of 455 in the second sample!
While this isn't tampering with the vote itself, it shows CNN is trying to help Bush cover the unlikely discrepancy! Perhaps we're living in interesting times and it was a one-in-a-billion discrepancy between votes and exit polls... but since we CAN'T VERIFY THE MACHINES my opinion is that vote tampering is much more likely than not and CNN covered the trail.
http://www.dailykos.com/story/2004/11/3/3646/14
(backup that entire web page please, we never know)
Quote:
"Let's first look at the women. In the first sample, 53% of 1,963 people can be anywhere from 1,030 to 1,050 women in the sample (try punching numbers outside that range into your calculator, it won't round to 53%). In the second sample, 53% of 2,020 people is anywhere from 1,061 to 1,080 women in the sample. So anywhere from 11 to 50 additional women were surveyed.
Well, in the first sample, 53% of women went for Kerry, meaning an absolute minimum of 541 (541/1030) women to an absolute maximum of 561 (561/1050) women for Kerry. So in the first exit poll, somewhere between 541 and 561 women were for Kerry.
Now for the second sample. 50% of women going for Kerry means an absolute minimum of 526 (526/1061) to an absolute maximum of 545 (545/1080). So in the second poll, somewhere between 526 and 545 women were for Kerry.
So it is *technically* possible that, say, 542 women went for Kerry in the first sample, and almost all the women they interviewed afterwards went for Bush (say only 2 went for Kerry), and then you'd have 544 women say they're for Kerry. This is actually within reason. If we had the raw numbers, we could tell for sure. Or even percentages to the tenths place.
*BUT*..... With the men, in the first sample there were between 913 to 933 men, and 940 to 959 men in the second sample. So anywhere from 7 to 46 additional men were surveyed. In the first sample, anywhere from 462 (425/913) to 480 (443/933) men were for Kerry. But in the second sample, anywhere from 438 (438/940) to 455 (455/959) men were for Kerry! You had at
THIS IS IMPOSSIBLE. I've allowed for the biggest intervals possible that would still result in the given percentages. Something is very wrong here. This is mathematically impossible."
So can any statistician give us an idea of why that kind of thing could be happening??
Microsoft is pure dog-ma. FreeBSD is pure cat-ma.
If we can make ATMs that work well then we should be able to make voting machines that work just as well. In fact, why don't we get the people that Make ATMs to make voting machines as well. Let's see, do ATMs stand up to his four criteria?
Let's take that a bit further, why not turn ATMs into voting machines? They're already part of a large, secure, nation-wide network, they're built for security, and there's bazillions of them. Wouldn't it be great to just go to your bank to vote? That would eliminate the need to go to a polling place and should reduce the lines tremendously.
Sure there might be other problems with this approach, but banks already have years of experience securing and relying on ATMs.
--Not free as in effort, but I'm willing to try it. Free Flat Screens | Free iPod Photo |
infested with jello like fishes no melotron wishes
Does anyone remember how India had elections several months ago and managed to do this with a simple system that can be used by people who can't even read? A billion people all voted using the same system countrywide? How everyone turns out to vote, and the poor people were the ones who decided the outcome of the election? We've been doing this democracy thing for a while, you'd think we'd have it figured out.
america just got pwnd!
I apologize if this is consider trolling, but I submitted this story a couple minutes ago and since it's relevant to this story I'll post it in here (since it probably won't get approved if this one is already up. If it does make it up just mod it offtopic):
... or they would be if this weren't a freaking voting machine!
Technical director Dr. Avi Rubin of the John Hopkins University Information Security Institute (ISI) has made a presentation regarding Diebold's voting machine source code (pdf) to the National Institute of Standards and Technology (NIST has been playing a key role in the improvement of voting systems since 2002.) Turns out, amongst other major security problems, Diebold was using NIST's Data Encryption Standard (DES) to encrypt votes and audit logs. DES was developed in 1976 was proven breakable by a "brute force" system in 1998. NIST proposed revoking DES's certification last July and recommends AES or at least 3DES.
Read from page 13. There are some hilarious comments
Nader calls for US election recounts
What we need to do is create accurate and easy to use voting machines that are extremely cheap to produce and are maintianed via an open source model. Preferably we write it for a physical chip that is archaic by todays standards so that its extremely easy to emulate, extremely cheap to produce, and will have less script kiddies using it on a daily basis. If i was designing a voting machine it would be simply 5 buttons, (4 candidates per screen and a more button). Also a big green/red/whatever button elsewhere that says "Record votes" You make your selection it moves to the next. At the end it tells you your choices and lets you go back as much as you want. When done you hit that record vote button and it prints a receipt. Id probably use a single 6502(i like these chips they are neat) cpu to accomplish this because thats all i NEED, I dont need no p4 running winblows or anything running linux to record my votes what is all that wasted functionality doing? I'll tell you what its doing providing hundreds and thousands of lines of unnecessary code that basically amounts to a huge liability. I don't trust linux or windows alike in that respect. What i do trust however is some miniscule "VoteOS" that was designed with nothing but voting and auditing in mind.
Its time we stop trying to produce canned solutions for things from piles of unnecessary code(linux, windows, qnx whatever).
A paper trail is not a sure thing....particularly a *machine-printed* paper trail. In certain districts that heavily favor a candidate by a large margin, printing a duplicate paper trail might be trivial. This is particularly true in situations where there might be a long period of time before a by-hand recount.
I think there should be some sort of hashing and/or signing throughout the day, with the hashes periodically given to poll workers and watchers (and perhaps the voters themselves) that could authenticate the paper trail later.
Of course we're so far off from clueful use of cryptography in voting that this point is not relevant yet. But it seems to me that these are the kind of problems cryptography was designed to handle, and it would be smart to start thinking that way.
It's amusing how you separate the term "Left" with your (presumed) support of the Republican party. You do realize that Bush is perhaps the most Leftist Republican ever? The past 4 years have brought an enormous government, fiscally insane spending, and global intervention that ranks up there with the Soviet empire. Some of us libertarian minded folk see you GOP'ers as just a differnet flavor of Democrats. Keep that in mind when the US invades the next Middle East country on the neocon's shit list.
(Sorry, couldn't resist the ad pseudonym.)
Anyway, exit poll numbers are unreliable for a variety of reasons.
First, you don't know who is taking the poll and what their biases are. How were the voters selected - just the pretty girls, or people who looked safe? You never know.
Second, you don't know where the polls were taken. Were they only in urban areas, easily reachable? Were the areas chosen to be representative, or were they chosen with true randomness (out of a literal hat, for example)? Or were they chosen off the top of someone's head? The sites should have been selected at random and with a large enough distribution of sites.
If you don't do it randomly, but you pay careful attention to demographics to get an approximation of the overall population and their likely voting preference, you are still injecting your preconceived bias (that the pre-election polls were accurate) into the process. Garbage in, garbage out.
The sample size of 1000 or so is ok *if* it's an independently drawn sample. That is, the exiting voters should have nothing in common. By virtue of the fact that they all voted at the same time, and they were willing to answer a poll, they obviously have something in common, even if the areas chosen for the sampling were chosen well.
I suspect that there weren't enough people doing the exit polling. If you had 30 or more sites chosen at random, and then randomly selected people from those sites to ask, you might get a clearer picture. You'd still have error, and it could still all be skewed one way or the other, but at least you'd minimize the risk.
Overall, announcing the results of exit polls before the election is done is a bad idea, if only because it convinces the simple-minded that something is wrong with the system.
sigs, as if you care.
I have a friend who semi-jokingly says he doesn't believe that world war 2 happened, because it just sounds too ludicrous.
I mean, seriously... an industrialized nation that is filled with some of the smartest minds in the world (i.e. Einstein was German), goes on a campaign of genocide because they decide all Jews are inherently bad people.
Truth is more outrageous than fiction. Go ahead and keep believing whatever is necessary to keep your faith in authority.
-------
Incite and flee.
To summarize for those of you who did not RTFA:
1) Require a paper audit trail
2) Open the code for wanyone to see
Why is #2 necessary if #1 is implemented? Would not #1 ensure that the election is fair? Of course, #1 is only used in the case of a recount, but I would expect if the elections were rigged in any significant way (ie. outcome was something other than it should have been) then a recount would occur. In the case where an election was altered but that alteration had no meaningful effect on the outcome I don't really care.
Moreover, by opening the code you inescapably harm the code owner's benefit to having either created or obtained that code. It would be far to easy for another entity to steal or improve upon that code to create a competing product.
For those of you who are truly paranoid there is another option: Move the creation of electornic voting software into the government itself. Make it part of the FEC and then open source it. Mandate that all elections use this software so that there is no competition issue.
This, however, is an unattainable and uneccessary endeavour.
Requiring a paper audit trail should clear up any real issues thse machine may have.
One reason we've come to expect "instant" results is that we're leary when the process takes too long. Look at the recount in 2000 -- most people probably thought someone was manipulating the vote in those sealed rooms, not verifying that the votes were counted.
Whereof we cannot speak, thereof we must be silent. --Ludwig Wittgenstein
We have this crazy system in Canada...
;p
Voting is done with a pen on paper.
Then we count them.
We must be insane in Canada eh?
From comp.risks. Peter Neumann is a respected analyzer of risks.
.com]
Some 2004 voting anomalies
>
Mon, 8 Nov 2004 16:01:13 PST
For those of you interested in following a collection of reported problems
more carefully, here are just a few reported anomalies, collected from a
variety of sources:
* Palm Beach County logged 88,000 more votes than people who had voted in
the presidential race. (Teresa LePore of 2000 Butterfly Ballot fame is
the County supervisor of elections there.)
* A Franklin County Ohio machine error gave Bush 3,893 extra votes in a
precinct in Gahanna. The correct totals were 365 for Bush, 260 for Kerry.
* In Broward County FL, in balloting for Amendment 4, ES&S software for
tabulating absentee ballots began counting BACKWARDS once a total of
32,767 [2^15 - 1, in a signed 16-bit field] votes had been reached in a
precinct. When this was discovered, the corrected totals for the precinct
went from 166,000 to 240,000, and actually caused the statewide results to
be reversed on this amendment. Apparently the same flaw was detected two
years ago in the same software, and remained uncorrected.
Nick Simicich wondered in a long message to RISKS:
Do you suppose that they "fixed" this by making the 16 bit field
unsigned? Or do you suppose that they counted the numbers separately
using, say, floating point so that they could check the results for
large discrepancies? Or maybe that they checked the before and after to
see that the numbers increased when they added to them...or anything
else that they could do to make this self auditing? Nah...frankly, I'm
scared by the stupidity of this error. This is a problem that needs an
open source solution.
* The failure of the ES&S ranked-choice vote-counting software in the San
Francisco Supervisors' election that I noted in RISKS-23.58 turns out to
have been a hard-coded constant maximum number of voters that was set too
low. The fix was utterly trivial, but wisely required recertification by
the State. [Perhaps the same programmer wrote the Broward software?]
* Bev Harris reported that ``Jeff Fisher, the Democratic candidate for the
U.S. House from Florida's 16th District said he was waiting for the FBI to
show up. Fisher has evidence, he says, not only that the Florida election
was hacked, but of who hacked it and how... In Baker County, for example,
with 12,887 registered voters, 69.3% of them Democrats and 24.3% of them
Republicans, the vote was only 2,180 for Kerry and 7,738 for Bush.... Dick
Morris [famous consultant to both parties, now with Fox News] wrote "So,
according to ABC-TVs exit polls, for example, Kerry was slated to carry
Florida, Ohio, New Mexico, Colorado, Nevada, and Iowa.... Exit polls
cannot be as wrong across the board as they were on election night. I
suspect foul play." '' [See http://www.blackboxvoting.org , *NOT*
* Incidentally, Ralph Barone noted an article on the internal database
structures of the Diebold voting machines, plus how to hack an election
and cover your trail afterwards.
http://www.blackboxvoting.com/scoop/S00065.htm
* There were numerous reports of screens "jumping" votes in ES&S and Hart
InterCivic machines, where casting a straight-party subsequently changes
the vote for the President before exiting.
* Also reported were many cases of long lines and long waits only in certain
politically skewed precincts, many legitimate voters who claim they were
disenfranchised, voters who were given special optical scan pens that were
not capable of being tallied, and so on.
Many Web sources provided running lists of reported anomalies, such as
http://www.votersunite.org
http://fairvote.
Perhaps the exit polling sucked balls? Perhaps the numbers they were showing were not correct and they updated them with the correct data? Perhaps the early voters were Democrats and the later voters were Republican.
/ results2004_lg.jpg
Well, from the 3d election results:
http://www.esri.com/industries/elections/graphics
It looks like most of the areas who voted for Kerry were in urban areas. Now, if the exit polls were conducted in mostly urban areas you can see how the results would be biased in favor of Kerry.
A Human Right
I've heard that Kerry is considering retracting his concession, and that if you've personally observed "voter disenfranchisement" in Ohio, you should phone the DNC (202) 863-8000 or send email to: CKerry@Mintz.com.
(Interestingly enough, the Green Party is also legally allowed to demand a recount: the catch is that they've got to be able to pay the $100,000 price tag...)
Please go to The Open Voting Consortium and support their work any way you can.
Enable 3D printed prosthetics!
Anything in a computer can be hacked. Period. And there is no way to tell that it hasn't been hacked. Period.
Paper ballots are plain to read. When you recount a paper ballot where the person marks in ink what their choice is, there is no hanging chad and no concern that the punch card or optical scanner or touch-screen software has a glitch that led the machine to systematically miscount. Most importantly, people can do a recount with paper ballots. If there is a question about the accuracy of the tally, it can be independently verified.
Paper ballots are still prone to election fraud: people can "misplace" them, burn them, etc. But fraud and systematic errors are way easier with a computer. As long as balloting is done by computer, every election will be clouded by deep uncertainty.
http://greenlightwiki.com/lenore-exegesis/Parliame nt_of_Attitudes
False Epiphany: A Grad Student Takes Dictation from the Muse