Slashdot Mirror
CA Sec. of State Panel on Open Source Elections
goombah99 writes "The Open Voting Consortium has announced that California Secretary of State Bruce McPherson is forming a panel to investigate using open source software in elections. Suggested Panel members include Security expert Bruce Perens and Python guru David Mertz who is associated with the sourceforge EVM2003 voting machine project. This is big since a favorable outcome could help fund prototypes of true open source election equipment and systems."
safe by design-- i.e., based on paper
Yes, because everybody knows that paper is a write-once, ready many system with built-in user authentication which cannot be hidden, destroyed, or otherwise tampered with.
terminals which print out an ink ballot
That's part of the push for open source voting systems - you have a hard copy for verification. There are much better ways than just having it print out who you voted for so that you can drop it in a box - for example, one method which I read about not only keeps a paper record (which the user never has to handle, but is there for recounts), but prints out a tracking number that the user can enter on the election board's website and verify that their vote is in the system and who it is listed as being for.
... in Siberia, where Putin killed a fish with a speargun. He later claimed it was killed by Ukrainian separatists.
Here is a description of the one used in India: http://www.eci.gov.in/EVM/index.htm
Here is a comparision between the Deibold and the Indian EVM system:http://techaos.blogspot.com/2004/05/indian- evm-compared-with-diebold.html
Here is a wikipedia article on it:http://en.wikipedia.org/wiki/Indian_voting_mach ines
Implementing a system like this can make it so much easier to count votes and do it quickly too.
If you are looking for the Open Voting Consortium website, it may be found at http://www.openvotingconsortium.org/.
The basic idea that the OVC promotes is that of a computer-assisted voting station (or stations, to accomodate different kinds of voters who have physical impairments) that produces a paper ballot that *is* the official ballot and that can be read by both humans and computers.
This goes one step beyond verified voting. Verified voting has paper records that serve as audit trails but that are not themselves the official ballots. The OVC system goes one step further and makes the paper that the voter sees and approves the actual ballot.
There are a lot of complexities in voting systems; the OVC system avoids many of these difficulties because it is really a conservative application of computers to traditional methods.
In addition, the OVC system, because it produces a paper ballot, can have many different kinds of voting stations to accomodate the different physical needs of different voters.
The OVC wants voting software to be, at a minimum, open to inspection and testing by anyone.
Personally, I can conceive of some people who might come up with clever user interface mechanisms to help voters deal with ballots - and I personally don't think that those mechanism need to be part of the open voting systems. However, the core aspects of creating, handling, and counting ballots should not be wrapped in inpenetrable proprietary shrouds - every voter must know for a fact that his/her vote has been correctly recorded and correctly counted.
By-the-way - full disclosure time - I'm on the Board of Directors of the OVC.
Don't just read my summary of the article - read on, they go into a lot of depth, completely backing up my position. You better get your own source which contradicts the Wikipedia version.
In fact, as mentioned in the Wikipedia article, the concept of the "American Dream" was really popularized by Horatio Alger, Jr, a writer who in his time was as big of a seller as Mark Twain. All of Alger's stories were the same general outline: a boy grows up in poverty, but through a combination of luck and hard work, he ends up wealthy.
... in Siberia, where Putin killed a fish with a speargun. He later claimed it was killed by Ukrainian separatists.
It's 2 AM here in Norway, so I'm not going to write much else tonight.
Bruce
Bruce Perens.
The "correct" way is for the paper vote itself to be the official ballot -- not just a backup in case of a recount.
Bruce
Bruce Perens.
Of the G8 nations, the US is in 6th place when it comes to standards of living. The five nations ahead of us are in Europe.
Take off every Sig.
First the OVC system is a hybrid. It has paper ballots and touchscreen entry and hand counting and electronic counting. The cool thing is they pull all of that off in way that is simple and workable, not layers of complexity.
Second, this hybrid is more secure than either paper ballots or electronic voting alone.
Third it's potentially very cheap. Various bussiness models can be applied. One is that cheap commodity hardware is used and the computers given away to schools after every election. That ways maintainence, storage and physical security costs are minimized. Another possible bussniess model is that OVC becomes a standard and certifies vendors to that standard. They can only use OVC software, which is open source. THus no funny bussiness but professionally run elections and reusable hardware. Of course states could own all their own hardware and conduct their own election set-ups just like they do now so there's no need for a radical bussiness plan.
since the hardware is very cheap, states can have excess numbers of voting stations per precint to elminate lines. when heavy turn-out is expected adding more stations is not a problem.
It can be booted clean from CD. so there are fewer risks with physcial security and the software is immutable and verifiable afterwards (compared to harddisk or firmware in which validating what software actually ran is difficult to prove later).
The OVC systems has many of the virtues of touchscreen voting such as handicapped and language assitance. It also can handle multiple jursidictions in a single precint
OVC is techincally not a DRE system. it's a ballot printer system
The OVC system also avoids the major pitfalls most other electronic systems have namely:
1) no roll fed paper ballots under glass. OVC uses cut sheets the voter puts in the ballot box
2) standalone ballot bar code readers are available and separate from the vote casting machine. this allows voters to independently validate the bar code or have it readback to them in audio mode in a way that prevents any machine collusion
3) standalone ballot counters. again zero collusion with the ballot printer.
If something goes wrong and the machine loses the votes, the paper ballots still function as aperfect record of the vote.
the OVC system has many exingencies worked out like what happens if a voter flees. What happens if the number of electronic ballots differed from the number of paper. and many others. Election's expert Doug Jones consulted on many of these features.
The basic process is this. Vote on the terminal and it prints our a single sheet ballot with an edge bar code and a summary of all your choices in human readable form. if you don't like it just discard the ballot and vote again. Since there's no "terminal activation" tokens there's no hassle to vote over. When you have a ballot on paper that you like you can optionally validate the bar code with a wand which will read it back to you. then you place it in the ballot box and go get drunk.
when the polls close the election judges open the sealed box. then in the presence of witnesses they shuffle all the ballots, permenantly destroying any serial vote order. Next they wand each ballot and a computer reads it in, diplays the english version of the ballot on screen, and correlates that vote with the previously recorded electronic record. There must be an electronic record for every ballot to prevent stuffing the ballot box. the election judge can spot check as many screen texts with the printed texts as they want so there is now a second check on the bar codes. The existance of even a single discrepancy in the bar code and the printed text would signify a software malfunction and appropriate steps taken. The bar code adds a number of secure features. First it can be made hard to forge and possibly contain signaures. Second it can contain checksums and handshaking codes to assure the code was read correctly (unlike a conventional hand marked paper ba
Some drink at the fountain of knowledge. Others just gargle.
http://www.bbvforums.org/forums/messages/1954/8556 .html?1122679073
8 .html?1122664155
:). And coming up with $10k in bail was a pain.
5 .html?1124737282 ...and I've taken the first step in suing 'em:
d f
http://www.bbvforums.org/forums/messages/1954/856
The good news is, it was only 18 hours. Still sucked
But the DA's office dropped all charges:
http://www.bbvforums.org/forums/messages/1954/942
http://www.equalccw.com/claimforcivildamagesnet.p
Will the voter notice? I don't think so. If I were hacking the election machine, I would make the paper ballot match whatever the voter put it.
As for the paper tally, I don't think there will be one. If there were any in the previous elections, I am not at all aware of them. The reason people want to do electronic voting, is so that they don't have to perform a paper tally.
Is it far fetched? "As if someone is going to be able to insert code into the GCC compiler?" No, I'm afraid it is not far fetched. Just think about the amount of money that goes into election campaigns. A mere $1,000,000 is way more than enough to subvert the electronic system.
You asked me, if I think it's worth it to people to rig the vote by hacking a compiler and making sure that it is the compiler that is used (not hard!): How does it compare to the ease of replacing paper ballots? Or just throwing them away?
And here's where we get to the solution that I propose: Video tape all handling of ballots, and the counting of ballots. It is now easy to record all ballot access, and place those records on the Internet. People should always access ballots in full view of both cameras, and members of parties, and whoever else wants to be an observer. The observers can then verify the video records. ("Yes, that is really what happened. This is not a false video.") Etc., etc., etc.,. This is much harder to fake out.
No, it's not true that "no matter how you look at it, this system is better than paper."
Electronic voting is not as trustworthy, because we've seen demonstrations of just how easy it is to subvert these guys. You have not presented any reasons why the hack I linked to is not reasonable. This is a remarkably simple hack, and Ken Thompson described the basics of how to write it. It is not expensive, it is very easy to perform. All you need to know is how the compiler will be aquired. Somebody will have the authority to choose the compiler. All you need to do is to be that person, or to find out what that person will do, or to intercept the request to retrieve the compiler; There are many ways to put the bugged compiler in the right place.
You could even subvert the commands "mv," "cp", or have the operating system of the machine it's compiled on perform a well timed switch, when nobody's looking. There's a million ways to do this.
Do not mistake my criticism for luddite conservatism. You are speaking with a hardcore transhumanist programmer. I've been programming since I was 7, and I look forward to the day when I can detach my brain from my body, and load it into an electronic cube. That is until we have the technology to siliconize the brain. You can confirm that I think this way because I'm Internet bonded. I am totally into tech.
It just happens that, in this case, the best technology is called paper & pencil & video recorders broadcasting and archiving onto the Internet.
Industry shills showed up to oppose the resolution that makes this report mandatory. Here are some letters of opposition: http://www.openvotingconsortium.org/ad/242-opposit ion.pdf
They got no where. We have to show up and make our case.