CA Sec. of State Panel on Open Source Elections

goombah99 writes "The Open Voting Consortium has announced that California Secretary of State Bruce McPherson is forming a panel to investigate using open source software in elections. Suggested Panel members include Security expert Bruce Perens and Python guru David Mertz who is associated with the sourceforge EVM2003 voting machine project. This is big since a favorable outcome could help fund prototypes of true open source election equipment and systems."

Oh goody.

[Pig+Hogger]

Now watch Microsoft and the *AA attacking this resolution on the ground that it is "unamerican" and fostering terrorism.

Re:Oh goody.

[Rei]

It is unamerican. The "American Dream" is the notion that anybody, if they work hard enough, will strike it rich. Which is more American - free, government-developed, open-source software, or software that someone made a fortune on through raising venture capital and excellent lobbying/marketing?

Re:Oh goody.

[Rude+Turnip]

"The "American Dream" is the notion that anybody, if they work hard enough, will strike it rich."

I think the "American Dream" is to simply be rich...but it doesn't go into details on how one should do so, which is why our citizens are being fucked left and right.

Re:Oh goody.

[Homology]

The "American Dream" is the notion that anybody, if they work hard enough, will strike it rich.

The dream might have been true once, but not anymore. Today it's an illusion, a type of propaganda, to accept the status quo: That the very rich becomes ever more rich at the expense of the rest. Many have two jobs, but can't really makes end meets. They work hard, but they will never strike it rich. No Western country has such an uneven distribution of wealth and capital, and is so rich at the same time. But still the poor is left to fend for themselves as best as they can as recent events so tragically shows.

Re:Oh goody.

[That's+Unpossible!]

Today it's an illusion, a type of propaganda, to accept the status quo: That the very rich becomes ever more rich at the expense of the rest.

The status quo is class warfare, which you have perpetuated wonderfully in your post.

First, rich don't get riched "at the expense" of anyone. When someone gets richer, that doesn't mean they stole that money from someone else. Why do you hold such disdain for someone who is successful, who has worked smarter or harder, or planned better than someone else? Can you not reserve some of your disrespect for those poor people that neglected their educations, have never worked hard, have come to rely on the teat of the government instead of themselves, their family and friends?

We have people in America that qualify as "poor" but own TVs, cars, have cable service, cell phones, name brand clothing, free K-12 education, and the list goes on and on.

Just because we classify someone as poor doesn't mean they are really poor, especially when compared to other countries around the world which you hold in such high regard.

They work hard, but they will never strike it rich.

Simply working "hard" doesn't mean you will -- or even deserve -- to strike it rich. That's lunacy. That's not the American dream. The American Dream is that the only one stopping you from being successful in America is yourself.

That, and the bureaucrats.

But still the poor is left to fend for themselves as best as they can as recent events so tragically shows.

The tragedy is that this was the first time many of these people had to rely on themselves instead of mother government. Now you see what happens when you make people rely on government... and the inevitable happens: government stumbles.

What happened to personal responsibility? That is the corner stone of the American Dream. If the American Dream truly is dead as you claim, then it is for this reason alone.

Re:Oh goody.

[M.+Baranczak]

Which is more American - free, government-developed, open-source software, or software that someone made a fortune on

In this particular case, it's irrelevant. Chances are that the government will still be contracting the work out to private companies. Why do people automatically assume that nobody ever gets paid to write open-source software?

Re:Oh goody.

[zekemacneil]

Of the G8 nations, the US is in 6th place when it comes to standards of living. The five nations ahead of us are in Europe.

Re:Oh goody.

[sunwukong]

Simply working "hard" doesn't mean you will -- or even deserve -- to strike it rich.

Of course, "deserve" has nothing to do with this discussion at all. The rich are not a meritocracy, especially since you can inherit yourself into the club.

Re:Oh goody.

[Russ+Nelson]

No Western country has such an uneven distribution of wealth and capital, and is so rich at the same time.

I couldn't say it better myself. Homology has hit directly at the heart of capitalism: that while everyone gets more richer under capitalism than under any other system yet discovered, some get much richer than others. While I would prefer a system in which everyone is wealthy and there is an even distribution of wealth, I prefer a system in which there *is* wealth and uneven distribution to one in which everyone is equal and poor. In other words, I value absolute wealth over relative wealth.
-russ

Re:Oh goody.

[UserGoogol]

Hey... fucking people is hard work too, you know.

Re:Oh goody.

[cgenman]

First, rich don't get riched "at the expense" of anyone. When someone gets richer, that doesn't mean they stole that money from someone else. Why do you hold such disdain for someone who is successful, who has worked smarter or harder, or planned better than someone else?

Clearly you haven't seen some of the golden parachutes flying around. Carly Fiona got 21 million dollars as a reward for getting fired for driving HP into the ground. Of course, her job at HP was a reward for getting fired for driving Lucent into the ground. You can work hard, work smart, and make a nice 120,000 dollar a year living for yourself. Or you can raid pension funds, make terrible but flashy decisions, and jump ship with millions of dollars before the consequences of your bad decisions catch up to you. And while you're at it, don't forget to cook the books leaving your workers out in the cold when your company goes under. Don't worry, by that time you'll have made your money and cashed out.

Money isn't a zero-sum game, but it can be close. The GDP only goes up by so much every year. I totally agree that the person who invented bubble wrap deserves the fortune he has recieved. And there are some examples of that kind of wealth. But most of the people who get rich do so doing things like re-selling consulting services at 500% markups to poor dupes. Or selling substandard armor to the military at insane prices. Or by using marketing techniques to make parents feel bad if they don't buy their kids McDonalds every day. And nearly everyone who is rich is so because their parents were rich.

Simply working "hard" doesn't mean you will -- or even deserve -- to strike it rich. That's lunacy. That's not the American dream. The American Dream is that the only one stopping you from being successful in America is yourself.

And that is what the grandparent poster was saying was incorrect. It's not "yourself" that stops you from getting rich in the US. Getting rich is a secret club, and if you don't happen to have a friend at diebold, or had the misfortune of being born black, you're pretty much screwed. That's not to say there aren't successful black people out there, but how many black presidents have we had? How many presidents have we had that dragged themselves out of poverty as kids?

One of the odd things about the American Dream is that it perpetuates the myth that the lower class is the lower class because they are lazy or uncreative. Go read Nickel and Dimed: On (Not) Getting By in America . She goes into some great details like how if you can't save up 3 months rent, you must rent by the week at much higher costs, further preventing you from saving anything. Or how by being poor and therefore not having a car, the only jobs you can get are on bus lines, severely limiting your options and further guaranteeing that you will stay poor.

Or better yet, take a sabbatical from wherever you work, and live a lower-class life for a few months. I think you'll be surprised to find that the working class, despite having different lingual characteristics, are every bit as bright as you or I, and generally work their tails off. But the American Dream says that if they are doing that, why aren't they successful? Either they must be actually lazy, or the American Dream is wrong.

You can guess which one I believe in.

the only one stopping you from being successful in America is yourself. That, and the bureaucrats.

Right. Those god-damned people at the FDA. My coolant-pops were a big hit at the auto shop. It's all a bunch of red tape about fill-out-this-paper and half-of-our-mice-died. Just get off my back!

What happened to personal responsibility? That is the corner stone of the American Dream. If the American Dream truly is dead as you claim, then it is for this reason alone.

I'l

Re:Oh goody.

[Talinth]

Many have two jobs, but can't really makes end meets. They work hard, but they will never strike it rich

Heh. I work one job in a factory. I make below the average national hourly wage. I am very much "working class". When I retire, my 401k (among other diverse investments) will be worth nearly 2 million USD. "striking" it rich isn't what it's all about. With a life of hard work and dedication to saving money aside I will retire a millionare. This is the "American Dream" and I've never been happier to live in a country where wages like this are possible for ANYONE that is willing to come to work 40 hours a week.

Re:Oh goody.

[greythax]

If my mod points hadn't expired yesterday, I would be moding you through the roof! This is one of the most coherent and well thought out posts I have ever seen, or am ever likely to see on slashdot.

Re:Oh goody.

[JerkBoB]

Perhaps a more accurate way to state it is that in America, you are valued for how hard you work, not for who you are. Outside of the USA, it's the other way around.

How wonderfully naive. I remember being like you, once.

Perhaps an even more accurate way to state is that just about anywhere, you are valued most for who you know.

Perfect example... Read the latest Time (3 October). There is a very interesting article about how various people wound up in pretty darned important Federal positions, with minimal or nonexistent qualifications for the jobs. It's not anything that Bush invented, of course. Cronyism has been around since the Roman Senate (at least!).

Not that I'm complaining... I've taken advantage of it on a number of occasions. Some call it cronyism, others call it networking. I call it using available resources to get the best jobs for me. I used to resent that (when I didn't know as many people), but eventually realized that no matter how hard I worked, unless I had 'ins' I wasn't going to compete with 'known quantities' who may have been less qualified but were less scary than hiring an unknown outsider. That's just the way the world works.

Re:Oh goody.

[JerkBoB]

When I retire, my 401k (among other diverse investments) will be worth nearly 2 million USD.

And what will that $2Mil be worth by the time you retire? Inflation happens.

Not to denegrate your hard work, but living off of $2Mil for twenty+ years twenty or fourty years from now is hardly "rich".

Just something to think about.

Re:Oh goody.

[skubeedooo]

Bull. You can become rich without being initially rich. You just have to work hard at the right things. If you work hard flipping burgers you will end up poor. If you work hard cleaning buildings you will end up poor. If you work hard at school, work hard on a well chosen university course based on what you are good at and what there is commercial demand for, you have a very good chance of ending up rich.

If you work hard at complaining about how unfair life is on slashdot then no, you will probably not be someone who becomes rich.

Of course there is more to life than money. If you want to spend your time doing something that is more directly beneficial to other people than is possible in a business setting (e.g. OSS, traditional charity work) then good for you. If you want to pursue your passion then that's fine too. But don't then claim it's impossible for the poor to become rich.

Re:Oh goody.

[Rimbo]

What is this "getting a job" thing and since when has it ever had anything to do with getting rich?

You will never get rich working for someone else.

Re:Oh goody.

[Ferretman]

Oh lordy...and here I was going to say it was one of the most incoherent pieces of whiny drivel I've heard in a couple of weeks.

Ferretman

Re:Oh goody.

[lynx_user_abroad]

Why do you hold such disdain for someone who is successful, who has worked smarter or harder, or planned better than someone else?

You are promoting a pure meritocracy, which has some flaws you might not have considered.

Being successful does not always mean someone works smarter, or harder, or plans better, although there is a correlation. To the extent that someone can be considered more succseeful without working smarter or harder (generally without exhibiting any trait which we could classify as a merit) such a system fails. We see many such failures these days. Among them would be people who inherited their wealth, or gained it through illegal means, or were the beneficiary of illegal acts made by others. We might include lottery winners, and others who 'just got lucky', but I won't dispute that here as we could I suppose define 'lucky' as a merit.

And even when we agree someone performs with more merit, (works harder or smarter) we have to ask what they are working for. I think we'd agree a smart, hard-working and well plannning axe murderer would still gather our disdain. Even if a person is successful at making themselves rich (or prosperous, or successful, choose your term), why shouldn't I hold them in disdain if their actions don't serve to make me rich as well? After all, aren't I suppose to be looking for way's to make myself rich, just like everyone else?

Or, if that sounds just to blatantly selfish, perhaps I should ask "shouldn't we hold them in disdain if their actions don't serve to make everyone rich?"

Can you not reserve some of your disrespect for those poor people that neglected their educations, have never worked hard, have come to rely on the teat of the government instead of themselves, their family and friends?

First, call me a contrarian, but I view the very existence of one of these people to be a failure of the social structure itself. Should our first priority be to eliminate laziness and ingorance? Or should we start by eliminating hunger, homelessness and oppression? How do we go about eliminating laziness and ignorance without first eliminating hunger, homelessness and oppression? Do you really think anyone who is hungry, homeless, or oppressed and has the opportunity to escape by just giving up laziness and ignorance would choose to remain lazy or ignorant as well as hungry, homeless, or oppressed?

Second, we know a good education is often associated with both 'being successful' and 'improving the lives of others but it's still not a one-to-one correlation. Not everyone needs to have a 'good education' in order to contribute to a society. Should we force everyone to "get a good education"? I wonder how many improvements have been lost to the world through the forced 'education' of individuals according to the agenda of the day.

Third, it's not always "the teat of the government" being relied upon. In some parts of the world, where "government services" don't exist, it's the teat of a local religion which is er...um...providing the nourishment.

(But what I find very interesting is that you seem to feel it's not okay to sponge off the government, you're silent about sponging from charity, but it is okay to sponge off one's own family. This probably feels completely natural to you. I'll explain why next.)

Simply working "hard" doesn't mean you will -- or even deserve -- to strike it rich. That's lunacy. That's not the American dream. The American Dream is that the only one stopping you from being successful in America is yourself. That, and the bureaucrats.

In the true 'meritocracy' sense of Kiplings "Law of the Jungle", why isn't it considered fair game for me to be successful by means of stopping you from being successful? Or am I supposed to allow you to suck at the teat of success at my own expense, while my talent (s

Re:Oh goody.

[msuarezalvarez]

Thanks for the post.

People bitch at Slashdot variously all the time (and somewhat paradoxically, do so in Slashdot...), and there is certainly much to be bitched for. I do keep coming back, though: there is the occasional reasoned, insightful, coherently written post, which makes up for the rest. Yours numbers among the good ones.

Canada already has open-source voting machines

[temojen]

Paper and pencils can be made by anyone. Scrutineers are handy too; and scaleable.

Re:Canada already has open-source voting machines

[Smidge204]

Considering the average voter in America is equally like to:

1) Fill out the form correctly
2) Fill in ALL the checkboxes
3) Leave it half filled out or completely blank (arguably overlaps with #1 in some cases)
4) Stab themselves with the pencil
4a) ...and sue everyone in the room for not stopping them ...making the vote process easier (and free of sharp edges/pointy ends) is almost a necessity. Of course, this brings up the question if they should be allowed to vote at all, because the system only works with an INFORMED and EDUCATED public, but I suppose it's all or nothing with this sort of thing.

Making the process electronic has advantages, but I agree it's too early to abandon the paper trail entirely. Building a trustworthy voting system is needed either way, and if the powers that be are determined to go electronic then let's make sure it's carefully scrutinized.
=Smidge=

Re:Canada already has open-source voting machines

[Trepalium]

Since the Canadian system doesn't involve huge payoffs, er, contracts to friends of whichever party is in power at the time for faulty voting machines, it obviously cannot be used in the US elections. Corporate welfare is the only policy both US parties agree on, the only thing they really disagree about is who should get the money.

I hope we never change our system in Canada. It may be archaic, quaint, or just plain old, but it's surprisingly transparent, and resistent to tampering. Elections Canada is resposible for enumerating the voters, not the parties, and has an agreement with the Canadian Revenue Agency to get data from those filing tax returns if the citizen consents (helps prevent the dead from rising up and voting, and strongly discourages multiple votes since it's easier to catch). Everyone who is a citizen of the required age is allowed to vote, even if they're incarcerated. The vote is extremely simple, with only one choice on the ballot - which local representative to choose for the House of Commons, so spoilage is quite low.

Re:Canada already has open-source voting machines

[Clover_Kicker]

> 1) Fill out the form correctly
> 2) Fill in ALL the checkboxes
> 3) Leave it half filled out or completely blank (arguably overlaps with #1 in some cases)
> 4) Stab themselves with the pencil

There's no form, just a little ballot with 5 or six names on it, with little party logos. The little boxes you check are white boxes on a black background.

I know people like making fun of Yanks, but we've no shortage of idiots up here.

Re:Canada already has open-source voting machines

[Smidge204]

That's a 'form'. And as a 'yank' I can assure you there are people who will not be able to mark it correctly. God only knows how they get to the polling places...

=Smidge=

Re:Canada already has open-source voting machines

[taniwha]

NZ too - we just had a national election - counted manually at the precinct level - polls closed at 7pm main results were in by 11pm

Of course we don't actually have a real result yet because the results are almost too close to call and the special votes haven't been counted yet (10% of the total and the 2 main parties are 1% apart) - still no one's panicing, the electoral office is taking it's time (2 weeks), doing it correctly, no lawsuits, no anguish ... people are being patient, better to get it right than get it done fast

Having lived in the US for the past 2 presidential elections (esp 2000) it's great to see an election been done sanely and simply.

So a few pens, some printed ballots, some cardboard boxes, an aggressive govt campaign to get everyone registered (run thru the Post Office who have the technology and day to day inclination to keep track of people who move) and a bunch of volunteers (both to run it and party scrutineers to keep everyone honest) - no need for computers, punched cards, hanging chads - cheap at twice the price

Re:Canada already has open-source voting machines

[John+Hasler]

> Since the Canadian system doesn't involve huge payoffs, er,
> contracts to friends of whichever party is in power at the time
> for faulty voting machines, it obviously cannot be used in the US
> elections.

Bullshit. Spring lake Township, Pierce County, Wisconsin uses paper ballots in every election. So do many other jurisdictions in the US.

Re:Canada already has open-source voting machines

[necro81]

It is difficult however to compare that system, which works for a nation of 4 million people[CIA world fact book], whose largest city tops out at just over a 1.2 million, to the system that would be needed for a nation of 300 million.

Re:Canada already has open-source voting machines

[taniwha]

why? are your electorates larger than 4 million? (I've lived there for the past 20 years, I know the answer is 'no') - besides how did you vote before we had computers, it wasn't that long ago, certainly after the US was more than 50 million people

In NZ we have proportional representation along the German model so one of our 2 votes is a party vote that is nation wide - while in the US you just vote for a local representative or state-wide vote for the electoral college - under the US system you never vote nationwide for anything ever, 4 million compared with 300 million is a bogus apples and oranges comparison - comparing your largest state with NZ IS appropriate

Besides it's not that difficult to scale - in the end someone calls in the vote to the electoral office, 10 times bigger does mean 10 times more phones and people at that level but from there on up it IS all computerised anyway - hell a spreadsheet can do that part - what is important is that all the local numbers are counted and scrutinised before they are passed upwards (parties get to run their own individual copies and will scream if they see a mistake)

What is important is that the whole system is laid bare, it's not in the bowels of a machine somewhere, anyone can show up and count the votes too, and if there's a dispute, there's a cardboard box full of paper that can be counted again

Anyway I think you missed the main thrust of my argument - you don't need to get a result right away, certainly not the same night, especially in the US where you vote in November and the President takes over in January - parliamentary democracies (like NZ) have MUCH faster changes of govt (under some circumstances the cabinet ministers would be packing their desks the next day) yet having watched this recent election result close up no one seems to be in any hurry to get much done until we have a final result - unlike say Florida 5 years ago where they really should have done it right rather than leave over half the country thinking they were robbed - elections like law don't just need to be done fairly they need to be seen to be done fairly too.

Democracy is such a fragile thing, we're lucky to have grown up in countries where it's been ingrained into our world view, it's not something that just happens overnight, to change a society to have a stable ongoing democracy takes generations before it really sticks and a lot of it has to do with some very basic trust that whoever gets elected they'll go quietly when their time is up

Re:Canada already has open-source voting machines

[Thing+1]

Everyone who is a citizen of the required age is allowed to vote, even if they're incarcerated.

It always bugs me when I see mention of this. It's something that I learned by distant example while reading Atlas Shrugged (choice quote below); all the US government needs to do is make a felony out of something innocuous and enjoyed predominantly by a certain class/race/lifestyle (like smoking pot), and BANG! All of a sudden, there's nobody left who smokes pot who isn't a felon, and therefore the inefficient, ineffective, society-destroying laws like the War on (some) Drugs are allowed to continue because nobody can legally vote for their removal.

We have too many laws. I want to do something about that--but what can I, an individual, do?

Atlas Shrugged quote from here:

"Did you really think that we want those laws to be observed?" said Dr. Ferris. "We want them broken. You'd better get it straight that it's not a bunch of boy scouts you're up against - then you'll know that this is not the age for beautiful gestures. We're after power and we mean it. You fellows were pikers, but we know the real trick, and you'd better get wise to it. There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced nor objectively interpreted - and you create a nation of law-breakers - and then you cash in on guilt. Now, that's the system, Mr. Rearden, that's the game, and once you understand it, you'll be much easier to deal with."

Re:Canada already has open-source voting machines

[HybridJeff]

"That's a 'form'. And as a 'yank' I can assure you there are people who will not be able to mark it correctly. God only knows how they get to the polling places..." Perhaps you would be better off if those people DID screw up and had their ballots spoiled. If they're too stupid to check a box after someone has told them to only check the box of who they want to vote for, well lets just say youd be better off without their votes.

Re:Canada already has open-source voting machines

[poopdeville]

We have too many laws. I want to do something about that--but what can I, an individual, do?

Drop Rand like the plague. Read Sartre. Camus too.

Yeah, right, like that will really happen

[Locke2005]

Just ask yourself the following: "Who has more money to pay lobbyists -- Diebold or the Open Source Movement?"

Re:Yeah, right, like that will really happen

[arbitraryaardvark]

Just ask yourself the following: "Who has more money to pay lobbyists -- Diebold or the Open Source Movement?"

Who has more lobbyists? Who has lobbyists who will work for free?

Now the tricky one is who has better lobbyists.

Re:Yeah, right, like that will really happen

[P0ldy]

True enough. "Hobbyist" is just an inch from being "Lobbyist."

Re:Yeah, right, like that will really happen

[adechert]

Industry shills showed up to oppose the resolution that makes this report mandatory. Here are some letters of opposition: http://www.openvotingconsortium.org/ad/242-opposit ion.pdf They got no where. We have to show up and make our case.

Very VERY good

[lilmouse]

This is very important in terms of keeping what's left of our democracy alive.

The number of abuses possible using Diebold's is simply staggering...

I'm impressed with a lot of the people campaigning against slimy voting machines - one is http://blackboxvoting.org/; there are people who have been devoting their lives to this since the last election... More then I'm good for!

Open Source voting machines will make it much easier for potential problems to be spotted, and a hell of a lot easier to get them fixed! The current companies don't really need to worry about fixing their problems - after all, what's wrong with fixing elections?

--LWM

Re:Very VERY good

[LionKimbro]

It doesn't matter if it's Closed or Open. It's still easy to subvert.

Great! Now we just need receipts..

[RUFFyamahaRYDER]

I think it's a great to have open source machines. I just wished they gave us a receipt. This site has a great page about receipts keeping our voting electronic voting secure.

Well, here's hoping...

[necro81]

I don't hold out much hope, especially since this is California - the land of the Guvernator. On the other hand, it is also the hotbed of the open source movement. So, there might be some hope.

What we really need is a tremendous scandal in an election: something like all votes are lost and Ross Perot gets elected to the school board, or something. Only then will people actually wake up and realize that they vote is easily in jeopardy from proprietary and unresponsive (and partisan, I might add) election powerhouses like Diebold.

let the flamebait mod down begin...

Re:Well, here's hoping...

[schwaang]

Well one thing I give props to da Guvernator for is his support of a ballot measure that gives a panel of retired judges authority over redistricting. This could help avoid the nonsense we have now in Kalleefornia where the legislature draws the district boundaries so that no incumbent of either party loses his/her seat.

(Much less the Tom DeLay nonsense in Texas, where only Democrats lose their seats by fiat.)

Unfortunately, (and predictably) the measure isn't supported by either party, and it will probably die on the vine. But it's the right idea.

Re:Well, here's hoping...

[MsGeek]

Retired judges who, by the way, are appointed by the Governor. In this case, Herr Gropenfuhrer.

All Californian Slashdotters should vote NO ON EVERYTHING this November. There are a couple of propositions on the ballot I would have actually gotten behind if they had been on any ballot other than this one. The Special Election is bad, wrong, and a waste of $80 Million US which could have been used in any number of better ways. This is Arnold's vanity election. Just say Nein. And don't forget, he's up for election in 2006.

Re:Well, here's hoping...

[schwaang]

Retired judges who, by the way, are appointed by the Governor. In this case, Herr Gropenfuhrer.

If it's good enough for common cause it's good enough for me. They aren't party stooges.

Re:Well, here's hoping...

[commodoresloat]

According to my ballot, the judges on the panel are chosen by being selected randomly from a pool of volunteers and then being filtered by the legislative leaders from the two parties -- each legislative leader selects a judge from the opposite party; of the remaining pool, three are selected at random with the caveat that each party must have at least one rep. Each of these judges must ssign a pledge not to run for offices affected by the districts they draw or accept public jobs for five years.

It's far from ideal, but it doesn't say anything about the judges being appointed by the Gropenfuhrer. Perhaps you got a different ballot than me....

(The irony of my joke is that this prop was almost left off the ballot due to slightly different versions of the proposition being on the petition). But three, umm, non-retired judges put a stop to that.

I haven't decided whether I support it yet but it seems more reasonable to me than the current system. The big problem I have with it is the concentration of power; that's only three people someone has to bribe or threaten. Two, actually. But I don't have too much of a problem with how the panel is selected (except the obvious built-in bias to a two-party system, but that won't change if we reject this proposition).

Pencil & paper: the true tools of democracy.

[CyricZ]

A paper ballot listing the candidates names, along with a pencil to mark a vote on the paper ballot, have proven time and time again for years on end to be the true tools of democracy. They just work, in countries like Britain, Canada, Australia, New Zealand, Hungary, Belgium, Germany, Holland, France, South Korea, Poland, Japan, Argentina, Chile, Mexico, Spain, Italy, Greece, and so on.

Re:Even open source software is a bad idea

[Rei]

safe by design-- i.e., based on paper

Yes, because everybody knows that paper is a write-once, ready many system with built-in user authentication which cannot be hidden, destroyed, or otherwise tampered with.

terminals which print out an ink ballot

That's part of the push for open source voting systems - you have a hard copy for verification. There are much better ways than just having it print out who you voted for so that you can drop it in a box - for example, one method which I read about not only keeps a paper record (which the user never has to handle, but is there for recounts), but prints out a tracking number that the user can enter on the election board's website and verify that their vote is in the system and who it is listed as being for.

Hey, Bruce -

[StarKruzr]

What kind of research/career work are you doing right now that's related to security of something like voting machines, and what kind of concerns do you have that you'd like to see addressed by an open-source voting system (besides the obvious one of transparency)?

Re:Hey, Bruce -

[Bruce+Perens]

I think I'm the Open Source expert :-) . I would like to involve experts like Bruce Schneiner to address the security issues.

It's 2 AM here in Norway, so I'm not going to write much else tonight.

Bruce

Re:Hey, Bruce -

[StarKruzr]

Looking forward to it.

(Also, I should note I am a Ph.D. student in CS at University of Notre Dame, and as such anything you say can and will be quoted in my Operating Systems class ;)

It's only fully open if...

[maggeth]

...we can inspect the source on the actual machines prior to their use (like, before they are locked down 24 hours before the election starts). Better yet, if the entire compile operation has to be done in front of the public so observers can see if any "special libraries" are added in at the last second.

The concern here is that since it is open source, any neer-do-well with a compiler could set up a backdoor to do evil things with the software, and then [Diebold, Microsoft, Satan, etc.] can claim that "oh noes! open source is open to attack!" and scare people back into the dark.

This has to be done in a completely transparent manner or else it could be disasterous.

Re:It's only fully open if...

[LionKimbro]

No, I'm sorry, but that's not sufficient.

The compiler (which is executed as a binary) itself could be subverted.

The compiler can take the good friendly Open Source, compile like normal (for the most part,) but then inject some nastiness wherever it was programmed to.

Even observing the compilation of the compiler does not help, because someone can subvert the compiler that compiles the compiler.

What I recommend: Humans performing pencil & paper counting under scrutiny of video camera and representatives of competing parties. Distribute the video tapes of the counting process on the Internet, and maintain archives for at least 12 years.

Re:It's only fully open if...

[ZachPruckowski]

Yeah, but if that happens, we're no worse off then we were, since right now, the company in charge could rig it, and we'd have no idea. If we compile in front of everyone, then test the box the day before use, we ought to be ok. Install the same software on every box, and then pick a box at random, and vote a thousand times for each guy, then, if all goes well, wipe the box of the votes.

Re:It's only fully open if...

[Grym]

Easy enough. Compile each stand-alone section of the system using different compilers compiled by different programs. If something isn't working correctly, either the voter is going to notice (when the paper ballot reader reads it back to him or her), or there's going to be a discrepancy between the paper tally and the electronic tally.

But honestly, isn't that a bit far-fetched? As if someone is going to be able to insert code into the GCC compiler? Well, if you think it's realistic, tell me: how does the chance of THAT compare to the ease of simply replacing paper ballots or just throwing them away in a river somewhere?

No matter how you look at it, this system is BETTER than paper. It offers all the advantages of computer voting with the reliability of paper voting and the potential security of both systems combined. Plus it's open source, which is cool. What's there not to like?

-Grym

Re:It's only fully open if...

[LionKimbro]

Will the voter notice? I don't think so. If I were hacking the election machine, I would make the paper ballot match whatever the voter put it.

As for the paper tally, I don't think there will be one. If there were any in the previous elections, I am not at all aware of them. The reason people want to do electronic voting, is so that they don't have to perform a paper tally.

Is it far fetched? "As if someone is going to be able to insert code into the GCC compiler?" No, I'm afraid it is not far fetched. Just think about the amount of money that goes into election campaigns. A mere $1,000,000 is way more than enough to subvert the electronic system.

You asked me, if I think it's worth it to people to rig the vote by hacking a compiler and making sure that it is the compiler that is used (not hard!): How does it compare to the ease of replacing paper ballots? Or just throwing them away?

And here's where we get to the solution that I propose: Video tape all handling of ballots, and the counting of ballots. It is now easy to record all ballot access, and place those records on the Internet. People should always access ballots in full view of both cameras, and members of parties, and whoever else wants to be an observer. The observers can then verify the video records. ("Yes, that is really what happened. This is not a false video.") Etc., etc., etc.,. This is much harder to fake out.

No, it's not true that "no matter how you look at it, this system is better than paper."

Electronic voting is not as trustworthy, because we've seen demonstrations of just how easy it is to subvert these guys. You have not presented any reasons why the hack I linked to is not reasonable. This is a remarkably simple hack, and Ken Thompson described the basics of how to write it. It is not expensive, it is very easy to perform. All you need to know is how the compiler will be aquired. Somebody will have the authority to choose the compiler. All you need to do is to be that person, or to find out what that person will do, or to intercept the request to retrieve the compiler; There are many ways to put the bugged compiler in the right place.

You could even subvert the commands "mv," "cp", or have the operating system of the machine it's compiled on perform a well timed switch, when nobody's looking. There's a million ways to do this.

Do not mistake my criticism for luddite conservatism. You are speaking with a hardcore transhumanist programmer. I've been programming since I was 7, and I look forward to the day when I can detach my brain from my body, and load it into an electronic cube. That is until we have the technology to siliconize the brain. You can confirm that I think this way because I'm Internet bonded. I am totally into tech.

It just happens that, in this case, the best technology is called paper & pencil & video recorders broadcasting and archiving onto the Internet.

Re:It's only fully open if...

[Grym]

Will the voter notice? I don't think so. If I were hacking the election machine, I would make the paper ballot match whatever the voter put it. As for the paper tally, I don't think there will be one.

Did you even read the article? The whole system revolves around the stand-alone nature of each part and that the paper tally is taken.

-Grym

Re:It's only fully open if...

[adechert]

The compiler can take the good friendly Open Source, compile like normal (for the most part,) but then inject some nastiness wherever it was programmed to.

No one is claiming the open source solves everything. It's a necessarly feature of a transparent voting system. There are many other rules, procedures, etc. necessary to make it all work correctly.

What I recommend: Humans performing pencil & paper counting under scrutiny of video camera and representatives of competing parties. Distribute the video tapes of the counting process on the Internet, and maintain archives for at least 12 years.

Sounds like a security nightmare to me.

1. Are you going to prepare the ballots without computers too? That's where many problems occur.
2. Sure we need representatives of competing parties. Still, consider that Democrats in the South are really Republicans.
3. The fact that they hand count in other countries is irrelevant. Typically, they are voting for one thing (Member of Parliament, for example). We've analyzed ballots with 44 contests and even 76 contests. Here's one in Santa Monica CA that had 44 contests and 95 candidates: http://www.smartvoter.org/uvote4/uvote4.cgi?addr=1 719++WILSHIRE+BL&date=2002/11/05&zip=90403
4. Consider a presidential year general election. 200,000 pollsites and an average of 500 ballots per pollsite. How many millions of counters will you need? How many millions of scrutineers of counters will you need? How many millions of cameras? How many people are needed to coordinate, train, supervise the whole process? How much will all that cost?
5. Computers are great at counting and following rules. Your proposal (which, fortunately, has zero chance of adoption here in the U.S.) has one major flaw: you want to use people for exactly what they're really bad at doing: counting and following rules.

Re:It's only fully open if...

[LionKimbro]

I question the irrelevance you cast on hand-counts. Your conclusion does not follow. If it takes 6 days to count, rather than 3, well, that's fine by me.

As for overseers: I think I explicitely said that anybody could oversee.

Computers are great at following rules. The problem is, it's so incredibly easy to give them bad rules.

You still haven't answered any of my complaints: Anyone who has access to the computer before compile-time, can make it replace the output objects and executables.

If you don't think big money is going into thwarting the system, think again.

You can't replace trust with expedience, no matter how great the expedience. Not in a Democracy.

NO NO NO NO NO

[crimethinker]

A hundred times, NO. I've beat this horse to death many times before, but it seems to be moving a bit, so here's another whack.

A receipt, whether a plain-text record or a number you can use over the phone or the internet, makes coercion so easy as to be laughable. What happens when your employer support some particular ballot measure, sees it fail at the ballot box, and then has an off-the-record policy where you show your receipt to the right people, and if it that says you voted for the measure, it will be in your favour the next time layoffs come around? What about a union shop that wants to make sure people voted, and voted for the "right" people? How about the police department wondering who supported the tax increase to pay for more police officers?

Sadly, because there are so many ways to abuse a verification mechanism, I have to conclude that a secret ballot must be kept absolutely secret, even from the voter himself once he drops it in the ballot box. And that's why I still favour pencil and paper, or punched cards. At least there's something tangible to go back and recount.

-paul

Re:NO NO NO NO NO

[evil+agent]

I agree, voting needs to remain absolutely anonymous. BUT, there still must be a paper trail. The 'reciept' you get after you vote will list WHAT votes you made but will not identify WHO made the votes. An official would ask you "Are the votes on this print-out the ones you intended?" If yes, allow the electronic votes to be recorded and keep the print-out. If no, destroy the print-out, delete the electronic votes in the machine, and try again. The nice thing is that later, you can hand count the print-outs and detect any discrepancies with the electronic votes.

Re:NO NO NO NO NO

[schwaang]

And I've said before: paying thousands of people for their votes is still more democratic than paying a few people (CEO of Diebold, etc.) for thousands of votes.

Re:NO NO NO NO NO

[wyldeone]

The correct way to implement this would be to not let people keep their reciepts. You would vote, it would add your vote to a databse, and then print out a verfication slip. You then look at it, and verify that it is correct, and then you drop it in a lock box, which is then kept for a recount.

Re:NO NO NO NO NO

[_Sharp'r_]

The obvious solution to that dilemma is to have the voter use whatever computer/machine to create the human-and-machine readable ballot, let them look it over all they want before they leave the voting booth, then they actually vote by dropping their particular ballot into the ballot counting machine next to the judges.

Just like they do in most places right now, stick a serial number on each ballot and record the serial numbers you give out to each registered voter (not recorded matched to the individual) so that they can't be easily duplicated.

Then you can have the machines count the ballots to get an instant total, the person who voted can be sure that their vote was created and fed into the machine as they requested, and as a last resort in a dispute, you can process every individual ballot by a human instead of by a machine, or re-run them through the machine, or whatever you want to do with them, since you still have a physical human and machine readable ballot.

Do some basic checks like matching the number of registered voters whose signed in with the number of ballot serial numbers given out with the number of votes recorded by the machine and you're set. In an intense dispute, you can individually verify that the serials on the ballots the machine is counting matches exactly with the list of serials the judges gave to the voters.

A system where you can use an electronic or physical voting machine to make marking your ballot easy, the voter can physically see that their ballot is filled out properly, you get an instant machine counted vote total, you can recount the votes manually or automatically and as long as you have an observer/judge from each interested party at the polling place (as under the current system), they can watch and be able to 100% verify that the counted vote total is accurate and that the process has been followed.

See, the flaw in electronic voting isnt't the user interface, it's in the storage and transmission of the vote results. That's where we need the transparency, because that's the major fraud potential.

Re:NO NO NO NO NO

[statusbar]

The print-outs needs to go into a box in the voting machine after they are visually validated by the voter.

If you can hold the vote receipt, then you have to be able to deal with the forged vote receipts as well

jeff

Re:NO NO NO NO NO

[Tiger4]

Looks good to me. I agree wholeheartedly.

"See, the flaw in electronic voting isn't the user interface, it's in the storage and transmission of the vote results. That's where we need the transparency, because that's the major fraud potential."

The problem became blindingly obvious with the physical medium of punched card ballots. Hanging chads and how the votes "change" every time the card is handled. It is far from the only problem with the votiing process, but it is the most obvious.

And the knee jerk solution -- "Let's use COMPUTERS!" -- turns out to be bad too.

People are stuck on the idea of counting the vote at the voting booth. Seems obvious, but lots of errors can slip in there too. If I tap a selection on the ballot and that choice is added to the database, then I change my mind and my choice has to be backed out of the database, that is two places for error and fraud to creep in. Just eliminate it. The machine in the booth is just there to hand me choices. Period. It doesn't count a thing. It hands me a human readable voting slip with my choices on it. (Only Human readable by the way. No bar codes.) The only vote that counts is when I drop it into the big public ballot box.

The only error that can creep into this system is in reading the ballot back into the counting machine. OCR scan errors of some kind. And they can be detected and corrected if a hand recount is needed. In fact, a few contests ought to be hand counted anyway, just for auditing sake.

As long as Margin of Victory >> than Margin of Error, you have a pretty good election.

Re:NO NO NO NO NO

[schwaang]

Don't think it wouldn't happen. I've met several high level people with very very very strong political views (they were also assholes).

Oh - so you met Wally O'Dell then?
(cluestick: he's CEO of Diebold, and he has strong political views.)

Re:NO NO NO NO NO

[John+Hasler]

> The correct way to implement this would be to not let people keep
> their reciepts. You would vote, it would add your vote to a
> databse, and then print out a verfication slip. You then look at
> it, and verify that it is correct, and then you drop it in a lock
> box, which is then kept for a recount.

You're part way there. Now leave out the part about the database and substitute count for recount and you'll almost have it.

Re:NO NO NO NO NO

[cpeikert]

The "correct" way is for the paper vote itself to be the official ballot -- not just a backup in case of a recount.

Re:NO NO NO NO NO

[mabhatter654]

I love my Michigan ballots! In my county we use "connect the bars" type ballots. You get a simple sheet of paper with the issues on it and connect-the-bars to flag your vote. You have to make a half-inch black line to connect a larger line. To count the votes they are scanned in to an electronic counter/lockbox. All the election officals have to do is read off the numbers to the state office... nice and simple. Then the lock boxes are sequestered for several months until the election is confirmed then the ballots destroyed by the state election commission. As far as paper trail, each ballot has a tear-off serial number that they keep when they give you the ballot along with your voter proof. If an issue was to come up, they could get all the serial numbers back to compare against the cards for valididy. Sure it's not 100%, but you gotta put some trust somewhere.

It's about as perfect as you can get. It's simple for even elderly to understand. It's counted electronically to speed things up. The orginal copy with the marks are secured until the results are final. And the best of all, you still have paper copies should you need to hand recount.

The main thing I see need for in election reform is more consistancy, and more openness to alternate-shift workers. The current system is heavily biased toward 9-5ers that are salary with flexibile hours... it's a bit unfair to those hourly people that work 10 hours half-an-hour away. Another addition to that bias are the constant mini-elections townships and school districts have. sometimes it feels like the whole thing is geared to those who have nothing better to do than sit around thinking about voting.... That would be why the senior vote is SO strong. I'd like to see the establishment of 4 election holidays throughout the year. it would be a 48 hour period maybe over one of those "monday" holidays that time off would be compulsory [note that you wouldn't be forced to prove you voted, just have the time made available to you]. I am a big believer in GOING to the polling place to vote. That's where you meet the other people that live around you... you should vote together there.

Re:NO NO NO NO NO

[naasking]

A receipt, whether a plain-text record or a number you can use over the phone or the internet, makes coercion so easy as to be laughable.

The people behind these open voting designs are not so stupid as to forget about the coercion vulnerabilities. There was a voting machine design proposed a few years ago, in which the printout was a pair of tranparencies with an encrypted code indicating the vote (readable by computer). Each transparency was unreadable by humans individually. Overlapping the transparencies makes it readable to humans which vote was recorded.

Process is: Voter receives receipt of overlapping transparencies, verifies it correctly reflect their choice by visual inspection, strips off the one containing the computer code, and drops it in the ballot box. The other you can take with you. I'm fuzzy on the exact details, but that's was more or less the idea.

Re:NO NO NO NO NO

[Frogbert]

Well if you did that there would be no way to verify if someone had dropped in in the lock box. It would be better if you had a glass screen that showed you the printout and then dropped it in the box itself.

Re:NO NO NO NO NO

[ExoticMandibles]

Solution: while at the polling place, you can only vote for real exactly once, but you can enter as many "fake" votes as you like. They could have one or two duplicate polling booths that say "FAKE FAKE FAKE" in person, and if you vote there, everything happens like normal except your vote doesn't actually count. You would get a gen-u-ine receipt that looked for all the world like a real vote. The only people who could tell whether a particular vote was "real" or "fake" would be people in the election commission.

Re:NO NO NO NO NO

[Dwonis]

David Chaum solved the receipt problem not too long ago.

Re:NO NO NO NO NO

[Krimszon]

There is also an idea to make a slip in two parts, your vote only readable with both parts, one of which must be left behind. So you get the slip, read it to see it's ok, then take the top part of the slip with you and leave the bottom behind. No one can see what you have voted, but if it must be done, the gouvernment can with both parts of the slip.

Open-source not the most important thing

[Todd+Knarr]

I think they need to concentrate not on a system that's open-source, but on a system where you don't need to trust the hardware to be able to verify the results. Open-source would be nice, but IMHO the critical requirement is more that you should be able to determine whether the reported results are correct without having to put unconditional trust in any one part of the system.

Eg., a system where the terminal records your vote electronically, then produces a printed ballot with both human-readable and barcode on it. The barcodes can be scanned quickly, so it's possible to compare the electronic results to the printed ballots. A template of the barcode for each possible value can be used to let humans quickly determine whether the barcodes match the human-readable name. And the voter can verify before putting his printed ballot in the box that the human-readable names on his ballot match the way he voted. Securing the physical ballots is similarly amenable to methods that insure that it'd take an improbable conspiracy to actually succeed in tampering with them.

Re:Open-source not the most important thing

[Tiger4]

Can't go along with the barcode. This needs to be easy. 4th grade education, with one bad eye and a drool easy.

Human readable only. Or at worst, a short numeric code for the person or proposition voted for. Bob Smith 0041, Joe Smokes 0042, Jim Jakes 0043, etc.

Anything that needs translation can be subverted. I like the use of computers to make it fast, but we need to be able to fall back to pencil and paper methods smoothly. Ultimately, dump the computers and just live with the delay of getting full returns back.

Re:Open-source not the most important thing

[e2d2]

I think they need to concentrate not on a system that's open-source, but on a system where you don't need to trust the hardware to be able to verify the results. Open-source would be nice, but IMHO the critical requirement is more that you should be able to determine whether the reported results are correct without having to put unconditional trust in any one part of the system.

But see that's impossible. How can you run your code on a piece of hardware and not expect it to have complete control? Anything that can run your code can certainly alter it to do whatever it pleases. Especially when you go down even further to the embedded level where small silicon is flashed and a simple flip on a switch means "President Wins 3rd Term!" how do we verify those? I mean seriously a programmed BUS can be exploited if it's not scrutinized. All of the hardware _must_ be open as well as the software if we're gonna do this right. The idea is to build trust. You can ony do that with true transparency at every level.

Re:Open-source not the most important thing

[Todd+Knarr]

Problem: human-readable is hard for machines to interpret at high speed. With barcode you can scan ballots and tally them basically as fast as you can feed sheets through the scanner. That allows for convenient cross-checking of the electronic total, and makes it feasible to verify a large percentage of the ballots (in theory you could scan 100% of the ballots in a few days, making the electronic totals simply an early prediction and not the official result). That makes it really hard to fudge the electronic totals without it being caught.

And yes, I allowed for the possibility of the terminals programmed to print a different barcode than the voter wanted. That's why there's also a human-readable version printed. To check whether the human-readable and barcode entries are the same, a human can read the name, pick a template of the barcode that should go with that name, put the template against the printed barcode and see if it seamlessly matches (barcode OK) or if the lines don't match (barcode doesn't match name). Humans are good at that kind of visual pattern-matching, so it should be possible to check 20% or so of ballots this way. If the checks are done at random, it should be very very hard for the barcodes to be fudged without it being caught.

As a final check, in case someone has managed to both alter the barcodes the terminals print and the templates used to check the barcode-to-name matching, you can manually count ballots using only the human-readable names. You wouldn't do this for a large percentage of the ballots, say 1 precinct in 20 selected at random. I'd have both the selection and the counting of ballots done not by election officials but by representatives of the various parties and interest groups observing the election. They don't all want the same outcome, so it'll be very hard to get all of them to agree to fudge the results the same way. If the manual count disagrees with the electronic or barcode counts, we go to more extensive manual counts.

Three different layers, all using different technologies and methods to verify the count. If the barcode scanners are made by a different vendor than the voting terminals, the barcode checking templates are prepared by someone unconnected to the terminal and scanner vendors and the name counting is done by people not connected to the rest of the voting system and with competing interests, it should be almost impossible to fudge the count by any method other than wholesale replacement of the printed ballots prior to the first barcode scan. And that, quite frankly, is a problem that can be handled by simpler techniques than those needed to secure a fully-electronic system.

Re:Open-source not the most important thing

[Todd+Knarr]

You're right, but then that's what I said: we need a system where we never have to trust any one piece completely. We can't trust the hardware. Even if it's open-source, we can't trust the software because the hardware might not be running the software we think it is. So you design a system where even if the voting terminals are completely compromised we can still tell whether they produced the correct count or not.

In short, I don't want a system we can trust, I want a system we don't have to trust to be confident in the results.

Re:Open-source not the most important thing

[Tiger4]

I see how you can make it tamper resistant, by adding additional checks. I want to make it tamper resistant and simple, so that computers are not ultimately required. If I have to sacrifice some speed to make that happen, so be it.

As an example, I was looking at what it would take to do a large election in California. Multiple state-wide officers, congressional districts, state senate and assembly districts, county and city races, special local and regional districts, plus propositions. Figure 8 political parties per contest. Guess what? It is still less than 100,000 names to track statewide. A 5 digit namespace. Make it 6 to be sure (add a parity digit). OCR of numbers is done all the time. Look at your checks. It is fast, and relatively transparent to the voter. We can buy LOTS of scanners to get the speed up. On the other hand, barcodes take brainpower to understand and decrypt. If we design the opporuntiy for fraud out of the system, we don't have to worry about it (as much).

Re:Open-source not the most important thing

[Todd+Knarr]

The thing is, your numeric codes are equivalent to barcodes. They're both an encoding of the actual selection, and require a mapping from the code to the selection. That opens the possibility of tampering not with the ballot but with the mapping. With the actual selection printed out (name, proposition yes/no, etc.) there's no mapping to tamper with, the ballot itself contains everything needed to tell how that ballot should be counted. The idea is that that is the only thing humans normally need to interpret directly. All else is for the convenience of machines. Humans never interpret the barcode, the most they do is check whether the barcode printed on the ballot matches the template barcode that goes with the human-readable selection. Yes, we can OCR printed text, but it's not as fast or reliable as scanning barcode. With smudges, creases and such OCR has a 90-95% accuracy, but barcode has a better than 99% accuracy rate (and essentially 100% of the failures will be failure-to-scan instead of an incorrect scan result). The lower the error rate, the less hassles we have with false-incorrect counts (scanned count doesn't match electronic count only because of errors in scanning).

A Step in the Right Direction

[Comatose51]

I don't see how anyone can argue against using Open Source in a democractic process or having the code be open to examination. Being open seems in line with the spirit of democracy and akin to the idea of transparency.

transparency is introduced as a means of holding public officials accountable and fighting corruption. When government meetings are open to the press and the public, when budgets and financial statements may be reviewed by anyone, when laws, rules and decisions are open to discussion, they are seen as transparent and there is less opportunity for the authorities to abuse the system in their own interest.

Closeness and secrecy tend to be associated with dictatorships and tyranny.

Haven't we already had that scandal ... Bush!

[almound]

Scandal? I can't think of anything more scandalous than last year's presidential elections.

Well, maybe this year's announcement by Federal Reserve Board Chairman Alan [Sober To A Fault]Greenspan to France's Finance Minister Thierry Breton that the American budet deficit has spun out of control.

http://today.reuters.com/investing/financeArticle. aspx?type=bondsNews&storyID=2005-09-25T005906Z_01_ N24701644_RTRIDST_0_GROUP-FRANCE-GREENSPAN-UPDATE- 1.XML

Can anyone spell "d-e-p-r-e-s-s-i-o-n"?

Re:Haven't we already had that scandal ... Bush!

[necro81]

Scandal? I can't think of anything more scandalous than last year's presidential elections.

I'd agree that there was a lot of fishy business with the 2004 election; in California, in Ohio, etc. In truth, what happened in Florida in 2000 seemed much worse to me, and there was even a paper trail (of sorts) in that case.

I suppose one could look at it as Hegel would: 2000 demonstrated the shortcomings of (one) current paper-based election method, and so things migrated naively to the electronic systems of 2004. Maybe, just maybe, we'll be able to reach a correct equilibrium somewhere in the middle.

No.

[StarKruzr]

You are conflating "strike it rich" with "be successful," which is the REAL end of the American dream (though American consumer culture has kind of squashed that fact flat a bit).

In fact, the real idea of the American dream is that anybody, if they work hard enough, can achieve their goals. This is an important distinction to make.

If the goal is accurate, secure, reliable voting software, well... I think reasonable people can disagree as to which method (free, gov't-developed, OSS or corporate) is better - though I certainly have my own opinion on the matter.

Re:No.

[Rei]

Well, for starters, wikipedia says:

"The American Dream is the idea (often associated with the Protestant work ethic) held by many in the United States of America that through hard work, courage and determination one can achieve prosperity. These were values held by many early European settlers, and have been passed on to subsequent generations. What the American Dream has become is a question under constant discussion."

That's what I've always heard it taught as, as well. Where does your variant come from?

How about one that is to the point and simple

[Rac3r5]

So far the best E-voting system I have seen is the one used in India. Each EVM cost only $120. Even here in Canada we use the backwards pencil and paper system.

Here is a description of the one used in India: http://www.eci.gov.in/EVM/index.htm

Here is a comparision between the Deibold and the Indian EVM system:http://techaos.blogspot.com/2004/05/indian- evm-compared-with-diebold.html

Here is a wikipedia article on it:http://en.wikipedia.org/wiki/Indian_voting_mach ines

Implementing a system like this can make it so much easier to count votes and do it quickly too.

Open Voting Consortium website

[karl.auerbach]

If you are looking for the Open Voting Consortium website, it may be found at http://www.openvotingconsortium.org/.

The basic idea that the OVC promotes is that of a computer-assisted voting station (or stations, to accomodate different kinds of voters who have physical impairments) that produces a paper ballot that *is* the official ballot and that can be read by both humans and computers.

This goes one step beyond verified voting. Verified voting has paper records that serve as audit trails but that are not themselves the official ballots. The OVC system goes one step further and makes the paper that the voter sees and approves the actual ballot.

There are a lot of complexities in voting systems; the OVC system avoids many of these difficulties because it is really a conservative application of computers to traditional methods.

In addition, the OVC system, because it produces a paper ballot, can have many different kinds of voting stations to accomodate the different physical needs of different voters.

The OVC wants voting software to be, at a minimum, open to inspection and testing by anyone.

Personally, I can conceive of some people who might come up with clever user interface mechanisms to help voters deal with ballots - and I personally don't think that those mechanism need to be part of the open voting systems. However, the core aspects of creating, handling, and counting ballots should not be wrapped in inpenetrable proprietary shrouds - every voter must know for a fact that his/her vote has been correctly recorded and correctly counted.

By-the-way - full disclosure time - I'm on the Board of Directors of the OVC.

Re:Open Voting Consortium website

[adechert]

By-the-way - full disclosure time - I'm on the Board of Directors of the OVC.

but you missed the last board meeting.

I know, you were in Sweden and all. See you soon. Thanks.

Re:Pencil & paper: the true tools of democracy

[learn+fast]

Pssht. Everyone knows that in order to work better, it has to be newer and more expensive.

Re:Fear and loathing

[follower_of_christ]

This could go very very wrong. I have ugly visions of bureaucrats and academics working on this. Bad, Bad, Bad!

Or even worse. The inventor of the Internet, Al Gore!

Is there really

[StarKruzr]

that much difference between "success" and "prosperity?" How do you define prosperity? Wikipedia says it's synonymous with successfulness.

It isn't just about money. I suspect the Puritans who developed the aforementioned work ethic would tell you the same.

Re:Is there really

[Rei]

Don't just read my summary of the article - read on, they go into a lot of depth, completely backing up my position. You better get your own source which contradicts the Wikipedia version.

In fact, as mentioned in the Wikipedia article, the concept of the "American Dream" was really popularized by Horatio Alger, Jr, a writer who in his time was as big of a seller as Mark Twain. All of Alger's stories were the same general outline: a boy grows up in poverty, but through a combination of luck and hard work, he ends up wealthy.

Re:Is there really

[ZachPruckowski]

I think the main critique is between "successful"/"Prosperity" and "rich". My parents are by no means rich, but they live comfortably off their salaries, and own their own home (the half that the bank doesn't). Furthermore, they raised 2 kids, and have gotten me into college, with my little sister not far behind. The American Dream is if you work hard, you'll make it through OK. Now, on to the topic: It's a darn good thing. This way, we can all see flaws or attempts to manipulate the ballot (not that I'm accusing, just saying it could happen).

Not just voting machines

[axonal]

Anyone else notice that Diebold also handles other highly critical transactions? They make ATMs for Wells Fargo to card access for campuses?

Re:Not just voting machines

[demachina]

Its not clear what point you are making here.

- Is it they do other critical transactions so they must be good at it.

- Or is it that their ATM machines might be bad too.

If its the later, ATM machines are completely different problem from voting machines.

ATM machines have to have printers and provide a receipt at least as an option. Most of Diebold's machines have no printer and no option to get a receipt.

If Diebold's ATM machines start doing wrong transactions it would become immediately apparent to the bank and any customer who has a bookkeeping system.

ATM machines and bank transactions don't have to maintain anonymity of the user, voting systems do. It really complicates validation of the transaction.

A paper receipt, verifiable by the voter, deposited in a lock box and subjet to very random recounts would solve most of the uncertainty in electronic voting.

All in all open source would be better than closed source for electronic voting machines but it would provide zero certainty that the election still isn't being rigged electronically. The only two good ways to insure good elections are:

- paper ballets marked with a pencil, watch and counted like a hawk by multiple adverserial observers which works great in just about every country but America.

- if you have to do evoting, you have to have a printer, and a human verifiable receipt going in to a lockbox and hand recounted by adverserial.

Re:Not just voting machines

[Chris+Burke]

I think the point is that Diebold is capable of making a secure machine for a task as important as banking, and therefore should be capable of making a secure machine for voting.

ATM machines have to have printers and provide a receipt at least as an option. Most of Diebold's machines have no printer and no option to get a receipt.

Even if the customer doesn't print a receipt, there is a receipt printed internally. There is no way the banks would trust the system otherwise.

A paper receipt, verifiable by the voter, deposited in a lock box and subjet to very random recounts would solve most of the uncertainty in electronic voting.

It sure would. And Diebold said repeatedly that such a thing isn't necessary. Even though it is obviously necessary in the banking case.

The conclusion, to me, is that since Diebold is capable of making secure machines, and has denied the need for what is an integral part in their own secure machines, the must not want to create secure voting machines.

It's really a scary conclusion, but what else fits?

Re:Not just voting machines

[demachina]

Well as I said ATM's and evoting are different problems.

If Diebold's ATM machines started charging peoples accounts for withdrawls larger than they got cash for, or started handing out money without debiting their accounts it would be instantly obvious to either the bank, the customer or the both. This is regardless of whether there is a receipt. If the customer is screwed having the receipt is of high value in proving their case but its not really mandatory. Even without it a track record of wrong transactions would eventually lead to revolt by bank or customer. If customers got screwed once, and it wasn't fixed they would change banks or the bank would fire Diebold the first time their machines didn't balance and they couldn't explain and resolve it. Balancing books is much easier and more transparent than counting votes where you have no idea of what the result should be.

There may be malevolence on the part of Diebold here, but I suspect the larger problem is people in America at some point made the mistaken assumption that ATM's and evoting are the same thing, since we use ATM's we should vote the same way. That was the fatal mistake. ATM transactions are really easy to audit and to detect error. With evoting there is an endless number of places the system can be compromised and they are impossible to catch without a paper trail.

If you are leaving a paper trail and relying on it for the integrity of the vote there is an open question as to why you need the expensive computers in the first place. The only rationale I can see is to prevent voter error or to give access to the disabled. For anyone that can put an X in the box next to the name of their candidate, paper and pen still appears to be the best system imaginable, as long as the ballots are secured, monitored and counted by multiple adversarial representatives.

From a market perspective I could see why evoting vendors don't want a paper trail. They want to sell their expensive electronics. If people figure out the paper part is the only trustworthy part of the system there is a chance they would deduce they are mostly wasting money buying the computers, and should go back to pen and paper. They also run the risk that their machines will in fact make mistakes and if there is a paper trail which constantly highlights these failures people would lose trust in them, would turn on them and stop buying them again, or lay charges against them for vote rigging, even if it was due to incompetence. Its a lot better for them like it is now, because its impossible to prove the machines are wrong. Whether it be due to malevolence or incompetence these companies don't want to be proved wrong by a paper trail.

Great idea, but are IDs required

[Zoomshare]

Well this will stop dead people from voting, but without the need to show ID before voting who knows who will vote i.e terrorist, criminals, teens..hahaha.what a thought teens voting ..wheww

Bigger fish to fry

[M00NIE]

The people who develop the current voting systems do the auditing. Does anyone see ANYTHING wrong with this? "Shh, don't ask any questions, we know we did it allllll good"

I will admit, when I go in to vote, they hand me my little key (which anyone could rip off), I put it in the machine, I pick my choices... and I press that enter button and wonder. What exactly happens when I hit that button? I don't get any kind of confirmation printout. Hey, if the system just choked, my votes may have just been obliterated and noone would be the wiser or have any way to verify anything. A verification code I could write down on the back of my hand would even be progress. I get NOTHING.

I applaud McPherson trying to do something, but I wish we could first provide even the most basic of auditing in on these systems before we start talking about new platforms to run them on.

I'll argue against it

[Soong]

Easy. I argue that voting machines are a waste of money. It would be cheaper to count paper ballots by hand. When we can build super-cheap, super-reliable and super-trustworthy voting machines, then will be the time to move away from paper ballots. I'm a geek who loves the techno-fix for anything else, but it just doesn't make sense for voting.

Almost as many as we can with paper ballots

[Shivetya]

I look at voting this way, even if I have a receipt there is still no way *I* will be able to verify that my vote counted. I want to go one step further beyond a paper trail. I want a web based method where I can punch in a code at the bottom of my receipt to show that it is indeed in the system and was accepted. They have systems to verify the integrity of lottery tickets they can certainly do this.

I also want a voter ID system that requires a photo. This voter ID must be free and easy to obtain. I have seen many complaints against such systems under the claim they "disenfranchise" people. Yet at the same time nothing is being done to ensure those who vote legally are not disenfranchised by fradulent voting. It goes both ways. If it is too much of a burden to get an ID should they be "easy" to get then it probably is too much of a burden to actually expect these people to vote.

As for Diebold, just be willing to admit the number of abuses using OCR, punch card, and other systems are just as bad, the difference is that we are used to it. Plus the Diebold angle is mostly pursued by those who want to cast doubt on an election they will not accept

Nah

[StarKruzr]

I don't really care to, feel free to claim victory if you want.

What bothered me originally is that your first post in this thread seemed to infer that the "American way" is bad because it encourages capitalist activity with regard to software development.

1) I don't think it DIScourages Free/OSS development.
2) I don't think commercial, closed software development is bad in and of itself,

though I suspect we agree on the question of which is better for a voting system.

Rock the Source

[gadzook33]

I'm a huge proponent of open source software and I completely see the benefit here. However, I think it's interesting that no one was really clammering to see the insides of the machines when they were electromechanical (or mechanical for that matter). What's changed? Is it simply that we're empowered now?

Re:Rock the Source

[Tiger4]

People always knew the old mechanical voting machines were rigged. But they were rigged by Our guys, so it was Okay.

Bruce Perens? What about Bruce Schneier??

[MagicMike]

Subject says it all. I was under the impression Perens was an open source advocate and may have some security cred, but wouldn't Schneier be the natural choice?

Re:Bruce Perens? What about Bruce Schneier??

[Bruce+Perens]

I volunteered to help OVC, and that's one reason I'm mentioned. I think I'm supposed to be the Open Source expert, although I do security work. Schneiner is several orders of magnitude above me in that regard. If there is the slightest possibility that we can get Schneiner to participate, I'd do everything possible to get him on board.

Bruce

Re:Bruce Perens? What about Bruce Schneier??

[Bruce+Perens]

how do you retain credibility now that you too are (kind of) dead?

Tee hee. I hadn't seen that.

Bruce

Re:Bruce Perens? What about Bruce Schneier??

[MagicMike]

Well hey, you definitely have my best wishes in this endeavor, Schneier or no.

I'm a CA voter myself (even had a polling place in my garage one year) and care a lot, but it never seems like there's a lot that can be done to keep the process itself clean.

I'll follow this, as I'd love to see that change.

Re:Bruce Perens? What about Bruce Schneier??

[Bruce+Perens]

Thanks! Like all community folks, you are welcome to call me at 510-526-1165 and discuss this stuff. I'll be there on Monday. :-)

Bruce

Re:Bruce Perens? What about Bruce Schneier??

[adechert]

I talked with Schneier some about OVC around a year ago. I did not contact him about being on the panel because I doubt we'd be able to get him scheduled. I think he lives in Minnesota or Wisconsin -- somewhere around there. If he was really willing and able to do it, I'd try to have him included. At a bare minimum, we'll ask him to provide testimony.

exactly!

[RelliK]

In all this open source/closed source voting debate people completely miss the more important question: *why* are you pushing for voting machines in the first place? What problem are you trying to solve?

As a Canadian, I am completely baffled by our neighbours south of the border. Here in Canada, the *entire country* uses identical paper ballots and it works beautifully. Nothing can be more simple, transparent and verifiable than that.

Let me give you an example I really like. Back in 2000, Canadian federal election was called at the end of november, so it occured a few weeks after the US election. We knew the results the next morning (or, those who cared to stay up late, knew it the same day). In the meantime, our friends south of the border were still counting pregnent chads and butterfly ballots. At that point everyone went "huh? *that* is the world's greatest democracy?"

So seriously guys, what problem are you trying to solve with punch cards and computers? It clearly can't be the scale. Canada has twice the population of Florida and way more political parties. Convenience? No, can't be that either. One of the problems in Florida was that the voters found the butterfly ballots confusing. Speed of counting? No, can't be that. Canada, with twice the population and much greater voter turnout, managed to count all the ballots by hand in a few hours after the polls closed. So... uhhh.... what?

The way I see it, anything other than paper ballots serves only to obuscate voting and provide pork barrel for corporations that "donate" enough money. Electronic voting machines make the problem much worse. If there is no physical record of a vote, fraud and vote tampering is ridiculously easy. Think about it: how can you trust that a computer will add 1 vote to your candidate when you press the button? A group of security researchers have answered that question: you can't. Voting machines must contend with two conflicting requirements: verifiability and voter anonymity. Therefore, the only machine that provably satisfies both requirements is one that prints out a piece of paper that you deposit into the ballot box. In other words, a machine that acts as nothing more than a high-tech pencil. Whoop-deee-dooo! big progress!

So anyway, while open source voting machines are "better", they still don't solve the root of the problem: electronic voting reduces transparency and simplifies vote tampering. The proper solution solution is to go back to paper and pencil. But no, we can't have that. That would be admitting a mistake. And USians never make mistakes. Besides, paper & pencil is only used in those backwards uncivilized countries like Canada, Britain, Germany, France, Japan, etc. We are all k00l and high-tech and stuff!!!

Re:exactly!

[John+Hasler]

> In all this open source/closed source voting debate people
> completely miss the more important question: *why* are you pushing
> for voting machines in the first place? What problem are you
> trying to solve?

The usual arguments for machines are speed, accuracy, and handicap access. Speed, of course, only matters to the newsies. To hell with them. Well-designed ballots, simple templates, and competent election judges can provide more than adequate accuracy. The handicapped can continue to have someone assist them as they always have.

The strongest argument against electronic machines (and it is a compelling one) is lack of transparency. Ordinary people can completely understand how a paper ballot system works and know with confidence when it is working correctly and honestly. Ordinary people cannot understand how electronic systems work and therefor cannot (and should not) trust them. No amount of reassurance from experts can change this.

Diebold

[heavy+snowfall]

I'd be more concerned about diebold attacking this because it's a potential threat to their bottom line. After all, Q3 is soon over and Quarter Panic has set in.

--
Use your bluetooth phone as a modem for Linux

From a PR standpoint, this could be HUGE

[diakka]

Just think about how many people are pissed about the last two elections and all the criticism of Diebold from very visable sources like Farenheit 9/11 and all. Regardless of what your view on that was, I think that this is an opportunity for FOSS to really shine in the eyes of voters.

Re:From a PR standpoint, this could be HUGE

[ZachPruckowski]

but if you go about it wrongly, and say that the election in 2004 was rigged (which may or may not be true), then it doesn't matter if you're right or not, half the country will hate you. And they're the side who side with the Big Industry slightly (but only slightly) more.

Re:NO NO NO.... YES YES YES YES YES!!!

[RUFFyamahaRYDER]

Fair argument, BUUUUT - I think there is less of a chance of union representatives or police officers abusing the verification mechanism than the higher up officials whether it be within a state or the nation. I point to exibit A: Our last presidential election!

And even if it does happen with some union reps or police officers looking for a raise, I promise it would be on a smaller scale.

Re:Even open source software is a bad idea

[Chris+Burke]

for example, one method which I read about not only keeps a paper record (which the user never has to handle, but is there for recounts)

Though hopefully they can see this paper, so they can verify that it is correct before it is automatically placed in the box. This is where the verification takes place, and after that you have all the usual physical security issues.

but prints out a tracking number that the user can enter on the election board's website and verify that their vote is in the system and who it is listed as being for.

Aaaaaaaaargh! Nooooo!

"Hello, Rei. If you could please verify for me that you voted for Mr. Burke, so I can give you the fifty dollars like I promised? If not, I'll just have to break your kneecaps, as I also promised." -- One of my campaign staff enforcement officers.

Anonymity is one of the parts you can't leave out of the system, okay?

de-centralize

[nsayer]

Canada does elections right.

They crack open the boxes at the precinct level. Anyone who wants to sit around and watch the counting is welcome to do so. Once the counters and witnesses sign off on a count, it's done and over with. All that remains is to transmit the precinct numbers, which could be easily done over the phone, with confirmation by transmitting the signed count document.

What's so hard about doing it that way and having the ballots just be big squares of newsprint with boxes you put an X inside?

Re:de-centralize

[John+Hasler]

> What's so hard about doing it that way and having the ballots just
> be big squares of newsprint with boxes you put an X inside?

Nothing, and that's just the way we do it here in Spring Lake Township, Pierce County, Wisconsin. Our "voting machine" is a tin and wood box about 100 years old.

Re:de-centralize

[adechert]

They vote for one thing at a time -- for example, Member of Parliament. We have many on the ballot. We investigated one in Santa Monica CA that had 44 contests and 95 candidates. Another in NM had 76 contests.

See the difference?

Re:de-centralize

[adechert]

This works fine where ballots are very simple and populations are not dense. Hand-counted hand-marked paper ballots are used for less than one half of one percent of the U.S. vote. However, 80 percent of the population in the U.S. lives in urban areas. Los Angeles County has to support 9 different languages. By law, we'll also have to have a system in place in every pollsite to accommodate people with various disabilities. This ballot has 44 contests and 95 candidates. Care to estimate how long it would take to count manually? http://www.smartvoter.org/uvote4/uvote4.cgi?addr=1 719++WILSHIRE+BL&date=2002/11/05&zip=90403

Re:de-centralize

[nsayer]

I see a difference, but not a problem.

In another post you said that a 70+ (or so) contest ballot would take too long to count.

My answer?

Same process, more polling places. That way each one will have fewer to count, ergo it will go faster.

Unless you're suggesting that it is not possible to staff enough polling places to make them have small enough balloting rolls to make it work. I'll admit that I have no data to suggest that that is not, in fact, the case. But I do sort of doubt that it is.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Even open source software is a bad idea

[Rei]

You're still anonymous; it's your choice as whether or not to violate your own anonymity. The former part of what you mentioned is illegal, and can (and is) done without such a voting system. The latter part is an outright criminal threat, which could go on without such a system. Would you have responded to all enabling technology that helps people out like that?

  "Give me your password. If not, I'll just have to break your kneecaps."
  "Give me your ATM pin number. If not, I'll just have to break your kneecaps."
  "Hand me your credit card. If not, I'll just have to break your kneecaps."

One can't decide not to improve technology over rare to nonexistant threats. You're expecting politicians to hire "enforcers" - gee, *that* wouldn't hurt their reputation if the word got out. Politicians with thousands of thugs threatening everyone in the district... :)

The only thing that changes is that a person can *prove* what they did. If one is worried about such obscure threats, would it be that hard, when you register to vote, to check "I do not want verification of my vote at any point"?

I seriously doubt most people would check that box.

Re:Even open source software is a bad idea

[Scowler]

For some reason, whenever we geeks think of voting fraud we think of electronic fraud or hackers.

But even in places that have e-voting, most of the actual fraud occurring is the old-fashioned kind: show me your paper stub that proves you voted for me, and here is $5. Paperless voting sounds scary, but would actually probably reduce real fraud.

Security expert Bruce Perens?

[xquark]

The only Bruce I know that is a "security expert" is of Schneier fame.

This Perens character you speak of is an expert only in the field of
writing manifestos and more manifestos, manifesto this, manifesto that.
heck thats all he does...

he he he he :)

Arash Partow

Re:Security expert Bruce Perens?

[Bruce+Perens]

Oh thanks, Arash.

To take a frivolous comment seriously, if I could get Schneiner, I would involve him. And I'm the Open Source expert. I do some security work, but am several orders of magnitude below Schneiner.

Bruce

Re:Security expert Bruce Perens?

[xquark]

Oh come on Bruce, you know I was joking, your contributions mean a great deal to open-source.

Keep them coming!

Arash

Re:Security expert Bruce Perens?

[Bruce+Perens]

OK, no problem. Sometimes I miss the writer's tone, even when I don't have a 9-hour time-zone change to deal with :-) .

Bruce

How To Hold An Election.

[mcc]

Yes, because everybody knows that paper is a write-once, ready many system with built-in user authentication which cannot be hidden, destroyed, or otherwise tampered with.

It can be made so.

The trick here is to use an external system to verify the correctness of the voting system, called "election observers". The idea is that any person can volunteer to become an "election observer", and once they volunteer they get to sit around to verify that every voter is correctly verified and audited; ensure that everyone who comes in gets an equal chance to vote and put their vote in the box; and ensure that the box is correctly escorted and not tampered with. Because the "vote" is a piece of physical paper, this can all be done with relative ease. The database is a box. You can look at it.

When votes are electronic, this is not an option. You cannot sit there and stare at a Microsoft Access database file to ensure its integrity is preserved. You cannot sit and watch the electrons pouring over the ethernet cable to make sure none of them are being tampered with. You can of course write a computer program to do these things-- audit, observe, etc-- but then you run facefirst into a truly intractable security program, that of trusting trust. Okay, you've got this e-vote auditor program. How do you trust the auditor? How do you know the numbers the auditor is looking at are the ones that are really going into the database? How do you know the auditor hasn't been compromised?

When votes are physical objects marked in private booths and dropped into little boxes, we can trust the auditors because the task of auditing is simple, and because the auditors are numerous and diverse. Election stations will typically be watched by members of two or more political parties, meaning that if you wish to rig an election you can perhaps corrupt or fool a small number of the election observers but certainly not all of them. If you want to know how easily electronic auditors can be fooled en masse, well, look at every Microsoft worm ever. Then consider that the Nachi Worm successfully infected ATMs at banks, ATMs made incidentally by voting machine manufacturer Diebold...

No, it wasn't stolen

[abigor]

"I am committed to helping Ohio deliver its electoral votes to the president next year."

        -Diebold CEO Walden O'Dell, in an invitation letter to Republicans for a $1000-a-plate fund raiser

"They had an event for Pioneers and Rangers, and I am one - and proud of it."

        -O'Dell again

why bother?

[commodoresloat]

You better get your own source which contradicts the Wikipedia version.

Better yet, just change the Wikipedia version and claim victory!

Re:Even open source software is a bad idea

[Chris+Burke]

You're still anonymous; it's your choice as whether or not to violate your own anonymity.

Right, and as long as someone knows that you can "choose" to violate your own anonymity, they can coerce you into doing it. Was my little dialogue not clear enough on that?

The former part of what you mentioned is illegal, and can (and is) done without such a voting system.

Yeah, I'm thinking it's illegal too. Now how do you do it if there is no way to verify that a certain person voted for a certain candidate? How does that version of the evil plan work?

"Okay, Burke, did you vote for Rei like I suggested? My pal Louis ville Slugger wants to know."
"Oh yeah, I distinctly remember doing so!"
"Um... okay then, here's your money. Damn, I wish I could prove that. Have a nice day."

One can't decide not to improve technology over rare to nonexistant threats.

Who said anything about not improving technology? I said you must keep anonymity as part of the system. Removing anonymity is breaking the system, not improving it. The presence of anonymity in the current system -- even the broken Diebold one -- is the reason why vote buying is in fact very rare. It's easier to raise a person from the dead or create a new one than to buy an actual voter because you can't prove they did it, protecting the vast majority which are the real votes.

The necessary components of a good computer voting system look like this:
* When the voter makes their choice, it is both stored in a database and printed out for the voter to see that it is correct.
* There must be nothing that can associate the voter with the ballot.
* The text on the printed ballot must be both human and machine readable, the same text, so the voter knows the computer-readable version is the same. This is to allow, should the need arise, both fast computer recounts and manual recounts by independent machines/inspectors.

This isn't perfect. You still have the physical security issues involved with the paper ballots. You still have the issue of voter registration/zombie voters. Every voting system has these issues. Yet without the above things the voting system is broken.

I'm not against progressing technology (it is to laugh), I'm against progressing technology in a way that is worse than what we had before.

You're expecting politicians to hire "enforcers" - gee, *that* wouldn't hurt their reputation if the word got out. Politicians with thousands of thugs threatening everyone in the district... :)

Fine, if the hired goon version doesn't appeal to you, then the evil politicians just pay poor people to vote for them. Are you really unable to see how easily a non-anonymous voting system can be abused?

My Goal

[leereyno]

Well my goal is to make babies with Jennifer Connelly, Winona Ryder, Alicia Witt, and of course Natalie Portman.

How hard will I have to work do you think? Or will this goal remain just a dream; american, wet, or otherwise?

Re:My Goal

[leereyno]

I'll settle for that....

Re:Even open source software is a bad idea

[mcrbids]

terminals which print out an ink ballot

That's part of the push for open source voting systems - you have a hard copy for verification.

The crux of the problem with electronic voting system is: How do you

A) Guarantee the anonymity of a particular voter from the voting machine?

B) Allow a voter to later confirm that their vote was, in fact, part of the final tally?

One way I thought of was to use the reproducable "random" numbers produced by cellular automata algorithms as concieved by Stephen Wolfram can be used to provide a repeatable, random, verifiable identifier that can tie a voter to a vote without any obvious marks on the voting stub at all.

One of the beauties of this system is that, even with partial data, you can still do a reasonable validation of the accuracy of a run of votes from a particular machine. (easily audited, hard to spoof, and easy to verify results thereafter)

perfect example of a need for trusted computing

[geekee]

There have been comments suggesting that not only does the source code needs to be transparent, but the binary needs to be verified to represent the source code acurrately without tampering. Trusted computing makes it a lot easier to prevent tampering of the binary by an attacker that has been signed off on as good. Of course you always need to trust people with physical access to the machines, so election monitors need to be more sophisticated to detect physical tampering.

Synopsis of issues in Electronic voting and OVC

[goombah99]

First the OVC system is a hybrid. It has paper ballots and touchscreen entry and hand counting and electronic counting. The cool thing is they pull all of that off in way that is simple and workable, not layers of complexity.

Second, this hybrid is more secure than either paper ballots or electronic voting alone.

Third it's potentially very cheap. Various bussiness models can be applied. One is that cheap commodity hardware is used and the computers given away to schools after every election. That ways maintainence, storage and physical security costs are minimized. Another possible bussniess model is that OVC becomes a standard and certifies vendors to that standard. They can only use OVC software, which is open source. THus no funny bussiness but professionally run elections and reusable hardware. Of course states could own all their own hardware and conduct their own election set-ups just like they do now so there's no need for a radical bussiness plan.

since the hardware is very cheap, states can have excess numbers of voting stations per precint to elminate lines. when heavy turn-out is expected adding more stations is not a problem.

It can be booted clean from CD. so there are fewer risks with physcial security and the software is immutable and verifiable afterwards (compared to harddisk or firmware in which validating what software actually ran is difficult to prove later).

The OVC systems has many of the virtues of touchscreen voting such as handicapped and language assitance. It also can handle multiple jursidictions in a single precint

OVC is techincally not a DRE system. it's a ballot printer system

The OVC system also avoids the major pitfalls most other electronic systems have namely:
1) no roll fed paper ballots under glass. OVC uses cut sheets the voter puts in the ballot box
2) standalone ballot bar code readers are available and separate from the vote casting machine. this allows voters to independently validate the bar code or have it readback to them in audio mode in a way that prevents any machine collusion
3) standalone ballot counters. again zero collusion with the ballot printer.

If something goes wrong and the machine loses the votes, the paper ballots still function as aperfect record of the vote.

the OVC system has many exingencies worked out like what happens if a voter flees. What happens if the number of electronic ballots differed from the number of paper. and many others. Election's expert Doug Jones consulted on many of these features.

The basic process is this. Vote on the terminal and it prints our a single sheet ballot with an edge bar code and a summary of all your choices in human readable form. if you don't like it just discard the ballot and vote again. Since there's no "terminal activation" tokens there's no hassle to vote over. When you have a ballot on paper that you like you can optionally validate the bar code with a wand which will read it back to you. then you place it in the ballot box and go get drunk.

when the polls close the election judges open the sealed box. then in the presence of witnesses they shuffle all the ballots, permenantly destroying any serial vote order. Next they wand each ballot and a computer reads it in, diplays the english version of the ballot on screen, and correlates that vote with the previously recorded electronic record. There must be an electronic record for every ballot to prevent stuffing the ballot box. the election judge can spot check as many screen texts with the printed texts as they want so there is now a second check on the bar codes. The existance of even a single discrepancy in the bar code and the printed text would signify a software malfunction and appropriate steps taken. The bar code adds a number of secure features. First it can be made hard to forge and possibly contain signaures. Second it can contain checksums and handshaking codes to assure the code was read correctly (unlike a conventional hand marked paper ba

Re:Even open source software is a bad idea

[Rei]

Yeah, I'm thinking it's illegal too. Now how do you do it if there is no way to verify that a certain person voted for a certain candidate? How does that version of the evil plan work?

Where were you during the huge Nader/Gore and Nader/Kerry vote exchange campaigns?

I said you must keep anonymity

You *do* keep anonymity, *at your option*. I should have the right to give up *my* anonymity if I choose to. I should have the right to make sure that my vote is in the registry. If *you* don't want to be able to make sure that your vote is in the registry, that should be your choice.

canadian elections are different that US elections

[goombah99]

Canadians have different kind of election system as do all parlimentary countires. Elecitons are normally aperiodic (due to no-confidence votes) and thus the election ballots are ususally just for a single branch of goverment at a time. There are also fewer elected offices. IN the US it is common to vote for things like "county surveyor" and in some places the dog catcher. there are fewer ballot initatives and bond issues. As a result ballots are simpler.

In the US there are also many places of overlapping jursidictions so that any one person voting might possibly be subject to different scha ool disticts, counties, cities, legislative, congressional districts and thus need a different paper ballot. Counting different ballots by hand can be problematic.

The trend in the US is to go to early voting and to allow voting outside your own precint. That increases the number of votes in any give precint beyond that which a few eleciton judges can count in one night. It creates security issues. and it increases the diversity of the ballot styles. it also increases the opportunity and value for ballot maipulation since one person can now affect a lot of votes.

Handicap access raises issues for some forms of paper ballots. For simple ones like in cananada where relatively few choices are presented, simple methods such as tactile ballot or cut-away templates suffice. For intricate US style ballots those can become more difficult.

MOD PARENT UP

[slashnot007]

informative!

One of us went to jail on the issue...

[JimMarch(equalccw)]

http://www.bbvforums.org/forums/messages/1954/8556 .html?1122679073

http://www.bbvforums.org/forums/messages/1954/8568 .html?1122664155

The good news is, it was only 18 hours. Still sucked :). And coming up with $10k in bail was a pain.

But the DA's office dropped all charges:

http://www.bbvforums.org/forums/messages/1954/9425 .html?1124737282 ...and I've taken the first step in suing 'em:

http://www.equalccw.com/claimforcivildamagesnet.pd f

"Security expert Bruce Perens"?

[Master+of+Transhuman]

I thought Bruce Schneier was the security expert and Perens the OSS advocate. I just looked up Bruce Perens' bio and there's nothing in there about security.

Re:"Security expert Bruce Perens"?

[Russ+Nelson]

I don't think Bruce (Perens) claimed to be the security expert. Somebody else put that hat on him and set him up a nice pose with just the right lighting.
-russ

Re:"Security expert Bruce Perens"?

[brennz]

Saw this.

http://www.cspri.seas.gwu.edu/library/current_news /20021205.php

Here it says he started working at GW's Cyber Security Policy and Research Institute (CSPRI) in 2002.

He also has a long background in Unix internals. There aren't many people that know Unix internals and are totally clueless about security.

Imagine the mayhem if this fails in California ...

[joelsanda]

The mayhem from an OSS voting system in California could be potentially horrible for open source software. It's impossible to have an election with paper and pencil that doesn't get scrutinized. Hell, it was impossible for Florida to have an election with punch cards.

If paper and pencil or styli and punch cards can be questioned open source could be trashed by the media and politicans alike. It won't be long before Microsoft and HP roll out their own 'secure' and 'trusted' and 'robust' solution to mop up the mess.

This could also be a move to discredit open souce if the CA panel finds that OSS is too insecure to use for elections.

This seems like a bad idea to me. All it takes is one stupid reporter jacking up a mass emotional response by saying the OSS operating system has "known security flaws with well documented vulnerabilities that anyone can download off the Internet" to result in an (appointed) ludite judge ruling the machines are too insecure to use for an election. Watch the lawsuits fly off the wall faster than attorneys can catch them.

Before the OSS party line is toed too closely I see this posing a far greater risk to the general acceptability of OSS than the marketing armies of proprietary software companies.

Justice Is Blind

[Doc+Ruby]

No, the source must be closed for security. And the machines welded shut, accessible only by authorized Diebold technicians sent from the factory. The votes must be counted in secret so no one can mess with them. The winners have executive privilege to suppress all the laws they make to spend all the money, so the "bad guys" can't get advance notice of our plans. We'll sort them out in secret trials to ensure justice isn't soiled by clever lawyers. I feel safer already - just don't lift my blindfold.

Re:Even open source software is a bad idea

[poopdeville]

Or you could just make the voting machine print out a reciept for the voter to read and verify while denying physical access. And have "Approve" and "Disapprove" buttons that determine if the receipt is placed in a sealed box and the vote is cast, or if the receipt is destroyed and the voter has another chance.

This is where open source could shine: since the voter can verify that the vote was cast and the receipt is secured, the only issue to take care of is to make sure that the program implementing this algorithm is bug free. If the code is open source, the voter can have nearly complete confidence that the vote registers.

Re:Even open source software is a bad idea

[Russ+Nelson]

Sigh. You are so clueless it's a wonder that I let you vote. The whole point behind having a secret ballot is so that nobody can force you to vote one way or another. As soon as there's a way for you to tell how you voted outside of the polling place, somebody can coerce that information out of you. No. The only useful purpose an electronic voting machine can serve is to make the choices painfully obvious and then commit them to paper so the person can read their vote and then drop it into the ballot box. And then it doesn't really matter if it's open source except for all the *usual* open source reasons.

Subsequent tampering is prevented by the partisan poll watchers who keep the other side from cheating.
-russ

Why are machines needed at all?

[chris_sawtell]

Genuine question.

I voted last week using a piece of paper and a felt tipped pen. It worked well, I made my marks to indicate my votes, and the polling booth staff counted my votes after the poll closed. Simple, straightforward, no computers involved in the counting process to enable election fraud. Debian used to run Apache which displays the results on the WWW.

So could some kind soul please explain how and why using a complicated machine to record the voter's choice enhances democracy?

Re:Why are machines needed at all?

[adechert]

How many things were you voting on?

Now consider this ballot with 44 contests and 95 contests. Please describe how many people will be needed to hand count this and how long it will take.

http://www.smartvoter.org/uvote4/uvote4.cgi?addr=1 719++WILSHIRE+BL&date=2002/11/05&zip=90403

Re:Pencil & paper: the true tools of democracy

[arkhan_jg]

Paper votes are only as good as the people counting them, and the way in which they are created.

In the UK, we had a scandal recently about postal voting trials, where votes where stolen or forged. There's also the problem of party officials going to retirement homes and 'helping' people fill their voting papers out correctly.

Equally, places like Zimbabwe have paper ballots, and there are regular reports of ballot stuffing, i.e. adding fake votes to the ballot boxes, as well as intimidation being used to keep one party's people away from the polls in the first place. Other places that have paper ballots simply bribe the vote counters.

Even if the system and people involved are honest, trustworthy and verified, there's always the problem of miscast or spoiled ballots with paper voting, where the papers are confusingly composed (i.e. similar names) or difficult to correctly mark, if you use runoff/multiple votes at once.

Any system of voting is only as good as the people implementing it and counting it, regardless of the mechanism.

Re:Even open source software is a bad idea

[Chris+Burke]

Where were you during the huge Nader/Gore and Nader/Kerry vote exchange campaigns?

I was sitting around wondering how you would ever prove that either person actually voted the way they had agreed to.

You *do* keep anonymity, *at your option*. I should have the right to give up *my* anonymity if I choose to.

No. The system must be anonymous (I think my pronouns were off, I'll be more careful), and it cannot be optional. If you meaning the voter can "voluntarily" give up your anonymity, then you can be bought or coerced into voting how someone else wants and then proving you did so.

If you cannot prove who you voted for to a third party, then they cannot buy your vote, because you can say you voted for whoever you like and they know it.

That is a feature, and you had better have a damn good reason for throwing that away. Anonymous ballots are one of the fundamentals of a fair election. If all you want to do is have the choice to give up anonymity, then just tell people who you voted for, and you and they can deal with the fact that they'll have to take your word for it. Otherwise, looking up your vote online is useless. You'll never know if the vote they show you on the website is the same as the one they use when counting the vote, and trying to recreate the election results from that information is essentially re-running the elections.

Bruce Perens...

[Coppit]

Since when is Bruce Perens a "security expert"? How about getting someone like Ron Rivest, who has, by the way, done research in e-voting? (And he's the "R" in RSA.)

Thank you jim

[goombah99]

Thank you for all of us. really. I do a awful lot of work on this issue but I not the kind who can afford to go to jail over it. I'm so glad there are people like you to make up for me.

Re:Thank you jim

[JimMarch(equalccw)]

Thanks for the kind words.

One advantage of being deep into political activism is that I have lots of friends with law degrees. So I was able to do the research necessary on this beforehand; that combined with being single and...well, physically large (6'4") made this a pretty safe process and necessary to point out the lack of observability in these systems.

I guess what I'm saying is, it wasn't really that risky on any level - legal, physical, financial. It was annoying as hell and the downside to being my size is, cuffed in a CRAMPT cop-car back seat cuffed with your hands behind for a couple hours flat-out hurts. But there was no damage :).

Missing the point of trusted computing

[hacksoncode]

Of course you always need to trust people with physical access to the machines

No, no, no. The whole *point* of trusted computing is to make it so that you *don't* have to trust the people with physical access to the machine (e.g. the owner). Trusted attestation of OS and application code via public/private key encryption assures that the software being run is the software the host server wants run, regardless of what the holder of the machine wants. If it doesn't match, it isn't accepted as valid.

Now, that leaves open a *denial of service* attack on voting machines, which is almost as bad, but that can be detected reasonably quickly and corrected (if you trust the people with access to the machines to actually do it :-).

Re:Even open source software is a bad idea

[Rei]

it's a wonder that I let you vote

Thanks for letting me vote, Russ. As you know, I stay up nights wondering whether or not Russ Nelson will revoke my voting privileges. ;)

somebody can coerce that information out of you

They can do that anyways. All this provides is "proof". If you're worried, you should have the option to register "confirmationless". Most people, I can assure you, would *not*, because they are a lot more concerned about their vote being counted than some hypothetical group of voting "enforcers" rampaging around the countryside, holding guns to people's heads and bringing them to a computer terminal, forcing them to log onto the site, enter the code, and then killing them if they didn't vote the "right way"

Subsequent tampering is prevented by the partisan poll watchers

Yeah, that's worked really well. Here's a starter on present-day electrion fraud. As you'll notice from all of the methods of fraud currently in use, this system does a lot more to *prevent* fraud than to enable it. Voter suppression (the easiest way to rig an election) is far easier accomplished by direct intimidation in opposition strongholds than by holding guns to peoples heads and forcing them to log onto a website. Verifying "bought" votes is much easier accomplished by techniques like shoepolishing than by collecting user printouts and their passwords, and then going from web cafe to web cafe and logging on repeatedly to prevent too many logons from a single IP from showing up in the electoral commission's logs. Etc.

Re:Even open source software is a bad idea

[Rei]

I recommend that you read up about present-day election fraud before we go any further. Want to rig the vote through coersion? The south got that down incredibly well during segregation without any sort of campaign to send armed vigilantes to people's houses, dig their receipts out of the trash, force them to connect to the net and log on with their password, enter their code, and then tally the result under threat of violence. It's far easier to go to an opposition stronghold call in a bomb threat, to block traffic, to get local businessowners to try and make their employees work overtime, etc. There are *far* easier ways.

Vote buying/exchanging? There's a long history, although intimidation is a much easier way to rig an election. Four-legged voting, ID-borrowing, shoepolishing, and all sorts of techniques have been used. Sometimes the observers themselves, including "opposition" observers, are political activists or paid off. However, the easiest conventional way of rigging voting is absentee ballots. Pay off someone, and have them fill out the ballot in your presense. Threaten someone, and have them fill it out in your presense. Fill out fake registrations/ballots for non-voters (including, most famously, the recently deceased). Etc.

All of this is much more realistic than the notion that campaign centers are going to collect receipt/password combinations, and then hop from net cafe to net cafe logging on with different passwords to avoid having too many different votes checked by the same IP.

In the case of the Gore-Kerry/Nader exchanges, both sides had roughly equivalent political views, so there was little reason to suspect, so most people didn't even bother with things like that.

American Dream != Get Rich From Taxpayers

[cmholm]

The "American Dream" is to reach your individual goal, which may be striking it rich. Another American ideal is that the taxpayers have (an indirect) say in what their taxes pay for. Finally, there's the Anglo-Saxon tradition that elections should be open and their processes transparent to the voters.

Sometimes these ideas conflict, in which case open elections trump the other two, which are at risk if elections aren't open.

It's one thing to have vendor X print up ballots, because you can always switch vendors, and you can directly assess the quality of their product. Its another thing altogether to have vendor X drop a black box console at a voting site. "Trust us, it'll work great." There are certain things which really need to be completely and utterly owned - not licensed - by the public, regardless of how much and who is paid to purchase it. If it doesn't pan out that way, then brother, my own prime political objective should be to buy every outstanding share of election machine companies.

After which, you should address me by my preferred name, "Yes Sir".

Re:Even open source software is a bad idea

[Chris+Burke]

In the case of the Gore-Kerry/Nader exchanges, both sides had roughly equivalent political views, so there was little reason to suspect, so most people didn't even bother with things like that.

Well then since what we are talking about is getting someone to vote against their own views, why did you even bring this up?

Vote buying/exchanging? There's a long history, although intimidation is a much easier way to rig an election. Four-legged voting, ID-borrowing, shoepolishing, and all sorts of techniques have been used.

What do shoe polish, four-legged voting, and getting people to fill out absentee ballots have in common? They all are ways to remove anonymity from the voter. So your bright idea is to add another way for this to be done?

You acknowledge that vote buying and voter intimidation are a problem when you can verify who the voter voted for, and impossible if you cannot. So where is the disconnect between your proposal for removing anonymity and all these other methods of doing exactly the same thing?

Going around coercing people to fill out absentee ballots is a valid concern, but going around coercing people to show you who they voted for is too much work? I'm not really following.

Even assuming you are correct on that point, that doesn't justify adding another way to lose anonymity. You are deliberately adding another method of election fraud! And you have yet to give a reason why this change would be a good thing to balance out the obvious (even if in your mind unlikely, you still must recognize that it exists) downside of allowing vote coercion by verifying how people voted.

Re:Even open source software is a bad idea

[Rei]

Well then since what we're talking about is getting someone to vote against their own views

Since when? We've been discussing ways which could cause a person to *alter their vote* in general. Why did you just narrow down the discussion there to a particular subset?

So your bright idea is to add another way for this to be done?

1) This isn't *my* bright idea; it's already used on at least one election system (I'd have to track the name of it it down for you). That's where I learned of this concept.

2) You know very well that this isn't intended to be a solution against vote buying; it's to be a solution against disenfranchisement. Verified vote buying is already incredibly easy thanks to absentee ballots (in addition to half a dozen other methods) - want to outlaw absentee voting?

going around coercing people to show you who they voted for is too much work?

It's, at best, the *same* amount of work as watching them fill out an absentee ballot and hand it to you.

To sum up:

  * You lose nothing (it doesn't make vote buying any easier than absentee ballots do)
  * You gain voter verification

To, to sum up my point:

  * What is your problem with that?

Re:Even open source software is a bad idea

[timster]

I think you're going off in the wrong direction because you are focusing on outright fraud. There's much to say for a system of voting that has separation from the person's life as a core principle. To me, the idea is that the real person shows up only when they are truly alone. You put them in a booth, as it were, and they can mark what they really believe and completely forget it once they put it in the slot.

What if I'm a conservative and my girlfriend is a liberal? I can easily mask my political opinions by agreeing with certain things she says and listening attentively yet quietly to things I don't agree with, but that doesn't work if she can see my votes.

Just imagine Election Night -- "oh, we'd better check our votes to make sure those evil Republicans didn't steal them! Where's your registration card?" The "anonymous registration" thing you mention is completely useless, since it brings us back to the "what do you have to hide" nonsense.

Going further, what's the point? If someone says "I voted for Kerry but this system says it was counted for Bush", there's not a single thing that can be done about it.

Re:Even open source software is a bad idea

[Russ+Nelson]

See, THIS is why democracy is a bad idea: because even idiots like you can vote.

hypothetical group of voting "enforcers" rampaging around the countryside,

You're right, people don't worry about that in America. In other countries where people vote, this *does* happen. People *should* worry about that, because the secret ballot is one of the foundation stones of democracy. Take it out and your democracy will fall. Maybe not immediately, but it will fall.

Yes, there is currently some election fraud, but it's kept to a dull roar. It's probably not possible to eliminate all election fraud and miscounting. If you try, you may break the system in ways we cannot currently anticipate.

Re:Even open source software is a bad idea

[Rei]

Just imagine Election Night

Register anonymous. If your girlfriend were the type to ask "what do you have to hide" - i.e., if she suspected you - she'd also be the type to want to see your absentee form. One could equally pose a current equivalent of this scenario where your girlfriend poses the question "Why don't we vote absentee?", and when you refuse, asks "What do you have to hide?". In fact, such a situation could be much harder to avoid; at least if you register "completely anonymous", you have the excuse that your registration is set up that way, and it would take at least an election to change it. How would you explain refusal to vote absentee? "I like booths"? This would argue against absentee voting; yet, proportionally few people would say that we shouldn't have absentee voting.

In the current incarnation of voting, barring fraud, you have the ability to choose whether you're completely anonymous (voting in the booth), or only anonymous to those you choose to be anonymous to (absentee voting). In the system which I read about, "in the booth" gets further broken down into "completely anonymous" and "anonymous to all except those who you choose", and both booth and absentee gain the ability, if you choose the lesser anonymity, for you to check on your vote.

Going further, what's the point?

If there's a contested entry, you have them check the paper record that you confirmed.

By the way - off topic, but I thought you might be interested in this (summary).

Re:Even open source software is a bad idea

[Rei]

because even idiots like you can vote

You're such a hardcore believer in the principles of democracy, as you've clearly evidenced.

In other countries where people vote, this does happen

Yes, Russ, that's it. Gangs of gun-wielders are going to make people not register "completely anonymous", make them keep their receipts, and make them log onto computers and a given website in their presense. As opposed to the far simpler classic methods of voter intimidation, verifying that someone voted for a candidate by watching them fill out their ballot, etc.

Call me when you get back from Fantasyland; I'd love to see your souveniers.

Re:Even open source software is a bad idea

[Chris+Burke]

Since when? We've been discussing ways which could cause a person to *alter their vote* in general. Why did you just narrow down the discussion there to a particular subset?

No, we've been discussing election fraud, in particular in the form of coercion or bribery. If we were talking about "ways which could cause a person to *alter their vote* in general" we'd be talking about campaign advertisements, political blogs, and the evening news.

More to the point: Anonymous voting means the vote exchange only works if both parties are completely uncoerced and actually desire to vote in the given way. It will not work to make someone vote for someone they don't agree with. Thus it is completely different than every single other situation we are talking about.

You know very well that this isn't intended to be a solution against vote buying; it's to be a solution against disenfranchisement.

Since it doesn't work to prevent disenfranchisement, and does work to allow vote buying, I'm going to say the "intent" is irrelevent.

Verified vote buying is already incredibly easy thanks to absentee ballots (in addition to half a dozen other methods) - want to outlaw absentee voting?

Well gee, then, what's one more form of fraud? Is this the way you view everything? My computer has one exploit, having two is no different? And if absentee ballots are the end-all of election fraud, why did the shoe polish or other methods of fraud ever exist?

I do think we should seriously consider ways in which to improve absentee voting, yes. Using the flaws in absentee voting to justify introducing more flaws is completely backwards.

It's, at best, the *same* amount of work as watching them fill out an absentee ballot and hand it to you.

Except it can be done after the election, and doesn't require you to get the ballots in advance. It's more like the shoe polish method in that respect.

You lose nothing (it doesn't make vote buying any easier than absentee ballots do)

You think that adding another method of fraud as easy as the other is "losing nothing"? Do you think having two holes in your dyke is the same as one as long as the second hole is the same size? Besides, I'm thinking it would be less suspicious for employees to vote normally and have their boss check their vote than for every employee to vote absentee. If you think there aren't people who wouldn't take advantage of this new form of fraud, you are simply naive.

You gain voter verification

No you don't. What, you think because some website says you voted for whoever means the counting algorithm uses the same value, or counts your vote at all?

The only way to actually verify the vote is to have the voter come in and personally verify the printed ballot that is going to be used in the recount -- at which point you may as well re-run the election, because when you bring everyone in with possibility of contesting their recorded vote that's what you're doing.

What is your problem with that?

If it were true, nothing. Since what I'm losing is anonymity, and what I gain is just a false sense of security and a new form of election fraud -- I have a big problem with that.

Re:Even open source software is a bad idea

[Rei]

No, we've been discussing election fraud, in particular in the form of coercion or bribery.

Oh, great - we even disagree on what we're discussing. Lovely.

It will not work to make someone vote for someone they don't agree with.

Absentee ballots can.

Since it doesn't work to prevent disenfranchisement

Adding a new argument in since your other ones are kind of falling apart in the face of what currently goes on, I see.

and does work to allow vote buying

It allows nothing more than absentee ballots do.

Well gee, then, what's one more form of fraud?

What's one more thing that has *no penalties that don't already exist*, that offers a benefit. Let me guess - if you were in computer security, and you had a requirement that users be able to connect to your network with unencrypted passwords that you didn't like, and I proposed a different way users could connect with unencrypted passwords that gave them benefits over the old unencrypted method, you'd oppose it. Because, that's effectively what you're doing here with voting.

In short, it provides *No New Problems* - only has *One Problem That Already Exists*, and doesn't excaberate it. What I'm failing to see is why you have a problem with such a situation (i.e., a person could already verify bought/forced votes through absentee ballots *at least as easily* as they could with this system). Where is the problem?

Is this the way you view everything? My computer has one exploit, having two is no different?

Let me correct your analogy: "My computer has one exploit for a service running on one port for which every black hat in the world knows about (and have thousands have hacked me through it regularly); having the same widely publicized exploit from a service running on a different port is no different." And the answer is of course it's no different - and if opening up that second service on a different port provides tangible benefits to your users, seing as it doesn't change your security situation, *Do It*.

And if absentee ballots are the end-all of election fraud, why did the shoe polish or other methods of fraud ever exist?

Shoe polishing is special because you can learn who people voted for without them knowing that you know. It also works where there are no absentee ballots.

I do think we should seriously consider ways in which to improve absentee voting, yes.

Go ahead and propose them! Don't just say "it should be done". Make sure that you don't disenfranchise the elderly, overseas servicemen/women, peace corps volunteers (I have a friend in Africa for whom the only way he can reach the outside world is mail once every three-four weeks), et al.

Except it can be done after the election, and doesn't require you to get the ballots in advance. It's more like the shoe polish method in that respect.

And absentee ballots can be done before the election. Is "after the election" somehow inherently more evil than before the election? And you act like "requesting the ballot in advance" is some sort of big deal, wherein the proposed system you have to choose whether you want complete or personal-choice anonymity when you *register*. I.e., you can change your mind about getting an absentee ballot shortly before an election, but not whether you want complete or personal-choice anonymity. Absentee is far easier to abuse due to that.

Do you think having two holes in your dyke is the same as one as long as the second hole is the same size?

When you have two holes in a dyke does the water flow at a lower rate through the first hole when it starts to flow out of the second hole? No? Broken analogy then.

Besides, I'm thinking it would be less suspicious for employees to vote normally and have their boss check their vote than for every employee to vote absentee

Yeah, because all of the workers at a company checking their vote at work wouldn't look suspic

Re:Even open source software is a bad idea

[timster]

Nah, you're still thinking overt coercion. Maybe my example wasn't so good, but what I'm saying is that it's a bad idea to give people the option of turning voting into a social thing. Sure, there are absentee ballots, but it's still very normal to not use them. It's a matter of averting groupthink.

I should also say that if we see an increase in the number of absentee ballots, to the point where they are a major influence on a majority of elections, we will need to come up with better ways to verify them and prevent abuses.

As for your OT link -- I read the summary and I don't agree with their thinking. It seems like the conclusion that religion is bad for society is based to a great extent on the United States, but I think there are other reasons for the ills of the US that they are ignoring. It seems to me that Europeans have a poor understanding of the diversity in American society, and how that diversity makes us fundamentally different from most European nations. That's just a top-of-the-head opinion though and I would need to read the actual study to have solid conclusions.

Re:Even open source software is a bad idea

[Rei]

Sure, there are absentee ballots, but it's still very normal not to use them

According to Wikipedia, 20-30% of California voters vote absentee. In Oregon, everybody (whether they vote absentee or not) gets their ballot in the mail.

diversity in American society

Are we really that diverse? France has 5-10 times the percentage of muslims that the US has; Italy has a much larger percentage as well. In general, European countries have a higher percentage of people listed as Christian, but much lower percentages who regularly attend church, consider themselves fundamentalist, etc. We are more racially diverse in general (thanks to our history of slavery and close proximity to large impoverished populations). As a whole, however, compared to many nations, we're not very diverse. We're about 3/4 Christian and 3/4 white. I don't think our religious or racial diversity are that different from Europe as a whole to set us aside.

The study isn't US-centric; the US is an extreme case, but the trend is consistant. Countries included are Australia, Canada, Denmark, Great Britain, France, Germany, Holland, Ireland, Japan, Switzerland, Norway, Portugal, Austria, Spain, Italy, US, Sweeden, and New Zealand. The study also makes references to historical Europe as an aside.

One thing is clear - there is correlation, and that correlation is that religion ties in with most societal ills (excepting youth suicide, which doesn't seem tied to either). Now, correlation doesn't prove causation, but it's interesting nonetheless. Check out the figures at the bottom of the study.

Re:Even open source software is a bad idea

[Chris+Burke]

Oh, great - we even disagree on what we're discussing. Lovely.

Um... If you didn't think we were discussion election fraud, why did you link to the Wikipedia entry on it? Why has every paragraph except (possibly, depending on how you view it) the vote exchange been about election fraud?

It will not work to make someone vote for someone they don't agree with.

Absentee ballots can.

Exactly! Absentee ballots break anonymity! Now you want to apply this to all ballots, extending the flaw from a tiny portion of the overall ballots to every single one!

Adding a new argument in since your other ones are kind of falling apart in the face of what currently goes on, I see.

The hilarity of this weak rhetorical device will be addressed soon. Please stick around!


What's one more thing that has *no penalties that don't already exist*, that offers a benefit. Let me guess - if you were in computer security, and you had a requirement that users be able to connect to your network with unencrypted passwords that you didn't like, and I proposed a different way users could connect with unencrypted passwords that gave them benefits over the old unencrypted method, you'd oppose it. Because, that's effectively what you're doing here with voting.

YES! Because then you'd have TWO problems that need fixing instead of just one! If we fixed the first one, the second would still exist -- more to the point, you see the insecurity of your method as a feature and would resist its removal! A system where an unsecured password is considered an essential feature? How is that not retarded? Then there's the fact that the first password system is used by a small fraction of users, while your proposed second system would be used by everyone. No, no increase in insecurity there!

Let me correct your analogy: "My computer has one exploit for a service running on one port for which every black hat in the world knows about (and have thousands have hacked me through it regularly); having the same widely publicized exploit from a service running on a different port is no different." And the answer is of course it's no different - and if opening up that second service on a different port provides tangible benefits to your users, seing as it doesn't change your security situation, *Do It*.

That would be utterly retarded if
a) the exploit allowed you to hijack a single connection, and that's what you care about and
b) the first service had 1% as many connections as the second.

Especially when the alleged advantage of the second system is the exploit.

Shoe polishing is special because you can learn who people voted for without them knowing that you know. It also works where there are no absentee ballots.

Good point on the first part, but can't your flaw, er feature, be used where there are no absentee ballots as well?

Go ahead and propose them! Don't just say "it should be done". Make sure that you don't disenfranchise the elderly, overseas servicemen/women, peace corps volunteers (I have a friend in Africa for whom the only way he can reach the outside world is mail once every three-four weeks), et al.

I don't have a ready solution for that tricky problem, I'll readily admit. Do we agree at least that it is a problem that should be solved if possible? It's much easier to argue against adding new flaws, so that's what I'm doing. Especially because if we did find a solution to the absentee problem, your "feature" would still exist and be a thousand times more prevalent.

And absentee ballots can be done before the election. Is "after the election" somehow inherently more evil than before the election? And you act like "requesting the ballot in advance" is some sort of big deal,

Where do absentee ballots usually get sent? Your house, I would gather? So your boss has to get you to get one, bring it into to work, make you fill it out, th

Re:Even open source software is a bad idea

[Rei]

Um... If you didn't think we were discussion election fraud, why did you link to the Wikipedia entry on it?

Oh no, you don't. I stated that we're discussing the *entire category* of election fraud, and that you're trying to select out a subset (coersion and bribery to vote for someone who share different views than you).

Exactly! Absentee ballots break anonymity! Now you want to apply this to all ballots, extending the flaw from a tiny portion of the overall ballots to every single one!

Absentee ballots *Give You The Option* to break your anonimity. This system gives you a *different way you can break your anonimity*. It does NOT apply it to "all ballots" - only to those who request it when they register (just like happens to people who request it via requesting an absentee ballot).

Adding a new argument in since your other ones are kind of falling apart in the face of what currently goes on, I see.

The hilarity of this weak rhetorical device will be addressed soon. Please stick around!

Oh, I was just quite amused by you inserting a brand new, completely different argument half a dozen posts into the debate. :) Pardon me for expressing my amusement.

YES! Because then you'd have TWO problems that need fixing instead of just one!

Sorry, unencrypted passwords is a requirement, as you have no proposals for "fixing" absentee ballots.

That would be utterly retarded if
a) the exploit allowed you to hijack a single connection, and that's what you care about and
b) the first service had 1% as many connections as the second.

HAHAHA! Oh, brilliant there. 1%? Absentee ballots are 20-30%, in the case of California, for example. They're 100% in Oregon. You really know nothing about how common absentee ballots are, and I get quite the kick out of this fact.

Especially when the alleged advantage of the second system is the exploit.

Straw man. The advantage of the second system is the verification.

Good point on the first part, but can't your flaw, er feature, be used where there are no absentee ballots as well?

Absentee ballots exist in the entire USA. Tough luck there! Applying this outside the US, you might have a point, although most countries do use them.

I don't have a ready solution for that tricky problem, I'll readily admit.

Then quit pretending that it's a solvable problem! We have a problem for which there *Are No Proposed Solutions*, and we have a new feature that does not open up any *new* holes. So what the heck is the problem?

It's much easier to argue against adding new flaws, so that's what I'm doing.

It's not a new flaw. It's the exact same flaw. You lose nothing, you gain verification, and it's user-optional at registration time (and thus couldn't be forced right before an election, like absentee ballots can).

Where do absentee ballots usually get sent? Your house, I would gather? So your boss has to get you to get one, bring it into to work, make you fill it out, then send it from there.

Verses your concept of the boss making people reregister yourself at the registrar's office long before the election, then give you their password, and then keep and give you the code that they got from voting, and then going around from IP to IP to avoid too many checks from the same machine that would draw suspicion? Yeah, that's so much simpler there.

Of course, your "boss" notion isn't how it really works, because both cases are too convoluted - in the real world, the "boss" situation is about offering indirect threats to *prevent* the person from voting - making them work overtime, and making them feel that if they don't work overtime that day, they'll get fired. Voter suppression is the real problem.

Other case, your boss walks by your cube after election day at his leisure. A big difference? Maybe not, but certainly likely to encourage new abuses where there had b

Re:Even open source software is a bad idea

[Chris+Burke]

Oh no, you don't. I stated that we're discussing the *entire category* of election fraud, and that you're trying to select out a subset (coersion and bribery to vote for someone who share different views than you).

You stated "ways which could cause a person to *alter their vote* in general", not "election fraud", but whatever. I said in particular that subset, which is true: practically everything we've been saying relates to it, as it's the kind of election fraud that involves both absentee ballots and online "verification" -- your position is vulnerable to fraud through coercion, so unless you're dropping your stupid idea, then it definitely is the main topic. Do you deny this? Or do you just want to keep the field open so you can inject irrelevent points when you have nothing substantive to say? Speaking of which, do you consider the Nader/Gore vote exchange to be fraud or not and why, and either way what was your point in bringing it up?

Absentee ballots *Give You The Option* to break your anonimity. This system gives you a *different way you can break your anonimity*. It does NOT apply it to "all ballots" - only to those who request it when they register (just like happens to people who request it via requesting an absentee ballot).

Hilarious. People are only exposed if they decide to actually use this "feature", which is what you are advocating because it gives "verification". That's a great argument: the size of the problem is directly proportional to the number of people who buy into your idea.

I'd love to see your defense in the Happy Fun Ball lawsuits: "But it only blows up in your face if you choose to use it as intended!"

Oh, I was just quite amused by you inserting a brand new, completely different argument half a dozen posts into the debate. :) Pardon me for expressing my amusement.

The hilarity of THIS statement will also be addressed. Stick around!

Oh, what the heck, I'll do it now. :)

"Otherwise, looking up your vote online is useless. You'll never know if the vote they show you on the website is the same as the one they use when counting the vote, and trying to recreate the election results from that information is essentially re-running the elections."

That was in the very post that I was replying to when I made the smart-arse comment about how you were changing your tactics in the middle of the debate. Check the parent of the post that you just replied to.

Great job there Steven Hawking. ;) You just quoted the post I was replying to when I made my comment about you adding the new argument in.

Oh, snap! goes your dignity.

BWAHAHAHAHAHAHA! Oh my goodness. I would have thought that after I schooled you on not reading posts carefully, you would have been more careful in your response, but you didn't even check, did you? If you had, you would have noticed that what you first replied to and what I quoted aren't even close. Your are bound and determined to look as stupid as possible, aren't you?

This is the post I quoted, in nested form so your stupidity is laid out on one page for easy reference. Note the last two sentences are what I quoted.
Scroll down or click here for your reply. Notice no mention of me adding new arguments, and in fact no response or reference to the quoted part at all!
Scroll way down or click to see FOUR POSTS LATER where you accuse me of adding a "new" argument.

You were too stupid to read my post and reply to the argument in the first place, you were too stupid to che

Re:Even open source software is a bad idea

[timster]

The fact that over 70% of California voters go to the polls shows that it is still very normal to do so. Oregon has a relatively small population.

In the United States, the places which have the most problems are those where the members of the population self-identify strongly as belonging to some group other than "Americans". Our crime problems are in the diverse areas, in other words.

Crap, I need to go. Anyway, I wouldn't be surprised if religion is a major cause of social ills. I just have a little bit of skepticism. For instance, from following Dallas politics it is clear to me that "black" ministers do their followers a tremendous disservice by promoting an "us vs. them" mentality which impairs cooperation. However, I can point to strong historical reasons why blacks in Dallas are poorer than whites, and I think the issue today is still a very complicated one. I am still a proponent of the elimination of religion, but I'd hesitate to call it The Answer.

Last thing -- I wouldn't cite stats on Muslims as diversity, since I don't think Islam and Christianity are really very different. The major world religions are converging in fundamentals; religion thrives on darkness, and there is only so much darkness left in an increasingly bright world.