Slashdot Mirror
CA Sec. of State Panel on Open Source Elections
goombah99 writes "The Open Voting Consortium has announced that California Secretary of State Bruce McPherson is forming a panel to investigate using open source software in elections. Suggested Panel members include Security expert Bruce Perens and Python guru David Mertz who is associated with the sourceforge EVM2003 voting machine project. This is big since a favorable outcome could help fund prototypes of true open source election equipment and systems."
Now watch Microsoft and the *AA attacking this resolution on the ground that it is "unamerican" and fostering terrorism.
Paper and pencils can be made by anyone. Scrutineers are handy too; and scaleable.
Just ask yourself the following: "Who has more money to pay lobbyists -- Diebold or the Open Source Movement?"
I've abandoned my search for truth; now I'm just looking for some useful delusions.
This is very important in terms of keeping what's left of our democracy alive.
The number of abuses possible using Diebold's is simply staggering...
I'm impressed with a lot of the people campaigning against slimy voting machines - one is http://blackboxvoting.org/; there are people who have been devoting their lives to this since the last election... More then I'm good for!
Open Source voting machines will make it much easier for potential problems to be spotted, and a hell of a lot easier to get them fixed! The current companies don't really need to worry about fixing their problems - after all, what's wrong with fixing elections?
--LWM
I don't hold out much hope, especially since this is California - the land of the Guvernator. On the other hand, it is also the hotbed of the open source movement. So, there might be some hope.
What we really need is a tremendous scandal in an election: something like all votes are lost and Ross Perot gets elected to the school board, or something. Only then will people actually wake up and realize that they vote is easily in jeopardy from proprietary and unresponsive (and partisan, I might add) election powerhouses like Diebold.
let the flamebait mod down begin...
safe by design-- i.e., based on paper
Yes, because everybody knows that paper is a write-once, ready many system with built-in user authentication which cannot be hidden, destroyed, or otherwise tampered with.
terminals which print out an ink ballot
That's part of the push for open source voting systems - you have a hard copy for verification. There are much better ways than just having it print out who you voted for so that you can drop it in a box - for example, one method which I read about not only keeps a paper record (which the user never has to handle, but is there for recounts), but prints out a tracking number that the user can enter on the election board's website and verify that their vote is in the system and who it is listed as being for.
... in Siberia, where Putin killed a fish with a speargun. He later claimed it was killed by Ukrainian separatists.
...we can inspect the source on the actual machines prior to their use (like, before they are locked down 24 hours before the election starts). Better yet, if the entire compile operation has to be done in front of the public so observers can see if any "special libraries" are added in at the last second.
The concern here is that since it is open source, any neer-do-well with a compiler could set up a backdoor to do evil things with the software, and then [Diebold, Microsoft, Satan, etc.] can claim that "oh noes! open source is open to attack!" and scare people back into the dark.
This has to be done in a completely transparent manner or else it could be disasterous.
Slashdot in 5 Paragraphs
A receipt, whether a plain-text record or a number you can use over the phone or the internet, makes coercion so easy as to be laughable. What happens when your employer support some particular ballot measure, sees it fail at the ballot box, and then has an off-the-record policy where you show your receipt to the right people, and if it that says you voted for the measure, it will be in your favour the next time layoffs come around? What about a union shop that wants to make sure people voted, and voted for the "right" people? How about the police department wondering who supported the tax increase to pay for more police officers?
Sadly, because there are so many ways to abuse a verification mechanism, I have to conclude that a secret ballot must be kept absolutely secret, even from the voter himself once he drops it in the ballot box. And that's why I still favour pencil and paper, or punched cards. At least there's something tangible to go back and recount.
-paul
Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
I think they need to concentrate not on a system that's open-source, but on a system where you don't need to trust the hardware to be able to verify the results. Open-source would be nice, but IMHO the critical requirement is more that you should be able to determine whether the reported results are correct without having to put unconditional trust in any one part of the system.
Eg., a system where the terminal records your vote electronically, then produces a printed ballot with both human-readable and barcode on it. The barcodes can be scanned quickly, so it's possible to compare the electronic results to the printed ballots. A template of the barcode for each possible value can be used to let humans quickly determine whether the barcodes match the human-readable name. And the voter can verify before putting his printed ballot in the box that the human-readable names on his ballot match the way he voted. Securing the physical ballots is similarly amenable to methods that insure that it'd take an improbable conspiracy to actually succeed in tampering with them.
transparency is introduced as a means of holding public officials accountable and fighting corruption. When government meetings are open to the press and the public, when budgets and financial statements may be reviewed by anyone, when laws, rules and decisions are open to discussion, they are seen as transparent and there is less opportunity for the authorities to abuse the system in their own interest.
Closeness and secrecy tend to be associated with dictatorships and tyranny.
EvilCON - Made Famous by
Here is a description of the one used in India: http://www.eci.gov.in/EVM/index.htm
Here is a comparision between the Deibold and the Indian EVM system:http://techaos.blogspot.com/2004/05/indian- evm-compared-with-diebold.html
Here is a wikipedia article on it:http://en.wikipedia.org/wiki/Indian_voting_mach ines
Implementing a system like this can make it so much easier to count votes and do it quickly too.
Well, for starters, wikipedia says:
"The American Dream is the idea (often associated with the Protestant work ethic) held by many in the United States of America that through hard work, courage and determination one can achieve prosperity. These were values held by many early European settlers, and have been passed on to subsequent generations. What the American Dream has become is a question under constant discussion."
That's what I've always heard it taught as, as well. Where does your variant come from?
... in Siberia, where Putin killed a fish with a speargun. He later claimed it was killed by Ukrainian separatists.
If you are looking for the Open Voting Consortium website, it may be found at http://www.openvotingconsortium.org/.
The basic idea that the OVC promotes is that of a computer-assisted voting station (or stations, to accomodate different kinds of voters who have physical impairments) that produces a paper ballot that *is* the official ballot and that can be read by both humans and computers.
This goes one step beyond verified voting. Verified voting has paper records that serve as audit trails but that are not themselves the official ballots. The OVC system goes one step further and makes the paper that the voter sees and approves the actual ballot.
There are a lot of complexities in voting systems; the OVC system avoids many of these difficulties because it is really a conservative application of computers to traditional methods.
In addition, the OVC system, because it produces a paper ballot, can have many different kinds of voting stations to accomodate the different physical needs of different voters.
The OVC wants voting software to be, at a minimum, open to inspection and testing by anyone.
Personally, I can conceive of some people who might come up with clever user interface mechanisms to help voters deal with ballots - and I personally don't think that those mechanism need to be part of the open voting systems. However, the core aspects of creating, handling, and counting ballots should not be wrapped in inpenetrable proprietary shrouds - every voter must know for a fact that his/her vote has been correctly recorded and correctly counted.
By-the-way - full disclosure time - I'm on the Board of Directors of the OVC.
Or even worse. The inventor of the Internet, Al Gore!
Anyone else notice that Diebold also handles other highly critical transactions? They make ATMs for Wells Fargo to card access for campuses?
Don't just read my summary of the article - read on, they go into a lot of depth, completely backing up my position. You better get your own source which contradicts the Wikipedia version.
In fact, as mentioned in the Wikipedia article, the concept of the "American Dream" was really popularized by Horatio Alger, Jr, a writer who in his time was as big of a seller as Mark Twain. All of Alger's stories were the same general outline: a boy grows up in poverty, but through a combination of luck and hard work, he ends up wealthy.
... in Siberia, where Putin killed a fish with a speargun. He later claimed it was killed by Ukrainian separatists.
In all this open source/closed source voting debate people completely miss the more important question: *why* are you pushing for voting machines in the first place? What problem are you trying to solve?
As a Canadian, I am completely baffled by our neighbours south of the border. Here in Canada, the *entire country* uses identical paper ballots and it works beautifully. Nothing can be more simple, transparent and verifiable than that.
Let me give you an example I really like. Back in 2000, Canadian federal election was called at the end of november, so it occured a few weeks after the US election. We knew the results the next morning (or, those who cared to stay up late, knew it the same day). In the meantime, our friends south of the border were still counting pregnent chads and butterfly ballots. At that point everyone went "huh? *that* is the world's greatest democracy?"
So seriously guys, what problem are you trying to solve with punch cards and computers? It clearly can't be the scale. Canada has twice the population of Florida and way more political parties. Convenience? No, can't be that either. One of the problems in Florida was that the voters found the butterfly ballots confusing. Speed of counting? No, can't be that. Canada, with twice the population and much greater voter turnout, managed to count all the ballots by hand in a few hours after the polls closed. So... uhhh.... what?
The way I see it, anything other than paper ballots serves only to obuscate voting and provide pork barrel for corporations that "donate" enough money. Electronic voting machines make the problem much worse. If there is no physical record of a vote, fraud and vote tampering is ridiculously easy. Think about it: how can you trust that a computer will add 1 vote to your candidate when you press the button? A group of security researchers have answered that question: you can't. Voting machines must contend with two conflicting requirements: verifiability and voter anonymity. Therefore, the only machine that provably satisfies both requirements is one that prints out a piece of paper that you deposit into the ballot box. In other words, a machine that acts as nothing more than a high-tech pencil. Whoop-deee-dooo! big progress!
So anyway, while open source voting machines are "better", they still don't solve the root of the problem: electronic voting reduces transparency and simplifies vote tampering. The proper solution solution is to go back to paper and pencil. But no, we can't have that. That would be admitting a mistake. And USians never make mistakes. Besides, paper & pencil is only used in those backwards uncivilized countries like Canada, Britain, Germany, France, Japan, etc. We are all k00l and high-tech and stuff!!!
___
If you think big enough, you'll never have to do it.
I think the main critique is between "successful"/"Prosperity" and "rich". My parents are by no means rich, but they live comfortably off their salaries, and own their own home (the half that the bank doesn't). Furthermore, they raised 2 kids, and have gotten me into college, with my little sister not far behind. The American Dream is if you work hard, you'll make it through OK. Now, on to the topic: It's a darn good thing. This way, we can all see flaws or attempts to manipulate the ballot (not that I'm accusing, just saying it could happen).
Just think about how many people are pissed about the last two elections and all the criticism of Diebold from very visable sources like Farenheit 9/11 and all. Regardless of what your view on that was, I think that this is an opportunity for FOSS to really shine in the eyes of voters.
-- Knowledge shared is power lost. -- Aleister Crowley
for example, one method which I read about not only keeps a paper record (which the user never has to handle, but is there for recounts)
Though hopefully they can see this paper, so they can verify that it is correct before it is automatically placed in the box. This is where the verification takes place, and after that you have all the usual physical security issues.
but prints out a tracking number that the user can enter on the election board's website and verify that their vote is in the system and who it is listed as being for.
Aaaaaaaaargh! Nooooo!
"Hello, Rei. If you could please verify for me that you voted for Mr. Burke, so I can give you the fifty dollars like I promised? If not, I'll just have to break your kneecaps, as I also promised." -- One of my campaign staff enforcement officers.
Anonymity is one of the parts you can't leave out of the system, okay?
The enemies of Democracy are
Canada does elections right.
They crack open the boxes at the precinct level. Anyone who wants to sit around and watch the counting is welcome to do so. Once the counters and witnesses sign off on a count, it's done and over with. All that remains is to transmit the precinct numbers, which could be easily done over the phone, with confirmation by transmitting the signed count document.
What's so hard about doing it that way and having the ballots just be big squares of newsprint with boxes you put an X inside?
Bruce
Bruce Perens.
It's 2 AM here in Norway, so I'm not going to write much else tonight.
Bruce
Bruce Perens.
Yes, because everybody knows that paper is a write-once, ready many system with built-in user authentication which cannot be hidden, destroyed, or otherwise tampered with.
It can be made so.
The trick here is to use an external system to verify the correctness of the voting system, called "election observers". The idea is that any person can volunteer to become an "election observer", and once they volunteer they get to sit around to verify that every voter is correctly verified and audited; ensure that everyone who comes in gets an equal chance to vote and put their vote in the box; and ensure that the box is correctly escorted and not tampered with. Because the "vote" is a piece of physical paper, this can all be done with relative ease. The database is a box. You can look at it.
When votes are electronic, this is not an option. You cannot sit there and stare at a Microsoft Access database file to ensure its integrity is preserved. You cannot sit and watch the electrons pouring over the ethernet cable to make sure none of them are being tampered with. You can of course write a computer program to do these things-- audit, observe, etc-- but then you run facefirst into a truly intractable security program, that of trusting trust. Okay, you've got this e-vote auditor program. How do you trust the auditor? How do you know the numbers the auditor is looking at are the ones that are really going into the database? How do you know the auditor hasn't been compromised?
When votes are physical objects marked in private booths and dropped into little boxes, we can trust the auditors because the task of auditing is simple, and because the auditors are numerous and diverse. Election stations will typically be watched by members of two or more political parties, meaning that if you wish to rig an election you can perhaps corrupt or fool a small number of the election observers but certainly not all of them. If you want to know how easily electronic auditors can be fooled en masse, well, look at every Microsoft worm ever. Then consider that the Nachi Worm successfully infected ATMs at banks, ATMs made incidentally by voting machine manufacturer Diebold...
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Bruce
Bruce Perens.
Better yet, just change the Wikipedia version and claim victory!
First the OVC system is a hybrid. It has paper ballots and touchscreen entry and hand counting and electronic counting. The cool thing is they pull all of that off in way that is simple and workable, not layers of complexity.
Second, this hybrid is more secure than either paper ballots or electronic voting alone.
Third it's potentially very cheap. Various bussiness models can be applied. One is that cheap commodity hardware is used and the computers given away to schools after every election. That ways maintainence, storage and physical security costs are minimized. Another possible bussniess model is that OVC becomes a standard and certifies vendors to that standard. They can only use OVC software, which is open source. THus no funny bussiness but professionally run elections and reusable hardware. Of course states could own all their own hardware and conduct their own election set-ups just like they do now so there's no need for a radical bussiness plan.
since the hardware is very cheap, states can have excess numbers of voting stations per precint to elminate lines. when heavy turn-out is expected adding more stations is not a problem.
It can be booted clean from CD. so there are fewer risks with physcial security and the software is immutable and verifiable afterwards (compared to harddisk or firmware in which validating what software actually ran is difficult to prove later).
The OVC systems has many of the virtues of touchscreen voting such as handicapped and language assitance. It also can handle multiple jursidictions in a single precint
OVC is techincally not a DRE system. it's a ballot printer system
The OVC system also avoids the major pitfalls most other electronic systems have namely:
1) no roll fed paper ballots under glass. OVC uses cut sheets the voter puts in the ballot box
2) standalone ballot bar code readers are available and separate from the vote casting machine. this allows voters to independently validate the bar code or have it readback to them in audio mode in a way that prevents any machine collusion
3) standalone ballot counters. again zero collusion with the ballot printer.
If something goes wrong and the machine loses the votes, the paper ballots still function as aperfect record of the vote.
the OVC system has many exingencies worked out like what happens if a voter flees. What happens if the number of electronic ballots differed from the number of paper. and many others. Election's expert Doug Jones consulted on many of these features.
The basic process is this. Vote on the terminal and it prints our a single sheet ballot with an edge bar code and a summary of all your choices in human readable form. if you don't like it just discard the ballot and vote again. Since there's no "terminal activation" tokens there's no hassle to vote over. When you have a ballot on paper that you like you can optionally validate the bar code with a wand which will read it back to you. then you place it in the ballot box and go get drunk.
when the polls close the election judges open the sealed box. then in the presence of witnesses they shuffle all the ballots, permenantly destroying any serial vote order. Next they wand each ballot and a computer reads it in, diplays the english version of the ballot on screen, and correlates that vote with the previously recorded electronic record. There must be an electronic record for every ballot to prevent stuffing the ballot box. the election judge can spot check as many screen texts with the printed texts as they want so there is now a second check on the bar codes. The existance of even a single discrepancy in the bar code and the printed text would signify a software malfunction and appropriate steps taken. The bar code adds a number of secure features. First it can be made hard to forge and possibly contain signaures. Second it can contain checksums and handshaking codes to assure the code was read correctly (unlike a conventional hand marked paper ba
Some drink at the fountain of knowledge. Others just gargle.
http://www.bbvforums.org/forums/messages/1954/8556 .html?1122679073
8 .html?1122664155
:). And coming up with $10k in bail was a pain.
5 .html?1124737282 ...and I've taken the first step in suing 'em:
d f
http://www.bbvforums.org/forums/messages/1954/856
The good news is, it was only 18 hours. Still sucked
But the DA's office dropped all charges:
http://www.bbvforums.org/forums/messages/1954/942
http://www.equalccw.com/claimforcivildamagesnet.p
The mayhem from an OSS voting system in California could be potentially horrible for open source software. It's impossible to have an election with paper and pencil that doesn't get scrutinized. Hell, it was impossible for Florida to have an election with punch cards.
If paper and pencil or styli and punch cards can be questioned open source could be trashed by the media and politicans alike. It won't be long before Microsoft and HP roll out their own 'secure' and 'trusted' and 'robust' solution to mop up the mess.
This could also be a move to discredit open souce if the CA panel finds that OSS is too insecure to use for elections.
This seems like a bad idea to me. All it takes is one stupid reporter jacking up a mass emotional response by saying the OSS operating system has "known security flaws with well documented vulnerabilities that anyone can download off the Internet" to result in an (appointed) ludite judge ruling the machines are too insecure to use for an election. Watch the lawsuits fly off the wall faster than attorneys can catch them.
Before the OSS party line is toed too closely I see this posing a far greater risk to the general acceptability of OSS than the marketing armies of proprietary software companies.
The Luddites were ahead of their time.