Slashdot Mirror
WI Assembly OKs Voting Paper Trail
AdamBLang writes "Madison Wisconsin's Capitol Times reports 'With only four dissenting votes, the state Assembly easily passed a bill that would require that electronic voting machines create a paper record. The goal of the legislation is to make sure that Wisconsin's soon-to-be-purchased touch screen machines create a paper ballot that can be audited to verify election results.' Slashdot has previously reported on this bill." More from the article: "Wisconsin cannot go down the path of states like Florida and Ohio in having elections that the public simply doesn't trust ... By requiring a paper record on every electronic voting machine, we will ensure that not only does your vote matter in Wisconsin, but it also counts."
Unfortunantly, this paper trail will still record your multiple votes if you live in Milwaukee.
The folks over at Diebold are happy to hear this--now they can charge a whole bunch extra for printers...
Of course they may have to spend it on software fixes...
Its too bad this doesnt work on punch cards, especially with those "pregnant chads"
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
While this will help people put greater trust in the system by providing a paper trail, the core problem is still there. If you can commit fraud by altering a computer system, surely you can commit fraud by altering the part of the system that generates the paper trail, or by altering/switching the paper trail itself. This is a limitation of technological solutions to problems of trust and reciprocity. They always encounter the problem of infinite regress, where the technological solution to a problem (often a problem generated by a previous technological solution) is always able to be undermined. This is one of the arguments why DRM is doomed to fail (eg DVD Jon can always hack the next "improved" version of DRM). In this sense, electronic voting systems are much like DRM: an inevitably limited and imperfect techonological solution that gets in the way of an important process of trust and reciprocity.
I assume that after the vote is cast, the voter can view the receipt. That way they can make sure their vote registered (no more dimple or chad issues). Also, if there's a discrepency between what you actually voted and what the receipt says, you can take it to the election judge.
If it ain't broke, it needs more features!
Oh...nevermind. I made that up. ;P
Blog: http://richardrandomrants.blogspot.com/
This takes care of one issue. Now they need to start requiring a photo id to vote. A couple of state politicians have presented plans that would work, including ones that provide free photo ids to anyone who doesn't have a driver's license. People who didn't have a photo id when they went to vote would still be able to cast their vote, but it would be flagged in case of a recount. The vote would be unflagged if the voter provided a photo id at any point after the vote.
It makes sense, especially when there were many cases of voter fraud in Milwaukee during the 2004 election. Many votes were cast from addresses that don't exist. Granted, a photo id won't solve all the issues with voter fraud, but neither will a paper trail. Both are still a step in the right direction.
You have enemies? Good. That means you've stood up for something, sometime in your life. --Winston Churchill
...everybody knows that votes on paper can never be tampered with.
A guy walks into a bar... well, I forgot the joke, but the punchline is that he's an alcoholic.
and here are more or less the electoral fraud techniques used by the party in power for about 70 years:
* "pregnant urns". Before the votes took place, urns were already filled with votes.
* Operation "Carousel" - groups of persons voting twice, or more
* Operation "Tamal" (a tamal is some kind of corn candy kept inside corn leaves). You grab two ballots and fold them, so now you vote for two.
* Operation "Ratón Loco" (crazy mouse). Some guy steals the urns in strategic areas (specially where the opposition is strong) and disappears.
* Vote rewriting. Before impartial organisms counted the votes, the people in charge would alter votes that were against the party in power, and nullify them.
* Dead votes. People who had died managed miraculously to resurrect and vote in favor of the official candidate.
And the most famous of all... (drum rolls, please)
The system crash. In the 1988 elections, after all the ballots were collected, the computer counting the votes suddenly went down, and when the system was up again, the votes now favored the official candidate.
After having to endure all these forms of electoral fraud, laws in Mexico became stricter to make the elections safe from frauds. These laws were promoted and approved, of course, by the opposition congressmen. One of these measures, was the inclusion of photographs in the voting credential (official ID). Another was having a designated area to vote according to your registered address. The voting areas are usually schools or museums, not farther than 5 or 6 blocks from your home.
As a result of all these measures, we finally had a president from the opposition party in 2000.
And it's kinda ironic that we have surpassed the U.S. (whom we had taken as model for transparency and democracy) because of U.S. problems like electronic voting machines, and because we use the popular vote and have more than two political parties.
what we need is simplicity when it comes to voting, not complexity. i believe we should never go to electronic voting, and even get rid of mechanical voting booths, which has a sordid history of tampering
fraud happens in all forms of voting mechanisms, and voting is just too much of an important and vulnerable part of our social cohesion and the source of so much faith in and integrity of our government. being so vital and vulnerable, the point in my mind would be to oversimplify the voting process on purpose. the more complex the system, the more points of failure and the more possibilities of fraud. so make the process very simple: paper ballots
i mean seriously, why the technophilia? voting is a problem that is not solved better with more technology, just made more complex. paper ballots i say. the slashdot crowd of any crowd of people should know all about the various and sordid ways malfeasance can be achieved in electronic communication and electronic storage. voting is not a complex math problem. it's very simple. no computer need apply
the slashdot crowd, as technophilic as it is, should know better than any crowd of people why electronic voting can be a downright scary prospect. don't mess with it, simplify it, which means avoiding computers in the voting process like the plague. i'm not a luddite, i am simply saying that specifically in reference to the voting process, it must be simplified technologically to ensure faith and integrity in our government
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I can't think of any reason why you should be able to take a record of your vote with you, but I have heard of one reason why you shouldn't. Allowing the voter to take proof of their voting choice allows for vote buying.
In other news, Gov. Jeb Bush has signed a contract with Diebold for a system that can provide an electronic audit trail for Florida's paper ballots. Gov. Bush said "This is a great day for democracy. We will now have the capability to handle vote recounts in a fraction of a second."
I asked a poll worker how everything worked and he explained how it was all "triple redundant" and that "my vote would count this time". Other than that, I couldn't get much more out of him as he was busy. I'd like to know what role the paper copy plays in the official results. If the paper copies are only used in recounts, then all a crafty attacker would have to do is make sure he altered the votes enough that any recount would not need to be triggered.
Issues 2-5 went down hard when there were some polls that showed them ahead a few days before the election. I'm a bit suspicious when I hear issue 2 is going to pass 60/40 and it gets shut down 35/65 (or something similar).
Any paper trail is worthless unless each voter is able to verify the printed record, *AND* the printed record is considered equivalent to any other vote. The Wisconsin bill only requires that a paper record be produced, not that the voter can see it. Why is this so important? Because of the FEC source code review clusterfuck.
HAVA [Help America Vote Act] gives the FEC governance over electronic voting, including establishing source code review procedures for all machines used in a Federal election (read: all voting machines). However, there are so many flaws in the FEC review procedure that it's downright scarry.
1. Coding standards more concerned with technical compliance than correct function. Turns out, the coding standards say more about the correct format of a "for" statement, or the appropriate amount of boilerplate documentation per method, than they do about defining correct operation, error tollerance, or anything else.
2. FEC code review doesn't cover "libraries". Want to include malicous code that only kicks in on the appropriate date, with sufficient voting volume to bury aberation in the noise? Throw it in a library, and use it in the project. Want to be really sneaky? Rebuild an open source library, or some external piece like a database driver or print driver with your malicous code.
3. Fudging alowed in FEC testing. System can't stay stable enough to run 100,000 votes sequentially on a single machine? Throw in automatic application restarts at a set interval into your test harness backend; test harness code isn't reviewed.
4. No enforcement procedure to verify reviewed code is the code running on election day. Not even checksums are required to verify compiled libraries/assmblies/executables are the same as the day they were submitted for review.
5. Reviewer incompetence. FEC reviewers may not be familiar with the language being reviewed. One claimed unequivocally that "length" was a Java keyword, and as such, couldn't be used as a variable name (a glance at the Java spec confirms his mistake). Why? Since it was used without parens like a method call, it must be a keyword.
6. Bogus documentation passes inspection. Don't have all the required class/method/variable documentation for the 2002 standards? Write a comment generator, fix it up a little by hand, and you're set!
OK, so the coding review and coding standards suck. What's that have to do with the voter verifiable paper trail? Everything. Unless the voter can visually check the ballot (and ideally should have to "sign off on it" before the electonic vote is committed), what's to stop hidden/poorly reviewed code from altering the printout *AND* the electronic vode database?
What about the paper receipt being equivelent to a traditional paper ballot? Some voting legeslation only allows the paper ballot to be used for verification, not as a true ballot. So, while you may recount the paper trail, the numbers from the recount are not legally votes, and cannot be used to change the outcome of an election (a fact that would be gleefully used by the conveniently "winning" side in a contested election). The Wisconsin bill does not specify in this matter.
How can we do better? Take a look at the procedure recommended by the Open Voting Consortium http://www.openvotingconsortium.org/>. The *primary* representation of a vote is the printed paper ballot, with a machine readable representation output beside the human readable representation. After voting concludes, each paper ballot is scanned, and compared to the electronic count.
By the way, hope your voting machine vendor has valid source control procedures (like not using a single account for all checkins?), so a malicious contractor can't check in random changes to the code base/libraries. [Evil laughter...]
Scott Severtson
Senior Architect, Digital Measures
Finland has ~5M ppl and uses paper ballots that are counted by hand in a matter of days. Why can't US cities and counties of similar size use this old system? Just scale up the number of people doing the counting.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
When the original count was done the results showed that the Republican candidate had won by a 173 vote margin. However, someone noticed that the Republican candiate was coming in as a Democrat in this one district so anyone who voted a straight-party democratic ticket was inadvertently casting votes for the Republican candidate.
A hand recount was ordered and after the recount it was found that the Republican candidate had a 2 vote margin (not in the article but the local news has stated this). This isn't the end though. The provisional ballots still have to be counted.
Maybe in the end the Republican candidate will still win but had a paper trail not been available, and someone sharp enough to notice the discrepancy, a recount would have been nearly impossible using only the computerized records.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Conclusion? Mexico seems to have been slowly and steadily improving as some adjacent parts of the US seem to have been steadily going downhill, electorally.
Pining for the fjords
As a campaigner here in AZ against Prop 200, I suppose I have to answer, although it seldom appears that explaining this results in much information being absorbed. Warning: as some actual facts are included below, it's a fairly lengthy post.
First, prop 200 requires proof of citizenship in order to register to vote. This makes it extraordinarily difficult to register people. In the past, voter registration drives have generally been run (by both parties and nonpartisan groups) by going out to where people are, with a table or some clipboards, and getting them to sign up. This is no longer possible; people need to have a copy of their birth certificate, naturalization papers or passport with them, and attach a photocopy of it to their registration form. This pretty much means no one can register without planning to do so and going down to the county recorder's office during business hours. This isn't exactly a flat bias, either; it's much more difficult for people who are less likely to have their paperwork carefully filed away where they can get it (students, the poor, non-native-english-speakers) and those who have less free or flexible time to deal with the problem (pretty much the same list.) (Caveat: the big exception is that if you have a recent, Arizona driver's license, you've already dealt with the same problem at the DMV and don't need to again. That's many eligible voters but far from all. OTOH, if you have changed your name - usually because you married - you also need the documentation of that name change attached. Sorry, ladies!)
Then we get to actually voting. Now you need to bring proof of identity with you to the polls. These rules were only finalized a few weeks ago, so apologies if I get any details wrong. Your proof of ID has to be government-issued photo ID, or else the typical pain-in-the-ass of multiple utility bills or the like. In either case the address must match the address you're registered at, which legally has to be your current residence - moved since you got your driver's license five years ago? Sorry! A student in a dorm who doesn't get utility bills? Oops! The same groups, again, have a harder time voting. The alert Slashdot security geek, or anyone who has ever gotten into a bar with a fake ID, will note that this methodology isn't exactly a vast increase in security. It will, however, make lines at the polls a lot longer, particularly in places with high concentrations of - again - students, transient people, non-english-speakers. And it raises the bar for knowing the rules in advance. Who's least likely to get the information about the new rules? You guessed it. Who has the least flexibility in their lives to devote a couple of hours to the voting process? Yup.
We had to fight to get these rules as lenient as they are, actually; at least if you don't meet the ID requirement, you're supposed to be able to vote a provisional ballot, although the process for counting those leaves a great deal to be desired. It took a veto by our governor, gods bless her, to get that far - even though it would seem to be a basic, fundamental idea to anyone who actually cared about vote integrity: no ID? we'll check your status afterwards.
Meanwhile, the real hole in the voting system - I don't consider this an actual problem, but certainly from a security geek standpoint it's the obvious point of attack - is voting by mail. Far easier to fake in quantity than it is at the actual polls, right? No ID requirement was added to VBM at all. Yup. Show up in person, you're lucky you don't have to take a DNA scan. Send in a piece of paper from anywhere in the world, no effort is made to verify its source whatsoever. Who's least likely to vote by mail? There we are again.
The list of peop
You're mostly right, as a practical principle. But you write off Ohio as legit because "it wasn't that close". Ohio was won by Bush by 110K votes. Leave out the number of votes (possibly) reversed by machines (thereby doubled in their power), which would mean only 55K people out of 5.6M Bush/Kerry voters, or <1%. Ohio's Election day saw many thousands of black people's neighborhoods undersupplied with voting machines. Thousands of people testified that they waited hours to vote, then gave up. People reported that they were harassed by police for parking too long near polling places while waiting hours.
And how about the obvious fraud in Warren County, where they illegally locked the counting behind closed doors, citing a fake "top-level Homeland Security alert" that was never issued, and for which they never supplied a DHS source? I personally phonebanked Warren County the week before the election, and spoke to a woman who had volunteered at the polling place in years past. She wouldn't say who she would vote for, but I got the impression it was Bush. But she was so disgusted with the total ignorance, incompetence and outright stupidity of the 2004 staff that she refused to help. She was so upset that she shared her anger with me, an anonymous phone pollster. Later in the week I saw the results: a crudely performed fraud while counting Warren's 68K:26K Bush vote, which obviously hid many "extra" state Bush votes in its margin. Then there's the testimony of other poll place volunteers of voting machine reps showing up to tinker with uncounted vote tally cards, along with cheat sheets mounted on walls and advice from the company how to sneak peeks at them to lie to monitoring officials when investigated. Then look at the rest of the fraud committed by Ohio Republicans in charge of the election (itself a basic broken system feature), including the head of the state election doubling as Bush's state campaign chief.
These frauds are all documented - except perhaps my private conversation with the aghast ex poll volunteer. But not in the major press. It's obvious the vote was seriously rigged in Ohio. I'll be willing to look into evidence that votes were rigged in Kerry's favor there, when someone actually produces any shred of actual evidence. But it's obvious that Bush rigged Ohio, that the media is complicit in the coverup, that most of Congress (including Democrats) is complicit in the coverup - except maybe the House Judiciary Democrats and their allies, who have hammered at this fraud with hearings, investigations, evidence, demands for Congressional action, attempted legislation. Even Kerry's unnecessary - and apparently unwarranted - concession, with money in the bank and an army of lawyers, as well as at least 49% of American voters behind him, is complicit. If not in throwing an election, then at least in throwing away the chance to scrutinize and fix our obviously broken system.
--
make install -not war
Since you're interested in ongoing vote fraud, here's the latest evidence of scams in Ohio, from last month's election.
--
make install -not war