Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wisconsin Requires Open Source, Verifiable Voting

Posted by ScuttleMonkey on from the honesty-is-for-sissies dept.

AdamBLang writes "Previously covered on Slashdot, Wisconsin Governor Jim Doyle today signed legislation that "will require the software of touch-screen voting machines used in elections to be open-source. Municipalities that use electronic voting machines are responsible for providing to the public, on request, the code used." Madison's Capital Times reports "the bill requires that if a municipality uses an electronic voting system that consists of a voting machine, the machine must generate a complete paper ballot showing all votes cast by each elector that is visually verifiable by the elector before he or she leaves the machine.""

16 of 375 comments (clear)

  1. KISS by grub · · Score: 5, Insightful


    [T]he machine must generate a complete paper ballot showing all votes cast by each elector that is visually verifiable by the elector before he or she leaves the machine.

    And how do we know that the prinout matches whatever counter is incremented within the computer? Being open source makes it tamper-resistent, not tamper-proof. Would it not be easier to just use a paper ballot in the first place? Then any recount could be performed against the actual ballots cast, not as a spot check against computer (glitches|fraud).

    --
    Trolling is a art,
    1. Re:KISS by McGiraf · · Score: 3, Insightful

      if there is a doubt you ask for a recount and count .... the paper ballots!

      duh ..

    2. Re:KISS by Dutchmaan · · Score: 4, Insightful

      We can only move in the right direction.. This is a positive step to be sure, and as flaws in this system reveal themselves we will take further steps toward refining the process of preserving intergrity in the voting system.

      The perfect democracy is a goal and can never really be perfectly attained... but it serves as a compass to keep us going in the right direction.

    3. Re:KISS by grub · · Score: 3, Insightful


      "if". Being that leadership of government is being determined, I'd prefer the actual cast ballots be counted. Canada does it in a few hours with 1/10th the US population (and the public can view the count I believe)

      --
      Trolling is a art,
    4. Re:KISS by cait56 · · Score: 3, Insightful

      That's why you also need a write-only audit trail produced
      before the voter leaves the booth. A second paper copy is
      certainly one form of a write-only audit trail.

      Keep in mind that paper-ballots were far from perfect.
      Counters could and did vote for people who neglected
      to fill in for some contests, and/or create extraneous
      marks on the ballot to make it retroactively ambiguous.

      A print-out with full candidate names is a lot harder
      to alter than a pre-printed form with Xs inside of boxes.

    5. Re:KISS by kfg · · Score: 5, Insightful

      . . .put your thumbprint in the corner . . .

      No.

      KFG

    6. Re:KISS by HUADPE · · Score: 5, Insightful

      Agreed. One of the major tenets of democratic voting is the secret ballot. This is in and of itself a problem with electronic voting because the order of votes can be counted as well as the votes themselves. A determined individual can then match the order and time of votes to individuals as they signed in to the polling place. Non-secret ballots can allow for voter intimidation (will the new mayor fire people who voted against him?)

      --
      This sig has not been evaluated by the FDA. It is not designed to diagnose, treat, prevent, or cure any disease.
    7. Re:KISS by oni · · Score: 3, Insightful

      Just off the top of my head, I would say:
      Give the voter a receipt that consists of, 1) a long randomly generated ReceiptID, 2) a plaintext record of the vote (as in, "you voted for Kodos"), and 3) a cryptographic signature.

      So in other words, I have a peice of paper that I get to take home with me and on that peice of paper is written:
      ------ Begin PHP Signed Text -----
      ReceiptID 243524534523423454345234234
      Voted For: Kodos
      ------ Begin PHP Signatre Block -----
      (signature here)
      ------ End PHP Signatre Block -----
      ------ End PHP Signed Text -----

      After the election, you can publish the ReceiptIDs and vote records on a website. Anyone who wants to verify the authenticity of the election can tally all the votes themselves. If I want to make sure that MY vote counted, I can look it up. If I see that they changed my vote, I can come forward with my reciept. I can't change my receipt because it's crytographically signed. Nobody can find out who I am because my reciept number has nothing at all to do with me, it's just a random unique number.

      (why is it that this stuff always seems easy to us slashdotians? Why do corporations always make it so complicated and broken??)

    8. Re:KISS by mooneyd · · Score: 4, Insightful

      That's exactly how it should be done. Use a touch screen to make your choices, it prints out a op-scannable ballot you can hold in your hand and verify. You then stick it in one of two slots: the scanner slot or the shredder slot. That action will either confirm or reject your vote inherantly. If you reject the ballot, you can go through it again on the touchscreen, otherwise you are done.

      And the machines should be developed by national research labratory in a completely open and transparent way. The source code, design plans and manufacturing process would be completely auditable by the public. No corporate control of voting machines. No security through obscurity.

    9. Re:KISS by hazem · · Score: 4, Insightful

      The problem with a receipt is that it can then be used to make sure you voted a certain way.

      corrupt boss: Joe, have fun voting, and be sure to bring back your receipt so I can know how you voted and decide if I'm going to fire you. Oh yeah, and if you don't have a receipt, I'll fire you.

    10. Re:KISS by sam1am · · Score: 4, Insightful

      As has been mentioned elsewhere; this is a bad idea, because you could be "persuaded" to share your receipt number with someone else, who could use it to verify you voted a certain way.

      Guy sets up booth taking receipts that prove a vote for candidate A, you get $10.

      Or more insidious, your boss tells you you need to vote for candidate A. In order to obtain your next paycheck, you must show your receipt that you voted for candidate A.

      Once you leave the polling place, you should not be able to verify your vote to yourself or anyone else.

      (Now, if you took that receipt and dropped it in the ballot box on the way out of the polling place, that's another story)

    11. Re:KISS by Rich0 · · Score: 3, Insightful

      Agreed - the simplest and most efficent solution is full automation with some percentage of completely random auditing.

      In each state pick 10 precients at random, and count every last vote in them - they better agree to the automated total.

      The proposal to always count them manually amounts to 100% auditing. Sure, it works, but it really isn't necessary. In fact, it is likely to have a higher error rate since there is no value being checked against (unless you have two independant groups count all the votes separately and submit separate counts which are then cross-checked).

      Have each machine programmed, assembled, and sealed by an individual who signs some dotted line. If the count turns out wrong, the machine gets a major investigation. If there is fraud, the individual gets sent to prison with an opportunity to somewhat reduce his sentence by singing like a canary.

      The EU uses systems like this for drug imports. If you want to certify a lot of manufactured drugs as safe for use in Europe, you have to have an EU citizen sign on the final line. The logic is that there is at least somebody personally accountable for the action who lives in the EU jurisdiction. In the same way, if a megacorp builds a bridge there is still an individual engineer signing each drawing.

      The key to law enforcement is individual accountability. No need to waste huge amounts of money counting every vote by hand. You just need to make sure the system fosters accountability. If you check 5% of the precients across the country the chance of any widespread fraud going uncaught is very low. Once widespread fraud is detected you would of course count every last piece of paper three times, and send the bill to the perpetrators...

    12. Re:KISS by hackstraw · · Score: 4, Insightful


      I wish I was on a website with computer geeks.

      "hanging chads"

      Bullshit. Punchcards were first made in the early 1800's and then used more commonly by big computer companies like IBM in the late 1800's. They were not used after the late 70's because they sucked. I work with people that used punch cards to program computers. They never talk about "chads" they talk about things like getting cards out of order, dropping them on the ground and not being able to edit them once made. They don't talk about "chads", those are invented words for the 2000 election well after nobody used punchcards for over 20 years.

      I've taken a number of standardized tests for over 20 years that have never, ever used punchcards or had hanging chads. They were all done with standard #2 pencils and a piece of paper that could scan them at remarkable speeds and accuracy. I'm sure somebody could counter with a time that one kid had his SAT score off by a point or two out of 1600 or the 2400 or whatever it is now, but AFAK they are beyond human accuracy, and never, ever have "chad" issues.

      So, why all the talk and fuss about this stuff? Are elections routinely rigged? Is this the new terrorist plot? Are the scantron type ballots that I have used rigged or wrong? Are the mechanical vote counters rigged or wrong? Was the President of the United States chosen by popular ballot in 2000? Does it even matter?

      The more this disinformation keeps us busy, it makes those who really matter in these matters more free to have more room to do whatever they want to do.

      I don't believe its any more difficult to count nominal data accurately than it ever was. Its the people that do the counting that are always variable, and will always be.

    13. Re:KISS by VE3MTM · · Score: 3, Insightful
      US Code, Title 42, Chapter 20, Subchapter 1, Section 1971:

      (b) Intimidation, threats, or coercion
      No person, whether acting under color of law or otherwise, shall intimidate, threaten, coerce, or attempt to intimidate, threaten, or coerce any other person for the purpose of interfering with the right of such other person to vote or to vote as he may choose, or of causing such other person to vote for, or not to vote for, any candidate for the office of President, Vice President, presidential elector, Member of the Senate, or Member of the House of Representatives, Delegates or Commissioners from the Territories or possessions, at any general, special, or primary election held solely or in part for the purpose of selecting or electing any such candidate.


      Source: http://assembler.law.cornell.edu/uscode/html/uscod e42/usc_sec_42_00001971----000-.html

      Ah, yes, those pesky laws.
      --
      09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 Whoops, silly middle mouse button...
  2. ABOUT GODDAMN TIME! by Mattness · · Score: 3, Insightful

    Paper receipts should be a no brainer, as should be open source software for voting machines. Too bad this isn't occurring in every state, yet. Or is it? I am an ignorant person about this topic. Someone enlighten me.

  3. Federal Mandate Time by Kefaa · · Score: 4, Insightful

    Can someone explain why we can standardize street signs and the amount of sugar allowed in school lunches but we cannot get a standardized election system?

    After the 2000 election debacle, we had money thrown at the states to "fix the problem." So we ended up with 35 different solutions.

    A simple federal mandate - the voter must be verifiable, their vote must be able to be able to be authenticated after they leave the booth, in the event of a recount and the system can be fully audited. Instead, we have systems with no paper trails, questionable vendor operations, and seemingly contradictory election results.

    We can make millions of secure stock sales, bank transfers and on-line purchases daily, and we cannot get a vote counted and auditable? The people who produced these machines should be fired for stupidity and forced to return our money.