Slashdot Mirror
OSS Election Systems Desired, but Not Ready
An anonymous reader writes "Even though many American voters are ready for open source systems at the polls, Newsforge (a Slashdot sister site) has an interesting story about why open source may not be ready for the polls. From the article: 'The only open source e-voting effort that Rubin [an e-voting expert] noted was the Open Voting Consortium (OVC). "I don't agree with everything they are doing, but they are all about transparency and open source," Rubin said. OVC President and CEO Alan Dechert says it would take a large investment of time and money to provide an alternative to traditional e-voting systems vendors, but he says an effort known as Open Voting Solutions (OVS) is looking to do just that.'"
What's wrong with paper ballots? They work great in Canada. We even have election results within a few hours, at most. As far as I can tell the only "downside" is that paper ballots are hard to rig elections with.
Religion for nerds. Stuff that really matters
Here in Australia we have a system that works, and has been used already.
http://www.softimp.com.au/index.php?id=evoting
Common sense is not so common
1. Open source. We need to be able to trust these systems and how can we do that without being able to examine the code behind them?
2. Paper records kept for the government. Just in case there is a trust issue, this is a backup method for the recount.
3. Paper records for the voter. Worst case, every voter has a copy of their own vote. Hard to use for a recount, but could help identify irregularities.
So easy. I am all for having the convenience and speed of electronic voting, but I cannot for the life of me understand why we must give up the benefits of paper ballots at the same time, and even improve on them (as in the paper copy for the voter).
"Successful open voting systems that are cheaper, easier to manage, and more transparent than proprietary systems can be found in Australia, Canada, Estonia, and other places."
Perhaps the author meant to say:
"no American vendor offers open source software and systems that are ready for voting."
Can anyone explain me how can I trust OSS running box more than the one running closed software? How can I verify that the software running in the box is the same I verified? How can I be sure the cpu isn't mangled by some foreign goverment? (Since most hw is now made on taiwan..) What's wrong with paper ballots?
I don't care how "open" or secure a system is, I want a paper trail.
We make photo kiosks. Every time someone places an order, we print a receipt. The receipt printer is one of the most reliable pieces of equipment on our systesm. We have about 60 employees. If we can do it, I see no reason why you could not have a voting machine print a paper receipt with your voting selection on it along with a unique, encrypted number. On the way out, the voter places the receipt (or paper ballot, if you will) in the drop box. Once the election is over, if everyone is satisfied with the results, the paper ballots are discarded. If there is a challenge, the paper receipts are counted and compared to the digital count. There should not be much of a difference. If the difference is enough to change the outcome, I'd say go with the paper count. However, if voting fraud is an issue, it will not be a small margin. It is doubtful that someone will try to fraud for only a couple of votes and there should never be more pieces of paper in the box than digital votes cast.
This will allow for a challenge, investigation, and is the only way to provide for a recount.
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
I haven't really read how this e-voting works, but if it means you can log on to a website and vote from home, wouldn't that make your vote not anonymus? What would happen with the log of your IP, your vote could be traced back to you.
I like paper ballots because they don't get traced back to you, once you put it in the box you have no identity.
I would have thought that the fundamental problem with closed source, in this particular application (not in general), is the fact that it is closed source. For elections to work it is important that the entire process be open to scrutiny. If something goes wrong, you need to be able to look through and find what/where... even if the only remedy is to say "bug x in function y of the source code makes this result invalid, we need to vote again using a different system (eg. paper)". But if the source is not available for scrutiny, you can't do this... you can look at the results and say "that's a bit odd", but you can't trace back to probable cause. This is precisely what closed source software can never get right, whereas OSS does by definition
But if closed source polls can't get it right, what makes us think that OSS polls can?
The difference is that, with an OSS voting system, if there's a problem with the code, the public will (be able to) know about it.
Compare that to Diebold and ask yourself how likely it is that they'd be forthcoming with crucial details if and when something goes haywire with their electronic voting machines.
...my apologies for forgetting Slashdot used HTML formatting for posts by default. Let me repost that entire post, since it's nearly unreadable.
It's funny you should mention that. About a week ago I found http://crp.org/industries/list.asp , did some investigation, and posted the following summary of interesting points on another site I visit:
- The Republicans received $20 million from oil/gas companies, compared to $5 million for Democrats. This sounds significant, but it actually is only significant in how small this amount is (considering how many people say the Republicans are in the pocket of the oil industry). This amounts to 2.3% of the Republicans' campaign donations for 2004.
- Democrats receive a MASSIVE amount of finance from law firms and lawyers - $149 million, or 16.6% of their total finance, compared to $59.9 million for Republicans. This is by far the single largest industry (and the one with the biggest difference in contributions) that I've found.
- There is no significant difference between the two parties in terms of contributions from lobbyists.
- Republicans received $195.8 million the finance/insurance/real estate industries, compared to $136.8 million for Democrats
- Democrats received $111.8 million from single-issue activists, compared to $68.8 million for Republicans
- Democrats received about 2.5% more finance than Republicans ($900 million for Democrats, $880 million for Republicans).
- Democrats received $53.6 million from labor unions, compared to $7.7 million for Republicans.
This prompted such replies as "same shit, different pile" and "I think you've just summed the near entirety of political science" (in reference to the previous quote). If you think one party is morally superior to the other, or that the character of members of one party is superior to those of the other, reality will crush your misconceptions.
You have tried to support your argument with faulty reasoning! Go directly to jail; do not pass Go, do not collect $200!
It's cheaper to count them by hand. A full county wide voting machine system costs a lot of money, a lot of money that could buy a lot of ballot counting labor hours.
I love a technofix as much as the next geek, but computerized voting machines are not the technology for now.
Start Running Better Polls
VOTER: "Okay need to vote...here we go...."
....
........
VOTER: "Huh, it's a command line terminal...Okay..."
Looks at people running the voting place
VOTER: "Excuse me. How do I vote....?...Uh huh...'ls'? Uh huh...'RFTM?' What does that mean...Oh I see. Thank you very much"
ls
VOTER: "Okay there's a file in here called README and INSTALL. I'll look at README first."
after some time...
VOTER: "Seams to be something about a pissed off guy named Richard and something he humps called a GNU...Okay. I'll take a look at INSTALL instead here"
VOTER: "Generic install instructions....something something something, configure....something something make? Okay worth a shot"
configure; make; make install
Checking for sed.....ok
Checking for awk.....ok
Checking for kernl...
30 mintues latter
Checking for libyourmom....ok
Checking for libkitchensick...Found Emacs....ok
Checking for ruby on rails....
ruby on rails not found...
ruby on rails not found.??
ruby on rails not found.??!!!!!!
RUBY ON RAILS NOT FOUND!!!!!!!!!!!!
Ruby on rails is the latest h4x0r dood!!!!!
Install Ruby rails AJAX0r!!!!
VOTER: "Son of a....!"
The (software|hardware) is only as smart as the person operating it.
The same could be said for democracy...
All available data suggest that regardless of any of this, the sun will still come up tomorrow.
The worst part about OSS election software is that someone else runs 'make', you run 'make install', but the install process installs too much crap and trashes some of your local files.
Then, you try to 'make uninstall' but the process fails halfway through and so you're left with a system in an unknown state, with rogue files hanging out everyyear.
But as Thomas Jefferson said, it's doubful that your current system will remain stable forever. Every once in a while you need to Reinstall the Operating System.
94% of Repubs and 21% of Dems voted to renew the Patriot Act
Look. This is America. The nation that led the world in technological development for two hundred years, put men on the Moon a couple of times and invented the personal computer, and now we're saying that we can't even develop a machine that can count reliably???!!! Please. This is not, repeat not a technological issue. It is a political one, pure and simple.
The only reason that implementing a transparent, auditable electronic voting system is such a problem is because there are certain people that have a vested interest in making it a problem.
The higher the technology, the sharper that two-edged sword.
Is closed source ready for the polls?
A blind citizen given a paper ballot has to get someone to help, raising problems of confidentiality and trust.
A computer UI can, in principle, be made easier to follow than a crowded piece of paper. Googling for "butterfly ballot" will get you an example that turned out to be important. A computerized ballot can do validity checking and spare the counting system from having to divine "voter intent" from a double-voted or unreadable ballot.
Those are the only real advantages I've ever seen mentioned.
These are a bit trickier than just building a machine that can add 1 to a column, but not THAT much harder.
I would ascribe every digital ballot paper with a hash value that uniquely identifies that paper and would be hard to forge. eg: Have each ballot paper marked with a serial number, then digitally signed by the electoral authorities.
Each voter's voting card would have a totally random public encryption key on it, plus a number. On going to the voting machine, the card would first tick the person off on the list of people who had voted. After casting the votes, the machine would encrypt the ballot paper with the encryption key, then it would append the number to the end. The electronic ballot paper would then, after a random delay, be sent back to the central repository via an SSL connection. The machine would keep no tallies and no records whatsoever. Nor would the local office. It would all be central. (The local office could count votes cast, though, as it would be useful to compare against votes decoded.)
The central system would use the number to select a relatively small set of private keys. It would try each key in turn until it found the key that unlocked that ballot paper. That private key would then be deleted. The unlocked ballot paper would be placed into a secure database. The number of valid votes identified would be counted and publicly published in real-time.
Just to be absolutely certain what is meant here, the database must be write-only from the central system and must be in a tamper-proof environment. Once all ballots are uploaded, it will then perform the count and download the results, ALL of the decrypted ballots and ALL of the encrypted ballots.
That way, anyone can perform a recount and although it would be a monumental task to validate the votes, it could be done. This system is pseudo-anonymous, not truly anonymous, using a VERY large base to make anonymity effective. The upshot is that if a random sample of voter cards were gathered (anonymously!), it would be possible to show that each of those cards matches to exactly one encrypted vote and one decrypted vote.
This shouldn't be necessary, as most of the avenues for fraud have already been eliminated. The effort to fraudulently enter a vote in this system would be extraordinary, as it would require breaking the ballot paper generation system, the encryption key system AND the decryption system, in order to be transparent. Failure to break all of these would result in the votes being rejected by the unbroken component.
I don't think an actual voting system need be this complex, but that's not the point. The point here is that it is possible to imagine a system that is (a) Open Source and (b) so damn-near impervious that it would be cheaper to just buy the person who'd been elected than rig so much as a single vote.
Has this been done? Probably not. Could it be done? Sure. Give me a couple of weeks, a few smart-cards, readers, kiosks and a tamper-proof computer case. There should be no difficulty in writing a system that would be close to iron-clad for the next 50-100 years, with so close to zero chance of tampering that it's just not going to happen.
If an OSS election system group has the hardware and would like to play with this scheme, I'd be happy to write it for them.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)