Slashdot Mirror
Brave New Ballot
Ben Rothke writes "In an important new book Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting, Avi Rubin writes 'too often in American life, when it comes to divisive issues, the facts can be less important than the weight of public opinion'. That basically sums up Rubin's story in this fascinating story of his frustrations in dealing with government and corporate officials in his quest to show that e-voting was not as secure as it was originally made out to be." Read the rest of Ben's review.
Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting
author
Aviel Rubin
pages
272
publisher
Morgan Road Books
rating
10
reviewer
Ben Rothke
ISBN
0767922107
summary
Electronic voting systems are being deployed with inadequate levels of trust and security
Brave New Ballot (BNB) is Rubin's story of how in 2003, he and his graduate students at Johns Hopkins University demonstrated that the Diebold Election Systems electronic voting technology in wide use was full of security problems. It was just in 2002 that Sherron Watkins of Enron was named Time magazine person of the year for her work in uncovering fraud at Enron. It would have been thought that Rubin's work would have immediately won him some sort of patriot of the year award for his work.
While the accolades were indeed many, his team's research was maligned as being that of a homework assignment, and the Administrator for Elections for the state of Maryland (where Rubin lives and works) publicly stated that 'computer scientists (a direct reference to Rubin and his team) who question the security of electronic voting machines are undermining our democracy.' Such a scenario makes up much of the story that the book tells in Rubin's team's efforts to blow the whistle on unsecure e-voting machines.
As to the Administrator for Elections for the state of Maryland and her disdain for computer scientists, she would likely find constituents such as the zombie-like Stepford wives more to her liking. Unfortunately, she ended up with Professor Rubin.
It is not that secure electronic voting is inherently unattainable. Rather, nearly all of the commercial solutions that have shipped to date have not been adequate designed with security in mind. This is due to many factors, some of which are that the makers of these devices do not completely understand the security risks and countermeasures, in addition to public officials who are far too trusting of these commercial e-voting vendors.
The early chapters of the book detail how Rubin's team analyzed the security and cryptography used within extremely sloppy coding of the Diebold Accuvote-TS director recording electronic device. One particularly humorous incident is when the Diebold programmers reference Bruce Schneier's Applied Cryptography in their C++ code for their decision of which algorithm to use of a for pseudorandom number generation. The only problem is that Applied Cryptography states that the specific algorithm they used should specifically not be utilized for random number generation. Rubin comically states about that incident that Diebold should have consulted with Schneier, rather than have their staff misunderstand what they read in his book.
I had a similar frustrating incident when consulting on an e-voting systems some years ago. The lead developer (who obviously was no expert in cryptography) documented that the e-voting system used 120-bit encryption. Upon analysis, we found that the system was using 40-bit encryption. When countered about that, the developer replied that they perform the 40-bit encryption routine three times using the same key, for an effective 120-bit key length. Of course, 40-bit encryption will always be (insecure) 40-bit encryption, no matter how many iterations he put it through; but it is frightening that he did not know that.
After his team presented their report in 2003, Rubin writes in detail how Diebold started a smear campaign against him. Not only was it Diebold, but also election officials in municipalities that had deployed the Accuvote-TS system that also maligned Rubin. This was done primarily by misinterpreting his objections, and also by refusing to pay attention to other independent reports on the insecurity of the devices.
For a more timely and somewhat humorous account of how insecure Diebold really is, see 'Hotel Minibar Key Opens Diebold Voting Machines'.
Being a whistle-blower always takes a toll on a person and Rubin was no different. He work on e-voting consumed him and took a toll on his family, career and his students. The book chronicles how Rubin found himself caught in a crossfire between big business, partisan politics, and overworked election officials. Rubin also found himself between the crosshairs of the ITAA (Information Technology Association of America), powerful vendor-based lobbying group. The ITAA, of which Diebold was a client, attempted to discredit him on many occasions, but their evidence was always weak and reckless, and in the end only served to bolster Rubin's claims against the Diebold systems.
Part of the absurd claims of the ITAA was that the open-source movement is using the issue of e-voting security to wage a 'religious war' that pits open-source software against proprietary software. Rubin could have filed chapters with similar ITAA absurdities, but wisely chose not to.
Similarly, an article I wrote 'E-Voting: It's Security, Stupid' also was the recipient of the wrathful ITAA reply. In their so-called rebuttal mistakenly titled 'E-Voting Does Work', Harris Miller of the ITAA follows his modus operandi of first attacking the person, avoiding the issue, stating vague meaningless comments, and concluding the issue by missing the point.
99% of the voting public does not know about backdoors, insecure code, Trojan Horses, insider threats, and scores of other security issues that the e-voting vendors have yet failed to fully address. The election process as we know it is rapidly being migrated to these electronic voting machines that are replacing the older, but more reliable mechanical systems.
BNB is a timely and important book as it details the very real defects on which these e-voting systems are built on (and Windows is only one of them). The ITAA made claims such that the only vulnerability within e-voting is that of a rogue programmer conspiring to steal public office. Such politicking only serves to confuse the issue for a public that is inherently trustful of these voting machines. Yet if these e-voting machines were built to the same stringencies and regulations that the aviation and pharmaceutical industry faces, they would never make it within a mile of a voting booth.
Brave New Ballot is to e-voting what Rachel Carson's Silent Spring is to the global environmental movement. It is a vitally important book that details the problem of e-voting and what can be done in the future to make certain that it can one day be carried out in a secure manner.
Of course, the image of an embedded crypto key or plaintext password in an e-voting system does not convey the same impact on the public as that of a thalidomide baby. Pictures of thalidomide babies caused heads to roll at the FDA, and one should hope the that the publication of Brave New Ballot will awaken the public from their slumber on the topic of electronic voting, and encourage the Election Assistance Commission to immediately ban electronic voting until it can be secured.
Deforest Soaries, the first Chairman of the United States Election Assistance Commission sums it up best when he states 'If the integrity of our sacred right of voting is less important than partisan politics, corporate interests, or bureaucratic systems, then shame on us for presenting ourselves as the global standard bearers of democracy. As Brave New Ballot shows, there is a lot of shame going around.
You can purchase Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Brave New Ballot (BNB) is Rubin's story of how in 2003, he and his graduate students at Johns Hopkins University demonstrated that the Diebold Election Systems electronic voting technology in wide use was full of security problems. It was just in 2002 that Sherron Watkins of Enron was named Time magazine person of the year for her work in uncovering fraud at Enron. It would have been thought that Rubin's work would have immediately won him some sort of patriot of the year award for his work.
While the accolades were indeed many, his team's research was maligned as being that of a homework assignment, and the Administrator for Elections for the state of Maryland (where Rubin lives and works) publicly stated that 'computer scientists (a direct reference to Rubin and his team) who question the security of electronic voting machines are undermining our democracy.' Such a scenario makes up much of the story that the book tells in Rubin's team's efforts to blow the whistle on unsecure e-voting machines.
As to the Administrator for Elections for the state of Maryland and her disdain for computer scientists, she would likely find constituents such as the zombie-like Stepford wives more to her liking. Unfortunately, she ended up with Professor Rubin.
It is not that secure electronic voting is inherently unattainable. Rather, nearly all of the commercial solutions that have shipped to date have not been adequate designed with security in mind. This is due to many factors, some of which are that the makers of these devices do not completely understand the security risks and countermeasures, in addition to public officials who are far too trusting of these commercial e-voting vendors.
The early chapters of the book detail how Rubin's team analyzed the security and cryptography used within extremely sloppy coding of the Diebold Accuvote-TS director recording electronic device. One particularly humorous incident is when the Diebold programmers reference Bruce Schneier's Applied Cryptography in their C++ code for their decision of which algorithm to use of a for pseudorandom number generation. The only problem is that Applied Cryptography states that the specific algorithm they used should specifically not be utilized for random number generation. Rubin comically states about that incident that Diebold should have consulted with Schneier, rather than have their staff misunderstand what they read in his book.
I had a similar frustrating incident when consulting on an e-voting systems some years ago. The lead developer (who obviously was no expert in cryptography) documented that the e-voting system used 120-bit encryption. Upon analysis, we found that the system was using 40-bit encryption. When countered about that, the developer replied that they perform the 40-bit encryption routine three times using the same key, for an effective 120-bit key length. Of course, 40-bit encryption will always be (insecure) 40-bit encryption, no matter how many iterations he put it through; but it is frightening that he did not know that.
After his team presented their report in 2003, Rubin writes in detail how Diebold started a smear campaign against him. Not only was it Diebold, but also election officials in municipalities that had deployed the Accuvote-TS system that also maligned Rubin. This was done primarily by misinterpreting his objections, and also by refusing to pay attention to other independent reports on the insecurity of the devices.
For a more timely and somewhat humorous account of how insecure Diebold really is, see 'Hotel Minibar Key Opens Diebold Voting Machines'.
Being a whistle-blower always takes a toll on a person and Rubin was no different. He work on e-voting consumed him and took a toll on his family, career and his students. The book chronicles how Rubin found himself caught in a crossfire between big business, partisan politics, and overworked election officials. Rubin also found himself between the crosshairs of the ITAA (Information Technology Association of America), powerful vendor-based lobbying group. The ITAA, of which Diebold was a client, attempted to discredit him on many occasions, but their evidence was always weak and reckless, and in the end only served to bolster Rubin's claims against the Diebold systems.
Part of the absurd claims of the ITAA was that the open-source movement is using the issue of e-voting security to wage a 'religious war' that pits open-source software against proprietary software. Rubin could have filed chapters with similar ITAA absurdities, but wisely chose not to.
Similarly, an article I wrote 'E-Voting: It's Security, Stupid' also was the recipient of the wrathful ITAA reply. In their so-called rebuttal mistakenly titled 'E-Voting Does Work', Harris Miller of the ITAA follows his modus operandi of first attacking the person, avoiding the issue, stating vague meaningless comments, and concluding the issue by missing the point.
99% of the voting public does not know about backdoors, insecure code, Trojan Horses, insider threats, and scores of other security issues that the e-voting vendors have yet failed to fully address. The election process as we know it is rapidly being migrated to these electronic voting machines that are replacing the older, but more reliable mechanical systems.
BNB is a timely and important book as it details the very real defects on which these e-voting systems are built on (and Windows is only one of them). The ITAA made claims such that the only vulnerability within e-voting is that of a rogue programmer conspiring to steal public office. Such politicking only serves to confuse the issue for a public that is inherently trustful of these voting machines. Yet if these e-voting machines were built to the same stringencies and regulations that the aviation and pharmaceutical industry faces, they would never make it within a mile of a voting booth.
Brave New Ballot is to e-voting what Rachel Carson's Silent Spring is to the global environmental movement. It is a vitally important book that details the problem of e-voting and what can be done in the future to make certain that it can one day be carried out in a secure manner.
Of course, the image of an embedded crypto key or plaintext password in an e-voting system does not convey the same impact on the public as that of a thalidomide baby. Pictures of thalidomide babies caused heads to roll at the FDA, and one should hope the that the publication of Brave New Ballot will awaken the public from their slumber on the topic of electronic voting, and encourage the Election Assistance Commission to immediately ban electronic voting until it can be secured.
Deforest Soaries, the first Chairman of the United States Election Assistance Commission sums it up best when he states 'If the integrity of our sacred right of voting is less important than partisan politics, corporate interests, or bureaucratic systems, then shame on us for presenting ourselves as the global standard bearers of democracy. As Brave New Ballot shows, there is a lot of shame going around.
You can purchase Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
but surely in a democracy, public opinion is more important than anything else, it is how we elect officials. Therefore the concern should be how we educate the public to the facts to allow a fully educated public opinion rather than try to replace the opinion with fact.
A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.
As voting on Slashdot is
Of American IT. As the article above states:
Similarly, an article I wrote 'E-Voting: It's Security, Stupid' also was the recipient of the wrathful ITAA reply. In their so-called rebuttal mistakenly titled 'E-Voting Does Work', Harris Miller of the ITAA follows his modus operandi of first attacking the person, avoiding the issue, stating vague meaningless comments, and concluding the issue by missing the point.
Yep, that's exactly been my experience with the ITAA- they're not so much interested in facts as truthiness.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
"computer scientists (a direct reference to Rubin and his team) who question the security of electronic voting machines are undermining our democracy"
And don't forget support al Queda.
What an ass. Don't question the government. They know what's best for you.
I don't have an anger problem, I have an idiot problem
1. Each electronic vote is recorded onto a paper log.
2. The voter keeps a paper receipt.
3. A challenge by any candidate results in a recount of the paper log.
4. A voter who doubts the accurate registering of her vote can go to the appropriate government office to check her vote against the paper log.
Why do we need a 272-page book to elaborate further?
What perplexes me even more is why some state governments actually allowed e-voting without a paper trail?
Can we PLEASE get copies of this book sent to the election officials of every state? How about getting Avi a spot on Leno, or maybe one of the popular daytime talk shows?
The general public does not know about the shit that goes on behind closed doors. They need to be told!
Technoli
It seems based on the review that the best way to win "The Battle to Safeguard Democracy in the Age of Electronic Voting" would be to, you know, not be in the age of electronic voting. You know, not electronically vote. There's no way the cost savings can justify all the new opportunities for cheating that it allows.
Of course, I wouldn't be satisfied by anything but publishing the voters' choices. Not by name -- give them an anonymous unique voter ID so that they look at the database, they can say "ah, they got mine right".
Apology to Ubuntu forum.
"Carson didn't seem to take into account the vital role (DDT) played in controlling the transmission of malaria by killing the mosquitoes that carry the parasite (...) It is the single most effective agent ever developed for saving human life (...) Rachel Carson is a warning to us all of the dangers of neglecting the evidence-based approach and the need to weight potential risk against benefit: it can be argued that the anti-DDT campaign she inspired was responsible for almost as many deaths as some of the worst dictators of the last century. "
Discuss amongst yourselves.
Diplomacy is the art of letting other people have your way.
the Administrator for Elections for the state of Maryland (where Rubin lives and works) publicly stated that 'computer scientists (a direct reference to Rubin and his team) who question the security of electronic voting machines are undermining our democracy.'
Our democracy has existed for 230 years. Electronic voting do little to nothing to expand democracy. What they do expand is the possibilities for hard to detect fraud -- something which *does* undermine our democracy.
Government and corporate officials quoted in response to the article: "LALALALALALALALA! I CAN'T HEAR YOU!"
Coding with assembly is like playing with Legos. Coding an application in assembly is like building a car with Legos.
but rarely on the method used to determine the winner. Plurality, to put it bluntly, sucks. Instant Runoff Voting is only marginally better. If we were smart, we'd either go with Approval -- just replace "Vote for one" with "Vote for one or more", so it's no more difficult -- or with a Condorcet method (which uses the same ballots as IRV without some of the more annoying paradoxes).
Listen up dumbasses. Since Slashdot is the forum for the "new marxist revolucion" I realize this is pissing in the wind but let me clue you, the clueless, in.
VOTER FRAUD HAS BEEN AN ONGOING PHENOM WELL BEFORE ANY DORK IN A WHITE LAB COAT DESIGNED THE MACHINES YOU NOW DEEM TOOLS OF THE NEOCONS.
You are bunch of parnaoid idiots but were silent when dead people, felons and the like were found on the voter registration lists for primarily democratics districts during the hotly contested 2004 election.
SLASHDOT IS FOR TOOLS AND FOOLS!
"the facts can be less important than the weight of public opinion"
That may be the scariest thing I've ever heard.
Help test the
There was no book review here, just the "reviewer"s aimless ramblings and anecdotes relating to the topic of the book. He does little if anything to actually, you know, REVIEW THE BOOK. Nice to see that spellchecking is still not a priority though.
I cobbled together some ideas a couple weeks ago. Comments welcome.
--
Ballot ideas 9/6/06
Goal:
1) voting by handicapped voters with minimal assistance
2) voter-verified audit trail
3) cost-reduced versions available where needed
4) quick count available to the press within minutes
Read the rest... and give your feedback.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Paper ballots? How quaint!.. The Floridian "poor", you see, were disproportionatly confused by them — much easier to have them use computers, which even a retired librarian, overseing the voting station on election day, will be able fix and to spot any and all possible tampering with...
In Soviet Washington the swamp drains you.
You secure the electronic vote, you get a paper trail. Is that enough?
- recount
No, you get what happened in Mexico, where the paper trail is not checked.
Mexico, the ballots report at random, it is clear the encumbant is losing, at about 75%, a funny thing happens, ballots start coming in with huge swings to the encumbant and the challengers vote switched to a third party. The vote swings.
The election authority says its counted 98.5% of the vote but has only counted 92.5%.
The challenger says '3 million votes are missing', the election authority ridicules this, then later 'finds' 2.5 million of the missing votes. Finally they refuse to manually publicly count the votes. Instead they count only a few with totals different from the tally sheet, but if you make up the numbers its a lot easier to get those numbers to match than if you're counting the ballots, and the interesting boxes are not examined.
http://www.gregpalast.com/we-dont-need-no-stinkin
Even if you get the ballot checked, look at Thailand.
Thaksin is unpopular in Bangkok, the army takes command, drives tanks into the government, TV and into the Kings palace. The popular king is no longer seen, the army is told they are following the kings orders, and the coup plotters pretend to speak for the king. If you believe the polls they are putting out, 85% of Thais like the coup, they think the king is controlling it. But if 85% of Thais wanted Thaksin out, then the vote was next month, they could vote him out. Where is the King?
Meanwhile the men with the big tanks claim this is a popular coup and election will follow next year. But election were due next month. Due you think they will allow a government critical of the army actions? No way, dictators can never leave power for fear of arrest. So Thailand will sink into a military dictatorship for years to come.
Democracy is a constant fight, it doesn't stop at the ballot.
In the angst of the 2000 election, the major alleged "breakdowns of democracy" occurred in jurisdictions where Democrats administered the elections.
... no tanks in the streets. Thanks goodness for a final arbiter. You may not like the path the Supreme Court chose, but if you want a different course, please go win some elections handedly.
Every step since then to press for e-voting was initiated, fought for, and demagogued by Democrats.
When paper ballots were left behind at their urging, displacing rhetoric about "disenfranchisement" and the "intent of the voter", the Democrats did a 180 and made their pet e-voting the culprit, invented balderdash hokum about Diebold and spun it all as a conspiracy by Bush.
The fact is, the system *worked* in 2000, we had a secure transition of power, we kept local officials and particularly local/state jurists from disrupting a federal Presidential election, and
The United States of America uses the "Australian Ballot" form of voting. That means everyone gets a secret ballot and the ballots are counted publicly. It was then, as it remains now, the best design to accommodate our system of elections. Please understand this essential reality before suggesting "improvements" (e.g. receipts, mail ballots, etc.).
Someone in this thread is going to state that HAVA 2002 mandates the use of electronic voting machines (aka "DRE" or direct recording electronic). That is false, as thoroughly explained in Voters Unite's Myth Breakers document.
Someone in this thread will make some statement about how electronic voting devices permit the disabled to vote in private. That's not exactly true. To the best of my knowledge, the existing products do not preserve the secret ballot. Nor are they particularly accessible. Meanwhile, there are solutions which do preserve the secret ballot and are accessible to disabled voters. Such as ES&S's AutoMark, the Vote-PAD, and EqualiVote. (There are some other novel systems, too. I just haven't researched them yet.)
Someone in this thread is going to state that electronic voting is just splendid, and we can make it work, if we just try harder next time. Fine. Show me. Then let's talk. Meanwhile, all current systems suck.
Someone in this thread is going to suggest that we have all paper ballots counted manually. Like Canada. Or Germany. It's not a bad idea. But it wouldn't work in the USA with our current constraints and expectations. To contrast, in Canada, the races are very simple and so the tabulation is feasible. In Germany, they have proportional representation and rely on their superior form of exit polls. Meaning their system is very tolerant of errors. And they have legions of civil servants working weeks to get the exact manual tally. Whereas here in the USA, politicians and news networks demand results now, now, now!
Someone in this thread may suggest it's all about the Republicans. Or the Democrats. It hasn't proven that simple. I believe it's a fight between the people in power, who want to stay in power, and us voters. I'm a pretty progressive guy. But I readily acknowledge the bad guys (with respect to election integrity) here in King County Washington are in the Democratic leadership. (My experience is that the rank and file of both major parties are completely on board with election integrity.)
Someone in this thread may also suggest that we eliminate the need for electronic voting at poll sites by transistioning to forced mail voting (100% vote by mail). Like Oregon State has done and where most of Washington State is heading. It's terribly idea. No more secret ballot. No more public vote count. Higher error rate. Huge more expensive. Long-term decline in voter turnout. It's a big topic. We've been researching it for about 9 months and have only scratched the surface. We discuss
Someone in this thread will also exhort the necessity of using a voter verified paper audit trail. They may even encourage others to support Rush Holt's HR 550. Unfortunately, the VVPAT is a placebo. What guarantees what's recorded is what's printed? Nothing. And experiences to date demonstrate that actually auditing the VVPAT is infeasible (1h 15m per ballot cast). That said, the efforts of VerifiedVoting.org and other are not misguided. Many states already have electronic voting machines without the VVPAT. So passing HR 550 would be better than nothing.
The take away point is this:
The most reliable, secure way to vote in the USA today is to use voter-correctable precinct-based optical scanners. That means paper ballots at poll sites fed into a ballot scanner.
Please support Voter Action. They have successfully prevented the use and procurement of electronic voting machines in a few states already. They are expanding the fight as fast as they can
Actually, thalidomide was one of the FDA's great successes...the drug was never approved in the US; most of the birth defects happened in Europe. It's one of the reason the FDA's drug approval process is so slow relative to other countries.
Of course, the image of an embedded crypto key or plaintext password in an e-voting system does not convey the same impact on the public as that of a thalidomide baby. Pictures of thalidomide babies caused heads to roll at the FDA,
It's worth noting that the FDA, and in particular, Frances Kathleen Oldham actually DID THEIR JOB, and did NOT approve thalidomide for sale in the U.S. I remember my mom mentioning this. Being born in 1961, that could have been me flapping around. Not to worry, that level of safeguard is probably not in place today with the drug compaines responsible for doing all of their own trials.
What happened in Mexico was a lack of transparency. It was like the almost-rigged election on Battlestar Galactica last season.
IF all parties had been allowed to watch each and every ballot each and every minute until the results were finalized, fraud would be much harder. IF the election judges rules that a meaningful, scientific, random statistical sample of the ballots be recounted under the watchful eye of all parties, gaming the recount would be much harder.
In Thailand, IMHO if you legitimately elect a leader, and he makes decisions the population doesn't like but which are within his authority, you have only a few legitimate options: Use the legal process to take away the authority or dissolve the office altogether, use legal authority to force early elections, or wait until the next election. In the USA, Congress can remove a lot of the power of a runaway President save what is specified in the Constitution. They can also shut him out of decision-making processes by agreeing to override any vetos. If need be, they can submit a "one-time" constitutional ammendment to the states declaring the office of the Presidency vacant. If they want to play dirty, the House can do an Andrew Johnson and impeach him on political charges and hope the Senate convicts.
Right now, I can only think of a few reasons to commit treason and hold a coup: if the President either acts to prevent his own impeachment or uses force to stay in office, or if Congress is cooperating with the President in clearly illegal behavior and it will take the military to restore the Constitution.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If anyone missed the article by Robert F. Kennedy Jr. in Rolling Stone, "Was the 2004 Election Stolen?", I'd suggest reading it. There are a few [well cited] examples of e-voting sucking the big one and/or how the machines were manipulated. http://politics.slashdot.org/article.pl?sid=06/09/ 17/1845248
"And the Administrator for Elections for the state of Maryland (where Rubin lives and works) publicly stated that 'computer scientists (a direct reference to Rubin and his team) who question the security of electronic voting machines are undermining our democracy.'"
That's like a structural engineer questioning the stability of a bridge, and the bridge commissioner turning around and saying such statements "undermine the transportation system". Hell, yeah, they might. But if the bridge collapses entirely because those concerns were never stated or were ignored when they were stated, it would be FAR worse. An engineer swears an oath with regards to the reliability of their work, and they would also be remiss in their duties if they recognized but said nothing about perceived flaws in someone else's work. They could be right or wrong with their opinion, but to imply they shouldn't say or do anything is ridiculous.
Who more than computer scientists are qualified to assess the security of a computer system for counting votes? And any citizen in a democracy should have the right to speak their concerns about the system used to count their votes, especially if they are also knowledgeable about such systems.
If the Administrator for Elections for the state of Maryland received a statement of concern about the security of ordinary paper ballots, would they be just as dismissive?
The solution to E-ballots can be stated in 3 simple steps
1) Each vote is recorded onto an optically sortable paper ballot, with human readable votes
2) The ballots are mechanically sorted into piles based on the optical marks
3) The ballots are mechanically counted one pile at a time.
Sure, it means three machines to do the work that other e-voting companies claim to do with 1, but look at what happens:
1) The voting booth is now simply a frontend. People select what they're voting for, and a piece of paper comes out. My preferred idea for this is to have a blank, numbered ballot card issued to the person by a different staffer than the one that took their identification. This ballot (stiffer than just paper receipt tape, in order to survive sorting better) would be notched in one corner so it can only be loaded one way into the printer. The numbers would prevent people from bringing 50 of their own, and issuing it separately from the person being identified means that the number can't be tied to the person by [insert evil dictator], but can be checked against "This ballot was in fact cast at this precinct". If a vote comes out incorrectly, the supervisors destroy the ballot in front of the observers, and the number of the ballot is added to the list of destroyed ballots. As for the machine itself, it stores nothing, and therefore if it bursts into flames or crashes, nothing is lost, and can be replaced at any time, with any other machine. The machines should not need to be excessively protected, if anyone takes them home after the election, it's not a problem. If someone does screw with them, it can be wiped and reset with the correct ballot, and put back in service.
2) Optical sorters are very fast and accurate these days. By sorting on particular patterns in particular locations on each ballot, the sorting machine doesn't even have to know what it's sorting, making tampering difficult at best. Write-ins can be handled with a unique code, and the user writes in their vote on the ballot, these will all be sorted out into their own pile and counted by hand. If there IS a problem, election observers can take the stacks and flip through them like a flipbook. Any changes in the optical pattern should be fairly easy to catch once the bars start to dance around.
3) Counters are very accurate and fast, at least the kinds the banks use. They trust stacks of hundreds of $100 bills to these things, so you know it's not going to miscount very often. The counter won't have any idea what it is its counting, so tampering is practically impossible without a "+10000000 vote" button, and a bribed staff member to push it for the right candidates. Problems at both the counter and scanner level can be caught by counting the entire stack of ballots first, and then totalling up the results for each candidate (plus undervotes for that spot plus writeins) and making sure they add up.
But 3 machines, that's going to be expensive, right? Not if the government does a real proposal for bids. Rather than a proposal for Diebold or another company to bid on by themselves (you've seen the stories: specifications for bidding so that only some guy's nephew could ever bid on the project), by saying "OK, Make me a machine that will take a vote and print out this ballot" they open up competition for the voting booth, driving down prices. Likewise, "Make me a machine that will sort out this ballot" and "Sell me a machine that will count this ballot" (Or just buy one online if your ballot can fit into a dollar bill counter) Not only that, but since the actual votes would not be stored in the devices, the government could relax certification requirements for the devices, making them even cheaper to deploy.
If I have been able to see further than others, it is because I bought a pair of binoculars.
You should just KISS the election process. Keep It Simple Stupid.
... for the state of Maryland is getting bottom spanked. Unfortunately not for security but for using an auxillary untested piece of crap from Diebold that caused voting delays (that's right ... steal my vote but dammit be quick about it). Why anyone even buys diebold is beyond me but
especially in a dark-dark-dark-blue state like Maryland.
It's a bit off-topic since it talks about what happens BEFORE you mark your ballot, but still very insightful.
Voter intimidation and gerrymandering have been with us since the beginning of the Republic. Voter intimidation, at least on a small or individual scale, will probably never end. I do have some hope for the end of politically-motivated district lines, but only if the people rise up and demand it.
What we can do is get rid of large-scale barriers to voting, such as inadequate polling places, registration and registration-challenge rules that can be and are used to manipulate elections, and other barriers. I say if you bring the same documents you need to fill out the "I am a citizen" part of an I-9 form plus recent proof of address to the polls then you are good to vote. Homeless and college students need only prove they have an address of record where they vote. After-the-fact checks can spot people who vote twice using different addresses. The real threat of jail should be enough to deter such acts.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Save yourself $4.24 by buying the book here: Brave New Ballot. And if you use the "secret" A9.com discount, you can save an extra 1.57%!
In the meantime though, there's all sorts of other issues that need consideration- especially in the area of recounts and tampering with the machines. Your optical scan ballots are the same- there's nothing, for instance, to stop an unscrupulous worker from reprogramming the machine to reject votes for Democrats without showing the error.
Ah, but while the machines may be reprogrammed there's still a paper receipt the electronic results can be compared to and validated. Since the ballots are good enough for the scanner to distinguish the vote then there shouldn't be any problem being able to hand count the paper ballets, other than the tyme required. It's not like there are any hanging chads.
FalconShould there be a Law?
I recently had a discussion with a friend about this whole Diebold mess, and how the public just has no clue about the vulnerabilities. I'm beginning to feel that an election version of "9/11" is the only way to do it. Have a bunch of operatives volunteer to work an election in some district and then, on election day, have the machines report twice as many votes as there are registered voters... and have them all be for the Green party or something. Until then, the sheeple will think that it's all ivory-tower theoretical stuff. They need to be shown that a real election can really be stolen.
Of course, this will mean jail time for the perps, but I have two things to say about that. 1) Some would consider that a small price to pay for preserving democracy. 2) You might be able to get a light sentence if you mailed, before the election, some letters (saying "Do not open until after the election" on them) to several news agencies declaring that you are going to rig the election in order to expose the dangers to our democracy.
"You wont be able to put it down" said some guy who read half of it before becoming suicidaly bored.
God Be Gone
Bad idea, very bad idea. Receipts showing how someone voted were gotten rid of where they were tried because the voter's boss, mafia don, or thug could demand the voter hand over the receipt to make sure they voted the way they were instructed to vote. Simply receipts take away anonymity.
FalconShould there be a Law?
Okay, first of all -- hiring a mugger for each person and each election (your ID is unique to that election) tends to get expensive real quick.
Boy those receipts must be real heavy if a thug can only collect one of them.
FalconShould there be a Law?
eVoting was a bad idea all right, but it's far from the only problem we have. We have very weak systems to assure that the person voting isn't committing fraud, regardless of the voting method being used. For example, here in California, it's explicitly forbidden to ask the person for a photo ID. I can walk up to a poll, say I'm Mr. So-and-so living at address blah blah, and even if the poll worker knows me to be someone else, s/he can't make me prove my identity. While we should be concerned about fraud being perpetrated with the voting systems we use, we should be equally concerned with the other sources of fraud as well.
In a freedom-loving society, public opinion is most certainly not important than everything else. In the 1950s and 60s, the overwhelming majority of people in many southern states believed in racial segregation and other discriminatory laws (e.g. the bus seating law Rosa Parks was arrested under.) That didn't make any of it right or beneficial for the country as a whole. Most democracies do have provisions to override the will of the people (in this case, the judicial system) and this are absolutely vital because let's face it, the general public is often irrational, oppressive and self-destructive. For a healthy democracy, you need both--the ability for the people to effectively choose their own government and prevent it from growing too powerful, and the ability for the government to ignore the people when they start frothing at the mouth. But if we had to give up one, I would rather live in a true monoarchy--where you at least have the chance of living in a decent society, if the monoarch is relatively intelligent and good-intentioned--than live in a direct democracy with no elected officials whatsoever--sorry, it might work in a perfect world where people aren't irrational, self-serving, overreactionary FUCKTARDS... but I'm sorry to say thatwe're a long way off from that.
Not that I'm in any way a fan of the power plays our government has pulled in the past 5 years, but if anything general public opinion is much worse. I respect the judicial branch of this country moreso than any other branch because they are the LEAST beholden to popular opinion.
Paper ballots? How quaint!.. The Floridian "poor", you see, were disproportionatly confused by them -- much easier to have them use computers, which even a retired librarian, overseing the voting station on election day, will be able fix and to spot any and all possible tampering with...
So, 1 the librarian can read code, and is able to tell when the code was altered? And two, the librarian gets to see how you vote?
FalconShould there be a Law?
What are we, crazy?
Using billions of electronic on/off switches in a machine that is meant to record 4-10 bits of information per transaction? Anonymously?? I don't think so!
The anonymous nature of the transaction makes our voting process fundamentally incompatible with highly complex electronic information processing. It's far, far too corruptible.
I don't think it will ever "eventually work" except in a form where the voter receives a computer-printed ballot they can verify before casting it. As for the electronic type of ballot: It's made of electrons, it's anonymous, therefore it cannot reliably be said to exist in the context of a free election. Ask a forensic specialist which type of ballot they would rather have to audit and personally account for down to the last logical bit.
...in addition to being anonymous.
The precludes random-sampling schemes and non-physical ballots. (Leave the random-sampling to the exit polls, OK?)
We are talking about our political capital here: Would you trust a computerized service to make *anonymous* payments for you? Or would you prefer to use green pieces of special paper?
No wait, I'll answer anyway: Anyone choosing the former over the latter is purblind stupid or has a nasty agenda.
The paper log has a unique random number and the associated vote. When you go to the government office, you can look up your random number in a list to verify that the vote which you cast is what you intended.
The polls continue to remain anonymous in this scheme.
The people in government are choosing the machines based on their hackabality.
When the CEO of Dibold tells GWB that he can deliver OHIO, he gets it done.
Why does everyone always pussyfoot around this?
It's going to keep up until some college kids sneak a camera into an active voting booth and film the swap as it's being done by dedicated republicans.
At that point, it will turn out to be a single, horrible terrorist loving republican, no others would do that (Even though the descrepancies showed up across the nation in the last election)
So, this poor kid will be prosecuted as will this One Evil Republican (Much the way only enlisted people were prosecuted in the torture scandle) and it will all go away.
America has been taken over by fundamentalist extremists.
Learn to live with it or do something about it (and voting is NOT doing something).
----
Hell Yeah I'm posting this anynomously!
I'm assuming we are sampling the VVPAT, not the electronic count, as there's no point in sampling it.
While it's true you can't get a sample that's properly weighted for age, gender, etc., you can get one that's random in each precinct, and you can further select additional preceincts either totally at random or weighted using historical data for 100% paper-ballot counts.
Here's how you do it:
You pick the closest race to determine your minimum sample size to have an acceptable confidence interval. All you care is that the margin of error of the sample will not overlap the margin of error of the race. Say this means you sample 15% of the ballots for a 99.5% confidence interval.
For each polling station, randomly apply a 0.15 probability to each ballot to be counted and 0.85 to not be counted. Yes, I know this means you won't actually be counting 85% of the ballots, but you will be darn close. Alternatively, you can just keep pulling random ballots until you reach 15%. Tally those up. If each and every race is within the sampling margin of error compared to the electronic tally, you declare that ballot sufficiently recounted. If it's not, you count the whole stack of paper ballots. With a 99.5% confidence interval, by chance, you can expect 1 in 200 races to be outside your confidence interval. Depending on how many races were on the ballot, this may mean quite a few total recounts.
In addition to this, you recount a somewhat-random large-enough percentage of the ballot boxes completely. You CAN use history and demographics to make sure this count is "representative," or if you prefer, you can do a completely random sample.
Personally, I think it would be easier just to count all the paper ballots from the VVPAT and make that the official vote count. Leave the electronic tally as fodder for the media and the results-hungry public.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
..no, this wasn't another so called "intelligence failure", they have been a rousing success, these machines are designed on purpose to make it easy to HACK THE VOTE and get away with it. This is part of the over-all coup that has befallen the US, said coup that the mainstream media is silent on, again, from design or just plain fear, because the coup plotters and instigators have shown they will kill you dead if you become a problem to them, like they did to Wellstone. And the coup plotters are in both so called "parties", witness skull and bones Kerry running away and shutting up after his blood drinking compadre "won" with the hacked Ohio vote. The only people questioning it in the big D party were the grass roots HONEST people, the still uncorrupted ones. It took a long time to even get a few name brand Ds to even bother to notice something as BLATANT as the hacked Ohio vote.
When you see anyone supporting those machines, you are looking at someone who has turned and is now a traitor for the globalists, or is just clueless deluxe, one or the other.
Another source of info about e-voting problems is BlackBoxVoting.org. They have a free pdf book on their webpage. A couple of years ago I skimmed through a few chapters of it. Starting on chapter 9 they talk about accidentally finding an unsecured FTP server and downloading 40,000 files, including the sofware for the Diebold voting machines such as BallotStation.exe, GEMS.exe, and VCProgrammer.exe. They discovered that Diebold's secret proprietary software had various unacceptable security problems. It is surprising to see that a company, like Diebold, that makes ATM machines has created such insecure software and hardware. As voters we had just been expected to take the word of Diebold and other voting machine manufacturers that their proprietary software and hardware was secure. In the case of Diebold it came from and ATM manufacturer after all.
I also plan to buy Avi Rubin's new book "Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting" to see what what other new security problems they have found. The change to electronic voting machines has been pushed as a solution to the "hanging chads" problem that Florida had in the 2000 presidential election between G.W. Bush and Al Gore. Unfortunately, electronic voting machines are creating more security problems than they are solving. If we do use voting machines, then we should at least requre that they all generate a paper stub which which the voter gets to briefly view before it is deposited into a box. Only some of the voting machines currently in use do that. That way, election officials could still do a "real" recount.
You then have to move on to problems with central tabulators. Like, oh, hyptothetically, a backdoor account.
Impersonation, repeat voting, and other low-tech crimes have stolen many elections over the years but they don't scale and are more likely to be detected.
With GEMS, for example, one single person could change numbers in an Access database and throw an alection.
Nah, let me handle the voting online!
I'll setup an IIS server online and let people login and vote. It will be more secure and reliable than Diebold's machine, honestly!
No worries, Falcon... it's just that ubun has never seen the movie "Roadhouse".
Yeap, in a way "Roadhouse" does fit. I hadn't thought of it before.
FalconShould there be a Law?
It's really, really scary how many people don't balance their checkbooks.
Technology -- No Place For Wimps! Grateful Dead and Jerry Garcia Chatroom -- http://www.wemissjerry.org
>but surely in a democracy, public opinion is more important than anything else
That's why the US Constitution puts so many circuit breakers between public opinion and government power. If some mass hysteria lasts for two years it will replace the entire House but only a third of the Senate. It takes decades of consistent public feeling to make a big change in the judiciary.
Indirecting the popular will through legislators is another safeguard against mob rule.
These circuit breakers mean that if the public opinion of 51% is that the other 49% should be put in concentration camps, then it won't happen.
>the concern should be how we educate the public to the facts to allow a fully educated public opinion
Amen. Another way to put it is "If a nation expect to be ignorant and free...it expect what never was and never will be". You stand in the company of Thomas Jefferson, the author of that quote.
>"...undermine democracy"
Sometimes I feel like I'm in one of those Star Trek episodes where nothing makes sense and it turns out to be psychological testing by aliens.
According to my government officials,
- a decorated Marine colonel is a "coward'
- ayone who agrees with the Army War College about Iraq is an appeaser
- people who uphold oaths to defend the Constitution "only aid the terrorists"
- and people who work for honest elections "undermine democracy".
Check out Students for Orwell.
(devil's advocate)The error rate and fraud vulnerability for paper is high enough that if, for example, the OpenBSD team designed a system it could actually work better.
Boxes of paper ballots from opposition precincts can suffer "accidents", the people counting can "misunderstand" a ballot, and there's a dreary list of other ways to cheat.
Now imagine a computer in a locked case that digitally signs the count and posts it to Usenet via a time stamping service. Good luck tampering with that result after the fact. Run simple, auditable open source code digitally signed by a neutral certification lab or dual-signed by technical experts hired by the parties. Run it over some kind of TCB.
Computers create new risks by their complexity but offer more potential for cross-checks and auditing.(/devil's advocate)
The structural incentives are completely wrong for getting a good computer-based system. Paper is better in this world. It's just that I wig out when the word "inherent" comes near the word "secure". Security depends too much on context and systems-level effects.
>Unfortunately, the VVPAT is a placebo. What guarantees what's recorded is what's printed? Nothing. And experiences to date demonstrate that actually auditing the VVPAT is infeasible
Well, you use random-sample audits to detect and deter attempts to program the machines to count one way and print another.
Coincidentally there's a letter to the editor in the current Forbes about this. In tests, voters don't verify the voter-verifiable paper artifact. One study showed 60% coming out unable to say what was on the computer-printed confirmation.
There's only a few ways to deal with that:
- Educate the voters (an option for very patient people)
- Just live with the problem. That's not as crazy as it sounds: if the voters aren't going to do their jobs then absolutely nothing can possibly work
- Tinker with the UI
- Try something else
How would it be different? It would be made by a different company and run on a different principle than the totally electronic ballots. What are the odds of two companies being that much in cahoots?
If necessary, a statistical sample of ballots can be hand counted today.
I'm not advocating much more than existing, pre-HAVA, systems had in the way of sanity checks and recounts.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Actually, if the solution is designed correctly, the voter should be able to leave the location assured that their vote has been registered correctly. Preferably, they'll get a receit with an id on it that they can enter on a website to make sure their vote made it all the way through and was correctly tallied.
Since the unique ID does not need to be traceable, it would not mean a loss of privacy. But it WOULD mean that the voters for the first time in history had the power to discover fraud.
Stop the brainwash
Why didn't I hear this in the primary season? The fact that he lobbied for tech companies made me a bit uneasy... but that "E-Voting Does Work" essay really turns my stomach. George Allen may be an insensitive jerk, but I can't imagine voting for a whore like Miller. Ick. Thank goodness he lost.
I have worked on some rather large and complex systems. And I'm fairly certain if you turned some academics loose on said systems, they would find "critical flaws" that they would tout to anyone who would listen.
The thing is ... the systems I've worked on actually work. The "critical flaws" that I'm sure could be found don't actually break the system.
And so far it appears to be the same with the Diebold systems. All these Academics and Slashdotters are outraged about a system that, so far, hasn't failed in the way they predicted.
The fact of the matter is that grant-to-grant academics don't understand engineering, because they've never really had to engineer anything.
Oh, and, just something to savor : if it weren't for all the politicization that has resulted from this business (to which Slashdot contributed a not insignifcant part) some competent gov't contractor might have gotten in the business and blown Diebold out of the water. Of course, now they wouldn't touch it with a ten-foot contracting pole. Enjoy Diebold!