Slashdot Mirror
Building a Better Voting Machine
edmicman writes "Wired News has an interesting article about what would make the perfect voting machine: 'With election season upon us, Wired News spoke with two of the top computer scientists in the field, UC Berkeley's David Wagner and Princeton's Ed Felten, and came up with a wish list of features we would include in a voting machine, if we were asked to create one. These recommendations can't guarantee clean results on their own. Voting machines, no matter how secure, are no remedy for poor election procedures and ill-conceived election laws. So our system would include thorough auditing and verification capabilities and require faithful adherence to good election practices, as wells as topnotch usability and security features.'"
I'm serious. The more stupid and computer illiterate people you scare off, the better off we all will be.
Build a better mousetrap and the world will beat a path to your door*
A feeling of having made the same mistake before: Deja Foobar
From TFA: "Random spot checks...This involves taking a random number of machines out of commission just before polls open on election morning to run a sample election on them to make sure the machines are recording and counting votes accurately.
Before the polls open? How about during the election? At random times during the day?
The poll workers should be required to have an extra one on hand just in case one breaks. It would be used to stand in for the one that was being checked. ( It could also be chosen for a random check. )
I think Wired is barking up the exact same, wrong, tree, that Diebold and every other manufacturer of voting machines is barking up - namely that they have all the answers.
The solution is very simple: require all electronic voting machines to be open source, and invite all software developers around the world to peer review the code. When that majoriy agrees that a system is secure, then it's ready for use.
Paper and pencil. Mark your choices, put it in a cardboard box. It's the perfect solution and scales wonderfully.
Many countries already use this advanced technique.
the best algorithm in the world is worthless in a poor implementation. enacting legislation that governed the process of counting the votes and verifying them is just as important as the machines themselves.
...vividly encapsulates that post-Watergate/pre-punk/coked-up moment when you could trust no one, least of all yourself.
Could you please express that number in Libraries of Congress? If you laid out all those lines of code without newlines, how many times would it wrap around the Earth?
For security, the MD5 hash of this message and sig is 09f911029d74e35bd84156c5635688c0.
Yes these first attempts at computerized voting machines have some serious problems. No it doesn't really matter in the end though.
Either we trust the people running our elections or we don't. If we don't there isn't a technological measure possible to prevent fraud. If we do it is mostly a moot point. Personally I have seen enough examples to believe Democrats routinely steal enough votes to gain a 1 or 2 point advantage in any national election and substantially more in certain local races. But we Republicans simply spot em the handicap and go on to win elections.
And yes I said DEMOCRATS steal elections. Think about it, who runs the elections in every major city? Who runs the elections in most smaller cities? How many precincts are entirely run by Democrats vs how many can you find without a single Democrat in the audit loop? Ok. So we have now established who has opportunity. Motive is easy; Democrats, like most politicians desire power. Democrats also tend to believe the ends justify the means.
Consider that every important documented case of election fraud in the 20th Century was Democrats cheating. Lets start with the dead in Chicago putting JFK over the top, along with some outragous fraud by LBJ's machine in Texas of course. I live in Louisiana and can still remember Sen Landrieu winning her first election from a strong turnout among the dead in New Orleans. Now lets consider the multiple smelly elections in WA and we won't even discuss what passes for government in NJ, and I'm comparing and contrasting to my own legendary LA.
And I'll even give a pass on FL in 2000 even though the recount conducted by the press gave the state to the Republicans. After all the Democrats were trying something totally new in that case, lose and have the courts award the race after the polls closed. That is nothing any change in voting machines or elections laws can fix.
But like I said, there is enough transparency that in any national election fraud can't swing the totals more than a point or two and the Electoral College minimizes the damage in Presidential elections.
Democrat delenda est
A better voting machine would filter out the stupidity of the masses by selectively reducing votes of people who make bad decisions at the polling places. Just look at our country's history! How many times could we have avoided disaster if we had only had smart computers making real-time decisions about the validity/importance of individual votes?!?!?
Oh for crying out loud not this again.
Let me get my Amiga 1000 out of the closet. Here I'll even dust it off for you. Here. Here's the KickStart and Workbench floppy discs. Here's the keyboard with the cool "telephone cord" cable thing. Here's the mouse. Lemee write an AREXX script.
There. Okay? No? Don't like that? Too complicated you say?
How about this PENCIL AND PAPER THEN. Christ almighty. F*cking freaks. Buncha morons.
CAN WE PLEASE BE DONE WITH THIS STUPID SUBJECT NOW?
Ha-ha, vword: realest
Have one machine with fancy GUI's that are easy for people to use, which PRINTS a clear paper ballot on which the marks are both human and computer-readable (think of the little ovals you used to fill in with #2 pencil, only bigger ovals) and then a *seperate machine* which does nothing but scan and count the ovals.
The marking machines could be of any complexity, wouldnt require auditing (the names on the ballots would be pre-printed, the machine would only mark in the ovals). Voters could choose to use the machine, or to mark the paper ballots themselves, and in all cases would be able to *look* at the paper ballot and verify their selections before submitting it to be counted. The specs for filling in the ballots could be released (and in fact the ballot specs would be part of the specs for the counting machine), and anyone under the sun could make marking machines, of any design that they wanted. The key is that these machines would record votes only on the paper ballot.
The scanning/counting machine would have to be absolutely auditable, as simple and as transparent as possible. Every aspect of its operation would be required to be public domain, and available to any citizen upon request.
A simple, inexpesnive, secure, effective voting machine which is auditable could have two components. 1) A pen. 2) A paper ballot. Another similar machine would also have two components and be equally effective. 1) A stylus. 2) A cardboard ballot. This whole thing with insecure computerized voting is an absurd solution looking for a problem.
The true perfect voting machine consists of the following four components:
- Paper
- Pencil
- Locked box with slot
- Election official who can count
Anything else is a solution in search of a problem, and a way for partisan election officials to send some contract money to their buddies in the tech industry.
Seriously, who the hell cares about digital records or fast counts? I don't care how fast the results come in, I want them to be RIGHT. A voting system needs to enforce two basic principles: private votes and public counts. The voters need to know that their votes are private and anonymous, and the counting process needs to be simple and transparent enough that it can be understood, audited, and repeated. Computers, for the majority of people, are magical black boxes. They don't trust them as far as they can throw them, and that means there will always be suspicion of fraud, no matter how open the source and how impenetrable the outer casing. When we go to paper ballots, we guarantee that the process is easily understood, auditible, difficult to rig, and that counting is repeatable. There is no electronic system that satisfies all those conditions, and therefore electronic systems should not be used.
However, if we wanted to use touch screen systems to print out ballots instead of marking them, that's fine with me (it would make voting more accessible, with a well-designed UI). The voter can verify their votes before dropping them in the box. But the printed paper ballots need to be counted by hand.
For security, the MD5 hash of this message and sig is 09f911029d74e35bd84156c5635688c0.
"And I'll even give a pass on FL in 2000 even though the recount conducted by the press gave the state to the Republicans."
There WAS NO COMPLETE RECOUNT!
Shit I am tired of this fucking false rumor. There were thousands og votes not even counted, as well as hundreds of prople being turned away.
People involved with and running varias republican campahains were filmed interruptting the election process.
Plus there was an ever BIGGER problem in Ohio.
Personaly, I don't give a damn about election before I was born, I am concerned about elections that happen while I am a voter.
2000 was a shame, as was 2004, and you should be pissed about it no mattter what party did it.
Yes, if democrates had done that I would be just as pissed.
OTOH we wouldn't have gotten rid of habias corpas.
"But like I said, there is enough transparency that in any national election fraud can't swing the totals more than a point or two and the Electoral College minimizes the damage in Presidential elections.
laughable, giving people more weight then others is an imbalanced system and it needs to be changed.
The Kruger Dunning explains most post on
For those who are interested in seeing a proper voting system put together, check out the Open Voting Consortium. They have a free, open-source voting platform that addresses all of the concerns. It has a verifiable paper trail as well as support for blind users and multiple languages.
I personally have donated money to this organization and believe they are doing the right thing in addressing the current mess we have now.
Their paper trail has a really nice feature in that it also prints a bar code for a quick machine recount of the ballots as well as a human readable output.
-Aaron
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
At the end of the article they mention David Chaum's method of voter verifiable elections. I first saw this several years ago in graduate school (I believe I was reviewing an earlier version of the paper for a conference). It is a gloriously beautiful protocol, far beyond what I ever hope to see implemented in my lifetime. :( I suggest you take a look, I will look at the version referenced in the article again tonight as the exposition is considerably clearer than the version of the work I read (dumbed down a bit for a mass audience).
First of all, make them not terrible. If we could get them to at least on par with the quality of ATM's we'd be somewhere. I am all for electronic voting machines. However, the job application kiosk at wal mart had more effort put into its engineering and design than our current generation voting machines.
If an officer ever threatens to taze you, say you have a pacemaker.
What's wrong with SAT-style scantrons? They seem to be highly accurate and speedy...
:n
the best voting technology ever?
paper
pencil
optical scanning of little filled in ovals
the blind can get by with a guide, just like they always have
end of story
what we need is simplicity when it comes to voting, not complexity. i believe we should never go to electronic voting, and even get rid of mechanical voting booths, which has a sordid history of tampering
of course you can do fraud scams with simple paper ballots too: loose them for entire districts, stuff the boxes with fake votes, etc. but any more complexity in the voting system doesn't remove these scams, it just adds a new layer of possible scams
fraud happens in all forms of voting mechanisms, and voting is just too much of an important and vulnerable part of our social cohesion and the source of so much faith in and integrity of our government. being so vital and vulnerable, the point in my mind would be to oversimplify the voting process on purpose. the more complex the system, the more points of failure, the more possibilities of fraud. internationally, people speak constantly about transparency in good governance. why the heck advanced nations would suddenly want to make a part of government that needs to be as transparent as possible suddenly very opaque to the average man and to the press via technology, is beyond me
i mean seriously, why the technophilia? voting is a problem that is not solved better with more technology, just made more complex. the slashdots crowd of any crowd of people should know all about the various and sordid ways malfeasance can be achieved in electronic communication and electronic storage. voting is not a complex math problem. it's very simple. no computer power need apply to make it work. optical scanning of little penciled out ovals is about as complicated as it should ever get. thats speed of tabulation right there. there is no possible other improvement via technology you can convince me of being necessary
i'm not a luddite, i am simply saying that specifically in reference to the voting process, it must be simplified technologically to ensure faith and integrity and transparency in our government. i am as much a technophile as the next slashdotter. i just have an appreciation for the limits of technology's ability to solve problems, and that for some limited subset of problems, such as with voting, more technology need not apply
more technology, sometimes, is not the right answer
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
The machine should not be made by Diebold or ES&S. Here's the Wiki link http://en.wikipedia.org/wiki/Diebold_Election_Syst ems
We are all just people.
In a bizarre turn of events Wired magazine editor-in-chief Chris Anderson is elected president in electronic elections held in Bolivia, Ghana, Uganda and prime ministor in the UK.
Quack, quack.
They already have that for some people here.
I agree. An electric shock for any vote to a Republican or Democrat would be a good idea.
Why the hell is this needed? You can already track how well a game does by tracking sales. Surely you can track those -- how many boxes did you create? You made the damn things, you better damned well be able to count them.
On the other hand, you can now buy your game market, which is great news for stockholders of game companies. Have a questionable game? Pay off Neilsen to make your mediocre game look better.
And while Neilsen doesn't directly lie (that can be proven, although it is highly likely), chaning polling methods can easily bias a result. Want to under-estimate a program? Don't ask about it. Want to over-estimate a program? Ask about it directly. The "home journal" method of TV ratings isn't their only data source.
RFI shielding too, i seen a YouTube video of Voting machines giveing away their info as radio waves that can be recieved by unauthorzed people with the right equipment...
Politics is Treachery, Religion is Brainwashing
So what DO you solve anyway by building a "better voting machine" ?
You still have the problems of a "democratic republic" election system in place, so basically you get to pick between the lesser of two evils, if you're lucky.
For what it's worth, you could just as well FLIP A DAMN COIN when you elect the president, the end result would be about the same.
By reading this signature you agree to not disagree with the post you just read.
First, it should add numbers accurately. Nothing fancy, just count what each persons votes for and make sure it adds up to the totals.
Second, don't allow poll workers to "adjust" votes with administration screens. If the machine can count 'em right in the first place, you don't need to "fine tune" them.
Third, the machine should work as intended. They shouldn't lock up when you use the touch screen (like the "touchscreen" Diebolds that now require mice).
Fourth, they should be at least as secure against hacking as say... an ATM (another Diebold product, that actually works!)
Fifth, print all electronic votes on a government issued printer roll for verification. Get the treasury to design it for anti-counterfeiting.
Sixth, don't allow a company that funds election campaigns to design voting machinery.
No one said Democrats don't steal votes. Well, no one with a clue. However, while we don't have any proof that Dems have stolen any presidential elections, we have piles of proof that the reps have stolen the last two of them.
Nixon was a Republican until he ran his 1972 campaign independently. Really, he was still a Republican, but I think he was just trying to insulate his party.
How convenient that Bush repeated the "votes from beyond the grave" gambit (which is older than democracy - oh wait, no one has ever actually tried a true democracy, they've all been representative or restricted, even unto Athens) in 2000... and succeeded.
Of course, you seem to be forgetting the scam with which thousands of non-felons were added to a list of felons who were not eligible to vote down in Florida. The company was explicitly told that they would get paid if they did not check their list for validity.
You are either an idiot or a troll. I put my money on the second. The recount was not completed, it was illegally stopped by the unilateral action of a single supreme court justice. The recount did NOT give the election to Bush; it would have Definitely given it to Gore.
A lot of this is because in the florida precincts where they used the scan-tron type forms, they had a form scanner with a switch on it. This switch determines whether mismarked ballots are kicked back out to the person inserting them, or silently accepted. In at least one primarily black precinct this switch was set to silently accept; in the majority of precincts it was set to reject. I guess in florida you only get to have your ballot checked at submission time if you're white.
The electoral college is the thing that makes our claims of Democracy a farce. Even given all of their cheating bullshit, the republicans still lost the popular vote in the last election. This is only like the fifth time that the electoral college has overridden the popular vote, proof that it is utterly unnecessary, but also proof that it sometimes goes against the will of the people and should be disbanded.
The electoral college was instituted because it was supposedly believed to be a necessary item to prevent mob rule. In reality, it is a power structure created to keep the powerful in power eternally.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The problem is that things aren't that simple. If you have a well designed system that includes good audits and controls- basically having people looking over the election officials' shoulders- then you can have non-trusted people in charge of the election and they won't be able to steal it even if they want to. If you have a badly designed system, one untrustworthy person can steal the election even though everyone else involved is honest.
Having honest people in charge is great, but it's hard to guarantee their honesty. A system that lets you check their work lets you be sure that they're honest, and can make dishonest people act honest because they're afraid of getting caught. As Ronald Reagan said, "Trust, but verify."
There's no point in questioning authority if you aren't going to listen to the answers.
How would you account for reprints? Misprints? Printing errors/jams? You have to eliminate the possibility of multiple ballots. I suppose you could have unique barcodes printed on each ballot, and the user would have to confirm their changes electronically... and then the reading machine would have to be able to throw out the non-valid ones and only process the valid ones. (and any reprinted invalid ballot would have to be accounted for as well)
All of these could be handled, it just makes them more complex. I think what needs to be eliminated is the idea that results should be tallied and sent over the internet or other such nonsense. And why are there central counting facilities? Why can't each polling place count and verify the numbers (use multiple counters and signatures) and just report those? Is it because we have to have immediate results? Why do we have to know on election day who won? Take a week, process all the votes, verify them, then get back to us with the ACCURATE results. How about having the international community participate in auditing our elections? We force our involvement in theirs, but don't allow them into ours.
My beliefs do not require that you agree with them.
First, the "ES&S" machine they're talking about as a base is the Automark, which ES&S bought and is now downplaying over their less secure setup.
Second: the optical scan half of this equation should scan GRAPHICS of each ballot, store them for later review, hash them to prevent later tampering and make them available by the DVD load (or HD-DVD or whatever) as a public record. Remember, the voter name is already stripped out at this point. And if you're burning data to "-R" media of some sort, that eliminates tampering with the data once it's out of the initial box. (Right now most vendors distribute the "electronic ballot box" data on either PCMCIA or USB flash read/write media, which is insane...only Avante burns end-of-day tally data from touchscreens onto CD-R.)
Fourth: once "we the people" have the graphic scans in hand, we can tabulate them with OUR software tools versus trusting the county's tools, providing a "software check and balance". The open source "Votoscope" program written by Harri Hursti was the first attempt at this. Now that we have a decent open-source OCR package (the one HP/Google just released), we have a foundation for building more. Imagine a world in which each news agency brought their best "gamer class" powerhouse monster PC to the elections office to get the scans and do a tabulation before anybody else can, with various non-profits like BlackBoxVoting, VoteTrustUSA or local equivelents chugging along on slower gear but still able to churn out accurate numbers on election night. If the various copies don't match, OK, let's figure out why, by eyeballs on the original paper if necessary.
A good electronic voting setup can backstop against paper fraud just as much as the paper backstops electronic fraud.
Jim March
Member of the Board of Directors, Black Box Voting Inc.
http://blackboxvoting.org/
Today Bush said: "We live in a global world."
Today, the Department of Homeland Security said: "There is no credible intelligence."
Odd how they should both be right on the same day? So there?
Any new electronic voting method should incorporate IRV. For anyone not already familiar with this, Democrats and Republicans both want you to think you are throwing away your vote on third party candidates, and that you need your vote to keep someone out of office. During the previous election, third party candidates were even jailed for trying to attend the presidential debate just to be equally heard by Americans. As incredible as that is, you didn't hear about it on CNN, because that would only give third parties more publicity and the government owned media doesn't want that. Americans deserve a choice, and the power monopolists want to see that you don't. If this is not corrected now, as voting methods are being discussed and rengineered, then you will probably never even get an opportunity. It is in neither the republican nor the democrat interest to give up anything that helps them keep their strangleholds on the U.S. political system. Americans should make a stand by refusing any new voting system that does not incorporate IRV. They should also refuse any system which can be easily compromised.
Watch and learn :)
http://www.slate.com/id/2107388/
http://www.eci.gov.in/faq/evm.asp
No vindaloo or call center jokes please!
Cost: Here in Belgium We use electronic voting for about 10 years. A minister has caculated that it costs around 4 euro (+/- $5 US) per vote...While a paper solution costs only 1 euro per vote. The reason: Computers for election are only used for...Elections. So you may use them twice in a decade. Try to find a P200 compatible motherboard, Serial port compatible electronic Pen, a 500MG hard disk...A company still supporting Windows 95 ...They still use "official" floppy disk to boot the system . Next election they will have a hard time to find new floppy disks.
Security:
We all know how "simple" it is to change thousands of votes with a single script, command line, program, virus or whatever, don't we?
Badass! My first posted submisssion! Anyway, my comments that the editors took out, but that I made on the article itself:
Why doesn't someone / some group create an open source voting machine software? The hardware could even be open source, too. These all seem like good ideas (the article - not the comments, though I'm intrigued by the Brazilian system), so what are we waiting for? Why doesn't someone do it? Who do we talk to to get started?
If I had it to make myself, I would use some unique identifier, like ssn but longer, and people could vote either at the polls or on the internet. The number would be hashed in such a way that a list of legal voting IDs would be verifiable but not traceable to the owner. This would prevent duplicate or fraudulent votes. This would also allow you, with your ID, to go in and see how the system recorded your vote. This would allow for unprecidented accountability as any voter could hop on the internet and check in and make sure the system recorded their vote correctly following the election. It would eliminate the question of whether voting machines were rigged or if precincts didn't get added into the tally.
That and the whole electoral college BS needs to go away! Who is still in favor of this? (besides the ppl that are getting elected as a result)
So, is anyone besides me SICK of hearing ads on the radio four times an hour for senators etc? If I run into Dan Rassmussen on the street I am gonna club him I'm so tired of hearing his name. (one of those highly irritating commercials where they say his name every 8 seconds during the 45 second commercial)
I work for the Department of Redundancy Department.
The silicon cannot be trusted.
No matter the openness of the code or its simplicity, the silicon has the final word and it is virtually impossible to verify.
The only way to be sure that a given election can be trusted is to dismantle all machines used, uncap all integrated circuits and scan with an electron microscope layer by layer to make sure the silicon is exactly what it should be. This will never be done.
Oppose voting machines as hard as you can.
...than I am the crappy candidates.
When my choices are brown-colored crap and dark brown-colored crap, it doesn't really matter which one rigged the machine best to win.
How about proving the code mathematically correct? It is expensive which is why it's only used in medical devices and other safety-critical systems. But certainly an election is important enough to merit a formal proof of correctness. The code isn't even all that complicated. The heart of the system just has to increment numbers and compute totals.
And ink their fingers too. That'll cut down on the voting fraud.
I would just like to point out that while the parent post is trollish in nature, it is a sentiment similar to what nearly all (if not all) of the founding fathers believed. That being certain qualifications are needed in order to cast a ballot. Their fear was some rogue could convince less educated people to vote for him so that he could, in turn, pillage the government and/or be a tyrant. I'll grant it's a thorny issue, but the problem of attempting to intentionally limit people who vote is that inevitably some racial groups will be disenfranchised (as well as other categories of population, such as the elderly in this case). Also, some local officials will try to exacerbate the situation to their favor (as happened-- and is still happening--in the South).
!. Use non- FOSS software
2. Tie #1 to hardware
3. Name your business Diebold
4. ???
5. Profit!
Until it is a transparent, documented process, then democracy is held hostage.
If I wanted to influence the elections, I might have come up with a better way, but this is sufficient.
There are ways of making this secure and acountable, but the question is why are we not pushing for this?
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Ok, voting machines cannot be guaranteed to be bullet-proof. Anyone who knows a decent amount about computer software & hardware gets that.
But why is it so hard to envision a simple audit trail to absolutely guarantee the authenticity of any election?
1) Make sure every voting machine spits out a paper receipt with a unique transaction number and the vote(s) recorded.
2) Make public a web site that displays *every* receipt number and its vote(s). Ok, it might be 300 million database records, but a simple menu across the top will let anyone drill down to their receipt number and confirm their vote was recorded correctly. We'll file this exercise as each Citizen's Responsibility. (It's important to note that having a citizen enter a receipt number to see those particular ballot results will not be secure since it would take a different path through the web site software, and also reduce anonimity).
3) Democracity loving geeks everywhere will write code to scan that (huge) web site and confirm the final totals.
It seems so simple. What am I missing?
- The Kessel run is for nerf herders. I can circumnavigate the entire Central Finite Curve in a lot less than 12 parse
There should inherently be distrust of our election officials, always every time, forever.
If they cant stand an audit, they should not be there.
Ever sell a house? Escrow companies exist because there is something of value
and in the transfer you cannnot trust always the other side. Which is exactly
as it should be. Sell a car? Notice of transfer of liability. Why? Because
you cant always trust the other party involved. Which is the way it should be.
If you buy something you are issued a receipt. Why? Lack of trust. Which is
the way it should be. Your bank sends you statements each month. Repeat as
above. I wont go on, because I have made my point, I hope.
for each $party in America.PoliticalParties
Not OK when $party steals or commits fraud in an election.
next
emt 377 emt 4
The main problem with electronic balots are that they could easily be tweeked, so no one trusts them. The main problem with paper balots are that they could vanish. Why not use both in one system, that way you only have to worry about the flaws common to both systems (which is less that the number unique to either one). If I were to build I voting machine, here's what I would do /. comes up with the perfect voting method its not going to do much good, especialy given that the US is now a dictatorship
1)Give everyone who comes to vote a human readable scantron
2)have voter insert scantron into voting machine
3)voting machine (with friendly colorful GUI) asks voter if they would like to vote dem. rep. or on each individual issue
4)If they choose ind. ask them each question (who do you want for presendent, etc)
5)at the end of questions show the voter on the screen what she has chosen, ask for confirmation
6)if something is wrong the voter can change her answer to that issue then return to the confirmation screen
7)once she is happy she chooses the "ready to vote" option on the screen and then
8)the voting machine saves her vote and prints her scantron
9)she can check the scantron, if something is wrong the ballot can be destroyed and the data marked as invalid. then goto 1
10)if nothing is wrong she drops the balot into a box and goes back to work
After polls close
1)Data from the machines is downloaded, it will tell how many people voted and what they voted for, this can be an initial indication of who probably won
2)All the scantrons are scaned. you will then know how many balots there are and what they say
3)check for agreement in data from steps 1 and 2. Are the number of votes the same? Are the results the same?
4)if not, look for missing/extra votes and count the scantrons by hand
5)once everything is correct/in agreement submit final results
I'm sure I've overlooked somthing...but then again even if
***Divide by cucumber error*** ***Reinstall universe and reboot***
http://malfy.org/ Oh yes.
since nobody reads this stuff, it's safe to post.... won't jeopardize my billionnaire status-to-be.
The Machine shall consist of a cylindrical container of wood or plastic, holding a marking substance that has a moderate wear rate, and leaving firm black marks. The Substrate for the Machine to mark against shall be a flat flexible surface of moderate reflectivity and low abrasiveness, with some irregularities across its surface. Upon The Substrate will be recognizeable printed marks labelling each candidate for office, with special areas near the marks for indicating Voter Preference thereby.
The Patent Models submitted for examination in conjunction with this Application shall be called for convenience A Paper Ballot (for the substrate) and A Pencil (for the machine.)
.
.
.
if this is supposed to be a new economy, how come they still want my old fashioned money?
You step in the booth. Each election / issue is brought up on a page all by itself. Each candidate / position is presented, along with a uniquely colored dot next to it. You click the position. In front of you, you hear a slight whirring sound.
....
A small ping pong ball floats up inside a glass enclosure. A tiny mechanical vice grips it to hold it in place.
A tiny nozzle on an actuator moves out next to it, and out bursts a small amount of paint. The ping pong ball is now colored in the same color dot as your choice.
You made a mistake? You hit the back button, and the mechanical vice crushes the ball into tiny pieces.
You do it again, another ping pong ball, another blast of color, you confirm, they tiny nozzle shoots some air on the ball to dry it, and it gets whisked away into a box marked for that election.
Now you've got something that is anonymous, transparent and voter-verified, visually unambiguous, able to be counted electronically *and* manually, and not easily subjected to tampering.
Now where to find all those ping pong balls
PS My serious position is that as long as there is a (voter-verified) paper trail, I have no problem with electronic voting. Count the votes, do some sample testing with the paper ballots, look for incongruity and if you find it, use the paper ballots as the final vote.
Paper and pencil ought to be the only legal means of voting.
Ok ok well... maybe if you want to design some machines for people who have various disabilities, etc., to vote with, I would be ok with that - but their end result should to be to print out a paper ballot, which the voter then puts in a box along with everyone else's.
Spoon not. Fork, or fork not. There is no spoon.
A nice presentation of the logical way to design digitally-enhanced voting machines. Thank you for putting it together so well.
The paper ballot remains the primary ballot.
It is not a "receipt" (whoever came up with that meme is an evil genius or misguided fool).
The electronic component is an aid to producing a valid ballot, and preliminary counter. Not a replacement, nor even (should there be a power failure or a shortage of ink) necessary.
So our system would include thorough auditing and verification capabilities and require faithful adherence to good election practices, as wells as topnotch usability and security features."
Kind of like how Bush appointed a Supreme Court Justice that will "Faithfully" interpret the Constitution?
The word Faithful is duplicitious. In these two contexts I think it's being used as "Faith: Belief without evidence; ex. religion; the Faithful;"
Also, you can't start a sentence with a preposition jackass.
Personally I have seen enough examples to believe Democrats routinely steal enough votes to gain a 1 or 2 point advantage in any national election and substantially more in certain local races. But we Republicans simply spot em the handicap and go on to win elections.
l
. elections/
http://www.leanleft.com/archives/2004/07/27/3244/
o ny_of_v.html
l s/phone-jamming/
http://www.cnn.com/2006/WORLD/europe/05/17/wednesd ay/index.html?eref=sitesearch
You need to read more. There are plenty of cases of Republicans doing shifty things.
LAS VEGAS -- Elections officials have rebuffed an attempt by a former GOP operative to purge about 17,000 Democrats from the voter rolls in the battleground state of Nevada, where the two presidential candidates are in a dead heat. Dan Burdish, former head of the state Republican Party, filed a challenge last week claiming the Democrats should be removed from the rolls because they were inactive voters. When asked why he did it Burdish told the press, "I am looking to take Democrats off the voter rolls." http://www.foxnews.com/story/0,2933,135334,00.htm
2004: The State of Florida compiled a list of 47,000+ felons to be barred from voting. Jeb Bush struggled to keep this list secret. After a lawsuit to make the list public, it was discovered that African American felons (who tend to vote Democrat) made-up 50% of the list, including a number of African-Americans who had regained the right to vote, while hispanics (who tend to vote Republican) made up only 61 of the 47,000 felons on the list. http://www.cnn.com/2004/ALLPOLITICS/07/01/florida
Clint Curtis testifies under oath that Florida Representative Tom Feeney asked him to create a voting machine that could secretly switch the vote to whomever is pre-chosen to win an election. http://www.boingboing.net/2006/10/09/video_testim
2002: In New Hampshire, Democrats setup a phone line where disabled or elderly voters can call to get a ride to the polls. On election day, they are mysteriously jammed with calls from people hanging up. Legitimate voters can't get through. After some investigation, they trace the calls back to "GOP Marketplace" in Virginia. Republicans are convicted and admit that they did it to stop Democrats from getting to the polls. James Tobin, New England regional director of the Republican National Committee is convicted. http://bigbrassballs.wordpress.com/tag/gop-scanda
It would take alot to get electronic voting "bulletproof," but one very important idea (?necessity?) is to give EVERYONE (with a server and an IP with some bandwidth) the ability to count votes online...to "listen" to all the voting machines as the votes roll in.
Before the elections, anybody who wants could then add their server's IP/port to the roster of vote listeners. The server would do a steady "ping -t" to ensure that it was online for the entire election (and didn't miss any votes). It would count every vote cast, and if it were proven (?via logging?) that the server had remained fully online (i.e. not ddos'ed, cable pulled, power cycled, changed firewall settings or any other "funny" behavior) it could compare/contrast results with a central counting machine, and any incidental serious / meaningful discrepancies would be examined.
If listening centers noted the SAME discrepancy, or there were a pattern of discrepancy, then the central vote count would be investigated and rectified.
The final count of each vote listener (which was kept in memory the whole time, rather than disk, so it couldn't be tampered with) would then be mailed to all the other listeners, resulting in a fully open counting method.
"Forgive us our trespasses, as we forgive those who trespass against us." -Jesus Christ The Lord's Prayer
shouldn't we say "vote machine" instead of "voting machine"? To me "voting machine" sounds like the machine is voting, not the users.
the easiest way to build a BETTER voting machine would be by any company's whose CEO doesn't deliver the Ohioan electoral votes straight to bush
Our electronic voting solution deliberately used a number pad instead of a touch screen to avoid a halo of finger grease accumilating over the most popular candidate's box. An alternative might be to rotate candidates across the screen to avoide "burn in" that might influence voting.
"Everything is adjustable, provided you have the right tools"
Gore never asked for a statewide recount because he was afraid a statewide recount wouldn't have given him the net votes he needed. He only asked for counts of the undervotes in Democratic-leaning counties because he thought he could get just enough votes to be elected. His rhetoric about "count every vote" was total hooey.
So if the U.S. Supreme Court hadn't put a stop to the recount, Gore would have still lost, only he would have been hoisted by his own petard instead of having the convenient "judicial coup" excuse.
There's an interesting article on the whole despicable affair HERE.
http://www.c2.com/cgi/wiki?CategoryVoting
Table-ized A.I.
This is what LA County is using.
Here's warts-and-all analysis.
The InkaVote Precinct Reader can be used to physically count votes. However, LA County will NOT be using them for that purpose. In LA County, the physical ballots, marked with ink dots, are the official vote. Period. End of story. The InkaVote Plus units are being used to "proofread" ballots before they get dropped into the bin.
The Reader will kick a ballot out for two reasons and two reasons only:
1.) Blank ballot. Try again, this time push down HARD on the ink stylus.
2.) Overvote. Turn in your botched ballot and get another try. However, you used up one of your three.
I don't know wtf they have reading the votes in Norwalk, where the LA County Registrar/Recorder's office is. But the vote of record is on PAPER. Not on a chip inside the reader. The version of the reader LA got is DUMB. No memory. If there needs to be a recount, it's done by humans. Reading ballots. And the way the system is set up, there is no ambiguity. A mark in the bubble is a mark in the bubble. And the new system warns about overvotes and blank ballots. You can skip a contest, it's your right. As it should be.
I'm going to be a pollworker November 7th. I went for it because of the 2000 and 2004 "Electoral Dysfunctions." I worked the primary in June and it was a grueling 13+ hour day. I was paid chickenshit for it. But it was worth it. I know that if some RoveDroid came sleazing around our precinct I would DOCUMENT IT and REPORT IT to HQs. Los Angeles, CA is not Ohio. We defend the vote here.
Knowledge is power. Knowledge shared is power multiplied.
Nail-biting recounts have depended on trying to guess what an illegible or inconsistent paper ballot actually meant. A critical system shouldn't let bad input past the front gate.
Paper is slow and expensive to update when a candidate dies in a plane crash shortly before the election. Sort of an integrity issue, since it means people may not know who they're voting for.
Paper, by itself, doesn't provide an audit trail. Ballot boxen from opposition districts sometimes go missing.
Sorry to be a cynical security person, but any time you think a system's security is perfect you should step back and figure that you don't understand the system.
all of the pluses you mention are overwhelmed by the lack of transparency
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
you're afraid your vote will wind up in a landfill... because that's easier than somebody pushing a delete button, right?
and as your backup... is the system i am backing, paper
we basically, agree, you just haven't blinked yet and realized i am achieving everything you want, with more transparency
you: computer main, paper backup
me: paper main, computer backup (optical scan)
the heart of the system should be the most transparent technology. that's not the computer
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
>Either we trust the people running our elections or we don't. If we don't there isn't a technological measure possible to prevent fraud.
There are millions of untrusted people handling other people's money every day. Cross-checks, technical safeguards, and the chance of prosecution keep it working quite well. A system that requires us to trust blindly the people running our elections is a bad system. Like they said in the Cold War, "Trust but verify".
>But like I said, there is enough transparency that in any national election fraud can't swing the totals more than a point or two and the Electoral College minimizes the damage in Presidential elections.
Florida 2000 proves that a point or two in a swing state can decide a national election.
Your post above is the is the best of show... I think the Fed issued DVD-R's should be holographically emblazoned with a unique site identification in plain English. Finding two discs with the exact same identification should NEVER happen... I don't see the significance of storing images of paper ballots, it seems like a big waste of time and effort. The main things I'd add is making the vote-accepting machine a Bittorrent seeder, serving to at least 3 other, reasonably balanced clients. It would seed a torrent of the ISO of the disc as it was being burnt. After the vote is verified to be written correctly to the disc, a 'vote accepted' signal is output, then real-time voting data is encrypted and served through Bittorrent. The disc is unencrypted, but I believe that the ISO stream must be encrypted to prevent the tampering of results, and for authenticity when decryption is successful. The computer that records the votes would have a hardware real random number generator. It generates a one time pad just before elections after being sealed up. Absolutely no one knows this code, and the burner stays shut until elections are over, period. The encryption key would be stored on disc with just the right number of offset bytes so that it XORs itself out in the encrypted ISO stream to a block of zeros. Then comes a smallish random file of random length, so that no assumptions can be made of the first few votes in order to derive the encryption key. Then comes the raw voting data. Between each vote record there would randomly be 0-3 or so bytes of random data to make the file structure less predictable to further increase the entropy of the ISO. Votes would be sector aligned, and the burner would have a big enough capacitor that completely burnt sectors are guaranteed. Sector level control is possible today. If rebooted after complete power loss, it would read the disc to continue to serve the election results so far, and continue to record, encrypt with the code read off the disc, and serve realtime election results. The point is that the state on the disc is never invalid, even if the DVD-R is damaged. One solution is to have a 2nd burner with a 2nd disc ready to go if there is a drive failure. The certified program for this DVD burning, Bittorent voting machine should be non-flashable ROM chips, soldered in with no way to surruptitiously remove it. This machine is not touched by the voters, and shouldn't need to be touched by anyone during the election. The attached machines that accept the vote from the voter, will also generate a real random number for verification, and a checksum, which gets sent to the server. It's important for the verification number to be not more than around 2 bytes, or 5 decimal digits, otherwise it may be personally identifiable. The only inputs to the server are Bittorrent requests from the internet, and votes from the serial ports. If the checksum is right and the vote is verified to be recorded on the DVD-R disk, then the machine sends back an 'accept' signal. Otherwise it sends a 'denied' signal. The attached machine would print a record that tells the offset into the ISO where their vote was recorded, and the 4-6 digit verification code. You keep that receipt. Another printout includes the above, and your actual vote. That copy goes into some form of paper ballot, it could be re-wound back into a scroll, as long as you got to see your vote on it. After the election is over, the encryption codes for every precinct are published and *anyone* can decrypt the voting results they may already have downloaded and add them up themselves. If everyone's download was corrupt, then there are the physical DVD-R evidence. The point at which the file becomes corrupt would likely indicate the time of failure. If every single measure fails somehow, then there's still a paper trail.
The American people must recognize
these odious tactics for what they are and
remain vigilant about our Constitution and
individual liberty. Too many people seem to
think that the Constitution will automatical-
ly check the government from overstepping
its authority and running amok. That simply
is not true. The Constitution is incapable of
enforcing itself. The ultimate limit on the
power of government has always been the
patience of the people. As Judge Learned
Hand warned many years ago, Liberty lies in
the hearts of men and women; [if] it dies
there, no constitution, no law, no court can
save it.70
http://www.cato.org/pubs/bp/bp98.pdf
Read the whole thing.
--
BMO
I'm baffled that the simplest solution isn't being pushed more aggressively, namely:
The machine is used to choose the candidates and initiatives. The machine prints out the ballot and tallies the tentative votes. The voter verifies the ballot. If it is ok, she or he drops the ballot into the box and an election official, in full view of the voter, presses an ok button.
If there is a problem with the ballot, the voter puts it in her or his pocket, informs the official, who presses a cancel button, and the voter reenters the booth.
The ballots are the slips in the box. The tally in the machine is just that: a tally. Whenever recounts are needed, they are done based on the ballots in the boxes. Machine accuracy is tested with random spot recounts even in the absense of challenges.
As an aside, the US election system, which I am now for the first time participating in, is dysfunctional for reasons worse than the election machines. The winner-take-all system is notoriously bad, but on par with it is the sheer amount of government posts and initiatives decided through voting. It's going to take me more time to prepare to vote than it takes me to do my own taxes with a pencil and a calculator. I can't believe most US voters are willing to bother. How am I supposed to know if it is a good idea for the state to finance itself with a bond or if raising taxes would be smarter at this moment? Who are these judge people anyway?
Voting machines should be at least as secure as slot machines. The state of Nevada has standards for those, as I wrote in a previous Slashdot article. Nevada is concerned with collecting taxes and not cheating customers when the machines are owned by very shady people. So they have technical standards with teeth. Stuff like this:
(a) Employ a mechanism approved by the chairman which verifies that all control program components, including data and graphic information, are authentic copies of the approved components. The chairman may require tests to verify that components used by Nevada licensees are approved components. The verification mechanism must have an error rate of less than 1 in 10 to the 38th power and must prevent the execution of any control program component if any component is determined to be invalid. Any program component of the verification or initialization mechanism must be stored on a Conventional ROM Device that must be capable of being authenticated using a method approved by the chairman.
(b) Employ a mechanism approved by the chairman which tests unused or unallocated areas of any alterable media for unintended programs or data and tests the structure of the storage media for integrity. The mechanism must prevent further play of the gaming device if unexpected data or structural inconsistencies are found.
(c) Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent validation information.
(d) Provide, as a minimum, a two-stage mechanism for validating all program components on demand via a communication port and protocol approved by the chairman. The first stage of this mechanism must verify all control components. The second stage must be capable of completely authenticating all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the authentication information must be stored on a Conventional ROM Device that must be capable of being authenticated by a method approved by the chairman.
That's part of what's needed. Those standards cover the possibility of an "alternate program" in a slot machine, and provide a way to check for it, with logs and an external program check capability.
The idea behind the graphic scans (about 200dpi mono will do) is to be able to throw a COMPLETELY different code set at the ballot stack quickly and cheaply. Or more than one additional code set.
:). She runs a Diebold setup doing optical scan ballots. Her plan is to spend about $15k on a new scanner, a big commercial monster with it's own integral disk burner, fast, double-sided and with at least a 500-page intake hopper. That's doable.
h .cgi?file=/1954/44242.html
The registrar of voters of Humboldt County California came up with a good idea. Please, no pot jokes
She wants to take every paper ballot and just feed it through that monster and produce a set of CDs with the output, and put them on the county website as ZIPs or something, or hand out CD copies to anybody.
It's the same idea: let's throw a whole 'nuther code set at the stuff, independent of every line of code to ever come out of Diebold.
Problem is, it doesn't include hashing...but hey, it's a first step.
If you go further and build the whole setup around graphic scans from the get-go, you CAN hash them. You can also burn a serial number onto the CD (or coming soon, HD-DVD, whatever, so long as it's "-R" and not "-RW").
You're envisioning CDs (or other media) that are specially marked *externally*. By marking them "internally" (via data) you can cut as many disks as you want on election night and if two of the same thing happen to get fed into the county's central tabulator software (or anybody else's!) it's easy to write code that says "if you eat serial number "x" once, and then see it again, go ahead and check that it's the same - if it is, report the dupe and don't eat it. If it does NOT match then somebody is up to no good, scream bloody murder and halt while humans sort it out".
And that's another thing: whenever the software encounters a glitch, it should say so AND record it to unalterable media - an audit trail log from hell. Upon each halt, observers representing the public, parties and/or candidates should be given the opportunity to at least view what's up, photograph or otherwise record the errors, get an explanation of what was going on then and what the plan is to recover.
We've seen counties deliberately cover up errors during elections or pre/post election "Logic and Accuracy" tests. In some cases observers were reading bluescreen text when the election officials literally yanked power plugs to blank the screen.
For a real freakshow example of election officials behaving badly (including loading PC Anywhere on the central tabulator and hooking it up to the county intranet with no firewall!) see also my report on Memphis TN:
http://www.bbvforums.org/cgi-bin/forums/board-aut
Jim March
That's an interesting idea, but if you can't trust the machine to give you a proper vote tally, can you trust it to give you correct ballot images? If I was Mr. Evil, I might reprogram my machine to return a different set of images that was more beneficial to my pet politicians...
I don't care if it's 90,000 hectares. That lake was not my doing.
Most poll workers are volunteers.
I'd be surprised if that were the case in even one state (but I could be wrong.)
Here in Ohio, pollworkers are paid $95/day. They need about 4000 pollworkers just in my county.
In New York city, they pay $200 per day. California appears to pay $70-$100. They get $6/hr in Harris County, Texas.. And $200/day in Essex County, New Jersey.
I also found that Florida, Missouri, Alaska pay pollworkers. I haven't seen a state that doesn't yet.
Why can't we phone in our votes in the modern age? That way we would be forced to fix the farked-up phone systems too. Paper Absentee votes for those of you with cellphone phobias. I bet it would make voting accessible to many more people as well who can't make it to the polls.
A cross on a bit of paper.
It's worked here in the UK for 100's of years and the results are back within 12 hours.
America, Home of the Brave.
I'd personally prefer to return to a simple paper and pen ballot... simply check the box of the person/proposition you're voting for. Put paper in box. Let people count ballots (with observers, if desired). It scales fairly well, is difficult to introduce large errors into, and can't be hacked remotely.
You're obviously not familiar with South Texas politics. Missing ballot boxes turn up at the most interesting time with the most interesting results.
Build a better voter, and the voting machine problem will take care of itself.
Is your terror cell living in terror? Is your safe-house not so safe? If so, read the New York Times, the jihad journal.
The goal is not just to get a fair count; it's to convince people they're getting a fair count. Consider: what if Diebold IS actually on the level and there is no tampering or assistance to tamperers from them or their employees. Even if this were true, we'd still be in our current mess because we wouldn't believe them.
I think that important technology like this should be open simply because it makes it transparent and therefore accountable. Suspicion of tampering? Send in whatever body of independent investigators you like, without signing any NDAs, and they can evaluate it and report (completely) on any problems.
---Nathaniel
Isn't Slashdot the land of do-it-yourselfers? For all the bitching and whining and FUD about Diebold etal, the OSS community has done pretty much SHIT about it (disclaimer: much of the bitching is legit, imho). There is no reason why a coalition could not be formed, funded by the bigwigs in OSS, to develop an open, secure electronic system. If you can put out a fast, slick, secure alternative that people have a good feeling using, you accomplish three things: One, you help secure our elections against shenanigans. Two, you increase the people's faith in our form of government. Three: you have millions of people who just used an OSS product and enjoyed it. Shit, just stick Tux wearing Uncle Sam's tophat on the goddamn box and the investers will probably make their money back in merchandise alone (well, maybe not). Really, is there any movement in the community to fucking DO SOMETHING other than whine??? Something we can all get behind? Anyone? Hello?
You need electronic for efficiency and convenient interface; the second for security and recounts. Theres nothing that says the hardcopy cant have a good GUI: it could print only the selection in large type, so the voter could easily verify. The restrictions on the original ballot- all choices presented equally- dont have to apply there.
You can't count votes with software.
Decentralized vote counting reduces the damage that individual fraudsters can implement to the point where the inevitable human corruption will tend to cancel itself out. Centralized vote counting, which is made possible by the elimination of paper ballots, amplifies the ability of individuals to influence the vote, to the point where elections can literally be stolen at the national level.
Do you trust any single programming-for-profit team more than you trust the co-operative efforts of thousands of grass-roots volunteers located all over the country?
You should read The Jungle by Upton Sinclair (available here). According to him the D's and the R's were equally into electoral skulduggery; his hero/antihero worked for both parties.
It's not quite that simple. As RWR once said, "Trust but verify."
$META_SIG_JOKE
Every time there is a vote in my state that passes and the liberals don't like it.. they just take it to court and get what the people voted for thrown out. So why bother even voting anymore.. What the majority of people choose no longer counts.
I'll tell you about the best, simplest, most untamperable voting machine. it's a pen, a paper ballot, a cardboard box, and a bunch of people to count the votes.
I may be a techie, but I do not understand the obsession with making absolutely everything computerized. some things shouldn't be, for various reasons, and voting is one of those things, again, for various reasons, including security (the big one), reliability (every computer screws up at some point, usually the most critical point), and usability, among others.
upon the advice of my lawyer, i have no sig at this time
Which is why the setup that does the scanning is all open-source, with the standardized code set published with hashes so that observers can confirm the code is the "legit stuff" that 10,000+ geek eyeballs have looked at.
i nst_votersupervised_elections_attorney_0906.html
OK. Lemme 'splain something here. Speed MATTERS when we're talking about congressional races.
There have been two recent court decisions in California (the recent CD50 case in San Diego) and Nevada in which state court judges have ruled that each house of congress has the right to approve new members based on EARLY, uncertified, unofficial election results. And in the CD50 case that I know of, this "stamp of approval" on a GOP candidate by the GOP house leadership happened before the final canvass and before the 1% hand recount spotcheck mandated by state law.
That's right, folks. According to these courts, somehody like Hastert can deep-six any state election protection law that state passes and "annoint" candidates.
If this demented thinking holds, then we don't just need to find fraud or screwups, we've got to do so FAST. Hand recounting of all the paper (or even a random selection!) will take too long. We need to throw known-good code at trustworthy data in a hurry.
For those not aware of the San Diego fiasco:
http://www.bradblog.com/?p=3353
http://www.rawstory.com/news/2006/Court_rules_aga
Jim March
How about we stick with paper ballots, that way there's no f'ing question about electronic tampering, you gadget-happy wankers.
Of course, this system is also prone to abuse.
YNBut on the other hand, the method could be used to greatly enhance the democratic process. Instead of just going by majority or plurality wins, the algorithm could actually decide who the best compromise candidate was. That is, it could find the guy who is most aligned with the voters opinions at large. When it comes to fixing the runoff system, this would be light years beyond IRV and Condorcet schemes.
The geeks can have all eyeballed some very nice-looking source code, and the observes can see that the machine spit out a hash string that the geeks said that it should, but that doesn't mean the machine is running the source code the geeks vouched for (or that it is running it corectly). It would still be far too easy to make the machine look like it was doing the right thing but contain a 'secret surprise' that wouldn't be detectable without an in-circuit hardware debugger, if then.
According to these courts, somehody like Hastert can deep-six any state election
protection law that state passes and "annoint" candidates.
Indeed, that's a terrible law. But the solution to that is to change the law, not to further compromise the integrity of the elections in an attempt to conform to it.
I don't care if it's 90,000 hectares. That lake was not my doing.
The number of people who are willing to discuss particular designs, before settling on requirements, is astounding. To produce a reliable system, it is essential to have firm requirements before starting the design. In voting systems, in particular, many people seem to jump to hi-tech designs, without even discussing the requirements for the system. It is as if the requireent to "count the votes" is so simple and obvious that it need not be discussed. I think there are some other requirements.
I propose that any voting system must have verifiability as a basic requirement. Correctness of elections must be verifiable. It should not be necessary to trust anyone or anything. Every part of the process should be verifiable, and, average people must be able to do the verfication. Each voter must be able to verify that his/her vote is correctly recorded. Each voter must be able to verify that his/her vote is included in the total. Everyone who wants to, including representatives from each party/candidate, must be able to verify that every ballot is counted, that no extra ballots are counted, and the counts are correct.
The problem with all of the high-tech stuff is that it takes people with graduate degreees to verify that the computer is programmed correctly, and that the correctness propery is maintained. Average people are not capable of verifying that the computer software recorded and counted their votes correctly. And, average people are not capabable of verifying that the computer recorded exactly those votes that were actually cast, no more and no less. Every high-tech voting machine design depends on a host of hard technologies, so average people cannot understand them well enough to verify correctness of the design. Hence, no high-tech voting system can possibly meet the first requirement: that average people can verify that their votes are counted correctly.
Simple, paper-based systems can be verified by average people. If each voter records his vote(s) on paper ballots, and verifies the ballot before depositing the ballot into a locked box, it is very easy for average people to verify that their votes are recorded and counted. Security of locked steel boxes is well understood by average people. Average people, including representatives of each party/candidate, can stand watch over the steel box all the way through the process.
In contrast, computer based DRM-style voting systems cannot be verified in any meaningful sense. (Computers and printers can be used to produce ballots and mark ballots without needing to be secure or verified. If a ballot is incorrectly marked, the human voter can reject it and mark another one. And, scanners can be used for counting if hand recounting is routinely done to verify the results from the scanners. In both of those operations, the results are verifiable by average people with no special expertise.)
I have a Ph.D. in Computer Science and 25 years experience in programming. I don't trust machines. I know that almost every program contains bugs, even if the programmers are trustworthy. And, I know that some programmers are not trustworthy. Because trust is not possible, elections cannot depend on trust. Elections must be verifiable by average people.
We could actually trust, not electronic voting machines, but voting on the internet. A large step forward, almost a revolution.
How? With verifiability?
How do you verify votes? You copy all information you have about it to every and anybody wanting it! In real time.
http://leparlement.org/
We could secure votes using 3 elements:
* P2P servers
* PGP signatures
* Electoral lists
Have a look at http://leparlement.org/security
It's simple and I believe anybody looking at it with an open mind could come to the conclusion that it is interesting.