Slashdot Mirror
CA Proposes Rigorous Voting Machine Testing
christian.einfeldt writes "During her successful campaign for California Secretary of State, newly-minted California Elections Czar Debra Bowen spoke repeatedly of the need to use free open source software in voting machines to ensure the integrity of California's elections. Now that Secretary Bowen is acting on that campaign pledge, closed-source voting machine vendor Diebold worries aloud that rejecting its black-box voting machines could snarl California's elections. Diebold's concerns come at the same time that it is suing Massachusetts for declining to purchase those same voting machines." Quoting: "California's elections chief is proposing the toughest standards for voting systems in the country, so tough that they could [have the result of banishing] ATM-like touch-screen voting machines from the state. For the first time, California is demanding the right to try hacking every voting machine with 'red teams' of computer experts and to study the software inside the machines, line-by-line, for security holes."
Thoroughly test the voting machines before deploying them? Wow! Why didn't I think of that?
This guy's the limit!
I thought I read "Computer Associates Proposes Rigorous Voting Machine Testing", and my head started to hurt.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
I agree with this proposal. They need to double -- perhaps, triple -- check to make sure the code works as intended.
But I also think CA has been otherwise prudent. For example, using Diebold instead of volunteer open source code. I mean, how can they afford all the volunteer labor?
Apology to Ubuntu forum.
One principal of a democracy is that everyone can verify the counting of votes.
Now unless you teach everyone how to program I don't see how you can preserve this principal.
suing a state for not using your stuff. jeez i hope SCO doesn't adopt that tactic.
sarcasm:
-noun
1. harsh or bitter derision or irony.
31 machines out of 340 districts? How many were in each district?
Heck, from what I've read, they've had problems with more than 10% of the diebold machines.
At least with an automark type system you still have the paper ballots to fall back on, even if a voter might require assistance to fill it out.
When a diebold type device malfunctions you have the potential for lost and/or erronous vote information, not to mention that NO votes can be taken.
I don't read AC A human right
I contributed to the Bowen compaign, the first time I have ever given money to someone running
for such a position. I'm pleased to see her living up to her campaign promises.
As far as Diebold's FUD response goes, is anyone even slightly surprised by it?
... from Florida!
"There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed H
My car has "California" emissions and I live in Connecticut. This is just one example of how California mandates things for the rest of the country. They will set some standard for voting machines, and since the state is too big for voting machine companies to write off, it will end up becoming the defacto standard. I don't live in California for a reason (not the least of which their four seasons are Wildfire, Mudslide, Earthquake, and Smog). In California, they make you label everything, including restaurants, informing you that your food might cause cancer. Then they all go outside and breathe air they can see.
Brawndo: It's what plants crave!
Any replacement system must preserve the strengths of a paper ballot.
This means
In practice, this means the voting hardware and software must be open to public inspection. The same goes for the procedures used by voting officials.
It also means to the extent possible, the entire process must be observed by interested and neutral parties. Obviously the actual voting must be done in secret but anything that doesn't reveal an individual's vote should be observed. Those things that cannot be easily observed, such as actual electronic count, must be repeatable by another method, such as a hand-count, with the same results.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Umm... this is a new one to me. I mean, it sounds like a good idea, and all... but then again, if we're using the old punch-card type of voting machines, being able to verify them requires being able to read them, which many people can't do anyway. Besides the fact that in a typical presidential election, there's, what, nearly a hundred million votes cast? It's physically impossible for a single person to check that many ballots in a reasonable amount of time.
Why is that a bad idea? Since more & more of our lives depend on computers, giving everyone at least a basic knowledge of how they actually function seems like an excellent idea.
Have you been touched by his noodly appendage?
is that we seem to keep learning and re-learning that lesson. Back in the 1960 election, there was a lot of evidence that indicated that kennedy won chicago by having the dems cheat. Many systems were put in place to prevent that cheating. Now, with the new current system, the evidence is even more overwhelming and yet, we are back to trying to prevent cheating. In particular, it appears that Ohio, Florida, and even texas had massive amounts of voter fraud during the last couple of elections. I guess that our society will be doomed to re-living the same problems over and over as long as we have politicians like rove ( and the dem == before).
I prefer the "u" in honour as it seems to be missing these days.
The request by Diebold to block Massachusetts from buying from another vendor was blocked: http://computerworld.com/action/article.do?command =viewArticleBasic&taxonomyName=hardware&articleId= 9014518&taxonomyId=12&intsrc=kc_top
s -selling-solar.html
--
The proper use of a silicon ballot: http://mdsolar.blogspot.com/2007/01/slashdot-user
four seasons are Wildfire, Mudslide, Earthquake, and Smog
Boy, I'd like to see a shoji screen of these four seasons!
And, wait... are you complaining that your car has stricter emissions standards? I'm certainly not, living in the second-most smog infested state in the US. If it weren't for CA emissions being standard on so many vehicles sold outside that state, it might be even worse here...
Have you been touched by his noodly appendage?
Any electronic voting machines should be regulated to at least the same level as a slot machine. But for some reason we apparently believe that handling the $20 dollars we want to gamble in a casino is more important than the results of an election.
A casino would never field a slot machine (even a 1c machine) that was as insecure as a Diebold voting machine.
The security model for a slot machine is rock solid. The hardware and software (source included) must be submitted and approved by each jurisdiction. The security model ensures that if even one bit in the software has been corrupted, the machine ceases to function. The cash-in and payout of each machine is redundantly logged. The machines are completely power tolerant, meaning you can cut the power at any time; when the power is restored the machine will come back up in exactly the same state that it was in before power loss. The machine can print tickets (for a paper trail), as well as talk securely over a network.
Basically, all the requirements we'd like to see in a voting machine are the same that a slot machine already conforms to. There's no reason to re-invent the wheel here, most of the work has already been done.
I was just writing to my Senator Mac Middleton (Maryland Senate) that losing the ritual of hand counting ballots means that we also lose a means of strengthening community ties. You don't actually have one person count all the ballots, it is done in a group with observes from all campaigns watching for errors. In the end everyone goes to bed late and is civil about the result. There is a greater level of participation and more human interaction this way.
s -selling-solar.html
Maryland's house passed a bill to adopt optical scanners unanimously but now the senate leadership is balking at the cost which they claim (unusually for infrastructure) is all front ended. However, the last payment for the Diebold systems in use now is due in 2014 so the leadship's objections seem a little strange since financing is how this kind of thing has been done in the past. Hopefully my Senator can clear this issue up for them since he chairs the Finance Committee and ought to see the problem with the leadership's view.
--
Removing finacial risk from Solar: http://mdsolar.blogspot.com/2007/01/slashdot-user
In retrospect, perhaps Step 4 should have said "Govern!" and Step 5 should have been "Profit!!!"
Despite the fact the Bloc Quebecois just suffered a defeat, proving that no-one gives a crap about separation anymore.
this gives me A BIT of hope (heh) that not everyone connected to the gov is a madman, moran or corrupt.
I now think there may be a non-zero amount of sane people still left. before, I really did think the number WAS zero.
I now have new hope for democracy to RETURN to the US.
--
"It is now safe to switch off your computer."
I think that attorneys for the government should be able to demand to see source code for all the machines already deployed. If source cannot be produced (or it does not compile to the same machine code present on the voting machines) then those responsible should be rounded up and tried for treason. Seriously: at no point should *anything* related to how these machines tally votes have been regarded as a secret: that's simply not how voting works in the US.
I believe that California shouldn't have to demand transparency, I think that we citizens have implicitly expected transparency all along.
Donate to the Open Voting Consortium, they've been working with Debra Bowen and many others to fix the system.
don't panic-- clowns can smell fear.
It amazes me that the US can't get their elections done right. They have the technology to power the worlds most important financial systems, to pilote a drone on the other side of the world and beat any given human in a game of chess. WHY THE ##CK haven't they managed to come up with a voting system that's rock solid, transparent, secure and dependable?!? Why is that even a hard thing to do?
Heck, I think even _I_ could design such a system:
- Buy a standard issue PC with a standard issue laserprinter
- Make a simple voting program
- Give every voter a Live CD with a unique hard coded serial.
- The CD is inserted under the supervision of election workers, and the PC is booted up.
- The voters goes behind the curtain where they find a screen, a mouse and a printer.
- The voter casts his/her wote. The vote and the unique ID is stored on the local HD, and two coppies is printed out on paper.
- The voter comes out, ejects the CD AND KEEPS IT, and puts one paper vote in a ballot box. Keeps the other copy.
- The computer is powered down before the next vote.
This way one can always check the DB against the paper ballots afterwords. AND: Every citizen who thinks the election has been tampered with can A: Review the software on their CD. B: Check the official "election website", punch in the unique ID from the CD/paper coppy and verify that it's registered correctly.
This is not complex, this is not expensive, this is not difficult, and as far as I can see; this is practicaly fool proof given a certain degree of random manual chek of wotes. (To eliminate the factor involving electorial workers doing nasty stuff to the PCs etc.)
Or am I over looking something here...?
You didn't bring any prosecutions of voter fraud in Ohio, Florida or Texas;-)
This issue is actually the very reason this woman got my vote in the last election. I'm glad to see she is holding to her promises. We definitely need more politicians to do this. She, unlike a large number of politicians, seems to have a reasonable grasp on the internets and tech as a whole.
http://www.ss.ca.gov/executive/bio.htm
I suspect they'll really study software outside the machines, code which the manufacturer swears is the same as the software inside the machines, cross his heart. That's still an improvement over the current situation, but it's not good enough for democracy. If a computer is turning your ballot into a microscopic electromagnetic pattern rather than a human-readable printout, you simply can't be certain that your vote was counted. Software audits may make election hacking more difficult, but they'll never make it impossible.
Despite the fact the Bloc Quebecois just suffered a defeat
Bloc? the Parti Quebecois (a provincial political party. the Bloc is a federal party.) took a big hit in the provincial election, but nothing has happened with the Bloc, AFAIK.
upon the advice of my lawyer, i have no sig at this time
They just take votes and record them. The only remotely novel programming problem should be the security, and they don't appear to have implemented any! How can these machines keep screwing up when ATMs keep on not screwing up?
I'm not a computer scientist, but I know many of you are. Is there some hidden level of difficulty here? Some reason why making voting machines should be such a challenge for Diebold?
Step into a huge movement. Don't Tread In Me.
Ahh but thanks to the intervention of well-paid lobbyists Federal standards make 10% an "acceptable rate of failure" for an election.
These are VOTING machnies , the machines' output decide the faiths of millions, these should be the most tested and highly secured systems on the planet. I never really understood how could anyone agree to lower standards on this.
My Starcraft 2 Blog
It amazes me that the US can't get their elections done right. They have the technology to power the worlds most important financial systems [...] Or am I over looking something here...?
Today's piece on the largest financial data breach in history, perhaps?
HTH. HAND.
//Information does not want to be free; it wants to breed.
I meant the process should be monitored by both interested parties and by neutral parties. Sorry about the grammatical confusion.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This situation is unacceptable in critical systems' embedded software. Not only is the source subject to audit, but the entire compilation and installation process is as well.
Have gnu, will travel.
I was thinking of ballots where it's hard to goof.
.... [ ] ........ [ ]
Imagine a hand-counted paper ballot that looks like this, only in a decent-sized font:
State Senator. Vote for only 1 candidate.
{2 blank lines}
John Doe, Republicratic party
{2 blank lines}
Mary Smith, Democan party
That's pretty hard to mess up unless you try hard or have problems using a pencil.
If such a ballot were used and were counted under strictly monitored conditions, there would be no Florida Fiasco. With enough counters, the results could be tallied in a reasonable period of time.
This is the way people used to do it before machines. The trick is you need plenty of monitors so the counters don't try to game the system.
Your comment on fraud is insightful. Monitoring helps prevent that.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Cue the political slot machine jokes...
One principal of a democracy is that everyone can verify the counting of votes. Now unless you teach everyone how to program I don't see how you can preserve this principal.
It also requires you teach everyone to count, which is up for question given the quality of our schools these days. ("Principle", by the way.)
//Information does not want to be free; it wants to breed.
Perhaps you might not have heard the story of the king and the toaster?
This may not be quite that bad, but the point still stands: Don't use more technology than is needed to solve the problem. In this case, it's much simpler than you suggest:
In fact, if you were clever you could even combine steps 1 and 4, saving a line at the supervisor's table.
Oh, and don't give the voter a copy to take home, unless you want supporters for the "wrong" party to start getting their pillows replaced by severed horse heads. "I've got a very good deal for you, and all it needs from you is one little piece of paper . . ."
And voter-verified, it's still not good enough.
You can verify the reference machine all you want, but unless all the millions of Californians are voting on that one machine then there's not much point to verifying it.
If you want your vote to count, vote on paper.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
Diebold's voting machine IS open source!! Buy a couple bottles from the mini-bar, take the key with you to the next poll, and open-er-up! In moments you can be playing chess instead of voting another politician into office :D
Relocating to San Francisco / Palo Alto... Hire me?
Someone remembers why we need e-voting machines? Are we trying to fix a working system?
if you did not bring those charges, you are hired.
I prefer the "u" in honour as it seems to be missing these days.
Return? It would have had to have been here in the first place. The US was under the UK with no say, and then it was formed under a republic, which is referred to as a "representative democracy" but which really means that a select few are in control. Beyond that, the whole thing is really under the control of the people with the money to buy the government's interest. Democracy? It's a kleptocracy.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It is not as if you REALLY have a choice. You can select between two evils. That isn't realy a choice. As if you were asked wich leg you can miss and call that a choice.
;-)
And after the "voting", the "lobbying" comes in and makes those choices you actualy made undone. And if that doesn't do it, you big chief trows in his veto.
Thios is not trolling this is just being realistic or pesimistic, depending on what you think.
Now you can all vote me up or down.
Don't fight for your country, if your country does not fight for you.
I think its great that the machines must be tested and the source being available for inspection. But what about the hardware? Shouldn't they be required to use of the shelf hardware?
I think paying them to develop the software (and provide the source) then using of the shelf machines would be the best approach. That way the state can then make the software available to everyone to test for them.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
XXX#######
why don't some motivated open software coders get together and build an alternative? instead of waiting for the state of california or elsewhere to get fed up/scammed/ripped off with/by diebold or some other closed source software place, step up and do it. build it, post it somewhere, have the public beat it to death, and prove itself. if it's so easy, then bring it.
The reason that many elderly lack ID cards is because the state issued ID cards that they have are expired. Expired ID cards are not accepted as identification.
If you live at the same address, are the same height, same gender, and eye color - why do you need a new ID card?
Why the heck ID cards expire is a good question. Anyone have an answer? I always wondered why. Change of appearance is a poor reason. I could grow a beard and dye my hair the day after getting an ID card. Is it because they are worried that people might age poorly? Gain too much weight? Change genders?
It is important to note also that these standards are voluntary and as such are the "upper bound" for the practical rules, and many states ignore them altogether. Few if any exceed the standard, especially when it comes to "failure rates".
This is true! Apparently this rate of failure is fine for the backbone of our democracy.
Please.... this is as silly as it gets to suggest this solution, and gets to the heart of why American elections are so complicated with so much technical hardware: Marking an "X" on 100+ candidates and ballot questions is enough to completely overwhelm any voting judge in a typical American voting precinct.
My wife is an election judge, and has done the paper and pencil thing on municipal elections where there was just three options to count. Even then, it took her and the team of voting judges nearly three hours to count and verify all of the votes, particularly when one of the senior citizen judges lost track of the count three times and couldn't quite remember what the number was that she was on during the ballot count. That judge came up with four different answers for the number of votes cast, one each time she went through the stack of ballots.
And that didn't deal with trying to "judge" what candidate was actually cast for a particular ballot because the voter screwed up and voted for one candidate, tried to "scratch" it out and vote for somebody else. Or drew such a lousy "X" that you couldn't really tell who exactly they were voting for.
I support the idea of using electronically prepared ballots that are very clear on who each voter has cast their ballot for. This can also deal with the hundreds of offices from dog catcher to President of the USA that you need to vote on for each election, the school bond referendii and questions about where to build (or if to build) a dam on a nearby river. Once these paper ballots are prepared, automated systems can count the ballots to improve the accuracy of these 80+ year olds who have been volunteering for the past 60 years to work on the elections. It has only been very recently, however, that such a system was even possible to prepare a ballot that is human readable but standard enough that it could be counted in an automated manner. This is precisely why mechanical systems were set up in the past.... to overcome some of the limitations of having human couters of the ballots.
But simple paper and pen isn't going to cut it. Especially in an election with over 100 million voters casting a ballot.
They deny the blind and those with mobility impairments the right to a private ballot. This should be reason enough.
They are not as cost-effective as a computer-vote machine, a print-on-demand ballot, or a print-completed-ballot machine for mixed precincts, limited ballots, or ballots in rarely-used languages.
For example, if you have a voting station covering several precincts with overlapping city, county, and other boundaries, you could easily have dozens of ballots at that voting station. If you have 5,000 eligible voters and you have 10 that do not speak English but each speak a different language, that adds more combinations to the list. Rather than print all ballots in 11 languages, you print most ballots in English and 10 ballots in both English and the voter's language, at the time of the vote. For randomization's sake and to prevent ballot-language from giving away who voted for whom, you may print each ballot with another random language. With ballots that are generated as-needed rather than in advance, you can better serve the needs of your voters while reducing costs.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
People from the South who blather on about states' rights usually set off my bigot alarm, but recently I have been reflecting on my luck in living in a liberal western state that can do things like this.
Premature optimization is the root of all evil
Here in Japan, paper and pen work just fine for 50 million voters in national elections. And they don't mark boxes--they actually write out the candidate's name (or the party's, depending on the election).
Seriously, I've heard all the arguments before about giving people every chance to cast their vote, and for the most part I agree--but at the same time I think the voters ought to be responsible as well, and realize that if they don't make their choice clear, their vote may not count. (And don't tell me how computerized systems prevent the "scratch-out-and-fix" problem, because (1) there's nothing preventing the pen-and-paper voter from getting a new ballot, and (2) what if the voter accidentally brushes the touch-sensitive screen, for example, and changes their vote without noticing? On ballots with dozens of questions, the chance they'll notice the error drops significantly.)
As far as counting goes, a simple optical scanner will alleviate much of that work without introducing all the pitfalls of fully electronic voting. Tally all the obviously countable votes, and spit out the unclear ones for humans to check; that lets the computer do what it's good at (counting) and humans do what they're good at (pattern recognition). As a bonus, a simple scan-and-count machine would be much easier to prove correct than would a complex electronic voting system.
And I honestly don't see what the problem with long ballots are. Surely, for something done only once every two or four years, voters can afford to take the time to read the ballot and ensure that their voice is heard. (I do see your point with respect to electronic voting machines that output a paper ballot the voter can then deposit in the ballot box; that's one change I could possibly accept, as long as the machines did not store votes internally. Given the present state of society, though, I'd tend to lean against it just because the temptation to add little feature after little feature would take us right back to an all-electronic system.)
In an effort to clarify and prevent flames / accusations, I feel that it is important to share the assumptions that I've used to make the preceding comment:
1. Middle aged is somewhere between 40 and 50.
2. Middle class is somewhere between "no longer living in poverty" and "not yet owning a second house"
3. White is referring to the fact that my skin's pigmentation is closely related to "Casper" due to an inate fear of the yellow light in the big room with the blue ceiling.
4. I am an insensitive clod.
If I were to commission the construction of a voting machine, I would engage the same folks who make the toughest machines in the world to crack. Slot Machines go through absolutely rediculous amounts of testing and 'red team' hacking attempts. Lightening bolts, large caliber bullets, jimmies, etc. Nothing has been left untested.
So... Diebold, watch out for those one armed bandit companies. They'll eat your lunch.
AC
I co-produced/directed the HBO documentary "Hacking Democracy" and in the film our Finnish security expert Harri Hursti hacks both the Diebold 'AccuVote' Optical Scan system (using a memory card) and also the Diebold GEMS central tabulator. This hack was done on camera and, by the way, can be seen on the just released DVD . See http://www.hackingdemocracy.com/ The question about fixing these systems intrigues and disturbs me because the security flaw that Harri discovered involves interpreted code in the Optical Scan machines and I believe that flaw has not been fixed by Diebold (Harri discovered it and carried out the hack in December 2005) In addition in 2005 Harri also uncovered a devastating flaw in Diebold's touchscreen machines, which Dr. Avi Rubin of Johns Hopkins described as "the nuclear bomb for e-voting systems". And, guess what, that mother of security holes is also still completely unsecured. So where's the fix?