Slashdot Mirror

← Back to Stories (view on slashdot.org)

CA Proposes Rigorous Voting Machine Testing

Posted by kdawson on from the red-five-standing-by dept.

christian.einfeldt writes "During her successful campaign for California Secretary of State, newly-minted California Elections Czar Debra Bowen spoke repeatedly of the need to use free open source software in voting machines to ensure the integrity of California's elections. Now that Secretary Bowen is acting on that campaign pledge, closed-source voting machine vendor Diebold worries aloud that rejecting its black-box voting machines could snarl California's elections. Diebold's concerns come at the same time that it is suing Massachusetts for declining to purchase those same voting machines." Quoting: "California's elections chief is proposing the toughest standards for voting systems in the country, so tough that they could [have the result of banishing] ATM-like touch-screen voting machines from the state. For the first time, California is demanding the right to try hacking every voting machine with 'red teams' of computer experts and to study the software inside the machines, line-by-line, for security holes."

25 of 172 comments (clear)

  1. novel idea by gEvil+(beta) · · Score: 4, Insightful

    Thoroughly test the voting machines before deploying them? Wow! Why didn't I think of that?

    --
    This guy's the limit!
    1. Re:novel idea by TheMeuge · · Score: 4, Insightful

      I smell a "Diebold sues California" /. headline coming.

    2. Re:novel idea by gyroid · · Score: 3, Insightful

      If a state selectively purges voter rolls, supplies too few machines for specific precincts, or uses law enforcement and batteries of volunteers to challenge or intimidate voters, the accuracy of the machines doesn't really matter.

  2. One principal of a democracy by saibot834 · · Score: 4, Insightful

    One principal of a democracy is that everyone can verify the counting of votes.

    Now unless you teach everyone how to program I don't see how you can preserve this principal.

    1. Re:One principal of a democracy by AK+Marc · · Score: 2, Insightful

      One principal of a democracy is that everyone can verify the counting of votes.

      We do not now, nor have we ever had, any system to verify votes. We can count them again, certify them, but never verify them. Until I, as a voter, can see how the state counted my vote, no vote is ever verified. They may count my ballot twice, but I can never know who they count it as having voted for. True anonymous verification is a system where I can identify my vote, but no one can determine how I voted.

      --
      Learn to love Alaska
  3. Unaccaptable failure rate? by Firethorn · · Score: 4, Insightful

    31 machines out of 340 districts? How many were in each district?

    Heck, from what I've read, they've had problems with more than 10% of the diebold machines.

    At least with an automark type system you still have the paper ballots to fall back on, even if a voter might require assistance to fill it out.

    When a diebold type device malfunctions you have the potential for lost and/or erronous vote information, not to mention that NO votes can be taken.

    --
    I don't read AC A human right
  4. e-voting must be as strong as paper by davidwr · · Score: 5, Insightful
    Properly monitored paper ballot voting system is about as good as you can get for the average person. It's main weakness is that it's not private for people who cannot see or read the language of the ballot and for people who cannot mark the ballot for whatever reason. The fact that you must go to a voting station rather than voting from home is also a disadvantage.

    Any replacement system must preserve the strengths of a paper ballot.

    This means
    • Open specifications
    • validation and verification of all equipment and procedures concerning the vote


    In practice, this means the voting hardware and software must be open to public inspection. The same goes for the procedures used by voting officials.

    It also means to the extent possible, the entire process must be observed by interested and neutral parties. Obviously the actual voting must be done in secret but anything that doesn't reveal an individual's vote should be observed. Those things that cannot be easily observed, such as actual electronic count, must be repeatable by another method, such as a hand-count, with the same results.
    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:e-voting must be as strong as paper by morgan_greywolf · · Score: 2, Insightful

      Right. And that's why I keep saying that if you want to know what I think is the approach, it's touch screens with Open Source software/firmware with a paper receipt trail. This allows for the accuracy of electronic counting with a paper backup -- if the paper doesn't match the electronic count, then the software either has bugs or has been tampered with (or there are forged paper ballots, but that's easily countered). Either way, the software can be reviewed by independent computer experts to determine which of three has occurred.

      --
      My blog
    2. Re:e-voting must be as strong as paper by Coryoth · · Score: 2, Insightful

      * Open specifications
      * validation and verification of all equipment and procedures concerning the vote

      In practice, this means the voting hardware and software must be open to public inspection. The same goes for the procedures used by voting officials. I would go even further and demand that both an English language and a formal specification that are open. That way you can validate the formal speciifcation against the English language version, and you can formally verify software code against the formal specification. There are plenty of independent systems that would allow such formal verification of code to be done, and machine checked. Sure, this requires more work to write a formal specification and to write code that can be verified against it... but if there was any case where you would want to be able to do full machine assisted verification of code against a specification rather than just eyeballing it and hoping you catch the errors, electronic voting would be it!
      --
      Craft Beer Programming T-shirts
  5. Funny thing by WindBourne · · Score: 5, Insightful

    is that we seem to keep learning and re-learning that lesson. Back in the 1960 election, there was a lot of evidence that indicated that kennedy won chicago by having the dems cheat. Many systems were put in place to prevent that cheating. Now, with the new current system, the evidence is even more overwhelming and yet, we are back to trying to prevent cheating. In particular, it appears that Ohio, Florida, and even texas had massive amounts of voter fraud during the last couple of elections. I guess that our society will be doomed to re-living the same problems over and over as long as we have politicians like rove ( and the dem == before).

    --
    I prefer the "u" in honour as it seems to be missing these days.
  6. Re:Yet another CA standard... by One+Louder · · Score: 2, Insightful

    It's a shame you never saw any part of California besides Los Angeles.

  7. Re:Yet another CA standard... by gurps_npc · · Score: 2, Insightful
    Detroit and Japan continue to make cars that do not meet California emissions tests.

    The fact that you bought such a care tells me that you looked at the cars that did not meet the California emissions tests and said "No thank you".

    What probably happened is that the majority of the people in the country with needs similar to yours thought that cars should meet California's tests. The few people that did not want the cleaner cars had different needs then you did.

    You don't have a beef with California, you have a beef with the majority of AMERICAN citizens. And you personally were still offered a choice to pick another car, but decided not to.

    Why don't you stop blaming California, and start taking responsibility for your own actions

    --
    excitingthingstodo.blogspot.com
  8. Re:Yet another CA standard... by drinkypoo · · Score: 2, Insightful

    My car has "California" emissions and I live in Connecticut. This is just one example of how California mandates things for the rest of the country.

    Interestingly, I can purchase a car in Connecticut, drive it to California, register it, and pass a smog check.

    Vehicles with California emissions and vehicles without are smogged to different specifications, even here in California.

    The restriction only requires new cars sold in California to conform to different standards.

    In California, they make you label everything, including restaurants, informing you that your food might cause cancer. Then they all go outside and breathe air they can see.

    I live in a county which has spectacularly good air quality, and it happens to be within California.

    The worst air quality that I'm aware of in the US is in Houston.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  9. What we need is a slot machine... by Anonymous Coward · · Score: 4, Insightful

    Any electronic voting machines should be regulated to at least the same level as a slot machine. But for some reason we apparently believe that handling the $20 dollars we want to gamble in a casino is more important than the results of an election.

    A casino would never field a slot machine (even a 1c machine) that was as insecure as a Diebold voting machine.

    The security model for a slot machine is rock solid. The hardware and software (source included) must be submitted and approved by each jurisdiction. The security model ensures that if even one bit in the software has been corrupted, the machine ceases to function. The cash-in and payout of each machine is redundantly logged. The machines are completely power tolerant, meaning you can cut the power at any time; when the power is restored the machine will come back up in exactly the same state that it was in before power loss. The machine can print tickets (for a paper trail), as well as talk securely over a network.

    Basically, all the requirements we'd like to see in a voting machine are the same that a slot machine already conforms to. There's no reason to re-invent the wheel here, most of the work has already been done.

  10. Re:Yet another CA standard... by fredrated · · Score: 2, Insightful

    Born and raised in Cal, yeah, there are 'kooks' for politicians sometimes, but these kooks are like 'let's see if we can make people happier by making their food less poisonous' as opposed to the kooks that think things like 'let's not tell people the air at ground zero is poisonous because then bin Laden will be even more satisfied with the results'.

    We'll keep our kooks, you keep yours and we will both be happy. I hope.

  11. Treason by loftling · · Score: 3, Insightful

    I think that attorneys for the government should be able to demand to see source code for all the machines already deployed. If source cannot be produced (or it does not compile to the same machine code present on the voting machines) then those responsible should be rounded up and tried for treason. Seriously: at no point should *anything* related to how these machines tally votes have been regarded as a secret: that's simply not how voting works in the US.

    I believe that California shouldn't have to demand transparency, I think that we citizens have implicitly expected transparency all along.

    Donate to the Open Voting Consortium, they've been working with Debra Bowen and many others to fix the system.

    --
    don't panic-- clowns can smell fear.
  12. Re:As much as I dislike CA.... by neomunk · · Score: 2, Insightful

    That's not CA setting the emissions standard for your state, it's the auto companies deciding that the economy of scale on the changes that need to be made are a greater benefit to the bottom line if applied to the whole production line than either a) not selling cars in CA or b) setting up a separate production line for CA specific autos. CA has every right to set emission standards for their own state, and the auto companies have every right to deal with those standards in any way legal.

    Your post (to me at least) smacks of bashing those damn hippies without saying so directly. If you're really pissed about the situation, place the blame on the car companies, where it belongs.

    And this is again making an assumption, but you seem to be pissed that programmers are gonna be pouring over this code. WTF? Do you really think that this is some big negative inconvenience, or is it just west coast bashing? I just don't see the problem.

  13. Re:Good idea by RingDev · · Score: 2, Insightful

    check to make sure the code works as intended.

    The next step would be to check and make sure that the intention the code works with is the intention the people desire.

    -Rick

    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
  14. They'll "study the software inside the machines"? by roystgnr · · Score: 2, Insightful

    I suspect they'll really study software outside the machines, code which the manufacturer swears is the same as the software inside the machines, cross his heart. That's still an improvement over the current situation, but it's not good enough for democracy. If a computer is turning your ballot into a microscopic electromagnetic pattern rather than a human-readable printout, you simply can't be certain that your vote was counted. Software audits may make election hacking more difficult, but they'll never make it impossible.

  15. Re:Good idea by Coryoth · · Score: 3, Insightful

    The next step would be to check and make sure that the intention the code works with is the intention the people desire. And this is why formal specification should be used. It provides a middle tier between implementation code, and English language specification. Verifying that the code properly implements the formal specification can be done programatically and independently quite easily. In turn, validating the formal specification, by comparing it to the peoples desires in terms of a English language set of requirements is easier than trying to compare coed to the requirements, since it is only intentions that are formally defined, with no issues of implementation to complicate the matter. Stating your intentions in an unambiguous way, via formal specification, ought to be an obvious first step for anything where the need for assurance is as high as it with electronic voting.
    --
    Craft Beer Programming T-shirts
  16. Re:Pre-Hacking by mOdQuArK! · · Score: 3, Insightful

    Well, it'll cost the taxpayers a fair bit to do that kind of testing properly - looking at it that way, you'll get a dollar value of how much the taxpayers think a corruption-resistant democracy is worth!

  17. Re:They'll "study the software inside the machines by PPH · · Score: 2, Insightful
    That's the same conundrum presented by Microsoft's 'open source' model. They'll let you look at something which they claim is thew same as what you are running on your system. But if you can't do a clean build, you can't be sure the two are really the same.

    This situation is unacceptable in critical systems' embedded software. Not only is the source subject to audit, but the entire compilation and installation process is as well.

    --
    Have gnu, will travel.
  18. That doesn't quite fit my definition of "simple" by achurch · · Score: 2, Insightful

    Heck, I think even _I_ could design such a system:

    [8(!) steps and commentary elided]

    Or am I over looking something here...?

    Perhaps you might not have heard the story of the king and the toaster?

    This may not be quite that bad, but the point still stands: Don't use more technology than is needed to solve the problem. In this case, it's much simpler than you suggest:

    1. Election supervisor checks that voter is authorized to vote.
    2. Voter takes pen and paper ballot.
    3. Voter writes candidate's name on paper.
    4. Voter deposits ballot in box.

    In fact, if you were clever you could even combine steps 1 and 4, saving a line at the supervisor's table.

    Oh, and don't give the voter a copy to take home, unless you want supporters for the "wrong" party to start getting their pillows replaced by severed horse heads. "I've got a very good deal for you, and all it needs from you is one little piece of paper . . ."

  19. Re:Shouldn't this be obvious ? by Dragonslicer · · Score: 2, Insightful

    the machines' output decide the faiths of millions
    I think that may be the eeriest typo I've seen in a long time.
  20. Re:This should be so simple... by Manchot · · Score: 2, Insightful

    Even relatively sane, simple mandates like checking for a valid ID at the poling station get shut down.

    Those laws are often struck down as unconstitutional, and for good reason. If you are an American citizen who doesn't have an ID (which you cannot constitutionally be required to own as a direct result of our right to privacy), you should still be able to vote. More practically, from a statistical viewpoint, people with lower incomes and the elderly are surprisingly likely to not have IDs. You might say, "Well, if they want to be able to vote, they need an ID," but if voting laws disenfranchise even one person who has done nothing wrong, they have already gone too far.