Slashdot Mirror
California to Start Review of Voting Machines
An anonymous reader writes "California Secretary of State Debra Bowen just announced details about the previously discussed 'top-to-bottom review' of almost all voting and counting systems used in the state. The team features big names in e-voting security: David Wagner, Matt Bishop, Ed Felten, Matt Blaze, and Harri Hursti, among others. Vendors have time to submit their machines including documentation and source code until July 1st or face severe restrictions, including decertification, for the 2008 elections. Scheduled to start next week, the review will include a red-team attack and going through the source code."
...But it's about time that electronic voting machines were beta-tested!
Well, back to rejecting software patent applications.
Ohio and Florida are the states that are most likely to have been rigged before,
and are certainly candidates for rigging in the future.
The last 2 elections were the beta.
"There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy."
This sounds promising. Is Debra Browen generally respected in her role?
Ballot materials are "delivered" without proof. Even the moment to cast a ballot should be a postal duty. So-far, they can't say if mail was delivered or not when using the non-stamped commercial mail-meter rate. Every certified mail delivery of a vote from a person should be counted once by the postal Clerk in Record of the Direct Treasury Account. A network would facilitate a real-time audit of the vote; emphasizing between the debt to cast a vote in one's favor in valuation of their debt: a citizen-subject as opposed to a Citizen, not confused with a denizen or a national.
How will the state ensure that these machines will be identical to those used on election day? Will random voting machines be checked with similar precision during the elections, or what guarantee do we have that these machines will not have been tampered with through "enhanced" source code? I had a glimpse at the FAQ but could not find any information on this, perhaps someone has some pointers?
For this same reason, Consumer Reports and other reviewers buy products anonymously from stores instead of receiving them from vendors, due to previous cases in which the process (such as that intended with the voting machine review) has been taken advantage of.
parasight.de
Voting machines provide no advantage, other than obfuscation of possible/probable tampering and errors. Code reviews are a waste of time. Bring back paper. Non-tangible bit-flipping to register votes will never be sufficiently accountable.
At VERY minimum, institute scantron (filled in boxes on paper) voting.
If it's anything like other betas I've been involved in, it won't ever actually stop being beta, they'll just release it and patch it for the rest of eternity.
When they are used in the 2008 election, will the code they are running match the audited source code?
Other states could benefit from California doing this as well. Just like cars all over the US are manufactured, in the most part, to CA specifications and tolerances to serve it's huge market, so too could this result in (hopefully) well tested machines being available to all the other states.
...now introducing ballot V1.0, with enhanced security!
I don't see anything in the reiew draft or FAQ about voter-confirmable human-readable records (paper ballots, tapes, or other human-readable media). If there is a printed human-countable ballot that the voter can visually confirm was correct and saved then the possibility of electronic fraud is minimized.
select * from guilable_chumps where first_name='John' and last_name='Connor';
We are all just people.
Link
You are being MICROattacked, from various angles, in a SOFT manner.
.... "attack" is strangley appropriate for this scenario.
There is a war going on for your mind.
Voting machines provide no advantage
Electronic voting machines are in virtually every way superior to paper voting machines.
They prevent you from accidentally submitting an invalid ballot.
They can be updated with a correct ballot much easier than actually printing ballots.
They can more easily accommodate voting by the disabled.
They can randomly display the list of candidates, eliminating the 'first ballot position' advantage.
What does NOT have many advantages, and has several disadvantages, is electronic vote-STORING machines. We definitely don't want any of those. But as long as the voting machine kicks out a voter-readable paper ballot, we don't really even need to know the software it's running. Anything nefarious will be obvious on the ballots.
paintball
Anyone know what the rules for freedom of information apply here? Could these rules be used to examine the source code for flaws?
My little Linux and tech blog
I appreciate California's effort to verify that their electronic voting machines work. I have developed an economic process for certifying electronic voting machines.
1) Determine if the voting machine produces a voter-readable, paper ballot.
2) Determine if this ballot is the OFFICIAL voting record.
3) If 1 and 2 are true, then the machine is good. If not, it's not.
There you go. Why do people insist on making easy problems hard?
paintball
Where should we have been sending the bug reports? :-)
Get in line and dance about it.
Yes, you are!
There is no need to see the source code for this software.
/.ers like to equate secure voting machines with open source. I like open source, but trying to inject it in this issue is foolish. It is irrelevant whether the voting machine uses open source software. Either it meets the spec, or it doesn't.
There is only one specification for a secure voting machine, and it is easy to test. There is no need to see the source code. If the machine meets the spec, it is a secure voting machine. Otherwise, it is not, and should not be certified.
Here is the specification:
1. The voter votes on the machine.
2. The machine prints out a ballot.
3. The voter checks the ballot for accuracy, then deposits it in the ballot box.
4. Ballots in the box are tallied for the official vote count.
Simple, easy, secure, reliable, and recountable. There is no need to see any source code.
A voting machine which doesn't meet this spec is not secure. It doesn't matter how many times you check the source, the machine will still not be secure. An "open source" voting machine which does not meet this spec is not secure.
If you had super powers, would you use them for good, or for awesome?
It's the paper output that is counted.
If you are willing to accept a scantron with votes as a ballot, there's no logical reason not to accept a sheet printed by an electronic voting machine as a ballot. The only difference is that one is filled out with a pen and one is filled out with a fancy typewriter.
paintball
...that Diebold will sue California because their auditing procedures do not give an inherent advantage to awful machines, and clearly Diebold's machines are required in any electronic election [see Massachusetts for details].
"All you need is ignorance and confidence; then success is sure." -- Mark Twain
All I have to say is Vote By Mail. Yep, it kicks ass. Easy, fast, and efficient. Every State in the Union should do Vote By Mail.
Why does everyone insist that there are no problems with paper? Granted current electronic methods are awful... But part of the reason that paper is so vulnerable is because it gives everyone this false feeling that their vote is "real." The fact is it is just as easy to stuff paper ballots as to change digital votes, and it is just as easy (or easier) to "loose" and "miscount" paper ballots. The best bet for a secure election where all votes are counted (and no extras are counted either) is an open system using strong cryptographic principals to ensure auditability an vote verification. Lucky for all of us, several such systems exist... but none of them (that I know of) are being used for public elections (a few are used for university elections in the places where they are researched.)
FOIA requires access to public records. It's possible that source code could be defined as a public "record," though it might be stretching the definition. "Records" are defined as tangible documents, which could certainly include computer files, but it seems to me that the govt would argue that voting documents and results are "records," but source code is part of the process by which the records were created rather than the records themselves. Besides, wouldn't this open up all source code used by federal agencies, including MS Word, assuming they use that to generate documents that are "records"?
Another problem is that the law only applies to federal agencies, though states may have their own laws that require similar public access. Since voting machines and procedures are the responsibility of state governments, the federal legislation wouldn't apply.
Frankly, I think we need new federal legislation here.
It'll be a while before we see decent machines in play. It's a good start for my new home state!
Policy
Hmm. One could almost do this with a piece of paper!
If only there was a way to mark a piece of paper with the candidate's names and then have a box next to each!
And perhaps some sort of paper marking implement to be given to the voter such that they may indicate their choice...
I fear such technology may be beyond us.
Even the state vs. federal thing aside (as I suspect these machines are used in states that have similar laws to the FOIA), they are made by contractors, not the government itself, so that's a big sticking point. And then of course you'll have them claiming trade secrets etc etc and everything under the sun they can thing of to avoid opening the code, and it's in no way painless or quick any way you look at it.
Relax I just want some peanuts.
I'm tired of voting machine stories. I don't think anybody is actually doing anything except providing lip service because it's deja vu all over again. I think the term "review" is open to review.
sorry to respond to my own comment, but I remembered something else. FOIA contains exemptions for trade secrets, which generally applies to confidential financial or commercial information, but there is no doubt that it could apply to source code as well. State FOI laws also most likely contain a similar exemption. You actually want this exemption, of course, so that records related to government contracts or agency oversight are not available to the public (you want business confidence, for example, that their trade secrets won't be compromised if they work with government organizations), but, as far as source code goes, I would support separate legislation requiring open source software in certain critical areas like voting machines.
Many CA standards are just more restrictive than other states', and so the CA standard becomes the de facto national standard. Fire retardant clothing might be an example, if I recall. Emissions of various products as well, though for autos the cost is so high that there are CA-only versions and the 'rest of the nation'.
But if CA did a good job here, I doubt many states would try to re-invent this.
In Maine, we had a mix of optical scan and punch ballot systems, and plenty of small towns used pencil and counted hand. Not a lot of trouble, except for the poor blighter that lost something like 26-0. Yeah, he didn't even vote for himself. Oh, and the ties. By Maine law, ties for state office are settled by coin toss. Yup. I dunno about federal seats. We had a few over the years.
Now I live in Arizona. We have this pathological aversion to even asking if voters are CITIZENS... Prop 200 makes you give at least minimal indentification, like a drivers license, or some utility bills and such. You don't even need to speak English. Of course, my Democrat friends claim there is just no voter fraud occurring, this is waste of time, insult to legal voters, bla bla bla. My Republican friends claim illegals, fraud, nobody knows, bla bla bla. Me? I got a license, even my sealed birth certificate. I just have to deal with them changing my poll location every election...
ps- Electronic voting is wrong. Don't do it. Even a paper receipt is a waste of time. Just mark your ballot, scan it, save them for a bit, and recount where ya need to. electronic voting is an invitation, no, an imperative for fraud. It will happen. Just say no. And either party will do it, if for no other reason than "the other side is ALREADY doing it!!!".
A pox on both their houses.
deleting the extra space after periods so i can stay relevant, yeah.
Why would you assume that qualfied voters are capable of making proper, verifiable marks on said piece of paper?
What if they are blind or without hands? Are such voters to be disenfranchised or reliant on helpers?
What if they are of such limited capabilities that they cannot understand the instructions, such as the Florida November 2000 voters could not understand how to punch out cards to vote? Are such people to be disenfranchised?
All a paper ballot is is a test for the voter and we threw out poll tests years ago. You can now be as dumb as a box of rocks and still vote. You may not understand the candidates message, but you can vote. You may not understand how to put marks on a ballot so it can be unambigously counted, but you can vote.
So all the machines cater for the blind too?
And are able to be operated by people with no hands?
Yah, right. If there are specialised machines for that now then keep 'em, everyone else can put a tick in a box. It's even simpler than punch cards. You use a pen and put a tick in the big black box.
If you can't put a tick in a box because you're too dumb then you shouldn't be breathing, let alone voting.
Sure. It's far better to force a small percentage of the population to rely on a person of their choice that they trust than it is to require everyone to rely on machines that are inherently untrustworthy.
If people are that incompetent, why would you expect them to be able to operate a computerized voting machine? Not that they're a legitmate problem for paper ballots; - they can be treated just like any other handicapped person who needs an assistant to vote.
-- The act of censorship is always worse than whatever is being censored. Always.
Personally, I could not care less whether the voting happens on paper or a computer. I just want the data to be entered into the machine before I leave, and I want a piece of paper in a box that is both human and machine readable. I then want anyone who wants to audit the election to be able to go to the paper vote's storage location to run the paper through their own machine. Heck, people should be able to sign up to run the human-machine readable paper immediately after the polls close. Then their should be real penalties to the voting machine manufacturers if the numbers don't match what is on the paper.
Apparently if you press "up up down down left right left right B A Select Start", you can actually vote in one of Hell's minions.
If I have seen further it is by stealing the Intellectual Property of giants.
I'm not big on voting machines, but if we're going to have them, they should be open.
This guy (Alan Dechert) is active in CA and needs your help. I've ponied up some dough; please join me.
He's speaking at the Red Hat Summit today!
Simple Unexpected Concrete Credible Emotional Stories
In Canada we use hand counted pen and paper ballots and the results make the 11 o'clock news. I don't see why the US can't do the same. It's not like vote counting is a serial process. It can be parallelized extremely well.
Um, how would we divert millions of dollars in taxpayer money to our cronies in the electronic-voting industry under this plan?
Unless those are special, patented, electronic pens, which only write in invisible ink that can only be displayed with a special reader, I don't think that plan will ever fly here.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Why is it that generally the Dems seem against electronic voting and republicans for it? Or am I wrong in this assumption?
Is it because the companies that make the current crop of machines are somehow perceived (or in actuality) in the pocket of the Republicans?
...the help america vote act, slangly called the motor voter act, had the feds dangle millions in front of the states to get them to "update" to "efficient" computerized voting. Bureaucracies being bureaucracies, getting money back from the feds (after having it stolen in the first place then 50% skimmed in the district of criminals) is too good to pass up, so they did it. They got *conned* and coerced and strong armed into the most massive hack the vote scam ever. This was on purpose for the purpose of making it easy to steal entire huge elections-and they clean got away with it. It was part of the ongoing coup d'etat.
They do it in all sorts of things, say public education. Want money for your district? Broke? Mysteriously swamped with illegals and all their kids and now you need a few new public schools, but the tax base isn't sufficient? Swell, joe fed to the rescue! Here it is, oh, BTW, here are all the strings attached if you want the scratch (said strings resulting in the US now being way down the list in public education, for the on purpose reason of growing a nation of willing serfs and mouth breathing order followers. All part of the long range fascist plans. If you look at the gestalt, the big picture,. it really starts to make sense. Not only are they crooks, but they are the crooks, murderers and thugs *in charge* and they have their "shock and awe" drone mercenaries to backup their power plays now.
The only thing you'll see (I'll predict) out of the feds are further requirements to standardize on bogus computerized voting, and nothing california will do as a state is going to stop it, the sheer money and power that can be accrued by owning the government of the US is just too vast a sum, even california's clout is insufficient to counter it. They are toast without the hackable vote in other words, so don't expect it to go away easily. And they use the media to help things along, notice only the hand picked CFR type candidates get any press. Look at the first R "debates". by all real numbers and opinion polls, Ron Paul won that debate hands down. See much in the media about it, or just the same McLame, the god father from NYC, and the kook from taxachusetts being touted in the press? The big media is totally compromised, and they have been part of the great vote hijack scam coverup as well. I mean, how could anyone NOT see the last three big votes have all been hacked?
but it is exactly correct. Refreshing to see another student of history here.
CA legislation authored by my boss, Assemblymember Paul Krekorian (D-Burbank) will require all new voting systems to have source code disclosed on the website of the Secretary of State. Already certified machines will have to have their source disclosed by 2012.
n umber=ab_852&sess=CUR&house=B&author=krekorian
The bill is AB 852 (the Secure, Accurate, Fair Elections [SAFE] Act of 2007) and CA residents are urged to contact their state legislators and ask for their support for the bill!
http://www.leginfo.ca.gov/cgi-bin/postquery?bill_
Additionally, I appreciate and agree with the sentiment that the paper record of the electronic machines should be the ballot of record (as does the assemblymember), but the goal of the bill is to allow sunlight on the democratic process and ensure the security of the voting process at all levels. Thanks slashdotters!
If you expose voter fraud, then you become a hero. And everybody wants a hero for president.
I wonder how this game of Illuminati will play out? I wonder if it even matters at this point, what with the sky starting to fall and all that.
-FL
.
:-).
The problem lies in authenticating the ballots, and ensuring the counting is done properly as well. The postal system has multiple points of failure, for example "lost" post from certain demographics - a technique apparently used in the US elections to control the results in some states. Works better by mail, I guess, all you need is to control the sorting..
So, maybe you need to revise the Ohio results too?
Not a problem, just send me the results when you're done. By post
Insert
...your publishing of voting machine code protected by trade secret may be a felony. Please report to your nearest U.S.A.G.
--- Attorneys Assisting Citizen-Soldiers & Families -
There are ways to encourage voter participation without breaking anonymity.
c ompulsory.shtml
a /compulsoryvote.htm
In Australia, all citizens who are eligible to vote must attend a polling place on election day. Anyone who doesn't vote is fined (unless they have a sufficient reason, like illness or injury). Apparently several other countries do the same.
Ref: http://www.australianpolitics.com/voting/systems/
This web page:
http://geography.about.com/od/politicalgeography/
has a discussion of some of the pros and cons of such a system.
Actually we do this in LA. (I can't vouch for other counties.) Though we don't wholesale use TEVs for the general election (Imagine putting TEVs in 5,000 precincts.) we do have roughly 12 locations for early and same day voting using the TEV machines. Yes, they're supplied by Diebold and run the sucky WinCE OS.
...twice.
In any case: As part of the process, each TEV has a printer. At the beginning of the voting period, the election official has to run a "zero-report" showing the machine has zero votes cast. The official has to sign off on the report paper that it is valid. This report printout is put in the same locked bag as other critical election materials. At the end of the voting period, the machines are put through a Logic and Accuracy test showing that the number of votes cast are equal to the interior counter after the zero report.
We further take 1% of the machines and run a hand count of the paper printouts to verify they match the number of votes cast inside the machines.
So far, there's been no issues. I've voted twice on these machines and somewhat like them.
Oh, and let's not forget the very expensive serialized security tape we put over all potential openings in the machines to prevent fraudulent access to the devices' guts.
Between these and the precinct ballot readers used to validate each voter's paper ballot before submission (for readability and over/undervotes) I'd say we've got a good handle on things.
We'd better - we've got an election every two weeks for the next few months and three major elections in '08 - February, June and November. We can't politically afford a screw up like Florida had...
The Kai's Semi-Updated Website Thingy
If you can't put a tick in a box because you're too dumb then you shouldn't be breathing, let alone voting.
You don't understand the problem.
The problem isn't the voters. If all we had to do was throw out the ballots of people who couldn't check boxes correctly, we'd be in good shape. But that's not the case.
The problem is the counters.
Who decides what counts as a ticked box and what doesn't?
Scantrons, checked boxes, punch cards, etc, are not yes/no mediums. They are open to INTERPRETATION. And when you have a close election, the last thing you want is interpretation. That's why we had all those lawsuits in Florida in 2000 - Republicans wanted as many ballots counted as possible in Republican counties and as few ballots counted as possible in Democratic counties, and vice versa. It's all about the 'hanging chads'.
paintball
And if you have any responsibility for the election process, you should be fired.
Guaranteeing that the number of votes cast matches the number of votes in the machine DOES NOT GUARANTEE THAT THE NUMBER OF VOTES CAST FOR EACH CANDIDATE MATCH THE NUMBER OF VOTES RECORDED!
Putting yellow tape around a machine does not do a damn thing to guarantee that the software running in the machine is legitimate.
That machine could have software in it that worked fine during any testing phase, then on election day took votes for Candidate A and instead recorded them for Candidate B, and you would never know - every single one of your 'checks' would pass, and you'd think nothing was wrong.
You fail. Horribly. And it's people like you, who have no idea what you are doing, that are going to ruin the validity of elections for the rest of us.
paintball
Um, no. You are correct. However, that is what the aforementioned L&A tests are for. You insert a ballot, vote a known number of times and check the results. You then lather, rinse, repeat.
Putting yellow tape around a machine does not do a damn thing to guarantee that the software running in the machine is legitimate. Actually the tape is slightly black and metallic with serial numbers imprinted. Oh, and yes it does guarantee the software running is legit. I don't know if you've ever written software, so please bear with me. When you run software on a computer (which is what these machines are) you tell the computer explicitly what to do. The computer cannot think and only does what the software tells it. If you have run the logic and accuracy tests you know what the software does. The only way to make the software do something different is to add instructions or otherwise modify the program. The election conspiracy terrorists have shown us how to do this by gaining access to the flash drives on the machines. Putting the tape over the machines and tracking that tape prevents access.Oh, and these machines do not have wifi.
That machine could have software in it that worked fine during any testing phase, then on election day took votes for Candidate A and instead recorded them for Candidate B, and you would never know - every single one of your 'checks' would pass, and you'd think nothing was wrong.Using this same logic, you could say that any computer program written in the past fifty years would suddenly change course in the middle of running. Sorry not going to happen. A software program works the exact same way every time. You think banks would allow ATMs to dispense money if they weren't 100% certain the machines would work exactly as in testing? (Keep in mind many of these ATM machines are made by Diebold.)
You fail. Horribly. And it's people like you, who have no idea what you are doing, that are going to ruin the validity of elections for the rest of us.Well, then. Next time tell us all how you REALLY feel. Don't hold back!
Seriously: The use of TEV's and the potential for some amount of vote fraud is extremely insignificant compared to the abuse of campaign finance laws, the effect of PAC's, the influence of the parties and the general apathy of the average voter. In my opinion - and this is why I think BBV kicked me off - election terrorists like you do more harm by spreading FUD than any single election official could do in their wildest dreams. Thanks to you and your ilk, we have been inundated with propaganda about how such-and-such official is stealing elections and how we need to be verifying every vote and how we need to be on top of everything. Well, thanks to my tax dollars, we are doing what we can. If you notice - the Federal Government has been reviewing fraud cases in several previous elections. They've found something like sixty out of several million potential cases. I'd say that shows how hard the various elections offices throughout the country are working on ensuring your vote is correctly counted and accounted for.
The Kai's Semi-Updated Website Thingy
Most of Los Angeles County(where I live - sigh) uses this system instead of computers:
.001% margin for error in local elections at most, even after recounts.(local election of 100K+ votes - recount essentially came down to the provisional ones. This method had maybe a dozen votes change out of 100K+)
http://www.inkavote.com/
It's accurate, inexpensive, and likely what the state will switch to if the E-Voting machines fail. There are card readers as well to make it easier to count, but the paper trail/cards are kept as well. Basically foolproof - with maybe a
http://www.ilts.com/news_3.htm
E-Voting is dead. Old-school technology is better. I'd actually suspect someone of purposely trying to rig an election if they tried to replace a system like this with touch-screen models.
You have BIG, seperate boxes. You put a notice up saying "If your mark strays into more than one box your vote is void".
Thats it.