Slashdot Mirror

← Back to Stories (view on slashdot.org)

California to Start Review of Voting Machines

Posted by ScuttleMonkey on from the nitty-gritty dept.

An anonymous reader writes "California Secretary of State Debra Bowen just announced details about the previously discussed 'top-to-bottom review' of almost all voting and counting systems used in the state. The team features big names in e-voting security: David Wagner, Matt Bishop, Ed Felten, Matt Blaze, and Harri Hursti, among others. Vendors have time to submit their machines including documentation and source code until July 1st or face severe restrictions, including decertification, for the 2008 elections. Scheduled to start next week, the review will include a red-team attack and going through the source code."

11 of 154 comments (clear)

  1. Chuck the Lot by glomph · · Score: 2, Insightful

    Voting machines provide no advantage, other than obfuscation of possible/probable tampering and errors. Code reviews are a waste of time. Bring back paper. Non-tangible bit-flipping to register votes will never be sufficiently accountable.

    At VERY minimum, institute scantron (filled in boxes on paper) voting.

    1. Re:Chuck the Lot by insanecarbonbasedlif · · Score: 2, Insightful

      Paper ballots can be manipulated easily as well. It's just a different set of problems.

      I don't want to waste my time writing down possibilities that are going to be ignored, so anybody who's curious can just use their imagination on how to defraud a paper ballot based system.

      Electronic voting can be secured as much as modern paper ballots - it's not inherently impossible.

      --
      Just because I doubt myself does not mean I find your position compelling.
    2. Re:Chuck the Lot by raehl · · Score: 3, Insightful

      What we have is a case of a good idea implemented very poorly. Honestly something as simple as connecting a drivers license number and name to each ballot would vastly increase accountability and how reviewable an election would be. It's a good idea in need of a huge makeover.

      It would also entirely destroy the concept of an anonymous voting system. One of the important parts of voting is knowing the winning candidate won't be able to track down anyone who didn't vote for them.

      --
      paintball
    3. Re:Chuck the Lot by mmurphy000 · · Score: 2, Insightful

      One of the important parts of voting is knowing the winning candidate won't be able to track down anyone who didn't vote for them.

      To quote from the xDebate wiki:

      The "politically incorrect" answer is that society should work on fixing the root causes. Anonymity in elections is primarily an issue because of potential retaliation if somebody doesn't vote as they "should" (e.g., loses job, loses limb). The cost of anonymity in elections is in the social aspects of public participation — without visible social pressure from peers to participate in elections, you're left with only broad-brush social norms to try to fend off a "tragedy of the commons"-style shirking of participation. This can be seen in the US in the form of generally falling voter turnout, among other symptoms. Society needs to consider whether the cure (anonymity) is worse than the disease (some percentage of "vote buying" in one form or fashion).

      I'm not saying that voter coercion is a good thing, but I think society needs a deeper discussion as to whether anonymous voting is all happiness and puppies. I only ever hear the negative consequences of attributable voting, never any positives. I'm no expert, but I'd sure like the experts to ponder the issue...

      --
      The Busy Coder's Guide to Android Development
  2. Uh, no. by raehl · · Score: 5, Insightful

    Voting machines provide no advantage

    Electronic voting machines are in virtually every way superior to paper voting machines.

    They prevent you from accidentally submitting an invalid ballot.

    They can be updated with a correct ballot much easier than actually printing ballots.

    They can more easily accommodate voting by the disabled.

    They can randomly display the list of candidates, eliminating the 'first ballot position' advantage.

    What does NOT have many advantages, and has several disadvantages, is electronic vote-STORING machines. We definitely don't want any of those. But as long as the voting machine kicks out a voter-readable paper ballot, we don't really even need to know the software it's running. Anything nefarious will be obvious on the ballots.

    --
    paintball
    1. Re:Uh, no. by Kandenshi · · Score: 4, Insightful

      "The day after the election, you best have a paper record saying you voted for my man Mr. McFakename.
      It wouldd be most ... unfortunate if you were to fall down a flight of stairs repeatedly."

      What I'm subtly alluding to is vote buying/intimidation being possible if you take an official record of your voting behaviours home with you.

  3. State of California Read This and Save Millions! by raehl · · Score: 4, Insightful

    I appreciate California's effort to verify that their electronic voting machines work. I have developed an economic process for certifying electronic voting machines.

    1) Determine if the voting machine produces a voter-readable, paper ballot.
    2) Determine if this ballot is the OFFICIAL voting record.
    3) If 1 and 2 are true, then the machine is good. If not, it's not.

    There you go. Why do people insist on making easy problems hard?

    --
    paintball
  4. stupid... by j0nb0y · · Score: 3, Insightful

    There is no need to see the source code for this software.

    There is only one specification for a secure voting machine, and it is easy to test. There is no need to see the source code. If the machine meets the spec, it is a secure voting machine. Otherwise, it is not, and should not be certified.

    Here is the specification:

    1. The voter votes on the machine.
    2. The machine prints out a ballot.
    3. The voter checks the ballot for accuracy, then deposits it in the ballot box.
    4. Ballots in the box are tallied for the official vote count.

    Simple, easy, secure, reliable, and recountable. There is no need to see any source code.

    A voting machine which doesn't meet this spec is not secure. It doesn't matter how many times you check the source, the machine will still not be secure. An "open source" voting machine which does not meet this spec is not secure. /.ers like to equate secure voting machines with open source. I like open source, but trying to inject it in this issue is foolish. It is irrelevant whether the voting machine uses open source software. Either it meets the spec, or it doesn't.

    --
    If you had super powers, would you use them for good, or for awesome?
  5. Paper is not the answer by SoapBox17 · · Score: 0, Insightful

    Why does everyone insist that there are no problems with paper? Granted current electronic methods are awful... But part of the reason that paper is so vulnerable is because it gives everyone this false feeling that their vote is "real." The fact is it is just as easy to stuff paper ballots as to change digital votes, and it is just as easy (or easier) to "loose" and "miscount" paper ballots. The best bet for a secure election where all votes are counted (and no extras are counted either) is an open system using strong cryptographic principals to ensure auditability an vote verification. Lucky for all of us, several such systems exist... but none of them (that I know of) are being used for public elections (a few are used for university elections in the places where they are researched.)

  6. Re:Source code and freedom of information? by Touvan · · Score: 3, Insightful

    Even if you could review the source code, there would still be no way for you to validate that the machines running on election day, are running code that was compiled from the source code you reviewed.

    In other words, you can't look in the machine as see what it's doing.

    Paper trails are useless, since you can't invoke them unless there is a good enough reason to do so (close enough election usually 1% or so - not a big deal really, just set your machines to steal more than 3%).

    At the end of the day, the only difference between hand counted paper ballot voting, and electronic machine counted voting, is how hard the election is to steal. With hand counted paper, you need a lot of individuals all working together, at various levels during the tallying period to do it. With electronic machines, you just need one well positioned operative.

    --
    http://www.unfocus.com/
  7. FOIA doesn't apply by commodoresloat · · Score: 2, Insightful

    FOIA requires access to public records. It's possible that source code could be defined as a public "record," though it might be stretching the definition. "Records" are defined as tangible documents, which could certainly include computer files, but it seems to me that the govt would argue that voting documents and results are "records," but source code is part of the process by which the records were created rather than the records themselves. Besides, wouldn't this open up all source code used by federal agencies, including MS Word, assuming they use that to generate documents that are "records"?

    Another problem is that the law only applies to federal agencies, though states may have their own laws that require similar public access. Since voting machines and procedures are the responsibility of state governments, the federal legislation wouldn't apply.

    Frankly, I think we need new federal legislation here.