Slashdot Mirror
California to Start Review of Voting Machines
An anonymous reader writes "California Secretary of State Debra Bowen just announced details about the previously discussed 'top-to-bottom review' of almost all voting and counting systems used in the state. The team features big names in e-voting security: David Wagner, Matt Bishop, Ed Felten, Matt Blaze, and Harri Hursti, among others. Vendors have time to submit their machines including documentation and source code until July 1st or face severe restrictions, including decertification, for the 2008 elections. Scheduled to start next week, the review will include a red-team attack and going through the source code."
Ballot materials are "delivered" without proof. Even the moment to cast a ballot should be a postal duty. So-far, they can't say if mail was delivered or not when using the non-stamped commercial mail-meter rate. Every certified mail delivery of a vote from a person should be counted once by the postal Clerk in Record of the Direct Treasury Account. A network would facilitate a real-time audit of the vote; emphasizing between the debt to cast a vote in one's favor in valuation of their debt: a citizen-subject as opposed to a Citizen, not confused with a denizen or a national.
How will the state ensure that these machines will be identical to those used on election day? Will random voting machines be checked with similar precision during the elections, or what guarantee do we have that these machines will not have been tampered with through "enhanced" source code? I had a glimpse at the FAQ but could not find any information on this, perhaps someone has some pointers?
For this same reason, Consumer Reports and other reviewers buy products anonymously from stores instead of receiving them from vendors, due to previous cases in which the process (such as that intended with the voting machine review) has been taken advantage of.
parasight.de
Anyone know what the rules for freedom of information apply here? Could these rules be used to examine the source code for flaws?
My little Linux and tech blog
If they pull out of California because of that, they may as well just quit the election systems game altogether. It's the largest market, and more importantly, when California does significant things, other states very often follow its lead, for better or worse.
Not, mind you, that I'm saying it's a bad thing for Diebold to get out of the market. (Which it's been reported they're considering doing anyway.) Don't let the door hit your ass on the way out, I say to them.
You can make a very nice vote-printing machine (rather than a vote-counting) machine, with all kinds of standards to make sure the questions are easy to read (or hear), that the answer that you put down is actually associated with the question that is on the screen, and that you can only put down ONE answer per voting question.
The resultant ballot sheet should contain a list of the items that you voted on, with your answer easily readable next to each item (using a machine AND voter-readable font, since having a separate machine-readable code would make the voter-verification worthless).
If anything looks fishy, the voter tosses the ballot into the shredder & gets a new blank one.
Manual recounts would be a helluva lot easier (no hanging chads, no wondering what a stray mark covering two ovals means, etc).
As the grandparent says, there's quite a few benefits that are possible by designing a solid system for printing votes, but using the computers to count the votes is really problematic.
Actually, it is inherently impossible for the security properties that matter most for a voting system. Specifically, every voter needs to be able to understand the security of voting process well enough that they can recognize attempts at voting fraud. That's a property that paper ballots that go in ballot boxes can easily have, but is strictly impossible for software installed on a computer.
Consider a 62 year old florist named Mary who has decided to volunteer as an election observer. As the polling station is set up, she verifies that the ballot box is empty. As each voter votes, she makes sure they vote privately in the booth. She can watch as exactly one ballot is added to the ballot box per voter, and no one messes with it otherwise. When the election day is over, she walks/rides with the ballot box to where the votes will be counted. After observing the counting, Mary *knows* that the election was run securely.
Now consider Mary trying to observe an election run with direct-recording electronic voting machines. She can't even accomplish the "verify that the ballot box is empty" step, much less witness that each voter votes only once and doesn't tamper with the vote counts. Hell, I'm in the third year of my Computer Science degree and I couldn't observe a polling station and determine if fraud had occurred there with machines like that. There's just no way to see that what's happening in the machine is what is supposed to be happening.
Sure, we could come up with some mathematically / cryptographically correct secure voting protocol. We could build hardware from scratch that can be visually authenticated somehow. We can publicly publish software source code that has been thoroughly audited for bugs and security holes. We can come up with a mechanism to allow voters to verify that the correct software is running on the machines. With all that, someone with a masters degree in computer security would be able to observer a polling station and personally know that the election there had been run correctly.
Today's direct recording systems are impossible to trust. With years of engineering effort, we could build systems that experts could trust. Or... we could maintain the basic principle of democratic equality and use a system that *everyone* can understand well enough to personally trust.
-- The act of censorship is always worse than whatever is being censored. Always.
Machine counting of votes is also sketchy. The big controversies in the 2004 election weren't about direct-recording machines, they were about the automated ballot counting machines. Unless you have a policy in place to require that the paper ballots be retained after scanning (rather than being destroyed) and a way to force a manual recount if *anyone* suspects machine tampering, you really haven't gained anything.
Someone on Slashdot once suggested separating ballot sorting from ballot counting. Put the ballots in a sorting machine and then use a dumb counting machine to count the sorted stacks. That's a much better plan (as long as the counter checks the stack to verify that it's sorted).
-- The act of censorship is always worse than whatever is being censored. Always.