California to Start Review of Voting Machines

An anonymous reader writes "California Secretary of State Debra Bowen just announced details about the previously discussed 'top-to-bottom review' of almost all voting and counting systems used in the state. The team features big names in e-voting security: David Wagner, Matt Bishop, Ed Felten, Matt Blaze, and Harri Hursti, among others. Vendors have time to submit their machines including documentation and source code until July 1st or face severe restrictions, including decertification, for the 2008 elections. Scheduled to start next week, the review will include a red-team attack and going through the source code."

Some of these machines have been in use since 2000

[CaptainPatent]

...But it's about time that electronic voting machines were beta-tested!

Re:Some of these machines have been in use since 2

[king-manic]

The last 2 elections were the beta.

California should use Certified mail.

Ballot materials are "delivered" without proof. Even the moment to cast a ballot should be a postal duty. So-far, they can't say if mail was delivered or not when using the non-stamped commercial mail-meter rate. Every certified mail delivery of a vote from a person should be counted once by the postal Clerk in Record of the Direct Treasury Account. A network would facilitate a real-time audit of the vote; emphasizing between the debt to cast a vote in one's favor in valuation of their debt: a citizen-subject as opposed to a Citizen, not confused with a denizen or a national.

Not to sound particularly paranoid, but...

[infestedsenses]

Vendors have time to submit their machines including documentation and source code until July 1st or face severe restrictions, including decertification, for the 2008 elections.

How will the state ensure that these machines will be identical to those used on election day? Will random voting machines be checked with similar precision during the elections, or what guarantee do we have that these machines will not have been tampered with through "enhanced" source code? I had a glimpse at the FAQ but could not find any information on this, perhaps someone has some pointers?

For this same reason, Consumer Reports and other reviewers buy products anonymously from stores instead of receiving them from vendors, due to previous cases in which the process (such as that intended with the voting machine review) has been taken advantage of.

Voting is fun again

[Original+Replica]

Now if we have secure, trustworthy voting (electronic or not) and Maryland's governor gets his way, people might actually feel like their vote means something again.

Maryland Governor Martin O'Malley signed off on legislation [SB 634 materials] Tuesday that will award Maryland's ten votes in the US Electoral College [NARA materials] to the national popular vote winner in presidential elections, instead of the recipient of the most votes in Maryland. The legislation will only take effect, however, if a majority of the states representing the total 538 electoral votes adopt similar laws. The bill's sponsor, state Senator Jamie Raskin, told AP that the move to a popular vote system "will reawaken politics in every part of the country," even Maryland, a state presidential candidates usually sidestep because of the belief that it will always vote for the Democratic candidate.http://jurist.law.pitt.edu/paperchase/20 07/04/maryland-governor-signs-law-changing.php

Uh, no.

[raehl]

Voting machines provide no advantage

Electronic voting machines are in virtually every way superior to paper voting machines.

They prevent you from accidentally submitting an invalid ballot.

They can be updated with a correct ballot much easier than actually printing ballots.

They can more easily accommodate voting by the disabled.

They can randomly display the list of candidates, eliminating the 'first ballot position' advantage.

What does NOT have many advantages, and has several disadvantages, is electronic vote-STORING machines. We definitely don't want any of those. But as long as the voting machine kicks out a voter-readable paper ballot, we don't really even need to know the software it's running. Anything nefarious will be obvious on the ballots.

Re:Uh, no.

[Kandenshi]

"The day after the election, you best have a paper record saying you voted for my man Mr. McFakename.
It wouldd be most ... unfortunate if you were to fall down a flight of stairs repeatedly."

What I'm subtly alluding to is vote buying/intimidation being possible if you take an official record of your voting behaviours home with you.

Re:Uh, no.

[jonnybcivics]

As someone who's done some academic research on voting technology, I'd like to respond.

Electronic voting machines are in virtually every way superior to paper voting machines. Um...

They prevent you from accidentally submitting an invalid ballot. So do precinct count optical scan ballots (i.e. scantron). The way it goes is that you fill out your ballot and then a poll worker scans it through the machine to make sure you have no overvotes or doodles outside of the designated boxes. If you screwed up, your ballot is destroyed and you get a new one and re-vote. This doesn't happen for central count optical scan ballots (where they box them all up and take them to a central location to be scanned) but central count optical scan set-ups are being phased out.

They can be updated with a correct ballot much easier than actually printing ballots. Actually, precincts are required to print out backup ballots to use should touchscreen machines go down. So really each precinct is running (and paying for) a backup election with paper ballots even when they use touchscreen electronic voting machines. Even if they spit out a paper trail, a precinct is going to need backup paper ballots in the event of a printer malfunction. This kind of negates the whole argument of being able to change-up a ballot on the fly, because once those back-up paper ballots are printed, the precincts are committed to a set ballot.

They can more easily accommodate voting by the disabled. This is a legitimate argument, but one electronic voting machine per precinct specifically for disabled people makes more sense than buying several to serve all voters. And anyway, optical scan paper ballots can be easily adapted for disabled voters http://www.wired.com/science/discoveries/news/2006 /01/70036

They can randomly display the list of candidates, eliminating the 'first ballot position' advantage. You can also argue that a random listing of names would make candidates harder to find than an alphabetical listing. I don't think this is such a big gain when you consider the cost, security issues, and possible malfunctions that can occur with electronic voting systems. With optical scan, the worst case scenario is that the scanner goes down and ballots have to be saved and scanned once the scanner is fixed. With electronic voting machines, regardless of paper trail, if there is a malfunction, the machine is down and you've just lost a huge part of your ability to serve potential voters. Then you have long lines, people pissed off, people deciding they aren't willing to wait and not voting, etc.

I have yet to hear a reasonable argument for electronic voting machines over tried and true optical scan ballots for any criteria - security, cost, usability, convenience, etc. On election day, you only get one shot to serve all the voters. Best to have a reliable and secure voting system than a bunch of fancy machines that have the real potential to crash. Not to mention, based on some research done by a colleague, electronic voting machines cost over twice as much as an optical scan system per ballot cast. And the serving capacity for an optical scan set-up can be expanded by buying cheap plastic privacy booths rather than another expensive machine. I know slashdotters usually have a boner for technology, but learn a little about running elections before you bring that bullshit to the polling place.

Source code and freedom of information?

[Marcion]

Anyone know what the rules for freedom of information apply here? Could these rules be used to examine the source code for flaws?

Re:Source code and freedom of information?

[Touvan]

Even if you could review the source code, there would still be no way for you to validate that the machines running on election day, are running code that was compiled from the source code you reviewed.

In other words, you can't look in the machine as see what it's doing.

Paper trails are useless, since you can't invoke them unless there is a good enough reason to do so (close enough election usually 1% or so - not a big deal really, just set your machines to steal more than 3%).

At the end of the day, the only difference between hand counted paper ballot voting, and electronic machine counted voting, is how hard the election is to steal. With hand counted paper, you need a lot of individuals all working together, at various levels during the tallying period to do it. With electronic machines, you just need one well positioned operative.

State of California Read This and Save Millions!

[raehl]

I appreciate California's effort to verify that their electronic voting machines work. I have developed an economic process for certifying electronic voting machines.

1) Determine if the voting machine produces a voter-readable, paper ballot.
2) Determine if this ballot is the OFFICIAL voting record.
3) If 1 and 2 are true, then the machine is good. If not, it's not.

There you go. Why do people insist on making easy problems hard?

Re:Chuck the Lot

[raehl]

What we have is a case of a good idea implemented very poorly. Honestly something as simple as connecting a drivers license number and name to each ballot would vastly increase accountability and how reviewable an election would be. It's a good idea in need of a huge makeover.

It would also entirely destroy the concept of an anonymous voting system. One of the important parts of voting is knowing the winning candidate won't be able to track down anyone who didn't vote for them.

Re:Diebold won't comply

[koreth]

If they pull out of California because of that, they may as well just quit the election systems game altogether. It's the largest market, and more importantly, when California does significant things, other states very often follow its lead, for better or worse.

Not, mind you, that I'm saying it's a bad thing for Diebold to get out of the market. (Which it's been reported they're considering doing anyway.) Don't let the door hit your ass on the way out, I say to them.

stupid...

[j0nb0y]

There is no need to see the source code for this software.

There is only one specification for a secure voting machine, and it is easy to test. There is no need to see the source code. If the machine meets the spec, it is a secure voting machine. Otherwise, it is not, and should not be certified.

Here is the specification:

1. The voter votes on the machine.
2. The machine prints out a ballot.
3. The voter checks the ballot for accuracy, then deposits it in the ballot box.
4. Ballots in the box are tallied for the official vote count.

Simple, easy, secure, reliable, and recountable. There is no need to see any source code.

A voting machine which doesn't meet this spec is not secure. It doesn't matter how many times you check the source, the machine will still not be secure. An "open source" voting machine which does not meet this spec is not secure. /.ers like to equate secure voting machines with open source. I like open source, but trying to inject it in this issue is foolish. It is irrelevant whether the voting machine uses open source software. Either it meets the spec, or it doesn't.

Re:Diebold won't comply

[OWJones]

As one of the people involved in the crafting of the North Carolina law and supporting Joyce's lawsuit, I can clarify a bit. We suspect Diebold pulled out of North Carolina not because of the source code escrow issues (which they claim to have complied with in Georgia) but because the CEO of each voting company had to sign a legally binding document saying that the source code his company installed on our machines was the same code that would be placed in escrow and provided to the examiners. On the day this document was due Diebold pulled out of the state, sending a "helpful" letter to the State Board of Elections offering to help "reform" our newly-passed law.

-jdm

Re:State of California Read This and Save Millions

[Nursie]

Hmm. One could almost do this with a piece of paper!

If only there was a way to mark a piece of paper with the candidate's names and then have a box next to each!

And perhaps some sort of paper marking implement to be given to the voter such that they may indicate their choice...

I fear such technology may be beyond us.

Re:I don't think you understand how this works.

[Chandon+Seldon]

using a machine AND voter-readable font

Machine counting of votes is also sketchy. The big controversies in the 2004 election weren't about direct-recording machines, they were about the automated ballot counting machines. Unless you have a policy in place to require that the paper ballots be retained after scanning (rather than being destroyed) and a way to force a manual recount if *anyone* suspects machine tampering, you really haven't gained anything.

Someone on Slashdot once suggested separating ballot sorting from ballot counting. Put the ballots in a sorting machine and then use a dumb counting machine to count the sorted stacks. That's a much better plan (as long as the counter checks the stack to verify that it's sorted).