Slashdot Mirror
Paper Trails Don't Ensure Accurate E-Voting Totals
An anonymous reader writes "In an new report from the Information Technology and Innovation Foundation they say that paper trails increase costs and can actually reduce the chances a voters' choices are accurately counted. Congress is considering a 'Voter Confidence and Increased Accountability Act of 2007,' which would mandate 'voter-verified' paper audit trails."
-A- new report, a -voter's- choices.
2000? Gore vs. Bush? Anyone?
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
The rest of the board is similar (link).
"Rhett Dawson is President and CEO of the Information Technology Industry Council (ITI). Immediately prior to being selected as President of ITI, Dawson was Senior Vice President of Law and Public Policy for the Potomac Electric Power Company. In the Reagan administration, Dawson was Assistant to the President for Operations. At the White House, he managed the staff and decision-making process for President Reagan and was responsible for three White House support units: the White House Office, the Office of Administration, and the White House Military Office. He also was Executive Director of two presidential commissions, the President's Special Review Board (the Tower Board) that investigated the Iran-Contra matter, and the President's Blue Ribbon Commission on Defense Management (the Packard Commission). During the 1980s Dawson was a partner in two Washington law firms. Earlier in his career, he was Staff Director and Chief Counsel for the Senate Committee on Armed Services, Minority Counsel for the Senate Committee to Study Governmental Operations with Respect to Intelligence Activities (the Church Committee), and Minority Counsel for the Joint Committee on Defense Production. He is a member of the statutory Commission on National Guard and Reserve, and he is Vice Chair of the State Department's advisory committee on International Communication and Information Policy. Dawson received his undergraduate degree from Illinois Wesleyan University, where he was recognized in 2001 as the Alumni of the Year. He was awarded his law degree from Washington University."
CC.
TaijiQuan (Huang, 5 loosenings)
How about dropping marbles into jugs to vote in a private room as a way of voting?
Who are the "Information Technology and Whatsit Foundation"? Because it wouldn't surprise me in the slightest if they're a lobby group representing Diebold.
The article is totally worthless. It just states that some industry-sponsored organisation doesn't like paper trails. Let me guess, it's sponsored by the voting machine manufacturers or by Buy-An-Election Inc.
As to why paper trails are bad, they don't say, just that they will publish a paper really soon now. News at 11.
Just a quick browse of their "ITIF in the news" page and it looks like they are big fans of Real-ID and RFID tagging in general. On network neutrality they appear to be in favor of just leaving it up to the FCC to determine on a case-by-case basis what telecomm companies are abusive and which aren't - no legislation required, and their justification seems to be that some of the proposed legislation has been over-the-top (typical FUD about preventing telecomms from 'innovating').
Who funds these people?
When information is power, privacy is freedom.
... the answer is very simple.
The voter marks the ballot paper with a pencil. The ballots are counted by hand by human beings.
Completely transparent, complete audit trail, safeguards against all the failure modes discovered over the decades, results within hours, recounts within hours if needed.
Oh, and I expect it's cheaper than all this inappropriate mucking around with computers too. Computers aren't the answer to everything. This is one application in which they have no place.
"ITIF wants to spark discussion of how new technology can solve the problems. The report outlines innovations in voting machines that offer "end-to-end verifiability." It explains the cryptography the systems use and says that Congress should pass legislation based on S. 730 and H.R. 2360, which require verifiable audit trails without specifying that paper be used."
1. Not end to end. I can't do cryptography decryption in my head, and the vote verifier at the other end, he can't also do decryptions in his head. So any solution that involved cryptography isn't end to end.
2. One doesn't preclude the other. You can encrypt the electronic vote AND STILL HAVE THE PAPER AUDIT TRAIL to check the machine's cryptographic vote matches the voters intentions.
3. Papertrails, or ballots as we use to call them, have a proven track record of uncovering fraud in voting. To date the fraud in electronic voting is suspect but unproven. It is unlikely that fraud is eliminated in electronic voting, because fraud is *easier* not *harder* to do when votes can be changed so easily and untraceably on mass in a computer. So the lack of uncovering fraud is likely to be a weakness in the auditability of these machines. i.e. we suspect voter fraud because of systematic irregularities in key districts, but nothing can be proved because the lack of paper trail to verify against.
Why does he want unauditable machines? I see from his history that he's a professional technology lobbyists, but I'm curious why the FUD to keep the voting machines unauditable?
A technology company producing a report suggesting that plain old paper may be unreliable?
Im shocked. Really.
Up next - 'Republican Party publish report saying the the Republican Party is better than the Democrats'?
There are those who want us to delay replacing the Diebold (and similar) voting machines, forever if necessary, until we have a perfect solution.
Of course, there is no perfect solution. We only have adequate solutions.
Condorcet voting is mathematically better than simple tallies or "instant runoff" voting. But does anyone except mathematicians comprehend it? Would switching to it increase our confidence in voting or would people be suspicious and trust voting even less?
Paper is adequate. And what's better, it is something that mere mortals understand. And the attack vectors for paper are reasonbly well understood after more than a century of use of the "Australian" ballot style that we all use today.
The proposal by this group opens the door to FUD and infinite delay, and thus infinite retention of flawed DRE voting machines. Diebold would win, democracy would lose.
It is not hard to make a voter-verifiable paper-trail voting system. Publish a database of election results that includes a unique ID generated by the voting machine for each vote. Also print that ID on a paper receipt that the voter can take home after voting. Then the voter can verify via the internet if the vote was tallied with the right party/candidate. And it will also be possible to verify the totals by downloading the full database and doing the sums yourself.
On the same paper receipt, the candidate/party that was voted on can be printed. But it is better to hash that information together with the unique ID and encrypt it using a private election key and then print the result on the receipt (e.g. as a hex string). This generates a voting receipt that, when decoded with the public key, is verifyably a receipt of a vote that should have been counted for that election.
"I would have much more confidence in a cryptographic scheme that makes it effectively impossible for a voting machine to cheat. This is not all that difficult to accomplish and the necessary design criteria are widely available in the literature. A paper trail doesn't really help."
There is just one simple, practical, logical rule for machine assisted voting that anyone need remeber:
A machine that prints your choice is at worst a waste of money, a machine that counts your choice is at best a waste of money.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
The likeliness that computers are capable of correctly counting 100,000 perfectly submitted votes more accurately than humans in an ideal world isn't exactly a surprise, but this isn't really the point because the world isn't ideal and it's not realistic.
Even if paper trails are slightly less accurate in the counting (something I'd dispute once factoring in less measurable quantities like corruption of officials and potential hacking), one of the most important advantages of paper trails is that they can be easily understood by virtually everyone who votes. A voter verifies their correct vote is recorded on a slip of paper, places it in a ballot box, and then the votes recorded on the papers in the ballot boxes are counted, with the process being vetted by people who have reasons to make sure it's being done properly. The entire process is completely visible and clear from start to finish.
This is quite different to voting through computer interfaces, where the ability for nearly everyone to understand ends at them pressing a touch-screen. The abstract concepts of what goes on inside the system are very difficult for most people to grasp, unless they have a relatively high education. Furthermore, very few people can verify and confirm that it's working correctly.
Trust of as much of the population as possible is of huge importance in elections, and systems with paper trails are the ones that are easiest for the majority of people to trust.
High - When I buy anything with a credit card - (requires ID, receive receipt)
Medium - When I get $20 out of an ATM - (requires ID, receive receipt)
Low - When I buy a hamburger & fries - (no ID, receive receipt)
Worthless - When I vote - (no ID, no receipt, no confidence)
A proper voter-verified paper ballot system is as good as it gets when it comes to a combination of accuracy, verifiability, and accountability.
It's real simple: the voter makes his selection using, say, a voting machine. Voting machine spits out paper ballot and shows it to voter. Voter examines ballot to make sure ballot is good. If ballot is good, voter tells machine to accept the ballot and machine drops ballot into sealed box. If not, voter tells machine to reject the ballot and machine allows user to re-select candidates.
At the end of the election, the total number of paper ballots are counted and compared with the total number of people who actually came in to vote. They should match, of course. It's also compared with the total number of votes the machines recorded. That, too, should match.
You can have the machines tabulate the voting results. You can then statistically test the results of the machines by pulling a random (but sufficiently large) set of ballots from the box and manually tabulating them. But you also have the option of doing a full manual count, which is of course what you do if the statistical count shows that the machines were off. And the closer any given race is, the larger the sample has to be to get the statistical error below that of the percentage difference between the closest candidates in the race.
No purely machine-based voting system is sufficiently trustworthy to be suitable for an election. Any machine can be compromised, by the manufacturer if nobody else. That's a risk that isn't worth taking when the freedom of the country is potentially at stake.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
Well, whoopy-do. Lets just toss a coin then. Much cheaper!
I tried to RTFA and couldn't find it. But the report on it suggests that the argument misses out some important points. An election has to be more than cheap, fast, and fair.
It has to be understood by the participants and accepted by them. I would have though it was quite obvious by now that black-box software can never meet that criterion. Pencil and paper, though, does.
Why the fuck do you Americans need to use goddamn voting machines?
Canada gets away just fine with using paper ballots. When you vote, you use a pencil to put a check in a circle next to the name of the candidate you're voting for. The circle is large and the text is large, to allow those with poor eyesight to get a better view of what's on the ballot, thus reducing mistakes.
What's more, the results for Canadian elections are near-instantaneous. They actually have legislation in place to prevent the media from reporting about the final results in the eastern and central provinces while polling stations are still open in the west! Why the fuck can't the US manage that?
Yeah, the American population is 10 times larger than the Canadian population. But that's irrelevant! Use 10 times as many ballot counters, and the system will scale just as well.
It's a mixed situation here in Europe. Some of our nations use the sensible Canadian method. Others are stupid, and follow the American scheme with doodad voting machines and all that jibberjabber. But really, we should all just use the Canadian method. It's the best, and safest, there is.
Organisation says "Paper trails aren't enough to ensure accurate vote counts" (on their own, anyway?) - Next week we'll tell you why!
No news here. Not until next week, anyway.
Paul "Say no to feeping creaturism"
Yep, that sounds good.
However, I still wonder what advantage this brings over the old fashioned way...
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
We are pretty sure that the banking system can count so why not just use ATMs to vote? Transfer $1 to the party of your choice. If your party wins, you get your money back. The losing parties get to keep the money to improve their campaigns next time.
According to the provocative and highly enlightening documentary Orwell Rolls in His Grave, there's a switch on voting machines that either accepts, then discounts an incorrectly filled-out ballot, or spits the spoiled ballot back out so you can vote again. Apparently, in some areas heavily populated with blacks, the wrong ballots were received and not returned. In predominantly white districts, the incorrect ballot was spit back out so they could vote again.
So yeah, paper votes can be and have been manipulated big time.
SEO Copywriter. Just Say ON
Why do you propose such a complex system for something that should be really simple? There's no need for cryptography, or machines, or software, or printouts, or any cockamamie like that.
Voting is simple: you use a pencil to check a circle on a paper ballot. You put the paper ballot in a box with the ballots from other people. Once everyone has voted, the box is opened, and the ballots are tallied by hand.
Yes, it's that simple. That's just how it's done in many other Western nations, including Canada, the UK, Denmark, Sweden, Norway, and even in a place like India, which has three times the population of the US.
American's are not the only ones with long ballots. Germany has long ballots as well because you get to vote twice (your first vote and second vote). Then add in all of the tom-dick-harry parties and ballots become 24 inches long. In Switzerland folks vote every three to four months since it is a direct democracy. My point is the long ballot is not an excuse.
What I think is problematic in the US is that there is this automatic tendency to automate tasks and thus making it difficult for the people to carry out the task. Case in point the ballots with hanging chads. Why on earth is there such a ballot? Oh yeah so that you can save a few bucks on counting the votes. But who cares that the voter has to take a Phd on casting votes.
To put this in context. India in 2004 put in electronic voting machines for 348 million people http://www.kablenet.com/kd.nsf/Frontpage/A109B59D2C4BCBA380256E9400373E62?OpenDocument
I am sure its not perfect, BUT you have to think twice about this. In a country that is mostly poverty stricken and where people can't really read they have a working democratic system and 348 million people can vote electronically. And what was the population of the US? 300 million...
No, the problem here is quite simple the American voting infrastructure. It's not the fault of the people, nor the political system, but the folks who run the voting infrastructure! They need a good "flogging."
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
In other news: Backups Don't Ensure your data are safe.
"In an new report from the Information Technology and Innovation Foundation they say that backups can increase costs and can actually reduce the chances that users data have to be recreated."
Just vote for the MP?
You think freedom can be reduced to a popularity contest?
Up until recently, America was about voting issues, not people.
Some people find it incomprehensible that an elected representative of the people would find himself trying to implement the will of the people, rather than simply assuming that the election gave him license to implement his/her own ideas. (You do hear me muttering under my breath here, yes.)
This is entirely the point of having the people vote on so much.
It has something to do with the DIY mindset that also used to be rather typical of people from the USA.
joudanzuki
Coming soon, e-vote and wifi e-paper trail. It's time for high tech chameleon votes.
Stupidity is the root of all evil.
is that only the mathematicians really understand what's going on.
We may know that (if and only if the algorithm is implemented correctly) the method works, but for the rest of the citizenry, this is asking them to put their trust in (yet another) technical priesthood.
The system has to be simple enough for anyone to see, and simple enough that anyone willing to comprehend freedom can comprehend it. It has to be visible.
Thus, the stubbed, anonymous paper ballot, the stub and the ballot going in separate, locked boxes, and each voting station accounting for every ballot received, and more than two voting judges, from different parties, present all during the setup, voting, takedown, and initial count.
It is not perfect, but it is visible, and it works.
Nothing in this world is perfect, and when you start playing cryptic cryptographic math games, it just makes part of the process invisible (opaque) to too many voters.
joudanzuki
I am TheRaven on Soylent News
is dependent on the implementation.
And the final step of the implementation is, you guess it, making sure the voting machine gets to the polls and back to the county or parish offices with unmodified ROM and RAM.
Electronic and mathematical methods are not visible to the ordinary voter. That is the problem.
(They're not really visible to techie types, either, unless both you and I are allowed to check every ROM at every voting booth at every point in the day, and we still would have to be able to trust each other.
You do trust me, right?)
joudanzuki
right?
And trust me to carry the machines to the polling places, and generate the cryptographic keys (on my computer), right?
Yes?
Any system that allows a voter to prove to himself that his vote was correctly cast *after* it has been cast can be perverted into a vote-buying scheme. I could place an stall with an internet connection outside the voting office with a big sign that read "20$ to anybody proving he voted $Party". Or I could be a bit less obvious, and just whisper around the neighborhood that bad things could happen if your slip didn't say what it was supposed to. You get the idea...
I would be guessing that this article is a red herring designed to make voting machines that _do_ print paper trails appear more respectable.
We all like that e-votes are counted immediately, but accuracy and verifiable results to the populace are more important. There can be no doubt to the accuracy of the votes or our republic will be no better than a dictatorship with revolving dictators and with only 1 name on the ballet.
I am betting that this group is a conservative vote. I think paper trails are necessary for now until a secure non-partisan solution is found. I am betting that if we had a paper trail in ohio. Kerry would have been president.
TFA is merely a means to divert the discussion away from the real problem here: without a paper trail, it is too easy to tamper with the voting machines and not be caught.
for people unwilling to learn how to exercise their franchise.
If the voting process required sacrificing a thirteen minute dead chicken at exactly thirteen and a half minutes past midnight, and signifying one's voice by choice by the seasoning (eye of newt for candidate A, bat's whisker for candidate B, etc.) then, yeah, there is an issue with the process being too complicated.
That's kind of what the problem with the hanging chads was. (And, if you think about it, one way of describing the problem with cryptographic methods.)
But checking a box or column?
If a voter can't be bothered to understand how to find the correct box or column to make a mark in, he or she really lacks some moral standing when complaining about votes not being counted.
joudanzuki
Are there any facts associated with this article? It appears that this is just one group's claim, backed up by nothing other than their opinion.
The facts of the matter are:
with all this, a well mandated, accessible, audited electronic voting system is more secure than previous voting methods. There is no excuse for these companies to have created and sold the craptastic voting machines they did. There is no reason for Diebold, an ATM maker, to have only made voting machines that had no paper trail capabilities. If they tried to sell something like that toa bank, their contract would have been dropped in a heartbeat, but election boards across the country didn't blink an eye. It is time that there be a nationwide standard that works within a degree of certainty. Electronic voting machines with paper audit trails are accessible, human readable, and as secure as anything we currently use. You don't have questions of "Did this voter actually mark a circle?" or "Which of these half erased circles did the voter mean?" or "That chad isn't punched all the way through, so I will just do it for them because I know what they meant." It is very hard for an auditor to see "President: Al Gore" printed on a receipt in human readable form and say that the voter chose George Bush.
Clones are people two.
...votes much quicker than you think, with the right system.
Here in Oz, we can have some pretty lengthy ballots, e.g. the Senate Ballot here in Queensland in the 2005 federal election had 50 names on it (see this page for a sample ballot).
I prefer to allocate my preferences myself, so I number below the line. Which requires ranking all 50 candidates in the order I want to place them. I usually put half a dozen names at the top (i.e. 1-6 or so), half a dozen more at the bottom (in this case, 45-50), then number the ones in the middle more or less randomly. :-)
My point is, it takes me about, oh, two minutes, tops, to do this, as well as fill out the House of Representatives ballot for my local electorate, and any other ballot/referendum/whatever they give us.
Ballots don't have to be confusing when they're long. They can be simple to understand, and quick to fill out. They are also quick to count - it's rare that the election outcome isn't known within 6 hours of the polls closing here.
The thing that I find most strange about your mega-ballots in the US, is the insistence on putting every item to be voted onto the one ballot paper. Why not use multiple sheets? One for President, one for Congress, one for Senate, one for State stuff, one for local stuff. Yeah, sure, it means you need to fill out five ballots instead of one. But you can be damn sure that your vote for President isn't going to be thrown out because you made a mistake on the thirteenth local ordinance vote, and it's not like it takes you any longer to fill them out.
Plus it's a bit quicker to vote that way. How long do you think it'd take to count votes for President, if the folks doing the counting only had to check that one of the (e.g.) four or five boxes had a "1" or a tick or cross in it?
The most astounding thing I ever read was when I found out that a polling place in the US might have a 2-3 hour long queue, and yet register less than a thousand votes cast on the whole of election day. What's with that? I don't think I've ever had to wait more than five minutes, and we probably have five to ten thousand people voting at each polling place.
Face it. Your voting systems are, in general, horribly dysfunctional. Get some professionals to show you how to get it running smoothly.
Here in Brazil we have had a nationwide electronic voting system for ages (And a national voting day), and it works perfectly. We know who our elected officials are before the end of the day. If a "third world" country (And a very big one at that) can do it, how come the richest country in the world is having so much trouble with it?
ha, that's a gooed WANd.
.asp about it, or anything.
just this a.m., the atm on the corner is proudly displaying a 'c:\windows\temp..drive error.
the fix is in the 'mail', as well as your new atm card, & we're not quite sure what happened to your vote, butt that won't 'cost' you anything, so don't concern your highly indebted
changes nothing.
As many, including myself, have pointed out, machines simply add more opportunity for fraud and remove the voter one step further from understanding the process by which he or she exercises franchise.
You do trust me to burn the ROMs, right? and to transport the machines to and from the polling places, right? And you do trust my friend to verify the ROMs, right?
And, of course, I should trust your verification procedures, should you decide to verify the ROMs yourself.
(Who's computer are the cryptographic keys stored on? Yours or mine?)
joudanzuki.
a ballot with a mark to the left of the candidate's name instead of in the box to the right should be counted.
Think about this.
Is someone who has trouble putting a mark in a box going to understand your system?
joudanzuki
I have a haddock.
I remember going through this in school, but something clearly does not ring true in the argument.
My family has a long history of philosophizing. We also have a long history of participation in the elections process (registration, voting judges, caucuses, etc.).
We do not vote people.
I read the history, instead of the modern psycho-histories, and I don't see people voting people.
I think there's a problem in the way people interpret the founding fathers through the lens of modern political philosophy. Maybe what is missing is whether a person can conceive of an elected representative implementing other people's ideas instead of his own, or his favorite lobby's.
joudanzuki
While I was taught about the electoral college, voting system, and government while I was in school, it seems that the "real world" is a lot different. (surprise!) If I remember correctly, the electors don't even have to vote for the candidate with the most ballot votes, they can choose to vote another way, becoming faithless electors.. WTF? And I'm supposed to trust these people? I find a lot of problems with the system.. Personally, it seems that if a candidate receives the majority of the votes (citizen votes, not electoral votes), then they should be the elected official. However, as we've seen in the past, that's not necessarily true.
I have no faith at all in our political system. I vote because I want my voice heard. Apparently I'm not in-tune with popular opinion, though, because I have yet to vote for any of these elected officials..
XenoPhage
Technological Musings
The voting judges receive a set number of ballots, enough plus a few for ever registered voter in the district to cast a vote. The number of ballots is known, so that the final count of ( votes + spoiled_ballots + unused_ballots == ballots_delivered ) can be tested. (By people, not just by machines.)
The ballot and stub are separable. The voter places the ballot in a jacket, separates the stub, and takes the ballot and stub to the judges.
A judge receives the ballot and stub, keeping the ballot in its jacket while the other judges (and any voters who happen to be nearby) watch. The ballot, in its jacket, goes into the locked ballot box. The stub goes into a separate box.
When the polls close, the first thing done is to unlock the ballot box with all judges present. The count of ballots cast is checked against the count of stubs, and the count of ballots, spoils, and leftovers is checked against the count of ballots provided. Then the judges count the actual votes and record their initial report.
Then the ballots cast are wrapped up with the stubs, the unused and spoiled ballots are wrapped separately, all are placed in the ballot box again and locked again, and everything is taken by at least two of the judges to the county offices, where the county officials verify the initial reports. (County or parish, or, in really large cities, I think it is done by ward or such.)
The judges keep a copy of their initial counts, so that they can check against the county's later reports.
Does that explain how recounts work?
You could call the combination of ballot, stub, and careful accounting of all ballots received a paper trail, of sorts, but it's not the same thing as the print-under-glass gadget, or the cryptographic receipt gadgetry.
If you can't trust the voting judges, no amount of cryptographic machinery will help. You simply have to have enough guts to volunteer to be a voting judge yourself next time, and make sure the other judges know that your family or someone else important knows you are being a voting judge.
If you can trust the voting judges to at least not try counterfeiting ballots, voting machines are superfluous.
joudanzuki
TFA didn't say any more than the
Nowhere in TFA does it say how or why water is dry and fire is cold, we're just supposed to take an unknown orginization's word for it.
I'm calling bullshit until someone explain HOW having a paper trail can make counts less accurate. TFA was so short I'll paste the whole thing as a postscript.
-mcgrew (Apparently reporters, commentors, and editors have only gotten stupider since that blagh post almost 3 years ago).
TFA:
By law in I believe 39 states has to place it's electoral votes all on the winning party. So in a state like california, if the majority of regular people vote democrat, all 54ish college votes have to go to the democrat candidate.
A few (I believe 6-9) allow plurality in vote, where the electoral college can, assuming a candidate had 40% of the vote, could spend a portion not exceeding 40% of their electoral college votes on the lesser candidate, although this is exceptionally rare, as usually everyone goes with the defacto vote for the most selected candidate.
Now, that leaves a few states with murky electoral college laws. I believe they could actually vote for ralph nader even if he only got 1 vote, and skip the other candidates. But decisions like that are ballsy and career killers.
Hope that's informative, I'ld recommend reading up on your particular state electoral college voting procedure.
I've been making your point for years among friends and family, and many of them still to this day do not get it. And to make things worse the media makes it out that the popular vote is the deciding factor. At the same time, I do not know if I can trust the general populace to select our leader anymore then the electoral college, though I think I give them a small edge. Democracy/Republic itself in my general opinion is a horribly inefficient and incredibly risky form of government. However, it's own problems (not to mention we still have a strong Judicial branch) tend to keep it in check.
Anyways, after working in what is, to some degree, a service industry I've learned a very important lesson: Give them what they need in the disguise of what they want. People will always want what they don't need, and giving them what they want all the time will quickly approach disaster. Or at least incredibly useless software.
"Now you know, and knowing is half the battle!"
Why not make voting machine programs open-source? Only then one can be sure of absolute transparency.
Of course, the end user will be unable to modify the program of a voting machine, so no GPLv3 here.
These days, it is easy for a candidate to personally visit all of the states, and even easier for them to use television, radio, and the Internet to make sure people know their face and voice, if not their opinions. Rather than scrapping the electoral college system, the states kept the form, but removed the function. Now you have something like direct elections, but with a bizarre weighting system. Candidates have to have a huge budget to be able to reach all of the potential voters, which basically means they need to be nominated by one of the two major parties. With the electoral college system, they only needed to get the votes of 300 or so people to get in, making it a lot easier for private individuals.
I am TheRaven on Soylent News
Paper voting systems are extremely vulnerable to localized, small scale fraud by a relatively large number of conspirators.
Any hypothetical electronic system, no matter how secure, is vulnerable to basically _universal_, unauditable fraud by a tiny number of conspirators in the right place - as low as 1. Any kind of cryptographic system can be defeated by the guy who actually controls where the actually-compiled source code - and the COMPILER source code - came from. Even in an OSS system, it's awfully hard to prove that's really the source that's being compiled and that it's being done by a fair compiler.
That's a big difference, and it's an innate, immutable difference. Paper is highly decentralized because much of the population can read. ANY computer system is highly centralized - even if you have perhaps 10 sets of voting machines, that's at best 10 major code trees...
Your worst-case scenario with a paper vote can be a conspiracy on the counting side - which is already done by members of both parties together. So the only way to have this work out is if you also stuff the observers of the OTHER party with conspirators.
The other way requires a pervasive box-stuffing campaign across a wide array of precincts right in the face of bipartisan election judges.
In both cases, you can basically only pull this off in an area where the government is pretty much universally and tightly controlled by one group. A good example is the original Daley's regime in Chicago (Daley per se may not have... ) Note, however, that if THOSE people were elected to the part where they tightly control the government, chances are the voting populace would vote for a similar candidate in that area.
And the risk of those conspirators going to jail is still relatively high.
As theRaven64 said - the important thing about a paper vote is that it's transparent to everyone.
I'll go a step further and say that we as a country are not capable at this time of commissioning a fair electronic voting standard - currently we can't even manage a "not-obviously-retarded" electronic voting standard. Asking election officials to manage cryptographic standards is in practice outsourcing our democracy to a handful of large self serving partisan corporations, because that's how technology tasks are done. The government does not have a good track record of accomplishing either security or transparency in tech projects.
Finally, note that THE reason electronic voting is _theoretically_ used is to provide faster counts. If you treat it like it should be - as a precount - it could easily be used to give a really fast estimate of the votes.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
"serious limitations that diminish their ability to effectively verify election results."
Paper trail limitations: they require other equipment or groups of people to count them for audits or recounts.
Other technology: you have to rely on the original equipment to report the results correctly the first time. This is cheaper and more accurate, as your results are always the same.
Microsoft is to software what Budweiser is to beer.
That's close, but not quite right. Most states have the "winner take all" mentality where the candidate that wins that state gets all the electoral votes. There are two states that are an exception to this rule: Maine and Nebraska. Both states sum up the presidential votes by district, and the candidate with the most votes across the entire state gets an additional two electors.
Read this for more information: http://en.wikipedia.org/wiki/United_States_Electoral_College#Maine_Method
My Sysadmin Blog
You completely miss the point of the Electoral College. It has nothing to do with candidates being able to personally visit every state and everything to do with the Founding Fathers not trusting direct democracy. The system, as it stands now, requires candidates to appeal to broad parts of the nation and have a plurality of the states supporting him (or her).
My Sysadmin Blog
"Any hypothetical electronic system, no matter how secure, is vulnerable to basically _universal_, unauditable fraud by a tiny number of conspirators in the right place - as low as 1. Any kind of cryptographic system can be defeated by the guy who actually controls where the actually-compiled source code - and the COMPILER source code - came from. Even in an OSS system, it's awfully hard to prove that's really the source that's being compiled and that it's being done by a fair compiler."
That is simply not true. I presented a hypothetical electronic system in the comments (admittedly not a practical one, but you said hypothetical too) where it is essentially mathematically impossible for the machine to produce incorrect votes without being detected almost immediately.
If it added extra votes, the tallies wouldn't match. This would be caught by those supervising the machine locally.
If it suppressed valid votes, the receipts wouldn't appear in the aggregates. This would be caught by those supervising the machine locally.
If the aggregates didn't match what was in the final vote results, this would be caught by anyone who verified a vote receipt against the final results. Local officials could definitely keep a copy of the aggregates they verified, so they can check them against what was finally submitted.
I suppose you have to trust things like laptops to actually keep the numbers on. Ideally, you'd have an open standard and you'd use spreadsheets, voting machines, and verifying machines made by different manufacturers. Poll monitors from each party could use their own hardware and software to store and track information. You'd need a huge conspiracy to tamper with all of this.
There are actually ways to eliminate even that, but they get very complicated. One way is if you think you can rely on hardware tokens to not be backdoored, but these are validated by government agencies and very simple.
I do agree that you have to trust something, somewhere. But I think you can solve that. For example, you have to generate master keys, but you can do that at a ceremony attended by both parties using crypto hardware that prohibits key extraction.
Again, we don't quite know how to do all of this practically yet. But I think it's a huge mistake to say no *hypothetical* system can do this.
Of course, I think we would all agree that the vast majority (all?) currently available electronic voting machines that don't provide paper audit trails produce electronic counts that should not be trusted and that are much too easy to tamper with on a massive scale. But this is largely because they don't use or mis use cryptographic principles. It's not due to any inherent flaw in electronic voting (except perhaps that complexity is necessary and complexity can lead to mistakes.)
If you want to argue that nobody, not even any organization, is smart enough to make sure any such system is as secure as it's supposed to be, that might be true for quite some time.
This is meaningless FUD. The supposed paper that this think tank has written isn't even published on the website so there is no way to even see why they think that a physical record that can be audited is a problem. Come on /. this is weak. It is a 1/2 page summary with no backing. It's kind of like paperless voting, we're supposed to just accept that what they say is true without knowing what they are actually saying. What crap.
How the hell can we debate an assertion when we don't know what it is.
Here are some of this think tanks other gems:
A 'Third Way' on Network Neutrality..."They then propose a three-part, "third-way" solution that allows incumbent broadband providers to offer managed broadband services, provided that they also offer a basic and growing open, non-discriminatory "best-efforts" Internet pipe to broadband consumers." --- This shows a lack of understanding of net. They seem to think that neutrality is only a factor in the ISP to home part of the net. Duh.
"RFID: There's Nothing To Fear Except Fear Itself" --- Until your employer wants to put one in you.
Please call your congresscritter and beg them to Vote YES on HR 811 and NO on an unfunded mandate amendment to the bill (which would essentially gut the 2008 deadline in the bill.)
-- QED
participated in this in Iowa once (their all different.) Their, the "straw poll" voters are brought together in a group that supports the candidate, and those who voted then appoint a representative to be a elector, the number appointed was a flat % of voters for that canidate. then some funny stuff happened their after. IE one candidate is a few votes shy of having another elector, so another candidate loans voters over, then swap electors, so now each has a elector loyal to another candidate, so they know they will get extra support if that candidate drops out (I didn't understand that completely either.) I just did the local straw pull, IE the "second level" these electoral candidates then went to a regional, where they were further weeded down to the most loyal (I assume)...
their supposed to vote for their candidate, I think that not happening has only ever been max by one elector changing, granted in 2 or 3 elections in the last 12 presidential elections. I think those were thanks to things like I said about swapping voters, from a independent candidate to a party candidate, to get a extra electoral representative in the party, and one of those made it through to the final electoral college.
no, I think you probably are. Your just not in tune with those who are wielding the power of your vote.
Ok, let's say you receive your crypto token, and can prove at any point that your vote was counted all the way to the grand total.
Also remember that it's not enough to hold on for it for 5 minutes. You must hold on to it all the way to the recounts, at least. If you just prove before leaving that the machine still has your vote, then there's not thing to say someone can't flip the votes in the database later.
The problem is this: any proof of how you voted, can be used for electoral fraud by itself. E.g.:
- Someone else can demand that proof that you voted for their candidate, or else. Let's say Don Corleone, the respectable head of the local mafia group, is running for mayor. If you have your ticket that you can check at a terminal, then so can Don Corleone's goons for you. It makes an electoral racket as simple as a protection racket. You know, you only have one kneecap in each leg, it would be a shame if that were to change. Show your ticket proving that you voted for Don Corleone, and you have our "protection" so it doesn't.
- Outright buying votes. Let's say I've won the lottery jackpot and want to be governor. Or just mayor. It's as this: everyone who shows me a ticket proving that they've voted for me, gets 100$, no questions asked. (And I'll store the crypto token on a database of my own, of course, so several people can't come with the same ticket.) In fact, let's turn up peer pressure a notch: if you can also prove that your spouse (if applicable) and at least one parent or child of voting age also voted for me, you get an extra 100$. You know, just to have old retired moms call their sons and do the "you won't even do that for me?" sobbing act.
- Pure social pressure. E.g., if you're a student still living with your parents, whoppee, they can control who you voted for. You know, under the old principle of, "as long as you're in _my_ house, you'll do what _I_ say, young man. Now let's go to a terminal and you'll prove to me that you voted as I told you to." E.g., if you want to keep working at my office, better "voluntarily" prove that you voted for my favourite candidate.
Etc.
Yeah, I'm sure _you_ would bravely stand your ground, stick to your ideals, and never betray the sanctity of the free democratic voting. Maybe. But considering that elections have been won by a 0.1% lead before, the funny thing is: you don't need to get _everyone_ to cooperate.
Some of those aren't even easy to legislate against. E.g., how would you legislate against parents demanding to see their 21 year old son's ticket?
So, no. Please don't do that. The important thing about votes isn't just that they're counted, but also that they're secret and hard to influence. The moment all that remains is that they're counted, but someone can easily influence the voters and/or check what they voted... well, you might as well not bother pretending it's a democracy any more.
A polar bear is a cartesian bear after a coordinate transform.
Sorry bout that. Okay, i figured it was something along those lines. I know how my state works and knew there was some exception to how it worked, and figured [incorrectly so it seems] somewhere out there there was a screwy state that was completely off the game from the rest of the states. maybe in the future annexing and giving voting rights to the US territories like puerto rico (and the loss of some states to keep the total at 50 heh) will make my count accurate though so let's keep it for archival sake =P
Thanks for the correction.
I'm not a political entity and only know how my box works. And I want to add cold cathode to it. =P
Worse. Not to launch into a conspiracy tirade, but who says the machine prints out the user's selection? In a perfectly—or even halfway competent—world, all it would take is one dishonest group of people (Diebold?) to code the system with two result columns. The first stores the user's actual vote, the one it can print out on request given an encrypted value, or present on a confirmation screen for the user. The other stores the desired vote; maybe on a statistically weighted basis for a specific candidate or party as to make the slant non-obvious. The second column is used for tallies.
Suddenly your printed receipt is absolutely worthless. Sure, you can rest easy the system correctly registered your vote, but it's the master counting system, and the values it receives, that matters.
Paper ballots require a massive concerted effort with hudreds, or even thousands of conspirators. With Electronic voting, since the code is closed (and even if it was open, we can't ensure that's the code they used in the final machine), it takes one manager with an agenda and a handful of hand-chosen coders to implement it.
There may be a way around this, but I sure as hell don't know what it is.
Read: Rabbit Rue - Free serial nove
You are continually missing (avoiding?) the point: The general populous does NOT understand how technology works. The general populous DOES know how to read and count. Any election system should be well studied and validated by the experts, but it must be understandable and trustworthy by the electorate that it is supposed to serve.
Let's go back to your point that I was responding to. You said:
"Any hypothetical electronic system, no matter how secure, is vulnerable to basically _universal_, unauditable fraud by a tiny number of conspirators in the right place - as low as 1. Any kind of cryptographic system can be defeated by the guy who actually controls where the actually-compiled source code - and the COMPILER source code - came from. Even in an OSS system, it's awfully hard to prove that's really the source that's being compiled and that it's being done by a fair compiler."
I responded to this because it was wrong. I showed that it was wrong. I am not "missing (avoiding)" the point you are only now making.
I fully understand and agree with your new point. I never said otherwise.
I'm being honest and admitting that your completely new argument is right. Now, will you be as honest as me and admit that your original argument (the one I quoted above) is wrong?
Do you see the difference between these two arguments:
1) We should use cryptographic voting scheme X because it's the best.
2) Hypothetical cryptographic voting scheme X has property Y, proving that it is possible for that type of voting system to have that property.
I am making an argument of type 2. You are now responding as if it was an argument of type 1.
We use it here in Oregon, and it works well.
Anybody registered to vote, gets checked, then mailed their ballot to their address on file. Signature checks, collected at the DMV, are used to validate votes. Votes are mailed in a double secret envelope that allows verification but does not tie votes to voters.
The counting system is optical scan, is done in one location with security in place there. Audits are performed, and most importantly:
-the voter can verify their own vote
-said vote is human and machine readable
-casting of votes is distributed over time and space.
Blogging because I can...
Finally somebody getting around to speaking against the amazingly widespread myth that somehow a printed ballot is more accurate, more trustworthy, or more useful than an electronic record.
It's pretty incredible to see the Slashdot crowd speak of paper trails as if they were some sort of magic talisman ready to right the evils of the election system. Slashdotters of all people should understand that the whole point of digital computation is to improve precision of calculations far beyond what could be achieved by manual counts and paper trails, and that proper application of encryption and communications technologies can entirely reverse the weaknesses of either paper or poorly implemented eVoting.
It's so blindingly simple: a paper backup cannot possibly have the precision needed to resolve a close election. It's physically impossible. So what happens when the paper disagrees with the electronics? When the backup is more flawed from the start what good is it?
I could go on, but wow... it's so refreshing to see this story posted to Slashdot. I just wish the rest of the US would stop and think for a second to demand decent electronic voting systems instead of insisting on a broken solution to the wrong problem.
My apologies. I thought you were the same person who made that original argument. A second after I submitted I realized you weren't. In any event, most of my argument still stands.
When someone makes an incorrect argument, if I think that argument is incorrect, I'll say so. I will do this even if the argument argues for something I agree with. I believe that you should kill with legal blows.
If someone said, "because two plus two is four, you shouldn't torture innocent children", I might reply that this argument makes no sense and that's not a reason you shouldn't torture innocent children. You'd be right there to argue that I'm missing/avoiding all the other arguments why you shouldn't torture innocent children, and you would be right. However, your comment would also be irrelevant unless I said you should torture innocent children. So long as I stuck to rebutting his comment, your comment is unjustified.
Why should I address arguments people haven't made when they *are* making bad arguments? There's no point in addressing arguments that are *correct* other than to say "me too". In any event, for just this reason, I did add "me toos" to many of my comments in this thread, where I make it clear that I'm rebutting invalid arguments even though they sometimes argue for things I agree with (for other reasons entirely).
There's a very specific reason why I bother. We won't get good voting systems if we don't understand what's possible, what we really want, and how to judge voting systems. Bad arguments muddy this pool. So I make it a point to refute them even when I agree with the position they're arguing for.
We all win when it's a clean fight. That way, the best voting system runs.
Here's another "me too" just in case you missed the other three:
Right now the best voting system is probably the "paper vote drop" system discussed elsewhere. The only problem with that system is if the machine drops a ballot with the wrong vote even if you didn't ask it to. The only thing you can do is go to a poll worker and say, "Hey! I voted for X and it dropped a vote for Y even though I pressed X and then when it printed Y I pushed cancel." It's not clear what a poll worker should do in that case. Otherwise, it's an excellent system -- easy to understand and hard to screw up, and that's important.
The question just hinges on whether you get a receipt to prove that your vote was counted, or not. Which is what a lot of people are proposing. If it just stays in a pile at the voting site for the recounts, then you've just created a fancier paper ballot recount scheme. I was addressing the case where you get to keep that receipt. (Because that is the stupidity that _usually_ gets thrown around by techno-utopians whenever such a thing is proposed.)
As for your "Coercion" button, the question then is simply like this: Which of the following you propose? Because both can be abused equally well:
1. Only the right receipt shows up as counted. Then the "Coercion" button becomes a useless bell and whistle, as Don Corleone can still kneecap you for trying to smoke him with a blatantly fake receipt.
It also creates the problem that someone can collect a bunch of those fake receipts and start screaming, "electoral fraud! Look at all the votes that didn't get counted!"
2. All the extra receipts show as counted when you use them at a vote-checking terminal or site. Then you just made electoral fraud 10 times easier. I can flip the vote in the database for everyone who used that button, to any choice I wish, and they can't prove a damn thing, because the extra receipts for all candidates equally show as "counted."
Let's say the choice was between Moraelin (the guy buying votes for money), Don Corleone (the guy threatening to kneecap you), and Johnny Extra (the hopeless independent candidate.) So let's say you voted Johnny Extra, because at least he's not a blatant sleazebag. So you vote for him, and get your ticket with a crypto token that can be used to prove "counted as 1 vote for Johnny Extra." Being the cautious kind of guy, you also push the "Coercion" button, and the machine dutifully spits two extra tickets, whose serial numbers are for the other two candidates. Now the choices are like this: either
1. The two extra tickets, when used at the check-your-vote terminal or site, show "no vote was counted for this serial number". Then both Moraelin and Don Corleone will know you didn't vote for them, because those tickets will show as no vote counted.
2. All 3 of them, when used at the same terminal or site, show that, yep, one vote was counted for that candidate. In which case they're useless, because you can't prove which of them was _actually_ counted. If Don Corleone bribed some technicians (or threatened their families) to flip your vote for Don Corleone, you can't prove that. The tickets with the tokens for Don Corleone and for Johnny Extra equally show "1 vote counted", and you can't know which is real and which is the decoy.
If I was looking to derail an election, I'd _love_ variant 2. I'd make sure that all machines have a "Coercion" button and remind people to press it, just in case. Then everyone who's pressed it, essentially lost any way to check for which candidate was their vote really counted. I could freely flip the votes for each and every one of them, and noone would be any wiser.
While in case 1, the link between voter and vote is done by the fact that:
A) _YOU_ have that ticket, and
B) The ticket can be used to check for whom was the vote counted.
That's all the link that's needed. The only way to lose that link there is to lose the ticket, in which case Don Corleone will still kneecap you, your dad will still ground you, etc. And the guys who decided to vote for the guy promising $100 per vote certainly won't lose theirs, so it becomes a moot point anyway.
The only way to dis-associate it from the voter is to not give such a receipt to the voter at all, but just keep it in a pile at the voting section for a recount. But then we already know that that works without such crypto-tokens anyway. And if you're going to recount everything by hand anyway, why bother? It's faster and cheaper to just do the old fashioned counting and save yourself the whole computer madness.
A polar bear is a cartesian bear after a coordinate transform.
It's the security and accuracy of the voter roles that count. Until those are scrubbed and kept clean, the actual vote is considerably less important...
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
I would have much more confidence in a cryptographic scheme that makes it effectively impossible for a voting machine to cheat.
How do you know that the cryptographic scheme makes it effectively impossible?
The problem with such systems is less that they can be hacked, but rather that people BELIEVE they can be hacked. Democracy cannot function properly if the fundamental mechanics of Democracy are not trustworthy. No matter how good the security mechanisms are, so long as they are obscure and little understood by the majority of the public, there will be a belief that those machines are rigged. That belief is a serious threat to our government.
When people believe their vote won't be counted, they won't waste the time to go vote. This drives down voter turnout, and invariably perpetuates an environment where corruption becomes rampant and borderline accepted. The best crypto in the world will not change this because ultimately because it's the appearance of impropriety that kills it, not the impropriety itself.
This sig has been temporarily disconnected or is no longer in service
The electoral college is appointed by the state. The state at some point has been elected. Participating in all of the local elections and smaller non-presidential elections is the best way to get the electoral college members appointed by people you agree with.
It is true that the college members are not required to follow the voters constitutionally, but they are pledged to represent the will of the people.
I find it ironic that we are so adamant to forcibly spread our democracy to other nations when we don't have a good grasp on it ourselves.
The article didn't mention WHY paper trails don't lead to more accurate voting totals. What was more frightening, that the solution seemed to be super-secret cryptography with no paper trail. Yeah, that's the way we can guarantee accurate voting and have I got a bridge I can sell you.
My guess is that this group is somehow funded by the Diebolds of the industry (they have to be getting their money from somewhere).
I know that paper trails cannot guarantee that elections won't be corrupted, but I'm quite sure that without paper trails, any corruption will be undetectable. In this day and age where we see corruption rampant among those that would claim to lead us, we need every little bit of help we can get.
In Spain the ballot system is divided that way.
Sure our ballots are simpler because are based on closed lists instead of selecting candidates from a list, but anyway counting them is brain dead easy and fast.
Before midnight of election day we already know the winners.
No reason for electronic voting machinery, except maybe for those with physical conditions that make it unreasonably difficult to use a bubble sheet.
Bubble sheets can be tallied electronically, but that's after the voting is all over with.
Simple ballot + stub, locked ballot box, proper accounting of unused ballots, with human judges and election observers, that's all that's necessary.
Every additional complexity just adds points of attack.
joudanzuki
assuming public key doesn't get killed by quantum computing or something else we haven't seen yet, what magic in cryptography prevents me from, for instance, failing to protect the necessary private keys? (I'm suddenly not sure if I'm getting the terminology right, but I mean the half of the key pair that the owner of the key pair keeps secret to prevent others from signing things.)
Their demonstrated party loyalty make it exceedingly unlikely for any of them to act as faithless electors.
I'm not saying its a great system, but in practice it isn't as vulnerable to faithless electors and you might think.
Up until recently?
It was never about issues, it was always about popularity, George washington kicks it off pretty well when it comes to that concept.
how about JFK?
The phrase "more better" is acceptable English. suck it grammar Nazis
I wonder if, perhaps, anonymous voting is going to have to go away. People register with their Social Security Numbers or RealIDs, vote, then can review their vote on a website along with everyone else's.
Of course, as with paper or e-voting, what the final tally shows may not reflect the paper/button press you submitted. Electronic or paper, you still need to trust the vote counters OR be able to verify your vote later.
Congress should have power. Congresspeople should not.
1 everybody that registers to vote can also register as Party 1 Party 2 Party N (or none of the above) and are given a chip and reader
2 about a week before an election the central poll computer is loaded with the public keys of all currently living registered voters
3 the voting systems then present the options (in some federally mandated way) and then use the private key (from the chip) to encrypt the vote data
4 the central computer then looks up the voter number (maybe ssn) and then attempts to decrypt the vote data given voter number X has public key Y
a the vote decrypts and is then added in (and the public key is then removed since its no longer needed)
b the vote does not decrypt
5 the count is made with everybody that voted and the "votes" of the folks that registered but did not vote* (if None of the above "wins" all votes are rolled back)
6 begin registering votes 4 days prior to the "election day" (so you could have voted anytime in 5 days)
7* if any election does not have more than 51% actual votes roll back and retry
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Right... so now,
1. someone can DDOS the system by just encouraging enough people to stay in there and push that button until they overflow the hard drive or the printer runs out of ink and paper. (If there's a maximum number N that you can push the button, then we're back to my first post, with the minor twist that now Don Corleone will ask for N+1 receipts.)
2. you introduced some vote subtracting _after_ the votes have been checked. Remember, if the two are identical, there's no difference between discarding bogus extra votes and discarding real votes.
3. you can still _add_ votes with impunity, since the only thing that check does is verify if a vote hasn't been discarded. But if there's one vote in the database, you can't prove that someone actually cast it. And the extra bogus votes scheme also destroys any chance to detect that there were more votes than voters.
Especially 2 and 3 can be used very creatively together.
E.g., let's say the real votes are (let's say for governor, so we have nice big round numbers) 1 million votes for Moraelin, 1.5 million for Don Corleone, and 2 million for Johnny Extra. Let's say people also used the "Coercion" button generously, and we have 10 million extra votes for each this way. So the actual count says 11 mil for Moraelin, 11.5 mil for Don Corleone and 12 mil for Johnny Extra.
Now let's say I'm a crooked guy in charge of the voting machines there, and got really big money from Don Corleone to swing the vote his way. Let's gently manipulate the record so it says it's actually 10.5 million coercion votes. So an extra 0.5 million is subtraced from each. I'll also add 1.5 million votes for Don Corleone. Now after subtracting the (hacked) number of coercion votes, the numbers become 0.5 mil for Moraelin, 2.5 mil for Don Corleone and 1.5 mil for Johnny Extra.
The total is still 4.5 million votes, exactly as much as people who went to vote, and everyone can check that each of their receipts did indeed get counted. What you can't prove, though, is that (A) some actual real votes just got subtracted as coercion votes, (B) some votes just appeared for which noone has a receipt.
Briefly, it's still much, much worse than paper ballot counting.
A polar bear is a cartesian bear after a coordinate transform.
"Information Technology and Innovation Foundation"... never heard of them. Let me guess... they are another supposed advocacy group who, after even mildly looking into it, will be found to have ties to the Right Wing propaganda and hate speech party (aka the Republicans).
As conservatives have been doing for years, if you aren't smart enough to contribute to the discussion, then you just muddy the waters. Look how well it worked out with Global Warming! We are on the edge of a complete environmental meltdown, all brought about by the yelling and shouting of Global Warming deniers with no scientific backgrounds.
Likewise... the "experts" who brought us electronic voting in 2002 and 2004 were "IT experts" with no background in either information or technology (well, except for "I guarantee a Republican victory" Diebold, who makes ATM machines, strangely enough).
So all the reich wingers want to do is muddy the discussion on meaningful "reform" (which actually looks like going back to how it was done pre-2000, as all meaningful reforms will have to start with). Why anyone thought a party claiming government could do nothing would actually accomplish anything is a shocking study of human stupidity.
But then again, Fiscal Conservatives came into office triumphantly proclaiming "DEFICITS DONT MATTER!!!!", and are perfectly happy spending $2 BILLION every month in an illegal war in Iraq... so it's not like they aren't broadcasting their hypocracy.
If paper, well, it seems to me we are back to paper.
And then there is the problem of whether possession of enough keys would allow backtracking through the obscurring processes and identifying voters.
I suppose it would not be impossible to substitute a web published anonymous roll and caching the published roll to get somewhat close to the effect of paper for some definition of "somewhat close". But then we are relying on, say, Google (maybe not so bad), Microsoft (need I say more?), and others to not yield to pressure should there be a coverup.
I understand PKCS. I also understand that it depends on humans to implement it.
And then there's opacity, which simply cannot be got around. Humans can judge the paper ballot with separable stub method. Ordinary humans can't judge cryptography. (Which is what I keep talking about the ROMs for.)
hmm. Okay, say I compromise the ROM. I don't try to make it record false votes, but I do write in a little routine that makes the voting machine give up the actual value of each vote in order voted or some slightly obscure way of reproducing the votes by an alternate (out of band) method. Your cryptography is holding this wall just fine, but the enemy has jumped over a different wall and escaped with just enough information for the local goons to come around telling you you voted for the wrong guy, and maybe next time the artificial kneecaps will remind you not to do that.
Shoot, if you consider how much RFI keyboards and monitors leak, the ROM could be compromised with a routine to broadcast the vote being cast through some pushbutton wires, or even the display screen. Or, if you really want to be subtle, the physical printed circuit might leave an innocent looking length of trace ungrounded, and the ROM could broadcast the vote out that.
How many examples of hidden ways to compromise this kind of machinery do you need before you start taking a serious look at how much you're gambling on cryptography?
judanzuki
To this point in history, Americans have NEVER had any paper trail to indicate how, for whom or when they voted. And with good reason.
Of course a paper trail causes problems. A paper trail makes it infinitely easier for others to find out who you voted for.
Work for corporate America and are 'asked' to make a political contribution to whatever party the business likes best? With a paper trail, you can be asked to vote, with printed verification, accordingly too.
Down on your luck? Why not sell your vote and have a receipt to take back to your buyer?
Vote in favor of gay marriage or against abortion? Your neighbors can much more easily find out.
If that's too tin-foil for you, know that these records will be stored somewhere on some government server. How far has the government gone to prevent VA records from getting 'lost', from Social Security information from being stolen?
Anonymous (as in no way to verify how you voted) is one of the things that we just plain can't let go of.
Electronic voting in general is a bad idea. With electronic voting, there's no paper ticket for an honest judge or some other civil-minded civil servant to inspect.
Just like taking notes and jotting down quick ideas, a good old piece of paper is best.
Message contains 1 attachment: spam.gif
You misspelled Diebold.
Have gnu, will travel.
What you need is a double check system that would require a more sophisticated hack to overcome:
You have two machines, one that the voter does that actual voting at and another that verifies. After voting, this machine prints two cards with the voters choices in a way that is machine and human readable. At the bottom of the card is a signature hash of the voters choices and some vote id number.
When the voter goes to leave, they feed one of the cards into a machine that reads the votes and then verifies against the signature. The machine keeps one of the cards in case a manual count is for some reason required. At the end, the data from both the voting and verifying machine are compared. Only the votes that show up on both machines are counted.
br/
You must remember, in the USA only the federal government is a complete representative democracy. Someone correct me if I'm wrong but at the federal lever the people only elect their Representative, Senator, and the President. Truthfully, in the Constitution as originally written, the Senators were chosen by the state legislatures not by the electorate. All of the various voter referendums are at the State or local levels. Our federal government has never, in my knowledge, put a referendum on the ballot.
So the system can easily hand you "cryptographic proof" that it voted for the wrong person on your behalf, and you have no way of knowing, other than to ask another piece of equipment which can as easily lie to you.
A vote on a piece of paper can be physially tracked, and easily visually verified by a voter, (or their trusted assistant in the case of someone blind). Infrastructure is in place, and has been, for literally hundreds of years, for dealing with paper ballots.
With a cryptographic system, we're all blind, and for an assistant to read our ballot to us we have equipment. And we don't know how to build equipment that's tamper proof, so it can be made to lie to us, even if it was built correctly in the first place.
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
A paper receipt has very limited value -- even if a recount of the paper could be semi-automated it would most likely introduce enough errors in the recount that there would always be a discrepancy.
Focus on building the protocol standards for e-voting and force vendors to comply with these standards. In a standard voting scheme, multiple electronic vote counters can be used to record the same vote and a total count can be requested between two or more systems when the electronic voting is complete.
If the total counts don't match, we can assume either the vote is wrong or one of the vendors has a software defect.
Remove the proprietary nature of electronic voting systems and you will also remove the chance that a single interest can control the election.
Eric Sarjeant
eric[@]sarjeant.com
> Congress is considering a 'Voter Confidence and Increased Accountability Act of 2007,'
> which would mandate 'voter-verified' paper audit trails
Well, don't feel too bad. At least this is an improvement on the previous act, Computerized Overtally Undertaking Program, which itself was an improvement over the Automated Secure-Selection Field Unit Computerized Keyboard,
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Electronic systems, even those with a paper trail, can be corrupted.
...or alternatively, continuing to use the previous example of a double-column database, counting votes out of the second column rather than the first.
Who verifies that what is recorded in the database is the same thing printed on the receipt? It'd be easy enough for whomever deigns the software to have two "columns" in the database - one that's written with the "real" vote, and a second that's written with whatever they want. Cryptographic signing involved? Just store a second hash for the second column. Then they just have to have the "counting" system look at the second column rather than the first.
If the receipt is reverse-verifiable, who verifies that the result of the verification is the actual result that will be counted? Again, the system could indeed "verify" the vote to be for candidate X, but if that second column (the one that gets counted) is for candidate Y, the voter has no way of knowing it.
Who verifies the counting system is counting the correct votes - or is even counting votes at all? It's not hard to imagine a tiny bit of code that sits just before the final report, doing something along the lines of:
$total = $A_votes + $B_votes;
$A_votes = $total * 0.49;
$B_votes = $total * 0.51;
reportResults($total, $A_votes, $B_votes);
If the corruption occurs *internally* to the voting system, by even a semi-competant programmer, it won't be detectable except by a VERY thorough code-review on the machine in a secure environment directly prior to the actual counting. Given the commercial nature of voting-machine suppliers, that won't be something they allow the general populace to do.
"The move towards voting on issues makes it closer to direct democracy, which your founding fathers had serious issues with, believing it to be nothing more than mob rule."
::reaches for revolver::
You say that like it's a bad thing...
As is pointed out in a clearly written comment by Sandford Morganstein of Populex Corporation, which appears below the original article:
"On the very first page of the bill, at the very top, above the list of maybe close to 100 co-sponsors are the words:
"'To amend the Help America Vote Act of 2002 to require a voter-verified
permanent paper ballot under title III of such Act, and for other purposes.'
"The point is the bill calls for a permanent paper ballot not a paper audit trail.
"In fact the term "audit trail" never appears in the bill while the term "paper ballot" appears forty-nine times.
"This is no subtle difference. I believe that Congressman Holt, the author of the bill (and a Ph. D. physicist) knew exactly what he was doing."
It's true, and wonderful, and truly wonderful how much faster computers can make things happen; how they can obscure all the complexities and crunch over details.
Obscurity and lack of detail is precisely what you dont' want in a vote-counting process.
Those who fail to understand communication protocols, are doomed to repeat them over port 80.
Bullshit/spin is as always entertaining.
...,
... whatever is
The issue is not paper, encryption
The issue is DEMOCRACY or DE-MOCKERY.
Democratic elections must be far beyond
suspect, and citizens must be confident.
If either cannot be reasonably and
believably assured to the public, then
eroding confidence in the government will
eventually be the very least of the public
and politicians/plutocrats' concerns.
Our Democracy depends on honest elections.
If there is election/campaign corruption, then
it is treason; So, we need the death penalty
for traitors.
But always we need confident and fearless citizens
in our democracy and honest elections. Give every
citizen a vote paper-receipt, an encryption solution,
a physical and electronic count
required to return elections confidence to our citizens.
Also, a mandatory Federal elections holiday every other year
would greatly improve my confidence in our democracy. Lets
drop Christmas, NewYear, or Columbus day an make an election
holiday for all US.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Most modern democracies have their roots in parliamentary democracy, which was originally intended as a way for kings to gather the movers and shakers in one place to figure stuff out. It was designed to serve the interests of kings, not citizens.
Athenian democracy was a society that had slavery as a given, they never intended to have every single human being voting, certainly not the slave classes.
Now, the original founders of the US did a bang-up job trying to make a break with English kings, but then we get the electoral college system in it's present incarnation, where it does an excellent job of _consolidating power_.
As a Canadian, I've always been a big admirer of the US constitution (oh, that we could have something so iron-clad as you guys do!) but it seems like in modern times, there's been a push to take power out of the hands of citizens and consolidate it in the hands of a few.
The plural form of "anecdote" is "anecdotes", not "evidence".
If you were to use some kind of running hash algorythm, then all you would need to validate a paper would be a single receipt and its order, and another single receipt from that machine and its order. The hash at each point in the stream would not match if votes between the two points had been changed.
At each point in the linear order of votes cast, the hash would be altered by including the next vote. Change order of or number of votes, and a different hash will evolve. As long as a trail of each vote and that hash at that time were kept, then any receipt could be compared to the stored value in the machine for that receipt number to be certain that all the records to that point match what users were given.
The algorythm in the machine could also be validated by running the same sequence of votes through a 'known good' source and comparing the hashes.
I'm sure I'm missing some finer details here, but in principal this should be extremely effective and secure.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
You totally misunderstand where it's insecure.
You're trusting - wildly, blindly trusting - the people who make the solution.
It's insecure to the people who implement that solution. You're giving a few programmers and technician's godlike powers over our politics. You can verified it's not tampered with "in transmission"... but not that the process is sound. As some examples:
If 0 and 1 are both valid votes for a person to make, no system except the voter themselves outside of the voting machine can hypothetically verify whether that vote was a 0 or 1. So you can only verify that the system accurately reported the votes by a source audit of all software, firmware, and hardware in the voting system. Let me highlight that point: In a modern system, almost any piece of the hardware is complex enough to conceal malicious changes.
But a source audit isn't enough; you have to have a provable chain of trust over the source to the compiler, and the compiler that compiled the compiler... you have to rewrite a programming language from scratch. AND at every step you have to prove no one cheated. Now, could YOU make such a system, given enough time, that YOU could trust? maybe. Could YOU make such a system that _I_ should trust? no. Because I don't know you.
This is the problem true - EXTERNAL* - voter paper trails solve. If the voter actually takes a slip with the printed vote, reads it, and actually places it in an actual box, then no amount of voter-machine fraud can defraud the recount. And so if you have that kind of fraud and detect it** you have a big mess, but not a wholesale failure of democracy electing a random person.
I pretty strongly doubt you could make a cryptographic system so strong that no one with total control over the results could forge the votes AND the checksums so they match. Maybe they'd need a private key that's on each machine... but whoops, we're talking about someone who PUTS those private keys on the machine. However, I'll readily admit I haven't done a lot of analysis in this area... because it doesn't matter at all to my point. If you can't trust the machines not to universally and subtly forge the results BEFORE any crypto process goes on, no amount of crypto can ever save you.
Even so, your BEST-case-scenario for auditability is that someone is going to publish every voter result in the country along with all the checksum and it's going to be publicly verified by... who? A few hundred academic programmers who understand enough crypto, tops? Otherwise you're talking about it being cryptographically verified by a very few people with a very few computers who are doing the counting.
In summary, I totally agree that a hypothetically secure system could be fairly secure against a random attacker, and that what we actually have looks like it was written with monkeys and typewriters by comparison, giving us banana democracy at best. The current system isn't just hackable, it's SO hackable it's almost definitely been done - and we KNOW that they waved their magic wand and threw out results after obvious problems in a bunch of different areas; Diebold techs basically said some vote counts that even their machines didn't say, and that's who got elected.
We can do a lot better than that in an electronic voting machine.
But at best, that's a false sense of security; it can never have broad end to end trust.
*An internal paper trail is NOT sufficient, because you can't externally verify it didn't print extra votes OR externally verify that it didn't scratch off valid votes.
**You are very likely to detect it, because a very close election usually triggers an automatic election - and an election with a lot of deviation will be detected by substantial exit poll variances. Our system is already setup so that basically if the loser thinks there was fraud they can demand this...
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
Studies either confirm common sense, or they are wrong. This is complete BS press release that clearly came from Diebold.
Just like when Microsoft funds studies of the costs of Linux...
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
It's expensive to run an election, so politicians who want to look fiscally responsible will make sure to keep elections consolidated. After all, they wouldn't want to cut any of those expensive boondoggles, would they?
Hi, what state do you live in? ...Well, it has everything to do with it.
Let's pretend the President is elected by a direct popular vote. Now say you live in North Dakota. How would you feel that New York, California, and Florida are consistently electing the President (based on population), and it doesn't, and won't ever matter, whom North Dakota votes for. In this scenario, it's always the big cities who are electing the President.
Currently, every state gets a vote for each senator and a vote for each congressional district. For you in North Dakota, this makes your state's vote go from 0 to 3. You should be able to see what effect this has on candidates (and Presidents) paying attention to you. A candidate just can't simply campaign in a few populous states, as he/she will need the other states (maybe not individually, but in aggregate) to win the election.
Most people that I've seen complain usually live in a populous state, in a large urban area, and are not taking what I said above into account. Usually when I explain it this way, at the very least their argument becomes more focused on refinements rather than scrapping the system.
Personally, I believe that if one wants to scrap the Electoral College, that person inherently wants the bicameral Congress scrapped too.
Any hypothetical electronic system, no matter how secure, is vulnerable to basically _universal_, unauditable fraud by a tiny number of conspirators in the right place - as low as 1.
:)
The minimum number of people you need for a conspiracy is two
Paper ballots require a massive concerted effort with hudreds, or even thousands of conspirators.
But only for a few/one of these people to make a mistake or "whistleblow".
I run elections...and I would rather have the machine count the votes, than go through thousands by hand to count. After awhile, mistakes can be made when hand counting. It is very tedious and after awhile you become cross-eyed. We pre-test ALL machines and even with marking test ballots during pre-election mode, hand counting has to be done over and over again. If there was just one office on each ballot, that would be different. But when you have sometimes as many as 50 candidates on one ballot...the possibility of errors in hand counting are atrocious. The only reason for the newest type of voting machines in our state is because of HAVA. Actually, we don't promote the machine. It's cumbersome, can be extremely long to use, but it provides a method for those with special needs (blind, deaf, etc.) What we are lacking is a national voter ID card. I live on the border between states; there is no way to no whether a person who owns a second home in another state votes more than once. And in our area, there are ALOT of people who could do this. And another thing that stops the whole process is the people who vote for "I Don't Care" and "Mickey Mouse", etc. Those votes have to be hand counted and tracked. What a waste of taxpayer dollars for those that have NO IDEA of the amount of time it takes to make sure those votes get counted! The last governor's election, I began work at 4:30 am and ended at 4:45 am the next day; no sleep, no napping....just working. If we hand counted those same ballots, we probably would have had to lock them up, get some sleep and worked until late the next day. That is not exactly the safest plan. There is a lot more to voting than just having the machine print the totals at the end of the day. I encourage anyone who complains about the system, volunteer their time on election day to work at the polls!
So give me a piece of paper that has my SSN, a unique identifier, and who and what I voted for.
This data all goes into a central server. A copy of which, without SSN, is placed online. I can use my unique identifier to verify that my vote was registered correctly and not misplaced or miscounted.
An independent agency or two or three can run an SQL compare against the two databases looking to verify they are in sync, one sans the SSN.
The only thing that doesn't cover is stuffed votes. Votes for people who didn't actually vote. I'm not sure what you do about that. Random polling verification?
Anyway, that's a "next" step towards better accountability.
Truth be told, it probably doesn't matter much to me who wins. Being low man on the pole, I suffer regardless.
They sure did, though they didn't get held accountable. There were districts in Ohio were the official raw results showed more votes for Bush than there were voters. This is a fact.
I don't care how large the circle is, blind people can't see it. And illiterate people still won't be able to read it. And some disabled people still won't be able to mark the circle. Electronic machines solve all those problems.
A very, very small percentage of people have these problems. And for the few that do:
Programs and Services for Persons with Special Needs
Elections Canada offers information, education and accessibility services to persons who have a disability, seniors, persons with limited reading and writing skills, and persons living in transitional situations (homeless or living in a shelter for victims of abuse). Material is available in alternative formats: large print, Braille, audiocassette and diskette (for talking computers).
Among the services provided by Elections Canada for persons with a disability are:
TTY 1 800 361-8935 (toll-free in Canada and the United States)
The problem with this or any other completely computer based, is that it is still a black box to me. Plus being able to verify that my vote was counted correctly doesn't prove anything. It doesn't prevent votes from being added. People keep missing the point. The paper ballots aren't the ends they are the means to conducting a statistically meaningful audit of the election.
Of course as things stand now, windoze based machines with trivially hackable databases are used to count your votes. Audits are NOT conducted. Real recounts are NOT conducted. HR811 would change that and provide a physical audit trail, and require statistically valid audits of elections. HR811 is the only thing standing between us and another election that we cannot prove was or wasn't stolen. Please call your representative and beg them to vote yes on HR811, and no on the unfunded mandate amendment (which would gut the 2008 deadline.) 202-225-9091
-- QED
I assume you confuse proportional representation with a particular, common type that has a closed list. The option is open list, where a candidate increases the vote count for his party, and after the proportion of the party in the parliament is calculated from this, the seats are given in the voter's order of preference (the "open list"). In a closed list system, the party decides beforehand the order of candidates, and in a counter-democratic manner, individuals get to decide only which list they prefer, not which people they prefer.
By the way, all the ballots in this country are the same. They have a circle, which reads "number:", and into which you write the number of the candidate. These are then hand-counted (the count is supervised by people from different parties, so each party sees that other parties aren't cheating). Such a system assumes that voters can read and write, though.
It'd be difficult to image the "what if" scenario for United States using proportional representation.
When was this?
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
If so, here is the link.
http://www.itif.org/files/evoting.pdf
Here is a summary and here is a point-by-point dissection.
I agree with the basic premise of the report that the debate about electronic voting needs to be broader and include other verification technologies than voter-verified paper audit trails. I am in basic agreement with the policy recommendations of the paper but I feel that these recommendations need some caveats.
I disagree with much of the setup of the report. The susceptibility to fraud of electronic voting machines is downplayed too much as is the ability of voter-verified paper audit trails to mitigate that. The tone of the report when talking about organizations promoting voter verified audit trails or promoting distrust of eVoting is absolutely poisonous and Mr. Castro should be ashamed.
The recommendations
The report makes three recommendations:
I do not fully agree. For such a recommendation to be acceptable it must be coupled with the system having an acceptable verifiable audit trail. It is my fear that this report will be used to justify continued use of electronic voting systems without any sort of verifiability.
I agree. I am concerned that this recommendation does not limit the continued use of non verifiable systems that are currently in use. I am also concerned about the details of what is considered an acceptable verifiable audit trail.
I agree with the principle of this recommendation. Ideally funding is for open academic research of voting technology. I am unsure if the EAC is the correct vehicle for providing this funding.
Follow my election reform blog at AllAboutVoting.com