Slashdot Mirror
Paper Trails Don't Ensure Accurate E-Voting Totals
An anonymous reader writes "In an new report from the Information Technology and Innovation Foundation they say that paper trails increase costs and can actually reduce the chances a voters' choices are accurately counted. Congress is considering a 'Voter Confidence and Increased Accountability Act of 2007,' which would mandate 'voter-verified' paper audit trails."
The rest of the board is similar (link).
"Rhett Dawson is President and CEO of the Information Technology Industry Council (ITI). Immediately prior to being selected as President of ITI, Dawson was Senior Vice President of Law and Public Policy for the Potomac Electric Power Company. In the Reagan administration, Dawson was Assistant to the President for Operations. At the White House, he managed the staff and decision-making process for President Reagan and was responsible for three White House support units: the White House Office, the Office of Administration, and the White House Military Office. He also was Executive Director of two presidential commissions, the President's Special Review Board (the Tower Board) that investigated the Iran-Contra matter, and the President's Blue Ribbon Commission on Defense Management (the Packard Commission). During the 1980s Dawson was a partner in two Washington law firms. Earlier in his career, he was Staff Director and Chief Counsel for the Senate Committee on Armed Services, Minority Counsel for the Senate Committee to Study Governmental Operations with Respect to Intelligence Activities (the Church Committee), and Minority Counsel for the Joint Committee on Defense Production. He is a member of the statutory Commission on National Guard and Reserve, and he is Vice Chair of the State Department's advisory committee on International Communication and Information Policy. Dawson received his undergraduate degree from Illinois Wesleyan University, where he was recognized in 2001 as the Alumni of the Year. He was awarded his law degree from Washington University."
CC.
TaijiQuan (Huang, 5 loosenings)
Who are the "Information Technology and Whatsit Foundation"? Because it wouldn't surprise me in the slightest if they're a lobby group representing Diebold.
The article is totally worthless. It just states that some industry-sponsored organisation doesn't like paper trails. Let me guess, it's sponsored by the voting machine manufacturers or by Buy-An-Election Inc.
As to why paper trails are bad, they don't say, just that they will publish a paper really soon now. News at 11.
Just a quick browse of their "ITIF in the news" page and it looks like they are big fans of Real-ID and RFID tagging in general. On network neutrality they appear to be in favor of just leaving it up to the FCC to determine on a case-by-case basis what telecomm companies are abusive and which aren't - no legislation required, and their justification seems to be that some of the proposed legislation has been over-the-top (typical FUD about preventing telecomms from 'innovating').
Who funds these people?
When information is power, privacy is freedom.
... the answer is very simple.
The voter marks the ballot paper with a pencil. The ballots are counted by hand by human beings.
Completely transparent, complete audit trail, safeguards against all the failure modes discovered over the decades, results within hours, recounts within hours if needed.
Oh, and I expect it's cheaper than all this inappropriate mucking around with computers too. Computers aren't the answer to everything. This is one application in which they have no place.
"ITIF wants to spark discussion of how new technology can solve the problems. The report outlines innovations in voting machines that offer "end-to-end verifiability." It explains the cryptography the systems use and says that Congress should pass legislation based on S. 730 and H.R. 2360, which require verifiable audit trails without specifying that paper be used."
1. Not end to end. I can't do cryptography decryption in my head, and the vote verifier at the other end, he can't also do decryptions in his head. So any solution that involved cryptography isn't end to end.
2. One doesn't preclude the other. You can encrypt the electronic vote AND STILL HAVE THE PAPER AUDIT TRAIL to check the machine's cryptographic vote matches the voters intentions.
3. Papertrails, or ballots as we use to call them, have a proven track record of uncovering fraud in voting. To date the fraud in electronic voting is suspect but unproven. It is unlikely that fraud is eliminated in electronic voting, because fraud is *easier* not *harder* to do when votes can be changed so easily and untraceably on mass in a computer. So the lack of uncovering fraud is likely to be a weakness in the auditability of these machines. i.e. we suspect voter fraud because of systematic irregularities in key districts, but nothing can be proved because the lack of paper trail to verify against.
Why does he want unauditable machines? I see from his history that he's a professional technology lobbyists, but I'm curious why the FUD to keep the voting machines unauditable?
A technology company producing a report suggesting that plain old paper may be unreliable?
Im shocked. Really.
Up next - 'Republican Party publish report saying the the Republican Party is better than the Democrats'?
There are those who want us to delay replacing the Diebold (and similar) voting machines, forever if necessary, until we have a perfect solution.
Of course, there is no perfect solution. We only have adequate solutions.
Condorcet voting is mathematically better than simple tallies or "instant runoff" voting. But does anyone except mathematicians comprehend it? Would switching to it increase our confidence in voting or would people be suspicious and trust voting even less?
Paper is adequate. And what's better, it is something that mere mortals understand. And the attack vectors for paper are reasonbly well understood after more than a century of use of the "Australian" ballot style that we all use today.
The proposal by this group opens the door to FUD and infinite delay, and thus infinite retention of flawed DRE voting machines. Diebold would win, democracy would lose.
It is not hard to make a voter-verifiable paper-trail voting system. Publish a database of election results that includes a unique ID generated by the voting machine for each vote. Also print that ID on a paper receipt that the voter can take home after voting. Then the voter can verify via the internet if the vote was tallied with the right party/candidate. And it will also be possible to verify the totals by downloading the full database and doing the sums yourself.
On the same paper receipt, the candidate/party that was voted on can be printed. But it is better to hash that information together with the unique ID and encrypt it using a private election key and then print the result on the receipt (e.g. as a hex string). This generates a voting receipt that, when decoded with the public key, is verifyably a receipt of a vote that should have been counted for that election.
"I would have much more confidence in a cryptographic scheme that makes it effectively impossible for a voting machine to cheat. This is not all that difficult to accomplish and the necessary design criteria are widely available in the literature. A paper trail doesn't really help."
There is just one simple, practical, logical rule for machine assisted voting that anyone need remeber:
A machine that prints your choice is at worst a waste of money, a machine that counts your choice is at best a waste of money.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
The likeliness that computers are capable of correctly counting 100,000 perfectly submitted votes more accurately than humans in an ideal world isn't exactly a surprise, but this isn't really the point because the world isn't ideal and it's not realistic.
Even if paper trails are slightly less accurate in the counting (something I'd dispute once factoring in less measurable quantities like corruption of officials and potential hacking), one of the most important advantages of paper trails is that they can be easily understood by virtually everyone who votes. A voter verifies their correct vote is recorded on a slip of paper, places it in a ballot box, and then the votes recorded on the papers in the ballot boxes are counted, with the process being vetted by people who have reasons to make sure it's being done properly. The entire process is completely visible and clear from start to finish.
This is quite different to voting through computer interfaces, where the ability for nearly everyone to understand ends at them pressing a touch-screen. The abstract concepts of what goes on inside the system are very difficult for most people to grasp, unless they have a relatively high education. Furthermore, very few people can verify and confirm that it's working correctly.
Trust of as much of the population as possible is of huge importance in elections, and systems with paper trails are the ones that are easiest for the majority of people to trust.
High - When I buy anything with a credit card - (requires ID, receive receipt)
Medium - When I get $20 out of an ATM - (requires ID, receive receipt)
Low - When I buy a hamburger & fries - (no ID, receive receipt)
Worthless - When I vote - (no ID, no receipt, no confidence)
A proper voter-verified paper ballot system is as good as it gets when it comes to a combination of accuracy, verifiability, and accountability.
It's real simple: the voter makes his selection using, say, a voting machine. Voting machine spits out paper ballot and shows it to voter. Voter examines ballot to make sure ballot is good. If ballot is good, voter tells machine to accept the ballot and machine drops ballot into sealed box. If not, voter tells machine to reject the ballot and machine allows user to re-select candidates.
At the end of the election, the total number of paper ballots are counted and compared with the total number of people who actually came in to vote. They should match, of course. It's also compared with the total number of votes the machines recorded. That, too, should match.
You can have the machines tabulate the voting results. You can then statistically test the results of the machines by pulling a random (but sufficiently large) set of ballots from the box and manually tabulating them. But you also have the option of doing a full manual count, which is of course what you do if the statistical count shows that the machines were off. And the closer any given race is, the larger the sample has to be to get the statistical error below that of the percentage difference between the closest candidates in the race.
No purely machine-based voting system is sufficiently trustworthy to be suitable for an election. Any machine can be compromised, by the manufacturer if nobody else. That's a risk that isn't worth taking when the freedom of the country is potentially at stake.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
Why the fuck do you Americans need to use goddamn voting machines?
Canada gets away just fine with using paper ballots. When you vote, you use a pencil to put a check in a circle next to the name of the candidate you're voting for. The circle is large and the text is large, to allow those with poor eyesight to get a better view of what's on the ballot, thus reducing mistakes.
What's more, the results for Canadian elections are near-instantaneous. They actually have legislation in place to prevent the media from reporting about the final results in the eastern and central provinces while polling stations are still open in the west! Why the fuck can't the US manage that?
Yeah, the American population is 10 times larger than the Canadian population. But that's irrelevant! Use 10 times as many ballot counters, and the system will scale just as well.
It's a mixed situation here in Europe. Some of our nations use the sensible Canadian method. Others are stupid, and follow the American scheme with doodad voting machines and all that jibberjabber. But really, we should all just use the Canadian method. It's the best, and safest, there is.
American's are not the only ones with long ballots. Germany has long ballots as well because you get to vote twice (your first vote and second vote). Then add in all of the tom-dick-harry parties and ballots become 24 inches long. In Switzerland folks vote every three to four months since it is a direct democracy. My point is the long ballot is not an excuse.
What I think is problematic in the US is that there is this automatic tendency to automate tasks and thus making it difficult for the people to carry out the task. Case in point the ballots with hanging chads. Why on earth is there such a ballot? Oh yeah so that you can save a few bucks on counting the votes. But who cares that the voter has to take a Phd on casting votes.
To put this in context. India in 2004 put in electronic voting machines for 348 million people http://www.kablenet.com/kd.nsf/Frontpage/A109B59D2C4BCBA380256E9400373E62?OpenDocument
I am sure its not perfect, BUT you have to think twice about this. In a country that is mostly poverty stricken and where people can't really read they have a working democratic system and 348 million people can vote electronically. And what was the population of the US? 300 million...
No, the problem here is quite simple the American voting infrastructure. It's not the fault of the people, nor the political system, but the folks who run the voting infrastructure! They need a good "flogging."
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
In other news: Backups Don't Ensure your data are safe.
"In an new report from the Information Technology and Innovation Foundation they say that backups can increase costs and can actually reduce the chances that users data have to be recreated."
Just vote for the MP?
You think freedom can be reduced to a popularity contest?
Up until recently, America was about voting issues, not people.
Some people find it incomprehensible that an elected representative of the people would find himself trying to implement the will of the people, rather than simply assuming that the election gave him license to implement his/her own ideas. (You do hear me muttering under my breath here, yes.)
This is entirely the point of having the people vote on so much.
It has something to do with the DIY mindset that also used to be rather typical of people from the USA.
joudanzuki
is that only the mathematicians really understand what's going on.
We may know that (if and only if the algorithm is implemented correctly) the method works, but for the rest of the citizenry, this is asking them to put their trust in (yet another) technical priesthood.
The system has to be simple enough for anyone to see, and simple enough that anyone willing to comprehend freedom can comprehend it. It has to be visible.
Thus, the stubbed, anonymous paper ballot, the stub and the ballot going in separate, locked boxes, and each voting station accounting for every ballot received, and more than two voting judges, from different parties, present all during the setup, voting, takedown, and initial count.
It is not perfect, but it is visible, and it works.
Nothing in this world is perfect, and when you start playing cryptic cryptographic math games, it just makes part of the process invisible (opaque) to too many voters.
joudanzuki
I am TheRaven on Soylent News
I would be guessing that this article is a red herring designed to make voting machines that _do_ print paper trails appear more respectable.
Are there any facts associated with this article? It appears that this is just one group's claim, backed up by nothing other than their opinion.
The facts of the matter are:
with all this, a well mandated, accessible, audited electronic voting system is more secure than previous voting methods. There is no excuse for these companies to have created and sold the craptastic voting machines they did. There is no reason for Diebold, an ATM maker, to have only made voting machines that had no paper trail capabilities. If they tried to sell something like that toa bank, their contract would have been dropped in a heartbeat, but election boards across the country didn't blink an eye. It is time that there be a nationwide standard that works within a degree of certainty. Electronic voting machines with paper audit trails are accessible, human readable, and as secure as anything we currently use. You don't have questions of "Did this voter actually mark a circle?" or "Which of these half erased circles did the voter mean?" or "That chad isn't punched all the way through, so I will just do it for them because I know what they meant." It is very hard for an auditor to see "President: Al Gore" printed on a receipt in human readable form and say that the voter chose George Bush.
Clones are people two.
While I was taught about the electoral college, voting system, and government while I was in school, it seems that the "real world" is a lot different. (surprise!) If I remember correctly, the electors don't even have to vote for the candidate with the most ballot votes, they can choose to vote another way, becoming faithless electors.. WTF? And I'm supposed to trust these people? I find a lot of problems with the system.. Personally, it seems that if a candidate receives the majority of the votes (citizen votes, not electoral votes), then they should be the elected official. However, as we've seen in the past, that's not necessarily true.
I have no faith at all in our political system. I vote because I want my voice heard. Apparently I'm not in-tune with popular opinion, though, because I have yet to vote for any of these elected officials..
XenoPhage
Technological Musings
Paper voting systems are extremely vulnerable to localized, small scale fraud by a relatively large number of conspirators.
Any hypothetical electronic system, no matter how secure, is vulnerable to basically _universal_, unauditable fraud by a tiny number of conspirators in the right place - as low as 1. Any kind of cryptographic system can be defeated by the guy who actually controls where the actually-compiled source code - and the COMPILER source code - came from. Even in an OSS system, it's awfully hard to prove that's really the source that's being compiled and that it's being done by a fair compiler.
That's a big difference, and it's an innate, immutable difference. Paper is highly decentralized because much of the population can read. ANY computer system is highly centralized - even if you have perhaps 10 sets of voting machines, that's at best 10 major code trees...
Your worst-case scenario with a paper vote can be a conspiracy on the counting side - which is already done by members of both parties together. So the only way to have this work out is if you also stuff the observers of the OTHER party with conspirators.
The other way requires a pervasive box-stuffing campaign across a wide array of precincts right in the face of bipartisan election judges.
In both cases, you can basically only pull this off in an area where the government is pretty much universally and tightly controlled by one group. A good example is the original Daley's regime in Chicago (Daley per se may not have... ) Note, however, that if THOSE people were elected to the part where they tightly control the government, chances are the voting populace would vote for a similar candidate in that area.
And the risk of those conspirators going to jail is still relatively high.
As theRaven64 said - the important thing about a paper vote is that it's transparent to everyone.
I'll go a step further and say that we as a country are not capable at this time of commissioning a fair electronic voting standard - currently we can't even manage a "not-obviously-retarded" electronic voting standard. Asking election officials to manage cryptographic standards is in practice outsourcing our democracy to a handful of large self serving partisan corporations, because that's how technology tasks are done. The government does not have a good track record of accomplishing either security or transparency in tech projects.
Finally, note that THE reason electronic voting is _theoretically_ used is to provide faster counts. If you treat it like it should be - as a precount - it could easily be used to give a really fast estimate of the votes.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
"serious limitations that diminish their ability to effectively verify election results."
Paper trail limitations: they require other equipment or groups of people to count them for audits or recounts.
Other technology: you have to rely on the original equipment to report the results correctly the first time. This is cheaper and more accurate, as your results are always the same.
Microsoft is to software what Budweiser is to beer.
Ok, let's say you receive your crypto token, and can prove at any point that your vote was counted all the way to the grand total.
Also remember that it's not enough to hold on for it for 5 minutes. You must hold on to it all the way to the recounts, at least. If you just prove before leaving that the machine still has your vote, then there's not thing to say someone can't flip the votes in the database later.
The problem is this: any proof of how you voted, can be used for electoral fraud by itself. E.g.:
- Someone else can demand that proof that you voted for their candidate, or else. Let's say Don Corleone, the respectable head of the local mafia group, is running for mayor. If you have your ticket that you can check at a terminal, then so can Don Corleone's goons for you. It makes an electoral racket as simple as a protection racket. You know, you only have one kneecap in each leg, it would be a shame if that were to change. Show your ticket proving that you voted for Don Corleone, and you have our "protection" so it doesn't.
- Outright buying votes. Let's say I've won the lottery jackpot and want to be governor. Or just mayor. It's as this: everyone who shows me a ticket proving that they've voted for me, gets 100$, no questions asked. (And I'll store the crypto token on a database of my own, of course, so several people can't come with the same ticket.) In fact, let's turn up peer pressure a notch: if you can also prove that your spouse (if applicable) and at least one parent or child of voting age also voted for me, you get an extra 100$. You know, just to have old retired moms call their sons and do the "you won't even do that for me?" sobbing act.
- Pure social pressure. E.g., if you're a student still living with your parents, whoppee, they can control who you voted for. You know, under the old principle of, "as long as you're in _my_ house, you'll do what _I_ say, young man. Now let's go to a terminal and you'll prove to me that you voted as I told you to." E.g., if you want to keep working at my office, better "voluntarily" prove that you voted for my favourite candidate.
Etc.
Yeah, I'm sure _you_ would bravely stand your ground, stick to your ideals, and never betray the sanctity of the free democratic voting. Maybe. But considering that elections have been won by a 0.1% lead before, the funny thing is: you don't need to get _everyone_ to cooperate.
Some of those aren't even easy to legislate against. E.g., how would you legislate against parents demanding to see their 21 year old son's ticket?
So, no. Please don't do that. The important thing about votes isn't just that they're counted, but also that they're secret and hard to influence. The moment all that remains is that they're counted, but someone can easily influence the voters and/or check what they voted... well, you might as well not bother pretending it's a democracy any more.
A polar bear is a cartesian bear after a coordinate transform.
Worse. Not to launch into a conspiracy tirade, but who says the machine prints out the user's selection? In a perfectly—or even halfway competent—world, all it would take is one dishonest group of people (Diebold?) to code the system with two result columns. The first stores the user's actual vote, the one it can print out on request given an encrypted value, or present on a confirmation screen for the user. The other stores the desired vote; maybe on a statistically weighted basis for a specific candidate or party as to make the slant non-obvious. The second column is used for tallies.
Suddenly your printed receipt is absolutely worthless. Sure, you can rest easy the system correctly registered your vote, but it's the master counting system, and the values it receives, that matters.
Paper ballots require a massive concerted effort with hudreds, or even thousands of conspirators. With Electronic voting, since the code is closed (and even if it was open, we can't ensure that's the code they used in the final machine), it takes one manager with an agenda and a handful of hand-chosen coders to implement it.
There may be a way around this, but I sure as hell don't know what it is.
Read: Rabbit Rue - Free serial nove
We use it here in Oregon, and it works well.
Anybody registered to vote, gets checked, then mailed their ballot to their address on file. Signature checks, collected at the DMV, are used to validate votes. Votes are mailed in a double secret envelope that allows verification but does not tie votes to voters.
The counting system is optical scan, is done in one location with security in place there. Audits are performed, and most importantly:
-the voter can verify their own vote
-said vote is human and machine readable
-casting of votes is distributed over time and space.
Blogging because I can...
Finally somebody getting around to speaking against the amazingly widespread myth that somehow a printed ballot is more accurate, more trustworthy, or more useful than an electronic record.
It's pretty incredible to see the Slashdot crowd speak of paper trails as if they were some sort of magic talisman ready to right the evils of the election system. Slashdotters of all people should understand that the whole point of digital computation is to improve precision of calculations far beyond what could be achieved by manual counts and paper trails, and that proper application of encryption and communications technologies can entirely reverse the weaknesses of either paper or poorly implemented eVoting.
It's so blindingly simple: a paper backup cannot possibly have the precision needed to resolve a close election. It's physically impossible. So what happens when the paper disagrees with the electronics? When the backup is more flawed from the start what good is it?
I could go on, but wow... it's so refreshing to see this story posted to Slashdot. I just wish the rest of the US would stop and think for a second to demand decent electronic voting systems instead of insisting on a broken solution to the wrong problem.
No reason for electronic voting machinery, except maybe for those with physical conditions that make it unreasonably difficult to use a bubble sheet.
Bubble sheets can be tallied electronically, but that's after the voting is all over with.
Simple ballot + stub, locked ballot box, proper accounting of unused ballots, with human judges and election observers, that's all that's necessary.
Every additional complexity just adds points of attack.
joudanzuki
I wonder if, perhaps, anonymous voting is going to have to go away. People register with their Social Security Numbers or RealIDs, vote, then can review their vote on a website along with everyone else's.
Of course, as with paper or e-voting, what the final tally shows may not reflect the paper/button press you submitted. Electronic or paper, you still need to trust the vote counters OR be able to verify your vote later.
Congress should have power. Congresspeople should not.
You misspelled Diebold.
Have gnu, will travel.