Open Source Voting Software Success

elhaf writes "The Open Voting Consortium has announced that they successfully demonstrated the Open Voting Process in San Luis Obispo this weekend. OVC received a request from San Luis Obispo County on the previous Monday to provide software to run their January 12 straw poll. By Friday, they had the software prepared and Saturday's event goes down as a great success for Open Voting Consortium and the cause of transparent election administration. They used Ubuntu and their code is publicly available. Surprisingly, counting ballots is not rocket science."

Not Rocket Science...

[jamieswith]

Surprisingly, counting ballots is not rocket science

Of course not, however there is a lot of science involved in the process of mis-counting ballots... especially in a way that avoids the possibility of getting caught.

Those are valuable trade secrets worth protecting!

Re:Not Rocket Science...

[chuckymonkey]

You've been modded funny, but I think an Insightful is in order. It really is a trade with large sums of money and corruption involved. Yes my aluminum foil brain wave scanning deflector sheild is firmly in place.

Re:Not Rocket Science...

[sethawoolley]

Yeah, rocket science, the Democratic Party did it! I guess they've finally caught up with the Libertarians and Greens that have been doing this stuff for years.

Seth Woolley
Pacific Green Party of Oregon Parliamentarian and past Elections Administrator

rocket science?!

Surprisingly, counting ballots is not rocket science. No, it's political science... and now computer science.

Voting_thing.tar

[gQuigs]

"[1] In case any techies want to see some code, here is the program for the voting counting program, written by Asheesh: http://www.openvotingconsortium.org/ad/voting_thing.tar
Here is Jan's code (if you want to run it and have some trouble, let me know and I will help you with it) http://user.it.uu.se/~jan/test/straw.tar"

I love the name.

Re:Voting_thing.tar

[davester666]

Now, prove that this is the code that actually was loaded onto and executed by the computer during the election. And that the BIOS didn't install a rootkit. [this would apply to any computer-based ssytem, not just an open-source one]

Re:Voting_thing.tar

[webmaster404]

A BIOS rootkit? Do those actually exist, when the BIOS doesn't do much on Linux, is that possible?

Re:Voting_thing.tar

[CastrTroy]

How do you verify the machine you are voting on is actually running this code?

Re:Voting_thing.tar

[SwedishPenguin]

Easy, get a hash of an executable know to be compiled correctly and compare it to the hash of the executable in the machine.
Although as long as ballots are counted by machines, even if they are open source, without a manual count also being done under controlled circumstances (ie observers from all involved parties as well as neutral observers) I wouldn't trust the results.

Re:Voting_thing.tar

[CastrTroy]

How do you ensure that the computer is returning the correct hash from it's executable. For all you know, their version of SHA1SUM could just return the predetermined hash code every time. Oh, and don't plan on bringing your own version of SHA1SUM, because there's no way to ensure that your version was actually run.

Re:Voting_thing.tar

[SwedishPenguin]

True. Then I suppose you'll have to resort to writing the machine code by hand. It's a long and arduous task, but it can be done.
Of course even if you manage to do that, then you'll have to have some way of confirming that the operating system hasn't been compromised. So we'll skip the operating system and just write directly to hardware (making the above task more difficult).
Then of course there's no way of knowing that the hardware hasn't been compromised.

So maybe just skip the whole thing and at most have a computer print a human readable ballot for you indicating the choices you made. Then count the ballot in the old-fashioned way, manually, ballot by ballot, under close supervision of observers.

Re:Voting_thing.tar

I love the name.

I don't. Some professionalism, please! Who is going to take something as important as vote counting software seriously when it's called the "voting thing"? And by some guy named Asheesh? (nothing to do with his name, but this is an open source effort and I assume involves many people, not just one.)

I like having fun with my code as much as the next programmer, but that's going a bit too far.

Re:Voting_thing.tar

[liquiddark]

Of course, there's no way to know that the whole collection of human beings hasn't been bought, so we'll have to replace them with dogs whose intelligences have been raised via genetic engineering. Luckily, dogs only accept food as legal tender, so we can be sure they're honest until they start pooping unexpectedly.

Re:Voting_thing.tar

yes, and yes. Even if linux doesn't use bios after boot, it can still be used to tamper with the kernel and/or initramfs during boot.

Save the whole thing+linuxbios on a flash chip, remove the write legs and attach it to the bios slot on the motherboard. You can use any other machine to read the contents of the chip to verify correctness, and for an election just attach it and go.

Re:Voting_thing.tar

You also have to verify the code that creates the hash.

Re:Voting_thing.tar

I bet you prefer a person showing up in a tie more than the same person actually producing good results, if you had to make a choice between the two. At least that's what you sound like you would most likely think.

That line of thinking is most common within the subset of humanity commonly called clueless managers.

If you're one, I'm sad for you. If you're not, but are still thinking like one, I'm worried about you. If you're not, and are actually not thinking like one, I can only assume that you're confused regarding this particular post / thread, and I'll forgive you for your mistake.

Personally, I care about the result.

If the code does what it's supposed to do, and does it well, I couldn't care less about its name or the name of its programmer.

*sigh*

Re:Voting_thing.tar

[Stephen+Samuel]

That's where thinks like the Ubuntu live CD come in handy. if you have a CD with a proper checksum then you know what you have. You can check that code when compiling data that you know. If the code is in any noticable way broken, then you can expect that other people around the world are going to see corrupt checksums. (It's not perfect, but it\s a really effective way of testing against random data).

You are then able to distribute CDs of a known base to everybody, and they can use their own Ubuntu live CDs to check the CD's that they're receiving.

If you have a machine with only one CD reader, (but enough RAM), you can always replace step 2 with a knoppix CD and the load-to-RAM option ... or your Pentium-2 vintage laptop with some ancient distro. It's not like you're bound to trust anybody's intro .. in fact, I'd almost be inclined to suggest to people that they use some random way of checksumming the distribution CD in addition to the 'official' one -- that way, it'd be really hard to silently trojan all check processes without going back in time and inducing some (undetectable by the experts) error in the original MD5/SHA implementations.

That's one of the nice things about open source -- you don't really have to trust any one 'blessed' supplier if you don't want to.

(yes, this solution isn't 100% foolproof, but it's statistically unlikely enough to be cheated all-round that you'd be better off betting on George Bush being elected to a third consecutive term in office (including getting the necessary constitutional amendment passed in time).

Are paper ballots involved?

Anything electronic can be pwned. This isn't to say that paper ballots can't be abused. Even so, we have a long history of dealing with election fraud where paper ballots are involved. We know what it looks like and it tends to be obvious.

New Hampshire has granted a recount for the recent primary vote. The ballots were paper and were scanned in. There is a consistent pattern of hand counted votes going one way and the machine counted ones going the other. It does look fishy. At least we have the original paper ballots to count by hand.

Re:Are paper ballots involved?

[jamieswith]

RTFA The user made their selection and a paper ballot printed out (with both a bar code, and a printed candidate name) - this was then placed in the balot box. When it became time to count, it was done in public, the candidate name was read, and then the ballot bar-code scanned, making the candidate tally increase on screen.

Re:Are paper ballots involved?

[DragonWriter]

Anything electronic can be pwned.

Any process can be subverted; paper-ballot elections were stolen through a large number of different means long before computers were invented.

This isn't to say that paper ballots can't be abused. Even so, we have a long history of dealing with election fraud where paper ballots are involved. We know what it looks like and it tends to be obvious.

Its pretty obvious when electronic ballots are used, too -- pretty much the same way that paper-ballot fraud is (pre-election polling being dead on except in precincts where machines from a certain manufacturer were used, counts for certain candidates in precincts above the total number of registered voters, etc.)

The media (and, following their lead, most of the public) may ignore these clear signs, but that doesn't mean they aren't there.

All of this is not to say that paper ballots aren't important: they are, because without them you've got nothing to reconcile a fishy-looking election too. And because of the long-history of paper-ballot fraud, we've gotten pretty good and protecting against the kinds of things that would mess up the paper trail, if there is a recount. We can't do that as reliably without paper. But we shouldn't pretend that paper-ballot based elections are somehow more pure, or have more obvious first signs of fraud. Short of going back and doing a recount, the signs of fraud are pretty much the same for paper ballots as they are for electronic ones.

Re:Are paper ballots involved?

[0xABADC0DA]

They say with an election with many measures that instead of reading it aloud it could be put up on the projector and with enough observers any error would be spotted. But really all you need is one observer with a video camera of the running tally and the vote itself, then they can review it in slow motion later on.

I have described a system like this for a long time, only using OCR instead of bar codes. Bar codes are better though since the really important part is the running total that observers can match against the vote -- how the computer reads the printed vote is not important at all as long as the counts match what is human-readable. I'm glad they have created this system as it really shows how ridiculous the diebolds and others are.

Re:Are paper ballots involved?

[thrillseeker]

video can be tampered with

Re:Are paper ballots involved?

[Bill,+Shooter+of+Bul]

It does look fishy

well the full recount will happen January 16th So we'll get to the bottom of that. I personally think we won't find any grand conspiracy, but it will be good to just show people that sometimes things aren't exactly as they seem. Sometimes polls are off, and strange weird little things happen during elections that can only be attributed to random chance, rather than malice. We still, need to minimize any and all errors, sometimes they really screw things up Florida style.

Re:Are paper ballots involved?

Then make your own video, if you don't trust others to make honest ones

Re:Are paper ballots involved?

[mOdQuArK!]

Actually, your OCR idea is better - the machines should use the same "codes" that the humans do. There are fonts which are specifically designed to be human readable and still have a high degree of accuracy for typical OCR algorithms.

Re:Are paper ballots involved?

Yes I thought so too, unfortunately the state of the art for open source OCR software is really poor -- this is the weak link in what I imagined. The technically best one in terms of capabilities is Tesseract. Unfortunately the code is atrocious and I had a lot of trouble with noise in webcam-quality pictures or cheap video capture stills, and scanners take too long to image a vote.

Maybe google's involvement in it will eventually make it usable for such a thing.

Easy enough

Dictionary _ballots = new Dictionary();
void VoteFor(string candidate)
{
      if(_ballots.ContaintsKey(candidate)
            _ballots[candidate]++;
      else
            _ballots[candidate] = 1;
      PrintOnPaper(candidate);
}

void ShowResults()
{
      foreach(string candidate in _ballots.Keys)
          Console.WriteLine(candidate + " " + _ballots[candidate]);

} // What did I miss?

Re:Easy enough

[RobinH]

// What did I miss?

It's "ContainsKey", not "ContaintsKey". And you're missing a closing bracket, same line.

BTW, the PrintOnPaper() routine that's buried in the printer driver source code is:

void PrintOnPaper(string candidate)
{
      if(candidate.equals(CANDIDATE_I_HATE))
      {
            if(_ballots[CANDIDATE_I_HATE] >= _ballots[CANDIDATE_I_LIKE])
            {
                  _ballots[CANDIDATE_I_HATE]--;
                  _ballots[CANDIDATE_I_LIKE]++;
                  OutputToLogPrinter(CANDIDATE_I_LIKE);
            }
            else
            {
                  OutputToLogPrinter(candidate);
            }
      }
      else
      {
            OutputToLogPrinter(candidate);
      }
      OutputToVoterReceiptPrinter(candidate);
}

Hopefully there was a voter receipt printer and the voter could look at the receipt and verify that's who they voted for, then drop that into a box before leaving the polling station, then at least we could do a physical recount if someone contested the vote. Also, we should take 10% of the polling booths at random and do a manual count to check anyway.

Re:Is it even worth protecting?

[jamieswith]

It's truely a sign of how in-bred people are, if they are genuinely fearful of genetic diversity in the population.

Genetic diversity is what leads to a strong, resilient and intelligent population.

You elected someone because he looked just like your cousin cleetus, but "knowed how to talk a bit more smart" the last two times... and look where we are now... when will you learn?

science?!

Surprisingly, counting ballots is not rocket science.

No, it's political science... and now computer science.

Neither of which are actual sciences.

Re:science?!

[zoips]

Computer Science isn't a science in the same way Mathematics isn't a science seeing as, you know, Computer Science is merely a subset of Mathematics...

Re:science?!

Tautological at best. By the standard of mathematical reducibility anything anyone does is science.

Re:Is it even worth protecting?

[jamieswith]

It just goes to show what statistics have long said...

In any country, close to 50% of people have below average intelligence...

Unfortunately sometimes it's mainly that half that can be bothered to go out and vote...

Re:Is it even worth protecting?

[Geoffrey.landis]

It just goes to show what statistics have long said...
In any country, close to 50% of people have below average intelligence...

And, for that matter, exactly fifty percent are below median intelligence.

Been using open source voting for years!

[jconley]

Everytime i vote in a slashdot poll!

Re:Been using open source voting for years!

[DaftShadow]

It's rigged. No one actually *chooses* the CowboyNeal option.

Re:Been using open source voting for years!

[Spy+der+Mann]

It's rigged. No one actually *chooses* the CowboyNeal option.

My fellow diggers disagree! CowboyNeal revolution! Oh, wait...

Re:Been using open source voting for years!

[nacturation]

It's rigged. No one actually *chooses* the CowboyNeal option. Totally... when CmdrTaco asked his girl to marry him, she actually chose the CowboyNeal option instead. He quickly updated the database so that it appeared she chose him. :)

Re:Been using open source voting for years!

[francium+de+neobie]

What? You mean Slashdot has been using microwave beams to my brain to make me vote for CowboyNeal, and that I should wear multiple tinfoil hats before voting the next time?

Re:Is it even worth protecting?

For people concerned about racism you sure seem willing to collectively damn people based on incidental characteristics such as political party affiliation.

I guess pretending others are inferior makes other groups easier to ruthlessly smear and attack no matter what your motivation is.

Re:Sample source code

would fail to compile, as main must be declared to return SOMETHING (void if your not following ANSI)

So, you fail it.

Doesn't come close to HAVA standards

[Phoenix+Rising]

If this is the totality of the OVC system, I hate to say it, but it's not going to make it in the real world for quite some time. By failing to meet accessibility requirements, it's an instant non-starter in a real election. I'm also concerned that any vote tabulation software is required; shouldn't that be standardized code based on the ballot?

Re:Doesn't come close to HAVA standards

[frietbsd]

You (parent) suggest that the systems (diebold) that are currently being used do meet the hava standards? I think given the short timespan (5 days) they came up with a nice thingy. Transparency is a great good. If you ask me, those diebold machines were an instant non-starter. But they were used anyway. (and were still with the last primaries). You can make a list of flaws of this thing, but the only thing on that list that wont be on diebolds list is that everyone has access to the code. But oops, even that one is one diebolds list, after some worker left sources unattended at a public ftp server. (someone found them using the advanced technique of typing "diebold source" into google). There maybe some things still wrong with it, but the nature of OSS is that they get fixed way quieker.

How can you be sure

[Dwedit]

How can you be sure that the program you are running really is the program that you think it is, and not a modified copy?

Re:How can you be sure

[Methlin]

Because it doesn't matter. Voters keep the vote taking machines honest by reading their own ballot, vote counters keeping track of 1-2 items on the ballots keep the tally machine honest.

Re:How can you be sure

[CastrTroy]

If humans are re-verifying everything, then why have the machine at all?

Re:How can you be sure

[Methlin]

If humans are re-verifying everything, then why have the machine at all? No hanging chads? No ambiguously filled in bubbles? No confusingly laid out ballot? No badly worded ballot issue summary due to space constraints? No lack of full ballot issue text?

Re:How can you be sure

[CastrTroy]

Sorry, I forgot that printers always printed out things perfectly, without any problems. Also you can make a ballot laid out or badly worded on a computer screen, just as well as you can on a piece of paper. If you have so much stuff on the ballot that you can't put it all on a single piece of paper, then get bigger paper, or use more than 1 sheet. Also, why even elect officials if there is so much stuff on the ballot. Might as well just forgo paying them, and get the public to vote on every single issue. This is why you elect representatives. To represent you. So you don't have to vote on every piddly little thing.

Re:How can you be sure

Thats actually I good question, I'm sorry that the people who replied to you dont actually know anything about computer security.

I'm also concerned that the machines run Ubuntu, now I love Ubuntu but Linux doesn't offer the security mechanisms that should be required for a system this important.

The voting machines should have a security kernel and implement mandatory access controls. It'd also be nice if the system was evaluated to identify which Orange Book class it falls under.

Re:How can you be sure

[Methlin]

Sorry, I forgot that printers always printed out things perfectly, without any problems. When was the last time you've seen an impact or thermal printer fail after only 500 pages? There's no requirement to use inkjet printers that run out of ink after 5 pages or print on sheets that jam.

Also you can make a ballot laid out or badly worded on a computer screen, just as well as you can on a piece of paper. But it isn't constrained by having to fit in a 1" square in 10pt font that causes the bad summary. Formating, font size, and page count are effectively free on a computer screen, not so much on a traditional ballot.

If you have so much stuff on the ballot that you can't put it all on a single piece of paper, then get bigger paper, or use more than 1 sheet. Also, why even elect officials if there is so much stuff on the ballot. Might as well just forgo paying them, and get the public to vote on every single issue. This is why you elect representatives. To represent you. So you don't have to vote on every piddly little thing. I see you've never voted and don't understand that electronic voting isn't about making the counting process faster, but is about increasing usability and reducing errors and problems caused by traditional paper ballots that make the counting process inaccurate or difficult.

Re:How can you be sure

[SL+Baur]

The voting machines should have a security kernel and implement mandatory access controls. It'd also be nice if the system was evaluated to identify which Orange Book class it falls under. The Orange Book isn't relevant. It's at best C2 and only that if there is no network involved. C2 security is liking being able to write your name in the snow inside of an enclosed vault that's sealed in such a fashion that the snow will melt before you can show it to someone, but there'll be a full audit trail so that authorities will be able to find it out after the fact.

Accountability remains priority one

[eyenot]

There is a lot of questioning the safety or security of these devices, even when they're open-source. The secret-ballot was not suggested for this nation by a gaggle of idiots, and done correctly by people who care about democracy (perhaps that's really where the issue is, concerning the lack of actual Americans these days as opposed to U.S. Citizens with vested interests). But, due to freedoms, we cannot hold Americans accountable for their nationalism or democratic spirit. Instead, we can work harder to manage more accountability for the voting process. Observe (I still hold the same stance concerning e-voting as I ever did):

counting silicon transistors?
by eyenot (102141) on Saturday December 20 2003,

read any issue of 2600 and think about e-voting, then go have a heart-to-heart with your elected representatives, especially if they are democratic as the democrats intend to involve from-home e-voting in the upcoming democratic primaries.

'governor, this is a simple 64mbyte ram module. there are sixty-four million groups of eight switches in here. if you count each of these groups one per second, it would take you over two years. now consider that each little individual switch of on and off has to be verified. one switch per second, this would take you sixteen years, and would total more seconds than there are american citizens, almost twice as many. and this, just to count one storage device, dozens of which would be required to actually do the job of recording indexes, names, addresses, signatures and social security numbers, and other data that are collected in current ballots in order to ensure fair elections. there would have to be more storage, as well, to keep logs of all the electronic transactions required in order make sure the processes were secure and retractable, for the purpose of tracking down any offenders. now this task of sixteen years to count every switch in this chip has been multiplied by dozens, perhaps hundreds or even thousands. you may find enough volunteers to reduce the time required, but now reduce the volunteers, in the case of just 1,000 such citizens, by the requirement of ability to run an electron-scanning microscope and to work steadily at the task for as many as sixteen years. now find 10,000 electron-scanning microscope-operating humans who can work without stopping to eat, sleep, or drink for a year and a half and you're approaching the end of your problem. now find 1,000,000 such citizens and the work has been reduced to .016 years, or perhaps a modest six days. consider that humans need to sleep, and you have eighteen days. count breaks, errors, and certain numbers having to count the same switch at the same time to verify it, and you have a multiply of that, perhaps exceeding a month. now pay them all or otherwise convince them to spend all their time for one month counting microscopic switches. now consider that you will have to either print and provide for them on paper, or have them record on paper, the status of the switches to be verified. now accomodate the 1,000,000 vote-counters. you already have all the materials you need to have done the ballot by classic ballot means and also at the very least quadrupled the expenses. i urge you to ditch the computer junk and ask people to turn out to the booths, instead.'

Re:Is it even worth protecting?

[eyenot]

Oh, I would argue about how Bush was actually elected by Coca Cola (and Disney) by way of a tribunal court (which is exactly what happened!) But I've already been modded down, resulting in my first zero-or-lower-scoring-comment, in a comment mentioning exactly that same issue in another thread: so for all your complaint about the liberalism here, obviously you and cleetus get to wave the flag over your religious-political belief that he was "duly elected", because some mod somewhere shares your pew.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Is it even worth protecting?

And, for that matter, exactly fifty percent are below median intelligence.

And for that matter, u r wrong. exactly wrong. consider 1,2,3. Only 1/3 is below the median.

Open Voting, HERE!?

Open Voting, right here in little ole San Luis Obispo! That's almost enough to make me want to go out and vote!!

Re:Is it even worth protecting?

In defense of the kooks, at least they don't believe Bush was ordained by Jesus Christ. They do seem to be a bit ahead of the conservative nuts in that respect. But don't get me wrong, I'm glad we can all finally agree that there has never been voter fraud in the entire history of this country.

Auditing

[brunes69]

Having the code open is just one piece of the puzzle. There also has to be stringent auditing of the voting machines and random spot-checking of them to ensure that the code being run is the exact same as the code that is published and open.

Re:Auditing

[Tacvek]

Having the code open is just one piece of the puzzle. There also has to be stringent auditing of the voting machines and random spot-checking of them to ensure that the code being run is the exact same as the code that is published and open.

But here is the thing, the main voting machines are basically just a ballot printing machine. You enter the vote selections, and it prints a ballot with both user-readable and machine readable representations. The machine itself does not store any vote information. The ballot is verified by the voter and placed in the ballot box.

Now for the way the vote counting works, it works by machine tallying with human oversight. There is a projection screen showing a running tally of the votes. There is also a projector. Each ballot is place on the projector one at a time to allow the audience to see the votes on it. Then the ballot's bar code is scanned, and the vote tallies on the screen update. The audience can thus easily verify that the changes to the running tally match the human readable votes on the ballot. (In a many issue ballot, not everybody would be able to track every issue, but as long as at least a few people track each issue, things should be fine). People would be watching to be sure that the tallies change only by one with each vote, never change except when a vote is scanned, and no vote is ever scanned more than once. Lack of a vote on an issue can also be tallied to ensure the sum of the votes and lack of votes tallied is equal to the total number of ballots. The precinct's final certified counts for all the issues would be presented to the audience so they can verify that it does indeed match the final tallies. Then it can be sealed, and sent on. This system would make the entire process up to the precinct level completely transparent.

Obviously this does not eliminate problems occurring at higher levels, but it does seem to work very well for the rest of it. Also note that there is noting about this system that truly requires electronic devices. The ballots could be filled out by hand, and the ballot tally process could be done using a bunch of regular old mechanical counting devices, (the odometer like ones that increase each time the button is pushed). However, here the electronics would be not be black boxes at all. They would simply be helping to speed up the process some. In fact that is quite desirable at the vote counting portion, as the speed is fast enough so that the audience does not fall asleep, but show enough that the audience an still verify that the tallying is still correct.

Oh yes, I almost forgot to mention that the policy would be that should the human readable portion of the ballot, and barcode disagree, the human readable portion would prevail, as that is what the voter could actually verify before placing the ballots in the box.

If anybody can think of any problems the system I have described still has, I would like to hear about them.

Paper! Get Your Paper Right Here!

[LeadSongDog]

Lots of places still use paper and ink quite successfully. Sure, you can use computers to mark the ballots if you must, but how is that better? If polling stations are kept to a few hundred voters each, they can be counted in minutes by hand by all parties' scrutineers. Keep the ballots and they can be recounted any number of times. No software involved. Verifiable. Reusable hardware (well, sorta flexibleware) available from Rubbermaid for under a penny per ballot. e-voting has no legitimate purpose other than remote access. Even then it's questionable.

Ubunghole... no thanks

Yeah... because using teh Lunix is SOOO secure...