Ohio Investigating Possible Vote Machine Tampering Last Year

MozeeToby writes "The Columbus Dispatch is reporting on a criminal investigation currently being performed in Franklin County Ohio. It seems several voting machines listed a candidate as withdrawn from the race when in fact he wasn't. By the time the investigations tracked down which machines had been affected, the candidate's name was back on the ballot. Normally, we could dismiss this as confusion or a mistake on the part of the voter(s) who noticed it. In this case, the person who first noticed the discrepancy was Ohio Secretary of state Jennifer Brunner. Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the ballot. Naturally, the county board remains skeptical of these accusations."

Skeptical?

[SatanicPuppy]

These morons can't even program their VCRs and they're skeptical of tampering? I vote at a place where the people running the polls were alive when the results would have been passed using goddamn pony express, and they say the same crap here.

We seriously need to toss this crap in a landfill and go back to paper. Any idiot can figure out a paper system, and the system should have that sort of transparency.

Re:Skeptical?

[morgan_greywolf]

We seriously need to toss this crap in a landfill and go back to paper. Any idiot can figure out a paper system, and the system should have that sort of transparency. Paper? What is this 'paper' of which you speak? Is it some sort of precursor to a monitor?

Re:Skeptical?

[belligerent0001]

The real problem, with any voting system, is the quality of the voter. Let me explain what I mean. The voting system as it was, prior to 2000, had a fail safe. A voter would punch a ballot with the stylus. They were then supposed to removed the card from the machine and VERIFY via the numbers that their card was punched as they wanted it to be. If they could not read English, or were not capable of "punching" one hole and one hole only for a given race/issue/levy etc. then their vote would be negated. This prevents Captain Insano from just punching every hole.
It is presumed that voters have the intelligence necessary to cast a vote properly. This apparently isn't good enough because it "disenfranchised" too many voters, who were not intelligent enough to check their ballot after voting to verify that their card was correct. So, the solution is to throw money at a problem that really wasn't a problem. Personally, the solution is much simpler than the Diebold solution. you put a picture of the candidate on the touch screen, you touch the one you want, after voting on all the issues/races/ etc. It prints a paper ballot, you remove the ballot from the machine, now here is the tricky part, you VERIFY that EVERYTHING is accurate, then drop it in the little box. WHY IS THE SO FRIGGAN HARD TO GRASP!!!! Again, if you aren't intelligent enough to follow directions you shouldn't be voting anyway.
This is just another example of the government trying to protect the stupid from themselves.

Re:Skeptical?

We seriously need to toss this crap in a landfill and go back to paper. Any idiot can figure out a paper system, and the system should have that sort of transparency.

Further more, we need to toss the idiots that approved the use of the voting machines into the landfill as well, then cover them over with at least six feet of packed dirt...

Re:Skeptical?

[Goghit]

Indeed. It's funny how many replies in this thread obsess about finding a workable high tech solution. There's an old axiom: Many Eyes Make Bugs Shallow. The more technological the solution, the fewer eyes there are capable of spotting anomalies. Even your quill-pushing granny knows how locks, seals, and scrutineers from each party in the tallying room work. You Americans need to hurry up and build that fence along the border. This is something else I'd really rather see stay south of the line. I'd rather my vote was tallied by a computer illiterate Canadian grandmother than a machine running proprietary corporate code.

Never leave a paper trail

[MisterSquirrel]

Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot. Because we all know what a vastly time-consuming task turning on logging during setup must be.

Re:Never leave a paper trail

[Chandon+Seldon]

If that level of logging isn't on by default, then the voting machine manufacturers are even more incompetent than I thought. And that's saying a lot, because I doubt they could fasten their own shoes with velcro.

Re:Never leave a paper trail

[EriDay]

Attributing this to incompetence is overly generous. Obviously a case of fraud. I'm generally against the death penalty, but our political system has killed millions this decade...

You can't make this stuff up...

[TripMaster+Monkey]

Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot [SIC].

Unbelievable. It's like they're trying to make the machines as unreliable and untrustworthy as possible. I know that the problem of properly implementing electronic voting machines is not a simple one by any means, but this is just plain ridiculous.

Re:You can't make this stuff up...

[Drakin020]

It's better than when Diebold leaked the election results. http://www.theonion.com/content/video/diebold_accidentally_leaks

Re:You can't make this stuff up...

[Oxy+the+moron]

I know that the problem of properly implementing electronic voting machines is not a simple one by any means, but this is just plain ridiculous.

See... that's just the thing. I don't think it would be terribly difficult. I've been writing software for about 6-7 years now, and I don't think that there should be a huge issue coming up with standardized, secure voting machines that leave some form of detailed logging or trail of votes.

I think the main roadblock to it isn't technology or money or lack of decent workers, the real problem is outlined here. Politicians have a knack, whether intentionally or not, for getting into this kind of thing and just royally messing it up. Me, personally? Seeing as to how this kind of thing keeps happening, I would assume it is intentional. In that case, I doubt it will be fixed (in the "not broken anymore" sense) any time soon.

Re:You can't make this stuff up...

[whoever57]

Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot [SIC].

Unbelievable. It's like they're trying to make the machines as unreliable and untrustworthy as possible.

The reports don't make it clear if this was Board policy or if this was simply one rogue employee who turned off the audit logs.

Re:You can't make this stuff up...

[truthsearch]

but this is just plain ridiculous

And hopefully criminally negligent. I'd like to see more people go to jail for these mistakes, intentional or otherwise.

Re:You can't make this stuff up...

[TripMaster+Monkey]

Ahhh...that was priceless. Thank you. ^_^

Re:You can't make this stuff up...

[0xABADC0DA]

...problem of properly implementing electronic voting machines... There is no proper implementation for an electronic voting machine.

There can be proper vote printing machines.
There can be proper vote tabulating machines.

But the same device can never do both properly.
The votes must be inspectable by humans between these steps.
EOT.

Re:You can't make this stuff up...

[Spinlock_1977]

I've been writing software for 30 years, I can assure you there's no way to make totally secure software. The sooner we realize this, the sooner we'll move on to a real solution. It's almost like the media companies thinking DRM couldn't be hacked.

We need to get over uninformed thinking, and move to a VERIFIABLE system. Whether it's paper or plastic or silicon, all votes must be made public (with individual privacy protected by code numbers or some similar mechanism). With the voting results in full view (perhaps on a website?), everyone and anyone can confirm their vote got counted right, and that the sum total of all votes is correct. With a little extra effort, we could even ensure each vote on the list was cast by a real person.

I know this will remove a lot of power from some very powerful corporations, and all corrupt election-stealing politicians will cry foul, but at the end of the day, public verification is the only true solution. Anyone who disagrees is probably selling 'their' system, in which they, no doubt, have a vested interest.

Re:You can't make this stuff up...

[CastrTroy]

If you can prove to yourself that you voted for candidate X, you can prove to someone else that you voted for candidate X. This leads to things just a vote buying, and coercion of voters. The vote is supposed to be anonymous. And it should be impossible to link back a vote to who cast it.

Re:You can't make this stuff up...

[Cyclump]

As a resident of Columbus, I hate the new machines. The old ones were truly idiot proof from a voter's perspective. The ballot was one large, pre-printed mat with every race on it. Each race/decision was grouped into a box with the appropriate text and choices in it. Each choice had a red LED that flashed if you hadn't made a choice. You selected one (or more depending on the election) of the options and it would cause the one you selected to stay red and the other leds for that election would turn off. You could see every choice you made at once and there was no way to fuck it up. I miss the old machines and shit like this does not surprise me anymore living around here.

Re:You can't make this stuff up...

[webrunner]

One has to wonder though.. counting is like, the most basic thing a computer can do with complete and total reliability. Human eyes can be used to verify, but wouldn't you trust a computer count more than a human one for anything other than voting? So what makes voting so different?

A properly developed voting system is not farfetched, it's the security that's the issue, and the companies currently making voting machines seem to be extremely bad at making verifyiably secure machines.

Re:You can't make this stuff up...

[malilo]

I have decided I am tired of this argument. Honestly. It's already illegal, so anyone caught doing this would face DIRE consequences... and if you can convince anyone that keeping it under wraps would be possible, I'll be amazed.

Re:You can't make this stuff up...

[Garridan]

That isn't true -- a secure method was submitted to slashdot a few years ago, but I can't find it for the life of me. Basically, ballots are printed with some randomness. "yes" is printed on the left half of the time, and on the right the other half. If you vote "yes", your receipt says, "you voted for the choice on the left", and has an identification number. You get online, and look up the ID number -- if it disagrees with your receipt, then you have evidence of fraud. Yet, you can't prove anything to anybody about who you voted for -- just that your vote was counted correctly.

Re:You can't make this stuff up...

[GiMP]

What if your vote was signed with a private key? Nobody could trace the vote back to you, as long as it didn't specify your email address or name. You could lookup all votes signed your key, and confirm that your vote was accounted for.

One problem with this would be that the voter who cast the ballot could still be forced/coerced into proving that they voted in one way, or another. However, the government couldn't create a massive database of who voted how. The other problem would be in having voters create electronic keys in a secure manner.

A more simplified solution might just be to give the voter a confirmation code on the polling machine. Voters could write down this code, and check it on a website. This would give the voter a way to check their vote. Although it couldn't stop fraud, it would be enough for voters to stand up and say, "Hey, something is wrong - I *know* I voted the other way!". If coerced, they could simply say that they lost/forgot their key, or didn't vote at all.

Re:You can't make this stuff up...

[Boronx]

That's the problem with computers, they're too good at counting. A suspicious human observer can't count along, and a computer with nefarious programming can slip one by you without noticing.

Re:You can't make this stuff up...

[mdielmann]

A properly developed voting system is not farfetched, it's the security that's the issue, and the companies currently making voting machines seem to be extremely bad at making verifyiably secure machines. Not just verifiably secure, but verifiably unbiased. This can't be done without inspection of the entire system, which is much simpler for most paper ballot systems.

My personal preference for electronic voting would be a computer that lists the vote options in a clear manner (not always possible with a paper system and some of the votes that happen in the US), tabulates the votes locally, and prints out an election ballot that is both machine and human readable. The person votes, verifies the printout, hands it over to one of the election officials who feeds it into a separate voting apparatus, and stores the paper for future reference. You now have a system that is potentially easy to use, is verifiable by the voter (as much as it is today), is difficult to compromise (2 electronic systems and a paper one), and is reasonably real-time. And if you see a discrepency between the 2 electronic systems, there's probably a problem. If not tampering, then user error or bugs.

Re:You can't make this stuff up...

[rucs_hack]

I've been writing software for 30 years, I can assure you there's no way to make totally secure software

The closest I ever got to totally secure software was writing in the online user manual for my open source project 'if you run this software as root you are batshit insane...'.

I took it out though, as I have to be respectable these days...

Re:You can't make this stuff up...

[EriDay]

t's like they're trying to make the machines as unreliable and untrustworthy as possible

Oh, I think they've made them completely reliable. In a way that humans never can be.

Re:You can't make this stuff up...

[CastrTroy]

How do you know that the computer thinks "the choice on the left" is the same thing that you thought was "the choice on the left" and that it didn't get somehow swapped, but a mischievous person, who hacked the system? All you have proof of is that the computer says you voted for A, and so does your receipt, but the computer doesn't show you which candidate it has A mapped to. If it did, it wouldn't be a secret ballot.

Re:You can't make this stuff up...

[CastrTroy]

As others have stated, if somebody is coercing you into voting a specific way, saying that you lost your voting receipt isn't going to be the right answer, they will still break your legs, fire you, or use whatever means they were going to use to get to vote the way they wanted to in the first place. If it's impossible to prove how you voted, then it's impossible for somebody to coerce you.

Re:You can't make this stuff up...

[Garridan]

I'm missing a key detail somewhere, I really wish I could find that link. Perhaps this still depends on paper.

Re:You can't make this stuff up...

[laird]

"There can be proper vote printing machines.
There can be proper vote tabulating machines.

But the same device can never do both properly.
The votes must be inspectable by humans between these steps."

This is exactly right. To elaborate, vote printing machines are good, because they can validate input, warn voters when there may be an error (e.g. filling out a ballot but skipping the top race, which is usually not the voter's intent), can provide multi-lingual ballots, and can provide spoken prompts to assist the visually impaired and illiterate.

There's an open source system that does exactly this. Please support http://www.openvotingconsortium.com/!

Re:You can't make this stuff up...

[Lockejaw]

One problem with this would be that the voter who cast the ballot could still be forced/coerced into proving that they voted in one way, or another.

Maybe the system could also give you other valid private keys so you can pretend to have voted for someone else.

Re:You can't make this stuff up...

[Detritus]

Dire consequences? Don't make me laugh. For whatever reasons, voter/election fraud is rarely investigated and prosecuted in this country.

Re:You can't make this stuff up...

[CastrTroy]

Also, there's much easier ways to change the results without coercing anyone. Simple way is to make people not vote. With voting machines, it often seems to be the case, that they don't have enough machines, or many of them are not working, and people end up waiting in line for hours on end just to vote. Some people just decide it's not worth it, and walk away. With paper and pencil, there is little if any reason not to have enough resources so that nobody has to wait. With machines, people expect that there will be problems, so it's seen as not something that can be solved.

Re:You can't make this stuff up...

[malilo]

Ok... perhaps the legal repercussions were not what I was referring to. What I mean is if a staffperson for candidate X decides to go out and pay 1000 people to vote for that candidate... how likely is that to stay under wraps in terms of the NEWS?? Surely if you hear that candidate X is PAYING PEOPLE to vote for him/her you would be pretty upset about them figuratively taking a sh*t on our democracy, having no respect for the law, etc?

Re:You can't make this stuff up...

[GiMP]

You know, now that we're talking about this, I'd almost ask if we should be worried about this...

However, I personally have had a real-life situation where my (now ex-) employer /required/ that every employee email their congressman, with a CC to the company president, asking to stop a state law that could impact our company's profits. It was not explicitly stated that there would be consequences, but they followed up with everyone that did not complete this "task" by the deadline. I was not very happy with this, nor were my coworkers. A number of my coworkers needed the money badly enough to do whatever was asked of them, despite any moral objections. I don't remember what I did, in case you were wondering.

So yeah, you're right, this would be bad.

Re:You can't make this stuff up...

[GiMP]

It is possible to come up with a system where you get a 'good key' and a 'bad key'. You can give the 'bad key' to prove to someone that you voted to their satisfaction, and use the 'good key' to prove to yourself that your vote was counted. Only you can possibly know which key is the legitimate one.

This is one of those typical gimmicks you see often in spy movies, in fact they used this in the Bourne Ultimatum.

Re:You can't make this stuff up...

[ShadowsHawk]

If it were really a potential problem, we wouldn't have exit polling.

Re:You can't make this stuff up...

[CastrTroy]

At this point, since they know there's 2 keys, the Mafia hitman would ask you to surrender both keys.

Bad Summary

[eli867]

The problem isn't really that the candidate got screwed -- he actually did resign form the race, but he missed the deadline after which the ballots were supposed to be finalized.

A pretty minor mistake (if you ask me), but the big deal is that all the machines are supposed to have exactly the same ballot. And they didn't. That's bad.

Re:Bad Summary

[$RANDOMLUSER]

BZZZZZT. Try again.

Perez withdrew one day after Franklin County had finalized its ballots. He had hoped to avoid playing spoiler in fellow Democrat Patsy Thomas' race to retain her appointment to the Franklin County Municipal Court.
Instead, Perez's name remained on the ballots -- or allegedly, most ballots -- and Republican David Tyack won.

Re:Bad Summary

[fastest+fascist]

Huh? Isn't that what the GP said? That the candidate withdrew, but too late.

Re:Bad Summary

[BlowHole666]

The problem isn't really that the candidate got screwed -- he actually did resign form the race, but he missed the deadline after which the ballots were supposed to be finalized. A pretty minor mistake (if you ask me), but the big deal is that all the machines are supposed to have exactly the same ballot. And they didn't. That's bad. and

Perez withdrew one day after Franklin County had finalized its ballots. He had hoped to avoid playing spoiler in fellow Democrat Patsy Thomas' race to retain her appointment to the Franklin County Municipal Court. Instead, Perez's name remained on the ballots -- or allegedly, most ballots -- and Republican David Tyack won. Say the same thing. So I guess you took the "I am going to be an asshole" pill this morning.

Re:Bad Summary

[$RANDOMLUSER]

I don't think so. The GP was saying "no harm, no foul". Indeed there was - this potentially changed the outcome of the election.

Re:Bad Summary

[kabloom]

Yep. But the major ones (changed votes) aren't the kinds of things these stupid machines have the ability to log for us. Only the secretary of state seeing something so obvious as an incorrect ballot will generate enough publicity to learn to do this right.

Oh, since it doesn't tell you what was actually going on in this race, and who was running for what, see
this article to know what's going on here.

Re:Bad Summary

[BlowHole666]

The problem isn't really that the candidate got screwed "The candidate" is referring to Perez, not Patsy Thomas. So the GP did not mention anything about Patsy Thomas. You just want karma don't you?

Re:Bad Summary

[fastest+fascist]

No, the GP had it pretty much right. To recap, had things been done properly, Perez would have been listed as a running candidate on all machines, which might have cost the other Democrat candidate some votes. However in places he was listed as withdrawn, which in principle should help the running Democrat, who lost despite the error, not because of it. Had the Republican lost, you might wonder if Perez being listed as withdrawn despite missing the deadline had changed the results of the vote.

Re:Bad Summary

I'd say the bigger issue is the ballot changing midday. That implies someone having the ability and access to alter the SW mid election.

Re:Bad Summary

[Black-Man]

It is a minor mistake, but Ohio is embroiled w/ a political fight. SoS is a dem and is fighting the legacy of the prior republican administration. Ditto w/ the AG. Meanwhile, the democrat governor is actually staying out of it - as is the republican controlled state house.

Its getting really ugly and if they cared half as much about the welfare of Ohio as they do partisan politics... things wouldn't be so bad.

Re:Bad Summary

[belmolis]

No, they don't say the same thing. The second one adds relevant information.

Heh.

[SatanicPuppy]

Dated myself...Should have said, "Can't even program their DVRs."

The fact remains that people who don't understand the issue have no basis for commenting on it. If there are reports of ballot tampering, and the machines are set up without logging (how is this even fucking possible in a supposedly secure system?), there is no way in hell that any non-technical user should be able to get away with being skeptical...If someone told them the goddamn machines were running Halo 3, they wouldn't have any way of telling.

Re:Heh.

[rucs_hack]

The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed. Accidents do happen, so you can't say they never would be. We need a better voting system that takes advantage of our new computing technology.

I'm not saying that the current electronic systems are a good idea though.

The primary flaw of the currently available voting machines is that they are all proprietary. This means a company has a commercial interest in hiding flaws, and is more likely to push out a device with flaws (or fight to prevent their discovery), if they convince themselves that fixing the flaws isn't worth it, in view of the profit reduction that would result.

We need a voting machine system which is impartial, and not run as a for profit exercise.

I think the best method would be to set up a consortium of major technology corporations to create the voting machines, and have them run it as a tax break, with rental fee's going to charities, not to the corporations themselves. After all, they have all the smart people working for them, and if profit is not a factor, and no single company has control, the system is less likely to be flawed.

Before anyone starts foaming at the mouth about big companies I say this. They already run your health system, your financial institutions, your currency, transportation systems, and your food supply. It's not such a big leap.
Plus, co-operation is already happening with software technology.

Re:Heh.

[gnick]

...people who don't understand the issue have no basis for commenting on it. If I wasn't guilty of it so often myself, I'd use that as a sig...

Re:Heh.

[Chandon+Seldon]

The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed.

They aren't? How many man-seconds alone with the ballots does it take to change the result of a paper election by editing the ballots? How many cubic meters of stuff do you need to carry to swap in forged ballots? Now how about electronically stored ballots?

Re:Heh.

[SatanicPuppy]

Lost ballots are easy to track; just number them. If you can't find them, you know there is fraud.

Paper is cheap, paper is reliable. Paper doesn't require a ton of training or big fancy machines. Paper doesn't require we put our trust in anyone.

The problem with the technical systems is that they're complex, far far far more complex than they need to be. The more complex you make them, the more likely you are to have bugs, the more likely you are to have fraud, and the less likely you are to have someone who can spot the fraud.

Having a pile of for-profit companies putting together the machines is a terrible idea; we're already doing that. It's not working. Having them do it without a specific contract with a specific dollar figure on it is an even worse idea. It is always better to do a contract and set a finite price. Finally, the code has to be open source, which you'll never get from a for-profit.

Re:Heh.

[ArcherB]

They aren't? How many man-seconds alone with the ballots does it take to change the result of a paper election by editing the ballots? You mean to print ballots that are pre-filled out? I could print about one a second. Not that this matters as I could do it at my leisure.

How many cubic meters of stuff do you need to carry to swap in forged ballots? If I pre-stuff the box with my pre-printed ballots before the polls even open... Zero. If you swap the ballot box out after the polling and dispose of the original, then you need a replica of the box.

Now how about electronically stored ballots? Well, since you need physical access to the machines since they are not on the network, this could take a while. Once you get access, how long to upload whatever changes you want to make could take a while. Of course, you also have to make sure to clear all logs of your access and try to make sure that any changes you made are not detected by something as simple as MD5SUM on pre-polling files.

Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic election.

Personally, I feel that an electronic voting machine should print out a serial numbered, easy to read paper ballot that you have to drop into the box before you leave. Now you have the best of both worlds. If the electronic numbers do not match what is in the paper ballot box, investigate. Each serial numbered ballot should have a corresponding electric vote. Now to steal this kind of election, you'd need to stuff the ballot box with votes that are actually in the machines memory. Not impossible to hack, but much more difficult that hacking either a paper or electronic system alone.

Re:Heh.

[Svartalf]

They're not.

How many seconds does it take to "misplace" or otherwise disappear a batch of paper ballots?

"Not counted" works just as well as the missing entries, etc.

None of it is actually at all "secure" in the normal sense of the word. There's more secure means- and if you're going to
do something like this, one should pick more as opposed to less. Unfortunately, for the electronic ballot system makers
they've been in a race to the bottom, trying to out cheap (and by that, I mean lack of quality) each other on things such
that there's no good semblance of security at all present in ANY of the units- period.

Re:Heh.

[berashith]

It takes a single well paid experienced hacker a very short time to change A LOT of the ballots. It takes a retard at each polling place or box collection point to initiate each swap. Now, add in the fact that a box of ballots can be sealed with a label with a tamper evident serial number, the changes on electronic seem much more difficult.

Re:Heh.

[SatanicPuppy]

These P.O.S machines didn't even have logging turned on. Fraud, no fraud, it'd be impossible to tell.

And while it may take an experienced person to write an exploit, it only takes a "retard" to load it.

Monkeying physical ballots can be done, sure. But you need a lot of people to do it. You need the poll workers, you need the ballot printers, you need the ballot box movers...And all this is for a polling place that may only serve a few hundred people. Now multiply that by the millions of voters in a general election. One person can keep a secret. A hundred? A thousand? Never.

Re:Heh.

[vlm]

> Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic election.

You seem to claim its more likely that one retard exists that can stuff a paper box, than that one hacker exists that can hack an electronic election. However, you don't understand scalability. It takes at least one retard in every paper voting site, or at least each paper voting site that matters, to stuff a ballot box. Probably there are far fewer box stuffing retards that there are polling sites. On the other hand, it only takes one hacker in the whole country (or world?) to hack any or all electronic elections.

Even weirder, think of multiple retards trying to stuff paper ballots at the same site. That result is at least defined, or perhaps comical. What happens when 20 individual hackers all try to simultaneously hack the same electronic system, which probably has no proper file locking, etc? That will be comedy indeed.

Re:Heh.

[dgatwood]

We need a better voting system that takes advantage of our new computing technology.

I have a pretty good idea where you'd begin.

• Two stations that must conform to a set standard and may not be built by the same vendor in any polling place.
• First station casts the vote, second station allows you to verify it. Both count the votes independently and report back independently to separate counting systems built again by separate vendors.
• The voting station must generate a unique symmetric key that must be registered upstream to the backend counting system, but may not be recorded on the vote token. That backend must then make it available to any other counting system that asks. Appropriate cryptographic protection must be used to ensure no unauthorized system can ask.
• The checking station must then request that key to decrypt the vote for verification purposes.
• If the vote verification shows that the vote was incorrect, the user cancels the vote and, upon returning to the voting station, revotes. The cancellation is propagated back to the voting station by the transportation of the vote token as a negative vote.
• After voting, you retain your voting token, and can connect it to a USB port (or a flash card reader, perhaps) and run a program that queries the vote counting system. Because the encrypted vote is still present, the servers can each independently verify whether the vote was, in fact cast. This path should not allow access to the key needed to decrypt the vote, however, thus preventing people from using this as a way to sell votes.

Of course, the security would still depend on the standards being defined by a group of people familiar enough with crypto to come up with a robust and reasonably secure standard for doing all this, but at least by requiring independent verification, this significantly reduces the likelihood of vendors being bought off successfully without getting caught, and by allowing vote counts to be verified independently after the fact against all of the counting servers, this significantly reduces the ways in which blocks of votes can get "lost" by corrupt election officials.

Re:Heh.

[SatanicPuppy]

Ever been to a polling place where they didn't check to see if you were a registered voter? When that polling place has a record of serving 5000 registered voters and no ballots to show for it, that is a pretty clear indication of fraud, don't you think?

Pardon the pun, but paper ballots leave a huge paper trail. They're physical objects; they exist, and therefore it is much harder to make them disappear than it is an ephemeral digital record.

Re:Heh.

[BitZtream]

Well, since you need physical access to the machines since they are not on the network, this could take a while. Once you get access, how long to upload whatever changes you want to make could take a while. Of course, you also have to make sure to clear all logs of your access and try to make sure that any changes you made are not detected by something as simple as MD5SUM on pre-polling files.

Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic election.

Or ... one sysadmin/dba to do a little data messaging after it 'comes in'.

This sort of argument is retarded. Both can be rigged, just depends on who and how many people are involved in order to get away with it. If you're talking about a presidential election in the US, both of the primary political parties have more than enough money right now to fix the next 10 elections if they really wanted to.

Like most government projects in America, it all comes down to who is the lowest bidder. In this case, the lowest bidder loses and the highest wins (which typically of course its that the lowest bidder wins then fails to meet their contractual obligations, in which case they get paid again to fix the problems they created originally).

So ... since the people running the election are just people, which ever political party pays off the most people in the election processing system is likely to win, of course if someone gets paid off by both sides, then it comes down to who paid more.

Do I believe all of that crap? No. But I do believe its retarded to think either system is 'hard' to cheat, you just have to pick the right people to make the cheat work. Atleast until we start making voting records completely public so anyone in the country can 'verify the vote'.

Re:Heh.

[QuantumRiff]

Or don't clear the logs and make sure they noticed you tampered with it. Then, they can't count any of the votes that the machine took, since they could be tampered. Make sure to to that in a location that is leaning towards your competitor. Maybe do it to a few polling places where your opponent is expected to get more votes.. TADA! You didn't rig the election so you win, you rigged the election so your opponent lost! (with the same end result)

Re:Heh.

[Chandon+Seldon]

You mean to print ballots that are pre-filled out? I could print about one a second. Not that this matters as I could do it at my leisure.

There's a reason I differentiated between an editing attack and a swapping attack. In order to perform a swapping attack on paper ballots, you need to carry great stacks of ballots with you (i.e. cubic meters of them).

Once you get access, how long to upload whatever changes you want to make could take a while.

I'm pretty sure that plugging in the connector would take longer than any data transfer if the attack was properly automated.

Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic election.

Any idiot with 5 minutes alone with a ballot box can stuff it, assuming that proper fake ballots had been prepared beforehand. Any idiot with 5 seconds alone with a DRE voting machine's input port can stuff it, assuming appropriate pre-preparation. Further, any idiot with 10 seconds alone with a DRE system's central tabulator can "stuff every ballot box" in like 10 seconds.

It's not that there aren't attacks against paper systems, it's that 80 year old poll volunteers know what to watch for and have a lot of chance to see it. Further, a successful attack has a much smaller potential impact. With a clever electronic attack the entire county election may be compromised with nothing apparently sketchy happening at all.

Re:Heh.

[Stanislav_J]

Before anyone starts foaming at the mouth about big companies I say this. They already run your health system, your financial institutions, your currency, transportation systems, and your food supply. It's not such a big leap.

Let's see....

Health system = millions of uninsured, outrageous costs, inconsistent care with no coordination

Financial institutions = scandals, bailouts, housing bubble, credit crunch

Currency = check current exchange rates: need I say more?

Transportation systems = Think about that next time you're in gridlock, or sitting on a plane for hours on the tarmac, or trying to efficiently utilize most cities' mass transit

Food supply = E. coli, Mad Cow, various recalls, food poisoning, not to mention the overall lousy nutritional value of most processed foods

And so, I'm supposed to trust "big companies" with my vote....why, exactly? I realize we may have to do something along your suggestion to fix the voting system, but the examples you chose hardly inspire confidence...

Re:Heh.

[jimbolauski]

To tamper with the Machines, which are not on a network, one would need to go to each machine. There are a few for each polling place so you would need the poll workers in on it at each place and tampering with the program thats loaded on each machine you would have the same problems as tampering with the ones for paper. There is no way to make any form of voting tamper proof unless aninimity is given up. Where you get a card saying who you voted for (in case of a discrepancy) and you can review yours and everyone else's votes after they have been cast.

Re:Heh.

If they were Diebold machines, all of that is under 10 seconds. You can swap out the memory card without breaking the seals. Wireless networking is often enabled, so you can just sit in the parking lot. (Why in the name of all that is holy do these things have *wireless* capability?) Logging is done using a MS Access database. (Read 'editable without trace'.) Two sets of totals are kept: One for spot checks and one for the final total. They are never compared. If you have a swipe card with the master password, (leaked to the net quite a while ago) you can gain admin access from the touch screen. Difficulty? George Bush could do it.

Re:Heh.

[moderatorrater]

Dated myself You shouldn't do that, it makes God cry.

Re:Heh.

Nonsense. Even current paper-based elections are more secure than the most secure electronic voting system.

We can improve on the system further:

By serializing the ballots we can strengthen the paper trail and provide voter receipts. Anyone stuffing ballots will have to make sure not to include serial numbers that are "left over", serial numbers that were not provided to that polling place, and make sure to include a serial number for every voter, since voters can check their results. This alone makes it almost impossible to throw an election. You would have to magically know exactly which ballots would be actually used at each polling place and then find some method to replace them.

The same methods that we use for printing money can be used for printing ballots. Ballots actually have advantages over money in that they can be changed more frequently and printed immediately before use. They are essentially 'one time use' and can be changed from election to election. To throw an election you would have to have the means to get the design and print it.

Do hand counts in front of witnesses for each candidate and state and local governments. Use electronic tabulation for quick results only, with the hand count being the official result. It is very difficult to make 'mistakes' when you have one or more self interested parties watching you, even if the state and local government witnesses have been bought.

Re:Heh.

[rucs_hack]

And so, I'm supposed to trust "big companies" with my vote....why, exactly? I realize we may have to do something along your suggestion to fix the voting system, but the examples you chose hardly inspire confidence..

I wasn't talking about how well those systems are run. I live in the UK, where we pay that nasty, socialist national insurance, and have health care assured free at point of provision, no matter what ails us, and regardless of previous health conditions. Apparently this means we also breed terrorists, since one of your senators recently claimed that government run health care promotes such things, but I digress.

My point is, properly run or not, you still let it happen (and you do let it happen, there are 300 million of you, it's not as if they could say no if you all objected at once...).

Given this precedent, and provided it is done in a non profit way, my proposed system might actually work.

Re:Heh.

[crmartin]

You seem to claim its more likely that one retard exists that can stuff a paper box, than that one hacker exists that can hack an electronic election.

This missing point here is that there are lots of retards.

Re:Heh.

[0xABADC0DA]

Most of your points about physical ballots go away if observers can see the empty ballot box before polls open and watch it all day long until the votes are taken out and counted locally. You know, like in Canada. The kind of system we don't have, since we rig our votes.

* You can't pre-stuff the box with your fake votes.
* You can't 'swap the ballot box'.
* You can't add more than one votes without being detected since observers can count how many people vote.

Furthermore your evaluation of electronic voting security is flawed:

* Clearing logs files is easy
* You don't need physical access, your hack can be spread 'by floppy' over time.
* You can't ask a computer to 'md5sum' itself to verify its correctness -- that's as possible as solving the halting problem.
* It is even theoretically possible to alter the specific memory address of the counts using radiation. /target yourmods /sigh

Re:Heh.

[rucs_hack]

Your post is most interesting.

Would you mind cloning yourself a few million times so you could get this implemented?

Seriously though, I like. You should send the idea to your representative.

Re:Heh.

You mean to print ballots that are pre-filled out? I could print about one a second. Not that this matters as I could do it at my leisure.

If they are hand-generated ballots, yours are going to stand out a touch. On the other hand, there will be lots of spoilage. I'll give you this one, absent serial numbers or other mechanisms that can be used for external validation.

If I pre-stuff the box with my pre-printed ballots before the polls even open... Zero. If you swap the ballot box out after the polling and dispose of the original, then you need a replica of the box.

This is why we have representatives of each party in charge of certifying the ballot box empty at the start of the polling, monitoring them at the election site, and escorting them to where they are counted. Signed seals and unique keys finish off this issue in its entirety. We do very well with paper ballots and security. As Bruce Schneiers has said: We know very well how to secure small pieces of paper (he meant money, but ballots are also small pieces of paper, even if they are more valuable than money)

Well, since you need physical access to the machines since they are not on the network, this could take a while. Once you get access, how long to upload whatever changes you want to make could take a while. Of course, you also have to make sure to clear all logs of your access and try to make sure that any changes you made are not detected by something as simple as MD5SUM on pre-polling files.

Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic election.

Physical access to the machines. In a precinct near me, the machines are 'physically' stored in a public space shortly before the election. They are locked with a common padlock. Problem solved. If it was a ballot box, we could prevent stuffing by looking inside. Hell, if we were worried, we could buy some lumber, nails, and hardware and make a new one. How do you 'look inside' an electronic voting machine to ensure it is empty? Now assume you can't trust the code running on it to tell you the truth about whether it is empty.

You need time? Did I mention that they were in a public area? This room is empty almost all day. Take all the time you need.

Logs of what you did... You can root the voting machine; what logs are there to be concerned about?

So sure, any retard can stuff a ballot box... and get caught. It takes someone 'smart' (as smart as the average developer who wrote the voting software at least) to compromise an electronic voting machine. I don't think you've proved your point.

Re:Heh.

[EriDay]

think the best method would be to set up a consortium of major technology corporations to create the voting machines

Replace corporation with Universities

Before anyone starts foaming at the mouth about big companies I say this. They already run your health system, your financial institutions, your currency, transportation systems, and your food supply.

• health system - broken
• financial institutions - how much money did the corrupt bastards lose this week?
• transportation systems - destroying the planet
• currency - run by government (see financial institutions above)
• food supply - what percentage of the US population is obese?

Re:Heh.

[rucs_hack]

Replace corporation with Universities

Perhaps, but university graduates end up working at the major corporations, so we are ultimately talking about the same people.

I'm an academic myself, one who is finding that academic success bizarrely doesn't mean an escape from low wages, so I wouldn't personally be convinced that academia is any assurance of moral and ethical superiority. We all have to pay bills...

Re:Heh.

Since by extension, it taskes more smarts to rig an election using technology than one using paper, then basing an election on technology should lead to smarter cheats getting to power - and having smarter leaders could be a good thing? Maybe not - as smart bad people would be worst than dumb bad people in charge, so that would make it an argument to make the system as simple to cheat as possible to allow the dumbest bad people to get power - but then we'd be ruled by idiots - oh wait, that would mean no change from now then I guess.

Re:Heh.

Your examples assume everything is done right in securing electronic voting machines and that everything is done wrong with securing paper ballots. From what I've been hearing, it's probably true that not all paper ballots in elections in the US are secured properly. But it's also true that electronic voting machines are currently implemented very badly.

From my point of view, it's basically impossible to implement electronic voting machines securely and reliably enough for something as important as electing your government. But countries that aren't the US have managed to adequately secure elections with paper ballots (I live in one, in fact). I would therefore suggest that it would be more worthwhile for the US to focus on how to best secure paper ballots than to continue mucking around with electronic voting machines.

Re:Heh.

[Smidge204]

You do not need to fiddle with the machines at the polling places, or even the machines themselves. There are plenty of places where you can tamper with them (options vary with the exact system in use):

1) Tamper with the machines themselves at the storage location before they are distributed to the polling locations This includes OS/software hacks and can be done basically once to pollute hundreds or thousands of machines as they are set up with the latest candidate/ballot data.

2) Tamper with the memory cards that hold the results:
  2a) On their way to the polling places
  2b) On their way from to wherever they are read into the tabulation system

This can be done by exchanging the memory cards with premade ones or preloading fake data onto them, such as candidates with non-zero vote totals (candidate A starts with 100 votes, B starts with -100 votes, and the total number of votes recorded still adds up)

3) Tamper with the central tabulator so it miscounts the votes

4) Tamper with the vote results directly after everything is tabulated

That's just off the top of my head without any serious knowledge about how the entire process works. I'm sure there are plenty of other opportunities to mess things up without leaving much, if any, evidence.

There is no way to make any form of voting tamper proof unless aninimity is given up. Where you get a card saying who you voted for (in case of a discrepancy) and you can review yours and everyone else's votes after they have been cast. Easy solution: Be required to leave that card at the polling place. One method I've seen used is basically large bubble-scan sheets - fill in the bubbles for your votes, and it gets scanned on-site to cast your vote. The paper copy still exists as a record and you leave empty-handed.

I'd personally like to have the machine print that card instead of people filling them in with (erasable) #2 pencil... use the machine to cast the vote, print and review the paper receipt (shred and redo if necessary) then scan the document on a separate machine before you leave. Now you have two independent copies of the digital tally plus a paper backup. A barcode or other non-human-readable* system can be used to add a unique but non-identifying ID to each ballot to correlate the three records.
=Smidge=

*Being a total geek, I had once learned to read UPC style barcodes by eye. Maybe something a tad harder to learn should be used.

Re:Heh.

[SatanicPuppy]

Uh..."Satanicpuppy"

Just sayin...

Re:Heh.

[zoltamatron]

You speak nonsense.....what a ridiculous example of forgetting logic for the sake of argument.

Well, since you need physical access to the machines since they are not on the network, this could take a while.

How can you even say that physical access to the voting machines is a hurdle for an electronic system when you are talking about stuffing friggin ballot boxes?

You mean to print ballots that are pre-filled out?

Ummm....yeah....it doesn't even take a retard to look at a ballot and see if it has been filled out by a printer or filled in with a pencil. If you change digital data you can leave no trace.

If I pre-stuff the box with my pre-printed ballots before the polls even open... Zero.

Okaaaay....then you have a ballot box that anyone can easily look in to see that it has been tampered with? If you have tampered with an electronic machine then it looks and acts the same.

I only agree that the best system should have a paper trail, but I lean towards the optical scan machines that let a voter fill out a ballot, then it counts it and drops it into a box. Then you have a physical record of what the voter wrote down, not just a printout of what the voter typed in. In a complicated election that has many measures, props, and a host of positions to elect, many voters are not going to scrutinize the printout. Its just easier to fill out a paper ballot that gets collected.

Re:Heh.

[Slur]

All very true, so one wonders how you got so thoughtlessly modded down to -1. Apparently Thomas Swidarski must have some extra mod points!

Re:Heh.

[rhomp2002]

Problem is that it sometimes is easier to make them appear also. Remember the Washington state governor's race last time? They kept checking what were supposedly boxes that had been emptied and finding more and more ballots until the democrat won. She lost the first 3 times they counted but every time they checked the boxes and found more ballots. Amazing how tricky those ballot things are!!

Re:Heh.

[Detritus]

Pesky election observers can be made to go away. Doesn't anyone ever read the news or a history book? People have been tampering with paper ballots since their invention.

Re:Heh.

[so+many+toms+(me+too]

You mean to print ballots that are pre-filled out? I could print about one a second. Not that this matters as I could do it at my leisure. A ballot-counter should be able to identify printed ink against pen ink. If not, I think the consistency of hand-writing would be a little bit of a giveaway. Moreover, you shouldn't have access the ballot paper before the election. If you do, you would need to construct the correct images, trim papers to the right size, etc. in a short period of time previous to the election.

If I pre-stuff the box with my pre-printed ballots before the polls even open... Zero. If you swap the ballot box out after the polling and dispose of the original, then you need a replica of the box... Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic election. What, you have your own ballot box at home? There should be enough security so that there isn't just one person watching a ballot box at any one time. The whole point of physical ballot-counting is that the records exist in perpetuity AFTER an election, and can't be retrospectively altered without difficulty and physical access.

Moreover, so what if you can swap a single ballot box? A hacker that can hack an entire election is far more dangerous than a loony who has access to a several (at most) ballot boxes. Even assuming some wide-spread fraud, there are enough individuals and ballot-counters involved in the process to identify any such problems, and the physical ballots are kept such that fraud can be retrospectively identified, even if the sources of such fraud cannot.

Re:Heh.

[CaptainZapp]

One person can keep a secret. A hundred? A thousand? Never.

Or to paraphrase Ross Thomas:

If three people know about it it's a conspracy;

If five people are involved it's a convention...

Re:Heh.

They already run your health system, your financial institutions, ... Starting right at the bad examples. The health system companies could use some urge to develop some cures for the not-so-common diseases and not just go for the money and let the rest rot. Also my trust in big financial institutes has grown even weaker in the last month.

Re:Heh.

> Pesky election observers can be made to go away.

Yes, but it is a bit difficult to make humans go away without anyone even noticing the fact that they are gone. Very much unlike e.g. log files...
I think nobody is claiming that paper votes are safe. But they are very hard to manipulate at a huge scale without anyone noticing and not even the tiniest chance of ever proving such a manipulation.

Re:Heh.

[instarx]

You mean to print ballots that are pre-filled out? I could print about one a second.

No you couldn't. Oh, you might be able to print out blank ballots at that speed, but printers only print replicas of pencil or pen checkmarks. Your printed ballots would be pretty obvious as forgeries.

If I pre-stuff the box with my pre-printed ballots before the polls even open... Zero. If you swap the ballot box out after the polling and dispose of the original, then you need a replica of the box.

OK, you MIGHT be able to get a pre-stuffed box into the polling station, but your fraud would be discovered pretty quickly. A relative of mine used to work on the elections board and the ballot boxes were always opened and inspected in front of the poll-workers before the polls opened, and then re-locked. Plus, the number of ballots are always matched to the number of people that voted. If there are several hundred extra ballots in the box how would you explain that? For a self-styled expert on voter-fraud you certainly don't know much about voting procedures.

Rationalize all you want, but your contention that it is just as easy to cheat with paper ballots as it is with e-voting is nonesense.

Re:Heh.

[electrictroy]

The State of Maryland had a really good system (I think). Each person was handed a paper ballot, and you drew a line next to the person you wanted. The ballot was then scanned by machine. So this provided two benefits:

- it was quick to tally the results because it was done electronically

- but in the case of suspected fraud (like the main article) it was easy to go back and review the ballots. Like a paper receipt at a store provides proof of purchase, the voter ballots provided proof of how each person voted. The electronics provided the primary tally, while the paper provided a secondary backup system.

Now we have computers.
Easily hacked & changed.
And no way to undo the hack (no paper trail).

Re:Heh.

[hey!]

The problem is that paper based elections are no more secure

Oh, come now.

Statements like this only confuse the issue, because security is no more a property of any individual element of a system than temperature is the property of a single molecule of gas.

Also -- "secure" is a lot like "hot"; it's a relative term. Hot enough to fry an egg is not hot enough to forge a horseshoe. Dogmatic pronouncements like "paper based elections are no more secure" are based on the assumption that "security" is something you either have completely or lack utterly. This is why public officials get hoodwinked into thinking vendors who make ATMs know how to make perfectly secure systems. They don't realize that ATMs are not very secure at all, just that adding enough security to them to prevent $1 of theft would cost the banks more than $1. It's highly unlikely that the standards of "secure enough" in that situation apply at all to elections.

The sophisticated way of framing the issue is this: "given the expense, effort and time we are willing to put into an election, can we achieve an acceptable level of confidence that we have achieved an acceptable level of security in a paper-free system?"

Now, I am not so dogmatic that I'd rule out the possibility of achieving an acceptable level of security in a paper free system. However, I'm pretty sure I'd never be confident that a paper free system is secure enough, and I don't flatter myself when I say that I know a hell of a lot more about this sort of thing than the average secretary of state or election district procurement officer.

The thing that makes paperless voting systems a really, really bad idea is that the people accepting them are never going to be qualified to evaluate them. Any confidence they may have in the system is bound to be derived from a considerable degree of wishful thinking. This is not a theoretical possibilty, it's been proven by the insanely insecure systems these people have signed off on. And, sadly, delegating the evaluation of what is "secure enough" to an industry consortium does not give me a warm and fuzzy feeling. It's not that they are going to collude in stealing elections, it's that their incentives are all wrong. They'll want the standard that is most profitable to sell, which may or may not have any useful bearing on being secure enough to trust with our national destiny.

Now, let's ask the next question: "given the expense, effort and time we are willing to put into an election, can we achieve an acceptable level of confidence that we have achieved an acceptable level of security in a system with a paper audit trail?"

I think the answer is yes. Not absolute security, but acceptable security. Every government agency, indeed every large entity, employs people who have a lot of experience in preventing and detecting fraud using a paper audit trail. They're called accountants. Of course, financial fraud is still very widespread, but it is not for lack of expertise in stopping it, but will. You can still use the rarefied skills of high end computer security experts in evaluating a system if available to you, but you can also use much more commonly available skills in the design of tamper protection and fraud detection if you introduce a paper trail.

Re:Heh.

[electrictroy]

When this country was founded people did not vote anonymously.

Why is it necessary to be anonymous? Thomas Jefferson and the rest of them voted publically and in full view of all their neighbors. Why can't we do the same? I'd personally have no qualms if I was mailed a receipt verifying my choice (and thereby revealing if any hacking too place).

Re:Heh.

[electrictroy]

And now you've given them computer ballots.

The ballot stuffers must love you, because you just made their lives so much easier. They don't even have to leave their computer keyboard. Just write a quick trojan, plop it onto a PCMCIA card, and have their paid stooge feed it into the Diebold machines. Done.

Much much easier than those messy paper ballots.

Re:Heh.

[houghi]

I make it simpeler.
One machine and a printer. Machine counts the vote. Printed paper has the vote on it and is put in a box.
Random places are selected to count the paper votes and compare them to the electronic ones.
If there is any doubt, count the paper votes.

No barcode printed, because people can not read those and could contain information about the voter.

Re:Heh.

[Evolt's+RonL.]

I don't think the goal here is to hold 'honest' elections. The goal here is to keep the disenfranchised, uh, disenfranchised!


I don't think either party cares too terribly much if the other candidate or their cousin slip in a few extra votes in precinct 'x'. Those are known players and that's the way the game goes.


But with electronic systems we introduce the possibility that a player unknown to either side can influence the outcome not through a hundred nepotistic henchmen, but by simply sitting at their keyboard in China or, god forbid, Cincinatti! That is what gives them nightmares.

Re:Heh.

[dgatwood]

The problem is the "if there is any doubt". There should always be doubt. I often count my socks more than once when making sure I don't need to do laundry in a given weekend. A vote for the leaders of this country should not be treated more lightly than the contents of my sock drawer.

Re:Heh.

"These P.O.S machines didn't even have logging turned on. Fraud, no fraud, it'd be impossible to tell."

Whoa! Stop the presses! That's just some unsubstantiated accusation that you're assuming to be fact.

I'm a native Ohioan and I don't want to pay for an all paper election. Do you have any idea how much more that will cost? The whole premise that voting fraud is easier with electronic machines preys on the ignorance of the public who don't understand how secure and glitch-free computing can be achieved. Having only witnessed Consumer OSes, such as MS Windows, if any consumer based computer at all. My Secretary of State is clearly displaying the paranoia left over from an era where computers were still giant machines that filled an entire room.

Brunner's haste to turn our voting system back to the dark ages (smack in the middle of a presidential election cycle), displays the poorest of judgements on her behalf. Not only does Brunner display poor judgement, she's demoralizing and undermining our election process, by telling Ohians they're not smart enough and cannot even be trusted to monitor the electronic voting machines.

Re:Heh.

[sjames]

If I pre-stuff the box with my pre-printed ballots before the polls even open... Zero

ed to stuff the ballot box with votes that are actually in the machines memory. Not impossible to hack, but much more difficult that hacking either a paper or electronic system alone.pecial election than to have no idea the results were fixed.

Well, since you need physical access to the machines since they are not on the network, this could take a while. Once you get access, how long to upload whatever changes you want to make could take a while. Of course, you also have to make sure to clear all logs of your access and try to make sure that any changes you made are not detected by something as simple as MD5SUM on pre-polling files.

According to TFA, apparently not. It seems all of the logging was disabled on the machines. Unlike paper ballots that could be examined at any time to see what they actually said, they have no way to independantly confirm or deny what the Sec. of State saw when she voted.

Personally, I feel that an electronic voting machine should print out a serial numbered, easy to read paper ballot that you have to drop into the box before you leave. Now you have the best of both worlds. If the electronic numbers do not match what is in the paper ballot box, investigate. Each serial numbered ballot should have a corresponding electric vote. Now to steal this kind of election, you'd need to stuff the ballot box with votes that are actually in the machines memory. Not impossible to hack, but much more difficult that hacking either a paper or electronic system alone.

Or convince some of the machines to claim that a cantidate has withdrawn some of the time during the election, but never before or after. Bonus points if you include a function to slef-modify the flash image to look like the official version just as the election is ending.

Re:Heh.

[sjames]

The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed. Accidents do happen, so you can't say they never would be. We need a better voting system that takes advantage of our new computing technology.

Paper is a lot more secure, not because it's tamper proof, but because it's tamper evident. You can lose paper, but it's obvious when you do. They also have the advantage of immediate accessability. When the voter marks (or better punches a hole in) the ballot, the mark is human readable (and in the event of a question, it will be tallied by multiple humans reading it). With a voting machine, a vote is (perhaps) tallied on a memory card that looks no different before and after. Even a computer expert who has examined that very model of voting machine and committed it's entire design to memory can't say if his vote was actually tallied or not.

Re:Heh.

[sjames]

To tamper with the Machines, which are not on a network, one would need to go to each machine.

I recall an article a week or so ago about the possability of a virus on the memory cards. Infect a few of those and it'll end up on enough of the machines or the tabulator one way or another.

Einstein's kids, grand kids, great grandkids ...

[iknownuttin]

...the great-grandson of Albert Einstein working in collusion to pull this off," White said.

Actually, his kids, grand kids and great grand kids are all pretty average. One of his great grand kids owns a furniture store and 3 warehouses. See the current issue of Discover Magazine - has Einstein's photo on it.

Damn

[Garrick68]

Just fucking have a system that takes your vote, prints out 2 pages one you keep for your records, the other scanned by a bar code reader and but in a lock box. How fucking hard is that????

Re:Damn

[Kandenshi]

Make sure you bring me your receipt showing you voted for my uncle Tony or else your thumbs and you will be spending some time apart.

Re:Damn

[moderatorrater]

Secret ballots are secret for a reason. People shouldn't be allowed to prove who they voted for, or else they could just sell their vote or be coerced into voting for a candidate.

Re:Damn

[kabloom]

Sorry. Doesn't help. "What? You shredded it? BAM" (a bullet hole through your head.)

Re:Damn

[moderatorrater]

You're right, the man who's going to cut off your thumbs is going to accept "I accidentally shredded the piece of paper proving that I did what you said. Oops." Why hasn't everyone threatened by the mob thought of that!

Re:Damn

[noidentity]

Just fucking have a system that takes your vote, prints out 2 pages one you keep for your records, the other scanned by a bar code reader and but in a lock box. How fucking hard is that????

What's the point of printing it in a human-readable format when that's not what's getting counted, unless they taught how to read Barcode in school that day I was sick at home?

Re:Damn

Make sure you bring me your receipt showing you voted for my uncle Tony or else your thumbs and you will be spending some time apart. Mob bosses generally don't run for office... of course, they do have friends who do so.

Re:Damn

[Bryansix]

How is this flamebait? This is what they SHOULD be doing. The election board literally has an IQ less then that of the fungus growing on the bathroom door handle in my office.

Re:Damn

[Bryansix]

Because there could be random audits by actual people who actually read the ballots and make sure the machine count matches. Geez, do I have to think of everything for you people?

Re:Damn

You're solving the wrong problem.

This is really simple:

1. Voter uses machine, machine prints one copy.
2. Voter checks to make sure vote on the copy matches what was intended.
3. Voter hands in printed ballot.

DONE.

No two copies, voter-verified, paper trail.

Of course, you could always replace step one with:

1. Voter uses a fucking PENCIL AND PAPER and fills out the ballot WITHOUT requiring a fucking $1000 machine.

But that doesn't satisfy the need for pork.

Re:Damn

[jonaskoelker]

So put a fucking paper shredder next to the exit! It's not that fucking hard! But then you still have the option of keeping the receipt, which means Tony will still want to see it. The only way for you not to have the option of keeping the receipt is if you never have it in the first place.

Re:Damn

[southpolesammy]

s/allowed/forced/

Re:Damn

[GHynson]

Then the "System" won't be able to forge the results.

Re:Damn

[Otter+Popinski]

*Whew!* Now we've solved that problem. The Ohio mob is gonna be pissed...

Re:Damn

[sfjoe]

That's a little over-dramatic. It would more likely be something like, "bring me a receipt showing you voted for Tony and the drinks/dinner/hookers are on me".

Re:Damn

[noidentity]

If that's the case, then why even bother with barcode scanning? Let the machine that prints the human-readable copy do the counting itself. So user walks up to machine, punches in vote, machine prints human-readable copy, user verifies copy and drops it in locked box. If machine's counts are called into question, the printed copies from the locked box are counted by hand. No barcode or second machine needed, unless I'm missing something.

Re:Damn

[AK+Marc]

That's just plain stupid. If people really wanted to buy (or coerce) votes, they'd do it now. Go to the poll, hand them a camera, tell them to vote, watch to make sure they don't get a replacement ballot, look at the picture of how they voted. Big Tony can verify every vote in the precint today. I'd rather have it a little more easy to verify for Big Tony if it was verifiable by me at all. Currently, there is absolutely no way at all to know how my vote was counted. You may find it acceptable, but I'm not a big fan of votes all being "lost" once they are submitted.

Re:Damn

[AK+Marc]

What's the point of printing it in a human-readable format when that's not what's getting counted, unless they taught how to read Barcode in school that day I was sick at home?

Quick counts for that night are done with the barcode. Any recounts are done by humans reading the words printed. That way, if there's a problem with the bar codes (since you and I don't read bar codes) they will be found out quickly and the bad codes ignored. The count will be instantanious and more accurate than it currently is, with verification by humans possible (in fact easier, since reading a printout is simpler than deciding what's a pregnant chad and a dimpled chad and a dangling chad and all that).

Re:Damn

[Bryansix]

Yes, that would work.

Re:Damn

[Wavebreak]

Shredded your receipt did you? Say goodbye to your kneecaps. And bring proof you voted for uncle Tony next time.

What's a balot?

Some French flying machine?

Elections need auditability

[bokmann]

Skeptical? Sure... they should be. But shouldn't they be able to answer a question like this definitively one way or the other?

Elections need to be auditable.

Related story

[TripMaster+Monkey]

If you're not yet completely convinced that the electronic voting currently being rolled out is a craptastic idea, here's a little story on how a simple malformed URL can get the online voting registration page in Pennsylvania to yield other voters' registration files on demand.

Re:Related story

Funny that. Voter registration != voting. Here in the People's Republic of Cambridge, all the information on my voter registration card (name, address, party) is printed along with all of my neighbors' data and nailed to a nearby telephone pole by the city. Voter registration data is not supposed to be private.

With big (corrupt) companies like Diebold, et al..

[mamono]

We have corrupt politicians, corrupt corporations, corrupt government officials. Voting is a big farce as it is, without introducing tamperable electronic voting into the mix. I've always said, your vote does NOT count. Corporate America chooses all the major political positions in this country. When you get down to the local level, small to medium-sized cities and sometimes counties, you are ok. Anything bigger than that, though, it is all about corporate interests. This country is run by the oil and pharmaceutical industries, with defense contractors close behind. They buy and sell their way into whatever position they can get to further their own interests and fill their pockets with more taxpayer dollars.

If you want to know what the situation is really like, listen to Rage Against the Machine and Public Enemy. Rage puts it best when they say "What? The land of the free? Whoever told you that is your enemy!"

Ohio

[Anivair]

I hate my state. On election night of the last election we almost immediately found a district near me where they had registered more voted for Bush than existed in the whole county. Gotta love when they're obvious.

Re:Ohio

[BECoole]

Happened in Cuyahoga County. It was Kerry voters.

Re:Ohio

[Black-Man]

And you wonder why Ohio is in the shape it is? Maybe because folks like you can't even form a proper sentence. "found a district near me where they had registered more voted for Bush...". Did you mean to say "more voted for Bush than were registered to vote"??

Ohio... the next West Virginia.

Re:Ohio

It's perfectly valid. It can be read two ways (though both are pretty much equivalent):
"they had registered [that] more voted for Bush than existed in the whole county"
or
"they had registered more [who] voted for Bush than existed in the whole county"
And your suggested "fix" changes the meaning of the sentence; he said it's more than the amount of people who exist in the county, not merely who are registered voters.

Don't go insulting the intelligence of others when you are barely smart enough to pound out a poorly-written admission of your lack of skill with the English language.

Re:Ohio

[Ogive17]

Its getting really ugly and if they cared half as much about the welfare of Ohio as they do partisan politics... things wouldn't be so bad.

I didn't have to look far for you own grammar mistake.

Re:Ohio

[bogjobber]

Sounds like bullshit to me. Unless, of course, you can provide some sort of reference.

Re:Ohio

[Anivair]

I suppose I meant to say registered more votes, but feel free to assume a total rework of the grammatical structure of the sentence rather than a typo. Makes sense.

Re:Ohio

[Anivair]

Total number of votes received by Bush in Gahanna, Ohio,Ward 1B: 4,258 Total number of ballots cast in Gahanna, Ohio, Ward 1B: 638 The ballots are public. Go check yourself. Or google the city of gahanna.

Re:Ohio

[Black-Man]

Since when does editing after the fact make the sentence correct? Congrats... you have a 6th grade education like the original author.

Re:Ohio

[bogjobber]

You are right, the ballots are public. And they don't show anything like what you describe. (Excel sheet, look at rows 4199-4203).

Total number of registered voters in Gahanna, Ohio: 3090. Total number voted: 1996. Total for Bush: 1085. Total for Kerry: 881.

What was that again? You were quoting a secondary source on the internet and uncritically accepted it because it supported your political beliefs? That's okay, I would hate for the truth to get in the way of your opinions.

Yes, I've read What Happened in Ohio? and many articles on the subject. There has never been any hard evidence that the Republicans rigged the 2004 election. You have to reconcile yourself to the fact that your country actually *did* vote George Bush into two consecutive terms.

Re:Ohio

It's not "editing after the fact", you fucking idiot. Relative pronouns are usually implicit in casual English. Implicit. You know what that means? No, you don't, or I wouldn't be responding to you again, so I'll explain it. It means "a person I have to explain this to probably shouldn't be using a fucking computer" and "a person who I have to explain this to probably shouldn't be using a fucking computer" are equivalent (That means they may be different, but they mean the same fucking thing. Hard to grasp, I know, but please try to follow along.). I was just making explicit what was implicit, not editing it (the brackets were meant to show this, but I guess such 'subtle' hints are beyond you).

Stop trying to be an INTERNET TOUGH GUY GRAMMAR NAZI if you can't even write a sentence without not just shooting yourself in the foot, but blowing the whole fucking foot off.

Re:Ohio

[Anivair]

Are you suggesting that you're chocked that the numbers were corrected something like four years after the fact? The fact remains that on election night they registered more voted for bush than there were voters in the district. Fact. I looked at it with my own eyes. if you don't like my numbers, feel free to disbelieve. I'm sure that will vastly improve the voting situation in the US.

Overly Complicated

[kellyb9]

I fail to see why it is so difficult to create a reliable voting machine. It's an adder... computer have been doing this since they were first conceived.

Re:Overly Complicated

I fail to see why it is so difficult to create a reliable voting machine. It's an adder... computer have been doing this since they were first conceived. Thank you for taking the time to appreciate the full depth and breadth of the issue at hand. I would like to extend my personal gratitude for your contribution to the discussion.

Re:Overly Complicated

[Chandon+Seldon]

An adder is generally either used by a single user who wants accurate results or by a group of users who all want the same accurate results. Further, adders are generally designed as general-purpose components that will be used in hundreds of different applications - making one that output 3 for 1 + 1 would simply be a poor business decision when it was noticed rather than an effective attack against some specific application.

In contrast, voting machines are specific-purpose devices that are *always* used by large groups of people; and any of those people might want to tamper with the election. It should be obvious that this creates a relatively complex *security* problem rather than a simple electrical engineering / programming problem.

Re:Overly Complicated

[Geoffrey.landis]

I fail to see why it is so difficult to create a reliable voting machine. It's an adder... computer have been doing this since they were first conceived.

Exactly... if the software is really so simple, then, just why do the voting machine companies call it proprietary and refuse to let anybody inspect their code or their machines? Sequoia just threatened the state of New Jersey with a lawsuit if they let an outside lab access to a voting machine to test it after about 60 Sequoia voting machines across the state seemed to malfunction during the state's Feb. 5 primary.

Re:Overly Complicated

[gnick]

That wasn't very nice - A voting machine is just an adder. The only trick is that it must add perfectly, be tamper-proof, and make sure that nobody is able to contribute more than once.

Wait... That does sound kinda tough...

Re:Overly Complicated

[e9th]

Sequoia'a threat succeeded.

Re:Overly Complicated

[Todd+Knarr]

The problem isn't creating a reliable voting machine. That's trivial. What's hard is creating a voting system (of which the machine is only a small part) that can be verified to have been reliable without having to assume anything about the reliability or accuracy of any part. The only feasible way of doing this so far involves keeping a record independent of the machine's counts. That, frankly, is the basis for every method of financial audit ever created. And it works. I dealt with systems in a casino that assumed that everyone, from the cashiers to the auditors themselves, was crooked and it could still identify the exact source of even a single penny of error.

Re:Overly Complicated

[Arcane_Rhino]

Agreed. Seems to me that a machine that recorded a sequential number beside each vote, both of which could then be reproduced in both paper and read-only electronic form, ought to do the trick.

Each machine could be "calibrated" by a a bi-partisan calibration group who would pre-determined a particular sample number and voting order (equal of course). Each machine could then be validated by comparing the pre-determined sample against what was actually recorded. After that, look for absences in or additions to the sequence.

The biggest hurdle is that any code used has to be open for inspection to assure no chicanery. The code, by virtue of its performance requirements, should be relatively simple and the hardware, other than making it tamper proof, should be relatively cheap. (And by tamper proof, I mean unable to be tampered with without leaving evidence of the tampering - not indestructible.)

Unfortunately, the above suggests that there is little profit unless one can hide the simplicity behind a proprietary box. And it is the proprietary black box that is at issue with most people on /., not the possibility of producing a reliable voting machine.

Re:With big (corrupt) companies like Diebold, et a

[BlowHole666]

Perez withdrew one day after Franklin County had finalized its ballots. He had hoped to avoid playing spoiler in fellow Democrat Patsy Thomas' race to retain her appointment to the Franklin County Municipal Court. Instead, Perez's name remained on the ballots -- or allegedly, most ballots -- and Republican David Tyack won. Keep drinking the cool-aid man :) He withdrew late, after they finalized the ballots. That is like getting them to correct the spelling of your name on your drivers license after they printed it. The candidate fucked up, I don't think it is corporate America out to get you.

At least he HAD a grandson...

[SatanicPuppy]

The other participant "The grandson of Al Capone" never actually existed, and the only person who could have fathered said mythical grandson was Capone's only kid: Albert Francis Capone. That poor kid later changed his name to "Brown" and his entire criminal record consists of one arrest for misdemeanor shoplifting.

The election guy sounds like a complete moron.

Re:With big (corrupt) companies like Diebold, et a

The candidate fucked up

And? That doesn't change the fact that the ballot was fucked up as well.

Hilliard, lol :))))))

The areas where these shenanigans "might have" occurred = upper class mostly white (to the tune of 95-98%) areas like Hilliard, where the richies flee to escape all the wonderful "diversity" of Columbus. In other words, these are mostly Republican voters anyway.

A secured voting system?

[rmdyer]

Maybe I'm wrong (please feel free to correct me if I am), but is it not possible to create some kind of secured voting system based on methods of cryptographic techniques that would allow the following properies of a voting system...

a. Your vote can be cast without anybody else knowing who you voted for.
b. At any point in time after you cast your vote, you can verfiy that your
        vote is counted with the candidate you voted for.
c. The government can "verify" that you voted.
d. You can vote over the internet.
e. Only one vote per citizen.
f. Any cheating is immediately detected.
g. others where needed and appropriate.

I'm wondering if some kind of one time pads could be generated by all parties involved, combined togther with public key cryptography, that would allow such a system.

It boggles the mind that more effort and resources are put into making sure the government gets their tax returns than whether the voting system works or not.

Why should I vote again?

Re:A secured voting system?

[corsec67]

Any system where a person can verify their vote after it has been cast is open to a very real kind of attack:

"Vote for #{my_candidate} or you are fired. Signed, your boss"
Or, husband, wife, mother, creepy guy standing outside the polling place, etc.

Re:A secured voting system?

[gnick]

That goes for both

b. At any point in time after you cast your vote, you can verfiy that your
                vote is counted with the candidate you voted for. and

d. You can vote over the internet. I'd love to verify my vote and I'm not really afraid of voting over the internet. However both cases expose you to possible coercion and a great deal of the computers are infected with malware and should not be trusted to do anything that you don't want stolen or manipulated.

Re:A secured voting system?

[SEAL]

I'm wondering if some kind of one time pads could be generated by all parties involved, combined togther with public key cryptography, that would allow such a system. Don't throw pseudo-cryptographic nonsense into it. The problem is a human one; it cannot be solved purely by technology.

You have a task that gathers data from many sources, and needs to verify the identity of those sources. Many people and groups will try to attack, corrupt or undermine that data. Furthermore, any verification in place to detect and prevent such attacks can also be considered vulnerable, but ALSO gets saddled with a deadline as laws in many states prevent recounts after a brief timespan.

The "attacks" could be purely technological -- (subvert the software), all the way to social (have poll workers set up certain locations in a way that delays people who are waiting to vote in areas that tend to be against your candidate).

People speak of the importance of a paper trail, but that merely diverts the point of vulnerability. How do we detect that a recount is needed in the first place? Who is doing the recount? How do we know it is any better than the first count?

Re:A secured voting system?

[Bryansix]

So make vote coercion punishable by death via flamethrower. I kid of course but the punishment should be large and severe.

Re:A secured voting system?

[BitZtream]

'Secured' depends on your point of view. Some of the things you bring up are somewhat mutually exclusive. The cryptography involved isn't the problem, and assuming the systems use a real cryptoghaphy algorithm, its rarely the problem. Generally its implementation details not directly unrelated to the cryptography algorithms involved that cause the problems. For instance, the diebold photo on their website which showed a master key, in which someone was able to copy and open a diebold box. Atleast I think it was diebold, might have been another company?

Some of the things can be done but only if you don't expect the others.

In reality though, A - F are never going to be assured. The machines can always be tampered with (mechanical or electronic voting methods, it applies to both), its just a matter of how many people are involved in the cheating. If you had tamper proof machines, then E, C and either A or B can be assured, but not both A and B, since the data must be retrievable in some form. You can't just encrypt your vote with your private key and send it off to the machine (which would give you A) because the machine can't read it to know who you voted for.

You can sign the vote with your private key so that you can verify it hasn't been tampered with and can be verified later ( which would give you B), and likewise, if everyone only has (and can not possibly get another) private key, you can assure everyone can only vote once ( E ). But this is practically impossible as well, since generating fake identities is fairly common.

One of the problems with designing a voting machine is that we have A. If you properly audit and log the votes, you don't have A, but you can get B, C, and E. If you don't properly audit and log the votes, you can get C and E to some extent, but not B. Without logging you have no chance of detecting cheating ( F ), even with logging you can still cheat, it just gets harder.

In a perfect world (ha ha) then you would not care if anyone knew who you voted for, in which case the system becomes a whole lot less complicated. It just all becomes public record which anyone can look at and verify if they want to. Everyone signs their vote with a private key that can be verified against. But, since its common knowledge that people are persicuted because of their beliefs, we choose to hide who we vote for to ensure our own personal saftey. By personal safety I don't just mean from physical harm, but from prejudice at work, in the community as well because others disagree without choices.

So ... the short version of this is, while cryptography can help secure our voting records, it can not fully solve the problem itself, which is that people are corrupt beings.

Re:A secured voting system?

[rmdyer]

Any system where a person can verify their vote after it has been cast is open to a very real kind of attack:

"Vote for #{my_candidate} or you are fired. Signed, your boss"
Or, husband, wife, mother, creepy guy standing outside the polling place, etc.

Yet this "kind of attack" is not an actual attack on the voting system itself, it is a personal attack on you. You call it "very real" yet provide no statistics that this doesn't already take place, or if it did under the system outlined previously, whether the cumulative effect would make any statistically measurable difference. Like I said, using some kind of one time pad, or cryptographic technique, that you generate to protect your vote, no one else can see it, without "stealing" that key from you. Ok, so we add in the following property to the system outlined previously...

h. That you can generate different keys protecting different vote casts. One is real, the others fake. If someone forces you to disclose who you voted for, you give them all the keys. They then see that both (or all if several keys) candidates are voted for. They won't know which one is valid, only you do.

That should lock up that senario.

Re:A secured voting system?

[blueg3]

Further, the feature of being able to verify your vote after it is cast is a feature that doesn't exist in the current voting system. I flip some toggles, and can verify which toggles I've flipped, but I have no guarantee (just by looking at the thing) regarding what happens after the lever is pulled.

Re:A secured voting system?

[ardent99]

This is exactly right. All voting technologies, paper or electronic, will have vulnerabilities. The way to solve this problem is to have enough redundancy in the system that makes it very difficult for all mechanisms to fail, or be corrupted, simultaneously and similarly. We have learned this lesson from building fault-tolerant computer systems, and need to apply it here, too. We also need to include the human element in the fault-tolerant design, as people are also subject to failure and corruption.

For example, you could make a system that has simultaneous redundant and different technologies, such as both electronic and paper trails. Then each of these subsystems could have their information flows be split at the source and channeled through completely different paths to different counters. There could be multiple sets of people with different political allegiances doing redundant counting. With this kind of system failures would be discovered, and could be tracked back to their sources. This kind of redundancy would cost more, but it could be done pretty straightforwardly if it is really what people wanted.

The main problem of course and it is the big one, is that it is not clear that the authorities actually WANT the system to be incorruptible. There are a huge number of power plays that go on in government, and the bigger the election, the more power is involved. There is so much back-room bargaining, lobbying, and cronyism, both within government and between government and big business, that the people in power don't really want transparency and fault-tolerance because it would interfere with their power. Fair voting only helps the little people, not the people who are already in power, and the system can only be changed by the people in power.

Re:A secured voting system?

[malilo]

THANK YOU!! Honestly the vote coercion thing is the stupidest argument. To get any appreciable results, you'd have to buy a LOT of votes, and getting that many people to stay mum about it would be impossible, not to mention there'd be a paper/money trail somewhere! jeez!

Re:A secured voting system?

[jd]

I'd use the following steps myself:

• Electoral body generates a pool of public/private key pairs.
  • As each key pair is generated, a voter not yet allocated a key is associated with the key pair.
  • The public key is attached in electronic form to the voter registration card for that voter.
  • Some other Department is sent an electronic request for a cryptographic hash of some repeatably testable biometric data for that voter.
  • The public key is used to digitally sign the biometric hash.
  • The private key, plus hash and signature, is stored in a tamper-proof data repository where the electoral body has write-only access.
• The voter is sent a device for measuring the repeatable biometric data, or can obtain one from an independent group.
• The voter records their biometric data. The values are cryptographically hashed and are not retained.
• The voter inserts the public key store into the device, which copies the hash onto it.
• On voting (whether on an issued PDA or at a voting station), the voter inserts their public key store and records their vote.
• The voting machine encrypts the vote using the public key and digitally signs it with the hash.
• The electronic ballot is electronically delivered completely intact to the counting centre, and optionally to a neutral monitoring facility, immediately after being digitally signed.
• On receipt, the vote+signature is itself cryptographically hashed and a table of these hash values is publicly exposed.
• Also on receipt, the total number of received votes is incremented.
• Also on receipt, since the signature is unsalted, duplicate votes by the same voter will show as identical signatures and can be dropped. The total number of duplicate votes is then incremented.
• The voter can, at any time, use a computer that knows the encryption algorithm and can read the public key and hash:
  • Regenerate the ballot they cast
  • Encrypt and sign that ballot
  • Cryptographically hash the ballot
  • Search the list of published hashes to determine if any listed vote matches the regenerated ballot
• Both the official organization and the monitoring organization can, at the time of counting:
  • Use the signing algorithm with the biometric hashes to determine which hash belongs to which vote (first vote the hash belongs to "wins")
  • Decrypt that vote using the corresponding private key and mark the vote with a tag to say which key was used
  • Discard both private key and biometric hash
  • Repeat until no remaining keys decrypt any remaining votes
  • Validate that votes decrypted + keys remaining = total number of registered voters
  • Validate that votes decrypted + votes remaining = votes cast
  • Count votes from decrypted ballots
  • Validate that the totals for each recipient are the same
  • If they are NOT the same:
    • Run through the discarded keys on each of the remaining votes
    • If a vote decrypts, then the voter has voted twice. This vote's tag will match a different vote elsewhere. The tag of both votes will be marked as suspicious.
    • Create a max/min range for each candidate, based on the maximum and minimum they could have scored, once the extra votes are considered.
    • The max/min ranges established by the official body and the monitor should be identical, and both of their initial tallies should be within those ranges.
    • How the suspicious votes are considered should be determined by a policy agreed nationally by both parties and voters. Otherwise, all suspicious votes should be rejected and therefore the minimum score for each candidate should be the official score.
    • An Internet-accessible site run by the official election group should list the results, but also provide a searchable table of just the digital signatures of the biometric hashes for the votes deemed valid.
  • Once the official results a

Bullshit.

[khasim]

The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed.

No. You do not understand "security". It is possible to have a representative from each candidate WATCH the ballot box to make sure that it is not "lost".

Even if someone is watching the computer, there is no way for them to tell if ballots are being "lost" or changed.

We need a better voting system that takes advantage of our new computing technology.

Why? What's wrong with pen and paper?

Counting and validating paper ballots is simple. As is protecting them. They are PHYSICAL objects. People have lots of experience in keeping physical objects secure.

Re:Bullshit.

[rucs_hack]

Why? What's wrong with pen and paper?

Nothing, nothing at all.

However, population size is increasing. Ok, a lot of people don't vote (for reasons that escape me...). Assuming the option of making voting compulsory, which I am in favor of (after all, a lot of people ended up dead last century making sure we could, its a tragedy that so many people don't even seem to be aware of what happened...), then you'd very quickly have a system close to the breaking point.

All we need is a secure and reliable electronic voting system, free of commercial restraint.

Re:Bullshit.

Please explain how a distributed pen and paper system breaks as the number of voters increases.

Re:Bullshit.

[rucs_hack]

Please explain how a distributed pen and paper system breaks as the number of voters increases.

Please post as something other than AC to make me feel I should answer your question.

Since you are using the internet, and visiting slashdot, I assume you aren't a technophobe, so get with it, get an account or uncheck the 'Post Anonymously' box. Then I'll debate.

Re:Bullshit.

I have no incentive to post as other than AC. It is your argument which is weakened by your refusal to provide a valid premise.

Re:Bullshit.

[rucs_hack]

I have no incentive to post as other than AC. It is your argument which is weakened by your refusal to provide a valid premise.

My argument is weak? At least I don't hide from the consequences of my statements.

Re:Bullshit.

[Lockejaw]

Please explain how a distributed pen and paper system breaks as the number of voters increases.

Please post as something other than AC to make me feel I should answer your question.

Please explain how a distributed pen and paper system breaks as the number of voters increases.
While you're at it, explain why you'll respond to someone who posts under a pseudonym with no real connection to his identity but won't respond to someone who posts as AC.

Re:Bullshit.

[mysticgoat]

All we need is a secure and reliable appropriate technology voting system, free of commercial restraint.

There, fixed that for you.

And btw, we actually have such technology. It is the paper ballot system.

It is true that paper ballots are slow to count, but that was first mitigated by Hollerith cards, then by Chadless cards, then by optical scanning devices. It is now possible to get all the ballots in a national election counted within a couple of tens of hours. Which is more than fast enough for any political purpose. It is also possible to do a tightly audited recount within a couple of weeks, and having that capability should be an overriding concern of every citizen.

Granted that the TV news crews won't like the delays... but fuckem. They've stopped contributing anything meaningful to the national discussions a long time ago.

If you want to know all about Ohio politics...

[Weaselmancer]

Read this.
Then this.
And finally, this.

This guy is still getting voter support while he's in jail for mob related crimes.

Remember that Star Trek:TOS episode where everyone was a cheesy mobster? That was filmed in Ohio. They did it to save on costuming and sets. I'm sure of it.

Old School

I think we need to vote like they did in Greece, instead of clay shards though colored marbles green for yes red for no. you would vote for and against the candidates. This way it would be a zero sum contest;
total marbles handed out for candidates = candidate (1) + candidate (2)... + candidate (n).
If the mass and volume of the marbles in consistent to a negligible fraction one could weight or volume displacement as a easy check against mechanical and manual counting.

Ohio Voting machines are officially a crime scene

[Geoffrey.landis]

Ohio Voting machines are now officially a crime scene.

Or ARs technica

Re:With big (corrupt) companies like Diebold, et a

[MoonlightSeraphim]

Agreed. Even if the candidate messed up (and that's what he pretty much did) then why the hell his name was off on some of the ballots and was present on the others ..?

Ironic typo

... Further compounding matters, the Slashdot editor Zonk had disabled virtually all spell-checking on the machines to speed posting of the article about a "balot." Naturally, the Slashdot readership remains "sceptical."

Doesn't fucking cut it.

[A+beautiful+mind]

Too little, too late has been things "done" about voting irregularities.

In the 2004 elections around 3 million voters were denied from voting because of registration abuses. That is around 2.5% of the total voter turnout and more than the percentage Bush won in 2004 with. 5.2 million people are ineligible to vote because of their legal history. (The USA has biggest prison population on the planet, relative to population size).

It should be required by law that if any kind of irregularity exceeds 0.5% of the total voter turnout or half the difference between the opposing poll questions (between candidates or yes/no answers), then the election result is null and void. Otherwise, it cannot be said that the election was fair. If there is one thing there shouldn't be a shadow of a doubt about - it is elections.

Electronic voting is one area where things shouldn't be hacked together in a Microsoft or shitty phone software style. Election software should live up to the standards of NASA and/or nuclear power plant software, but ideally electronic voting should not be used, because otherwise it is impossible to provide a secure, relatively tamper proof election system which is also transparent to the voters in a way that the average person could verify the results if they wanted to. Shit hacked together in Visual Basic gives plausible deniability to those who say the election wasn't stolen, just glitched. Electronic voting is an overengineered solution: you have to design a computer from the ground up to serve as a voting machine and it requires advanced mathematics, advanced engineering to understand how the system works. The average person will never be able to verify if their vote was counted in a fair manner or not. Electronic voting machines are the worst things that can happen to the voting process, because it makes voting black box. There is no committee to watch whether you've inserted your voting sheet into the ballot box and ensure the ballot box wasn't tampered with. To do the same in case of electronic voting, the voting committee members would have to have a phd in computer science, hardware chip design and physics, apart from a lot of other involved fields. The voting machine would have to be in a Faraday cage and power should only be supplied to the machine when someone is actively voting. The voting machine is the ballot and the ballot box combined into one. This causes problems.

It is easier to do faster than light travel than to use electronic voting in a democratic manner. We didn't figure out FTL travel yet, but we have a better shot at it than electronic voting.

Not being sure whether an election was democratic is worse than a terrorist attack on the scale of WTC happening every single week.

Maybe the election problem was a honest mistake, but the point is that you cannot exclude the possibility of tampering. Laws, democratic rights and actions of the government should be viewed from a defensive viewpoint. "How can this law be abused? What is the damage potential of an action on this right?" Because, it is possible that this voting glitch was a honest mistake. The next one won't be, as soon as unscrupulous people learn how to exploit the lack of public outcry coupled with an insecure voting scheme.

Also, a constitutional amendment should be passed placing elections bigger than the scope of a state in the hands of the federal government (or a federal elections commission with clearly accountable personnel). It is necessary to standardize the voting procedures. You can't have 50 states voting in 50 different ways in a national election. Strict penalties should be created for those who try to tamper with voting results, either due to negligence or intentionally. While I don't agree with the death penalty, the harshest possible punishment should be used for voting fraud and currently in the USA it is the death penalty. Voting fraud is a covert overthrowing of the legitimate democratic order of a country. It should be treated as such.

To sum it up, "oh, a glitch, how funny", doesn't fucking cut it.

Re:Doesn't fucking cut it.

[t0rkm3]

Heh.

Yeah, you'd have to throw out that whole Constitution thingy to federalize election standards. Each state can determine how their representatives to the electoral college are chosen. That should stay that way, we are a Republic of somewhat independent states.

It is currently philosophically or politically stylish to erode state's rights in the face of debacles like Katrina, and Florida's voting issues, but that erodes an essential balance of power proposition in our government. I like being able to hold my local officials accountable if they don't handle a situation in a graceful manner (Blanco, Nagin, I'm looking at you.) I like living in a concealed-carry state (although I don't have a permit for such). I like being able to vote with my feet when I feel a state has their taxation all botched up (Hello, CA).

I agree that voting fraud is a pain-in-the-ass but that's for each state to figure out their risk profile.

Re:Doesn't fucking cut it.

[EriDay]

The USA has biggest prison population on the planet, relative to population size

Make that the USA has biggest prison population on the planet period. Larger than China, larger than India.

Adder?

[wfstanle]

Adder? I didn't know that those snakes were that versatile!

this is just stupid

I cannot believe we are STILL talking about electronic voting. Al Gore lost 8 years ago. Get over it. We bank online, fill out our taxes and even buy our clothes and music online but suddenly voting electronically is some kind of demonic practice. The problem (is there really is one) is poor implementation not a flawed concept. If you don't like one particular implementation of electronic voting, build something better and sell it to the county where you live. I am so sick and damn tired of people screaming about voter fraud and electronic voting problems because their guy lost.

Just one more thought: Since we do not tie ballots to a particular voter id, what would keep an unscrupulous poll worker from stuffing the ballot box?

I think the solution to this is not less technology but more openness. How bout every vote (paper or electronic) have your voter id number on it next to your vote. Then you can log in after the election and pull up your vote and SEE what you did. That's real verification. Anything less is limp dick masturbation.

Re:this is just stupid

How the hell did this troll job get tagged "interesting"?!?

The problem (is there really is one)..."

Have you been paying even the slightest bit of attention? THIS ARTICLE IS ABOUT "is there is one".

"...is poor implementation not a flawed concept. "

Like DRM?
The systems that collect votes and the systems that count them need to either have human-verifiable transparency between them (sealed box at polling place is shipped off to counting place w/public observers) or they have to fork at that point into at least one human-verifiable transparent path (like those electronic paper-ballot readers).

Otherwise, it's the equivalent of having the polling places count the ballots themselves and phone in the results -- even if you used all manner of passphrases and secure lines to ensure the actual polling place was calling in the results, there'd be no way to check if voting even actually took place, let alone whether it was manipulated.

"what would keep an unscrupulous poll worker from stuffing the ballot box?"

Transparent oversight. Duh. The box comes in and leaves sealed. Anybody can observe the process to make sure it comes in empty and leaves unbroken.

"How bout every vote (paper or electronic) have your voter id number on it next to your vote."

Because then you could track who voted for who, and harrass them, or fire them, or have them thrown in prison, or maim them, or murder their entire families, when you find out they didn't vote for who you TOLD them to vote for before the election. You know, like has happened historically whenever and wherever votes have been insufficiently anonymous. But you knew that when you made the suggestion, didn't you?

Don't lie to yourself, you know that's what you want.

Voting must be:
1 - ANONYMOUS. That means the vote can't be tracked back to you by someone else, nor can you be given any official record of what your vote was to take with you.
2 - RESTRICTED TO ONE VOTE PER PERSON. That means you still have actual people show up at a polling place, so that you can mark down THAT they voted, and also recognize them if they show up more than once.
3 - VERIFIABLE. You need to be able to go back and count it again. That means that there needs to be a physical record made of each vote result, and it also means that THE VOTE CANNOT CHANGE MID-ELECTION DAY (see article). Combined with need (1), this means that the physical record of the vote MUST BE READABLE BY THE VOTER BEFORE THEY LEAVE THE BOOTH. Try THAT online.
4 - TRANSPARENT. Each section of the process must be physically separated and independently verifiable -- polling places, vote collection, transportation, counting, reporting. The more of those that go on inside a computer, the harder it is for an independent observer to watch the process. At any point the process can fork, continuing electronically but leaving a physical trail that is difficult to alter.

Summary is very wrong

[Trailer+Trash]

Did the submitter or editor even bother to read the article. The controversy is that the candidate *did* withdraw, but his name was left on some ballots. for those who can't click:

Perez withdrew one day after Franklin County had finalized its ballots. He had hoped to avoid playing spoiler in fellow Democrat Patsy Thomas' race to retain her appointment to the Franklin County Municipal Court. Instead, Perez's name remained on the ballots -- or allegedly, most ballots -- and Republican David Tyack won.

Basically, same way Perot caused Bush #1 to lose in '92.

Re:Summary is very wrong

[AK+Marc]

Basically, same way Perot caused Bush #1 to lose in '92.

Everyone I know that voted for Perot did so with Bill Clinton as their second choice. He was what every Democrat longs for, a moderate Republican that isn't pro-war and anti-choice. That he's also what Republicans say they are but aren't (fiscally conservative), didn't seem to bring any over to him, at least of the voters I know.

Re:Summary is very wrong

[UdoKeir]

That appears to be born out here: http://www.ashbrook.org/publicat/monos/bushdef/nichols.html

Ross Perot, for example, won 30% of the votes of independents, while attracting only 17% of Republican voters and 13% of Democratic voters.

Reagan's mishandling of the economy, that Bush inherited, is what lost Bush the election.

Re:Summary is very wrong

[MozeeToby]

The linked article was changed from when I originally submitted it; in other words, blame the editors, not me.

I have to agree with the puppy on this one.

[khasim]

This mythical "retard" who is somehow a management/distribution savant?

More correctly stated, any "retard" can stuff a ballot box ... and be caught doing so.

It's like saying that any "retard" can rob a bank but it takes a skilled hacker to electronically loot your accounts. It is just wrong. It is far easier to secure a physical object because people have far more experience with doing just that.

Archer seems to be postulating a perfect scenario for electronic voting. Just read TFA and the others like it.

Re:I have to agree with the puppy on this one.

[SatanicPuppy]

I'm not sure we're disagreeing...I know a lot of ways in which an electronic system could be compromised. My point is simply that, while a skilled individual must be in the mix somewhere, that doesn't mean that machines can only be compromised by skilled people.

For a ballot stuffing scenario, however, you need a lot more people because of the physical nature of the crime. To borrow your example; any moron can physically rob a bank, and a skilled individual can electronically loot the same amount of money; but in the former case you have to have enough people to physically move it and that's where the whole thing falls apart in a physical scenario...It's much easier to move large numbers around digitally.

Re:I have to agree with the puppy on this one.

[electrictroy]

As shown in the HBO documentary "Hacking Democracy" (?), it doesn't take a lot of brains to alter the official election results. All you need is one stoolpigeon to insert the PCMCIA card, and it's over. All the thousands of votes have been mangled/corrupted by the PCMCIA's hidden trojan. The job can be done in just 30 seconds. ----- Doing the same thing with paper would take hours.

Summary incorrect

[whitehatlurker]

The candidate did withdraw, but after the ballot was compiled.

The reason for the withdrawal was to prevent vote splitting with a second candidate and prevent a 3rd candidate from winning. With the 1st candiate still in the race on some machines, the vote splitting may have occured and the 3rd candidate may have enjoyed the benefit (and did win).

The machine error may have played some part in deciding the election.

"Capone and Einstein" says the clueless ...

"I don't know of any way that could happen. It would take the great-grandson of Al Capone and the great-grandson of Albert Einstein working in collusion to pull this off." - Dennis White, Director of the Franklin County Board of Elections

OMFG, how old is this guy? Capone and Einstein? This guy is so old he thinks Desktop Publishing means working from a really small California Job Case. And he's there to safeguard computerized voting systems? Only one thing to say: FAIL.

BTW Dennis: A 15 year old with a +100 IQ, a master key (blank from Home Depot and template from the Net) and a properly configured SD card and you are completely pwned.

How many other dolts like this guy are watching are out elections? I suspect too many.

So...

[jamstar7]

Do we take this as evidence of manipulation by a political machine (not to be confused by electronic balloting machines), or simple incompetence, or both?

Having spent 25 years in Ohio, it sure sounds like business as usual to me...

Ron Paul illegally left out in a number of areas

[Iowan41]

With locals telling voters that he'd pulled out of the campaign, when he hadn't. What were they so afraid of?

Did you even read your own submission?

The guy HAD withdrawn (in order not to play spoiler for ihs party-mate), and he was listed anyway on some machines, siphoning enough votes to tip the election to the candidate of the other party.

Ohio and Florida.. WTF ?

[dbcad7]

Ohio and Florida.. story after story after each election.. What the hell is wrong with these two states ?

They should reduce their electoral votes until they get their shit together.. give em to Rhode Island and Delaware.

Re:Ohio and Florida.. WTF ?

[DragonTHC]

in 2000, volusia county, FL had one precinct count up -16,000 votes for Al Gore. That's right NEGATIVE Sixteen Thousand and change.

since the machines are technically not designed to count backwards, someone tampered with the machine to give Gore negative votes to start with.

Re:Ohio and Florida.. WTF ?

[natoochtoniket]

The Republicans who control those two states keep rigging the elections. They have to do it in different ways each year, because the system and procedures are updated after each time they get caught, to prevent them doing it the same say again. After all, that's the only way they can stay in power. This year they changed the primary date, knowing that the date would violate Democratic party rules and cause those delegates not to be seated, and then spun the news to try to blame the Democrats.

This fall, look for problems with the new registration-verification machines, and with the optical scanning machines. The statewide registration databases are new, as are the registration-verification machines, so that area is ripe for fraud. In Florida, the new election law says that the "recount" procedure is to reprint the summary reports from the optical scanning machines, and that paper ballots that have been scanned may NOT be manually inspected or audited.

Ohioan incompentency

Yep, Ohio does it again. Some politician sees pretty screens on a machine and buys it. This is right up there with Ohio's coin gate. Until this state gets it's head out of its ass it is a lost cause

Not comparable.

[argent]

If your bank machine messes up, you know by the time of your next statement... at the latest... and if the bank makes an error you've got a good chance of getting your money back.

If your voting machine messes up, you'll probably never know, and there's no way to get your election back.

What's a balot?

[EmagGeek]

Nice job relying on your firefox dictionary.

Voter deregistration is a bigger issue

[Aliks]

The biggest problem in the last few US elections has been the blocking of votes cast by those likely to vote Democrat.

This can happen by denying registration, or deregistering anyone with the "wrong" profile, or by selectively locating low quality voting machines in districts that are likely to vote the "wrong" way.

You losers are pathetic, its always Bush

mention him in something about voting fraud and you get +5 informative?

How lame does that make /. look?

Cuyahoga County is so heavily democratic its not even funny. The only reason the problem came up is the guy withdrew after the ballots were done. Lets see

Places with the most public voting irregularities?
All the Florida counties were democratic and voted that way.
Cuyahoga County is, guess what...

You guys and the moderators who vote them do a great disservice to /. You practically make it out that we are all loons and that is not the case. Hell I am just so damn glad this place didn't buy into 9/11 conspiracies

Sometimes I am embarrassed to say I read this site

I'm afraid

[cdrdude]

I think the only word to describe that is 'Terrifying'. I'm utterly horrified. I knew there was some corruption and double-dealing, but I didn't realize it goes this far. I want to believe in my country, but things like this keep coming up. I'm afraid of seeing a new Bush crony in office. If this keeps up, I'm afraid that we'll declare war on Iran, reinstate the draft, and the next thing I know I'll be patrolling streets in Tehran, hoping that nobody tries to bomb me. But most of all, I'm afraid that there are people out there, desperate to enforce their view of America on me, on my countrymen. What liberties will our 'representatives' take away in the years to come? How can we make the public aware?

In other news...

[Bloke+down+the+pub]

Florida investigating how to do it again this year.

Republicans around here couldn't care less

I actually heard this brought up a couple days ago, when I went to get a haricut. Who should end up sittting next to me but the former director of the Franklin County Board of Elections Damschroeder? (I didn't even realize he lived near me, guess I'll have to go egg his house at some point.) In his eyes, the idea of switching to paper was moronic, because "it's will cost way too much money" and "there's no secruity concerns, never have been".

Somebody mentioned this, and he said it was all a figment of Bruner's imagination, and that the machines were perfectly fine. This kind of attitude is what really bothers me about this whole thing. It's the damned elections, people damn well should be concerned about even the appearance of a problem!

ObFuckOhio

Fuck Ohio

Re:more ad hom, huh

[instarx]

"At least I don't hide from the consequences of my statements."
Sorry, I didn't realize your name was actually Rucs Hack. My sympathies!

Ziiiing! That was a good one. lol!

Vote by mail

[bamwham]

I live in Franklin county and vote in every election by mail. Of course I have no idea if my vote is counted (I do seem to have a knack for picking the losers). I like the mail in voting because I get to take my time with the ballot, I typically look up each candidate on google and in the local paper, read their positions on their websites, and check out what some of my friends are saying about them. I'm insulated from the idiotic emotional adds of the last few days before the election date, typically my ballot is in the mail two weeks before the big day. The only thing I dislike about it is that I have no way to check that my ballot even arrived at the county election board, much less whether it was correctly scanned. I do keep a photocopy of my completed ballot until the next election cycle, but this is more to remind me when a friend asks who I voted for in a particular race, or as evidence if it turns out there was a problem.

The thing about local elections is there are many races where I have never heard anything about any of the candidates. If I were to try to do this in a voting both without the internet I would end up either not voting for these races or flipping a coin. Add to this that the ballot propositions are written in the most cryptic sinister sounding language ( my impression is that they run it through a couple of cycles of Google translate with a few foriegn languages before putting it on the ballot).

As others have said, the possibility of vote buying is not a reason to deny me the right to verify my vote, rather it just means we need to make sure that this is a heavy felony with the harshest allowable punishments. I have trouble believing someone could buy enough votes without it becoming known to the authorities and public. I have no trouble believing that a motivated hack could figure out a way to manipulate the vote on an electronic machine without leaving any trail at all (Why can the logs be disabled??).

Obig: Voting Machine Ties to Venezuela

[penguin_dance]

All your votes are belong to us....

And so the question comes up, why are we even buying voting machines from a company bought up by a Venezuela company that has been linked with Hugo Chávez?

U.S. Investigates Voting Machines' Venezuela Ties

Smartmatic was a little-known firm with no experience in voting technology before it was chosen by the Venezuelan authorities to replace the country's elections machinery ahead of a contentious referendum that confirmed Mr. Chávez as president in August 2004.

Seven months before that voting contract was awarded, a Venezuelan government financing agency invested more than $200,000 into a smaller technology company, owned by some of the same people as Smartmatic, that joined with Smartmatic as a minor partner in the bid.

In return, the government agency was given a 28 percent stake in the smaller company and a seat on its board, which was occupied by a senior government official who had previously advised Mr. Chávez on elections technology. But Venezuelan officials later insisted that the money was merely a small-business loan and that it was repaid before the referendum.

With a windfall of some $120 million from its first three contracts with Venezuela, Smartmatic then bought the much larger and more established Sequoia Voting Systems, which now has voting equipment installed in 17 states and the District of Columbia.

Children. Children.

[BigBlueOx]

Those of you yammering about how much better paper ballots are must be too young to remember the election in Miami, FL where they found 6 ballot boxes filled with votes dumped in some random warehouse by someone.

Ha! I laughed and laughed. Stupid southerners. Things like that don't happen here in Ohio. Ha Ha.

Yes, Ohio. Well, Franklin County, if you must know.

Read the article? No. Should I?

Jennifer Brunner

[towa1]

I'm an Election Day Tech in Ohio and this past Primary, every precinct was forced to carry paper ballots in case someone wanted to vote on paper instead of the machine. Out of 5 precincts, roughly 10 people wanted to vote that way. This cost our county an additional $20,000 just to do the paper ballots.

Jennifer Brunner wants to get rid of the voting machines in the worst way.

Doesn't anyone think it's just too convenient that Jennifer was the only one to find this problem out?

The voter cards are all encoded with the same ballot in November since it's a general election.

How could hers have this problem and not her husband's if they both had the same ballot?

This is just her way of making the voting machines look bad so she can get rid of them. What a waste of tax payers money. Each machine costs around $6000 each.

The paper optical scan ballots also have probelms. Before the election, the optical scanner failed on 3 test runs. Why don't we just try to improve the machines instead of scrapping all together?