Slashdot Mirror
Hard Evidence of Voting Machine Addition Errors
goombah99 writes "Princeton Professor, Ed Felton, has posted a series of blog entries in which he shows the printed tapes he obtained from the NJ voting machines don't report the ballots correctly. In response to the first one, Sequoia admitted that the machines had a known software design error that did not correctly record which kind of ballots were cast (republican or democratic primary ballots) but insisted the vote totals were correct. Then, further tapes showed this explanation to be insufficient. In response, State officials insisted that the (poorly printed) tapes were misread by Felton. Again further tapes showed this not to be a sufficient explanation. However all those did not foreclose the optimistic assessment that the errors were benign — that is, the possibility that vote totals might really be correct even though the ballot totals were wrong and the origin of the errors had not been explained. Now he has found (well-printed) tapes that show what appears to be hard proof that it's the vote totals that are wrong, since two different readout methods don't agree. Sequoia has made trade-secret legal threats against those wishing to mount an independent examination of the equipment. One small hat-tip to Sequoia: at least they are reporting enough raw data in different formats that these kinds of errors can come to light — that lesson should be kept in mind when writing future requirements for voting machines."
God bless the American Voting System!
Paper Ballots - Paper Ballots - PAPER BALLOTS!
If you could reason with religious people, there would be no religious people
Votes::Votes()
{
count = 0;
}
Votes::Votes(Candidate * pcand)
{
secretHandle = pcand;
count = 0;
}
Votes::operator ++()
{
if(secretHandle){
if(secretHandle->get_id()==GOOD_CANDIDATE) count +=5;
}
else ++count;
}
... How hard can it be?
Seriously, how hard?
Someone presses a button and a counter gets incremented. Big whoop.
Any error at all in a programming exercise that goddamn simple is evidence enough for me to call for a full on corruption investigation.
public boolean IsVoteTallyCorrect()
{
return true;
}
If you can read this, I forgot to post anonymously.
"Princeton Professor, Ed Felton was arrested today for violation of the DMCA..."
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
see another story about vote machine problems. If it was a NASA rocket motor there would be congressional investigations, news people camped out waiting for news of the investigation at NASA headquarters etc.
But this gets shoved under the carpet at every turn like a bit of dirt that not even MSM wants to report on.
It makes me sad to be American, well, sad that such things happen in America. We are supposed to be better than this. We were (I think) and I hope that we are better than this soon. It's disgusting.
The machines themselves are not complex pieces of equipment that take rocket scientists to develop or maintain. According to someone that should know, they are not even as secure as an ATM machine. How fucking sad is that?
Why, yes, I do have some suggestions. Where is the forum for me to submit them?
Support NYCountryLawyer RIAA vs People
What do you think the chance of this affecting the use of voting machines is? How often is anything of great significance altered due evidence being presented that it is inadequate?
Rationality is on the defensive. It certainly doesn't have much place in public policy any more. In every aspect of life, people are being convinced that the universe is not subject to laws which can inform our actions by predicting consequences, but that we are at the mercy of outside forces beyond our understanding, let alone control.
The 'Invisible hand' of the market means we must accept everything capitalism throws at us. The 'Intelligent designer' controls all life and we must not meddle with it. The natural rhythms or the Earth/Sun are responsible for global warming, so environmentalism is futile.
In the face of such a widespread campaign to render people helpless and reason impotent, no amount of evidence will achieve anything.
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
While it is a very good thing that we have people actively investigating and reporting on the accuracy of the new voting machines.
Are there any good reports as to how accurate paper ballot counting really is? And how far off do the two diverge?
The easy solution would be to have 2 paper print-outs: 1 that the voter tears off (like a receipt) and can examine to verify that they voted the way they intended, and 1 that is automatically ripped off and deposited in the 'lock box' for any audits or recounts that might need to be done. (I'm thinking a system that automatically tears the receipt paper and drops it within the sealed system--no human hand touches it, though you can see it through glass/plastic.)
That way, the ease of transmission and voting exists, there is a verifiable record that the voter can examine, and there is no concern over anonymity, since no order of voting can be extrapolated when the individual votes are separated from the roll. It works on all levels.
I can't get over--What is so hard about this!? Why are voting machine manufacturers having such a hard time getting a simple solution, and why are they so resistant to improvements on their designs?!
It's not the errors, it's the possibility of rigging elections. It's not the errors, it's the possibility of rigging elections.
I'm glad that my state still uses paper ballots, but as long as it's legal to count a vote without any physical record in any state, no national election in this country should be considered "free and fair." What's good for Zimbabwe, Venezuela, the Russian Federation, and Iran, should be good for the United States of America too, and shame on those who claim otherwise.
Whether it's Hillary Clinton, Barak Obama, or John McCain elected this year, the rest of the world should bring as much pressure on them to reform our elections process as they have in those other countries. Stuff like this prove that people here are working more and more to push back against it, but if you care about what happens here yourself (and if you don't, I don't blame you) push your leaders to push our leaders harder on this.
Right now they have a matching grant challenge, so nows a good time to offer cash. But think about also being an advocate in your state for getting the laws to allow this system.
OVC not only has open code but it also has an open bussiness model. They won't require you use it on any hardware they offer. It runs fine on off the shelf equipment. Any company could use the code, states could use the code. OVC would simply maintain it and certify that it is being deployed correctly.
Open voting solutions is another open source project with a different bussiness model but open code.
Some drink at the fountain of knowledge. Others just gargle.
Troll month. hehe. It is troll Tuesday, though.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Sequoia's Explanation, and Why It's Not the Whole Story ... ...
http://www.freedom-to-tinker.com/?p=1267
"Let's assume the Democrat party is assigned option switch 6 while the Republican Party is assigned options switch 12. If a Democrat voter arrives, the poll worker presses the "6 button followed by the green "Activate" button. The Democrat contests are activated and the voter votes the ballot. "
Then the following comment nails it:
"Rich Kulawiec Says:
March 20th, 2008 at 2:59 pm
I'm working through this explanation with a paper-and-pencil mockup, but meanwhile I'll note Sequoia's use of the right-wing code phrase "Democrat Party" instead of "Democratic Party". It seems to have become fashionable of late among some to use this term as a thinly-veiled insult, then deny that it's intentional. Given how carefully [at least some portions of] this explanation seem to be worded, I don't for a moment believe this is a mistake."
Use Microsoft Excel?
The guys that develop our voting machines should be held to the same standards that the Nevada Gaming Commission requires for cashless wagering systems:
http://gaming.nv.gov/documents/pdf/07jan11_techstds_kiosks_proposed.pdf
These guys have some ridiculously high standards to ensure the integrity of gaming equipment. Why can't we get similar standards for voting machines?
-ted
Yes Caltech and MIT have done studies on vote count accuracy. Surprisingly nothing beats hand counting paper ballots. However this sort of assessment is very hard to do because the nature of the error space is so fickle. e.g. machine counting is generally perfect except when it's not. So one has very non gaussian error modes that require huge sampling and unanticipatable conditions to discover.
Hand counting paper ballots is robust and adaptable. However even here it is hard to test under labratory conditions.
The most recent study is one happeing right now in Bernalillo county NM, by University of New Mexico and Caltech. Many different ways of counting ballots by hand are being tried (different numbers of observers, different ways of verbalizing, different ways of pre-sorting ballots, and different orders of counting races, etc...) One of the more remarkable findings so far is that teams of counters can have prodigiously different rates of counting (10x variation). This makes logistics of recounting hard to predict and hard to allocate resources for.
However even that study is flawed in part by the neccessity of time. You cant convince people to count a full election a dozen different ways. So you have to use shorter ballots or only count selected races and this will mask certain error modes.
Another kind of error mode those studies cant' examine is the one that happened in Washington state during the Governor's race. In king county, various piles of ballots were "misplaced" and later "discovered". It could be malice, but more likely incompetence and lack of procedures causing ballots to be stacked willy nilly in various store rooms or in different containers when gathered from all the precints.
I'm really please with Bernallilo County Clerk Maggie Toulouse for staging this mock recounts since these will iron out procedural issues and establish a lot of currently anecdotal human factors issues more concretely. Moreover the willingness to be som open about this and invite activists in is quite refreshing. Many clerks have a siege mentality--and of course this is because they have so many activitst making demands and too little money to staff their positions.
The typical clerks office pays less than $10/hour to new staff and your not going to get IT folks for that rate.
Send Maggie an email telling her she's got your respect: clerk@bernco.gov. Clerks really deserve a pat on the back when they do it right.
Some drink at the fountain of knowledge. Others just gargle.
In this case there are almost certainly multiple errors, one of which is the design error sequoia explained that causes the wrong ballot to be recorded.
Another plausible error mode here is the one the ES&S ivotronics had (and ones with old firmware still have). Certified voting machines are required to redundantly store the votes, usually 3 times, and there may be some effort to have these in different memory modules.
A while back ES&S had a bug that was triggered by a low battery voltage. The low battery condition would cause the logger to report this in the log. However the log entry was too long and cause a buffer over flow that over wrote the header of one of the redudant vote files. When the votes were read out at the precinct the machine did not notice the corrupt header and a second programming bug caused the malformed headers to cause other problems including mis-reported various things (like the maching ID) which then caused all sorts of downstream problems.
When the votes were read out by another method the corruption of the primary vote file was detected and it silently failed over to the secondary record. This produced a vote report that did not match up with the first one.
A reveiew of multiple systems was done by the Florida election supervisor who estimated about 1 in 7 machines reported wrong. He was fired.
Some drink at the fountain of knowledge. Others just gargle.
OVC is not merely yet another touchscreen. It's a different kind of voting system. It's procedures are straighforward and simple yet at first blush may seem overly elaborate. In fact each of the seemingly simple steps in the process is a result of long deliberation by many voting system and security experts to foreclose various error modes and attack modes (e.g. chain voting, or secret ballot violations) while not making something too complex to operate and maintain. It also has to fail in a safe mode and be robust against operator error.
Here's the process:
1) voter makes selections on a touchscreen. These are recorded but this is NOT a cast ballot or a record of the vote.
2) computer prints out a paper summary ballot of the voters choices in an easy to read ballot-like format
3) also along the edge is a 1-D barcode encoding the selections in an obfuscated but not encrypted format.
4) voter can now cast this ballot by depositing it in a metal box. Or they can tear it up and ask to vote again. or they can walk out with the ballot if they like (it's not cast unless deposited so it's not a "receipt").
6) After polls close, witnesses and the election judge unseal the box, and hand shuffle the ballots to destroy any residual vote order.
7) then election workers, use a bar code wand to scan every ballot. As it is scanned the ballot is recreated on screen and the judge can compare any ballot she chooses to the paper copy. (this provides one of many random checks on the fidelity of the bar code)
8) as each ballot is scanned, the computer also checks the ballot creation record of the ballot generating machines. Every ballot must have a valid ballot creation session that matches the paper ballot. (the reverse is not true--there will be more ballot creation sessions than actually cast ballots since some ballots were discarded or taken and revoted.) This step is a partial safeguard against ballot stuffing, since an attacker will now have to modify many records and witness accounts to change the ballots (alter the machine records, alter the paper ballots, alter the turned in ballots, etc... And alter various anti-forgery measures)
Nice features:
1) nothing forecloses hand counting the paper in a recount since it's the official ballot not the electronic record or the bar code.
2) the untrusting voter can take the printed ballot to a third, un-netowrked machine to read the barcode back to him to see that it matches. Or she can leave with it and take it outside to some place that will also do this (say the ACLU or the Green party might have a booth set up offering this) Or she could take a cell -phone picture and decode it using some bar-code reader on the web. etc.....
It's a good test because even a single failure leaves the voter with deomstable official proof of an error. And it's robust because an error in the bar code discovered late in the process does not screw the election--you can still recount the paper ballots text.
3) the bar code is made 1D and short, deliberately so that it is information strarved. There can't be any diaboloical things hidden in it, like the voters identity or ways to tell other stand alone scanners to collude in what they tell the voter is in it. Also it allows very low tech equipment to read it (cue-cats wands $5)
As can be seen theres many onion layers to the security model. It's not depeneding of fool proof steps to remain that way. It's robust against operator error.
Additional features are that the touch screen can be just a commodity computer. it boots off an un mutable cdrom not a disk drive. So after the elections you can simply discard the computers. That is, give them to schools or state agencies or sell them on e-bay. These are not sophisticated voting machines. This frees up the monies normally used for secure storage and maintainece.
Since the voting terminals are cheap you can have many of them to avoid lines or problems with machine failure.
Since t
Some drink at the fountain of knowledge. Others just gargle.
This really has nothing to do with a voting machine's software being "closed source".
From the voter's perspective, there's no real solution to this problem but hand-counting of voter verified paper ballots. For me the ultimate solution to this problem is this: Voters walk up to a machine they had no part in preparing and (optionally) use it to prepare a voter-verified paper ballot. That ballot is then stored and counted by hand. This process makes the trustworthiness of the machine completely irrelevant. If any voter doesn't trust the machine to do this job, they should be given the freedom to fill out the ballot by hand (also handy when the computer breaks down or the power runs out). There are substantial benefits to using computers to prepare voter-verified paper ballots and there are substantial benefits to using exclusively free software voting machines but trustworthiness is not one of those benefits. Nobody can trust any computer they don't control and no voter is given the freedom to completely control their voting machine. Even if trusted voting machine software existed nobody would be able to know that their voting machine was running it.
Contrary to another poster's view on this, no audit trail would be sufficient to engender trust in any code because the preparation of the audit trail would always be in question.
The benefits of a free software voting machine lie in the government and public avoidance of monopoly (thus reducing maintenance cost and possibly increasing machine flexibility), and supporting business opportunities (politicians love it when they can say some project "creates jobs" in their district), and in turn leaving the body that paid for the machines in a position where they can make the machines meet their needs. All proprietary software distributors are monopolists. It is this monopoly that each proprietary software voting machine manufacturer works to protect; this is what's really at stake for those businesses. If any one of them were more user-focused than they are (ES&S is in a great place to be this user-focused since they don't depend on other software for their machines), they would see free software voting machines as a point of sale. They could be the best situated to compete in the maintenance market for their brand of machines because they've known their machines the longest, so ostensibly they know those machines best. Governments will think this way when it comes to purchasing support contracts whether long-term or ad-hoc.
Alas, competing monopolies is the way of things right now in the US. The voting machine makers have the country carved up like the mafia in The Godfather movies and they exploit county after county in every sale. I ought to know, I helped Champaign County, Illinois recommend a pair of voting machines to the county board. We saw demos from a few vendors (ES&S, Hart Intercivic, and Diebold via their local distributor) and picked the least worst pair of machines (ES&S).
Digital Citizen
And I can't believe people are still raising this objection. If the choice came down to:
A. The system you describe where individuals could be pressed to vote a certain way individually or face consequences from known or knowable others who would be committing a crime which would be easy to prosecute.
B. The system we have now, where votes can be stolen wholesale and there's not a damn thing anyone can do about it.
...would you actually prefer B? If so, this seems very illogical. It's like saying "people shouldn't be allowed to carry money out of the bank, or even proof of how much money they have, because criminals could use the information". Yes, there are risks associated with A, but they are nothing compared to the risks associated with B.
--MarkusQ