Slashdot Mirror

← Back to Stories (view on slashdot.org)

Avi Rubin Has Some Optimistic Words About E-Voting

Posted by timothy on from the let-the-las-vegans-run-the-show dept.

An anonymous reader writes "For more than a decade, Aviel "Avi" Rubin, a professor of computer science at Johns Hopkins University in the US and an e-voting activist, has been a vocal critic of e-voting systems. In this interview Rubin talks about the recent US presidential primary election cycle and his thoughts on e-voting going into the November US elections."

30 of 231 comments (clear)

  1. The problem by neokushan · · Score: 2, Interesting

    I can understand why people hate e-voting - it's susceptible to attack and/or manipulation, there's privacy concerns, etc. etc.

    But I have to wonder, is it really all that different to paper voting? If someone wants to rig an election, they'll do it no matter what system you use.

    I can't imagine it's significantly harder to rig a paper election than an electronic one.

    --
    +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
    1. Re:The problem by Nursie · · Score: 4, Insightful

      It's a lot more effort and you have a paper trail. With a machine all you have to do is rig the counter.

    2. Re:The problem by DrLang21 · · Score: 4, Insightful

      With rigging a paper election, you have to manually eliminate the paper trail, which is significantly more difficult than changing some bytes. Most people don't have a problem with electronic voting as a method. They have a problem with the absolute lack of a paper trail in so many of these systems.

      --
      I see the glass as full with a FoS of 2.
    3. Re:The problem by __aarcfd8085 · · Score: 2, Informative

      I think the main problem with the system as it stands now is that with some e-voting systems that are set up poorly you cannot tell if rigging or similar has occured. In a paper system if all else fails you can still go back and re count everything.

      An electronic system would allow, not just the finally result to be manipulated but the original data to be changed. You couldn't even tell if there had been any rigging.

      E-voting is a lot better than postal votes though, they may increase voter turn out and allow the bed bound etc to vote but, if people can't be bothered to leave the house to vote then it seems they shouldn't vote I would say having a travelling polling station is a better solution for the bed bound voters anyway.

      A good example is from here in the UK. http://news.bbc.co.uk/1/hi/england/hampshire/6681209.stm where the royal mail lost the votes.

      I would imagine that if you'r determined to rig an election you will manage it, there is no such thing as an infallible system.

    4. Re:The problem by Nursie · · Score: 4, Insightful

      "Because it's so hard to simply rig the final result of counting"

      Actually, yes, that is hard when you have observers and counters of all political colours involved. Compared to a hack or a fix in firmware of a whole set of machines that renders the fraud very hard to detect, yes, it's very hard to get the complicity of thousands of people from different parts of the political spectrum.

    5. Re:The problem by Nursie · · Score: 4, Insightful

      "Just make it available online"

      And open it up to being hacked even more readily?

      "so everyone can log in and check how/whether his/her vote is counted (after the elections)"

      So that thugs/corporate masters/Mugabe can sit people down and check they voted 'correctly'?

      "Paper trail is no easier to check. "

      Yes it is, because the trail is there. With "Push button, increment counter" machines it's a different story.

      "Do you propose to check all the votesheets manually?"

      What do you think happens in a recount when the vote is contested?

      "I think it's infeasible, you will need a computer anyway"

      How do you think we did it before the rise of computers?

    6. Re:The problem by DrgnDancer · · Score: 2, Interesting

      I don't know about you, but personally I've never once bothered to see the actual paper trail of an election and like many others simply opted to trust whatever the news told me the result was.

      It's not so much that you will check the paper trail (though you could if you wanted), it's that the other side(s) can. If the Democrat Joe Snobbypant goes into the election with a 10 point advantage in the polls, and his opponent, the honorable Bob Crabbypanys, wins by half a percent, you can bet Joe is looking for a hand count. The reverse is also true. There are a finite number of people running in any given election and most of them have the influence to both ask for and get a look at the paper trail if things seem suspicious. Not to mention the money to get a qualified accountant to do the looking.

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
    7. Re:The problem by jank1887 · · Score: 2, Funny

      at least the NSA is happy letting you think it's unbreakable... :)

    8. Re:The problem by ShieldW0lf · · Score: 2, Insightful

      Personally, I don't see why individuals should be having secret votes. Should our elected officials be making secret votes? No, so why should anyone else? People always talk about thugs and corporate masters... if a thug tries to bully you into voting the way they say, you refuse. If they try to behave violently afterward, they go to jail. No different from any other thug.

      As for corporate masters, well, if we had a good and proper voting system, a real democracy with involved citizens, maybe we could start disassembling the economic structures that give those individuals such crushing arbitrary dynastic power and shift the power towards people we actually trust.

      You know, following leadership instead of being ruled? Old fashioned, I know...

      --
      -1 Uncomfortable Truth
    9. Re:The problem by Timosch · · Score: 3, Informative

      Nothing is unbreakable. Except One Time Pad, if used correctly.

    10. Re:The problem by grumbel · · Score: 4, Insightful

      When you succeed in manipulating a ballot box, you have manipulated exactly one ballot box with a good chance of being catched in the process, if you try the same with electronic voting machines you can manipulate dozens, hundreds or even thousands at once without anybody having a chance of noticing anything.

    11. Re:The problem by 0123456789 · · Score: 3, Insightful

      Observers aren't looking at everything all at the same time.

      True. But, to rig an e-vote, you can affect multiple voting locations (changing 10 votes in a hundred precincts looks less suspicious than changing 1 precinct by a thousand votes) with a single attack. To achieve a similar affect with ballot-stuffing, you'd need to stuff ballots in multiple locations, thereby increasing the chance that an observer will spot you.

      Not to mention that ballot stuffing can be detected after the fact: "Why do we have an electoral roll of 5000 people, and 6000 votes?". For an electronic system, you can change, rather than merely add, votes.

    12. Re:The problem by Ihlosi · · Score: 2, Insightful

      Personally, I don't see why individuals should be having secret votes.

      And that's because ...

      People always talk about thugs and corporate masters... if a thug tries to bully you into voting the way they say, you refuse. If they try to behave violently afterward, they go to jail. No different from any other thug.

      ... you have a really rosy view of thugs and how many of them are caught. And once you're maimed/dead, or your property is vandalized, it really does you a lot of good that the thugs may go to jail (if caught). Or how about losing your job because you voted for a party that $BOSS didn't like ? Or people coming after you because you've voted a certain way two decades ago ?

    13. Re:The problem by smidget2k4 · · Score: 2, Insightful

      And if you have the ability to "personally" check how one's vote counted, then your boss has the ability to "personally" check how you voted. If you have a private username or something that only you know, but your boss knows you have it, it is very easy to set up a "show me how you voted or you lose your job" scenario.

      This is one of the reasons the current system was set up the way it was, where you do not leave the ballot box with anything. This was an issue in the past, and one that I would rather not welcome back.

    14. Re:The problem by jmhoule314 · · Score: 2, Insightful

      >>Stuffing the ballot box these days would require cross-party cooperation by observers and counters. Pretty unlikely, IMHO.

      When the presidential election keeps coming down to one state or one district it doesnt take many extra votes to win the whole election. Also, I dont really know how the hand counting works on paper ballots. From what I have seen on TV it looks like a group of people just counting and tallying. If you are a supporter of one side or the other I think that it would be pretty easy to pad the vote a little for your candidate. There is also all the absentee ballots from the armed services. Im sure that those could also be intercepted and tampered with quite easily. Furthermore, as the votes get tallied control of the data shifts from many districts up to just a few people.

      Lets say for example(and I'm not saying this is how it went, or that this is what I believe), that with the Florida recount and 02 Jeb Bush's strategy was to simply delay the recount long enough for Al Gore to concede. If that was his strategy then it worked and is an example of one man swaying the whole presidential election. Of course the election had to be reasonably close, which it was, as they all are.

      It is completely imperative for every citizen of the world to not trust its government or voting processes. If we just put blind trust in a system, designed by humans, which by definition is imperfect, we are inviting those who would do anything for power and money to game the system for their own advancement.

    15. Re:The problem by lenski · · Score: 4, Informative

      I have been a "presiding judge" and let me tell you that where are multiple people watching what's going on all the time.

      Which means that while manipulating paper-ballot systems is possible, it is by no means easy. Furthermore, paper ballot systems are intrinsically decentralized: To manipulate an election, one would need to manipulate the ballot boxes in multiple precincts, requiring the cooperation, or at least failure to observe suspicious activity by a much larger number of insiders.

      Compare that to the implicit centralization of counting that occurs when a given county or state purchases its voting machines from a single vendor. A far smaller number of bad actors is required to do real damage with evoting systems, and worse yet, it's essentially impossible to recognize easter-egg or other malicious code, particularly with respect to proprietary systems.

      This being slashdot, I assume you are already aware of the essential impossibility of detecting malicious easter eggs through classical black-box system testing techniques. Given that the proprietary vendors consider their code to be a State Secret (IMHO out of embarrassment over how piss-poor it tends to be given its criticality to democratic decisionmaking), black box testing is all the boards of election and their independent testers can use.

      Consider further that boards of elections and secretaries of state have very limited time, funding to and technical skill to validate hardware and software systems that the vendors really don't want pried open for a look-see.

    16. Re:The problem by ShieldW0lf · · Score: 3, Interesting

      If you want self-determination, you need courage. It doesn't come free. Personally, I'd rather die standing in front of a mob screaming bloody murder with a weapon in my hands than be ruled in this way.

      As it stands, I don't work for bosses whose politics I don't like. I quit. Always have, always will. If I don't like what a group is doing, I don't give them one iota of my strength. In the absence of a system that grants any individual real political power, sometimes the best a person can do is refuse to be of any help.

      Americans have always been such a bunch of hypocritical cowards. Joseph McCarthy didn't teach you anything, and the rest of the world is still dealing with your failure to take responsibility for your country.

      --
      -1 Uncomfortable Truth
    17. Re:The problem by ShieldW0lf · · Score: 2, Insightful

      And if you have the ability to "personally" check how one's vote counted, then your boss has the ability to "personally" check how you voted. If you have a private username or something that only you know, but your boss knows you have it, it is very easy to set up a "show me how you voted or you lose your job" scenario.

      If you work for someone like that, and you don't quit once you realize the character of the man you're empowering with your efforts, you deserve to get your ass kicked. You're just making him that much stronger and passing the buck on to someone else to deal with.

      --
      -1 Uncomfortable Truth
    18. Re:The problem by nsayer · · Score: 2, Insightful

      The sole benefit of electronic voting is that the voting machine can prevent voter error by disallowing over-votes and warning against (but obviously still allowing) under-votes, and can provide a record free of any ambiguities (no "hanging chads"). If the machine simply printed out the votes that the voter cast in plain language on a slip of paper that the voter then folded and dropped into a ballot box on the way out the door, that would be fine. The voter could verify for himself that the paper record was correct, the paper record could be OCRed during any recount process (you do NOT want to use barcodes or any such machine-readable printout stuff for ballots as the voter could not, by himself, verify what it says), and the paper record is, in fact, what is the legally binding record of the voter's intent. That the machine could also keep counts on its own would merely be a convenience for when no recount is requested or required, but the primary role of the machine in such a system would be to make sure that the voter doesn't do anything that would accidently invalidate his vote on a particular question, and that the voter's intent is unambiguously recorded.

      I mean, that's what the whole mess in Florida in 2000 was all about, no?

    19. Re:The problem by slashdotwannabe · · Score: 2

      That's called a man in the middle attack. If the transmissions were based on public key cryptography, then the root or public certs would need to be compromised for this to work; MITM attacks can be defeated by securing the two endpoints of the transaction... i.e., in your scenario, V communicates directly/securely with C.

      --
      This comment is my opinion and does not represent an official position of Donald Trump or others I do not work for
    20. Re:The problem by Opportunist · · Score: 2, Informative

      Good idea, in theory. In practice, the mitm is inside the client's PC. It's not someone outside the PC. And since encryption/decryption happens inside the PC, it's trivial to put the mitm before en- and after decryption.

      I would attack the interface between user and program and present the user an interface that he cannot distinguish from the real interface.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Optimism for a broken system? by Futurepower(R) · · Score: 2, Interesting

    Quote from the article: "You do have to make sure that proper auditing is done, otherwise you're trusting the software and the scanner. A lot of states do very poor auditing, if at all."

    He says, in the next sentence: "Yeah, I'm much more optimistic than I was a few years ago."

    That doesn't make sense. The system is broken, he says, and then he says he is "optimistic". Is optimism the right word for a system that is not working, even after all these years? Should we be optimistic when a broken system is less obviously broken?

  3. It isn't any different by MikeRT · · Score: 2, Interesting

    Unfortunately, a lot of people don't want to face up to the fact that a great many paper elections were rigged as well. Some of the bigger cities with their "political machines" are a good example of that. One of the things that doesn't help is that we have a whole faction that wants to eliminate all security from elections in the name of "not disenfranchising the poor and elderly." There are obvious flaws to the use of a driver's license as an ID, but that ID is far more useful than it is not for identifying potential voters and verifying their identities.

    The solution?

    Execute people who rig elections. Why? Rigging an election is a coup in a democratic state. It is an attempt to overthrow the lawfully established government of body politic. Maybe if people who rig e-voting machines and ensure that every dead person gets their right to vote recognized ended up before a firing squad it would be less palpable.

    Some people may think I'm joking, but I'm absolutely serious. Bribing elected officials and rigging elections should get you a one-way ticket to the gallows because of the damage that those behaviors have done to the lives, liberty and property of many private citizens.

    1. Re:It isn't any different by neokushan · · Score: 4, Insightful

      As much as I love the idea of executing anyone who attempts to rig an election (For exactly the reasons you specified), what better way would there be to get rid of the opposition than to frame them for rigging the election?
      That way, you not only discredit them for years to come, you actually permanently remove their opposition and are left with a very one-sided governmental system.

      --
      +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
  4. The problem with the voting system... by damburger · · Score: 5, Insightful

    ...is the voters.

    Modern voters have grown up in a society that is expert at manipulating peoples will. Through control of the education system, advertising and mild censorship in the name of 'decency', most of the people voting today have been molded into being good, compliant voters who will never oppose the status quo.

    Most people aren't strong enough to question their programming. Most simply slip into one pigeon hole or another and lap up the media viewpoints assigned to that pigeon hole (all framed so as to allow the basic principles of society to remain unquestioned)

    Meanwhile, the environment dies, human beings starve and sicken in ever greater numbers, and carefully nurtured greed is all that consumes western man.

    --
    If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
  5. I like this part OTFA, i think it's the way to go. by MRe_nl · · Score: 2, Interesting

    "The National Institute of Standards and Technology [NIST] identified what I think is a breakthrough property in an e-voting machine, which is the idea of making it software-independent. That means designing voting systems where a software failure does not have any possible impact on the accuracy and integrity of the election.

    If you start out with the goal of designing something to be software-independent, which is a different mind-set from designing something without that requirement, you design it very, very differently. You have redundant components.

    Let me give you an example of a system that is software-independent. You have a system where voters use a touch screen to make their selections and the touch-screen machine, when they're done, prints out a paper ballot that they look at and has all the candidate choices that they made. The voter then takes the completed, printed ballot, and they put it into a scanner. The scanner tallies the ballots up and keeps counts of all the votes. Now if the software on that system fails, they wouldn't get a printed-out ballot that they could then accept and approve.

    After the election is over, you pick a bunch of scanners randomly, and you audit them. You count the papers, and you compare the totals that the scanners ran, or you have a different independent scanner that you run the ballots through to see if you get the same answers.

    In any stage of the process, a flaw in the software will either be caught and corrected, or it will prevent you from proceeding, in which case you can get the ballots pulled up some other way."

    --
    "Kill 'em all and let Root sort 'em out"
  6. The basic premise by A+beautiful+mind · · Score: 5, Insightful
    From TFA:

    Can technology companies build systems today that are safe, reliable and secure with the votes cast on them?

    Definitely. I've seen designs of voting systems that I'd be happy with. I don't think anything is totally secure. Ultimately, I think the goal is to do the best we can and not be perfect. When you're talking about 100 million votes, all cast pretty much on the same day across the country, there's no dress rehearsal.

    I don't understand why is that even educated people miss the point. The whole fucking point of an election is that it has to be transparent and auditable. By transparent and auditable we don't mean to an electrical engineer and a computer scientist, but to a sane adult citizen!

    How would you go on about auditing a voting machine, even if the design is open? You'd have to either trust a government or civilian organization to do the auditing or do the auditing yourself, requiring months if not years to verify the design and then verify that the machine you got in the voting district behaves like it is designed to behave! This raises the verifiability bar many orders of magnitude above simple pen and paper.

    Remember, during an election, citizens and groups of society are in _conflict_. You can't trust* the government, you can't trust individual groups. What makes or breaks democracy is whether you, as a citizen, can verify independently at least the transparency of your local voting station, because if you can, you can be reasonably certain that other people will do the same in their respective areas and that the general elections are not rigged!

    * Remember, democracy has to start somewhere. If you trust the government to conduct the voting process, then you're placing the means of controlling the government's composition in the hand of itself. The risk and temptation is just too high to do that. One thing that should not be government responsibility, but more of a civic duty is voting. In the absense of that, the bare minimum is to let the government conduct the elections, but at least verify it! When the government both runs the elections and through government is the only way to verify the transparency of an election, then that's not democratic anymore.

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
    1. Re:The basic premise by drinkypoo · · Score: 2, Interesting

      How would you go on about auditing a voting machine, even if the design is open?

      Uh, who gives a shit if you're not allowed to perform the audit anyway? A completely legitimate recount of paper ballots was halted by the supremes in a clear display of partisanship. We can't even recount paper ballots in this country, what difference does it make if you have a paper trail with your electronic voting or not? They're never going to actually verify your vote, and if they did, they wouldn't care what the result was.

      I would feel more optimistic if I thought the ballots actually meant something.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  7. One e-voting system for you by realnowhereman · · Score: 3, Interesting

    I really don't get why it's seen as so hard. Here, I'll make one up for you right now; this process would run for every voter. Each vote is not linked to the individual, so the vote remains secret, but is simple to trace:

      - "Please enter a 6 digit random number" = X
      - "Please enter your vote" = V
      - INSERT INTO Votes SHA1HASH( X || Now() ), V
      - "Here is a printout summarising your vote. The long number
          may be used at a later date to confirm that your vote was
          correctly recorded"

    Now - how hard was that? Then you supply a website were the voter enters the long number and it shows me my vote. If what shows on the website is not equal to what I thought I voted for any significant number of people, then vote rigging has occurred.

    There are a whole load of variations, but the principle would be the same in all. The voter can confirm that their vote was correctly recorded independently. The vote is stored using a secret number that is supplied/known only to the voter.

    --
    Carpe Daemon
  8. Violence never solves anything by qbzzt · · Score: 2, Interesting

    I guess you missed the part in school about how violence begets violence and it never solves anything, only creates new problems.

    I was sick that day. But here are some things I learned after I got better:

    1. How the Romans dealt with Carthage, and after the Third Punic War were never bothered by the Carthaginians again.

    2. The 30 years war and how Catholics and Protestants stopped killing each other over religion afterwards.

    3. How Cromwell and the threat of a repeat performance caused the Glorious Revolution and turned England into a constitutional monarchy.

    4. The reasons the US became independent prior to the decolonization that started in the late 19th century.

    5. The reason that slavery got abolished.

    Violence is not the ideal solution. But sometimes it's the only solution - and historically it did solve some problems.

    --
    -- Support a free market in the field of government