Slashdot Mirror
Finnish Court Dismisses E-Voting Result
wizzor writes in with a follow-up on the Finnish municipal election in which 2% of the votes were lost by a defective e-voting system, and which the Helsinki Administrative Court had found acceptable. Now the Supreme Administrative Court of Finland has rejected the election results (original in Finnish; bad Google translation here) and ordered the election to be re-run. The submitter adds, "Apparently 98% of the votes isn't enough to determine how the remaining 2% voted, after all."
If 2% of the votes were lost, how many were incorrect or not registered properly? If the system can lose votes, it can very easily put them for the wrong person as well...
E-voting has had more lives than a cat. It should be over, done, kaput. An experiment that failed.
If the margin of victory was greater then 2 percent,
It was not, as best as I can tell from the translation:
Kauniainen municipality electronically of the votes lost to two percent, and for missing votes in the number would have been enough change in the outcome of the elections.
In theory, because of the voting system used, 2% of the votes could have dramatic consequences. Of course, we'll never know because the votes are anonymous and the recipients secret, but if you think that quite a lot of candidates got in with just a few dozen of votes, you can clearly see how 2% could have determined a lot.
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
The problem with the electronic voting vs. banking comparison is that bank account have your personal information all over them. Votes, however, do not. If you gave up secret voting, you could likely make a 'secure enough' voting system, since anyone could check their own vote in the system.
Have you been touched by his noodly appendage?
I bet Diebold, or Premier, or whatever it is that pack of cheats and liars are calling themselves these days, won't be trying to place their voting machines in Finland any time soon. I doubt they could attain 98% accuracy even with only one candidate on the ballot.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
If the margin of victory was greater then 2 percent, then it should be non-issue as far as who is in office. But it should be fixed for the next election.
There were several issues here. First, according to some sources, a few elections were close enough that 2% may have made a difference. Second, the machines put in place did not have adequate safeguards against fraud or adequate ability to do accurate recounts. The former is enough to have to do one or two elections over, but the latter was such that the people running the elections were declared to have been potentially acting in bad faith and the equivalent of a constitutional right to equal voting was violated, requiring the process to be redone. It's sort of like throwing out a criminal case and all evidence involved when there is wrongdoing on the part of police, since you can no longer trust the other evidence in the case and as a way to discourage others from trying to profit by such actions in future.
Just to clarify on this, most still voted with the traditional pen & paper methods. I guess E-voting was tested in some places. The finnish E-voting system was programmed by TietoEnator, which has had some questionable results in the past too in delivering working software. Still they get a lot of the government related jobs .. gee, wonder why ?
GeoKone.NET
Here's an article in non-google-translated English. Also contains some other links in English.
Electronic Frontier Finland (Effi) has an English article on this matter as well.
Actually the machines were supplied by local company called Tieto.
More about the case in English
Yle News
Helsingin Sanomat
Newsroom Finland
In municipal elections of Finland, each municipality chooses it's leaders. The amount of depends on the size of the municipality but in mine (Vantaa), there are 67 representatives for less than 200 000 people and not nearly everyone votes (it's closer to 100 000 people voting).
Add to that that we use different system than the USA. The person who gets most votes within any given party gets all the votes given for that party. The person who would have gotten second most votes gets half of the votes given to the whole party, the next person gets one third... And each politicians votes counted like that they are put against each other and the people with most votes at that point get the seats.
And we don't vote between two parties but a lot of them. In my municipality, there are representatives of 7 parties (and one chosen from outside party lists).
So a few votes can often completely change what parties get to be in power AND which representatives get in.
2% creates doubt and mistrust in the election results and that is unacceptable. What if the votes were lost in a non-random fashion? What if the same e-voting system gets reused later in a case where 2% could mean the difference between a seat going to one candidate or another? What if the root cause of the loss caused other problems as well? What does it say about the quality control and security of the system? People should be able to trust the outcome of an election.
"300 years"? Really. What, then, did the ballot act of 1872 do?
And then there is the matter of numbered ballots...
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
The story isn't that well written. The system allowed the user to remove his ID card before the vote was registered. The lack of a paper trail is a large problem, and the lack of openness in the design doesn't help to gain the users' trust. Further, the system was designed by Tieto Oy (formerly TietoEnator), also responsible for the new systems at Sampo Bank (with numerous login problems, XSS exploits and such). Vestigia terrent.
I guess the problem was that these people also "knew", and thus didn't see the need to actually test the interface on a sufficient number of people - There's a 95% change that at least 1 out of 150 random testers would fall victim to a 2% failure rate. If you allowed the testers to leave feedback, the mistakes could probably have been discovered a lot faster. I'm basing this on #27545121, which claims this was a user interface issue.
They could have put the machine up in a mall, and let people use it to leave customer feedback or something, with a chance to win a small prize.
It sure seems like an easy problem, doesn't it.
As a programming problem, it seems like an easy problem because it is. Thing is - it's not a programming problem. It's a security problem. As a security problem, the programmer is the most significant potential attacker. Does it still seem easy?
-- The act of censorship is always worse than whatever is being censored. Always.
Please check YOUR facts first. There were several problems:
- bad user interface design
- machines freezing up at the critical moment
- machines crashing when presented with the voting card
- instruction leaflet asking the voter to press "OK" once when twice was needed
- secret, closed source design
- no paper verification
- no public review possible of the algorithms etc
Of course, the publicity around this case centers on the first issue, because its the easiest to understand. But there were other problems, too, just read the witness statements from the actual appeals.
Its actually surprisingly hard, if you start to think about it. If you compare to the paper ballot system, there are checks and balances. The different party officials and citizens can oversee the counting (in fact, they volunteer to do it). One corrupt counter does not break the system, however, because the others will catch him. And its very hard to cause a country-wide discrepancy.
If you compare an e-voting system to, say, a banking application, there's one big difference: in the banking application you WANT a secure trail of events, stored for perpetuity. In voting you want anonymous results while at the same time secure results. Its very hard to do this, as almost every design makes you trust someone in some way.
Then if you add the issue of voters not being able to verify the system for various commercial reasons... my take on this is that an e-voting system does not make sense for simple and efficient elections like the ones we have in Finland. Counting is fast, there are no reliability problems (in fact, there is a 10x higher reliability in paper ballots). Its cheap, because its mostly run by volunteers who have an incentive to participate.
Finnish e-voting results annulled, municipalities to hold new elections by Electronic Frontier Finland ry (Effi), the best summary in English, IMO;
Helsingin Sanomat;
Helsinki Times;
The Brad Blog;
NewsRoom Finland;
YLE; and
Turre (the lawyers that won the case).
The voting system was provided by Tieto and Scytl. In their News Page, Scytl declares: "Scytl's Pnyx.core successfully used in local elections in Finland" Shouldn't they update this...? It is even possible that the 2% of the votes lost was due to the Pnyx.core, instead of usability issues with the voting terminals, as has been commonly assumed - who knows.
It is of course a completely correct decision from the supreme court to re-run the elections, and we are very happy about it.
But it has been interesting to follow the developments and the various attempts to avoid this outcome.
Before the elections, the minister of justice, Tuija Brax claimed any possible problems were "science fiction". After the elections and when the problems were announced, she has not been a support of new elections, just stating that the courts need to decide. However, she was quick to launch an internal investigation and fire the Director of Elections. Not sure the director was really the true guilty person here, but at least a scapegoat had been found...
The city voting boards very resisting new elections for the last second. They came up with interesting claims to prevent this from happening. One claim that we've heard often -- even after the decision -- is that the new elections do not matter, because the party situations would not change. Well, they were missing the minor issue that in Finland the election system is based on voting on persons, not parties. Some of us do care about who we vote there. A more sinister claim was that the voters had conspired to misuse the voting system on purpose, to show that it was unreliable (!). Now, talk about science fiction, maybe these guys could be of some use in the JFK murder investigation? Not to mention the fact that a correctly implemented voting system should not be vulnerable to such misuse.
The three cities involved are now extremely unhappy with the ministry, as the law requires them to pay for the new elections. The ministry has promised an extra budget to help out... though in my mind, the architects and vendors of the system should get to pay.
Its also been extremely difficult to get any information from the government on the details of the system. The local EFF wanted to take a look before the elections, but was refused (or impossible NDAs were requested). I made an official request to get the cost information of the entire project, and the government claimed that they have no such information. One number that has been circulated in the press was 700 000 euros, but that seems low, given that a large number of design and specification work went in, even at the ministry level not to mention the vendors.
All in all, a happy outcome:
- director of elections fired :-)
- minister is now pro-open source and paper trail
- general knowledge of possible problems in e-voting was increased in the country
- elections are re-run
However, everyone is quite focused on the specific bugs we experienced, thinking that individual bugs can easily be fixed. I'm more worried about the process and the way that these things are done. I don't see a way to avoid bugs next time either, for instance. Lack of verifiability, openness, government not listening to citizens or outside experts, blind acceptance of vendor sales pitches, lack of sensible motivation for the entire effort are the worrisome aspects.
And besides that is not even the point in my opinion. I was candidate in our municipality (but not in those in question) and I couldn't care less if one or two votes were missing. The issue I think is that we can now point our fingers and say "There, there is the problem. Now fix it!" and because this was forced on us by our goverment it is the goverment's job to fix the problem. So it is no matter if 1, 2, 3 or 50 percent of votes were lost. Just fix the damn problem and be done with it!
Of course fixing the problem means re-election to those municipalities. This way we get back to the democratic way of voting which how law writers meant it to happen when they wrote our Vaalilaki (law about elections) minus those stupid e-voting changes that were made in 2006 by our former parliament (and promoted by Tuija Brax).
You don't know what you don't know.