Slashdot Mirror
Software Bug Adds 5K Votes To Election
eldavojohn writes "You may be able to argue that a five-thousand-vote error is a small price to pay for a national election, but these errors are certainly inadmissible on a much smaller scale. According to the Rapid City Journal, a software glitch added 4,875 phantom ballots in a South Dakota election for a seat on the city council. It's not a hardware security problem this time; it's a software glitch. Although not unheard of in electronic voting, this bug was about to cause a runoff vote since the incumbent did not hold a high enough percentage of the vote. That is no longer the case after the numbers were corrected. Wired notes it's probably a complex bug as it is not just multiplying the vote count by two. Here's to hoping that AutoMark follows suit and releases the source code for others to scrutinize."
The software has achieved sentience and is trying to elect its robot overlords! Before anyone else... I for one welcome our democratically elected robot overlords.
Why is a voting system doing any kind of math at all? I voted yesterday in Belgium on a computer that puts my vote onto a card, which is then tallied separately. This same system has been working since at least 1995 with zero reports of fraud or failure (except normal "computer is broken" style failures).
How can a computer "add phantom ballots"? Software does not just "glitch", it breaks in ways that depend entirely on how it was built.
My blog
I mean really, I'm pretty sure I could write a program with a couple of buttons and a counter for each.
What's going on here?
It still amazes me how "hard" it is to write a simple program. First have something to scan the ID, check that its unique then move to the voting. Have a few radio buttons that you click, then hit submit, each radio button corresponds to a candidate or a choice, they are added up and give you the results. How the crap do you screw that up?
Taxation is legalized theft, no more, no less.
... could it possibly be so hard to write voting software? It just... I... but...
It's gotta be deliberate. Right?
...but I can't understand how a glorified logger can be this far off. With hand-shaking and all the rest of it, it just staggers me that something this simple is so hard. If our systems or audit logging were off by more than 5k, our nuts would be in a sling, and our projects sure as heck aren't as big as these puppies.
We keep hearing about these mishaps. But really, how difficult can it be to build a functional counter? The current electronic voting systems are about as reliable as the average poll on a random website.
Custom electronics and digital signage for your business: www.evcircuits.com
A software error resulting in +/- 5000 votes cast is unacceptable on any level, even if it gets drowned out on the national level in the US.
There is absolutely no reason or excuse for software to miscount votes. It isn't rocket science.
I know I'm preaching to the choir here, but this shit just pisses me off. It's a matter of national and local integrity that our voting systems are transparent. Please support blackboxvoting.org if you don't have the time to get involved in a deeper fashion (calling/writing your legislators, etc).
Note: I'm not affiliated with blackboxvoting.org. I just appreciate their work.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
It's not a bug, it's a feature.
Wired thinks it's "probably a complex bug"? I think probably not, it's probably something blindingly simple, and stupid.
They were right - the revolution did not get televised. It was posted on YouTube instead. All in 120 characters. SLOOSH!
that adding involves multiplying by numbers greater than 1.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
The probability of a software glitch not crashing the system, but causing a problem that changed the outcome of the election while still spouting out believable numbers is close to zero. You don't need software experts on this one, what you need is a criminal investigation.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
I'm pretty sure, somewhere in that code, was a server thread handle which states "if {vote=="thisGuy"){thisGuy++;}else{otherGuy++;}" - because validating your requests might require extra code.
"Sorrow is better than laughter, for by sadness of face the heart is made glad." [Ecclesiastes 7:3]
TFA only tells me the numbers and the guy's plans, nothing about the actual bug. What was it? It seems awfully hard to screw up adding two numbers together to get a third number, which is basically what that software was doing. Has it occurred to anyone that it might have been tampering? It seems to me that, with the fairly large (tens of thousands) number of votes, adding or removing just enough to make it a runoff would be the perfect vote tampering scheme - too little to draw much attention, but enough to actually make a difference.
Yet Another Tech Blog
(but so much more, including game and movie reviews)
http://yanteb.peasantoid.org
How difficulty is it to get a computer to count up in increments of one?
++count;
vote = GetVote( );
/s
if( vote = my_candidate )
{
my_candidate_votes = my_candidate_votes + 2;
} else {
other_candidate_votes = other_candidate_votes + 1;
}
In the source code as complex as this, you will probably need a PhD in computer science...
There have been reported errors in Belgian computerized votes. (2003, Schaerbeek, for instance)
Belgian Anonymous Coward, who should find some time to register on slashdot
Incrementing a counter is not fucking rocket science.
Even doing it in a thread safe way is trivially easy these days (provided the developer has a basic level of competence at his job).
Someone forgot to clear the chad bit!
"The only legitimate use of a computer is to play games." - Eugene Jarvis
I hear lots of people talking about how an open source voting solution would exceed the quality of commercially available solutions in use today. Also, I hear that such a solution would also be easy to implement.
Could someone please send me a link to the SVN where I can find this alleged OSS voting software?
-- I was raised on the command line, bitch
yet we continue to use them, both here and abroad. Curious.
Was there a double B, double G, double L?
In related news its apparently very easy to convince the media that programming voting machines is hard. I seriously doubt this was an accident. Independent testing should have flushed this bug out very early.
10: PRINT "Everything old is new again."
20: GOTO 10
I find it interesting that companies that make ATMs for systems that track things down to the penny are unable to track much smaller numbers with errors of plus or minus THOUSANDS.
Maybe we should just start voting at ATMs?
Oh wait, that's what the lobbyists do already.
This case quite clearly highlights all the advantages of an paper trail.
Dispite a the software part of the IT system, we're capable of finding the true result of the election because we've still got the paper votes.
Result: the voting system works.
Compare and contract this to an system which didn't have paper ballots. It would be almost impossible to even see if there was a problem, let alone be able recover from it. You could possibly see that the numbers were wrong if they'd taken an register of who'd voted, or if they'd counted the number of voters manually. However there'd have been no fallback. No way to recover the votes.
So yeah, this case is an fantastic advert for electronic voting systems which have an paper trail.
Why is hoping the right response? I want source code period. Imagine a person coming into town and saying tell me your vote and Ill make sure it gets passed on. If the code is hidden there is no difference. You have no idea what the stranger will do with your vote, forget it, throw it out, change it to Paultard. Or maybe the code is remembering who voted for who. Or maybe... We have no idea, because we cant see the code!!! How does a nation that sent boys into bullets to protect Democracy let it be taken away so easily. We have seen massive voter suppression tactics by the Republicans, they and their media ilk have opined in various locations that voters are stupid and always vote wrong, they have a vested interest in stopping voting. Hello. Yes yes I know Democrats do it too, hehee, thats why you should support efforts to weed out nefarious Democrat tricks,. (Why are the graves in New Orleans always above ground? Its not the water table its easier for the dead to vote) Yeah "hope we get democracy again real soon."
yeah, cause the difference in saying something like "x+y/2" or "(x+y)/2" is obvious fraud
If that bug survived product testing, stupidity is no longer an adequate explanation. We are forced to suspect malice.
No one yet has provided me a compelling argument for why we need to use electronic voting.
It seems to be simply a combination of techno-fetish with an illogical push toward "the new thing" which someone has sold as "better".
Yes, it is hard to conduct an election. Making machines do the counting would reduce the human effort, but the cost way is too high. While I was open to the concept initially, the graft and fraud uncovered leaves me with no confidence any longer that the machines in an election booth will enable a fair election, and thus, a just political system.
Let's hope the real reason this was found was that the voting machine's captured biometrics did not match anyone in the FBI's databases. The fingerprints, face and iris scans came up blank.
The next thing to remember is to put next things next.
I posted a question yesterday about what was wrong with a simple program. No-one seemed to know so here's my attempt at writing that simple program. Feel free to tear my ideas to pieces. Hint: I am not a programmer.
MAIN:
print("Please enter your Voter ID")
scan, store as voterID
if (voterID == any value in array of legal voters)
then run the vote program
else {
print("Error")
go back to main }
VOTE:
print("Enter your choice of candidate")
scan, store as candidate
if (candidate == A) {
then record vote for candidate A
remove voterID from array of legal voters
exit }
elif (candidate == B) {
then record vote for candidate B++
remove voterID from array of legal voters
exit }
else {
print("Error")
go back to vote }
Copy/pasting the same answer over and over...
Makes me feel senile running into those. "I could have sworn I just read that comment a minute ago... Did I really?"
Mit der Dummheit kämpfen Götter selbst vergebens
you forgot the first two lines:
const int GEORGE_BUSH=1;
const int AL_GORE=GEORGE_BUSH;
There is a very simple, comparatively low-tech fix for broken elections that involve paper ballots.
As we do in Humboldt County, CA, run all ballots through an off-the-shelf scanner and run an independent count with independent, open source software. Ballot Browser (open source, Python, GPL from me) is available for tweaking and the basics are explained in April's Python Magazine. Or, it's really not that difficult to write your own bubble-reading software.
Maybe they should replace the core of their system Open Office.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
Ok, being serious here. I'm an eng for a software development company. Security is a very aspect of our software; we store patient records for DoD hospitals.
I'm honestly scratching my head here, completely confused as to how anyone...anyone...could take a concept as overwhelmingly farking simple as COUNTING and screw it up. Seriously. I'm pretty sure I could have a reliable, bug-free (oh yes, I made that claim), fully auditable system created in a few days. I really, really don't understand why the hell this whole concept is getting so incredibly overblown. At this point, I almost have to be sceptical that when "bugs" are reported in the machines of a funded commercial entity (diebold, etc) that they have to have been intentional for some reason.
The important issue is not to create bug-free software. It is about designing redundancy and validation that avoids both software bugs and fraudulent data tampering. Before you leave the voting booth, your data should be transmitted to multiple locations, and you should be able to later
validate that your individual vote is correctly in the system with some form of hash or validation code.
Nah, I've HAD the ATM screw up before, and record a deposit twice. The bank happily deducted it from my account later. I've also had an ATM record a withdrawal three times for the one transaction. Took me a couple weeks of back and forth for them to get it all straightened out. So, the ATMs *do* screw up, but the banks don't care because in the end they don't lose any money. The only one that suffers is the customer (by being out my $$ for two weeks).
WWJD?
JWRTFM!
Some people's vote is double counted. For others, only 0.2 extra votes were added. (0.6 original vote and another 0.6 double counted vote). Looks like they followed the constitution a little too strictly and counted *some* people as only 3/5 people.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
There's a reason this quirk of C is hammered into students' heads.
Can't these idiots get anything right? This is so freaking easy to fix it boggles the mind.... votes = votes - 5000 ; There. Done.
A software error resulting in +/- 5000 votes cast is unacceptable on any level, even if it gets drowned out on the national level in the US.
You know, some people are always complaining. First you complain that there's not enough people turning out to vote each election, that people are apathetic, etc. Finally someone develops some software that fixes that problem and now everyone complains about that!!
The real issue isn't that the votes were miscounted in South Dakota.
It's that I bought them for South Carolina!
PAPER FUCKING VOTES
HAND FUCKING COUNTS
FUCK!
Filter error: Don't use so many caps. It's like YELLING. THAT'S BECAUSE I'M YELLING!
Verified Voting also does great work.
When you make the Choice to make something closed, especially something this important, you really should be taking on the responsibility for any errors, bugs, security flaws or back-doors that end up in the software.
If you're willing to take the responsibility, than any error should be considered criminal--as in jail time for the CEO and others who made the (now obviously wrong) decision to keep the information private.
If you don't want the responsibiliy, that's totally understandable--just open the software for peer review by anyone.
I'm getting kind of tired of CEOs and politicians with no competency doing jobs they obviously don't understand, taking authority and reward without responsibility. I realize they are hard jobs, but doesn't that make it even more important to hire someone intellictually and morally competent instead of some college drinking bud from the good ole' boy network?
The Bug populations are getting bigger because of the Global Warming.
So I went and looked behind it. The first paragraph:
UPDATE: What really surprised me is the stunning lack of interest in this idea after I've posted it, and I've heard nothing about it, any place I've submitted it has basically rejected the idea out of hand and has made no comment on it. With all the comments I hear in so many places complaining about difficulties in developing a scalable election system that is auditable and fraud-resistant, to hear nothing tells me that nobody is really interested in a solution, they just want to complain.
So, as the first thing he does he tells us that he has submitted it to many places, all of which have rejected it. It hints that it might be a bad idea but not necessarily so I read the rest of the paragraph. The last sentences made it quite obvious that he is rather childish too so I'll just go with the assumption that reading rest of the long post would be a waste of time.
One more person to join those who have ignored the mighty Robinson method.
Shouldn't that be "our robotically elected democratic overloads?" Either way I welcome them.
The documentary "Hacking Democracy" talks about bugs like this one as well as poorly written and easily exploited code used in these systems. It why one such system was banned from use in California. It is amazing how many government tools use extremely poor code not just voting machines, but breathalyzers and other vital hardware.
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
The initial Tuesday night report said incumbent Ron Kroeger received 49.96 percent of the vote, short of the 50 percent plus 1 vote re-election requirement. The recount found he actually received 51.8 percent, more than enough to secure his seventh term over challengers John Roberts and Steve Rolinger.
Doesn't anyone think that 49.96%, short of 50% is too perfect for a random error? Most software errors will cause the numbers to explode, either to 0 or some gigantic number.
As part of the agreement for purchasing the voting machines, add a clause that subtracts $1.00 for each vote miscalculated.
This should make the voting machine creators be much more careful about the software they supply.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
That's a feature! And I paid a pretty penny for that feature. Uh, hmmm...nevermind! Just ignore what I just said.
eldavojohn please know that the AutoMark is a ballot marking device. It has nothing whatsoever to do with tabulating vote totals. Most likely this was a problem with the way the ES&S Unity software was configured.
That software (ES&S Unity) is what needs to have it's source code closely examined. From personal experience I can say that this software can be configured to count a given precincts votes multiple times. Imho this jurisdiction needs to improve some of its basic procedures; adding the total votes cast on each optical scan machine would have revealed the error by the vote tabulation software.
Punishment for election fraud shouldn't be financial. How about an hour of jail or community service for every vote miscalculated?
I was a voter in last weeks european elections, and stayed until the votes for the office were counted. (you are allowed to stay after the office closes)
Almost nothing can go wrong, and can always be detected and mostly corrected.
voters are counted, handed out votes are counted, incorrectly filled in votes are counted and marked 'invalid' and stored seperately.
received votes are counted as they are inserted in the box.
After closure, all counts are compared.
Then the box is opened, and all votes are counted and compared to previously counted.
Then votes are sorted and counted to the results and added back up to give vote count again.
All counts are written down on official paper, votes are sealed and paper and votes are brought to central counting office of city where they can be counted again the day after (first tallies are reported upstream.)
Counting is fair by having counters of several political parties and city officials at every voting office
a typical office has 5 people . 1 checking Identity, 2 counting voters/checking revoked identities, 3 counting and giving votes, 4 counting received votes, 5 extra for toilet-visits
That's why we have error checking.
You need checks that provide sums of votes across different categories, and vote totals that can be cross checked against manual tallies taken by voter registration attendants.
In a perfect world you'd have two independently written software programs on two heterogenous software configurations both tally the votes, and both provide two reports to the user.
If they're not the same, somebody fucked up.
1.) Action: change current system to runoff elections. If neither party gets a winning majority - remove all but top 2 contestants, and run it again.
Reason: under a runoff system, candidates must appeal to a broad range of voters; runoff voting discourages extreme partisanship, and prevents minor f[r]actions from upsetting the balance (example: 1992, Candidate #3 "steals" 3% of votes from Candidate #2, resulting in Candidate #3 [barely] getting the majority and royally pissing off voters supporting Candidate #2) Result: discordant elections (Bush-Gore, Bush-Clinton-Perot) are much less likely; winner has clear support and mandate from majority of voters.
2.) Action: prohibit political advertising. Debates, yes. Town hall meetings, sure. Q-and-A sessions, of course. Buying a Senate seat or the Presidency? Hell no.
Reason: political leadership should be elected on the basis of merits / values / track record, not on the basis of who's got a fatter wallet.
Result: no more travesties like (just an example, nothing personal) Jon Corzine deciding that he's made enough money, now it's time to play politics, wallpapering New Jersey with $ 63,000,000.00's worth of advertising, and winning a Senate seat.
3.) Action: allow ONLY open-source voting machines, audited by several independent sources.
Reason: voters must have proof that their vote was received and counted. The right to vote should not be canceled by a "glitch in the system", or a behind-the-scenes manipulation of the vote totals, without any possibility of an audit. (Hey, AutoMark / Diebold / ES&S, my CONSTITUTIONAL RIGHT to have my voice heard trumps your profit margin. Either make it work correctly, or GTFO the election.) Closed-source, un-auditable "black box" voting machines have a proven track record of miscounting votes. If it's a "black box", it doesn't get to play.
Result: no more "missing votes", "extra votes", "double-counted votes", or any other bullshit. If there's an issue, it's detected, fixed, and the election is run again.
Of course, this is all a dream. The 2-party duopoly will never allow #1. The media makes too much profit from political advertisement to allow #2. And the makers of voting machines make too much money to allow #3. Oh well.
"Glitch", "Bug" = lousy programming
The financial networks that route our money between various accounts is entrusted with billions of dollars daily. Why not use it to make a secure voting platform?
For example, when a person visits a polling booth and signs in, they get a random debit card loaded with one dollar (to protect privacy). To vote, they transfer that dollar to the bank account of one of the candidates. At the end of the day, which ever candidate has the most money in their account wins. Simple, easy, and built upon a known system.
Of course, real dollars shouldn't be used. A fake currency would be needed, and that currency can't be bought and sold like other currencies, but the rest can piggy-back on the electronic monetary system already in place.
So... business as usual?
Belgium
Please don't use that word in polite company!
And don't use it here either!
Those who can make you believe absurdities can make you commit atrocities. - Voltaire