Slashdot Mirror
Software Bug Adds 5K Votes To Election
eldavojohn writes "You may be able to argue that a five-thousand-vote error is a small price to pay for a national election, but these errors are certainly inadmissible on a much smaller scale. According to the Rapid City Journal, a software glitch added 4,875 phantom ballots in a South Dakota election for a seat on the city council. It's not a hardware security problem this time; it's a software glitch. Although not unheard of in electronic voting, this bug was about to cause a runoff vote since the incumbent did not hold a high enough percentage of the vote. That is no longer the case after the numbers were corrected. Wired notes it's probably a complex bug as it is not just multiplying the vote count by two. Here's to hoping that AutoMark follows suit and releases the source code for others to scrutinize."
The software has achieved sentience and is trying to elect its robot overlords! Before anyone else... I for one welcome our democratically elected robot overlords.
Why is a voting system doing any kind of math at all? I voted yesterday in Belgium on a computer that puts my vote onto a card, which is then tallied separately. This same system has been working since at least 1995 with zero reports of fraud or failure (except normal "computer is broken" style failures).
How can a computer "add phantom ballots"? Software does not just "glitch", it breaks in ways that depend entirely on how it was built.
My blog
I mean really, I'm pretty sure I could write a program with a couple of buttons and a counter for each.
What's going on here?
It still amazes me how "hard" it is to write a simple program. First have something to scan the ID, check that its unique then move to the voting. Have a few radio buttons that you click, then hit submit, each radio button corresponds to a candidate or a choice, they are added up and give you the results. How the crap do you screw that up?
Taxation is legalized theft, no more, no less.
...but I can't understand how a glorified logger can be this far off. With hand-shaking and all the rest of it, it just staggers me that something this simple is so hard. If our systems or audit logging were off by more than 5k, our nuts would be in a sling, and our projects sure as heck aren't as big as these puppies.
A software error resulting in +/- 5000 votes cast is unacceptable on any level, even if it gets drowned out on the national level in the US.
There is absolutely no reason or excuse for software to miscount votes. It isn't rocket science.
I know I'm preaching to the choir here, but this shit just pisses me off. It's a matter of national and local integrity that our voting systems are transparent. Please support blackboxvoting.org if you don't have the time to get involved in a deeper fashion (calling/writing your legislators, etc).
Note: I'm not affiliated with blackboxvoting.org. I just appreciate their work.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
It's not a bug, it's a feature.
Wired thinks it's "probably a complex bug"? I think probably not, it's probably something blindingly simple, and stupid.
They were right - the revolution did not get televised. It was posted on YouTube instead. All in 120 characters. SLOOSH!
that adding involves multiplying by numbers greater than 1.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
The probability of a software glitch not crashing the system, but causing a problem that changed the outcome of the election while still spouting out believable numbers is close to zero. You don't need software experts on this one, what you need is a criminal investigation.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
I'm pretty sure, somewhere in that code, was a server thread handle which states "if {vote=="thisGuy"){thisGuy++;}else{otherGuy++;}" - because validating your requests might require extra code.
"Sorrow is better than laughter, for by sadness of face the heart is made glad." [Ecclesiastes 7:3]
TFA only tells me the numbers and the guy's plans, nothing about the actual bug. What was it? It seems awfully hard to screw up adding two numbers together to get a third number, which is basically what that software was doing. Has it occurred to anyone that it might have been tampering? It seems to me that, with the fairly large (tens of thousands) number of votes, adding or removing just enough to make it a runoff would be the perfect vote tampering scheme - too little to draw much attention, but enough to actually make a difference.
Yet Another Tech Blog
(but so much more, including game and movie reviews)
http://yanteb.peasantoid.org
vote = GetVote( );
/s
if( vote = my_candidate )
{
my_candidate_votes = my_candidate_votes + 2;
} else {
other_candidate_votes = other_candidate_votes + 1;
}
In the source code as complex as this, you will probably need a PhD in computer science...
Someone forgot to clear the chad bit!
"The only legitimate use of a computer is to play games." - Eugene Jarvis
yet we continue to use them, both here and abroad. Curious.
Was there a double B, double G, double L?
In related news its apparently very easy to convince the media that programming voting machines is hard. I seriously doubt this was an accident. Independent testing should have flushed this bug out very early.
10: PRINT "Everything old is new again."
20: GOTO 10
I find it interesting that companies that make ATMs for systems that track things down to the penny are unable to track much smaller numbers with errors of plus or minus THOUSANDS.
Maybe we should just start voting at ATMs?
Oh wait, that's what the lobbyists do already.
This case quite clearly highlights all the advantages of an paper trail.
Dispite a the software part of the IT system, we're capable of finding the true result of the election because we've still got the paper votes.
Result: the voting system works.
Compare and contract this to an system which didn't have paper ballots. It would be almost impossible to even see if there was a problem, let alone be able recover from it. You could possibly see that the numbers were wrong if they'd taken an register of who'd voted, or if they'd counted the number of voters manually. However there'd have been no fallback. No way to recover the votes.
So yeah, this case is an fantastic advert for electronic voting systems which have an paper trail.
Why is hoping the right response? I want source code period. Imagine a person coming into town and saying tell me your vote and Ill make sure it gets passed on. If the code is hidden there is no difference. You have no idea what the stranger will do with your vote, forget it, throw it out, change it to Paultard. Or maybe the code is remembering who voted for who. Or maybe... We have no idea, because we cant see the code!!! How does a nation that sent boys into bullets to protect Democracy let it be taken away so easily. We have seen massive voter suppression tactics by the Republicans, they and their media ilk have opined in various locations that voters are stupid and always vote wrong, they have a vested interest in stopping voting. Hello. Yes yes I know Democrats do it too, hehee, thats why you should support efforts to weed out nefarious Democrat tricks,. (Why are the graves in New Orleans always above ground? Its not the water table its easier for the dead to vote) Yeah "hope we get democracy again real soon."
yeah, cause the difference in saying something like "x+y/2" or "(x+y)/2" is obvious fraud
If that bug survived product testing, stupidity is no longer an adequate explanation. We are forced to suspect malice.
No one yet has provided me a compelling argument for why we need to use electronic voting.
It seems to be simply a combination of techno-fetish with an illogical push toward "the new thing" which someone has sold as "better".
Yes, it is hard to conduct an election. Making machines do the counting would reduce the human effort, but the cost way is too high. While I was open to the concept initially, the graft and fraud uncovered leaves me with no confidence any longer that the machines in an election booth will enable a fair election, and thus, a just political system.
Let's hope the real reason this was found was that the voting machine's captured biometrics did not match anyone in the FBI's databases. The fingerprints, face and iris scans came up blank.
The next thing to remember is to put next things next.
I posted a question yesterday about what was wrong with a simple program. No-one seemed to know so here's my attempt at writing that simple program. Feel free to tear my ideas to pieces. Hint: I am not a programmer.
MAIN:
print("Please enter your Voter ID")
scan, store as voterID
if (voterID == any value in array of legal voters)
then run the vote program
else {
print("Error")
go back to main }
VOTE:
print("Enter your choice of candidate")
scan, store as candidate
if (candidate == A) {
then record vote for candidate A
remove voterID from array of legal voters
exit }
elif (candidate == B) {
then record vote for candidate B++
remove voterID from array of legal voters
exit }
else {
print("Error")
go back to vote }
Copy/pasting the same answer over and over...
Makes me feel senile running into those. "I could have sworn I just read that comment a minute ago... Did I really?"
Mit der Dummheit kämpfen Götter selbst vergebens
you forgot the first two lines:
const int GEORGE_BUSH=1;
const int AL_GORE=GEORGE_BUSH;
There is a very simple, comparatively low-tech fix for broken elections that involve paper ballots.
As we do in Humboldt County, CA, run all ballots through an off-the-shelf scanner and run an independent count with independent, open source software. Ballot Browser (open source, Python, GPL from me) is available for tweaking and the basics are explained in April's Python Magazine. Or, it's really not that difficult to write your own bubble-reading software.
The problem is probably that the developers of that voting software was probably exactly like the OP, thinking: I'm pretty sure I could write a program with a couple of buttons and a counter for each.
Really, the very first step you'd need to make, is separating the system into a GUI client, operator client and vote server. The vote server would be easier to verify due to very few libraries and unrelated code being used. The GUI client would not be able to mangle _all_ vote results in an instance due to memory corruption issues. And requiring the operator to clear the vote server for receiving the next vote would avoid 5000 votes being registered due to a bug of any kind.
The server and GUI client would be separate users with different privileges and cryptographically signed log to append-write only medium. Hell, the final confirmation to the user should be displayed on screen by program using a plain-text message sent by the server to a different client process, just to ensure the GUI is showing a different choice from what it registers with the vote server. And I'm sure there's plenty of other stuff that would need to be done to make a truly secure and reliable voting system.
- These characters were randomly selected.
Maybe they should replace the core of their system Open Office.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
Ok, being serious here. I'm an eng for a software development company. Security is a very aspect of our software; we store patient records for DoD hospitals.
I'm honestly scratching my head here, completely confused as to how anyone...anyone...could take a concept as overwhelmingly farking simple as COUNTING and screw it up. Seriously. I'm pretty sure I could have a reliable, bug-free (oh yes, I made that claim), fully auditable system created in a few days. I really, really don't understand why the hell this whole concept is getting so incredibly overblown. At this point, I almost have to be sceptical that when "bugs" are reported in the machines of a funded commercial entity (diebold, etc) that they have to have been intentional for some reason.
The important issue is not to create bug-free software. It is about designing redundancy and validation that avoids both software bugs and fraudulent data tampering. Before you leave the voting booth, your data should be transmitted to multiple locations, and you should be able to later
validate that your individual vote is correctly in the system with some form of hash or validation code.
Nah, I've HAD the ATM screw up before, and record a deposit twice. The bank happily deducted it from my account later. I've also had an ATM record a withdrawal three times for the one transaction. Took me a couple weeks of back and forth for them to get it all straightened out. So, the ATMs *do* screw up, but the banks don't care because in the end they don't lose any money. The only one that suffers is the customer (by being out my $$ for two weeks).
WWJD?
JWRTFM!
Some people's vote is double counted. For others, only 0.2 extra votes were added. (0.6 original vote and another 0.6 double counted vote). Looks like they followed the constitution a little too strictly and counted *some* people as only 3/5 people.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Can't these idiots get anything right? This is so freaking easy to fix it boggles the mind.... votes = votes - 5000 ; There. Done.
A software error resulting in +/- 5000 votes cast is unacceptable on any level, even if it gets drowned out on the national level in the US.
You know, some people are always complaining. First you complain that there's not enough people turning out to vote each election, that people are apathetic, etc. Finally someone develops some software that fixes that problem and now everyone complains about that!!
It's called paper based voting.
There are plenty of good paper based systems around.
They scale. The more voters you have, the more volunteers and observers you should be able to get.
The counting of each ballot can be observed by party representatives and independent 3rd party observers/monitors. In my country, the counter holds up each ballot paper to show it to "everyone". It'll take a fair number of magicians to cheat in this and they would have to work a lot harder to cheat without getting caught.
As I've said before- Elections don't just have to be fair, they have to be SEEN as fair. If democracy is important, it doesn't matter if it costs a few hours to get it right.
The best thing about it is, even if it's a surprise result - because the various observers see that it's mostly fair, the losers will grudgingly accept the result. If the result is close a recount can be done with even more stringent monitoring.
Where the cheating probably happens in my country is from the postal votes. But the electronic systems will also be vulnerable to this problem, in addition to being vulnerable to very many other problems inherent with e-voting.
E-voting fails my "seen to be fair" requirement- because it's some blackbox that the normal folk don't understand, and the IT security people understand and thus don't trust. Even if you have the source code, it's so hard to prove that it's the same software that actually runs during the counting, or that the rest of the hardware isn't messed with.
With e-voting, only a few specialists can understand and check the system, and the rest of the public have to near blindly trust them.
Whereas with hand counting, it's easy to explain to most people how it's done - and their party representatives are there checking each ballot as it's counted as well.
Is it so hard in the USA to find people who can count? Tell me it can't be so bad as "Counting votes is hard, let's go shopping!" right?
The real issue isn't that the votes were miscounted in South Dakota.
It's that I bought them for South Carolina!
PAPER FUCKING VOTES
HAND FUCKING COUNTS
FUCK!
Filter error: Don't use so many caps. It's like YELLING. THAT'S BECAUSE I'M YELLING!
Verified Voting also does great work.
When you make the Choice to make something closed, especially something this important, you really should be taking on the responsibility for any errors, bugs, security flaws or back-doors that end up in the software.
If you're willing to take the responsibility, than any error should be considered criminal--as in jail time for the CEO and others who made the (now obviously wrong) decision to keep the information private.
If you don't want the responsibiliy, that's totally understandable--just open the software for peer review by anyone.
I'm getting kind of tired of CEOs and politicians with no competency doing jobs they obviously don't understand, taking authority and reward without responsibility. I realize they are hard jobs, but doesn't that make it even more important to hire someone intellictually and morally competent instead of some college drinking bud from the good ole' boy network?
The documentary "Hacking Democracy" talks about bugs like this one as well as poorly written and easily exploited code used in these systems. It why one such system was banned from use in California. It is amazing how many government tools use extremely poor code not just voting machines, but breathalyzers and other vital hardware.
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
The initial Tuesday night report said incumbent Ron Kroeger received 49.96 percent of the vote, short of the 50 percent plus 1 vote re-election requirement. The recount found he actually received 51.8 percent, more than enough to secure his seventh term over challengers John Roberts and Steve Rolinger.
Doesn't anyone think that 49.96%, short of 50% is too perfect for a random error? Most software errors will cause the numbers to explode, either to 0 or some gigantic number.
As part of the agreement for purchasing the voting machines, add a clause that subtracts $1.00 for each vote miscalculated.
This should make the voting machine creators be much more careful about the software they supply.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
That's a feature! And I paid a pretty penny for that feature. Uh, hmmm...nevermind! Just ignore what I just said.
eldavojohn please know that the AutoMark is a ballot marking device. It has nothing whatsoever to do with tabulating vote totals. Most likely this was a problem with the way the ES&S Unity software was configured.
That software (ES&S Unity) is what needs to have it's source code closely examined. From personal experience I can say that this software can be configured to count a given precincts votes multiple times. Imho this jurisdiction needs to improve some of its basic procedures; adding the total votes cast on each optical scan machine would have revealed the error by the vote tabulation software.
Punishment for election fraud shouldn't be financial. How about an hour of jail or community service for every vote miscalculated?
I was a voter in last weeks european elections, and stayed until the votes for the office were counted. (you are allowed to stay after the office closes)
Almost nothing can go wrong, and can always be detected and mostly corrected.
voters are counted, handed out votes are counted, incorrectly filled in votes are counted and marked 'invalid' and stored seperately.
received votes are counted as they are inserted in the box.
After closure, all counts are compared.
Then the box is opened, and all votes are counted and compared to previously counted.
Then votes are sorted and counted to the results and added back up to give vote count again.
All counts are written down on official paper, votes are sealed and paper and votes are brought to central counting office of city where they can be counted again the day after (first tallies are reported upstream.)
Counting is fair by having counters of several political parties and city officials at every voting office
a typical office has 5 people . 1 checking Identity, 2 counting voters/checking revoked identities, 3 counting and giving votes, 4 counting received votes, 5 extra for toilet-visits
1.) Action: change current system to runoff elections. If neither party gets a winning majority - remove all but top 2 contestants, and run it again.
Reason: under a runoff system, candidates must appeal to a broad range of voters; runoff voting discourages extreme partisanship, and prevents minor f[r]actions from upsetting the balance (example: 1992, Candidate #3 "steals" 3% of votes from Candidate #2, resulting in Candidate #3 [barely] getting the majority and royally pissing off voters supporting Candidate #2) Result: discordant elections (Bush-Gore, Bush-Clinton-Perot) are much less likely; winner has clear support and mandate from majority of voters.
2.) Action: prohibit political advertising. Debates, yes. Town hall meetings, sure. Q-and-A sessions, of course. Buying a Senate seat or the Presidency? Hell no.
Reason: political leadership should be elected on the basis of merits / values / track record, not on the basis of who's got a fatter wallet.
Result: no more travesties like (just an example, nothing personal) Jon Corzine deciding that he's made enough money, now it's time to play politics, wallpapering New Jersey with $ 63,000,000.00's worth of advertising, and winning a Senate seat.
3.) Action: allow ONLY open-source voting machines, audited by several independent sources.
Reason: voters must have proof that their vote was received and counted. The right to vote should not be canceled by a "glitch in the system", or a behind-the-scenes manipulation of the vote totals, without any possibility of an audit. (Hey, AutoMark / Diebold / ES&S, my CONSTITUTIONAL RIGHT to have my voice heard trumps your profit margin. Either make it work correctly, or GTFO the election.) Closed-source, un-auditable "black box" voting machines have a proven track record of miscounting votes. If it's a "black box", it doesn't get to play.
Result: no more "missing votes", "extra votes", "double-counted votes", or any other bullshit. If there's an issue, it's detected, fixed, and the election is run again.
Of course, this is all a dream. The 2-party duopoly will never allow #1. The media makes too much profit from political advertisement to allow #2. And the makers of voting machines make too much money to allow #3. Oh well.
So... business as usual?
Belgium
Please don't use that word in polite company!
And don't use it here either!
Those who can make you believe absurdities can make you commit atrocities. - Voltaire