Slashdot Mirror
Software Bug Adds 5K Votes To Election
eldavojohn writes "You may be able to argue that a five-thousand-vote error is a small price to pay for a national election, but these errors are certainly inadmissible on a much smaller scale. According to the Rapid City Journal, a software glitch added 4,875 phantom ballots in a South Dakota election for a seat on the city council. It's not a hardware security problem this time; it's a software glitch. Although not unheard of in electronic voting, this bug was about to cause a runoff vote since the incumbent did not hold a high enough percentage of the vote. That is no longer the case after the numbers were corrected. Wired notes it's probably a complex bug as it is not just multiplying the vote count by two. Here's to hoping that AutoMark follows suit and releases the source code for others to scrutinize."
The software has achieved sentience and is trying to elect its robot overlords! Before anyone else... I for one welcome our democratically elected robot overlords.
Why is a voting system doing any kind of math at all? I voted yesterday in Belgium on a computer that puts my vote onto a card, which is then tallied separately. This same system has been working since at least 1995 with zero reports of fraud or failure (except normal "computer is broken" style failures).
How can a computer "add phantom ballots"? Software does not just "glitch", it breaks in ways that depend entirely on how it was built.
My blog
I mean really, I'm pretty sure I could write a program with a couple of buttons and a counter for each.
What's going on here?
It still amazes me how "hard" it is to write a simple program. First have something to scan the ID, check that its unique then move to the voting. Have a few radio buttons that you click, then hit submit, each radio button corresponds to a candidate or a choice, they are added up and give you the results. How the crap do you screw that up?
Taxation is legalized theft, no more, no less.
...but I can't understand how a glorified logger can be this far off. With hand-shaking and all the rest of it, it just staggers me that something this simple is so hard. If our systems or audit logging were off by more than 5k, our nuts would be in a sling, and our projects sure as heck aren't as big as these puppies.
A software error resulting in +/- 5000 votes cast is unacceptable on any level, even if it gets drowned out on the national level in the US.
There is absolutely no reason or excuse for software to miscount votes. It isn't rocket science.
I know I'm preaching to the choir here, but this shit just pisses me off. It's a matter of national and local integrity that our voting systems are transparent. Please support blackboxvoting.org if you don't have the time to get involved in a deeper fashion (calling/writing your legislators, etc).
Note: I'm not affiliated with blackboxvoting.org. I just appreciate their work.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
It's not a bug, it's a feature.
Wired thinks it's "probably a complex bug"? I think probably not, it's probably something blindingly simple, and stupid.
They were right - the revolution did not get televised. It was posted on YouTube instead. All in 120 characters. SLOOSH!
I'm pretty sure, somewhere in that code, was a server thread handle which states "if {vote=="thisGuy"){thisGuy++;}else{otherGuy++;}" - because validating your requests might require extra code.
"Sorrow is better than laughter, for by sadness of face the heart is made glad." [Ecclesiastes 7:3]
TFA only tells me the numbers and the guy's plans, nothing about the actual bug. What was it? It seems awfully hard to screw up adding two numbers together to get a third number, which is basically what that software was doing. Has it occurred to anyone that it might have been tampering? It seems to me that, with the fairly large (tens of thousands) number of votes, adding or removing just enough to make it a runoff would be the perfect vote tampering scheme - too little to draw much attention, but enough to actually make a difference.
Yet Another Tech Blog
(but so much more, including game and movie reviews)
http://yanteb.peasantoid.org
yeah, cause the difference in saying something like "x+y/2" or "(x+y)/2" is obvious fraud, as it is a bug that wouldn't crash the system.
It's probably more like they aren't rolling back some transaction on a network error or something. Network timeouts, etc, are probably doubling up the votes from that machine. It's probably an unusual error so it doesn't get caught in testing. Like busy networks on election night? It's not that hard to imagine.
-Unresolved symbol? Byte me!
vote = GetVote( );
/s
if( vote = my_candidate )
{
my_candidate_votes = my_candidate_votes + 2;
} else {
other_candidate_votes = other_candidate_votes + 1;
}
In the source code as complex as this, you will probably need a PhD in computer science...
Someone forgot to clear the chad bit!
"The only legitimate use of a computer is to play games." - Eugene Jarvis
Was there a double B, double G, double L?
In related news its apparently very easy to convince the media that programming voting machines is hard. I seriously doubt this was an accident. Independent testing should have flushed this bug out very early.
10: PRINT "Everything old is new again."
20: GOTO 10
I find it interesting that companies that make ATMs for systems that track things down to the penny are unable to track much smaller numbers with errors of plus or minus THOUSANDS.
Maybe we should just start voting at ATMs?
Oh wait, that's what the lobbyists do already.
I posted a question yesterday about what was wrong with a simple program. No-one seemed to know so here's my attempt at writing that simple program. Feel free to tear my ideas to pieces. Hint: I am not a programmer.
MAIN:
print("Please enter your Voter ID")
scan, store as voterID
if (voterID == any value in array of legal voters)
then run the vote program
else {
print("Error")
go back to main }
VOTE:
print("Enter your choice of candidate")
scan, store as candidate
if (candidate == A) {
then record vote for candidate A
remove voterID from array of legal voters
exit }
elif (candidate == B) {
then record vote for candidate B++
remove voterID from array of legal voters
exit }
else {
print("Error")
go back to vote }
There is a very simple, comparatively low-tech fix for broken elections that involve paper ballots.
As we do in Humboldt County, CA, run all ballots through an off-the-shelf scanner and run an independent count with independent, open source software. Ballot Browser (open source, Python, GPL from me) is available for tweaking and the basics are explained in April's Python Magazine. Or, it's really not that difficult to write your own bubble-reading software.
The problem is probably that the developers of that voting software was probably exactly like the OP, thinking: I'm pretty sure I could write a program with a couple of buttons and a counter for each.
Really, the very first step you'd need to make, is separating the system into a GUI client, operator client and vote server. The vote server would be easier to verify due to very few libraries and unrelated code being used. The GUI client would not be able to mangle _all_ vote results in an instance due to memory corruption issues. And requiring the operator to clear the vote server for receiving the next vote would avoid 5000 votes being registered due to a bug of any kind.
The server and GUI client would be separate users with different privileges and cryptographically signed log to append-write only medium. Hell, the final confirmation to the user should be displayed on screen by program using a plain-text message sent by the server to a different client process, just to ensure the GUI is showing a different choice from what it registers with the vote server. And I'm sure there's plenty of other stuff that would need to be done to make a truly secure and reliable voting system.
- These characters were randomly selected.
Nah, I've HAD the ATM screw up before, and record a deposit twice. The bank happily deducted it from my account later. I've also had an ATM record a withdrawal three times for the one transaction. Took me a couple weeks of back and forth for them to get it all straightened out. So, the ATMs *do* screw up, but the banks don't care because in the end they don't lose any money. The only one that suffers is the customer (by being out my $$ for two weeks).
WWJD?
JWRTFM!
Can't these idiots get anything right? This is so freaking easy to fix it boggles the mind.... votes = votes - 5000 ; There. Done.
A software error resulting in +/- 5000 votes cast is unacceptable on any level, even if it gets drowned out on the national level in the US.
You know, some people are always complaining. First you complain that there's not enough people turning out to vote each election, that people are apathetic, etc. Finally someone develops some software that fixes that problem and now everyone complains about that!!
It's called paper based voting.
There are plenty of good paper based systems around.
They scale. The more voters you have, the more volunteers and observers you should be able to get.
The counting of each ballot can be observed by party representatives and independent 3rd party observers/monitors. In my country, the counter holds up each ballot paper to show it to "everyone". It'll take a fair number of magicians to cheat in this and they would have to work a lot harder to cheat without getting caught.
As I've said before- Elections don't just have to be fair, they have to be SEEN as fair. If democracy is important, it doesn't matter if it costs a few hours to get it right.
The best thing about it is, even if it's a surprise result - because the various observers see that it's mostly fair, the losers will grudgingly accept the result. If the result is close a recount can be done with even more stringent monitoring.
Where the cheating probably happens in my country is from the postal votes. But the electronic systems will also be vulnerable to this problem, in addition to being vulnerable to very many other problems inherent with e-voting.
E-voting fails my "seen to be fair" requirement- because it's some blackbox that the normal folk don't understand, and the IT security people understand and thus don't trust. Even if you have the source code, it's so hard to prove that it's the same software that actually runs during the counting, or that the rest of the hardware isn't messed with.
With e-voting, only a few specialists can understand and check the system, and the rest of the public have to near blindly trust them.
Whereas with hand counting, it's easy to explain to most people how it's done - and their party representatives are there checking each ballot as it's counted as well.
Is it so hard in the USA to find people who can count? Tell me it can't be so bad as "Counting votes is hard, let's go shopping!" right?
The real issue isn't that the votes were miscounted in South Dakota.
It's that I bought them for South Carolina!
Verified Voting also does great work.
When you make the Choice to make something closed, especially something this important, you really should be taking on the responsibility for any errors, bugs, security flaws or back-doors that end up in the software.
If you're willing to take the responsibility, than any error should be considered criminal--as in jail time for the CEO and others who made the (now obviously wrong) decision to keep the information private.
If you don't want the responsibiliy, that's totally understandable--just open the software for peer review by anyone.
I'm getting kind of tired of CEOs and politicians with no competency doing jobs they obviously don't understand, taking authority and reward without responsibility. I realize they are hard jobs, but doesn't that make it even more important to hire someone intellictually and morally competent instead of some college drinking bud from the good ole' boy network?
The documentary "Hacking Democracy" talks about bugs like this one as well as poorly written and easily exploited code used in these systems. It why one such system was banned from use in California. It is amazing how many government tools use extremely poor code not just voting machines, but breathalyzers and other vital hardware.
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
The initial Tuesday night report said incumbent Ron Kroeger received 49.96 percent of the vote, short of the 50 percent plus 1 vote re-election requirement. The recount found he actually received 51.8 percent, more than enough to secure his seventh term over challengers John Roberts and Steve Rolinger.
Doesn't anyone think that 49.96%, short of 50% is too perfect for a random error? Most software errors will cause the numbers to explode, either to 0 or some gigantic number.
As part of the agreement for purchasing the voting machines, add a clause that subtracts $1.00 for each vote miscalculated.
This should make the voting machine creators be much more careful about the software they supply.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.