Software Bug Adds 5K Votes To Election

eldavojohn writes "You may be able to argue that a five-thousand-vote error is a small price to pay for a national election, but these errors are certainly inadmissible on a much smaller scale. According to the Rapid City Journal, a software glitch added 4,875 phantom ballots in a South Dakota election for a seat on the city council. It's not a hardware security problem this time; it's a software glitch. Although not unheard of in electronic voting, this bug was about to cause a runoff vote since the incumbent did not hold a high enough percentage of the vote. That is no longer the case after the numbers were corrected. Wired notes it's probably a complex bug as it is not just multiplying the vote count by two. Here's to hoping that AutoMark follows suit and releases the source code for others to scrutinize."

Uh oh...

The software has achieved sentience and is trying to elect its robot overlords! Before anyone else... I for one welcome our democratically elected robot overlords.

Re:Uh oh...

[neoform]

No no no, it's clearly a glitch. Counting numbers (e.g. 1+1) really isn't a computer's strong suit, so it's understandable that it would sometimes do this, 1+ 1 + 1 + 1 + 5000 + 1 + 1.

Re:Uh oh...

[NotBorg]

I'd mod you funny but I've completely lost faith in electronic voting.

How hard is it for a computer to do addition?

[pieterh]

Why is a voting system doing any kind of math at all? I voted yesterday in Belgium on a computer that puts my vote onto a card, which is then tallied separately. This same system has been working since at least 1995 with zero reports of fraud or failure (except normal "computer is broken" style failures).

How can a computer "add phantom ballots"? Software does not just "glitch", it breaks in ways that depend entirely on how it was built.

Re:How hard is it for a computer to do addition?

[rvw]

Why is a voting system doing any kind of math at all? I voted yesterday in Belgium on a computer that puts my vote onto a card, which is then tallied separately. This same system has been working since at least 1995 with zero reports of fraud or failure (except normal "computer is broken" style failures).

How can a computer "add phantom ballots"? Software does not just "glitch", it breaks in ways that depend entirely on how it was built.

How do you know this system is fraud free? Reading your comment doesn't convince me one bit. I voted too, in the Netherlands, and for the first time in years I had to use a pencil again. No guarantee that there are no counting errors, but they won't be systematic on a large scale.

Re:How hard is it for a computer to do addition?

[Darkness404]

While I'm as puzzled as you are on why its doing simple addition wrong, I can understand why you would want a computer to do the math though, as it should be more error-proof than humans.

Re:How hard is it for a computer to do addition?

[tangent3]

Additions just aren't so simple anymore in concurrent computing. The obvious way to do addition in gcc c would be:

totalVotes[candidate]++;

but this will totally screw up the vote count, whereas

__sync_add_and_fetch(&totalVotes[candidate], 1);

gets it right.

Re:How hard is it for a computer to do addition?

[jgtg32a]

I'm not a programmer but why would totalVotes[candidate]++; not work?

Is it a race condition, it pulls the number adds one and puts it back, and if the system is run parallel it will drop vote added at the same time?

Re:How hard is it for a computer to do addition?

[tangent3]

void vote(int candidate)
{
   switch (candidate)
   {
      case GEORGE_BUSH:
         totalVotes[GEORGE_BUSH] ++;

      case AL_GORE:
         totalVotes[AL_GORE] ++;
         break;
   }
}

Re:How hard is it for a computer to do addition?

[pieterh]

Belgian politics are not always polite. There is endless infighting. There is no monopoly of power, every government is a coalition and always fragile.

This makes election fraud very hard to organise and probably impossible to keep a secret. One would need to buy too many people, for too long.

So not because I trust the Belgian political establishment, but because I trust their incompetence and greed, I'm pretty satisfied that every vote is counted, and accurately.

Re:How hard is it for a computer to do addition?

Yes, it's a threading issue. If you have multiple threads trying to update the value, some of them won't count. You'd either need to use a lock (and probably mark the variables as volatile) or use some kind of atomic update (like a read-modify-write operation).

Still, you'd have to be an idiot to even try to count votes as they're coming in. A much better approach would be to use a database. Database servers are already really good at handling concurrency and scaling. When a vote is cast, simply add a record to the database. Once the election's over, do something like "SELECT COUNT(*), candidate_id FROM votes GROUP BY candidate_id", and the results will be calculated based on the records in the database.

Really, you could only screw this up if you insisted on developing the entire system from scratch, rather than going with existing, well-tested code.

Re:How hard is it for a computer to do addition?

[Cixelsiduous]

eh...your first case statement is missing a break. As it currently stands, a vote for GEORGE_BUSH also adds a vote for AL_GORE. I dunno maybe you left it out on purpose to make a point? I guess the bigger question is: why do I care? The answer of course is because I have no friends.

Re:How hard is it for a computer to do addition?

[nine-times]

Right. Ask a computer to count 1 million records and stop exactly on the millionth, and then ask a person to count 1 million cards and stop on the millionth. If you had to bet your life on it, who would you think would be more precise? Obviously computers have value.

On the other hand, I'm a firm believer in the idea that the source code should be available for review to make sure there are no weird bugs that could multiply votes, and there should be a paper trail so that the computer can be checked for voter fraud. Computers are more efficient, but not only are they more efficient at doing the right thing, and they're more efficient at doing the wrong thing. If the code tells them to count votes incorrectly (whether it's fraud or an inadvertent bug) they will very efficiently count the votes incorrectly.

Re:How hard is it for a computer to do addition?

[BitZtream]

Sure, go ahead and add a field to the table and you've got a record of who voted for who, which is awesome!

The problem for slashdotters is that there is more to a voting system than JUST counting the votes properly.

You have to count the votes properly, provide proper auditing to validate that everyones vote got counted for who they voted for, all the while making sure that you don't actually know who specifically voted for who, even though you may need to prove that their vote was counted for a specific candidate later.

If all they had to do was count votes, they would have gotten it right cause even the $0.50/hour programmers from India can get that part right.

It does blow my mind however that we still get errors in electronic voting due to bugs, these companies are utterly failing and should be banned from making software such as these as soon as a bug like this is detected. It is not acceptable to have not tested your software properly before hand to detect this crap.

Re:How hard is it for a computer to do addition?

[Enigma0498]

How do you know this system is fraud free? Reading your comment doesn't convince me one bit. I voted too, in the Netherlands, and for the first time in years I had to use a pencil again. No guarantee that there are no counting errors, but they won't be systematic on a large scale.

The Belgian government publishes the source code of the voting software the moment the bureaus close. The software of yesterday's election can be found here: http://www.ibz.rrn.fgov.be/index.php?id=1152&L=1

Re:How hard is it for a computer to do addition?

[Fulcrum+of+Evil]

why would you have multiple threads running on a tally?

How hard can it be?

[Nursie]

I mean really, I'm pretty sure I could write a program with a couple of buttons and a counter for each.

What's going on here?

Re:How hard can it be?

[noundi]

What's going on here?

That, my friend, we will never find out. We would if these highly complex applications were OSS, but then again the complexity of these are so immense that 9/10 experienced programmers had their heads spontaneously explode upon viewing the first line of code. That or someone is bullshitting you.

Re:How hard can it be?

[Nursie]

Ah, "Shaky" Jim was off his meds again.

How.....

[Darkness404]

It still amazes me how "hard" it is to write a simple program. First have something to scan the ID, check that its unique then move to the voting. Have a few radio buttons that you click, then hit submit, each radio button corresponds to a candidate or a choice, they are added up and give you the results. How the crap do you screw that up?

Re:How.....

[Shakrai]

It still amazes me how "hard" it is to write a simple program. First have something to scan the ID, check that its unique then move to the voting. Have a few radio buttons that you click, then hit submit, each radio button corresponds to a candidate or a choice, they are added up and give you the results. How the crap do you screw that up?

Well, in the case of New York State, our fearless leaders in Albany changed the requirements no less than 15 times after signing a contract with the vendor for new voting machines. Then after they finally agreed on a set of requirements they decided that they needed voting machines for 62 counties right now so they'd have them in time for the election. Then after the machines arrived they changed the requirements again and needed the new software for them right now.

Doing business with the Government is not an easy undertaking. The only good thing that came out of it is our fearless leaders weren't stupid enough to go with a DRE (direct electronic recording) system. We still have paper ballots that can be counted by any human being if the computer system fails. All the computer does is tabulate them and provide an interface for those voters (the blind/handicapped) whom can't fill out paper ballots themselves.

Re:How.....

[Darkness404]

How does a local election provider define the ballot?

Depends, have a list of candidates, choose the candidate, submit it. For a yes or no issue have two buttons, one yes the other no.

How do you ensure that the ballot programming is accessible to politicos and not computer programmers?

Either have a GUI or hire a programmer, I'm sure that the cost of one programmer and one or two other people is a lot less than hiring a team to hand-count votes.

How do you QA the ballot program? How do you verify that nobody has tampered with the ballot program after it has been QAed?

Sign it. Have the program check the signature, good signature it lets it go, bad signature it rejects it and throws up an error message.

For QA, how do you do it without using official ballots that don't end up in the valid votes pile?

Reimage the machine after use.

What happens if the scanner (for optical scanners) gets miscalibrated, or the ballot printer was miscalibrated when it printed them, so that alignments aren't off? What if the initial votes and ballots are correct but later ones are not because of changes in calibration or alignment? Think about multiple ballot runs off a printer in a high-volume election.

Simple, don't use scanners. Simply have it be all digital with a paper printout that may be used if the electronic voting failed due to errors, etc. The paper printouts could be hand-counted if there was a major failure.

What about different election types? "Most-of", "at-large", "one-of", "instant-runoff", etc.? What about the interactions between these election types and other election types on a single ballot? What about multiple ballots in small regional areas? Who programs them and verifies the programs?

Programmers and the town. Have an open meeting where anyone can discuss them, fix them, etc. You only need to hire one competent programmer to program a ballot. Multiple ballots are simply more XML files, trivial to make.

I must be missing something...

[thekm]

...but I can't understand how a glorified logger can be this far off. With hand-shaking and all the rest of it, it just staggers me that something this simple is so hard. If our systems or audit logging were off by more than 5k, our nuts would be in a sling, and our projects sure as heck aren't as big as these puppies.

Blckboxvoting.org

[Red+Flayer]

"You may be able to argue that a five thousand vote error is a small price to pay for a national election but these errors are certainly inadmissible on a much smaller scale.

A software error resulting in +/- 5000 votes cast is unacceptable on any level, even if it gets drowned out on the national level in the US.

There is absolutely no reason or excuse for software to miscount votes. It isn't rocket science.

I know I'm preaching to the choir here, but this shit just pisses me off. It's a matter of national and local integrity that our voting systems are transparent. Please support blackboxvoting.org if you don't have the time to get involved in a deeper fashion (calling/writing your legislators, etc).

Note: I'm not affiliated with blackboxvoting.org. I just appreciate their work.

Re:Blckboxvoting.org

[nedlohs]

Yes, but it's hilarious when there were only 5600 actual votes cast. +/-100% error bars, is good enough for government work apparently.

This is why we have validation.

[BlueKitties]

I'm pretty sure, somewhere in that code, was a server thread handle which states "if {vote=="thisGuy"){thisGuy++;}else{otherGuy++;}" - because validating your requests might require extra code.

tampering?

[Ltap]

TFA only tells me the numbers and the guy's plans, nothing about the actual bug. What was it? It seems awfully hard to screw up adding two numbers together to get a third number, which is basically what that software was doing. Has it occurred to anyone that it might have been tampering? It seems to me that, with the fairly large (tens of thousands) number of votes, adding or removing just enough to make it a runoff would be the perfect vote tampering scheme - too little to draw much attention, but enough to actually make a difference.

Re:!bug

[skelterjohn]

yeah, cause the difference in saying something like "x+y/2" or "(x+y)/2" is obvious fraud, as it is a bug that wouldn't crash the system.

Re:!bug

[link-error]

It's probably more like they aren't rolling back some transaction on a network error or something. Network timeouts, etc, are probably doubling up the votes from that machine. It's probably an unusual error so it doesn't get caught in testing. Like busy networks on election night? It's not that hard to imagine.

It's simple

[Mad-Bassist]

Someone forgot to clear the chad bit!

In related news...

[Xiver]

In related news its apparently very easy to convince the media that programming voting machines is hard. I seriously doubt this was an accident. Independent testing should have flushed this bug out very early.

ballot browser

[mtrachtenberg]

There is a very simple, comparatively low-tech fix for broken elections that involve paper ballots.

As we do in Humboldt County, CA, run all ballots through an off-the-shelf scanner and run an independent count with independent, open source software. Ballot Browser (open source, Python, GPL from me) is available for tweaking and the basics are explained in April's Python Magazine. Or, it's really not that difficult to write your own bubble-reading software.

PuhLease

[wtbname]

Can't these idiots get anything right? This is so freaking easy to fix it boggles the mind.... votes = votes - 5000 ; There. Done.

The real issue

[Subm]

The real issue isn't that the votes were miscounted in South Dakota.

It's that I bought them for South Carolina!