Slashdot Mirror
Maryland Town Tests New Cryptographic Voting System
ceswiedler writes "In Tuesday's election voters in Takoma Park, MD used a new cryptographic voting system designed by David Chaum with researchers from several universities including MIT and the University of Maryland. Voters use a special ink to mark their ballots, which reveals three-digit codes which they can later check against a website to verify their vote was tallied. Additionally, anyone can download election data from a Subversion repository and verify the overall accuracy of the results without seeing the actual choices of any individual voter."
All that really matters after reading TFA:
Chaum says he hasn’t decided on a cost yet for jurisdictions who will license it after the initial adopter but says he can easily sell it for half the cost of current optical-scan voting systems, which run about $6,000 apiece.
Very good stuff. I would just avoid using the word "subversion" when talking about it. You know, because of its double meaning
Maybe I'm missing something, but for this to be truly secure against the problem of being able to see who somebody else voted for, you would have to have a distinct set of three-digit codes for every ballot, or at least such a large number of distinct ballots that no person could practically conspire with a few other people to figure out that XWP in the third field means Hillary Clinton. Wouldn't printing each ballot individually result in a tremendous cost compared with traditional ballot printing? I'm just trying to understand how this could be feasible on a large scale....
Check out my sci-fi/humor trilogy at PatriotsBooks.
It does what many people would have said is impossible: It allows voters to verify that their votes were cast and counted correctly, but does not provide them with any way to prove to anyone who they voted for. An audit trail, without opening the door to coercion. This is a major improvement over traditional voting technologies.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I know the Florida ballot count debacle wasn't all that long ago, but are we that concerned about votes not being counted?
If we were concerned about people's votes not being counted would we be testing a Cryptic New Voting System? ... Oops sorry, Freudian misread.
... obviously it is DRE (700), serial number 34491.
Let's hope that this new system prevents premature revelation of election results...
Firehed - Unfortunately, thanks to medical breakthroughs, common sense is not as common as it once was.
but are we that concerned about votes not being counted?
I was about to write a long reply about how democracy depends on the fact that bla bla bla... and how you cannot trust people, especially what in politics and bla bla bla... but you asked a simple question so I'll give you a simple answer:
Yes.
I am the lawn!
Ok, so this system proves that your vote reached the tally server, but how does it prove that your vote is actually in the total?
I'm serious. Just because your vote wasn't lost, doesn't mean it was counted. This helps guard against grievous mistakes, not against wholesale fraud.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
Quoting TFA
"When polls close, voters can go to the election office website, type in their ballot serial number and see a rendition of a ballot, showing the three-digit codes for their votes. This way voters can be assured that their ballot was included in the final tally."
One would hope there are no web logs kept, because simply checking your ballot would reveal your identity, and someone is sure to wrangle a subpoena for that.
Sig Battery depleted. Reverting to safe mode.
This system assumes three things:
The objection to receipts is that receipts that show voting choices can be used for Vote buying.
If we stick to codes, vote buying is not so easy.
You'd need a crib sheet as well.
But all you know is that your vote entered this machine, not that it was tallied by Deep Thought at election central.
Sig Battery depleted. Reverting to safe mode.
but are we that concerned about votes not being counted?
I was about to write a long reply about how democracy depends on the fact that bla bla bla... and how you cannot trust people, especially what in politics and bla bla bla... but you asked a simple question so I'll give you a simple answer: Yes.
To most people it's only "Yes" if the election doesn't go their way.
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
I'm far more concerned about phantom votes being counted than real votes not being counted.
Both are real issues. There are plenty of examples of ballot boxes getting "lost", so those are real problems. Dead people voting, multiple votes, systematic exclusion of voters (not losing their ballots, but preventing them from voting), all of these things are problems.
This system doesn't solve all of those other problems, but it does solve the problem of votes getting lost, altered or counted incorrectly. And it does it in a mathematically-provable fashion.
See the paper.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Have paper and select who you like, drop into a sealed box.
Election workers keep eyes open. At the end of the day reps of all the people involved stand around in a open room and count.
Takes time, expensive, but hard to fake.
If you cannot make it, postal or an election worker comes to you.
As for digital, open source, simple and all parties can see the unit, code.
On the day you press and its collected at a central point.
Instant and the press love it.
The problem with the above is no room for profit or stuffing.
Your part of the world has to have been so corrupt, at war or new to democracy to get it working.
In the US you are told its so open free and fair and transparent every day.
Is it? Why are AMT sellers making the closed source units? With cable pundits and talking heads screaming at you "they are used in banks, its fine", dont mind the party political rants by the owner.
Enigma, cryptoAG ect all gave perfect service on the day.
In Capitalist West a nice man owns the IP to your vote.
In Soviet Russia a nice gov owns the IP to your vote.
In both parts of the world, you have a right to vote.
As Stalin said "It's not the people who vote that count. It's the people who count the votes."
The end count is the elephant in the room, not just the cute open source, optical-scan $x,000 input device.
Domestic spying is now "Benign Information Gathering"
Not sure I'm reading you properly, but this system allows you to verify your vote was COUNTED, nothing more. You can't show or prove to anyone HOW you voted, just that you did and that your vote is in the tally AS CAST.
This is huge. I've been waiting for chaum's election stuff to actually be used for quite some time now. I'm hugely excited.
so they are saying that my forum captcha and craigslist copy and paste is more secure then the vote verification thing?
Dont Judge The situation by the Misfortunate. Goga.
This is the place they like to call the "Berkeley of the East". It's so liberal it's almost a parody. I think the MD Democratic Party keeps it around as a pure strain in a petri dish so that they can pretend they are also liberal.
It also means that if Takoma Park thinks it's a good idea, everyone else in MD will think it's a joke and ignore it.
"As God is my witness, I thought turkeys could fly." A. Carlson
Not sure I'm reading you properly, but this system allows you to verify your vote was COUNTED, nothing more. You can't show or prove to anyone HOW you voted, just that you did and that your vote is in the tally AS CAST.
Er, unless I'm missing something, it's still possible to prove to someone how you voted. You just need to take a picture of your ballot, showing that the code "JX" is in the bubble next to "John Smith" -- this is pretty easy if you're voting absentee, or if you aren't frisked and metal-detected on your way into the voting booth. When the local thug comes around to verify your vote, you show him the picture and your ballot ID, and then he goes online to make sure that your ballot ID and your "JX" vote are in the system.
Visual IRC: Fast. Powerful. Free.
I have real doubts about allowing voters to check how they voted AFTER they leave the polling place. By allowing a voter a way to verify how he voted you open the door to all sorts of abuses. A voter could sell his vote and the buyer could have a way to check he indeed did vote the way the buyer wanted. Another abuse is employers threatening his employees with firing if he did not vote the way the employer wanted.
The problems might be overcome if the voter would have to visit the election clerks office and prove his identity and was also alone when he viewed the way he voted.
I don't see a single thing in this system that would prevent vote buying. You get a receipt with your choices on it, encoded in some form, yes? You can then go to a website, and enter codes, to see who you voted for, yes? True, only the individual voter (or someone possessing the receipt) can do this.. but that doesn't matter a damn to a vote buyer. Why? Because, as this system's designers seem to have forgotten, the voter is complicit in vote buying. The voter gets money for turning over his receipt and secret knowledge, whatever that may be, to the person who wants a verified vote for his candidate.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Er, unless I'm missing something, it's still possible to prove to someone how you voted. You just need to take a picture of your ballot, showing that the code "JX" is in the bubble next to "John Smith" -- this is pretty easy if you're voting absentee, or if you aren't frisked and metal-detected on your way into the voting booth. When the local thug comes around to verify your vote, you show him the picture and your ballot ID, and then he goes online to make sure that your ballot ID and your "JX" vote are in the system.
I believe there is a fundamental choice here. Either you can
a) have the design flaw be your vote is discovered
or
b) have the design flaw be a stolen election
Either way, I guess we must contend with thugs. Thugs in "a)" system have to go after voters individually and run afoul of numerous laws in front of innumerable witnesses. In the "b)" system, you target a few polling places with few witnesses, possibly none if done over a network.
On another note, I may favor anonymous speech ;), but I have mixed feelings about anonymous exercise of political power. That is what voting is. Our legislatures are not allowed to hide their votes (except for near-unanimous voice votes).
Hear hear!
I believe FPTP is killing our political system by making it a constantly devolving lesser-of-two-evils non-choice.
Getting a well-working computerized voting system is a first step to implementing something more sensible than First Past The Post.
But it doesn't scale, imho. Everybody voting absentee in a district? Red flag.
In the state where I live, 37 of the 39 counties have nothing but absentee voting. You can go to the election office to drop off your ballot, but everyone gets a ballot weeks in advance.
On the other hand, that means we've already conceded the battle against this sort of voter intimidation/bribery. The thug can just watch you fill out the ballot. Hasn't been a problem in practice, though... yet.
Digital camera in the booth too often? (Some people are savvy enough to turn off the sounds, and some people are savvy enough to hide their camera. But most people are not.) Red flag. Game over.
I don't know about your camera, but mine is cleverly hidden inside my cell phone. Doesn't take much savvy to get one of those, and before long, almost everyone will have a 3+ megapixel camera in their pocket -- if we're not there already.
Visual IRC: Fast. Powerful. Free.
It completely misses the point. The point is not that a system is "impossible" to manipulate. The point is that _every_ voter has the ability to check the vote.
Just compare it with the pen and paper based system. Everybody can understand it. You have a box which must be empty when they start voting. And people come in, get a piece of paper each, fill it out in private fold it and throw it into the box. At the same time his name gets crossed out on a list. Now everybody can check this fairly easily.
Now let's look at whatever machine-based system you've got. You've got this machine, either mechanical or electronical. You usually cannot look inside of it. You cannot tell if the levers are labelled correctly or if the firmware is really what it's supposed to be. Even if you have sourcecode that's completely unusable for the 90% of people who cannot read code. Relying on others is not an option as the others could be against you. Just imagine a party forming beeing against computers, which programmer would help them?
Why are you all so worried about voter intimidation?
;) ). And if you can't report them to the cops or election officials and still live unharmed, they and their cop friends could escort you to the voting booth and force you to vote the way they want on whatever fancy system there is. So what's the big deal?
Countries where voter intimidation is a significant problem are normally so screwed that you'd be glad you're actually getting paid to vote however they want, rather than them just announcing the results (before the elections even
The big problem with insecure electronic voting systems is that millions of votes could get tampered with, without a trace. The other big problem is even if there isn't tampering how do you convince the loser and enough of his supporters that he lost fair and square?
At least with this system the losing team can prove to themselves that yes their votes were counted and too bad they really lost, try again next time.
With some crypto voting systems though, the voters could forget or "forget" how they voted and so they may think their votes were tampered with. I don't know whether this could happen with this particular voting system.