Researchers Demo Hardware Attacks Against India's E-Voting Machines

An anonymous reader writes "India, the world's largest democracy, votes entirely on government-made electronic voting machines that authorities claim are 'tamperproof,' 'infallible,' and 'perfect,' but last week security researchers proved that they can be manipulated to steal elections. A team led by Hari Prasad, Professor J. Alex Halderman, and Rop Gonggrijp released an awesome video that shows off hardware hacks they built. These machines are much simpler than e-voting designs used in the US, but as the research paper explains, this makes attacking the hardware even easier. Halderman's students at the University of Michigan took only about a week to build a replacement display board that lies about the vote totals, and the team also built a pocket-sized device that clips onto the memory chips, with the machine powered on, and rewrites the votes. Clippy says, 'It looks like you're trying to rig an election ...'"

Looks like Diebold has some new competition!

[toby]

Oh, sorry, "Premier Election Solutions"...

Re:Looks like Diebold has some new competition!

[human.american]

funny. I think what they've got is superior. further: http://www.youtube.com/watch?v=ZlCOj1dElDY&feature=player_embedded a 'security analysis'/expose' on e-voting. I take the position that paperless is no better than some e-voting and worse than papered voting with follow-up confirmation [by mail, for example] in getting the best estimate of the will of the most stable popular majority. I would like to point out... that just as the 'man behind the curtain,' elections are as honest, or almost as honest, as the transporters, counters, reporters... others [not to include technicians]? Also, the "LOW-tech" seals are better than other methods, relying on both the physical manipulation of material in such a way that passes non-skeptical [casual] scrutiny [by many], as well as requiring "on-location hacks" for each tampered machine. I notice each of the voting machines on this video must be physically manipulated [including breaking visually-obvious, less-than-generic physical seals] as well as physical tamperage. I do note than the procurement of devices used in voting and the knowledge of virus-laded chips making factory lines adds an uncomfortable factor favoring paper to paperless, in this case. I am reminded that the Indian census takes 'head-shots,' thumbprints and [not blood samples], but names of the most reclusive they are able to contact to complete government survey. ...So I will.

Re:Looks like Diebold has some new competition!

[Ihmhi]

You know, the ATM I use nearly every day is made by Diebold.

It's an awesome little ATM. I'm nowhere near rich or even financially secure, and the ability to be able to withdraw money by an exact dollar amount ($6 for breakfast? I can take out exactly six bucks FUCK YEAH) is very appealing. The machine has been down exactly once in the three years I've been using my bank and there has never been any problems with it (save for the time it ate my card while I took to long counting the money - my fault, not the machine's).

This nice little ATM leads me to believe that the only reason the Diebold election systems were so shitty was because they were deliberately designed that way per request or they didn't use whichever competent people engineered their ATMs.

Re:Looks like Diebold has some new competition!

[Eivind]

There's a much simpler reason.

The people ordering ATMs, care a great deal more about their correct and secure operation, than the people ordering voting-machines.

Re:Looks like Diebold has some new competition!

[NickFortune]

The people ordering ATMs, care a great deal more about their correct and secure operation, than the people ordering voting-machines.

Maybe.

Or maybe they just notice quicker when they get cheated on a daily basis than when it happens once every four years. The fact that the user can verify the ATM transaction probably speeds awareness, as well.

I think ignorance is more plausible than apathy in this case.

Re:Looks like Diebold has some new competition!

[digitig]

Well, if the Diebold systems are alleged to be built by Republicans to be rigged for a Republican win, we have to go for your "wrong engineers" theory because they didn't work last time!

Re:Looks like Diebold has some new competition!

[Hognoxious]

// to do: insert joke about outsourcing here.

Re:Looks like Diebold has some new competition!

[Eivind]

Yeah. That too. They care, AND they notice.

The ATM is supposed to withdraw money from your account, and dispense cash, and ideally do the same amount of both.

If it withdraws -more- from the account than it dispenses, odds are plenty of account-holders will notice in quick order (not everyone checks, but ENOUGH people do), whereas if it does the oposite, odds are the bank will notice real quickly. (plenty of those who get too much cash from the ATM will talk about it too)

I'm not convinced politicians universally care about voting, other than perhaps if they think they're likely to be cheated AGAINST. But neither do they typically notice, and that makes it worse, sure.

Re:Looks like Diebold has some new competition!

[paulq11]

So - ATM machines are well proven, reliable, ubiquitous, and they provide a printed receipt. Lets use them for voting. Everyone gets an account balance of 1 vote.

Re:Looks like Diebold has some new competition!

India have a billions people.
The only way to win the election by this method is to tamper with millions of voting machines.
I think it is easier and cheaper for the candidate to buy votes.

Re:Looks like Diebold has some new competition!

[Ihmhi]

That would be both awesome and hilarious.

[Democrat]

*beep*

INSUFFICIENT FUNDS

PLEASE VOTE AGAIN

A real hacker...

[smallfries]

...would register a one-issue party against the use of insecure voting machines. Then win the election. Then fix the problem.

Re:A real hacker...

[siloko]

Yep I guess that's true. But a real 'internet' hacker, with inbuilt faux machismo, would also ferret out anyone who says the voting machines are are 'tamperproof,' 'infallible,' and 'perfect,' and give them a slap. And then another one.

Re:A real hacker...

[Grim+Leaper]

Your ideas are intriguing to me and I wish to subscribe to your newsletter.

Secure e-voting

Whilst technically possible, I can't see a secure e-voting system ever being created.

Still, the current crop seem beyond incompetent. I've seen better security in gaming anti-cheat technology.

Re:Secure e-voting

[MichaelSmith]

Or even poker machines. Every machine runs from a PROM. Authorities keep a table of validated PROM image checksums. Operators of the machines have to let inspectors validate the checksums on demand, and if it doesn't match then your gaming license gets revoked and the place closes down.

Now thats no too hard, is it? Validate a small number of images, then make damn sure they don't get changed. Encourage simple, embedded systems as opposed to big operating systems with 30 million lines of code.

Re:Secure e-voting

[Thanshin]

Operators of the machines have to let inspectors validate the checksums on demand, and if it doesn't match then your gaming license gets revoked and the place closes down.

And how to you suggest to apply that system on an election environment? If the checksum doesn't match, you remove all votes from the voters who used that particular machine? You repeat the elections until no machine was tampered with?

Re:Secure e-voting

[MichaelSmith]

Operators of the machines have to let inspectors validate the checksums on demand, and if it doesn't match then your gaming license gets revoked and the place closes down.

And how to you suggest to apply that system on an election environment? If the checksum doesn't match, you remove all votes from the voters who used that particular machine? You repeat the elections until no machine was tampered with?

Yes, sounds about right.

Re:Secure e-voting

[Thanshin]

And how to you suggest to apply that system on an election environment? If the checksum doesn't match, you remove all votes from the voters who used that particular machine? You repeat the elections until no machine was tampered with?

Yes, sounds about right.

Nice system. So once my party governs I can simply block any further election to ever finish, just by touching a single machine.

Re:Secure e-voting

[jonbryce]

Much simpler system. Voting machine prints out a ballot paper that goes into the ballot box. Select a random sample of ballot boxes and check the contents to what the computer says.

Re:Secure e-voting

You simply implement the exact same procedures for dealing with a ballot box that had been tampered with. I do not see what the difficulty is here except a general naive requirement that if a voting system is not utterly perfect it should not be used at all.

Re:Secure e-voting

[UnHolier+than+ever]

No, if the checksum doesn't match you cancel the election, run it again with paper ballots and charge all the costs of doing so to the company that was responsible for the security of the machines, suing them into bankruptcy.

Re:Secure e-voting

[Thanshin]

You simply implement the exact same procedures for dealing with a ballot box that had been tampered with. I do not see what the difficulty is here

1 - They don't have to let you spend some time alone with the box as part of the voting process.
2 - It's harder to tamper with the box in a way that makes it impossible to detect until after the elections are over.

Re:Secure e-voting

[vegiVamp]

Don't sue them, silly. Just put in in the terms of the contract and see who still dares to offer voting machines.

Re:Secure e-voting

[c-reus]

What about the Estonian e-voting system? Can you point out any insecure parts in that system?

Some of the more common scenarios (man in the middle, vote buying and a few others) are addressed in chapter 4.6 of an analysis of e-voting security(warning: large PDF file).

Re:Secure e-voting

[AlecC]

And how to you suggest to apply that system on an election environment? If the checksum doesn't match, you remove all votes from the voters who used that particular machine? You repeat the elections until no machine was tampered with?

That, basically, is what what you do if you discover fraud in a paper based election. Repeat the election until the level of fraud is below the winner's margin. Repeat elections have happened. If the fraudsters are convinced enough that tampering will be discovered and the election re-run, they don't bother to try. But you have to make it clear that you /will/ re-run fraudulent polls, whether the fraud is electronic, paper, or voter intimidation.

Re:Secure e-voting

[nameer]

If the machine was tampered with, then you disregard the electronic count from that machine and do a hand count of the voter-verified paper ballots. You did print a voter verified paper ballot right?

Re:Secure e-voting

[fgouget]

Nice system. So once my party governs I can simply block any further election to ever finish, just by touching a single machine.

Even better, tamper with a machine, accuse your main competitor of it thus causing a huge public outcry against them, rerun the election and win by a landslide.

The moral of the story is: you cannot rerun an election without modifying its result.

Re:Secure e-voting

[Dilaudid]

Why are there so many stories on slashdot about how awful e-Voting is? Is there a large part of the slashdot audience that seeks a return to pencil and paper solutions, instead of this new-fangled transistorisation? I think your idea makes perfect sense, the situation where a PROM is touched is the same situation as where a ballot box has been broken open.

Re:Secure e-voting

[UnHolier+than+ever]

Sorry, I meant "enforce your contract". However, I am certain you will have to sue one or two to force them to actually respect the contract before they start taking the clause seriously.

Re:Secure e-voting

[rtfa-troll]

The whole Estonian system is based on having secure systems connected to the internet. It's possible to do a mass attack on the voters systems and/or servers on the day of the attack. The study you give simply ignores this possibility by "assuming" that the chance of an attack is low. However, it bases this assumption on total falacies. If you assume that your enemy is well funded (likely in the Estonian case; it may well be the Russian government) then they have a zero day exploit ready to go just before the election. They can then either manipulate the individual voters systems during election period so that when the voters select one candidate in fact the attacker's candidate is selected. This corrupted vote looks identical to a normal one and so is counted as such. It's possible they get caught, but they can minimise that risk (e.g. by only attacking PCs in real voter areas, reducing the risk of attacking a security expert's PC). Anyway, if they do get caught cheating, it's likely they don't actually get caught physically. They can just try again next time in a cleverer way.

To be frank, a scary read.

Re:Secure e-voting

[sznupi]

More than security is at stake here. Transparency also matters. With paper voting many citizens are perfectly able to go to the polling station and observe (and grasp!) the whole voting process and counting votes; generally check that everything happens according to the procedure. Have such people in every polling station and you can independently confirm the result of elections.
It builds confidence in the results.

There's no transparency with electronic voting. None. Even you are "IT pro" and go to see what happens...well, on /. it's not necessary to explain that you will see almost nothing of the procedure. Now imagine average folks.
In this case, you have inherent distrust in the results.

Re:Secure e-voting

[ProfMobius]

Why are there so many stories on slashdot about how awful e-Voting is? Is there a large part of the slashdot audience that seeks a return to pencil and paper solutions, instead of this new-fangled transistorisation? I think your idea makes perfect sense, the situation where a PROM is touched is the same situation as where a ballot box has been broken open.

I don't really get if you are complaining or agreeing...

Thing is, there are many differences between a ballot box and a e-voting system.

In the case of the ballot box, you need to tamper with it after the election, when it is best garded. Each ballot box only contain a limited number of votes, and you need to prepare a large amount of false ballots before hand.

In the case of the e-voting system, you can tamper with it before the election and make 'invisible' tampering (ROM flashing, replacing the display with hidden chips, etc). Once you got access to the machine once, you are good to change many elections. Also, the machine can contain more votes than a ballot box.

In my opinion, this is not a question of how hard it is to tamper with something, but the scale of the changes you can produce. Paper ballots only allow for small changes, while evoting allows for large scale changes

Re:Secure e-voting

[grumbel]

Can you point out any insecure parts in that system?

Only haven given it a quick look: It sounds like they have given up on anonymity, thus every vote can be traced back to the voter.

Re:Secure e-voting

[TheRaven64]

A lot of us don't see a problem with pencil and paper voting (for me it wouldn't be a return - it's what we do already). A democratic state has to be accountable to the electorate, by definition. That means elections have to be low tech, because if they are not then you reduce the number of the electorate who are capable of auditing the process. How many people are capable of verifying that a voting machine is correct? I only know a couple of people I'd trust to formally verify the software, and no one I'd trust to verify the hardware. On the other hand, I know a lot of people, myself included, who are capable of watching folded voting papers being put into a box and of checking that they are counted correctly. I could do it myself, and any candidate - even the ones that only get a few votes - can easily find a supporter who is able and willing to do so.

Re:Secure e-voting

[grizdog]

And how to you suggest to apply that system on an election environment? If the checksum doesn't match, you remove all votes from the voters who used that particular machine? You repeat the elections until no machine was tampered with?

Yes, sounds about right.

Nice system. So once my party governs I can simply block any further election to ever finish, just by touching a single machine.

Hell, once your party governs you can find all sorts of ways, some sophisticated, some not, of staying in power.

Re:Secure e-voting

[jimthehorsegod]

As is the case in the UK. I don't know about any other places, naturally, but certainly here one could trace any vote back to the person who cast it

Re:Secure e-voting

[Imrik]

It's because this is one case where the pencil and paper solution is preferable. Just because it uses new technology doesn't make it better.

Re:Secure e-voting

As a poster above pointed out, you need to put "paper and pencil is better" in the context of India, where an election is an undertaking on a massive scale and quite simply, rigging a paper and pencil election would likely be easier than rigging the electronic one.

What fits for India, doesn't necessarily fit for other countries, and vice-versa.

Re:Secure e-voting

[Dilaudid]

Ok that deserves mod interesting/informative. I always need to be reminded to KISS. I guess the difference with poker machines is that the cost of a tweaked machine is (max) a few million dollars. If the government tweaks the voting machines we lose control of government.

Re:Secure e-voting

[MichaelSmith]

Why are there so many stories on slashdot about how awful e-Voting is? Is there a large part of the slashdot audience that seeks a return to pencil and paper solutions, instead of this new-fangled transistorisation? I think your idea makes perfect sense, the situation where a PROM is touched is the same situation as where a ballot box has been broken open.

Perhaps because we know that the average application designer does a really crap job, and we don't want our votes exposed to it. Where I work they would email a spreadsheet around for everybody to fill in their vote.

Security

[Thanshin]

Any security professional, IT or otherwise, who ever says "impossible to break" in any of its forms, should be directly fired.

No discussion. No explanations. You blabber idiocies about your supposed area of expertise, you're fired.

Re:Security

I doubt any IT professional would say that. Usually politicians and managers are the ones responsible for this kind of nonsense because they have no clue or just want to sell their product.

Politicians are generally untouchable, no matter what they say or how bad they screw up. And managers make sure the contract contains some fineprint along the lines of "we guarantee nothing" and "not really impossible to break".

So yea, nothing you can do about it.

Re:Security

Australia is about to install an infallible content filter. The Minister responsible is not going to be fired.

Have access to hardware = all bets off. But seriously, things like seals and stickers, and trusted people that inspect the seals before and after make it a lot harder than low tech solutions - like getting the printer to print a few million extra voting forms.

Re:Security

[MichaelSmith]

Australia is about to install an infallible content filter.

I doubt it, the way things are going for the Government right now.

Re:Security

[Thanshin]

seals and stickers, and trusted people that inspect the seals before and after make it a lot harder than low tech solutions - like getting the printer to print a few million extra voting forms.

Are you suggesting that the machine can't be hacked as long as they use seals and stickers? That it's impossible to devise a way of touching a machine's hardware as long as it's protected by seals and stickers?

Or maybe you're saying that that method of tampering with the machine, that we don't even know of, will be more complex to implement than replacing the paper votes inside a closed box with new ones.

Re:Security

[jimicus]

Not strictly true. There is such a thing as a 100% secure computer system.

Of course you have to grind it to dust, embed that dust in concrete then throw the concrete off a ship somewhere over the Marianas Trench, by which time it's not a terribly useful computer. But I bet you anything you like you couldn't hack it.

Re:Security

[hairyfeet]

You know, maybe I'm missing something, but I thought the E-Voting machines I used in the last election was just about as good as you could get. It was fast, simple, and at least from this old greybeard's thinking got rid of the paper ballot problems without adding new ones. Now don't ask me who made them because I never thought to look, but here is how it worked-

You got in line, stepped up and they checked you against the role, and here is what I thought was a nice touch, if anyone showed up that was in the wrong district they did NOT have to go play "hunt the polling place" because an election official would simply pull them aside for a few minutes while he got on a cell phone and have them changed over for this one election. I saw it happen twice and the wait was less than five minutes for the one in the wrong place.

Then you walked up to the machine, which was just a large flat screen with a pair of sides to keep those on either side from looking at your votes, and began to choose. Each choice after you were given a screen asking if this is what your choice was to make sure you didn't hit a button by mistake, was printed on a flat paper ballot that would scroll in this glass partition next to the screen where you could easily see it. After you hit the final confirm the booth would finalize the printout and make a noise so that the election volunteer could collect both the paper and electronic ballot. You were handed the ballot to look it over and give a final confirmation, and then the cartridge with the electronic vote was placed on the table with the officials while the paper ballot was placed in the voting box held by the same.

According to the official I talked to the electronic vote was used for those early election results the media likes, while the computer printed ballot (so no hanging chad crap) was brought to election headquarters by election officials made up of the three major parties (D,R, and Green) and while they watched the ballots would be fed into a machine which counted and showed the results right there on the screen. Any contested votes could be done quickly and easily, and since it had both the human readable vote choices and the computer readable printout checks to see if they matched could be easily done.

Now maybe I'm missing something, but it seemed like a pretty damned close to perfect system to me. The large screen with confirmations made it so even the old and those with sight problems (which BTW they had a separate machine away from the others where a volunteer would read the choices to you if you couldn't see or were disabled and couldn't reach. Nice touch) while having the computer print the ballot in both human readable and machine code got rid of human error without ending up a "black box" with no way for the user to check. Considering we went from the old punch machines with 1 hour plus waits to less than 5 minutes from parking to walking out the door I'd say it was a success. All in all a totally pleasant voting experience that took away the doubts and hassles the old punch machines always gave me.

Re:Security

[MobyDisk]

So how was this better than if they had just given you the paper and had you draw the arrows yourself? Sounds to me like the best thing about this system was the sheet of paper. Remove the computer, and it would be even better.

Re:Security

A one-time pad is impossible to break if both the pads* have been destroyed. There I said it... luckily I don't work in the field :-)

*= and any copies

Re:Security

We're going around in circles here. The whole point of the computer voting is that humans can't reliable mark paper ballots. If you have to put an arrow pointing to the party you vote for, some people will put the arrow between parties. If you eliminate that problem by using punched cards, you have hanging chads to worry about. The problem of imperfect human voters can be solved a couple different ways. One is to change the law that says everybody's vote counts to say that only people who can perfectly fill out the ballot get their vote counted. Since changing that law would be political suicide, it's much easier to just use computers to make every ballot get filled out perfectly.

dom

Re:Security

[hairyfeet]

Because people fuck up? Their hands can shake, they can have trouble seeing the little circles to fill out, their hands can slip, all manner of fuck ups can happen when a human has to fill out a little piece of paper with time pressure added to the top.

With this design the person makes their choice on a large screen, with easy to read categories, and gets an "are you sure this is what you want?" (which you don't have with paper) before committing to the sheet. The sheet has BOTH human readable and machine code so it can be scanned quickly and if there is any doubt can be recounted by hand.

After the whole election 2000 fiasco, it should be obvious to anyone that trusting a human to make a perfect circle in a tiny box, something they only have a chance to do once every 4 years and no practice in between, is a bad idea. And of course just having an E-Vote leaves the possibility of E-Tampering. This gives you the best of both worlds, a paper record of the vote, with no hanging chads, no "voter intentions" or any of that other crap. The way I see it, short of making everyone sign their name and address on their voting slips so an election official can call and go "WTF were you trying to vote for?" in the case of a contested election, this seemed to be the most foolproof.

Re:Security

[fgouget]

Because people fuck up? Their hands can shake, they can have trouble seeing the little circles to fill out, their hands can slip, all manner of fuck ups can happen when a human has to fill out a little piece of paper with time pressure added to the top.

They could get another ballot and try again. Or you could have people only vote on one issue at a time so all they have to do is fold a pre-printed piece of paper.

With this design the person makes their choice on a large screen, with easy to read categories, and gets an "are you sure this is what you want?" (which you don't have with paper)

Unfortunately 60% of voters don't notice if you change their vote on this confirmation screen! So it seems there's not much point.

The sheet has BOTH human readable and machine code so it can be scanned quickly and if there is any doubt can be recounted by hand.

Who will want to manually recount the ballots when the result is known already (except for the sore loser and conspiracy nuts who claim otherwise).

After the whole election 2000 fiasco, it should be obvious to anyone that trusting a human to make a perfect circle in a tiny box, something they only have a chance to do once every 4 years and no practice in between, is a bad idea.

Maybe they should train by voting every year instead of skipping three elections out of four.

Re:Security

Perhaps you missed the detail about computerized tabulation being much faster?

Re:Security

[fgouget]

Perhaps you missed the detail about computerized tabulation being much faster?

So? I too can give election results within minutes of the election close with my eight ball. But for democracy's sake I think it's more important that the people be able to participate in and oversee the counting process and convince themselves that there has been no cheating. It's even one of the defining elements of democratic elections: it's called transparency.

Re:Security

[fgouget]

The problems:

• 60% of the voters don't notice if their vote is modified on the confirmation screen. I'm not sure they'll do any better with the printed ballot.
• The above means hacking the voting computers at the polling station is pretty much sufficient to hack the whole election (since the machines cannot be wrong the 5% of voters who complain their printed ballot is wrong must be dumbasses who don't know what they type, this gives an 8% margin to hackers).
• Barring that, your only hope of detecting fraud is that hackers (mainly town and manufacturer employees) did not have access to both systems and thus that the two computers give different results.
• The result given at the polling station is given by a computer and and the counting of the ballots is done by another computer. There is a good chance they are from the same manufacturer (if you make the razor you also sell the blades, single contract for the town, no blaming it on the other manufacturer when the scanners cannot read the printed ballots). This all boils down to no real redundancy and simplifies hacking both systems.
• Nobody counted the ballots by hand and as long as the results from the two machines agree there's no way you will get anyone to spend time to recount even a sample by hand.
• The wait time is not related to whether you have machines or not but to the number of voters per voting booth.

Re:Security

[MobyDisk]

The whole point of the computer voting is that humans can't reliable mark paper ballots. If you have to put an arrow pointing to the party you vote for, some people will put the arrow between parties.

[citation required]

You are right that we are going in circles. But I think this premise is wrong. People have been voting with lines and arrows for centuries, and it really hasn't been a problem. Florida had a problem with hanging chads and all of a sudden all people know is that "all paper ballots have flaws" and the rest goes out the window.

The system of drawing arrows is nearly foolproof. We are replacing with something more complex, more expensive, and inferior -- for all the wrong reasons.

Re:Security

[MobyDisk]

I specifically said arrows because the circle system is dumb. The arrows system is mostly foolproof - far more so than the computer system.

After the whole election 2000 fiasco

The 2000 election was a fiasco because of electronic voting machines. You should point to 2000 as a reason NOT to use electronic voting, not a reason in favor of it.

Re:Security

[MobyDisk]

The paper ballots did use computerized tabulation. Besides - speed has never been a problem - security and reliability are.

Re:Security

"You were handed the ballot to look it over and give a final confirmation, and then the cartridge with the electronic vote was placed on the table with the officials while the paper ballot was placed in the voting box held by the same." ... and just how is it that you were able to confirm that the vote recorded in the cartridge was the same as that shown on the paper ballot?

Ultimate accountability

[SmallFurryCreature]

Maybe it is time for a new law: You cheat, you die.

Imagine that a party leader becomes responsible for the actions of the members of his party. Some lowly member cheats, the leader gets a bullet in the head.

Open for abuse to be sure but all our leaders claim we should trust the system so surely they trust it?

It would motivate leaders to motivate their followers not to break the rules. Right now the system does exactly the reverse. As long as the leader isn't proven to have given the direct order in writing, he benefits. Everyone knows Bush cheated, yet he ruled unchallenged for 8 years. So cheating works right? Hard to argue this when the evidence is so clear.

We have come to take democracy for granted, but the recent problems in the UK have shown that such a basic thing as voting is not so simple after all. It is a complex process and without it working flawlessly, our entire system looses its validation. If you wanted to vote, went to vote but weren't allowed to, then how can you then be asked to support the government you didn't vote for?

How can you ask a soldier to die for a leader whose election process he didn't take part in? The entire basis of democracy is your loyalty in exchange for a say. Your money and your life for a vote. We are the subjects of an elected government and must follow its rules because we elected them, yes even if you didn't vote for them. That is the deal. Cheating breaks that deal.

It is hard to argue that people shouldn't go for a nasty dictator type, when the democracy isn't letting them have their say either. If you are not being listened to, you might as well have someone competent in charge instead of the monkey that cheated in a popularity contest.

So lets stick with paper and enforce extreme and rigid rules about how those papers and handled and counted and put severe penalties on anyone who messed with it. And before you say that death is far so serious. Treason still carries a death sentence in many nations, and cheating in elections is treason against nation as a whole.

Re:Ultimate accountability

[teachmetech]

I completely agree with your point.

Re:Ultimate accountability

[thijsh]

You promote the death penalty in a situation where it is even more despicable then usual, especially since anyone can see the clear option to cheat by getting your opponent eliminated. Each election has some irregularities (and I assume most are not sanctioned by the candidates themselves) so it would be far too easy to cheat for the other guy while collecting 'evidence'.

Please understand that I think the undermining of the democratic process is a crime which should carry a special sentence, but more along the lines that you can't run for office for X years (like any felon I believe). But the problem is always the same: the cheater won and is now in charge.

I think the only way to guarantee a cheater free process is by completely making every step of the process transparent. Coincidentally it's the technology currently used to cheat that can be put to use to prevent it. The only problem is there is always one or more black-box-systems between the voter and the results, so there is no way to guarantee it unless we remove every black-box step. Here is my solution to make the process as open as possible:
- Generate a unique key per voter and store on a single offline drive.
- Print voter registration cards with each key used once (we know every voter can vote exactly once).
- Generate a strong encryption certificate that is only valid around election day for HTTPS use.
- Voters can choose to vote at home (but they need a separate online ID) or at a registered voting location (and show their ID), but the process is the same.
- To vote at home you can use the supplied voting live-CD or use your own (it's recommended instead of your default OS), or use the kiosks supplied at voting locations.
- The voting consists of going to the voting website, verifying the origin of the site and after that select a candidate and enter the key to store the vote.
- These votes are stored on the same 'offline' drive that is currently online only with a serial cable connected to the webserver.
- The drive containing the votes as well as the server(s) that serves the website are on public display and the code is all opened to public scrutiny.
- The server should be behind a firewall that specifically looks for any and all attacks (it should be fairly easy if you tightly define only the packets that may get trough), if there is any reason to doubt the results because of a possible breach we will know.
- The results as well as the timeline of the votes is made public from the start, when the voting closes the results are known *immediately*.

Before talking about how insecure the web is please note that this problem is known and well understood, so we have know what to harden the system against attacks... The current voting solutions are much worse in my opinion since there are attack vectors too, but we do not know how many and how bad, and even worse: we have no idea how often these are already exploited. But we do know for a fact that paper elections have been rigged (despite the rules), electronic voting machines have been tampered with and even something as simple as denying people the right to vote (sending people away who stand in line for hours). These non-tech exploits are used regularly and should not be forgotten... I'd say a web-voting is the lesser of two possible evils. Especially since the technical requirements of such a system are known. If fucking soda companies can print unique codes on the inside of the bottles and phone operators use codes for prepaid cards i'd say we should be able to make it work for something important.

I posit that for every argument against such a system slashdot's finest geeks will come up with a solution...

Re:Ultimate accountability

[HungryHobo]

I agree, vote rigging should be treated as seriously as a crime can be.
I'd add to that- politicians taking bribes should attract similar penalties.

Re:Ultimate accountability

[a destrucive critisism] IMO, game theory suggests a minority contingent of bottom-rung cheaters would be immune to prosecution once the 'leader' has been 'dispatched' to the satisfaction of the public and would, therefore corrupt whenever possible.

Re:Ultimate accountability

[AlecC]

Maybe it is time for a new law: You cheat, you die.

Imagine that a party leader becomes responsible for the actions of the members of his party. Some lowly member cheats, the leader gets a bullet in the head.

I join your party under a false name, cheat blatantly and run like hell (hopefully before the cheating is detected). Your leader gets a bullet in the head.

India has a population over a billion. The major parties will have hundreds of thousands of low-level workers. Do you seriously expect any human organisation to keep a hundred thousand people whiter than white?

Put it another way - has any policeman been convicted of corruption in your city? Remember, policemen are selected, trained at length, and continuously supervised. And yet bent coppers still turn up, at a rate of probably a few per thousand. Expecting a hundred thousand election workers to be honest is ridiculous.

Re:Ultimate accountability

[thijsh]

With great power comes great responsibility, and with great responsibility comes great punishment if you (willingly) fuck up.

This is as it should be, the problem is today most politicians just use their power for their own gains, do not accept any responsibility, and sure as hell are never punished... I do not advocate punishing politicians for mistakes otherwise you would never become a politician anymore, but I would like to see strict rules regarding corruption and that anyone ever caught betraying the people's trust and can never be trusted with any kind of power again... In my opinion this could even extend to the corporate world, since corrupt politicians seem to be able to find a spot in power there as soon as they exit politics (probably part of the payoff of being corrupt).

Re:Ultimate accountability

Slashdot finest responding: Your plan will fail because you fail to account for politicians and lawyers. If there is any technical chance this will ever work we will only hear the exact opposite with some sprinkles of fear-mongering about the interwebs and probably terrorists and pedophiles. Won't someone please think of the children!

Re:Ultimate accountability

[houghi]

I like that unique ID per voter. It can then later be used to, uh, question these people about their choice. Voting from the PC is even better as our, uh, advisors can see that you make no mistakes. You don't have anything to hide, now do you? Also we will be providing the software for the voting.

Voting fraud is a social problem where people are looking for a technical solution. Pen. Paper. Problem solved. 100%? No, but a LOT cheaper and a LOT more secure. Not one point of failure, but so many that cheating is extremely much harder.

Re:Ultimate accountability

[Viski]

There's (at least) one problem in home voting: How do you make sure that the voter won't be pressured or bought when voting? Of course, in traditional systems there may be some pressure on the voter, but she will always be alone when casting the vote - no one can verify whether she cast the vote as agreed. In the Estonian model this is taken care of by allowing the voter to cast multiple votes, the latest of which will stand. She has also an option to cast a paper vote during preliminary voting period, which will negate the votes cast via Internet. It's not a perfect solution, but a solution nevertheless.

Re:Ultimate accountability

[ArsenneLupin]

Before talking about how insecure the web is ...

The problems with "voting at home" (or "at work") do have nothing to do with the lack of security of the web, but more with the lack of guaranteed privacy.

If you allow voting from work, who guarantees that the manager is not standing behind his employees, making sure that they vote the "right way". Or, at home, that the spouse isn't making similar enforcement. Or at the pub, that a buddy isn't promising a beer in exchange for the "good" vote...

As long as you allow voting away from designated polling stations, you can exclude neither voting under duress nor vote selling.

Re:Ultimate accountability

[thijsh]

It's a good solution, that's exactly why you should always be able to vote in a booth... But do you really think there aren't millions of voters that vote what someone told them to vote already? I think when people can vote where they want they can specifically avoid pressure from shady individuals. A re-vote is an interesting solution since it could both be used to increase and decrease security, I wonder how it worked out for the Estonians (they had a couple hundres re-votes, but why?).

Re:Ultimate accountability

Then someone will make malware that sits, MITM style, on the person's computer, switching the ballot to the desired candidate. If the voter doesn't know that he's voted incorrectly, he won't know that he'll have to invalidate his vote later. As you say, not a perfect solution. Just about the only way to fix that would be to use a security token with a keypad (input number of candidate), but even this could be tricked if the zombie switches the candidate numbers around.

Re:Ultimate accountability

[drinkypoo]

Maybe it is time for a new law: You cheat, you die.

They do that kind of thing in China. Note that they keep doing it, because it doesn't work. There's always those who think they won't be caught.

How can you ask a soldier to die for a leader whose election process he didn't take part in?

And yet, they keep signing up. One way is to put them in a position where they will go to prison when they turn 18 if they don't enlist, they've had great success with that strategy among minorities.

And before you say that death is far so serious. Treason still carries a death sentence in many nations, and cheating in elections is treason against nation as a whole.

Anyone who advocates the death penalty is probably scum. And anyone who advocates the death penalty for anything but murder is obviously scum.

Re:Ultimate accountability

[thijsh]

People seem to associate unique with traceability, but this is not necessarily the case... There are plenty of techniques to create a one-time code that isn't linked to you personally and can't be traced back (aside from ISPs timing site queries and comparing to vote cast times, but even scenario's like that can be prevented as long as you account for it). You have made a valid point so this should be accounted for, as any possible problem with the system. But you can't honestly tell me you're so paranoid about this that you now vote with gloves on because they might trace the fingerprints on the ballot?

Perhaps you could even publish a list of all the one time keys and the associated votes, this way you can double check your vote was counted while remaining anonymous. Only problem there is the unique key needs to be disposed for you to remain anonymous... but I guess you could instruct people to do so after casting their vote (if they wish to remain anonymous). But then you could also use this system the other way around, you could keep the unique key in a safe to prove later on that you did not vote for the 'wrong' guy. If you are ever accused of voting for a nazi party you can disprove it with hard evidence. You have to remember that people are paranoid about different things, for some it is terrible if people find out what they voted, for others it would be terrible to be accused of having voted bad... I say fuck both these paranoid attitudes since in a perfect world you could say what you vote and it would not matter, but people should always be able to remain anonymous to safeguard democratic principles... but anonymity could also be a personal choice.

Re:Ultimate accountability

[thijsh]

What stops people from selling their vote and going to the polling booth to vote? And how do you think it's a good idea to just have a few points where people go to vote, it makes it *very* easy for people to disrupt, influence or plainly destroy votes there. Someone in this thread already pointed out practices like this: http://en.wikipedia.org/wiki/Booth_capturing. To my knowledge polling stations are responsible for all irregularities with voting up until now and most of these irregularities can be prevented with proper implemented transparent e-voting. There are only a few issues that remain, but these are issues that also affect polling stations so I discard your objections because you can equally state that:

As long as you allow voting only at designated polling stations, you can exclude neither voting under duress nor vote selling.
I think this latter statement applies even more, but that might be because all of the fraud and irregularities up till now have happened in this fashion.

Re:Ultimate accountability

[fgouget]

Here is my solution to make the process as open as possible:
[...]
- To vote at home you can use the supplied voting live-CD or use your own (it's recommended instead of your default OS), or use the kiosks supplied at voting locations.

Make it possible to vote at home and a lot of people will be coerced to vote a certain way by their spouse / parent (or you're out of this house) / children (elderly people). Make it possible to vote from any computer and companies will nicely provide computers for you, will even help you. You would be free vote the way you wanted and they would not even put you on top of the list for the next round our layoffs if you voted wrong. Vote at the kiosk against the wishes of the above parties and be assured they will be very understanding of your reservations and will surely not take any action against you.

- The voting consists of going to the voting website, verifying the origin of the site and after that select a candidate and enter the key to store the vote.

So you send your vote and the unique id the government gave you back to the government. But your vote is still anonymous because the government would never stoop so low as to match your voting key with your identity, right? And anyway if they say it cannot be done it must be true, right?

- These votes are stored on the same 'offline' drive that is currently online only with a serial cable connected to the webserver.

Who cares whether it's a serial cable or a SCSI / IDE / SATA / USB one. All that matters is: can the online server write to the disk or not? If it can, then it can mess with all its content, that's all. And if it can't... well, how do you, the average joe, know it cannot in the first place? Did you check that drive / cable in person or did you just trust some government official?

- The drive containing the votes as well as the server(s) that serves the website are on public display and the code is all opened to public scrutiny.

And the code which is on public display is the same one that's running on the server, right? You know because you compiled and installed it yourself (and so did the other 100 million plus voters).

- The server should be behind a firewall that specifically looks for any and all attacks (it should be fairly easy if you tightly define only the packets that may get trough), if there is any reason to doubt the results because of a possible breach we will know.

It's almost as simple as making sure a login procedure is secure. And login procedures have never had any security issue... well, not very often anyway.

- The results as well as the timeline of the votes is made public from the start, when the voting closes the results are known *immediately*.

So the server shows you whatever it wants you to believe the votes are in real time. So what? Besides that, do you propose to show partial results during election day? Are you sure that's a good idea? You do know that's a radical departure from current practice, right?

Before talking about how insecure the web is please note that this problem is known and well understood, so we have know what to harden the system against attacks...

What you missed totally is that the server is set up by the government and thus cannot be trusted. If you really trusted the government you would not hold elections. You would just write into law that at the end of his mandate the head of state must designate his heir^H^H^H^Hsuccessor based on the people's will.

The current voting solutions are much worse in my opinion since there are attack vectors too,

Your proposal did not eliminate any attack vector. You just added at least half a dozen even more serious vectors!

But we do know for a fact that paper elections have been rigged (desp

Re:Ultimate accountability

[thijsh]

One word you missed: live-CD

Re:Ultimate accountability

[Firethorn]

But do you really think there aren't millions of voters that vote what someone told them to vote already?

I think the point is that while you can bribe voters all you like, they're still untrusted. Heck, bribery is less of a concern than blackmail/threats. With unverified voting, if you bribe me with $100, while I'm pretty likely to vote your way, I can still vote for the other party(How are you going to make that $100 back?). On the other hand, you can't really say 'If you don't vote for X you're fired/finding a new apartment/being beaten bloody/etc...'

Re:Ultimate accountability

[fgouget]

There are plenty of techniques to create a one-time code that isn't linked to you personally and can't be traced back

Except all the proposals I have seen call for the unique key being generated by the government (and generally snail mailed to you). So you have no proof that such techniques have been used by the government.

But you can't honestly tell me you're so paranoid about this that you now vote with gloves on because they might trace the fingerprints on the ballot?

I don't wear gloves because I help count the votes so my fingerprints are on all the ballots!

All jokes aside, they don't know which ballot is yours. So they would have to scan the fingerprints on a substantial percentage of the ballots to find out and they would have a hard time doing that in secret. In contrast installing a small 'security' patch that records either the votes or matches the unique keys with your identity would be pretty easy. Much easier than bugging the phone of Greece's prime minister along with those of a hundred other high ranking officials for months without getting caught for instance.

Only problem there is the unique key needs to be disposed for you to remain anonymous... but I guess you could instruct people to do so after casting their vote (if they wish to remain anonymous).

Forcing the voters to take action for their vote to remain anonymous is equivalent to making their votes public. If they erased the proof that they voted right, then they will get get their knees broken all the same. Note that this is not just a theoretical issue, it has real world effects on votes as proven by Chile's switch to secret ballots in 1958.

Re:Ultimate accountability

I like your system. It also makes it much easier for me to run my machine politics - my people just set up our own voting booths, and people come in to do the web voting. Paying people for their votes has never been so convenient. Of course, old ladies, dead people and others in similar circumstances can vote from home, we'll come to their door with a laptop to make sure they get equal representation.

Sincerely, Richard J. Daley

Re:Ultimate accountability

[ArsenneLupin]

What stops people from selling their vote and going to the polling booth to vote?

Easy: the buyer has no way of verifying that the seller did indeed vote how he promised to vote.

it makes it *very* easy for people to disrupt, influence or plainly destroy votes there. Someone in this thread already pointed out practices like this: http://en.wikipedia.org/wiki/Booth_capturing [wikipedia.org].

Such practices are ...hmmm... rather obvious. Meaning, that in a really democratic country, they would lead to instant cancellation of the election, and punishment of the perps.

If such brute force disruptions are commonplace in India, then security of electronic elections is indeed the least of their worries. Without punishment of obvious abuse, the crooks could just wheel a supercomputer into the polling station, collect all the electronic ballot pads, openly break their seals, and reflash whatever firmware they want into them, hand them back (or just hand their own devices back which don't even need to look like the original ones...), and move on to the next polling station. No need to worry about stealth and miniaturized flash Ram writers if nobody cares about open tampering.

Security (... any kind of security ...) only makes sense if there is a meaningful followup to obvious tampering. And how much more obvious than Booth capturing can you get? You're basically taking a whole polling station hostage, and there is no consequence to this? *Mind boggles*

Re:Ultimate accountability

[thijsh]

We currently have a flawed system which relies on perfect cooperation of thousands of individuals each one of which can influence the voting process without us knowing it. This has lead to voting fraud not only in third world countries with 'broken election laws' but in all western nations (at least on some local level). The advantage of this system is fraud on a large scale requires the involvement of hundreds of people (but in no way is it made impossible).

Now examine the new system which relies on technology. There is a single point of failure, and if that fails you should to be able to detect it. Massive fraud can never occur without detection. The voting is divided over millions of locations instead of hundreds, increasing the points where people could theoretically be coerced by a factor of 5 to the point that you would need a conspirator for each person in the country to influence them... And face it, a guy who would be coerced by his wife at home would also vote 'her' party in the polling booth, don't act like shit does not happen.

You say 99,9% of the people won't know if they can trust the system, but you need to trust some people's intention to honestly host a democratic election. However you look at it you need to trust someone, and I think trusting a system that works with a central authority that can be checked for fraud before, during and after elections is easier to trust than an organisation where practically anyone can register to sit at the ballot booth and influence the voters...

You made an interestion observation of the technical goal in your response: 'provable anonymity with provable integrity and verifiability of the results'. This is tough, but I say at least anonymity and verifiability can be realized. You claim this solution is not yet here, but I'm pretty sure a system can be hooked to the web for a single simple task without exposing vulnerabilities if you filter all incoming data strictly. You now have a technical solution for the problem, but you still need to trust the people that organize the election, this is a basic premisse for any election. The third part you mentioned, the integrity of the system, is dependent on the people that organize the election. Of course scientists can conceive a solution to this problem that just works great, but if all the people that organize the election decide the outcome up front no solution will ever help this... But it can make it harder for them to get away with it... If you have perfect verifiability you can guarantee the integrity.

P.S. you wrote: 'can the online server write to the disk or not? If it can, then it can mess with all its content, that's all'... This is overly simplistic. If you create a standalone machine with a single task of collecting incoming votes and each incoming vote can consist only of the X character long code followed by a Y character long candidate code so only valid votes are sent. The system then looks up the code and records the vote with it, but won't allow you to vote again. This can even be enforced physically with WORM: http://en.wikipedia.org/wiki/Write_Once_Read_Many

Re:Ultimate accountability

[fgouget]

What stops people from selling their vote and going to the polling booth to vote?

What stops them is the lack of a buyer: the potential buyer knows he will have no way to verify you really voted the way he wanted so he won't waste 'money' on trying to outright buy votes (he will instead resort to propaganda).

And how do you think it's a good idea to just have a few points where people go to vote, it makes it *very* easy for people to disrupt, influence or plainly destroy votes there.

And centralizing all the votes on one server in one place solves this problem? Sure if you have massive safety and order problems then you will get voter suppression. Note though that such in countries people would typically be lacking the means to vote from home anyway.

To my knowledge polling stations are responsible for all irregularities with voting up until now

Irregularities which will be obvious to any observer (such as party representatives or regular citizens overseeing the elections).

and most of these irregularities can be prevented with proper implemented transparent e-voting.

The problem being that know one knows what this mythical 'properly implemented transparent e-voting' scheme is.

Re:Ultimate accountability

[thijsh]

Rather obvious yeah, so because it's not obvious to you immediately it does not happen in western countries? Look at the following list of the many means of fraud and tell me they are not used in so called 'true democracies': http://en.wikipedia.org/wiki/Election_fraud

And here are some examples to the contrary:
Netherlands - last election there were people instructing others how to vote in the booth (which was strangely allowed by officials present) and they counted over 100 mystery extra votes (this was in a district where is was a very close call so this could make a difference), no action was taken.
United Kingdom - last election hundreds of people were denied right to vote at the polling booths (more people turned up than planned so they just told them to walk away), no action was taken.
United States - several elections with blatant fraud: 'numerous statistical analysis showed discrepancy in the number of votes Bush received"', no action was taken (in fact Bush was allowed to rule unquestioned twice).

Re:Ultimate accountability

[thijsh]

If any serious attempt is ever made *all* the issues raised should be taken seriously and addressed, so any problem thigh might arise should not go ignored. But I get the feeling that for a techie-site there is a strangely high amount of no-can-do people here... You just assume it's not possible no matter what you do.

I claim it is possible, and any issue can be addressed. No solution will ever be perfect, but if it works good enough that you can verify that the will of the people has been represented with 99% accuracy it's a success in my book.

I know that any system can also be foiled if people are in a position to do so. It's not magic, but it can be a whole of a lot more open, cheaper, secure and fraud-resistant.

And come on, even fucking soda brands can print unique codes inside bottlecaps which can be used anonymously online to win or buy shit. And lotteries work too... if any system with unique anonymous codes would be so breakable why is it in widespread use without widespread fraud?

Re:Ultimate accountability

[WNight]

But the problem is always the same: the cheater won and is now in charge.

Bush hadn't won, and wasn't in charge. But it's easier to give a party of professional crybabies special treatment instead of recounting fucking ballots.

A recount is never the wrong thing to do - you'll know the liars by who refuses the recount. But instead we listen to their lawyering instead of just threatening to shoot (yes, death penalty - applied by the courts, a mob, or a revolutionary army - appearance of correctness is VERY important here) them until they agree to a recount.

You promote the death penalty in a situation where it is even more despicable then usual, especially since anyone can see the clear option to cheat by getting your opponent eliminated. Each election has some irregularities (and I assume most are not sanctioned by the candidates themselves) so it would be far too easy to cheat for the other guy while collecting 'evidence'.

Then don't call yourself leader of so many people you can't watch them. These giant parties are a symptom of the problem, not something we need to try to preserve.

People like you astound me - you see a problem with an idea and can't imagine any way around it so you act like it's ruined. If they had to be careful who they vouched for they might not say just anything.

Besides, all a politician would have to do for safety is implement procedures to catch the cheaters - if they discovered the problem and fixed it you wouldn't blame it on them. But the leaders who never bother looking for problems - they are the problem...

It's the exact same issue as military torture in places like Guantanamo and Abu Ghraib. Everyone knows bad apples sneak in to any organization, but the US government (first under Bush, now identically under Obama) tries to white-wash and ignore as much as possible before blaming the lowest-ranking people possible. What could have been an explainable one-off accident instead becomes official government policy.

This will only change when it's not in their best interests to look away - such as when they get hung for doing so. You join the army (even involuntarily) and they reserve the right to enact military justice on you - if you run for office should people not have similar rights and responsibilities?

I think the only way to guarantee a cheater free process is by completely making every step of the process transparent.

Yeah, and the current government buys voting machines from the proven fraudsters at Diebold.

[E Voting] ... The results as well as the timeline of the votes is made public from the start, when the voting closes the results are known *immediately*.

What the hell does this have to do with anything? The election is months early for a reason. It's baffling how this is supposedly important.

[current voting systems] ... we have no idea how often these are already exploited.

Actually, yes, we do. For one, the systems can only be exploited in known ways. Votes cast in Chicago don't overwrite ones for San Francisco. One box can't contain billions of ballots. To put votes in a box, someone must touch it. To verify it's empty it can be disassembled (including destructively tested very cheaply), weighed, etc. To train someone to find an improperly stuffed ballot box you take anyone who can recognize a non-empty box - to prevent pre-loaded cards full of votes even an e-security expert at each machine couldn't do anything.

You'll keep being lied to as long as you buy it. When you let people tell you that instant results are important they conveniently hide the issue of accurate and provable results. When they complain they've got too many people to watch carefully you need to demand they change it, not merely use it as an ongoing excuse for failure.

Re:Ultimate accountability

[fgouget]

We currently have a flawed system which relies on perfect cooperation of thousands of individuals each one of which can influence the voting process without us knowing it.
This has lead to voting fraud not only in third world countries with 'broken election laws'

but in all western nations (at least on some local level).

In the US you are right, votes can be tampered during transport, probably by a single individual (blame the 'broken election laws'). In France (where we have transparent ballot boxes and where ballots are counted on the spot when the election closes) no single individual can tamper with the voting process. But yes, tell me how to commit fraud in France and not get caught.

There is a single point of failure, and if that fails you should to be able to detect it.

How will you know that there has been fraud if candidate A wins with 52% of the votes instead of losing with 49%? Do you pretend to know the results in advance?

Massive fraud can never occur without detection.

With voting computers it can. You only need to corrupt a handful of people to get your hack into the voting machine's software or hardware. Then you have control of how every single vote is counted.

And face it, a guy who would be coerced by his wife at home would also vote 'her' party in the polling booth, don't act like shit does not happen.

The lack of ballot secrecy has real impacts. See the impact on Chile's election results when they switched in 1958.

You say 99,9% of the people won't know if they can trust the system, but you need to trust some people's intention to honestly host a democratic election.

With any computer voting system you specifically need to trust the people who organize the elections, that is the people with the most at stake if they lose. With paper ballots you only need to be confident that any fraud that will impact the result will have to involve thousand of people and will thus be detected. Even better, you can make sure that no fraud takes place at your voting place.

You now have a technical solution for the problem, but you still need to trust the people that organize the election, this is a basic premise for any election.

With paper ballots I don't need to trust the people manning the polling place or counting the ballots because I can verify myself that they are not cheating. With voting computers I would not be able to detect cheating even if I was in the same room. With Internet voting it's even worse.

P.S. you wrote: 'can the online server write to the disk or not? If it can, then it can mess with all its content, that's all'... This is overly simplistic. If you create a standalone machine

If *I* create such a machine then *I* may be confident it will behave the way I decided. Would you trust me to have designed the machine according to specifications? Would you trust the government to use the machine as I designed it and not with some modifications that allow cheating? Do you also trust the lowly employee who installed it? The one who transported it? You have to trust *all* of them because *any one* of them could have tampered with it (or substituted it).

This can even be enforced physically with WORM: http://en.wikipedia.org/wiki/Write_Once_Read_Many

Of the WORM devices (CD-R, DVD-R, PROM and punch cards) only punch cards could provide the kind of physical guarantee you want, and only because it would be easy to verify the lack of a punching mechanism in the read-only columns (and here I assume there's a way to prevent feeding a card in reverse).

Re:Ultimate accountability

[ArsenneLupin]

Rather obvious yeah, so because it's not obvious to you immediately it does not happen in western countries?

No matter how many times I read that sentence, it doesn't make sense. I suppose it's meant to be a miffed reaction at my astonishment about the non-subtlety of electoral fraud in India? If so, I'm sorry to have offended you.

Look at the following list of the many means of fraud and tell me they are not used in so called 'true democracies': http://en.wikipedia.org/wiki/Election_fraud [wikipedia.org]

Why should I tell you something like that? Yes, this is a list of frauds for people who are concerned about stealth and/or plausible deniability. That's why brute force approaches such as just invading the polling station is not included there.

The sentence that I liked most was: Harsh penalties aimed at deterring electoral fraud make it likely that individuals who perpetrate fraud do so with the expectation that it either will not be discovered or will be excused..

Netherlands - last election there were people instructing others how to vote in the booth (which was strangely allowed by officials present)

A similar thing had happened a while back at the election of a student council at a US university. There the rational was to "help" students who might have trouble figuring out the ballot. Plausible deniability. Or true naivity of the organisers.

they counted over 100 mystery extra votes (this was in a district where is was a very close call so this could make a difference)

Either a true counting error, or a fraud meant to look like one.

United Kingdom - last election hundreds of people were denied right to vote at the polling booths (more people turned up than planned so they just told them to walk away), no action was taken.

Probably true lack of organization... Unless it can be shown that only precincts "leaning" a certain way were affected (as happened in Florida when Bush was first "elected").

United States - several elections with blatant fraud: 'numerous statistical analysis showed discrepancy in the number of votes Bush received"', no action was taken (in fact Bush was allowed to rule unquestioned twice).

Statistical analysis, but no "hard and fast" fact.

As shown by above examples, in Western countries, if there is fraud, the fraudsters usually builds up a more or less elaborate scheme that should:

1. help prevent the fraud from getting discovered
2. in the event that it is discovered, provide plausible alternate "explanations" (such as honest mistakes, lack of organizational skills, conspiracy theories by losing parties, ...)

The Indian "poll booth hijacking" is so egregious by its open-ness because it leaves the fraudster no way to weasel himself out of the accusations, should he get caught. To me, this means that the democratic culture there is so low (sorry to say so) that nobody cares about fraud, even if it is perpetrated in the open.

Re:Ultimate accountability

[WNight]

But you can't honestly tell me you're so paranoid about this that you now vote with gloves on because they might trace the fingerprints on the ballot?

In which election?

But no, that's crazy. To worry about your government you'd need to be in a nation of jack-booted thugs who use regularly use internationally decried methods of torture everywhere from POW camps (in undeclared wars against vaguely described groups of people) to suburban police stations. Further, there'd have to be ongoing precedent of unreasonably broad laws being enacted, courts routinely punishing people unreasonably, evidence going missing, photographers being beaten and arrested for taking pictures in public, etc.

Because yeah, unless people thought they were living in some hellhole where the police could just do whatever they wanted and the government would back them, they wouldn't have any reason to fear whatever party won. After all, we're all good sports about politics.

Seriously though, if your nation didn't call the recent Iranian elections fraudulent and loudly refuse to acknowledge the occupying thugs as a government you have a lot to worry about.

Re:Ultimate accountability

[fgouget]

But I get the feeling that for a techie-site there is a strangely high amount of no-can-do people here...

Maybe because Slashdot has a higher proportion of software developers and that is people who understand why it's not possible.

You just assume it's not possible no matter what you do.
I claim it is possible, and any issue can be addressed.

In 2008 or so I have seen scientists in the field claim no solution exists yet (even at a theoretical stage) and that there is no proof that a solution is possible. But if you say it's possible then I guess I'll have to take your word for it. As for Internet voting: Vulnerability analysis of three remote voting methods

And come on, even fucking soda brands can print unique codes inside bottlecaps which can be used anonymously online to win or buy shit.

This has nothing to do with voting. The soda brand knows in advance that code 1234 gives you access to a special tune for your phone. There are ample confidential records to prove it somewhere in a vault. If you come to their website or in person and claim it gives you access to the Mercedes they will laugh in your face and have the means to prove you are lying.

In contrast your voting key 1234 is not associated to any candidate when it is generated. You are the one who does that when you vote. But because your vote is secret you cannot prove to anyone, not even the government, how you voted. This means that when you complain that the online records show key 1234 as voting for candidate A instead of candidate B they will laugh in your face because you have, by definition, no proof.

Re:Ultimate accountability

[WNight]

Put it another way - has any policeman been convicted of corruption in your city?

Great example actually, because while a few must here and there, largely, no. Not even of blatant murder when caught on camera. Nor were their supervisors charged with ANYTHING, let alone convicted for confiscating video evidence and trying to deny its existence. In fact, in a recent incident the police department is arguing that because its funding is federal, lower levels of government aren't even allowed to investigate or censure it.

It's a perfect example of an organization rotten to the top, even if only one in a thousand is technically "dirty" because we refuse to deal with it effectively. Perhaps things would be different if the people at the top were liable of triple-punishment for everything they participated in covering up, but we can't even enforce the trivial rules we do have.

I join your party under a false name, cheat blatantly and run like hell [...] Your leader gets a bullet in the head.

Yeah, absolutely. Why did he vouch for you?

India has a population over a billion. The major parties will have hundreds of thousands of low-level workers.

Well, that's conflating the party members themselves and perhaps their staff with a volunteer who offers to print signs.

But yes, a country is large and say there are still thousands of these people - far to many for one person to personally vouch for... so? Who's to say you need giant monolithic parties? All we've proven so far is that they're so big you couldn't possibly all be on the same page.

What you should get out of this is that the excuse "it's too big to check" isn't good enough. Simply because a convenient solution doesn't present itself isn't a good reason for defending something obviously defective.

Re:Ultimate accountability

[WNight]

Pft, not. One thing that obviously deserves the death penalty, if anything does, is knowingly demanding the death penalty for an innocent person. Technically it's not murder yet I don't think you'd be scum by arguing that this false accuser should face the same fate their victim did.

But be honest, the problem with the death penalty isn't the death - you probably aren't half as bugged by that as you'd want to appear. The problem is that the government hands it out years later, often(usually?) wrongly, and never (by then) necessarily.

If taken the other way being against the death penalty would make you against self defense. Obviously that's silly...

Re:Ultimate accountability

[AlecC]

The reason you need giant parties is to form governments. A house with 300 MPs from 500 parties, each with their own ego, would not have formed a government before the next election came due. Parties, too large for one person to control and vouch for, are the way we form some sort of a consensus. I accept that it does not *have* to be this way - as Churchill said, democracy is the worst possible system - except for all the others that have been tried. Before you pull down this system, let's see your better replacement.

Even the lowest level sign-putting-up volunteer can be over-enthusiastic enough to try to fix the system so his side wins. How are you going to draw the line between low-level volunteers, who I am not expected to vouch for, and high level ones I am? I will just classify everybody other than myself as low-level.

I don't think I would trusty /anybody/ to vouch for them to the level you require. There are a very few I would trust at the level of honesty, but those few I would not trust at the level of (occasional) incompetence or gullibility to others. We all make mistakes, some more often than others. What you are constructing is a system of thousands (hundreds of thousands, in my view) of components, with fatal results on first error.

Re:Ultimate accountability

[WNight]

The reason you need giant parties is to form governments.

I purposefully didn't say anything to refute this coalition government is impossible nonsense because I didn't want to prejudice you into trying to defend it, but I'm saddened you bring it up because it's absolute bullshit thrown around without any proof or reason.

When you stop conflating bullying people into things with "forming government" perhaps we could continue?

I accept that it does not *have* to be this way - as Churchill said, democracy is the worst possible system - except for all the others that have been tried. Before you pull down this system, let's see your better replacement.

Concrete proof where that's impossible, I've got that right here...

300 MPs from 500 parties

Or, 300 MPs representing 300 districts. See how easy that was?

It's the opinion that it can't be done that's nigh unto the only problem.

Even the lowest level sign-putting-up volunteer can be over-enthusiastic enough to try to fix the system so his side wins.

No, really?! This sort of thing is why I don't take you seriously.

How are you going to draw the line between low-level volunteers, who I am not expected to vouch for, and high level ones I am? I will just classify everybody other than myself as low-level.

You mean, you'll then choose NOT to vouch for them or their actions.

Okay, sounds great. That's the point - when there would be consequences for your words you'd choose not to say them. Less lies (or wishful promises, whatever).

Of course someone you don't vouch for could cheat - that's obvious, but without you defending him we'd be able to deal with it like any other cheater. Problem solved.

It's when parties act to blindly support their members that they're a problem. If your grouping of people didn't try to shield each other from reasonable prosecution we wouldn't have a problem.

What you are constructing is a system of thousands (hundreds of thousands, in my view) of components, with fatal results on first error.

Only for those who want special treatment. Yes, the price is unreasonable, but so is the cost to society of political parties.

Rally around issues, sure. But when you form parties you directly and explicitly vow to misrepresent your constituents and force others to do the same. The only loyalties of a politician can be to the voters they represent.

Re:Ultimate accountability

[thijsh]

You are right, there is a very clear distinction... and you illustrated it elegantly with your post.

But it leaves me wondering about a definition of a democratic culture. Even true democracies often have 'legitemate' means to keep the ruling party in charge (like how the voting works in the UK, the disadvantage lies at the smaller opposition parties, this election this gave both the large parties over 10% of total extra seats, no polling booth fraud could easily achieve this level of result). It makes me wonder what is more/less democratic, the people who allow thugs to undermine democracy, or the people who allow their politicians to make/defend existing laws which undermine democracy.

Thanks again for this interesting discussion.

Re:Ultimate accountability

[thijsh]

Interesting post, but you misunderstood me. I am looking for the possibility of an interesting technical solution, but the only response I get is that it's not possible for several reasons, most of which human factors. I focus on problems with the current sytem to illustrate the fact that both paper voting and e-voting have problems. Please understand I have faith in the current system of voting but understand the margin for error is present in every system, and instead of an absolutist discussion of 'why something will never work' I am more interested in what it would take to make it work within an acceptable margin of error.

The only personal motivation I have is an interest in the technical ramifications (as well as maybe the prospect of being able to vote without making time). I am fairly convinced that in 50 years people will look back at papervoting as combersome and fraud-sensitive... it might even be half that time if people stop ranting it's ridiculous for even suggesting it, but yeah you know how that'll turn out.

Please try not to be astounded to much... it's bad or your health... ;)

Re:Ultimate accountability

[thijsh]

Thanks for the link to the article I will read up on the subject.

I understand from my programmer perspective that there is no way any computer can ever be trusted fully (it could have been tampered with), so I understand where the idea comes from that this design is flawed... But not the whole problem needs to be provable in software... You have to make *some* assumption, for starters that the software of the device has not been tampered with... I'm fairly sure they can put the software on a CD and let a committee of computer scientists verify the content of the disc prior to installing it into the system so it's also a matter of proper procedure and trust in the elections committee.

Your argument against verifiability can be mitigated by publishing the full list of codes and votes, you can validate you vote if you kept the code... Only problem is any time you can check your vote someone can force you to prove you voted 'right', so it's a bit of a conflict there...

Re:Ultimate accountability

[WNight]

it might even be half that time if people stop ranting it's ridiculous for even suggesting it, but yeah you know how that'll turn out.

Well, my response to:

I am more interested in what it would take to make it work [...]

Is "Why?". So, yeah, I guess I do. "Why it?" at any rate?

Nobody wants to mention a real functional goal that actually needs fixing. Speed is brought up occasionally but they don't have a potential benefit from that, just speed itself. It seems to just be people who want e-voting because it's cool.

It's not that we shouldn't ever go "E", it's just that we should have a real, important to many people, goal that we agree it's likely e-voting will fix before we implement it.

Please understand I have faith in the current system of voting

Why would you say that? I don't, I just don't want to randomly switch to another one without a clear idea of what's supposed to improve and why.

As and aside, why would you say "faith", it's a word used for belief in the absence of proof - best used by and about religious people.

Please try not to be astounded to much... it's bad or your health... ;)

Being astounded is bad for you health, well I ... ummm - totally saw that one coming. Yup. Whew, dodged that bullet. :P

Seriously, it's that or be so cynical I expect it from everyone.

You promote [...] so it would be far too easy to cheat [...]

This is what I mean. It's worth pointing out, yes, but you do it as if one flaw in anything is its instant undoing without considering other options. Not that I really see the proposal as serious, but as far as it was it'd cause vastly smaller parties before party officials actually let themselves get shot for the actions of people they'd never met.

When you find one little nit and write his argument off you seem like the people you are annoyed about - dismissing evoting out of hand because of one single fault.

I get the idea of scoring points, but if you had worked with that guy by saying "well that'd certainly lead to smaller parties because of the risk a mole could cheat and get you shot" you'd have made your same point and been open to the idea that he might not have missed that, it could be his intent.

I am fairly convinced that in 50 years people will look back at papervoting as combersome and fraud-sensitive

Yeah, we already do. So your goals are reducing fraud and making the vote easier - why, simply to save time or to reach out to traditional non-voters, or ...?

I am looking for the possibility of an interesting technical solution

Sure, but to which problem. If there are better ways to accomplish those goals are you still interested, or are you only here for the tech?

Some of the assisted-voting system seem tolerable, they fill out a human-readable form for you and then you verify before it drops into the box (where the standard way it's filled out facilitates easy auto-counting). But that's because it fixes the Florida crappy-ballot problem. And only as far as it does, I've used a lot of lame UIs before - the worst being that the manufacturer swears is the easiest, so I don't have faith that the system would be an improvement. It's simply one possible solution to a need. Another solution would be better paper ballots, but that has its own problems...

Re:Ultimate accountability

[thijsh]

Sure, but to which problem. If there are better ways to accomplish those goals are you still interested, or are you only here for the tech?

Basically yes, to try and find a solution for a seemingly impossible solution intrigues me. But it always leads to interesting political and social issues too. I don't really care either way if I vote with paper or computer, but I would like to know how they compare in theory. Problem is there is no clear accurate boundary for defining a correct voting system where the will of the voters is represented, so there is no real way to compare these issues aside from theoretical objections...

The word faith accurately describes this situation since I stand behind the democratic principles not matter what, even in the face of conflicting evidence suggesting our current political systems are not nearly as democratic as is being suggested. I try to take an open look and make the distinction between theory and practice. Just like communism failed in practice democracy is (maybe not as much but nonetheless) susceptible to human ways of self-interest.

My reason 'why' is 'why not?', any concept is worth entertaining in theory...
I like your style and you give me some good insights. But please don't take me too seriously, I don't... ;-)

Re:Ultimate accountability

[WNight]

The word faith accurately describes this situation since I stand behind the democratic principles not matter what

So in other words you don't have any faith in our current system of voting, but you have faith in the concept of democratic self-determination or something?

I'd still recommend another word because I can't think of anything you should believe despite evidence to the contrary, but okay.

But it always leads to interesting political and social issues too.

Indeed. It appears the US founding fathers would have rejected a true democracy even if it were possible then. If we could give everyone the vote, would all the intolerant bastards just vote for something brutal? Should we be bound to it just because a large number of people like it...

Just like communism failed in practice

Have there ever been any communist countries? Not just ones dictatorships up on the new rhetoric, but actual share-and-share-alike communisms?

Not that I really hold out a lot of hope, but I don't think it's actually ever been tested.

to try and find a solution for a seemingly impossible solution intrigues me.

I agree. I've wondered how you could vote at home, be able to check your vote was properly registered and counted, and yet there not be a way to force you to show this to others.

Perhaps when you vote you get a receipt with two numbers, one shows one vote ...

But then, how could the populace check that these votes were counted properly. Those links might report the right thing, but then simply be ignored.

You could do micro-counts as the "box" was filling and if the small group felt the count was likely wrong the vote could be inspected there - that way if the overall count changes later you've got evidence. But this links people to their votes - as less people have voted at each smaller count you have a greater idea about what each one voted...

This is the stuff that seems important - a late count is no big deal, but Iran's recent election where the religious tyrants apparently just made up a result, is. Or if they simply arrested everyone who voted against them.

I would like to know how they compare in theory.

A better examination of pen&paper voting, as if it were a modern alternative we were considering, with all the pros and cons examined, would be interesting. We use it now, but would we pick it if not for inertia?

I wonder about democracy at all though - not the idea of people choosing, but the idea that for everything every person gets an equal vote when they have vastly unequal stakes.

For instance, gay marriage. If you're not gay, why do you even get a vote? A gay marriage can't change your non-gay marriage... We don't give whites a vote on black marriage - this is just as silly.

Re:Ultimate accountability

[fgouget]

I'm fairly sure they can put the software on a CD and let a committee of computer scientists verify the content of the disc prior to installing it into the system so it's also a matter of proper procedure and trust in the elections committee.

But I don't have to make any such assumption with paper ballots. I can let anyone provide the transparent election box on election day, even a crook or my worst enemy. All I need is confidence that there will be opposing party representatives verifying that the transparent box is indeed empty at election start and who will oversee the whole process up until the ballots are counted. And if I don't trust the party representatives I can come and oversee everything myself if I want, it's just one day after all.

But with voting computers it does not matter that there are opposing party representatives on election day or that I can watch them start the voting computers and that the computers claim their 'virtual ballot box' is empty. Nobody in that room, even the best computer scientist, would not be able to detect fraud. So now I need to worry about who could have tampered with the computers when bringing them to the voting place, who had access to them while in storage, who programmed them, who checked the programs, etc. And obviously for most of those neither I nor party representatives were present: you cannot have 5 opposing party representatives watching the computers 24/7 all year round while they are in storage.

That's the fundamental difference: with paper ballots all that matters is what happens in the voting place on election day. With voting computers everything that happened since their conception is relevant.

Only problem is any time you can check your vote someone can force you to prove you voted 'right', so it's a bit of a conflict there...

Exactly. It removes the anonymity of the vote so it's a big change with huge implications, and is the problem what makes electronic voting so hard (and different from everything else we do in computer science).

Amazing findings

[gmhowell]

Amazing work they've done here. They've proven that if you have intrusive access to the hardware, you can screw it up and do deviant shit. How about you post an article when someone can walk into a polling place, hack a machine, and walk out without take a screwdriver or some large, obvious device to a voting machine?

This article, like most of the front page needs "-1, Irrelevant".

Re:Amazing findings

[tsj5j]

Your analysis neglects the basis of comparison, in which case is traditional voting methods on paper.

If you can walk in with a screwdriver to mess up an election with the electronic system but can't do the same to the paper method, then clearly there is some impact to security.

Re:Amazing findings

the point here is that polling places can rig the machines just fine.

clever in key areas where a specific political party needs more votes to win.

kinda like how with diebold, republicans got overwhelming victories in predominantly democratic voting districts.

Re:Amazing findings

Amazing work they've done here. They've proven that if you have intrusive access to the hardware, you can screw it up and do deviant shit. How about you post an article when someone can walk into a polling place, hack a machine, and walk out without take a screwdriver or some large, obvious device to a voting machine?

This article, like most of the front page needs "-1, Irrelevant".

@ghmowell: perfectly true. and it's not like these machines are connected to the internet and so can't be hacked that way either. and before anyone talks about the "dangers" of electronic voting should we discuss "chad", "voter list fraud", "booth capturing" and the like?

Re:Amazing findings

[Thanshin]

How about you post an article when someone can walk into a polling place, hack a machine, and walk out without take a screwdriver or some large, obvious device to a voting machine?

So the possibility of bypassing democracy isn't worrying, as long as you put a full body scanner in front of each voting cabin?

Or you could limit the time that can be spent voting, and pray nobody finds a faster hacking method.

1...2...3... BAM! You're out. Vote faster next time.

Re:Amazing findings

[Utopia]

That was my first thought do. Physical access is needed to break the hardware.

The Researchers just say that the security measures used are low tech and easy to break, but show no demonstration about breaking it in a simulation/real polling situation.
I personally think its hard to pull off in a polling booth.

Second, With the size of India's population I would rather that India continues to use EVMs and switch to paper trail methods -- Please think of the trees.
Using paper is not only is bad for the environment also substantially increases the cost (for support staff to count/manage paper votes, security, transporation etc.)

Re:Amazing findings

[Yvanhoe]

The goal here is to show that one of the thousand of officials who have physical access to a huge quantity of machines before the elections can rig them. You know that when you don't look at them, officials love to stuff voting boxes with ballots. Suspecting they wouldn't do it with electronic machines is just weird.

Re:Amazing findings

[jacksonj04]

Ask yourself what stops people from opening ballot boxes to mess with the votes? The answer (in the UK at least) is four uniquely serial-numbered ties which have their numbers noted when the box is sent out, and verified when it's opened. Just put all the innards in an epoxy resin, put them in a toughened metal cabinet, lock the door with a key and attach aforementioned ties. A screwdriver won't help you.

Re:Amazing findings

[abigsmurf]

I can walk in with a handful of paper and rig in an election. I can pour a bottle of ink into a box and spoil all the ballots inside. Paper ballots offer countless ways of affecting votes.

Hardware based attacks that rely on invasive access are stupid in terms of demonstrating 'how vulnerable' an e-voting system is. The assumptions you have to make are stupid; You assume no one will notice someone taking 10 minutes to vote , that they're carrying tools, that they get down on their knees to open the case, that they're oddly noisy for someone voting.

Even assuming you have such incredibly incompetent officials monitoring the voting, you should still prevent this by putting tamper proof seals on the machine's casing.

Re:Amazing findings

[TheDarkMaster]

And when the responsible for the polling place is the guy with a screwdriver? The cheater can be anyone.

Re:Amazing findings

[ap7]

This IS relevant. Indian election officials and even the Supreme Court of India seem to earnestly believe that the machines are unhackable. The winning parties always claim EVMs are completely tamper proof. Ofcourse, losing parties claim that tampering exists. So unless solid proof was provided, the parties that lost elections were not going to find people willing to listen to what seem like conspiracy theories.

EVMs in India often lie in sealed storage for a couple of weeks on average after voting before results are declared. The scope for tampering in that period is enormous.

This is just the kind of proof needed to make Election Commission officials and the judicial system understand that tampering is possible so that they can atleast take preventive measures if not eliminate electronic voting completely.

Re:Amazing findings

No. It shows that the people who handle the machines between elections can tamper with them undetected, and even prep them to change votes when so ordered by bluetooth. No screwdriver necessary after the hard-to-detect-by-a-non-techie mod has been done.
Therefore, it would only take a small conspiracy to rig the elections, contrary to the large conspiracy needed in paper ballots.

All voting systems are vulnerable...

[afc_wimbledon]

Paper votes are subject to impersonation, for example, especially if voter turnout is low. During canvassing for the recent UK General Election for example, I became aware of people who were not voting due to absence (and hadn't secured a postal vote). It would have been simple to use those votes if I was so inclined.

The only solutions are transparent voting systems (if electronic, software and hardware must be publicly documented so that flaws are found and fixed - yes, I user Firefox!), plus independent audit trails (say, issue each voter with a receipt that can be checked against the voting record, if they agree).

The inconvenience of paper voting (many hundreds of people couldn't vote in the UK due to various issues related to this, and unexpected voter turnout) will push us towards electronic, probably internet voting whether we like it or not. The real question is not are these systems acceptably fraud resistant, but how to make them so.

Re:All voting systems are vulnerable...

[teachmetech]

trust me on that. all anti virus software are vulnerable. so many companies breed virus,trojans, they introduce malwares to later sell the software to heal them.

Re:All voting systems are vulnerable...

[jacksonj04]

In the UK in particular you *cannot* issue a receipt - anything which can be used to match a vote to a voter is illegal. Even signing your name instead of putting a cross renders your ballot spoiled.

Re:All voting systems are vulnerable...

[Asic+Eng]

The inconvenience of paper voting (many hundreds of people couldn't vote in the UK due to various issues related to this, and unexpected voter turnout) will push us towards electronic, probably internet voting whether we like it or not.

Maybe, but why not shift the election to a Sunday (or make election day a public holiday) as a first measure? It might help if voting was spread out more evenly over the course of the day.

Re:All voting systems are vulnerable...

[afc_wimbledon]

That's not strictly true I'm afraid. In the UK the "marked register" (the paper audit of who voted) is marked with the ballot paper number against the voters name. So currently there is an audit trail from the individual to an individual ballot paper, and hence to their vote. It's not available to just anyone, but you can, under certain circumstances, find out how an individual voted, or more importantly how they were recorded as voting in case of fraud. Both individual ballot papers and marked register are retained after the election. I'm talking about something similar for electronic systems is all.

The problem with electronic systems is they are often floated as the sole solution to all electoral fraud (they're not) or as intrinsically weaker than paper based systems (and I'm arguing they are not that either).

Re:All voting systems are vulnerable...

[locofungus]

In the UK in particular you *cannot* issue a receipt - anything which can be used to match a vote to a voter is illegal. Even signing your name instead of putting a cross renders your ballot spoiled.

Except, of course, the recording of the ballot paper number next to your name when you vote.

In the past it would have been difficult to automatically match up every vote with a voter but it certainly wouldn't have been difficult to find out who cast a particular vote. "Who voted communist?"

Nowadays I'd expect that the voter lists with the ballot numbers could be scanned and OCRed and the ballot papers run through an automatic feeder. Of course this needs access to the voter lists and ballot papers so not available to everybody.

http://www.electoralcommission.org.uk/__data/assets/electoral_commission_pdf_file/0018/16056/Ballot_paper_design_finalversion_13051-7979__E__N__S__W__.pdf

End of page 25:
Serial numbers

4.4 Anecdotal evidence suggests that at every election
Returning Officers - and more often Presiding Officers
in polling stations - receive a number of complaints or
concerns from electors over the use of serial numbers
on ballot papers. Electors are often concerned that the
number allows identification of how they have voted.

In fact, serial numbers are used specifically to allow for
the tracing of papers cast fraudulently and are checked
only where a claim of fraud is being investigated and a
court order obtained to allow the identification of the ballot
paper as being that of a particular person. Nevertheless,
the regularity of such complaints, although not great, is
thought to have increased in recent years with the increased
use of postal voting. This is an issue also considered in
the Commission's separate review of absent voting.

Tim.

Re:All voting systems are vulnerable...

[jacksonj04]

Ugh yeah, should have clarified that it's anything which on its own identifies a voter with a vote, which a receipt (I'm guessing) would do much as a signed ballot paper does.

Re:All voting systems are vulnerable...

[sznupi]

Your potential for impersonation stems from the fact that you can't verify with any certainty the identity of people...

Any "inconvenience" with paper voting was due to procedural failings in the UK implementation, not some inherent faults. My (EU) country has also paper voting, and it works extremelly smooth. It's simply scheduled for Sunday, from 8AM to 8PM (and sometimes 10PM), when not only the population has plenty of time to vote but also you have lots of "workforce" available to staff a very dense network of polling stations. I can't remember any voting which took me more than few minutes.

Also, even if you can do e-voting "safe" in technical sense, it inherently can't be trusted. People can't see what's really happening behind the scenes.
In contrast, with paper voting you can verify the procedure at the local level yourself (plus...polling stations are often staffed by people from many competing parties, they keep themselves in check rather fine); with many people doing it in most of the country, you can independently verify the elections.

Re:All voting systems are vulnerable...

Those complaints are based on the fact that secret documents in the UK are eventually declassified into the public domain*. As a result we know that at the height of the fears about Communism, the intelligence services did exactly what you describe, using the serial numbers to identify specific individuals who had voted for the communist party. These individuals were then put under surveillance, even though they represented no threat to the UK except in the sense that the Communist party itself was deemed a threat.

So what the Commission is telling you is: We don't do this now. Which is exactly what its predecessor said decades ago. They lied then, why wouldn't they lie now? Their reassurances are worthless, and they know that, but their hands are tied.

* There are rare exceptions, but they're very rare. Things like ULTRA (the secret that the British broke German encryption including Enigma) were declassified despite protests from those involved who had expected to take them to their graves. Our government may spy on us, may conduct unethical experiments, hide corruption, kill innocent civilians, but the truth always comes out eventually.

yaaaa

I have to wonder just what sort of effect this would have on an AMERICAN election...oh wait, I already know. ;p

Poll rigging this way is unnecessary in India.

[khoonirobo]

We are more sophisticated. http://en.wikipedia.org/wiki/Booth_capturing
Perfectly illustrated in http://xkcd.com/538/

Re:Poll rigging this way is unnecessary in India.

[thijsh]

Booth capturing? Do you mean Lincoln could have been re-elected if they just captured Booth by hitting him on the head with a wrench? http://en.wikipedia.org/wiki/John_Wilkes_Booth

Re:Poll rigging this way is unnecessary in India.

Nah, You are not sophisticated. You're just plain bat shit ignorant.
You don't believe there is a reason for the Hari Prasad and Co to bring this out into the open and discuss the implications ? Do you know with this kind of electronic voting machine,

- it's entirely impossible to prove the crime ?
- that electronic tampering can be done in a bigger + wider scale without a single trace of the hijacking ?
- the only way to know for sure is to go into the electronic assembly and see every part and it's source which would be impossible in India because India does NOT produce chips on on its own.

I can go on, but you catch the drift.

Any chance you are in on the scheme ?

We are more sophisticated. http://en.wikipedia.org/wiki/Booth_capturing

Perfectly illustrated in http://xkcd.com/538/

Electronic voting machines

[Decollete]

Today, May 10, the Philippines is holding the presidential, legislative and local elections. It is the first time electronic voting machines are being used. I am wondering if the machines used are similar models as the ones being discussed in this article.

Go to Pot

[Linker3000]

If they've proved that someone can clip a device over a RAM chip, may I suggest epoxy resin or a potting compound. Pot the entire internals, including the ribbon cable to the display and the display board itself to make the electronics much, much more difficult to reach.

Re:Go to Pot

[tuxicle]

Mod parent up. I wonder why ECIL didn't do this in the first place.

Tampered EVMs may have already been used

[digTro]

There have been allegations in the past that political parties in India have rigged EVMs and I think that is quite likely despite the lack of "evidence". To understand that, you need to know how the voting system works in Indian elections.

The educated elite in India are apathetic to voting. They have no trust in the administrative system and have no hope that the endemic corruption will ever end. So come election time, the people who vote are mostly the poor who hope that some day, the extravagant promises made by the political parties will be kept . Before election day, the voters are bribed with free liquor and food. The women folk are given new clothes. And finally cash is also distributed to bias the voters to chose a particular candidate. The system which issues voter identification cards is broken and sometimes you can find impostors voting on behalf of actual voters.

Given the amount of money that politicians spend on rigging manual voting, tampering EVMs is just good business practice. It is cheaper and you don't need to chase around thousands of voters.

zzz

It doesn't matter much... All the political parties are the same... "chore chore mastuto bhai"

'tamperproof,' 'infallible,' and 'perfect'

[silentcoder]

Our project team includes three Centaurs, design was managed by the Minotaur and the UI was put together by a herd of Unicorns. Debugging was handled by a 500 year old wise Chinese dragon.

After all, who better than a team of mythical creatures to design a system with a mythical feature-set ?

Re:'tamperproof,' 'infallible,' and 'perfect'

[Thanshin]

Our project team includes three Centaurs, design was managed by the Minotaur and the UI was put together by a herd of Unicorns. Debugging was handled by a 500 year old wise Chinese dragon.

We tried that and it didn't work. The minotaur's design was too convoluted, the UI was pink and invisible, and after receiving hundreds of bug notices we discovered that the dragon had spent months farming gold.

Re:'tamperproof,' 'infallible,' and 'perfect'

[silentcoder]

>"UI was pink and invisible"

It was invisible... but it had a colour... oh nervermind, that's actually MORE believable than "it was tamperproof and infallible" !

Scale

[brunes69]

The size and scale of India's election makes attempts at manipulating the election at the voting machine level very difficult. Any legit attack would have to be done at the back-end altering massive numbers of votes.

Re:Scale

And further you need physical access to the hardware.
In India, after voting ends, the voting machines are sealed and delivered to a central counting center. At the counting center, the voting machines are inspected by a panel of members representing the candidates participating in the election.
So, either the machines should be tampered before they are delivered to the voting station or during the transfer of the voting machines to the counting centers. In both the cases, the machines are heavily guarded, sealed and inspected. Most often election commission officials video the voting process.

So, these so called hacks are not brilliant. Any hardware engineer who is given physical access can "hack" these.

The problem in Indian elections is not manipulation of voting machines, but the corruption of the voter by purchasing their votes through paying money, especially to the poor and illiterate masses.

Re:Scale

Also the system; It is very difficult to break into system and Tamper. So it is not technology of Voting machine that makes Indian voting machine work well.

Re:Scale

[fgouget]

The problem in Indian elections is not manipulation of voting machines, but the corruption of the voter by purchasing their votes through paying money, especially to the poor and illiterate masses.

The solution to voter coercion is of course not voting computers but secret ballots. Apparently ballots are already supposed to be secret but maybe the polling places need bigger curtains.

EVM: Simple tech & tamper resistent procedures

[Sivaraj]

The way EVMs reduce rigging is not by any superior technology. It is based on simple accessible technology and elaborate procedures to ensure that poll rigging is minimized to the maximum extent possible. Check this very detailed FAQ by Election Commission of India, specifically Q24 and Q28.

http://www.indian-elections.com/electionfaqs/electronic-voting-machines.html

Re:Ultimate accountability and Moles

[findoutmoretoday]

<quote><p>Imagine that a party leader becomes responsible for the actions of the members of his party. Some lowly member cheats, the leader gets a bullet in the head.
</quote>

Never cheat on your own data,   always rig your neighbours data.

Despite all this, e-voting is on track

[alfredos]

It will still take a couple iterations, but like so many other things before, electronic voting will eventually be safer, faster and more convenient than traditional paper-based voting.

Most of us IT guys here can sure name a couple solutions to avoid the current hack and throw a few ideas for a truly 99% tamperproof system - hardware sensors, certificate-based encryption of RAM memory and storage, you name it. All these things, or similar, will eventually happen. It is unfortunate that the governments that quite bravely dare lead the path are as usual spending too much money in too unsatisfactory a solution at the moment but that is still only v0.1. When we are at v1.0, barring a few small and pintoresque bugs that reverse polling results or somesuch (and which we will be so happy to comment on /.), the days of tons of paper and boxes moving around will begin a slow but steady decline, like the long queues in the bank or in your local tax office/IRS equivalent.

Re:Despite all this, e-voting is on track

[Jaime2]

It will never get any iterations as long as the current iteration is declared perfect and no one is allowed to examine the code. That's the problem with electronic voting -- the people in charge of securing it consistently undermine its security by choosing black boxes over white boxes. For all we know, the tampering features already built into the device are only v0.1 quality and in a few iteration, elections will be able to be sold much more efficiently.

everyone should stick to paper

[circletimessquare]

even the most technologically advanced societies (some nordic countries want to vote by cell phone!?), for two reasons:

1. attack vectors

of course paper voting is subject to cheats, ballot stuffing, getting lost in transit, etc. its just that paper voting is a simpler process than mechanical or electronic voting, so therefore the numnber of attack vectors for paper voting is orders of magnitude less than mechanical voting... which in turn has orders of magnitude less attack vectors than electronic voting

one well placed dude can, in a few milliseconds, in a statistically invisible way, randomly increase votes for one candidate over the other. and i don't care how well you design electronic voting technologically, its still overseen by corruptible government bureaucrats, for which there is no technological solution

but with paper voting, the cheats you can pull off are only crude, requiring armies of cooperating conspirators... and no conspiracy of sufficient size is airtight. therefore: discoverable. a cheat by one guy or a handful is also statistically discoverable: a truck driver of vote boxes in one precinct can't lose 10,000 votes or introduce 10,000 fake ones without being noticed in an audit. and for every one of these paper balot cheats, there a simply 1,000 such variations, attack vectors, for the more complex electronic voting, and even some new and exotic methodologies. so to guard paper voting is simply an easier, less creative process. you can't outwit the committed bad guy in a complex system, but you can outman him in a crude system

2. perception

you can have all of the transparent standards for the PROFESSIONALS that you want. but for your average joe blow, the more the voting process is a black box (press keys -> sausage -> president comes out on other end) the more they are susceptible to lose confidence in the process. paper voting simply is a smaller black box. you write on a piece of paper. the papers ate stacked somewhere. some people scan or look at them if there's a problem: its all eminently comprehensible to anyone how the process works. no databases, no tcp/ ip stacks, no authentication, no encryption... no "sausage" parts that the average voter does not understand and therefore does not trust

democracy is only valid as long as it is seen a legitimate representation of the will of the people. put that legitimacy in doubt, and democracy loses all of its strengths. therefore, we should always, forever more, no matter what technological advances we experience, vote simply with paper

the problem here is technophilia: solving a simple problem in an overly complex way simply because you like the technology. electronic voting is a contrived false solution that introduces far more problems than it solves

Re:everyone should stick to paper

[afc_wimbledon]

I don't disagree, but I'm afraid the X Factor generation will demand a more user friendly way of voting, or they won't bother.

Someone

Last year when I voted, there were no security cameras and we weren't even frisked before voting. I went inside the booth and placed my vote. So if someone really wanted to do this, he could. It's probably only the big cities that have surveillance cameras. The place where I live (small village in south India), the voting was done in a government school building last year. In a country as corrupt as this one, you could probably even pay a small amount of money and go in as the last person to vote and do whatever you want to the device without raising any suspicion.

i don't agree with you

[circletimessquare]

if what you say is true, then people can't grasp that sometimes convenience has to be sacrificed. if what you say is true, then X Factor generation is the end of democracy

it is naive to think that technology offers a better way to vote: there is no technological solution to the bribe-able government bureaucrat

therefore, you have to make the voting process as technologically crude as possible, to prevent creative ways to cheat we cannot foresee

its also a matter of trust in the system. i can trust and verify a paper and a pencil with my own eyes. i can't step into the voting booth and "look" at a tcp/ip stack and trust it

electronic voting will be the downfall of democracy

Re:i don't agree with you

[afc_wimbledon]

Didn't "the downfall of democracy" start when our ancestors decided it was better to elect people to decide things for us rather than doing it directly? Yes, I know that's not how it came about, but representative democracy *is* a concession to convenience over direct democracy.

In Soviet Russia,

the hardware attacks you!

How to build a good voting machine

[jonwil]

For the hardware you need:
Touchscreen with graphics chip and touchscreen controler as an input device

Receipt printer (the kind that has been used in millions of cash registers, ATMs and other devices world wide for a few decades)

Flash memory chip to hold the machine OS and the config file (which candidates are running etc). This should be the kind that when its in the machine, it cannot be written to and has to be removed to write new software or configs. This would have a difficult-to-duplicate-or-remove sticker applied with the voting machines unique serial number to ensure that it hasn't been swapped for another identical chip containing rigged software.

Thumb drive or memory card to hold the counted votes. This would also have a difficult-to-duplicate-or-remove sticker applied with the voting machines unique serial number to ensure it isn't substituted with a fake one containing a different result.

CPU (ARM of some sort would seem to make sense) to control the system with usual support items (power supply, RAM etc)

Tamper-evident case containing the hardware with more difficult-to-duplicate-or-remove stickers with the voting machines serial number covering the screw holes/case edges/etc to ensure you can tell if its been opened.
The receipt printer would be located outside of the tamper-resistant part so the roll can be replaced by poling station officials. Should a machine fail for other reasons (i.e. any reason that would require access to the hardware) that machine would be taken offline and not used for the rest of the election.

Software:
Linux kernel with drivers for the memory card reader, touchscreen, receipt printer etc. (the kernel would be specifically built for the voting machine with everything that is not required for the device such as networking removed)
Basic set of libraries (the bare minimum required to make everything work)
Custom voting machine software.
All software would be 100% open source.

Before the election, the machines are prepared by loading the correct OS and kernel along with the config file for the machine (containing the names and info for the candidates) onto the operating system chips. The operating system chip and vote counting memory card are loaded into the machine. Then the machines are verified and tested. Once they have been verified, they are sealed up and the tamper-evident stickers applied before they get shipped off to the poling booths.

When you go to vote, you pick your candidate on the screen by touching their name. Then you have to press "OK" once you are sure you clicked on the right name.

After your vote is complete, it is recorded in the file on the memory card. Also, a receipt is printed containing a machine readable bar-code corresponding to your vote plus a human readable record. This receipt is then inserted into a ballot box as you depart the polling booth. No part of the machine (receipt included) contains any record of who you are as a voter or any way to associate your vote back to you.

To count the votes, the memory cards are removed from the machines (after checking that the machine was not tampered with and that the memory card is genuine) and sent to the relavent counting office to be read and counted. Should there be a dispute, either the machine readable bar-code or the human readable record can be used as a way to count the ballots.

Maybe some of this is overkill (like labeling the chips with stickers to prevent tampering), I dont know. But when you are talking about something as critical to a free society as an election, its important to get it RIGHT.

My idea would work for any system no matter how many items are on the ballot or how many people are voting (a commonly cited downside of paper systems is that there are too many papers to count and/or too many things being voted on)

My idea wont prevent tampering (of the kind described in TFA) but it will be immediately obvious when someone has tampered with the hardware in the machine (if it works for telling Microsoft or Dell when someone has opened their PC or XBOX and voided the warranty, it should work for a voting machine, especially since getting close enough to one for long enough to fiddle with it is hard when inside a polling station.

Re:How to build a good voting machine

[fgouget]

Here is a non exhaustive list of your mistakes:

• Thinking the software never needs an update (that would be somewhat true with a trivial voting machine such as the Indian one, but not with the one you propose) so that with your scheme it's necessary to regularly remove the tamper-proof stickers to upgrade the software, then put new ones and yet maintain the illusion that the machine has not been tampered with!
• Thinking the stickers protect you against tampering by the government organizing the elections (the ones with the most to lose).
• Thinking the stickers protect the machines for the 11 months they spend in storage waiting for the next election, or thinking any hack done during that period would be detected before the election.
• Not figuring out that the tamper proof stickers can be used for denial of service: break them and you can cast suspicion on all the votes of that computer (only to be done in precincts where your opponent is expected to make a good score).
• Thinking open-source helps: this is no guarantee that the published source is the one running on the day of the election.
• Thinking it's possible to verify that the voting computers are working and have not been tampered with: that's akin to verifying your computer has no virus just by browsing a couple of websites.
• Thinking voting computers are inherently more usable than paper or that people actually verify their vote.
• Thinking you can remove the memory cards containing the votes and ship them around without creating a thousand opportunities for tampering.

Re:How to build a good voting machine

[muphin]

The sony CPU architecture has it right with all its security and obsecurity.
untilize hardware keys, rom hash checking with redundancies, un-erasable logs of system access.
while 100% secure isnt possible with something as public as this, it will prevent more fake votes than paper methods.
include an electronic vote stored digitally on an encrypted flash drive (PGP maybe or with the decryption key stored somewhere else?), one vote sent to a db server (say used for media) and one printed to a spool ( a roll of paper, shows the constant stream of votes, if torn would indicate tampering at a certain point, usually stuff printed on it, time code, voted for, machine code...) then the spool is sent to the counting station, numbers are then recorded and compared to both the db (with lower priority) and the flash drive, no one knowing the true numbers (passive request; send the numbers, compares and flags a different station about the inconsistencies)
Software would be loaded through chips, which are verified on the day and destroyed 3 months after the election, giving time to audit the chips and election results.
now as always there are links in the chain but with oversight and dual process, this can be avoided to provide the most accurate vote.

i do encourage people to discuss and find flaws and provide solutions, as the more minds on this the more likely something might be developed.

you've defined the weakness, not the strength

[circletimessquare]

if you had paper voting, you'd need an army of conspirators (which by nature of its size would be discovered), and an audit would discover statistical perturbations

but with electronic voting, you just bribe the right official or two, and one guy with a few milliseconds of access to the database and some crafty code can alter the votes in statistically invisible ways

Re:you've defined the weakness, not the strength

[andy1307]

Not true. India did have paper voting. The fraud happened before the vote count. Criminals would simply "capture" polling booths and stuff the ballot boxes.

Re:you've defined the weakness, not the strength

[fgouget]

Not true. India did have paper voting. The fraud happened before the vote count. Criminals would simply "capture" polling booths and stuff the ballot boxes.

How do the new voting machines help in this regard?

• In the past they captured the booth, stuffed it, returned it and nobody noticed or corrupt officials used the stuffed ballots anyway.
• Now instead they have to capture the voting machine, stuff it by pressing the right two buttons as shown on the video, and return it so that nobody notice it was missing or so that corrupt officials use the hacked results anyway.

Sorry, I fail to see the difference.

Here's a better solution:

• Use transparent ballot boxes . That way it's obvious if they are stuffed before the start of the election.
• Have volunteers count the votes right at the polling place. Do not ever move the ballot boxes around before counting them.

Re:you've defined the weakness, not the strength

You clearly don't understand how elections in India work.

The new electronic voting machines only let you register a vote once every few minutes. A gang of thugs at the polling place would be able to stuff hundreds of ballots during that time. An electronic voting machine can register maybe 100 fake votes, while paper ballots can enable thousands of fake votes.

If you had volunteers do the counting right at the polling place, the volunteers would just count all the votes as being for their own party. Sure, you might have had volunteers from other parties, but the thugs who took over the polling booth would just bride or intimidate them away. Odds are rural polling booths wouldn't be able to find volunteers from all parties anyway.

dom

Re:you've defined the weakness, not the strength

You are clearly deluded and not very bright with electronic voting fraud. You might want to take good look at your assumption
"The new electronic voting machines only let you register a vote once every few minutes".

<quote><p>You clearly don't understand how elections in India work.</p><p>The new electronic voting machines only let you register a vote once every few minutes. A gang of thugs at the polling place would be able to stuff hundreds of ballots during that time. An electronic voting machine can register maybe 100 fake votes, while paper ballots can enable thousands of fake votes.</p><p>If you had volunteers do the counting right at the polling place, the volunteers would just count all the votes as being for their own party. Sure, you might have had volunteers from other parties, but the thugs who took over the polling booth would just bride or intimidate them away. Odds are rural polling booths wouldn't be able to find volunteers from all parties anyway.</p><p>dom</p></quote>

So you think it matters?

[Gothmolly]

If you still think it really matters who you vote for, then bury your head back in the sand, consume, breed, work, and die.

That's not how it works

[ArsenneLupin]

That's not how the line "no system is 100% secure" is usually used.

Usually, it's being trotten out by poor security professionals to justify not bothering because "as no system can be secure, why bother attempting to secure one?"

Oh deary deary me

Jolly bloody bugger, what is going the flipping heck on here old chappie?

Aw, bless them

[Rogerborg]

I guess when the real problems - massive registration fraud and block voting on the orders of local criminals - are too difficult to deal with, all you've got left is inventing wacky "10 minutes alone with a bag full of hardware" attacks that would work just as well on paper ballots, with a lot less preparation.

Meaningless

[andy1307]

So, to really steal an election, you would have to build millions of these fake devices and deliver them to the remotest of places(the only way to get to some of which is by using an elephant).

Scale of Indian elections and EVMs

[mritunjai]

Folks,

It is important to put the size of elections in India in perspective and how they operate to understand any meaningful amount of fraud or corruption possible.

The EVMs in question are extremely simple. They only have a breakout panel with 32 buttons (expandable upto 64 buttons with an addon breakout button panel). The machine only ever knows the number of enabled buttons. The names and party symbols are affixed as paper "stickers" on the buttons.

---------------------
[B] S First Last Name
---------------------
[B] S First Last Name
------...

The order and placement of stickers on the buttons changes from constituency to constituency. The machines are sealed/unsealed in presence of at least 3 officials, though in practice, it's no less than a dozen or more, as it's a public affair and often media is present.

Some numbers (courtesy http://www.indian-elections.com/facts-figures.html):
Number of EVMs used: 1.023 million
Max candidates per EVM: 64
Max candidates in election from one constituency: 35
Total number of candidates: 5398 (India is a multi-party democracy)
Number of parties: 220
Number of registered voters: 675 million

Cost of '09 elections: Approx $2 billion

Any 'fraud' analysis needs to take the process and numbers into account. EVMs in India solve a LOT of problems with regard to elections and drastically cut down on time, effort and cost involved. There are a number of places where several miles of journey on the back of mule is needed to reach the polling booths. It's much easier to conduct an electronic poll there rather than carrying several large ballot boxes that could be snatched.

Re:Scale of Indian elections and EVMs

[thijsh]

Informative post! But shouldn't the number of EVM's be either 1 million or 100 million? The site mentions 10.25 lahk = 10.25 * 100000, but I'm afraid the dot is a bit ambiguous here... Or is the dot a decimal sign in both this number and yours (in which case I see you're perfectly correct)? I hate those fucking digit group separators, they always confuse international exchange of information.

Re:Scale of Indian elections and EVMs

[sonamchauhan]

> Or is the dot a decimal sign in both this number and yours
Yes, Indians use the British/American convention.

Re:Scale of Indian elections and EVMs

[kromagnon]

You can cry a river all you want but elections are not meant to be easier on the mule. You're not making a point on how EVM's are secure.

Diebold - Good ATM machines, bad voting machines.

[Firethorn]

You also have to figure that e-machines, being used only a couple times a year on average, have to be competitive with paper based systems as far as cost goes, while a ATM Machine has to be competitive with a teller(or three)'s salary spread over most of a decade.

Oh, and for whatever reason, Diebold didn't use the same people in the effort.

absolutely

[circletimessquare]

you seem to think i'm saying that paper voting won't have cheating. of course paper voting will have cheating. all voting systems will have some (hopefully low grade) cheating all the time, forever. there's no way around that, there's no technological fix for that

what i'm asking you to understand is that electronic voting will have cheating too, and the kind of cheating that can go on in electronic voting is far more subtle and dangerous and far more venomous of a threat to the legitimacy of indian democracy than the low grade thuggery you are referring to

Why do elections use machines in the first place?

I never understand why a election should use machine to do the voting. What's wrong with a simple set of paper and stamp?

direct democracy is a joke

[circletimessquare]

not even in a small town is it possible

you WANT representatives, you really do

in a genuine direct democracy, every little zoning board approval or budgetary line item would require your vote. you would spend all day voting. you wouldn't pay attention to the issues: you wouldn't have TIME to pay attention to the issues. you wouldn't have time to educate yourself on the issues in the amount of time possible before the vote was due. every single vote, in nauseous tedium, would require your research. you wouldn't have the time to do live in a direct democracy and still live your life. every single citizen would spend 30 hours or more a week (if they wanted their vote to be an educated one) just dealing with voting on the issues, and that's only at one level of government (local versus state versus national)

for all of the problems of representative democracy (namely, corruption), it still functions far better than this naive, laughable idea of direct democracy in a modern society

Re:direct democracy is a joke

[afc_wimbledon]

Oh I agree - I was trying to say that all sensible forms of what we call democracy are compromises between "true" democracy and convenience. The trick is to get the balance right!

its hard

[circletimessquare]

in fact, all of history is a process of perfecting that balance to better and better degrees, raising the bar to even better orders of perfection, and repeating the process, forever, never completely erasing graft and corruption, but getting closer and closer to something resembling acceptability, barely

Flawed example

Even the writer admits that that wrench would be hard to come by for a mere $5!

Physical tampering is a solved problem

All of these hacks (contrasted to Diebold hacks with rootkits and manipulation by the vendor) presume actual physical tampering - the exact same sort of physical tampering that can be done on paper ballot boxes, the same sort of physical tampering that can be observed and prevented by appropriate monitoring of every polling station by representatives of the opposed political parties, as has been done for ages already.

Re:EVM: Simple tech & tamper resistent procedu

[kromagnon]

I regret to inform you the Election Commission is not competent to make comments on Electronic voting machines.

" poll rigging is minimized to the maximum extent possible " is not good enough.

Perhaps you should start with reading the article and the comments by people who are exposed to "Computer security".

Let me see
Simple accessible technology == Chinese technology ?

Elaborate security procedures == Electronic Voting machines carried on Elephants ... enough said

http://expressbuzz.com/Opinion/Columnists/the-most-bogus-election/71127.html

<quote><p>The way EVMs reduce rigging is not by any superior technology. It is based on simple accessible technology and elaborate procedures to ensure that poll rigging is minimized to the maximum extent possible. Check this very detailed FAQ by Election Commission of India, specifically Q24 and Q28.</p><p><a href="http://www.indian-elections.com/electionfaqs/electronic-voting-machines.html">http://www.indian-elections.com/electionfaqs/electronic-voting-machines.html</a></p></quote>

Election fraud

[kromagnon]

Guess the voting machines were designed by the same genius who gave the country it's most impregnable computer security for the Department of Defense. Phew I'm relived ... NOT

http://www.technomobilez.com/2009/12/11/indian-prime-minister-manmohan-singh%E2%80%99s-web-site-hacked/

http://sify.com/news/hacking-of-army-major-s-computer-is-a-cyber-security-breach-antony-news-national-kfhrOcfbdji.html