Bug In DOS-Based Voting Machines Disrupts Belgian Election

jfruh (300774) writes "In 20 cantons in Belgium's Flanders region, voting machines are x86 PCs from the DOS era, with two serial ports, a parallel port, a paltry 1 megabyte of RAM and a 3.5-inch disk drive used to load the voting software from a bootable DOS disk. A software bug in those machines is slowing the release of the results from yesterday's election, in which voters chose members of the regional, national, and European parliaments. The remaining voting machines, which are Linux-based, are unaffected, as were voters in the French-speaking Wallonia region of the country, most of whom use paper ballots."

They almost made it, too

They were just about to upgrade to Windows XP for the next election.

Re:They almost made it, too

[Darinbob]

DOS is still the most reliable product from Microsoft, they should stick with it. Newer is most definitely not better.

Re:They almost made it, too

True. DOS have less malwares than Windows and don't have network layer for NSA to hack in to manipulate the result.

Re:They almost made it, too

[jellomizer]

You don't remember it crashing if you kept pressing a key really fast.
Or the fact that DOS wasn't much of an OS anyways, so most applications bypassed DOS and went straight to machine language.

Re:They almost made it, too

[OneAhead]

so most applications bypassed DOS and went straight to machine language.

For a voting machine, that sounds very much like a feature.

On The Plus Side...

Who'd want to hack this sack of shit? Nobody. Old is gold.

Re:On The Plus Side...

NSA intern to his boss: "But Sir... we weren't taught Basic or Cobol at uni."

C:\DOS

[barlevg]

c:\dos

c:\dos\run

run\dos\get convicted for election fraud

It's a software bug, hardware unrelated

[mechtech256]

A graphing calculator would probable have adequate power to handle taking votes. If the DOS machines are meeting the specifications required for Flanders elections, there's not much of a reason to upgrade them.

I guess I'm just not seeing the story here. Linux wouldn't stop a software bug either. I guess the only hassle here is that they might have to dig out the parallel cables to patch the machines.

Re:It's a software bug, hardware unrelated

[Hsien-Ko]

I guess their next 'logical' step is to upgrade to Windows XP


and then use the same software in the DOSBox emulator

and then complain on the DOSBox forum that it doesn't work, among the sea of other overentitled 'IT pros' that demand a gaming emulator to fit critical application usage
*facepalm*

Re:It's a software bug, hardware unrelated

[TheGratefulNet]

If the DOS machines are meeting the specifications required for Flanders elections, there's not much of a reason to upgrade them.

do I have to say it?

alright then:

"stupid flanders!"

Re:It's a software bug, hardware unrelated

even a graphing calculator is overkill. an hp48gx can run a preemptive multitasking operating system.

Re:It's a software bug, hardware unrelated

Or write a bunch of new floppies with a usb floppy drive and reboot the machines. Recycling of the old machines would probably exceed a whole local budget for the next elections. Perhaps they could move on to using electric grid isolated, radiation hardened micro controllers one day.

Re:It's a software bug, hardware unrelated

[sillybilly]

Your sig says "It is now safe to switch off your computer."

With DOS, in the old days, you could just cut the power to the computer without any warning, and it would be fine, so shutdown time was 0 seconds, also boot time was super fast, like 1-10 seconds, unless you had a long autoexec.bat and config sys. And that was on 486 CPU's, pre-Pentium's.

DOS came with no bullshit, you can't really blame DOS for the programming error in the voting software, DOS is a reliable, secure(has no network layer unless you add one, and you can add non-tcp-ip stuff), real time, direct hardware access, and it is reliable and secure because it's so small, it fits on a floppy with plenty of room to spare unlike these 5 GB bloatloads of crap with daily patches they are releasing at microshaft these days. I don't remember a single service pack for DOS. Well, there were incremental versions, like 6.0, 6.2, 6.21, 6.22. By the way windows 95 comes with DOS 7,0, a very good version, and you can find most of the missing stuff in the oldmsdos folder on the win95 cdrom. Plus you get a neat version of windows for free,with a very small registry, and relatively low bs, but it doesn't run much modern stuff either, but it runs VB6 classic, and Office 97 just fine. They have yet to make an office version better than Office 97sp2 (service packs mostly fix vba crashes, but you can almost live with those crashes/hangs), Office 2000 is on par without needing bugfix service packs, while office 2002 is already too bloated(plus may require the activation bullshit), shit started going downhill by then, really accelerating by 2003, and pretty much turning into annoying piece of crap by office 2007, plus activation. Activation means you can't run it 50 years from now if Microsoft is out of business by then, or they simply refuse to activate it, and instead tell you to upgrade, which may happen even these days, to all versions starting with office xp=office 2002. Same goes for the OS, if you're packing up reserves for the future, and archiving stuff in case you have to go back to it, go for win95 full version that includes dos 7, and windows 2000, the very last windows without activation, also office 97 with sp1+sp2, and VB6 sp5 (don't use sp6, it introduces bugs on purpose, to usher along for upgrading.) Also Firebase database might come in handy, or ADO with SQL Server 7 or 2000, but SQL Server is expensive, and on a network it requires NT/2k server with client access licenses and such, so it's better to run off a common file on a network drive, or off of PostgreSQL 6-8 on Linux 2.4/2.6. The DOA database with office 97 access kinda sucks, but the access 2000 one is ADO, and the two are not compatible, ADO being much simpler than DOA, but it started to get bloated a bit, not enough to not make it better than DOA. Also from what I read delphi 5 and 7 are golden, but there is Lazarus now, I don't know how that would work on win95. Absolutely nobody is selling delphi 5 or 7, or it's like 300 bux. Delphi was a secret of coding houses cutting development time by like 5x compared to all the alternatives. I never programmed in it, but I've seen a lot of quality software by very smart people written in it, so it must be something really good if they chose it. VB6/VBA still kicks ass for basic stuff, but it's not very fast, and for heavy duty large projects, in development speed and code execution speed and codesize kept in balance, nothing beats delphi 5 or 7. The later dotnet versions of delphi are absolute pure raw crap, from what I read, just like anything touched by dotnet.

Re:It's a software bug, hardware unrelated

With DOS, in the old days, you could just cut the power to the computer without any warning, and it would be fine, so shutdown time was 0 seconds, also boot time was super fast, like 1-10 seconds, unless you had a long autoexec.bat and config sys. And that was on 486 CPU's, pre-Pentium's.

I used to have long dos boot times, normally because of damn Creative drivers!

Re:It's a software bug, hardware unrelated

[sillybilly]

Reading code in dotnet or java has the following retarded feeling: they keep specifying the context, just to make sure you don't get bitten in the ass if someone switches context on you or it's confusing what context you are in. So

Author("Shakespeare").Play("The Merchant of Venice").Scene("Scene1").Actors("Antonio, Salarino, Salario").Actions("Enter");
Author("Shakespeare").Play("The Merchant of Venice").Scene("Scene1").Actors("Antonio").Actions("Speak").Phrase("In footh I know not why I am so Sad");
Author("Shakespeare").Play("The Merchant of Venice").Scene("Scene1").Actors("Antonio").Actions("Speak").Phrase("It wearies me: you say it wearies you;");
Author("Shakespeare").Play("The Merchant of Venice").Scene("Scene1").Actors("Antonio").Actions("Speak").Phrase("But how I caught it, found it, or came by it,");
Author("Shakespeare").Play("The Merchant of Venice").Scene("Scene1").Actors("Antonio").Actions("Speak").Phrase("What stuffe 'tis made of , whereof it is borne,");
Author("Shakespeare").Play("The Merchant of Venice").Scene("Scene1").Actors("Antonio").Actions("Speak").Phrase("I am to learn.");
Author("Shakespeare").Play("The Merchant of Venice").Scene("Scene1").Actors("Antonio").Actions("Speak").Phrase("And such a want-wit sadness makes of me,");
Author("Shakespeare").Play("The Merchant of Venice").Scene("Scene1").Actors("Antonio").Actions("Speak").Phrase("That I have much ado to know myself.");
Author("Shakespeare").Play("The Merchant of Venice").Scene("Scene1").Actors("Salarino").Actions("Speak").Phrase("Your mind is tossing on the ocean,");
Author("Shakespeare").Play("The Merchant of Venice").Scene("Scene1").Actors("Salarino").Actions("Speak").Phrase("There, where your argosies with portly sail,");
etc, etc...

As in how much more retarded can you get? I get worn out by the overhead of reading through all the useless crap, compared to a normal reading where I keep the title, the play, the scene as context in my head and don't constantly fucking repeat it. Yeah there is a risk that somebody might change the title on me unknowingly, and I'm still gonna be reading the text thinking I'm reading the Merchant of Venice, when actually it's Othello. Yeah.

Re:It's a software bug, hardware unrelated

[sillybilly]

In fact I should have been more specific and include the above in a context like this:

ParallelUniverse("Universe#347").Galaxy("Milky Way).Star("Solaris").Planet("Earth").Calendars("Gregorian").Century("16th AD")..AuthorLastname("Shakespeare").AuthorMiddleName("#NULL").AuthorFirstName("William").Play("The Merchant of Venice").Scene("Scene1").Actors("Antonio, Salarino, Salario").Actions("Enter");

etc,etc. Hey in VB Classic (pre dotnet) the custom was this:

With ParallelUniverse("Universe#347").Galaxy("Milky Way).Star("Solaris").Planet("Earth").Calendars("Gregorian").Century("16th AD")..AuthorLastname("Shakespeare").AuthorMiddleName("#NULL").AuthorFirstName("William").Play("The Merchant of Venice").Scene("Scene1").Actors("Antonio").Actions("Speak")

In sooth, I know not why I am so sad:
It wearies me; you say it wearies you;
But how I caught it, found it, or came by it,
What stuff 'tis made of, whereof it is born,
I am to learn;
And such a want-wit sadness makes of me,
That I have much ado to know myself.

End With

Slashdot won't respect indentations. Has anyone ever heard of the concept of context? and every time you call that dot "." it taxes the cpu heavily. But I'm guessing it's done on purpose, it's promoted to the world as a competitive measure, so nobody out there can program well, or at least we get an excuse to tell people to upgrade, and keep buying faster cpu's.

Re:It's a software bug, hardware unrelated

[X0563511]

With DOS, in the old days, you could just cut the power to the computer without any warning, and it would be fine.

I know, right? Who needs buffers, or disk cache, or any of that other fluff...

Apparently you don't need line breaks, either.

Re:It's a software bug, hardware unrelated

[bluegutang]

and then complain on the DOSBox forum that it doesn't work, among the sea of other overentitled 'IT pros' that demand a gaming emulator to fit critical application usage

That's a good problem for the DOSBox developers to have. Should provide for some well paying consulting jobs...

Re: It's a software bug, hardware unrelated

Still using Delphi 5. Kicks ass.

Re:It's a software bug, hardware unrelated

[sjames]

Depending on the context, all of those might only get in the way. For example, a voting machine :-)

Re:It's a software bug, hardware unrelated

[sillybilly]

Smartdrv disk caching was activated on CD drives, for caching, but those were read only back then, so you could cut the power on the disk cache. You had like 30 disk buffers, but seriously, there was not poweroff or reboot command like there is in linux, that goes sending all services the sighalt, then sending all services the sigkill, yadda yadda.. in DOS, once you got the C:\> prompt the only way to really shut it off was to cut the power, or press Ctrl+Alt+Del, and in neither case did it display a "wait til I flush my disk buffers" message. And I don't remember it getting corrupted over improper shutdowns, there was no such thing as an improper shutdown. In fact I had to show an engineer as late at 97 that when you shut down windows 95, you can't just cut the power, like you used to in DOS, you have to click Start, Shut Down, etc. He went around the offices asking others if they knew about it. He kept wondering for years why his computer always complained when it was booting, and sometimes his EPA emissions reporting spreadsheets got corrupted, luckily he had floppy backups. To him click the Start button to shut the computer down was nonsense, he shut it off like a DOS computer, or a TV, VCR, Microwave - when you power off your radio or tv, none of them give you a screen like windows does, on, say a laptop, as in hold on and please wait while I masturbate a bit with my shutdown bullshit, before you can go and unplug it from the power chord and get on with your life with it. That's one of the worst things to say to a customer: please wait. When powering off, DOS never told you to "please wait while I masturbate a bit here."

Re: It's a software bug, hardware unrelated

[sillybilly]

How much you sellin it for? I'm really tempted for an unlicensed warez copy. Heck, after the apocalypse nobody's going to care that it's not properly licensed, you'll be happy to have food on the table every day, and to not be the food on thy neighbors table.

Re:It's a software bug, hardware unrelated

[Optali]

May I make you note that Vlanderen is only ONE of the provinces of Belgium? And while te Dutch don't care if you call them all "Hollanders" and the country "Holland". The Belgian, on the other hand, DO bother if you call the country "Flanders", to such extent actually, that they are just now as we speak at the edge of dividing the country in two. If you aren't informed: They speak wo very different languages: Dutch (well, Vlaams) and French. And there are even a few ultra-nationalistic right wing parties aimed exclusively at splitting the country (oh, well, and get rid of the moroccans too). Groeten vanuit het Echte Holland, namelijk Noord-Holland (niet dat Zuid-Holland niet echt is, ik bedoel dat dat wel 'Holland' is, toch?)

Paltry

[wiredlogic]

The problem wasn't on the voting machines with the "paltry" amount of memory:

After the elections are over the results are loaded on a 3.5-inch floppy disk and shipped to the canton headquarters where the disks are fed into another computer that adds up the votes before sending the results to the ministry. It was there that the problem occurred, the spokesman said, adding that the votes that ended up on the disks were correct.

There is nothing wrong with a simple dedicated system that is based on proven hardware. Most of the computers in use today have even less than 1MiB at their disposal. It is a fallacy of thought that you have to have an extensive operating system with virtual memory and other elaborate support systems to accomplish a simple task.

Re:Paltry

precisely.

less code, less potential problems. kiss.

Re:Paltry

[ArcadeMan]

Hell, an x86 computer with 1MiB of RAM and a 3.5-inch floppy drive is totally overkill.

A simple ATmega328P would be more than enough for this simple task.

Re:Paltry

"There is nothing wrong with a simple dedicated system that is based on proven hardware." - This!

This is the absolutely BEST way to design a system like this. We have systems like this (nuclear) that has been running since 1993 without a single software failure. If it absolutely 100% positively MUST work? Go for KISS!

Re:Paltry

Well, I wouldn't trust 3.5" floppies with important data, although the rest of it might be fine hardware-wise. 3.5" is sorta like proven-bad, not proven-good.

Re:Paltry

[v1]

It is a fallacy of thought that you have to have an extensive operating system with virtual memory and other elaborate support systems to accomplish a simple task.

My work with the Arduino can produce surprisingly complex operations in under 32kb. (for the program, the runtime, AND the variable ram)

Re:Paltry

Or, even better: No code, and a system that everybody who votes can easily understand and that is utterly fraud-proof.

There is literally no reason to use complicated, impossible to trust devices for a job that people solve way better and quickly enough.

Re:Paltry

This.

Boot DOS off USB, write to USB? Would need a hardware refresh though.

Re:Paltry

[Firethorn]

There is nothing wrong with a simple dedicated system that is based on proven hardware.

There are however problems when your 'simple dedicated system' is based on hardware that is now so obsolete that it's no longer manufactured; meaning that any hardware failures means that you're having to source unproven used hardware in increasingly limited quantities, or go to shady 3rd party manufacturers that don't have the quality control of the original.

Re:Paltry

[NoNonAlphaCharsHere]

This is the kind of project you could do in a weekend on a Raspberry Pi. Off-the-shelf , disposable hardware; demonstrably provable software.

Re:Paltry

[JimSadler]

I enjoyed DOS and in particular IBM PC DOS. And we could do a lot with it. Even if we went back to the 386 era I'll bet that there could still be lots of software improvements that were never exploited.

Re:Paltry

[JohnnyBGod]

3.5" floppy disks are proven... to be horribly unreliable.

Re:Paltry

[HornWumpus]

Fraud proof? What system is that?

Do I have to provide links to all the election workers that find paper ballots in their trunk right after they know just how many votes they need? Cite LBJ?

Re:Paltry

[flargleblarg]

There are however problems when your 'simple dedicated system' is based on hardware that is now so obsolete that it's no longer manufactured; meaning that any hardware failures means that you're having to source unproven used hardware in increasingly limited quantities, or go to shady 3rd party manufacturers that don't have the quality control of the original.

I think the words you're looking for there are “decreasing limited quantities.”

Re:Paltry

No, retard, those are not the words he's looking for. Limitations can increase, you moronic fuckstick. Calculator-fucking pieces of shit like you shouldn't be allowed to speak to real humans. Fucking kill yourself.

Re:Paltry

Can't happen if the election workers are watched by other people from all parties at all times, as they are in every good system.

You _can_ do paper ballots wrong, if you try, but if you do paper ballots right, they _are_ fraud proof - if anybody tried to cheat, you would know right away. With computers, you will never know if the computer lied, unless you use cryptographic systems so complex hardly anybody understands them - which makes these systems worthless in a general election.

Re:Paltry

Demonstrable to whom? What if I don't trust the people who did the verification? What if the hardware was modified - how would you verify that each single piece of hardware that is used does what it is supposed to? What if the system was modified by somebody right before the election? What if it was modified during the election, in the booth? And why should anybody who has no idea about computers and software verification trust that the people who did the verification aren't lying to them?

Elections are a solved problem. Paper ballots are how you do elections. There is no use in introducing additional complexity in the form of computers to something where failure is absolutely not acceptable.

Re:Paltry

Are you Dutch?
Cause they always be whining about belgians...

Re:Paltry

[fgouget]

Do I have to provide links to all the election workers that find paper ballots in their trunk right after they know just how many votes they need? Cite LBJ?

Sure, one can make a paper based voting system that can be hacked. The easiest way is to require that all ballots be moved around to a central location before they are counted. That provides plenty enough of opportunities for fraud during transport. To maximize fraud-opportunities, cost and slowness you can even claim you cannot start counting the ballots until the next day so all the ballot boxes have time to arrive and so you don't have to pay the people you hired extra for night work.

Or you can pick volunteers among the voters to count the ballots as soon as the election closes, right in the polling station. With tables of four volunteers working together and checking each other's work (in addition to the usual party representatives), you get the results within 2 hours and have a really fraud-proof system. It also scales nicely with both the number of polling stations and the population, and needs only 1% to volunteer.

Re:Paltry

[fgouget]

This is the kind of project you could do in a weekend on a Raspberry Pi. Off-the-shelf , disposable hardware; demonstrably provable software.

A voter will never be allowed to verify that the software actually running on the voting computer is your 'demonstrably provable software' software. If he were allowed to do so, not only would it cause a huge backup in the line, but it would also require completely compromising the security of the system. Then that voter would also have to check that the hardware is really an unmodified Raspberry Pi board rather than one that was 'upgraded' by the NSA (or someone else).

Open-source (or provable software) and open-hardware change strictly nothing to the electronic voting opacity.

Re:Paltry

[makapuf]

You'd use a Mega for this ? An attiny25 should be enough !

Re:Paltry

[bruce_the_loon]

South Africa just did it that way and it works well. First you count the total ballots, still folded, then you count the votes and that way nobody can add other ballots in during the vote tally to make up numbers. No cellphones etc allowed in the hands of the counters, elections officials or party observers during the count.

Got one addition to the process that we don't do. No results should be released from a polling station until every single station has finished counting and certified within the station. Forget this running TV tally and all that crap, if the numbers in each station remain secret until all stations are ready to report, then you can reduce the risk of "finding" additional votes in the trunk of a car.

Re:Paltry

[gmhowell]

Don't you have some more roommates and sorority sisters to kill?

Re:Paltry

[freeze128]

3.5" floppy disks are proven... to be horribly unreliable.... Over the course of several years.

However, for one night, I think they will do just fine.

Re:Paltry

[aberglas]

Well, the Australian system is pretty fraud proof. Ballots are put into sealed boxes. Scrutineers appointed by the candidates supervise the count. I've been a scrutineer, and it is all pretty efficient and friendly in practice. Count is made on election night. And it is much, much cheaper than the computer systems.

Re:Paltry

[Darinbob]

AVR, why not go with PIC so as the be incomprehensible to people trying to hack it? Or better yet, 8051 for total security.

Re:Paltry

[Darinbob]

Then you plug it into a machine that has internet access and get hacked. No thanks.

Re:Paltry

[Darinbob]

They could burn up in a fire though! We should go back to paper ballots.

Re:Paltry

[dosius]

We've always used MECHANICAL voting machines here.

Re:Paltry

Let's just not mention 1375 WA senate votes, shall we?

(Detecting the fraud is not the same as preventing it)

Re:Paltry

The "paltry" 1MB of memory is a complete red herring. Doesn't anybody remember that an x86 can't use more memory than that without a proprietary memory manager. DOS programmers spent a lot of time creating overlays to allow large programs to run.

Re:Paltry

[Renaud]

Or you can pick volunteers among the voters to count the ballots as soon as the election closes, right in the polling station. With tables of four volunteers working together and checking each other's work (in addition to the usual party representatives), you get the results within 2 hours and have a really fraud-proof system. It also scales nicely with both the number of polling stations and the population, and needs only 1% to volunteer.

This is how France does it and always has. One of the few places where I won't complain about archaism : it just works, and the 2000 US presidential election fiasco for entire days seemed utterly insane to us.

Re:Paltry

[Chaos+Incarnate]

The "running TV tally" is from exit polling, which you can't do anything about. It's not actual vote counting.

Re:Paltry

[dryeo]

Around here the "running TV tally" is actual polling stations reporting in. Starts almost as soon as the polls close and usually within a couple of hours it is usually obvious who the winners are in most ridings. Counting paper votes as the above poster said, is fast. Helps to vote for specific things as well rather then everything from the head of state to dogcatcher at once.

Re:Paltry

[Askmum]

Not only can a paper voting system be hacked, incorrect or even malicious handling of paper ballots can have an effect on voting. Weblog Geenstijl.nl organized a popular count of the vote for the EU elections on Thursday in the Netherlands. The government was not allowed by EU rules to release the total result before end of voting on sunday, but the Netherlands voted on Thursday. Because of Dutch law, an individual is allowed to observe the vote and can request a reading of the results.
Observed anomalies: voters having voted for a party and the party having 0 votes in the results. Or a counter leaving the room with ballots and returning again (with the ballots). No possibility to check what happened with those ballots during her absence.
From previous counts I have reports of tallies being added "to the wrong column" which resulted in votes for candidate #1 going to #2, votes for #2 going to #3, etc.

It bugs me that there are apparently one-count-only errors. If you count again, you would have caught those errors.

Re:Paltry

This is a common misunderstanding among computer noobs. You can not hack what is not there and more code does not make your software more secure.

And WHY would you have a TCP/IP stack on a voting machine and connect it to the Internet? (only answer, you are incompetent or lazy or both)

Re:Paltry

Are you Dutch?
Cause they always be whining about belgians...

(Stupid ) Flanders is Dutch Belguim so great recursion if poster is

Re:Paltry

That and ticker tape would probably be the best..... but its a pain to design, manufacture and haul around.

Re:Paltry

[jones_supa]

Well said, that's probably true.

Re:Paltry

The voting software used in Belgium is open source (not free software). You can get the source code here for the 2010 elections: http://www.verkiezingen.fgov.be/index.php?id=1673&L=1

This year new machines were used (DigiVote) which work much better and are more modern. You can get the 2014 software here: http://www.verkiezingen.fgov.be/index.php?id=3285&L=1 (will become available in 15 days, when the period where the verification agency can complain about hacking/fraud is over)

Re:Paltry

[Goaway]

demonstrably provable software.

No such thing exists, or can exist.

Re:Paltry

[Eunuchswear]

Are you Dutch?
Cause they always be whining about belgians...

(Stupid ) Flanders is Dutch Belguim so great recursion if poster is

Well, France regards Wallonia, Francophone Belgium, as its retarded cousin, so I can imagine that Holland feels the same about Flanders.

Re:Paltry

[Parker+Lewis]

Yeap, because closed source software and hardware cannot be "upgraded" by NSA, right? I agree with you that cannot be a "Rasperberry PI", but it should be a open source solution, open to be auditable by any interested experts.

Re:Paltry

[fgouget]

Yeap, because closed source software and hardware cannot be "upgraded" by NSA, right?

You missed the important part:

A voter will never be allowed to verify that the software actually running on the voting computer is your 'demonstrably provable software' software. (or in your case the audited open-source software)

Re:Paltry

[ArcadeMan]

If you're going to use a 8051 you might as well go with a Z80. Heck, go with a classic GameBoy, it's got a built-in display and gamepad. Save the votes to the flash cart memory and you're done.

Re:Paltry

[Kiwikwi]

A microprocessor? Ha! In Denmark, we use PEN and PAPER, and it's still powerful enough!

Seriously, people. Pen and paper. Secure, secret voting doesn't need to be rocket science, please don't try to make it so.

Re:Paltry

[david_thornley]

Or you can have paper ballots that are machine-tabulated with random on-the-scene counts to be on the safe side. Automatic reporting and the ability to do a recount based on a system everybody understands. Works here in Minnesota, and we've had a couple of exceedingly close elections recently.

Re:Paltry

[fgouget]

Or you can have paper ballots that are machine-tabulated with random on-the-scene counts to be on the safe side.

That could work if:

• * the manual count is really on the scene, that is in the polling station, no moving of the ballot boxes involved;
• * truly random, and making sure something is random is pretty hard;
• * unexpected, that is the decision to do a manual count in at a given polling station should not be decided in the morning otherwise it's easy for an attacker to only tamper with the ballots in the other polling stations;
• * and concerns a large enough sample to actually detect fraud, and if I remember correctly there was a study that found it's necessary to recount more ballots than one would expect, obviously particularly so in close races.

I'm unconvinced that all these (necessary but maybe not sufficient) conditions are actually met. Frankly it seems much simpler to just discard the machines, count everything by hand and be done with it.

overly complicated

[WhiteZook]

A simple microcontroller could have done the job, so why introduce unnecessary complications and attack vectors by using DOS or Linux ?

Re:overly complicated

[TechyImmigrant]

Because writing the 3.5" floppy driver would suck.

Re:overly complicated

[WhiteZook]

That's why you'd use a USB stick instead. Seriously, who ever thought that a 3.5" floppy disk would be a good way to transfer data ? I haven't seen a floppy drive on a computer for at least a decade.

Re:overly complicated

[TechyImmigrant]

A USB driver is a lot more complex than a 3.5" floppy disk driver.

PCMCIA/CF is pretty simple. If I was doing custom hardware, I would use that. Off the shelf cards. Simple bus operations. Many microcontrollers can drive the bus directly.

DOS is still a reasonable choice. It works, isn't complex and there's lots of off the shelf hardware that runs it.

Re:overly complicated

[TheRealMindChild]

Writing a floppy driver is by far one of the easiest hardware drivers to write

Re:overly complicated

[Rob+the+Bold]

Writing a floppy driver is by far one of the easiest hardware drivers to write

Using an existing, tested, and documented library so you can concentrate on the actual problem you're trying solve is even easier.

Re:overly complicated

[EmperorArthur]

SD cards are actually even easier since you can talk to them over SPI. You can get a fifty cent microcontroller to read and write from those with no problem. The annoying thing is that those microcontrollers use a Harvard architecture. Instruction and data code use entirely different memory. So you can read and write to an SD card, you just can't run code off it.

Re:overly complicated

[TechyImmigrant]

I think the legitimate issue with floppy disks is the reliability of the medium and the long term availability of replacements.

Writing a floppy driver for hardware that has a floppy disk controller chip is easy. Writing one that has to bit bang the interface is anything but simple.

Re:overly complicated

[TechyImmigrant]

> So you can read and write to an SD card, you just can't run code off it.

That seems like a good thing for a voting machine.

Re:overly complicated

[EmperorArthur]

> So you can read and write to an SD card, you just can't run code off it.

That seems like a good thing for a voting machine.

Good for voting machines, bad for anyone who doesn't need any fancy features but needs more than 4k Bytes of code. Since that's your entire program space with those small microcontrollers. You find weird bugs and limitations in many of those since they have to use a stripped down libc. When you hit that code cap most of the time your only option is to redesign the entire board or start using hacks to cut down on code size. The Arduino might have popularized them, but microcontrollers are still a game where you spend hundreds of thousands of dollars up front just to save ten cents per unit.

Also, since it's much more of a pain to update code don't expect things to be patched unless they're critical. Even then it would be really expensive. Worse, since these things still use a stack you can still get them via Return Oriented Programming.

Re:overly complicated

[makapuf]

Yes, and if the fuses allow that you could even program the flash with it ( boot loaders are allowed in Harvard arch)

Re:overly complicated

[TechyImmigrant]

Where did 4K of code come from?

I would expect to use a micro that can address enough memory for the job to be done right.
Who mentioned Arduinos? It wasn't me.

Re:overly complicated

[EmperorArthur]

Where did 4K of code come from?

I would expect to use a micro that can address enough memory for the job to be done right.
Who mentioned Arduinos? It wasn't me.

I was just talking in general. When someone says "simple microcontroller" I think of an ATMicro/Mega or something like the MSP430 most of which cap out somewhere between 2 and 16k. Anything more than that is a full ARM soc and normally is expensive and has finicky power and i/o requirements compared to the "simple microcontrollers" I normally work with. They're the lap of luxury since, like I said, you normally spend large amounts of time to make the code work with the 4k device instead of the 16k just to save a few cents per unit.

Re:overly complicated

[bruce_the_loon]

4K? Huh?

The Atmel megaAVR series ranges from 4Kb to 256Kb code space. The Arduino Uno boards have been running the 32Kb chip since rev 1.

Re:overly complicated

[EmperorArthur]

Like I said, cost is king.

Heck, I've been trying to redesign something to use the ATTiny and bitbang USB. Thinking about it, that's where the 4k number came from. Boards with more memory and more features are getting cheaper and that's awesome. I can't wait for when integrated USB becomes as common as integrated SPI and TTL.

Now if you'll excuse me I need to get out of my cave and yell at some kids on my lawn.

Re:overly complicated

[Darinbob]

A floppy driver is much simpler to write than a USB driver by far.

Re:overly complicated

[TechyImmigrant]

Microcontrollers come in many shapes and sizes. There's a whole spectrum of devices between MPS430s and ARM7TMDIs.

I personally like the Siemens 80C166 or one of the many 68k derivatives. Simple, lots of IO and robust. Young whippersnappers might choose AVRs 68HC16s or similar things for the same reasons.

But an x86 micro that can run DoS has the obvious advantage that it can run DoS. That addresses a number of issues,

Re:overly complicated

[jones_supa]

Writing a floppy driver is by far one of the easiest hardware drivers to write

This is not true at all. Do you have any experience of writing a floppy driver?

Re:overly complicated

Well it looks like this voting machine problem can never be solved because you can always think up one more problem.
We had voting machines that were 68k-based with code in EPROM, very little RAM, and flash for vote storage.
People were whining that the contents of the EPROM could not be trusted and that the EPROM could be changed while the
unit was outside of the voting room.
So the machines were modified so that the EPROM was under a seal and any tampering would be visible on the seal so
it could be verified by the voting commission.
But still they were whining about other possible things that could go wrong, even when very unlikely.

What makes it such nonsense is that always a lot of things are pointed out that can go wrong with voting machines, but
never any doubt is cast about the pencil-and-paper system that replaced it. In reality, the result of the election is
different on every re-count. When two parties are within a couple of hundred votes, they request a re-count and the
result turns out to be the other way around. So the other party requests a re-count an the result is again different.
Apparently that system is a lot more unreliable, but it is chosen because everyone can see that it is unreliable.
Weird.

Re:overly complicated

But an x86 micro that can run DoS has the obvious advantage that it can run DoS.

You consider it an advantage to be able to run a Denial of Service attack?

Re:overly complicated

Good for voting machines, bad for anyone who doesn't need any fancy features but needs more than 4k Bytes of code.

Well, we are discussing voting machines here. And I doubt that you need more than 4K for the voting machine code. After all, i's a rather simple job: Display the names of the candidates, read in the choice, add 1 to the corresponding counter on the machine. Repeat until switched off.

There probably should also be startup code which checks that initially all counters are zero and gives a warning otherwise, to prevent vote fraud using a tampered-with SD card (code to set the counters to zero is not a good idea because then forcibly rebooting the voting machine would remove all previous votes).

BTW, you can also run code from SD cards with a Harvard architecture by using a bytecode interpreter. You probably don't want that in a voting machine, though.

Re:overly complicated

[TechyImmigrant]

Yes. Discredit the voting machines. Go back to paper and pencil.

Re:overly complicated

[TheRealMindChild]

Quite a few. First with my personal OS project, along side a FAT* library. Then I got it working on Linux (easiest), BeOS, Windows NT4, and Windows CE 1.21

Re:overly complicated

[jones_supa]

I'm so sorry. I'm getting off your lawn right now.

Obligatory

[ArcadeMan]

Stupid Flanders.

Re:Obligatory

[SomeoneFromBelgium]

I don't see what is stupid about electronic voting. The article seems to suggest that it is stupid to attempt electronic voting. And on the french speaking side the are convinced: they will not attempt any type of electronic voting. Even more: where electronic voting is currently used they plan on reversing to paper and pencil.

That is progress!

Flanders meanwhile has identified the shortcomings in the current system for some time and is moving to the Linux based system.
Now it's allmost completely phase out. Iit is it offers good reliablility, improved user friendlyness with a touch screen and it prints out a voting slip that is then scanned at the ballot box just before the slip is put inside.

In this way the votes can be counted manually when discussions occur.

And yes: paper and pencil is cheaper. If you don't count all the 'volonteers' that have to spend their sunday evening on counting and recounting. Since they work practilcally for free while the support people for the voting machines do not.

Re:Obligatory

[jones_supa]

I don't see what is stupid about electronic voting.

It was just a Simpsons reference.

Re:Obligatory

Buenos Ding Dong Diddly Dias, Senor!

Paper trail

[ArcadeMan]

In Canada, we use paper voting and we usually know the results of national elections within 24 hours.

Why mess with electronic voting?

Re:Paper trail

[sribe]

Why mess with electronic voting?

SHINY! OOH OOH SHINY! That's why ;-)

Re:Paper trail

In Canada we have Pierre Poutine to mess with the voters.

Re:Paper trail

[CastrTroy]

Also worth pointing out that the votes are counted so fast, that they had to enact a law so that the results from the east coast weren't reported before the polls on the west coast had closed to prevent the results from influencing voters on the other side of the country. These laws were often ignored (not by the big media companies), and were hard to enforce, and I think they've been eliminated because of this, but the idea made sense.

Re:Paper trail

[Dr_Barnowl]

> Why mess with electronic voting?

Because it's much less heavy lifting to stuff the ballot box.

Re:Paper trail

In the US we know the results 24 hours AHEAD of the elections, regardless of voting system used.

Re:Paper trail

[cpghost]

24 hours is quite a long time actually. In Germany, we use paper voting too, and the (final) results are usually available within 2-3 hours, 4 hours at most.

Re:Paper trail

[cpghost]

Why mess with electronic voting?

So that the NSA gets to see the results before the Canadians themselves?

Re:Paper trail

[Zeromous]

Does Germany have 5 timezones?

Re:Paper trail

Electronic voting pros :
- Fast counting of votes
- Ecologic (That is if you dont throw the computers away after every voting like it has been done)
- Papers, less papers ..
- you can't possibly make a mistake (or draw a penis on the middle of the paper) which would invalidate the voting
Electronic voting cons :
- Four times more expensive to setup according to the belgian federal govt
- Shit happens !

Some of the ideas laying around here in belgium

Re:Paper trail

[Rumagent]

No good reason. Except perhaps that a perfectly implemented system (if such a thing is possible, so far none has been devised) would be faster.

Apart from that, the paper version is:

Cheap,
Reliable,
Repeatable
Extremely hard to rig on a large scale,
Well tested
Durable,

And most important of all: Easy to understand and audit by a layperson.

Many slashdot readers are well versed in CS and we do not trust these systems. How then can we expect the public to have any faith in these systems?

If the many CS guys out there really want to help, they should think out algorithms for sorting that are efficient, precise and can be done by humans - preferably with some error correction built in. It will not make anyone rich, but it may just keep a bit of faith in elections

Re:Paper trail

[Hognoxious]

How are they hard to enforce? You just tell your equivalent of what we in the mother country call "the returning officer" to not announce them until the right time.

Now that won't do anything about speculation, but that's not the same as getting the actual results. Indeed it's frequently far from it

Re:Paper trail

[ArcadeMan]

How about inserting voting results into the bitcoin blockchain? Some transactions come with comments built-in (ex: "CoinAd.com Payment").

If you can trust the data going into it (vote counts as bitcoin blockchain public comments), I don't know anything else that would be harder to rig right now.

Re:Paper trail

[dasunt]

In the elections I vote in, we have a paper ballot. We then put that ballot through a machine, which either accepts it or rejects it as invalid.

We have the advantages of a paper trail, and the advantages of extremely quick counting.

Re:Paper trail

[Hognoxious]

Yes, but that's Germany. If anyone is a) good at paperwork and b) extremely efficient it's Johnny Hun.

Belgians, on the other hand, are mostly blithering imbecilic fucktards who get away with it because they camouflage the fact that they don't have a clue what they're talking about by being able to do it in several languages.

Re:Paper trail

[Kjella]

Well, this was about electronic aggregation. As far as I know most quick paper elections use a bar/QR code, electronic counting/sorting and the preliminary sums are sent in electronically. The official results (hand counted, disputed votes, signed election protocol etc. are typically not available until a while later but the number of votes is usually too small to matter much. Occasionally two candidates are really really close though, I know in our last parliament election one was in and out until the very last votes were counted.

Re:Paper trail

[Rumagent]

I do not know:) Perhaps, if you somehow could create a trusted and platform to run it on, educate the voters enough to both verify their vote and the election process itself (the blockchain and the platform). None of which is trivial, but I guess it is not impossible

The point remains however: What have you gained apart introducing a lot of complexity?

Re:Paper trail

Continental UE has 3 timezones and results of the European elections were known the same evening. Actually, in some EU countries voting ends at 19 pm and first official (partial) results are ready to go on TV at 20pm. For European elections Italy votes until 10pm or something like that, first official results (for the whole EU) were delayed until after Italy finished voting. Citizens from overseas territories under EU jurisdiction voted few days before to avoid delays due to their timezone.

Re:Paper trail

Incredibly hard to understand for a layperson (the foundation of your democratic government should not depend on anything the average person cannot understand), not easy to make secret (elections need to be secret, that is a core requirement you are not allowed to drop), and suddenly people can ddos your election? Yeah, no.

Re:Paper trail

> rejects it as invalid.

That's horrible. So if the version of Republicans you have in your country don't agree with your vote, they just refuse to count it? That's as bad as the mail by voting we have here in Seattle. The rulers here throw away votes and there's no way to fight the system. They can lie and claim you didn't fill-out the bubbles correctly or lie and claim you didn't sign the ballot. That is why in my neighborhood more than 15% of the votes were for Rmoney in the last election despite the fact that there aren't that many idiots here. The Republicans that rule here threw away a lot of Democrat votes in order to boost Rmoney's votes. That makes us look like complete morons by having nearly 1 out of 5 people being complete fucking drooling racist idiots.

Re:Paper trail

[Buzer]

Many slashdot readers are well versed in CS and we do not trust these systems. How then can we expect the public to have any faith in these systems?

Like that matters. We don't trust most of the things, but public is perfectly happy with them (until shit hits the fan). Convenience tends to triumph security.

Re:Paper trail

[fgouget]

In the elections I vote in, we have a paper ballot. We then put that ballot through a machine, which either accepts it or rejects it as invalid.

We have the advantages of a paper trail, and the advantages of extremely quick counting.

As long as there is no systematic immediate manual recount in the polling place you have none of the advantages of paper. All you have is a system that can be hacked electronically, and hacked on the paper side while the ballots are being moved around or in storage waiting for a possible recount. Attackers get their choice of method so in the end this is twice as insecure.

Re:Paper trail

[Zeromous]

Canada voting stops at 9pm in the last timezone. Zones span 4 hours. So the last vote is presumably cast at 1am Atlantic time.

Results are usually reported the next morning so it really isn't that bad.

Re:Paper trail

Because it's hackable...

Re:Paper trail

[Hognoxious]

Many slashdot readers are well versed in CS and we do not trust these systems. How then can we expect the public to have any faith in these systems?

Unless you inherited or bought that UID you must remember the Y2K thing. I personally fixed bugs that would have caused havoc with a major company's billing and emergency repair systems.

Yet a surprising number of the public think the whole thing was a con because nothing actually blew up or fell out of the sky.

In short, your assumption that distrust is a monotonically increasing function of knowledge is utter fucking bollocks.

Shorter still, ignorance is bliss.

Re:Paper trail

[Immerman]

Generally speaking, if your ballot gets rejected you can fix it or fill out a new one - at least that's my understanding of the process. My home town did something similar, and you feed your ballot through the scanner yourself as your last step before leaving the polling place, so you know immediately whether there were any problems.

Re:Paper trail

[EvanED]

Two more pros:
- Blind people can vote unassisted
- Theoretically should have absolutely no tabulation error

Re:Paper trail

[laird]

With paper ballots and manual counting, there's no huge system integrator contract with a fat budget to award to your campaign contributtor who runs an IT shop. And it's harder to steal elections. So, paper ballots are a terrible idea. (For the politicians)

Re:Paper trail

[laird]

Actually, they weren't reporting the actual reported totals, they were reporting the exit poll results. The actual results were never announced until polls closed, but the exit polls are collected during the voting, and are amazingly accurate, to the point where when the exit poll is "wrong" that's a pretty good indicator of election fraud.

Re:Paper trail

[laird]

Wow, your complaint is amazingly wrong.

The system he's describing is Precinct Count Optical Scan, and it's arguably the best way to run elections in the US. Voters vote on paper ballots. The ballots are scanned in the precinct. Overvotes and scan failures are rejected, with the ballot returned for the voter to replace, which eliminates the largest cause of errors in voting. Successfully cast ballots drop from the scanner into a sealed container, so all counted ballots are securely stored for recounts and audits. Every step of the process is observed and signed off by multiple poll workers, with seals, etc.. And the USB sticks, ballots, etc., have a chain of custody. And, of course, a random sample of ballot boxes should be audited to confirm that they match the digital records.

If you 'hacked' the digital record, you go back to the sealed paper ballots and re-scan them, and achieve nothing. If you 'hacked' the paper ballots, you committed election fraud (a felony) and left physical evidence. Only if you 'hacked' both paper and digital records, and produced the identical result, would you pass an audit.

If you're relying on audits not being performed, then you can 'hack' the digital records. But with a paper ballot, you can always go back to the paper ballot as the true vote, and undo the hacking. This is distinctly different from DRE (direct recording electronic) voting systems, which have no paper ballot, and thus cannot perform a meaningful recount or audit.

Given all of that, I'd have to say that paper ballots make elections much more secure, because they're a physical record of the voter's intent, verified by the voter, and which is auditable and recountable, while digital records are invisible and easily changed, making audits or recounts meaningless.

Re:Paper trail

[laird]

Exactly. This is critical, as rejected ballots (scan failures and overvotes) are 6-7% of votes case. If the ballot is rejected in the precinct for voters to fix, that eliminates almost all vote failures. In contrast, precincts that use centrally tabulated ballots end up throwing out 6-7% of votes cast. A common method of manipulating elections is to use precinct scanners in precincts that vote "the right way" and to use centralized scanners in precincts that vote "the wrong way", basically reducing turnout of the "wrong people" by 6-7%, which can be enough to throw an election to the "right people".

Re:Paper trail

[xvan]

The paper version is not cheap. It's as repeatable as any other election method.
It's easy to rig it on small scale, and enough small rigs can alter the election results.
It's extremely susceptible to human errors, an they are not minimized as the vote count is not performed by auditing trained people.

Paper version presents other issues in places without bipartisan systems.
You can have more than 10 ballots for an election, and some ballots are "missed", depriving the possibility of choose. It's important because a significant number of persons don't decide until the last moment.

I was really surprised by Venezuela's voting system. I believe that a mixed electronic/paper system is the most auditable way.
It'd be better if you were provided with a ticket with a vote ID and a random key pair, to be able to validate your own vote online without violating the secrecy principle.

Re:Paper trail

[wienerschnizzel]

Is it really cheap? You need a lot of manpower that you wouldn't if you'd use an electronic system. And manpower is typically where the most of the costs come from.

Re:Paper trail

[SomeoneFromBelgium]

In flanders too. The paper trail is only not available in the 20 kantons that still use the older e-voting system. The rest uses a new Linux based system that has a paper trail.

I don't get the love for paper and pencil. It's slower and it requires a lot of manual work. If all of this 'volonteer' work had to be paid for (with double pay since it's a sunday) I'm sure e-voting would be pushed much more agressively.

Anyways, in flanders we vote electronically and since we have already more than 15 years of experience we now have a very good and very capable system (these few exceptions notwithstanding).

Re:Paper trail

[SomeoneFromBelgium]

Well Flanders (one language!) has the paper trail too (except those few places where they still use the old voting computers). The rest uses a new voting system that does have a paper trail and that is just as performant as the German system.

And yes, flanders is also a part of Belgium!

Re:Paper trail

Can I interest you in a beer, chocolate, waffle or fries?
Kan in u bier, pralines, een wafel of frietjes aanbieden?
Est-ce-que je peut vous offrir du biere, des bonbon chocolat, un gauffre ou des frites?
Moechte ich Sie Bier, Schokolade, ein Waffel oder Fritten anbieten?

I don't know where you get those several languages. I speak no more than 4.

Re:Paper trail

[volmtech]

In Florida Pensacola (with several military bases) is in another time zone so in 2000 the results were announced an hour before their polls closed.

Re:Paper trail

Why mess with electronic voting?

So that the NSA gets to see the results before the Canadians themselves?

Yes, see and approve or modify the result if no approve.

Re:Paper trail

[Bert64]

No you have a system where the vote must be hacked both electronically and on the paper side, if you only hack one method then the results wouldnt match and the election could be declared void and thoroughly investigated.

Re:Paper trail

[Bert64]

Many slashdot readers are well versed in CS and we do not trust these systems. How then can we expect the public to have any faith in these systems?

Precisely because they are not well versed, and thus blindly trust the system without being aware of the possible flaws... This happens all the time.

Re:Paper trail

[dave420]

So add the difference between the first and last timezone to 4 and compare. It's not too difficult :)

Re:Paper trail

[dave420]

and some better than others :-P

Re:Paper trail

[fgouget]

Successfully cast ballots drop from the scanner into a sealed container, so all counted ballots are securely stored for recounts and audits. Every step of the process is observed and signed off by multiple poll workers, with seals, etc.. And the USB sticks, ballots, etc., have a chain of custody.

Observers can stare at a computer writing data to a USB key all they want. That won't tell them anything about what was written to it. In effect, whenever computers are involved there are no observers. So all you have is a custody chain where none of the participants can verify the integrity of the data they signed off on.

And, of course, a random sample of ballot boxes should be audited to confirm that they match the digital records.

Bam! 'Should' is useless. Only 'is systematically audited' is of any use. And even so, only if there is no chance of data being tampered which means the recount must happen right away at the polling station. But that will never happen because in everyone's mind the result is already known so there is no reason to waste time and money redoing it. Furthermore when recounts actually happen it's only days after the election which leaves tons of opportunity for fraud, custody chain or not.

If you 'hacked' the digital record, you go back to the sealed paper ballots and re-scan them, and achieve nothing.

As an attacker, if you know there are never any recounts then you attack the digital record, nobody notices and you win. If there are recounts or you are unable to hack the digital record, then you attack the paper ballots and find a pretext to force a recount. If the paper ballots are taken to be the autoritative record then you win. If discrepancies cause the election to be done all over again, which is unlikely for national elections, you hack the result so it's in favor of your main opponent. With your opponent now being discredited you win again. In effect this system lets the attacker choose which side to attack.

If you 'hacked' the paper ballots, you committed election fraud (a felony)

The fact it's a felony never stopped anyone before.

Re:Paper trail

[fgouget]

No you have a system where the vote must be hacked both electronically and on the paper side, if you only hack one method then the results wouldnt match and the election could be declared void and thoroughly investigated.

How many years are you willing to wait for the investigation to publish its conclusions before you hold the new elections? If you're not willing to wait then all an attacker has to do is make it look like his main opponent cheated to discredit him. As long as the new election happens before the investigators figure out what happened (if ever), the attacker wins.

And that's even assuming that the powers that be actually wants a 'thorough investigation' more than for the whole episode to be forgotten as quickly as possible (further assuming they're not the ones rigging the election).

Re:Paper trail

[Immerman]

I hadn't thought of that, that's horrible.

Hmm, it should be easy enough to generate ballots emblazoned with a QR code defining the legitimate voting patterns (0-3 marks in this geometric box, 0-1 marks in that one) and write a relatively simple app to allow a $50 smart phone to do the validation scanning (no bad/uncertain marks, and all good marks obey voting rules), which would allow arbitrary paper ballots to be validated without any software updates, and even graphically display the voting rules overlaid on the page so that the QR-coded rules can be easily validated.

Of course that would require those in power to establish the proper paper ballots, so the question is are there enough reasonably honest districts that a cheap and reliable ballot-validation technology could get accepted as the norm?

Re:Paper trail

[david_thornley]

Systematic precinct-level hand counting isn't really necessary. Random checks are necessary, yes, along with a willingness to follow up on major discrepancies. We do that in Minnesota. Any evidence of significant fraud is going to cause a recount.

Recounts can be done automatically for close elections, which means that the paper is authoritative. However, the machine totals are still available to flag obvious discrepancies. In the 2008 Minnesota Senate election, one precinct's ballots were lost, and the authorities decided to go with the machine count for that precinct. It's hard to modify the contents of a sealed ballot box that has a chain of custody and bipartisan observers; most such fraud involves "losing" ballots, which is more difficult with the machine counts.

So, to hack the election, you need to hack the paper ballots. The machine count provides a check, so that it's more conspicuous than it used to be. Losing a precinct's ballot box doesn't mean throwing out that precinct's votes. Tampering with sealed boxes in a few precincts is going to cause serious discrepancies, which will trigger further investigation. Tampering with a lot of sealed boxes increases the risk of being detected.

There is no truly secure voting method, but the machine-counted paper ballot, properly done, looks to me more secure than any other method I can think of.

Re:Paper trail

[david_thornley]

Machine-counted paper (with spot checks at the voting place) makes it hard to fudge the paper totals.

And, yes, the voting system can only be as honest as the people who count and tabulate the vote. Tabulation is only as reliable as the observers from all parties.

Re:Paper trail

[fgouget]

Recounts can be done automatically for close elections, which means that the paper is authoritative.

A system is no more secure than its weakest link. Here we have two links where there used to be only one. So tamper with the paper ballots, force a recount and you win. Yeah this will cause a discrepancy with the electronic records but you said it yourself, the paper is authoritative so it does not matter.

In the 2008 Minnesota Senate election, one precinct's ballots were lost, and the authorities decided to go with the machine count for that precinct.

Yay! So you're saying attacking the other link works too: hack the machine count, lose the paper ballots.

It's hard to modify the contents of a sealed ballot box that has a chain of custody and bipartisan observers; most such fraud involves "losing" ballots, which is more difficult with the machine counts.

I guess that one difference of opinion we have is that I regard anything less than direct citizen oversight as useless. That includes 'chains of custody'. Even with supposedly bipartisan control. By the way bipartisan control makes it too easy for the two parties to make secret deals. I certainly hope there are in fact observers from at least three or four parties (and that car moving the ballot box around is going to get crowded).

Tampering with sealed boxes in a few precincts is going to cause serious discrepancies, which will trigger further investigation.

I also have very little faith in 'investigations'. We should all remember that the ones with the most to lose in an election are the incumbents who are also in the best position to steer the investigation away from embarassing finds. Furthermore we live in a world where investigations conclude that a satisfactory explanation for 4096 overvotes is "the spontaneous creation of a bit at the position 13 in the memory of the computer" and don't cause the election to be canceled.

Re:Paper trail

[david_thornley]

Any voting system can be abused given sufficiently many people involved. You're suggesting bipartisan collaboration, which would have to include any other partisan observers, and corruption on the part of investigative bodies. At this point, there's no frickin' way any voting system can't be rigged, so there's really little point in making a secure one.

Re:Paper trail

[fgouget]

There's really not many people obsering the ballot box while it's being moved around. So you'd need only a few bad apples to have no witness. I'm not even convinced there's bipartisan control during that step. That makes it totally different from counting and announcing the polling station results immediately in public. After that if you tamper with the tallying everyone can call you on it. So even if you manage to win at least everyone knows you cheated.

Poodle Slaughterhouse!

[TechyImmigrant]

>The fault appeared in the system despite the fact that the application was especially developed for these elections, was "tested thousands of times" and was certified by PriceWaterhouseCoopers, he said.

There's your problem

electronic voting is easier to rig.

[Joe_Dragon]

electronic voting is easier to rig.

With paper you have to stuff the ballot box

Re:electronic voting is easier to rig.

Nah. Paper votes were the ones used in Minnesota to throw the vote for Al Franken. He never would have made it with secure electronic voting.

Re:electronic voting is easier to rig.

> He never would have made it with secure electronic voting.

Anyone implemented that anywhere yet?

Re:electronic voting is easier to rig.

[OFnow]

Any voting system can be subverted. The cool thing with electronic voting is that the subversion will of course make recounting meaningless.

Re:electronic voting is easier to rig.

[sd4f]

That's the thing. I've worked at Australian elections, and the procedure basically ensures that the scale of the conspiracy to rig an election would require that a very large amount of fairly random people (the only common thing between them is that they all apply to work at the election) would have to be involved.

Re:electronic voting is easier to rig.

[david_thornley]

The voting was pretty much secure. The biggest problem was with the counting of absentee ballots, and one issue was that the instructions that came with the ballot did not conform with state law. (Republicans alleged that felons had been illegally voting, but after careful investigation, this turned out not to be a significant problem.) Neither the absentee ballot nor the possible felon issue would have been addressed by secure electronic voting (as farted out by unicorns, presumably). The major decisions on the individual ballots were made by people who were not primarily Democrats. It appears that Franken voters were sloppier with their ballots than Coleman voters, and so secure electronic voting, by not allowing a voter to cast a malformed ballot, would have given Franken the election earlier.

Further, the change between election-day reported counts and the final certified count was less than the average for recent Minnesota Senate elections. The reason it was significant is that the vote was so close. None of the counts were different enough from 50-50 to establish that Minnesota voters actually had a preference. From my point of view, neither candidate had actually won or lost the election.

Incorrect story

While it is true that most of Wallonia votes with paper, all the places using e-vote in Wallonia and in Brussel are "affected" by the bug as well.

"affected" with marks, as the actual problem happened with the software in charge of centralizing all the votes coming from these places. So the e-vote process had no actual problem, it's the counting afterwards that crashed.

source: I live in Belgium, it's been all over the news here. I'll also add that I heard exactly zero reports about the same problem occuring in Flanders, but I might have overlooked some reports.

disclaimer: I strongly oppose e-vote.

Re:Incorrect story

[Hognoxious]

So do I, I've seen nothing about it.

All I heard was that the VB got a lot of votes. Makes you wonder if the bug caused that, or that caused the "bug"...

I don't agree with them, but I agree with banning them (as that cretin Verhofstadt tried to do) even less.

Apu, if it'll make you feel any better...

...I've learned that life is one crushing defeat after another until you just wish Flanders was dead!

Operating System

Okay, so is this an OS issue? Or software issue. Leave it to Slashdot to try to make it sound like Linux is superior to DOS.

Re:Operating System

[unixisc]

Had they used FreeDOS, the bug would have been more visible. And easier to debug than even Linux, since DOS has far fewer lines of code, so only the voting software would have needed to be reviewed.

Re:Operating System

first thing freedos does it load most of a linux kernel, consuming shitpiles of ram

Re:Operating System

[TechyImmigrant]

Citation please. This is the first I've heard of such a thing.

Re:Operating System

[unixisc]

FreeDOS doesn't have any capabilities that DOS doesn't have. It's 16-bit, has the 640kB limit and so on - just like DOS. No Linux involved, even though it is GPLed

Re:Operating System

[Immerman]

Better than that even - it sounds like the problem had *nothing* to do with the voting computers or software at all. Instead it was a problem with the tallying computers vote-aggregation center. Why they mentioned the voting machines at all, much less their OS, is a mystery.

Re:Operating System

[jones_supa]

Okay, so is this an OS issue? Or software issue. Leave it to Slashdot to try to make it sound like Linux is superior to DOS.

Yeah, the "The remaining voting machines, which are Linux-based, are unaffected" was kind of lame in the summary. Hooray, we get it, you love Linux so much.

You guessed it:

It's not a bug, it's a feature.

The problem is with understanding computers

There is a simple and totally invariable equation: the less one knows about computer security. the more likely one is to believe that computer voting is possible without fraud.

Like many formulas, the reverse is true also.

Democracy:

[Tablizer]

Abort, Retry, Fail?_

a number af factual errors in the original article

[joris.w]

for a more accurate account of the facts, you could read http://datanews.knack.be/ict/n... (in dutch)
the vote counting problem in Flanders was related to manual procedures in the Ghent area
the DOS based e-voting system is used in Brussels, not Flanders
as stated already in other comments: the DOS based systems did not fail, it was the central vote collecting system that failed
lesson learned: If you want accurate reports, go to the source and don't rely on second hand reports

Dos, Memory?

[Tablizer]

a paltry 1 megabyte of RAM...

640 votes ought to be enough for anyone. -B. Gates

Computers are not the solution for elections

[Opportunist]

Especially when you do not have a problem. If anything, computers are a liability for elections. For many reasons.

First, the obvious one that was showcased in this issue: KISS is the principle to follow with elections. The more complicated it gets, the more places something can go wrong. Moreover, the more places someone can try to manipulate without anyone having a chance to detect it. I'll get to that in a bit. But the bug in the software shows quite well what's wrong with this idea: It's complicated. Paper and pencil is a technology ANYONE can use and understand. It's time tested and foolproof. There is exactly NOTHING that could go wrong with making a cross somewhere on a sheet of paper and tossing that into a box. It's a simple, mechanical way of voting that simply can not fail, from a "technical" point of view. Yes, it's more complicated to count, but that's all that makes it less attractive.

And yes, a paper ballot can be manipulated. But it is WAY harder to detect manipulations with computer voting systems. With a paper ballot, provided your system allows it (which it should), anyone who wants to check whether there has been some foul play can do so. Any party that thinks there might be some sort of election fraud can send observers to any of the polling stations and ensure that people can (actually must!) vote in secrecy and that the ballot is not only sealed and tamper free until counting but also that any kind of transport happens in a secure way. Simply accompany that ballot box. You don't need any kind of specially trained personnel to do that. What the observer needs is fairly good vision (may be corrected) and a more or less functioning brain.

To test a voting machine against tampering or election fraud, at the very least you need a pretty good security auditor. And then you also need to trust that guy. I guess I'm not the only one who could see some populist party crying foul play should people start to realize that they're selling snakeoil and pretend that those voting machines are rigged. And then try to disprove that in such a way that the population, who knows jack about computers, believes you.

In a nutshell, voting machines are dangerous to the faith people have in democracy and elections.

Re:Computers are not the solution for elections

Or just don't trust the voting machine. Associate each vote with a unique number. After the elections, make the dataset of unique number - vote freely available.

It needs a little thought, like if you distribute unique numbers beforehand, you would have to make sure that while everyone must only get one, nobody must be able to view who gets which and stuff. Or the voting machine could just generate a random number and print/display it. On the other hand that wouldn't really be safe against fraudulent voters who just pick one of the votes they don't like and claim it was theirs so it needs some sort of cryptographic signing and somehow you have to make sure that nobody can get the key.

It's challenging to guarantee anonymity and "robustness" but if done right I can see advantages in voters to gaining the ability to actually trace their votes instead of trusting that some people don't count their vote correctly because of human error or maybe even malice.

Re:Computers are not the solution for elections

[Opportunist]

And then what?

Let's ponder this for a moment: You live in a country where there is one dominant party. A party that does not really represent you, but it seems to have a lot of support and backing because it does have the majority of votes. Maybe also because it's known that whoever exposes himself as someone who doesn't support The Party has to face some strange problems suddenly. Like, getting laid off for no good reason (explained as "economic reason").

Now you notice that your vote for $competing_party was counted as one for The Party.

What do you want to do now? Complain that your vote was counted wrongly and risk your job? Of 100 people "wrongly" counted, maybe one will have the guts to stand up and risk his future for the sake of democracy.

Sorry, but there is no cure for computer voting. It just isn't possible to make it democratically robust.

Re:Computers are not the solution for elections

Don't be so quick to write off the idea. Imagine if instead of being a unique number associated with you, it's a unique number generated when you cast your vote. This number is associated with the ballot, but not to the identity of the voter, much like paper ballots. The big difference is that you have a proof that the ballot belongs to you, and you can verify if it has been manipulated by matching it against the database.

Re:Computers are not the solution for elections

[Opportunist]

Yes. I understood that. But what then? So you now know that your vote has been counted wrongly. What do you plan to do about it now? If you complain that your vote has been counted wrongly, you would have to admit that you do not support the ruling party.

Re:Computers are not the solution for elections

India and many countries have EVM for years without any problem. Tampering a well design electronic voting machine are not really that easy if the machines are kept under tight security and the number of machines that need to be tampered are too huge. For example voters are given 12 hrs to vote, 30 sec for each voter. Each machine can only register the votes for 1440 voters. For 40 mils votes, you need about 27778 machines. If the candidate need 51% to win, he need at least 14167 machines to get a majority. People will become suspicious when 14167 machines show zero count for the opponent when that district have many supporters.

The Robinson Method gets rid of all this

http://www.paul-robinson.us/index.php/2008/10/25/the_robinson_method_a_really_simple_way_?blog=5

Why is nobody advocating this method? It's a LOT more trustworthy than paper ballots, or electronic voting.

software quality assurance?

did anyone test the software that ran on the Disk Operating System? I'm assuming that the source code for the DOS program and Linux program are different. Yes, I know that most compilers are supposed to compile the source code into the appropriate code for the operating except for Java which runs bytecode.

Paltry megabyte

Hey, kid. Nothing paltry about a megabyte, when 640k is all ya gonna need.
I remember the excitement to of putting a meg into a pc. Master of the universe...

I stand by my engrish...

[Firethorn]

I stand by my words in this case. 'Increasingly' is modifying 'limited' in this case, indicating an increase in the limits of the quantities.

Not only are there fewer devices available, of unknown providence, but at some point you start having to go through rather crazy acrobatics to get them. I've heard of NASA going to garage sales hoping to get some older computer parts, for example.

After a certain point it makes sense to upgrade the system just to restore availability because otherwise the option is to engage the services of small quantity manufacturers. With them, a floppy drive running into the tens of thousands wouldn't be out of line. Not because they'd be ripping you off, but because that's what it costs to make a floppy drive if the quantities produced are too low.

I've noticed that floppy drives just don't work as well as they used to. Either the disks aren't built up to snuff or the drives aren't, I don't really know. The failure rate is such that I don't trust them.

Re:I stand by my engrish...

[flargleblarg]

I seem to remember feeling floppy drives weren't as reliable back in the day either... but yeah, definitely today it's crazy to use them. I wonder if they are doing any kind of RAID or other redundancy? Seems unbelievably, extremely foolish to me if they only have a single copy on a single floppy.

Paper is not perfect either

[yannack]

As someone working directly on the "Linux" piece of software used in Flanders and part of Brussels, I would like to add a few points to the discussion on electronic-voting (I will not comment on the bug, as I do not work for that company and do not know much about the specifics of the issue). Keep in mind electoral systems vary quite a bit country to country, and what you think you know for your country is not necessarily true for other countries.

It has been said that electronic voting adds nothing compared to paper voting. That is maybe true in some elections, but it is not the case in Belgium. In Belgium, the electoral system is extremely complex. This Sunday, people voting on paper ballots actually had 3 ballots, the largest one of which, in Brussels, was big enough to physically hide behind. Manipulating this piece of paper is very hard, filling it out as well (keep in mind this is being done inside a voting booth, which is relatively small). The reason for this is that voters can select as many candidates as they want in one list among the many lists. It's a logistics nightmare, even just printing the thing.

Due to this complexity, actually counting the ballots, when done on paper, is extremely unreliable. In fact, experiences were made here, where groups of people actually totalized the ballots of an urn. They never found similar results from one group to another, not by a long shot. In "small" elections, a few votes can change who the actual winner is - this would be the case in local elections, such as in 2012 in Belgium, less so this year. On the other hand, the electronic counting of ballots consistently gave the same result, of course. Moreover, it goes MUCH faster to recount. Where paper counts could take up to a few hours, polling place results are instantly available.

Countries which publish results immediately at polling place closing times or prior to a complete count are usually using a mix of exit polls, partial results, etc. This is fine for large elections and when a clear margin is accepted. Is this always the case ? Do the media ever publish results in an anticipated rush for the exclusive report ? Electronic voting gives absolute results, not projections, which are definitive. In tight races, little margin situations, this is actually a huge benefit... when everything works (not the case this Sunday in Belgium, where one of the contractors was unable to totalize some results for a while). In many countries where the results are "known" on election day, the official results are only published a few days later (I don't know about Canada which one slashdotter mentioned however). Electronic voting can give final results on the same day.

I would love to bring up the argument for voters with disability, but for Belgium-specific reasons, this was not implemented here yet. The idea is that electronic voting would allow blind people to have audio voting; there are ways for people who cannot hold a pen or use a touchscreen to vote with large buttons; even some mechanisms to control the voting using a breath-driven controller. This allows a lot of people to vote independently, where paper ballots force breaking the privacy of the vote... But again, not implemented yet here. The touch screen here actually does allow larger fonts to be used than on paper, this helps a lot for people with low vision, so it's still an improvement over paper.

People have brought up transparency and reliability. The system here is very different than the one in the US for instance. Here voters go to a voting machine which prints a paper ballot with a QR code containing their selection of parties / candidates, as well as clear-text of this. The voting machine holds no record of what is voted for. The paper can be scanned by the voter on a separate machine so he can check the QR code actually contains who he thinks he voted for. Once he is satisfied, he goes to the urn, scans the QR code and places the paper ballot in the urn. This final scanning is when the ballot is saved to d

Re:Paper is not perfect either

[Optali]

I can only add: ROFLMAO XD Should we lend you a few engineers from Limburg? They can be at your spot in no time ;) Kaaskoppige Groeten ;)

Brussels, not Flanders

To make a little corection: it's not in Flanders, it's in Brussels. That's like the difference between Virginia and DC.

Computers are not the solution for elections

Florida says hi. You can make a pencil test confusing for voting...yes people are that stupid. Since the result doesn't really matter (at least in usa) I'll just take the evoting. Either way I'm guaranteed a psychopath.

a number af factual errors in the original article

[Kaetemi]

Wrong. Read http://www.ibz.rrn.fgov.be/ind...
Basically, the problem occured when going into a party list, canceling and choosing a different party.
The issue did occur in the voting machine's software, and the central vote collecting system correctly handled, detected the inconsistency, and refused to process the invalid vote data.

Belgian Jokes threads

[Optali]

In both, Holland and France jokes about Belgian are immensely popular.

Here a couple (left in vernacular language:

Wat is het verschil tussen een Belg en een frikandel?
In een frikandel zitten echte hersens.

Een Belg komt in een bibliotheek in België en vraagt aan de bieb mevrouw waar de boeken staan van slimme belgen. De mevrouw: "Fantasieverhalen staan onderaan!"

Well, the Belgians on their side only tell one thing about the Dutch... it's not a joke but sad truth:

The Dutch are people who only drink pils and in plastic glasses

Well, that's not completely true, but sad for my landsmen and landsladies :_(

magnetic storage woes

That's a nice floppy disk you have there, it would be a shame if someone brought a cellphone near it