Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Computer Scientist Who Prefers Voting With Paper (theatlantic.com)

Posted by BeauHD on from the safe-voting-technology dept.

Geoffrey.landis writes: The Atlantic profiles a computer scientist: Barbara Simons, who has been on the forefront of the pushback against electronic voting as a technology susceptible to fraud and hacking. When she first started writing articles about the dangers of electronic voting with no paper trail, the idea that software could be manipulated to rig elections was considered a fringe preoccupation; but Russia's efforts to influence the 2016 presidential election have reversed Simons's fortunes. According to the Department of Homeland Security, those efforts included attempts to meddle with the electoral process in 21 states; while a series of highly publicized hacks -- at Sony, Equifax, the U.S. Office of Personnel Management -- has driven home the reality that very few computerized systems are truly secure. Simons is a former President of the Association for Computing Machinery (ACM); and the group she helps run, Verified Voting, has been active in educating the public about the dangers of unverified voting since 2003.

34 of 219 comments (clear)

  1. This is the attitude of many security experts by JoshuaZ · · Score: 4, Informative

    Simons is one of the most prominent such, but definitely not the only one. This has been a vocal point being made by computer scientists and other security experts since at least the late 2000s.

    1. Re: This is the attitude of many security experts by religionofpeas · · Score: 5, Insightful

      It's way too easy for someone to sneak in an extra box of fake ballots to rig an election.

      It's hard to rig an election with a single box of fake ballots. It's also hard to bring in thousands of boxes without anybody noticing.

    2. Re:This is the attitude of many security experts by Ol+Olsoc · · Score: 3, Insightful

      Simons is one of the most prominent such, but definitely not the only one. This has been a vocal point being made by computer scientists and other security experts since at least the late 2000s.

      Why on earth is this modded at 1? The ease with which computerized voting systems can be compromised has been shown over and over again, that I wouldn't be terribly surprised if the access was planned.

      Paper is not perfect, but at least it makes it a little harder to compromise.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    3. Re:This is the attitude of many security experts by JaredOfEuropa · · Score: 5, Insightful

      The sad part is that it's not only security experts who should be saying this. Voting should not only be accurate, but that accuracy needs to be verifiable by laymen, and they should be able to understand the end-of-end process to tally and verify the count. Voting by computer violates that principle on a fundamental level.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    4. Re: This is the attitude of many security experts by orlanz · · Score: 5, Informative

      Yes paper can be destroyed, replaced, and added to, impacting the outcome. But the impact will be at most ONE small district. And you would need to do this at multiple voting centers. There are 435 districts in the US. Great path if you want to rig your very local election.

      But going to major cities or state levels... the amount of money you would need to spend to significantly impact such elections would be a waste of funds and a high risk for capture through multiple attempts. It would be far more cost effective to spend that on ads to sway public opinion or a candidate directly.

      At the federal level... easier to buy out the Electorial College. That may seem difficult but nothing compared to what you propose.

      With electronics, you have a centralized, standardized, single target. But this target would have multiple stages to attack, any of which can yield control of the entire system.

      It is possible to create a good enough electronic voting system but we just don't have anyone nearly competent enough to do so. Our current system of hundreds of thousands of cogs watching each other is more than good enough at the moment.

    5. Re: This is the attitude of many security experts by religionofpeas · · Score: 5, Insightful

      There are plenty of instances of tampering with paper ballots. Can you provide a single instance of an electronic voting machine actually being tampered with during an election?

      You've summarized the problem. Electronic voting allows for undetectable manipulation.

    6. Re: This is the attitude of many security experts by Ol+Olsoc · · Score: 4, Informative

      Paper ballots can easily be destroyed, damaged, or faked. It's way too easy for someone to sneak in an extra box of fake ballots to rig an election. It's a shame that people like you who should know better are proposing to make it easier for criminals and foreign powers to rig elections. We would be far better off using blockchains to store votes and using that to ensure security. It's unfortunate that you and so many others are standing in the way of progress and better security.

      Looks like we have prefect doing it's job as the enemy of good.

      Besides, there is a world of difference between the effort it would take to coordinate a nationwide paper ballot hack. You would have to have a whole lot of people with physical access to the ballots, and a well coordinated ability to do the dirty work without detection, versus a few people sitting in a nice office somewhere altering the results.

      Your blockchain idea is another example of how the next solution will be the secure one. Then the next one after that, then the one after that.

      Nope, there is no way that we should allow voting to be yet another casualty of the Internet of Things debacle.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    7. Re:This is the attitude of many security experts by taiwanjohn · · Score: 3, Informative

      Paper ballots are used here in Taiwan, and they are counted, by hand, in public view immediately after polls close. Results are usually complete within a few hours. Ironically, this system was instituted under the KMT single-party regime to facilitate vote buying.

      The voting is done by putting a stamp in a square on the paper, rather than filling in a circle with a pen (or punching a hole, etc.). So, by stamping the ballot in a particular way -- say, in the upper left corner, slanted to the left -- you'd indicate to the vote buyer that you'd fulfilled your end of the bargain. Vote buying is now pretty much a thing of the past, but the legacy of this highly open and public system has served the country well in its transition to one of the more thriving democracies in the region.

      But this is not unique to Taiwan, lots of countries use paper ballots. The USA is really "backward" in this regard.

      --
      XML is like violence. If it doesn't solve your problem, you're not using enough of it. --AC
    8. Re:This is the attitude of many security experts by Ol+Olsoc · · Score: 4, Insightful

      This. I think almost anyone with the slightest knowledge of embedded software and security practices would prefer paper over electronic. If working in this industry has taught me anything it's that security is based mostly on hoping that no one will ever have access to your hardware for long enough to find flaws in it. Sure, there is some layer of security usually, but developing those properly is hard, and usually someone somewhere punches a hole in it so they can do practical things, like program the device with an initial firmware, or debug it. Then we haven't even discussed all the flaws that just sneak in as coding errors.

      You need to add human nature to the mix. Think of money. Think of gerrymandering. Humans will go to extraordinary lengths to ensure that their side wins, including making it difficult for the other side to win.

      A very hypothetical but plausible situation:

      Joe Blow voting machines incorporated has a bit of an inclination toward one party or another. Well, one party or another would like to make certain that their party wins. So maybe 20 million dollars changes hands and is stored in some offshore bank.

      JBVM simply adds backdoors that will slightly alter the results, weighted in favor of the group that gave him the money. I think it was Carnegie-Mellon U who originally came up with a hard to detect vote alteration method during one of their hacks of voting machines.

      The ease with which electronic machines can be hacked makes it hard to believe that it hasn't occurred already.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    9. Re: This is the attitude of many security experts by swillden · · Score: 5, Informative

      It's way too easy for someone to sneak in an extra box of fake ballots to rig an election.

      It's hard to rig an election with a single box of fake ballots. It's also hard to bring in thousands of boxes without anybody noticing.

      In addition, cryptographic security researchers have constructed a cost-effective, scalable, paper ballot system which makes this sort of fraud (and others) detectable.

      Paper, backstopped with math, is unquestionably the most fraud-resistant way to conduct elections. Pure electronic voting systems are perhaps the best way to enable fraud.

      There is a valid argument for the use of electronic voting machines for accessibility. Large touch screens are easier to use, especially for people with disabilities, but they should merely be an interface to collect information for printing on a human-readable paper ballot.

      I'm both a computer scientist and a computer security expert. I think you'd be hard-pressed to find anyone who understands computer security who would honestly support direct recording electronic voting.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    10. Re: This is the attitude of many security experts by TheRaven64 · · Score: 2

      There's also one crucial advantage of paper ballots: the expertise required to monitor the election is very low. Even a relatively unpopular candidate is able to find enough people who can watch people put pieces of paper into a box and can watch the boxes for signs of tampering throughout the entire process. You can't have a democracy if the mechanism for collecting and counting the votes can only be audited by a select few experts.

      --
      I am TheRaven on Soylent News
    11. Re:This is the attitude of many security experts by david_thornley · · Score: 2

      You don't need incorruptible neutral parties. You need people who are willing to do the job while being watched by observers from the parties. If a counter tries to cheat in favor of the Democrats, the Republican observer shuts it down, and vice versa.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  2. "The"? by RyanFenton · · Score: 4, Insightful

    Shouldn't it be "the overwhelming majority of computer scientists who've even casually looked at voting security" in favor of paper ballots over the current implementation of computerized voting? Hasn't this been the case for well over a decade?

    Ryan Fenton

    1. Re:"The"? by Mal-2 · · Score: 4, Insightful

      Shouldn't it be "the overwhelming majority of computer scientists who've even casually looked at voting security" in favor of paper ballots over the current implementation of computerized voting? Hasn't this been the case for well over a decade?

      Unfortunately, the flipped statement is also true. The overwhelming majority of people opposing the current implementation of computerized voting are computer scientists who have even casually looked at voting security. This makes for a fairly small group, and they deserve the assistance of those of us not qualified in CS but who think they're almost certainly right.

      --
      How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  3. Re: I am a computer scientist... by Anonymous Coward · · Score: 5, Insightful

    One of the requirements for a proper voting system is that ordinary people can understand it and oversee its correct implementation, so that they don't need to take someone else's word for it. Computers are basically out by definition.

  4. Re:USE PAPER!!! by Baron_Yam · · Score: 3, Insightful

    Actually... hybrid is best. Vote with paper, scan and tally with computers. If there is any doubt, you have the original paper watched over by election officials to verify.

  5. Re: I am a computer scientist... by Anonymous Coward · · Score: 2, Insightful

    Computers have bugs, both software and hardware. They also may have backdoors installed by the company building these machines. By using these devices, you're handing over control over important events to a few people, the exact opposite of a democracy.

    Votes should be and anonymous, hidden from everyone, including computers. Even if the machines don't tamper with the votes, there is a high possibility that they can make voting non-anonymous.

    Paper voting is simple, transparent, anonymous, and hard to tamper with on a wide scale. Computer voting is complex, non-transparent, non-anonymous and subject to vote tampering on a wide scale.

  6. Re: I am a computer scientist... by Ecuador · · Score: 4, Insightful

    I am a computer scientist, and I can confirm you are full of shit. Electronic voting only works in theory (and not even in a more complete theory that takes into accounts all actors involved in implementation & usage of such systems). In practice, you should only use technology to count physical ballots efficiently.

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
  7. Vote Safer. Vote on Paper. Vote Absentee! by Gim+Tom · · Score: 2

    I have been trying to get people I know in my state to request an absentee paper ballot for each election and use it to cast their vote. The process here is very easy, with virtually no tests for actually needing to vote absentee. Perhaps this should be done nation wide as much as possible. If the VOTERS overwhelmed the ballot boxes with absentee paper ballots that might just send the message that computers should not be used for voting!

    My state still uses the old Diebold DRE machines that CAN NOT be audited. I was on the evaluation group when they were chosen after the 2000 election and was a lone voice pointing out their lack of security and impossibility of being audited or having a valid recount.

  8. Re:Paper has no advantage over digital records by religionofpeas · · Score: 4, Informative

    Whatever actions you perform on the paper votes to optimise the security of the system can be done on digital records too.

    A layman could inspect a polling station, and witness the paper ballot counting to confirm everything is done accurately. The same layman cannot inspect an electronic voting machine and confirm it has counted all the proper votes.

  9. Canadian paper ballots are amazing by berj · · Score: 5, Informative

    The ballots we use up here (and the system we use to count and track them) are amazing.

    The voter goes to a table where the ballots are handed out by elections officials. The ballot has the candidate's names in alphabetical order and a removable counterfoil that has a serial number that matches against the book that the ballot was torn from. The official puts their initials on the ballot and hands it to the voter. The voter goes behind the screen and marks the ballot and folds it. The counterfoil and initials are still visible.

    The voter hands the ballot back to the offical who checks both the signature and the serial number on the counterfoil (this ensures the voter has returned the ballot they got). The counterfoil is then removed and now the ballot is completely anonymous. The voter then gets the ballot back and she places it in the ballot box in front of the official.

    When it comes time to count the votes, the elections officials count all of the ballots in the presence of other non-partisan officials as well as the candidates themselves or their representatives -- a vote isn't recorded until everyone has seen and verified the ballot. Once everything is counted and verified (does the number of ballots counted match the number given out and returned by voters, etc) the tally is made on paper and the ballots themselves are sealed up and passed up the chain. They are kept for 7 days in case a recount is needed.

    The great thing about this system is that it scales to any population size since the ballots are counted right there at the polling station, box by box and verified on the spot.

    It's certainly not perfect and there are some opportunities for tampering but nothing even in the same universe as the kind of wide-spread hacking that can occur with electronic systems.

    more detail:

    http://www.elections.ca/conten...

    http://www.elections.ca/conten...

  10. Re:USE PAPER!!! by drinkypoo · · Score: 2

    Or vote with computers, but produce paper (and show the voter the printout behind glass for verification) as a backup. Whatever method you use, it's critical to produce a paper ballot which is either created or verified by the voter. With that, at least you can go back and look for fraud.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  11. Finally by markdavis · · Score: 3, Insightful

    I have been complaining for many years, ever since my State ditched the simple and effective "punch cards" and went to horrible touch-screen computer voting. It removed every trace of auditing capability and introduced a system that not only could be horribly abused or hacked, but also made it easy to track the identity of who voted- clearly violating the principles of confidentiality of voting.

    Finally, this November, my State switched to paper ballots. The voter is registered as usual, then given a generic paper ballot, and just marks on the paper what they want, and the voter inserts it into a machine that reads it and stores the sheet of paper securely. Cheap, simple, easy-to-use, 100% verifiable, and anonymous. I only hope that every State follows such an example.

    The next challenge is to get ranked/IRV (Instant Runoff Voting). Then things can really start to change for the positive.

    http://fairvote.org/

  12. Hybrid required. by Gravis+Zero · · Score: 3, Insightful

    People seem to praise paper ballots like they are flawless but they forget that ballot box stuffing and corrupt vote counters existed before we invented the computer.

    What we need is a hybrid system of human readable votes and computerized automation. While generally hyped as a technology a information for a blockchain could be stored both on the paper ballot and voting machine memory to ensure no votes had been inserted, erased or altered. Using this methodology with a series of isolated single microcontroller systems not just air-gapped but lacking the basic hardware needed for network communication would combined with signed binaries and radiation-hardened software (yes, that's a thing) would radically improve security.

    We have the technology to fix this problem and remove all single points of failure but have yet to do it.

    --
    Anons need not reply. Questions end with a question mark.
  13. "The" by bistromath007 · · Score: 4, Insightful

    All computer scientists worthy of the name prefer paper voting.

  14. It's called computer science, but... by Anonymous Coward · · Score: 3, Insightful

    It's really "information theory and practice". If people whose first idea usually is to use a computer tell you not to use a computer for an information gathering and processing job, you should take heed. You know they have tried everything to make it work with their favorite tool, but they still ended up recommending against it.

  15. Re:Paper has no advantage over digital records by religionofpeas · · Score: 2

    And what if that layman wants to unfairly affect the results?

    The layman is only allowed to watch, not touch.

    At the end you have to trust in something/someone

    No, because you can go to the polling station yourself, and be that layman.

    a properly designed electronic system can perform lots of checks, backups, logs, perfectly-understood-by-laymen reports, etc.

    How can you tell it's actually properly designed ? You have to assume the worst, namely that it was purposely designed to rig the election, and fake the checks, backups, and logs.

    Or how do you think that virtually everything works in the world?

    We do what we can. Elections have some unique aspects that make it necessary to be extra vigilant. The anonymity of the process makes a proper audit very difficult, and the stakes are huge.

  16. Re:That's only part of the problem.... by arth1 · · Score: 2

    However ballots have to be machine countable.

    No, they don't. Manual counting works quite well.
    Observers who oversee (but cannot inferfere with) the counting and double counting works great in many countries. And they even get their results quicker than the US, both for small and large districts.

  17. Re:Paper has no advantage over digital records by religionofpeas · · Score: 2

    automatically generating printed copies of all the votes such that people interested in crosschecking the results might count all of them manually

    And what are you going to do if the voter claims that the printed vote is wrong ?

    a format with many more advantages

    There's only one advantage: it's faster. The whole election circus takes months. We can wait another day for the votes to be counted.

    because of unreasonable fears

    There's nothing unreasonable about fearing tampering with elections.

  18. Re:USE PAPER!!! by Baron_Yam · · Score: 2

    >Or vote with computers, but produce paper

    I disagree. If the computer is handling the voting, it's easier to corrupt the process, and an equipment malfunction means the poll is closed.

    Paper and pencils - vulnerable to fire and theft, but not much else. (And yes, pencils, because they don't dry up in storage, their marks don't run if the ballot gets wet, and you can still see traces of the old mark if someone tries to erase and replace it)

  19. The title of this irks me. by hey! · · Score: 2

    The editors seem to think a computer scientist would be expected to think digital only voting is a good idea.

    Do you know anyone with expertise in computer science or engineering who thinks paperless voting is a good idea? I mean excluding people who work for companies that make the machines? Can you name even a single respected independent computer security expert who favors the damn things?

    The overwhelming consensus among people who know anything is that paperless voting is a terrible idea.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  20. Re:That's only part of the problem.... by arth1 · · Score: 3, Informative

    First, machine counting is more accurate than hand counting.

    No, it is not. With hand-counting, the votes are always counted multiple times by different people. That gives greater accuracy than a machine that will make the same errors over and over again.

    Your comparisons to other countries are not valid (you didn't even cite a single example to compare).

    That's deliberate. If I did mention a single country, someone would jump in and say "oh, but country X is different because it has [fewer people|more people|bigger districts|smaller districts]".
    It won't take you long to find countries where machine voting is illegal, and election results are still available the same night.

    And the onus should be on those who claim that machine voting increases speed to provide evidence for that, because not counting with a machine is the baseline.

    Look at the time needed just to hand count a few counties in Florida in Bush v. Gore.

    That was hand counting machine votes, you dolt. "Dimpled chads" or misplaced optically readable stamp marks is not a problem where the votes are designed for human and not machine parsing.

  21. Anyone with any knowledge of computers wants a pap by Tangential · · Score: 3, Insightful

    The idea of totally electronic voting tells me that people care about their vote about as much as they care about their privacy. We see how poorly secured and hackable all of our systems are everyday. If someone wants a computer screen to facilitate the creation of a paper ballot and (Maybe) to provide an alternate count to check against I think most IT professionals would support that.

    --
    Suppose you were an idiot. And suppose you were a member of congress. But then I repeat myself. -- Mark Twain
  22. Re: I am a computer scientist... by MichaelSmith · · Score: 2

    Please define "secure". The anonymity of voting goes against normal computer security, where A to B and B to A are always traceable.

    --
    http://michaelsmith.id.au