"I can only write in one candidate for county commissioner, but there are eight slots."
The county commissioner entry is there mainly to show that OVC can support a rankings-based voting (like Instant Runoff Voting) as well as traditional "winner take all" elections. You make a good point that in a real election like that you should be able to have lots of writeins.
"you'd think that they'd want to do more than simply ship MythTV"
From some very recent posts on the MythTV mailing list, it sounds like they've in fact made at least some enhancements to the software (IR handling), and are going to contribute back to the project. They're also providing (legit!) australian listing data. Yay!
I think that the consoles are winning. While PC gaming will never die out (a high-end PC will outperform an affordable console, and it's natural for people who already own a PC to play games on it), there are a number of reasons that the videogame market is shifting more and more towards consoles, mainly because of the predicability of the console environment:
- Support costs: Since consoles are extremely predictable, the customer support costs for making a game work are much lower than on a general purpose PC. If you sell a game for $40, you might make $20 after cost of distribution, and a half hour phone call to get video drivers updated means that you've lost money selling that copy of the game. So if I sell the same number of units on a PC and console, the console games will cost me much less to sell. - Customer satisfaction: It's easier to play on consoles -- put a disk in and turn the console on. PC's require installation, keyboards aren't as nice to use as joysticks, etc. - Piracy: Piracy is rare in the console world, and common in the PC world. This effectively shrinks the PC gamer market, making it less attractive to sell games. - Development costs: it's much easier developing software that runs reliably on a console than all PC's. Sure, the PS2 development tools are weird, but you don't have to worry about testing on a wide range of CPU's, RAM, video cards, etc. - Not a moving target: In PC game development, one of the hardest tasks is to figure out what a PC will be like at that point in the future where your game will ship, and to engineer for that point. If you guess too high, your game won't run on mainstream PC's. If you guess too low, your game will suck compared to someone else. Sure, there are new generations of consoles, but that's only every five years or so, and always screws up the game market until things stabilize. The PC market is always in the turmoil of change. - Competition: somewhat counter-intuitively, since the PC market is completely open, there are a near infinite number of games written. This makes it very hard to get your game produced, distributed, and marketed. The last time I saw the numbers, it was around 1 in 100 games that were written got distributed, and 1 in 100 games that were distributed that were profitable. The console market is more controlled, so you don't have to compete against a flood of random programs to get noticed.
So while the PC game market will always be around, for lots of good reasons, it'll become (IMO) more and more games in a couple of niches: - Gamer geek games that appeal to the high-end gamers willing to pay $3K for a machine to run better than a $200 console. - Weird games that can't get distributed on the consoles. Some of these will be very cool, and get ported to consoles to make the real money. - Ports of the 'hit' console games, to make a little money. I think that companies will "port to the PC" for the same reasons that they "port to the Mac" -- if it's a hit game, you can make some money selling into smaller markets.
The way that XMLTV "scrapes" the US TV listing data is horrifyingly inefficient. I know, as a friend is associated with the web site that they scrape. So each MythTV user generates hundreds of web page hits a day keeping updated. They're working to implement an XML (ICE) based listing delivery service that could give each user their data in a single transaction, with no worries of breaking the feed if the web site changes it's layout.
"Their only obligation relating to distribution of source code is that they have to give it to people they give the binary to."
Well, they only have to distribute the source code to people they give the binary to, but they also give those people the right to redistribute it freely. So yes, they're not required to give the source directly back to the people that they got it from, but they have to make it available to them, at least indirectly.
That being said, it's not clear that this company made any code improvements to MythTV, so it's not clear that they're obligated to so anything under the GPL other than to give their customers a copy of the original source code if they want it.
"MythTV gives the source code away for free (GPL) - why should anybody who uses it any way automatically be obliged to contribute back to it?"
I didn't say that they _had_ to contribute to the project. Clearly, as long as they abide by the terms of the license they aren't compelled to do more. I said that I hoped that they had the integrity and brains to do more than they're absolutely required to do.
i say "integrity" because the core of their product is MythTV, so you'd think that they'd want to do more than simply ship MythTV -- you'd think they'd want to work to make it better as a way of "paying back" for all of the work that MythTV developers have done.
And I say "brains" because participating actively in the project would earn them credibility in the community that would be cheap PR and sales compared to a traditional marketing campaign.
I agree that they're likely a very small company with limited resources -- that's what I meant by "on the low end of the food chain".
"Some of you open source zealots come across as totally paranoid whiny control freaks. There's absolutely no pleasing you."
That seems a bit extreme, given that you don't know me, or what I advocate (aside from misreading my post). In fact, I actually said that what this company is doing was good ("saves some time configuring hardware and software") but that I hoped that other vendors would step in that would add a bit more value (custom hardware more suitale for the A/V component market, improve the software).
I've been waiting for someone to ship a box based on MythTV. But these guys are definately on the low end of the food chain. I'd hope that companies shipping MythTV-based boxes would have enough integrity/brains to contribute to the project, though, rather than just take the software sell a product based on it. I'd also hope that someone would have the brains to make a more optimized system (custom motherboard and plastics, etc.) rather than ship a generic shuttle case. I guess that this does save some effort configuring hardware and software...
That's the plan. There is already one company active in the OVC effort, and we hope that the demo attracts more. There are many, many companies that sell "kiosks" that could be used as voting stations, and I hope that the OVC software will allow them to compete in that market.
"Without a way for me to know that the code running on a machine came from the open source code that I can inspect, it's still very easy to tamper with"
It's best (IMO) to take a "belt and suspenders" approach. That is, there should be multiple mechanism at different layers for addressing security issues.
One basic point is that the human readable text on the printed ballots is the actual vote, which voters can read before submitting their ballot to be counted, so if there's any question the ballots can be recounted by hand. This is why voter verified ballots are so important.
Also, all of the voting machines could be booted from and run software from CD-ROM's, which could be stored after the election for inspection. So if the software is tampered with, it could be determined by inspection.
Also, all printed ballots can be recorded to CD-R from each voting station, so that you can audit printed ballots vs. recorded ballots.
And there's a stand-alone validation station, so voters could take their ballots to that station to verify the vote (particularly important for blind voters, who can't read the printed ballot). So if the voting software has been tampered with to record the wrong votes in the barcode, users will hear the wrong vote read back to them. To evade this, someone would need to tamper with both the voting and validation software to cause both of them to lie to voters the same way, without there being any physical connection between the two.
To get tampered software running on a machine you'd have to figure out how to get your modifications onto the certified master CD. This master CD could be made public for inspection. And since the OVC system is written in Python, plenty of people could read the software (i.e. no magic binaries).
Or you'd have to figure out how to modify the software on a voting station that is locked and has seals, etc., on it, without anyone detecting that it was modified (because any machine with broken tamper seals won't be used). All machine should always be locked storage, or under watch by election workers. And of course the machine's case should be locked as well. This is all the case now with voting machines (mechanical or electronic), any of which are vulnerable to tampering, so this level of security isn't a new issue to election workers.
"I was assuming that there was a human-readable part"
There is. Go look at the demo on the OVC site and take a look at the printed ballot. The ballot has both a plain text record of your vote and a barcode.
The ballot looks like (bad text art ahead):
Ballot 6160
Official Ballot, General Election Santa Clara County, CA Perdinct 2216
H President ---> George Washington H Vice President Abraham Lincoln H Senator ----------> Jane Addams
Ballot 6160
The '6160' is the ballot number, which is a unique number for each printed ballot, and the H's represent a barcode running down the edges of ballot.
The barcode allows for rapid tabulation of the votes, but in the case of an audit or recount the plain text determines the vote.
"you can tamper with the results by modifying that card or bring a fake card with you"
The real vote is the card, not what was entered on the touchscreen. So if you modify your own ballot, you're only changing your own vote, which you have the right to do.
The OVC ballot has a unique graphic (that would not be made public) printed on it as a watermark, and the voting stations would use special colored and/or sized paper (as is done with ballots now) so that poll workers can easily see if someone printed a ballot at home, etc. Ballots not printed at the polling station should be rejected because there's the potential for a third party to provide pre-filled ballots.
Also, each voting station records what it prints, so that can be reconciled against the ballots that are handed in. So if there are more votes tabulated than were printed, the poll workers can inspect the physical ballots.
1) The layout is designed to be viewed on a 17" LCD touchscreen. Making the ballot about 30% larger really does help with readability.
2) The real application has a tighter UI (it's Python/WxPython). The web demo is an approximation of the ballot in HTML sufficient to allow you to enter a vote and see the printed ballot (identical to the printed ballot from the real system). But HTML just doesn't give you the precise layout control that you have in a desktop application.
3) The layout of ballots is governed by an astounding number of local regulations. So when the party is to the right, bolded, in a sans serif font two points smaller than the candidate name, that's because some law somewhere calls for it. The end result is that you can't do some fairly obvious things in the layout that would make teh ballots more readable because it violates some rule. Of course, people are fighting to improve those rules, but OVC's job is to promote an open system that conforms to the election laws, not to change them.
" Re:Much ado about very little Re:Much ado about very little (Score:3, Informative) by theLOUDroom (556455) on Wednesday March 24, @09:41AM (#8655762) The system is simple, robust, secure and verifiable. Each voter gets a smart card (magstripe card in the older days) when they present their papers; they take this smart card into the voting booth and insert it, much like using an ATM (and everyone knows how to do this). The voting machines use a touch screen like an ATM (in the older days, using a light pen), and let you select your candidate/party. The vote is registered to the card, which is then ejected, and inserted into a ballot box that counts the vote as the card is entered.
Holy crap! That system is not simple, robust, secure or verifiable!
There's about a million fundamental problems with that idea. Here are some of them.
* The voter has no way to know what is being written to the smartcard.
* The voter was no way of knowing if the smartcard is being read correctly.
* There's no way to audit the system. (The first point above can't be checked.)
* The system is needlessly complex.
* The system is anything but robust. It requires you to place ultimate trust in THREE machines!
* You have to walk around with something that says who you voted for (if just for a second).
Here's the way electronic voting SHOULD work:
1. I walk into a private booth.
2. I press a button for the canidate I want.
3. I press OK
4. The System prints up a paper card showing the name of the person I voted for. This card can be clearly seen behind a plexiglass window.
5. I press OK again and the card drops into a locked box.
6. I'm done. "
Problem: I don't know that the vote that is counted is the same as the vote that is printed.
Better: the system prints out a card with my votes printed on it. I read the card, put the card in a folder so that nobody can see how I voted, and take the card to a poll worker who scans it and puts it into a locked box.
"The trouble there is that you're using the system that is suspect to verify itself"
In the OVC system, there's no physical connection between the ballot generation stations and the ballot validation stations, and both systems are open source, so anyone who doesn't trust the system can (1) read the source code, and (2) set up their own system to test.
Scanning OCR text has a couple of problems: - The poll worker doing the scanning can read all of the votes, which means that they know who voted for whom. This is bad. - full page OCR scanners cost much more than barcode scanners, and - OCR scanning is less accurate than bar code scanning.
Alan Dechert, the founder of the Open Voting Consortium, has been working on this since late 2000. The result is a project that has tons of members, some very credible people on board, and has produced a working voting system that's being demonstrated publicly on April 1. (The theory is that April 1 is a slow news day, so something "weighty" like voting should get good coverage)
To quote from the web site's "about us" page:
The Open Voting Consortium has broad national and international participation. In addition, the following are our Directors so far.
Alan Dechert, President and CEO
Alan Dechert has been a software test engineer and application developer for the past 15 years. In 2001, with Dr. Henry Brady of UC Berkeley, he co-authored a voting modernization proposal for California. This proposal was designed as an in-depth study of the voting system, including development of reference open source voting software. In 2003, along with Dr. Douglas W. Jones (Univ of Iowa) and Dr. Arthur Keller (UC Santa Cruz), he founded the Open Voting Consortium (OVC). He currently serves as President and CEO of the OVC.
Arthur Keller, Vice President and COO/CFO
Arthur Keller is a computer science professor at the University of California at Santa Cruz. Dr. Keller has taught computer science at Brooklyn College (CUNY), University of Texas (Austin), Helsinki University, University Blas Pascal (Cordoba, Argentina), as well as Stanford University. He is an expert in database systems and computer security. He is a successful entrepreneur having been involved with a number of startups. He also has experience with national media: For example, he was recently on the Lehrer News Hour talking about wireless security issues. Professor Keller serves as the OVC's Vice President, Chief of Operations and Chief Financial Officer.
Doug Jones, Vice President and CTO
Douglas W. Jones has been a Professor of computer science at the University of Iowa since 1980. He has gained considerable expertise in the area of voting technology having served on the Iowa Board of Examiners for Voting Machines and Electronic Voting Systems since 1994. He chaired the board from Fall 1999 to early 2003. This board, appointed by the Secretary of State, must examine and approve all voting machines before they can be offered for sale to county governments. His expertise in this area has put him in great demand since the election mess in 2000 - frequently quoted in the national media. Professor Jones serves as Vice President and Chief Technology Officer for the Open Voting Consortium.
Amit Sahai
Amit Sahai is Assistant Professor of Computer Science at Princeton University. He has a broad range of interests throughout theoretical computer science -- strongly interested in fundamental problems relating to security, as well as those relating to complexity theory, algorithms, learning theory, and the theory of error-correcting codes. Dr. Sahai has served on program committees for conferences in Europe as well as North America involving computer security issues. He is leading the security assessment group for the Open Voting Consortium.
Peter Maggs
Besides being a law professor (University of Illinois at Urbana-Champaign) and a member of the District of Columbia Bar with expertise in intellectual property law, Peter Maggs is a pioneer in computer interfaces for vision-impaired users. In the early 80s, he worked on speech interfaces for PCs and Apple Computers. He also oversaw the development of text to Braille software. He is helping the OVC to navigate the potential intellectual property minefields related to our open voting system development and deployment.
And the web site's "history" page:
History
The Open Voting Consortium (OVC) began with Alan Dechert's November 2000 idea for correcting the voting system. It has grown from a proposal to develop a pilot project in one county in California to a proposa for an in-depth nationwide study. Beyond that, the OVC
We've just linked in an online demo of the voting system as it will operate in a polling station. You can go to the Open Voting Consortium web site, and click on 'web demo'. Or go straight to the ballot if you're impatient.
Please keep in mind that we're not proposing voting through web browsers, or across the internet, because of the numerous security issues. This web demo is intended to let you see what you'd see on our demo on April 1 in California, for people who can't be there.
What you'll see is a ballot formatted for a large screen (1280x1024). You fill it out, then click 'print ballot'. What would happen in a polling station is that the ballot is printed out. In the online version, you can get the ballot as a PDF, Postscript, or JPEG image.
In the stand-alone polling station you will be able to take your paper ballot to a validation station that will read your vote back to you, so that you know that the paper ballot accurately represents your vote.
You then take your ballot to the tabulation station, where a poll worker will scan the ballot and store it in a locked box, where the paper ballots are available for recounts, audits, etc.
This makes a point -- no mail-order company is going to ship a laptop to a hotel express delivery on a foreign credit card -- that just cries out "scam".
What _might_ work would be to place the order weeks ahead of time to get a laptop delivered to a US adderss (if you know anyone in the NY area) and pick the laptop of when you're in NY. Or better yet, buy a laptop from one of the zillion computer stores in NYC.
They were great -- you could write programs that would utilize specific CPU's so that you could indirectly control the display to spell out messages. And aside from that silliness, there were times when you could detect errors or inefficiencies in your software because of the pattery of lights.
"machines were not calibrated to use "gel pens", but only "carbon pens", and wouldn't read the votes make by the wrong pen."
Yep. Detecting mis-reads is somewhat tricky in this case, because it's not an absolute success or failure, but rather a 'percentage' thing. That is, if the machine is miscalibrated, it doesn't always fail to read marks made with the wrong pen, but undercounts by some percentage. That's why they had to audit a bunch of ballots to notice that a few didn't count properly.
"giving a receipt to the voter, along with keeping a paper copy for the polls, is the only way to insure that voting is handled properly"
While I agree with most of what you said, I have to point out that giving receipts to voters is a bad idea because:
- If the receipt indicates their votes, it can be used to coerce voters. ("If you show us a receipt with a vote for X, we'll give you $20")
- If the voter can take the receipt, it can't be used for an audit. ("We're having a recount, but only supports of X show up")
A better solution is to print a ballot that the voter can verify, but for the ballot to remain securely stored in the polling place for auditing and recounts.
Such a system is being written. Check out http://evm2003.sf.net.
That's exactly what the Open Voting Consortium's system does. Check out http://evm2003.sf.net for the software. They've even got an online demo of the system so that you can see what the ballot looks like.
The process is: - Use a touchscreen (or audio for blind voters) station to enter your votes. This prints out a human readable ballot. - If you want, take your ballot to a verification station that will read your ballot back to you. This is a stand-alone system, so it can't "cheat" coordinating with the voting station. - Bring your ballot to a poll worker, who will scan it, and store your ballot in a locked box.
For an audit, you can count the physical ballots and match them against the electronic vote tallies, and of course the physical ballot "wins" if there's any discrepancy.
And, of course, since the software is open source, anyone can read the code, or set up their own test system.
When I go to high-end tech conferences (TED, PC Forum, Pop! Tech, etc., the kind company CTO's go to) all I see are PowerBooks. Heck, and PC Forum the lone Vaio user taped an Apple logo to the lid of his computer in order to "fit in." So Apple clearly completely owns the "leading edge" tech user market, which is a good indicator of where the general market is heading. That is, if the people that build Yahoo, eBay, etc., all use Mac's, then (1) the things they build work on Mac's, and (2) they influence everyone around them to consider Mac's.
And on a more mundane level, Apple is also more profitable than almost any other personal computer company (most are losing money, Apple is profitable). Apple has figured out how to make a retail store chain work (unlike Gateway). Apple has the best brand in the computer business, the best customer loyalty, and highest customer satisfaction. Apple completely dominates the new, rapidly growing digital music sales market. And their platform is the basis for the best price/performance supercomputer on the planet. That's all got to be worth something!
"now that Pocket PCs are comparably priced and sized, they outsell the PalmOS stuff"
Actually, according to Gartner data comparing 2Q02 and 2Q03 (http://www3.gartner.com/5_about/press_releases/pr 15aug2003b.jsp) it looks like Palm's worldwide market share is growing (30.5% to 38%), as is Sony's (10.3% to 11%), while the WinCE licensees' market shares dropped, HP from 15.9% to 15.3%, and 'others' (including Dell) from 41.2% to 30.4%. RIM also grew from 2.1% to 5.3%.
In the US, Palm is more dominant, growing from 40.5% to 46.7%, while Sony shrank slightly, from 13.1% to 12.1%. RIM went from 3.1% to 7.3%, leaving all of the WinCE licensees dropping from43.3% to 33.9%.
So while Palm is doing very well so far, it's always possible that the next version of WinCE turns out to be easy to use, reliable and efficient. But since MS is still stuck with the "Windows everywhere" approach instead of the "sell the best possible product for the market" approach, I think they'll be stuck in second place for a while yet.
This is the usual Microsoft failing -- their winning strategy is to have a product that has more "features" than their competition. This is a winning strategy for the desktop, where users are guided by reviewers who make feature checklists, and people accept usability problems, inefficiency, and instability in return for getting more features quickly. But it's failing in the enterprise software market, and the consumer electronics market, where people care more about usability and reliability than features.
Slashdot Mirror
"I can only write in one candidate for county commissioner, but there are eight slots."
The county commissioner entry is there mainly to show that OVC can support a rankings-based voting (like Instant Runoff Voting) as well as traditional "winner take all" elections. You make a good point that in a real election like that you should be able to have lots of writeins.
"I love the ballot choices" Yeah, they're fun.
"you'd think that they'd want to do more than simply ship MythTV"
From some very recent posts on the MythTV mailing list, it sounds like they've in fact made at least some enhancements to the software (IR handling), and are going to contribute back to the project. They're also providing (legit!) australian listing data. Yay!
"There was a first patch sent to the MythTV-dev mailing list to use the zap2it XML interface a couple days ago"
That was the XML interface that I mentioned. It's nice to know that they've gotten a patch out -- they've been working on it for months...
I think that the consoles are winning. While PC gaming will never die out (a high-end PC will outperform an affordable console, and it's natural for people who already own a PC to play games on it), there are a number of reasons that the videogame market is shifting more and more towards consoles, mainly because of the predicability of the console environment:
- Support costs: Since consoles are extremely predictable, the customer support costs for making a game work are much lower than on a general purpose PC. If you sell a game for $40, you might make $20 after cost of distribution, and a half hour phone call to get video drivers updated means that you've lost money selling that copy of the game. So if I sell the same number of units on a PC and console, the console games will cost me much less to sell.
- Customer satisfaction: It's easier to play on consoles -- put a disk in and turn the console on. PC's require installation, keyboards aren't as nice to use as joysticks, etc.
- Piracy: Piracy is rare in the console world, and common in the PC world. This effectively shrinks the PC gamer market, making it less attractive to sell games.
- Development costs: it's much easier developing software that runs reliably on a console than all PC's. Sure, the PS2 development tools are weird, but you don't have to worry about testing on a wide range of CPU's, RAM, video cards, etc.
- Not a moving target: In PC game development, one of the hardest tasks is to figure out what a PC will be like at that point in the future where your game will ship, and to engineer for that point. If you guess too high, your game won't run on mainstream PC's. If you guess too low, your game will suck compared to someone else. Sure, there are new generations of consoles, but that's only every five years or so, and always screws up the game market until things stabilize. The PC market is always in the turmoil of change.
- Competition: somewhat counter-intuitively, since the PC market is completely open, there are a near infinite number of games written. This makes it very hard to get your game produced, distributed, and marketed. The last time I saw the numbers, it was around 1 in 100 games that were written got distributed, and 1 in 100 games that were distributed that were profitable. The console market is more controlled, so you don't have to compete against a flood of random programs to get noticed.
So while the PC game market will always be around, for lots of good reasons, it'll become (IMO) more and more games in a couple of niches:
- Gamer geek games that appeal to the high-end gamers willing to pay $3K for a machine to run better than a $200 console.
- Weird games that can't get distributed on the consoles. Some of these will be very cool, and get ported to consoles to make the real money.
- Ports of the 'hit' console games, to make a little money. I think that companies will "port to the PC" for the same reasons that they "port to the Mac" -- if it's a hit game, you can make some money selling into smaller markets.
The way that XMLTV "scrapes" the US TV listing data is horrifyingly inefficient. I know, as a friend is associated with the web site that they scrape. So each MythTV user generates hundreds of web page hits a day keeping updated. They're working to implement an XML (ICE) based listing delivery service that could give each user their data in a single transaction, with no worries of breaking the feed if the web site changes it's layout.
"Their only obligation relating to distribution of source code is that they have to give it to people they give the binary to."
Well, they only have to distribute the source code to people they give the binary to, but they also give those people the right to redistribute it freely. So yes, they're not required to give the source directly back to the people that they got it from, but they have to make it available to them, at least indirectly.
That being said, it's not clear that this company made any code improvements to MythTV, so it's not clear that they're obligated to so anything under the GPL other than to give their customers a copy of the original source code if they want it.
"MythTV gives the source code away for free (GPL) - why should anybody who uses it any way automatically be obliged to contribute back to it?"
I didn't say that they _had_ to contribute to the project. Clearly, as long as they abide by the terms of the license they aren't compelled to do more. I said that I hoped that they had the integrity and brains to do more than they're absolutely required to do.
i say "integrity" because the core of their product is MythTV, so you'd think that they'd want to do more than simply ship MythTV -- you'd think they'd want to work to make it better as a way of "paying back" for all of the work that MythTV developers have done.
And I say "brains" because participating actively in the project would earn them credibility in the community that would be cheap PR and sales compared to a traditional marketing campaign.
I agree that they're likely a very small company with limited resources -- that's what I meant by "on the low end of the food chain".
"Some of you open source zealots come across as totally paranoid whiny control freaks. There's absolutely no pleasing you."
That seems a bit extreme, given that you don't know me, or what I advocate (aside from misreading my post). In fact, I actually said that what this company is doing was good ("saves some time configuring hardware and software") but that I hoped that other vendors would step in that would add a bit more value (custom hardware more suitale for the A/V component market, improve the software).
I should know better than to respond to an AC...
I've been waiting for someone to ship a box based on MythTV. But these guys are definately on the low end of the food chain. I'd hope that companies shipping MythTV-based boxes would have enough integrity/brains to contribute to the project, though, rather than just take the software sell a product based on it. I'd also hope that someone would have the brains to make a more optimized system (custom motherboard and plastics, etc.) rather than ship a generic shuttle case. I guess that this does save some effort configuring hardware and software...
That's the plan. There is already one company active in the OVC effort, and we hope that the demo attracts more. There are many, many companies that sell "kiosks" that could be used as voting stations, and I hope that the OVC software will allow them to compete in that market.
"Without a way for me to know that the code running on a machine came from the open source code that I can inspect, it's still very easy to tamper with"
It's best (IMO) to take a "belt and suspenders" approach. That is, there should be multiple mechanism at different layers for addressing security issues.
One basic point is that the human readable text on the printed ballots is the actual vote, which voters can read before submitting their ballot to be counted, so if there's any question the ballots can be recounted by hand. This is why voter verified ballots are so important.
Also, all of the voting machines could be booted from and run software from CD-ROM's, which could be stored after the election for inspection. So if the software is tampered with, it could be determined by inspection.
Also, all printed ballots can be recorded to CD-R from each voting station, so that you can audit printed ballots vs. recorded ballots.
And there's a stand-alone validation station, so voters could take their ballots to that station to verify the vote (particularly important for blind voters, who can't read the printed ballot). So if the voting software has been tampered with to record the wrong votes in the barcode, users will hear the wrong vote read back to them. To evade this, someone would need to tamper with both the voting and validation software to cause both of them to lie to voters the same way, without there being any physical connection between the two.
To get tampered software running on a machine you'd have to figure out how to get your modifications onto the certified master CD. This master CD could be made public for inspection. And since the OVC system is written in Python, plenty of people could read the software (i.e. no magic binaries).
Or you'd have to figure out how to modify the software on a voting station that is locked and has seals, etc., on it, without anyone detecting that it was modified (because any machine with broken tamper seals won't be used). All machine should always be locked storage, or under watch by election workers. And of course the machine's case should be locked as well. This is all the case now with voting machines (mechanical or electronic), any of which are vulnerable to tampering, so this level of security isn't a new issue to election workers.
"I was assuming that there was a human-readable part"
There is. Go look at the demo on the OVC site and take a look at the printed ballot. The ballot has both a plain text record of your vote and a barcode.
The ballot looks like (bad text art ahead):
The '6160' is the ballot number, which is a unique number for each printed ballot, and the H's represent a barcode running down the edges of ballot.
The barcode allows for rapid tabulation of the votes, but in the case of an audit or recount the plain text determines the vote.
"you can tamper with the results by modifying that card or bring a fake card with you"
The real vote is the card, not what was entered on the touchscreen. So if you modify your own ballot, you're only changing your own vote, which you have the right to do.
The OVC ballot has a unique graphic (that would not be made public) printed on it as a watermark, and the voting stations would use special colored and/or sized paper (as is done with ballots now) so that poll workers can easily see if someone printed a ballot at home, etc. Ballots not printed at the polling station should be rejected because there's the potential for a third party to provide pre-filled ballots.
Also, each voting station records what it prints, so that can be reconciled against the ballots that are handed in. So if there are more votes tabulated than were printed, the poll workers can inspect the physical ballots.
Keep in mind two things:
1) The layout is designed to be viewed on a 17" LCD touchscreen. Making the ballot about 30% larger really does help with readability.
2) The real application has a tighter UI (it's Python/WxPython). The web demo is an approximation of the ballot in HTML sufficient to allow you to enter a vote and see the printed ballot (identical to the printed ballot from the real system). But HTML just doesn't give you the precise layout control that you have in a desktop application.
3) The layout of ballots is governed by an astounding number of local regulations. So when the party is to the right, bolded, in a sans serif font two points smaller than the candidate name, that's because some law somewhere calls for it. The end result is that you can't do some fairly obvious things in the layout that would make teh ballots more readable because it violates some rule. Of course, people are fighting to improve those rules, but OVC's job is to promote an open system that conforms to the election laws, not to change them.
"
Re:Much ado about very little
Re:Much ado about very little (Score:3, Informative)
by theLOUDroom (556455) on Wednesday March 24, @09:41AM (#8655762)
The system is simple, robust, secure and verifiable. Each voter gets a smart card (magstripe card in the older days) when they present their papers; they take this smart card into the voting booth and insert it, much like using an ATM (and everyone knows how to do this). The voting machines use a touch screen like an ATM (in the older days, using a light pen), and let you select your candidate/party. The vote is registered to the card, which is then ejected, and inserted into a ballot box that counts the vote as the card is entered.
Holy crap! That system is not simple, robust, secure or verifiable!
There's about a million fundamental problems with that idea. Here are some of them.
* The voter has no way to know what is being written to the smartcard.
* The voter was no way of knowing if the smartcard is being read correctly.
* There's no way to audit the system. (The first point above can't be checked.)
* The system is needlessly complex.
* The system is anything but robust. It requires you to place ultimate trust in THREE machines!
* You have to walk around with something that says who you voted for (if just for a second).
Here's the way electronic voting SHOULD work:
1. I walk into a private booth.
2. I press a button for the canidate I want.
3. I press OK
4. The System prints up a paper card showing the name of the person I voted for. This card can be clearly seen behind a plexiglass window.
5. I press OK again and the card drops into a locked box.
6. I'm done. "
Problem: I don't know that the vote that is counted is the same as the vote that is printed.
Better: the system prints out a card with my votes printed on it. I read the card, put the card in a folder so that nobody can see how I voted, and take the card to a poll worker who scans it and puts it into a locked box.
"The trouble there is that you're using the system that is suspect to verify itself"
In the OVC system, there's no physical connection between the ballot generation stations and the ballot validation stations, and both systems are open source, so anyone who doesn't trust the system can (1) read the source code, and (2) set up their own system to test.
Scanning OCR text has a couple of problems:
- The poll worker doing the scanning can read all of the votes, which means that they know who voted for whom. This is bad.
- full page OCR scanners cost much more than barcode scanners, and
- OCR scanning is less accurate than bar code scanning.
Alan Dechert, the founder of the Open Voting Consortium, has been working on this since late 2000. The result is a project that has tons of members, some very credible people on board, and has produced a working voting system that's being demonstrated publicly on April 1. (The theory is that April 1 is a slow news day, so something "weighty" like voting should get good coverage)
To quote from the web site's "about us" page:
The Open Voting Consortium has broad national and international participation. In addition, the following are our Directors so far.
Alan Dechert, President and CEO
Alan Dechert has been a software test engineer and application developer for the past 15 years. In 2001, with Dr. Henry Brady of UC Berkeley, he co-authored a voting modernization proposal for California. This proposal was designed as an in-depth study of the voting system, including development of reference open source voting software. In 2003, along with Dr. Douglas W. Jones (Univ of Iowa) and Dr. Arthur Keller (UC Santa Cruz), he founded the Open Voting Consortium (OVC). He currently serves as President and CEO of the OVC.
Arthur Keller, Vice President and COO/CFO
Arthur Keller is a computer science professor at the University of California at Santa Cruz. Dr. Keller has taught computer science at Brooklyn College (CUNY), University of Texas (Austin), Helsinki University, University Blas Pascal (Cordoba, Argentina), as well as Stanford University. He is an expert in database systems and computer security. He is a successful entrepreneur having been involved with a number of startups. He also has experience with national media: For example, he was recently on the Lehrer News Hour talking about wireless security issues. Professor Keller serves as the OVC's Vice President, Chief of Operations and Chief Financial Officer.
Doug Jones, Vice President and CTO
Douglas W. Jones has been a Professor of computer science at the University of Iowa since 1980. He has gained considerable expertise in the area of voting technology having served on the Iowa Board of Examiners for Voting Machines and Electronic Voting Systems since 1994. He chaired the board from Fall 1999 to early 2003. This board, appointed by the Secretary of State, must examine and approve all voting machines before they can be offered for sale to county governments. His expertise in this area has put him in great demand since the election mess in 2000 - frequently quoted in the national media. Professor Jones serves as Vice President and Chief Technology Officer for the Open Voting Consortium.
Amit Sahai
Amit Sahai is Assistant Professor of Computer Science at Princeton University. He has a broad range of interests throughout theoretical computer science -- strongly interested in fundamental problems relating to security, as well as those relating to complexity theory, algorithms, learning theory, and the theory of error-correcting codes. Dr. Sahai has served on program committees for conferences in Europe as well as North America involving computer security issues. He is leading the security assessment group for the Open Voting Consortium.
Peter Maggs
Besides being a law professor (University of Illinois at Urbana-Champaign) and a member of the District of Columbia Bar with expertise in intellectual property law, Peter Maggs is a pioneer in computer interfaces for vision-impaired users. In the early 80s, he worked on speech interfaces for PCs and Apple Computers. He also oversaw the development of text to Braille software. He is helping the OVC to navigate the potential intellectual property minefields related to our open voting system development and deployment.
And the web site's "history" page:
History
The Open Voting Consortium (OVC) began with Alan Dechert's November 2000 idea for correcting the voting system. It has grown from a proposal to develop a pilot project in one county in California to a proposa for an in-depth nationwide study. Beyond that, the OVC
We've just linked in an online demo of the voting system as it will operate in a polling station. You can go to the Open Voting Consortium web site, and click on 'web demo'. Or go straight to the ballot if you're impatient.
Please keep in mind that we're not proposing voting through web browsers, or across the internet, because of the numerous security issues. This web demo is intended to let you see what you'd see on our demo on April 1 in California, for people who can't be there.
What you'll see is a ballot formatted for a large screen (1280x1024). You fill it out, then click 'print ballot'. What would happen in a polling station is that the ballot is printed out. In the online version, you can get the ballot as a PDF, Postscript, or JPEG image.
In the stand-alone polling station you will be able to take your paper ballot to a validation station that will read your vote back to you, so that you know that the paper ballot accurately represents your vote.
You then take your ballot to the tabulation station, where a poll worker will scan the ballot and store it in a locked box, where the paper ballots are available for recounts, audits, etc.
This makes a point -- no mail-order company is going to ship a laptop to a hotel express delivery on a foreign credit card -- that just cries out "scam".
What _might_ work would be to place the order weeks ahead of time to get a laptop delivered to a US adderss (if you know anyone in the NY area) and pick the laptop of when you're in NY. Or better yet, buy a laptop from one of the zillion computer stores in NYC.
"Thinking Machines supercomputers had that"
They were great -- you could write programs that would utilize specific CPU's so that you could indirectly control the display to spell out messages. And aside from that silliness, there were times when you could detect errors or inefficiencies in your software because of the pattery of lights.
"machines were not calibrated to use "gel pens", but only "carbon pens", and wouldn't read the votes make by the wrong pen."
Yep. Detecting mis-reads is somewhat tricky in this case, because it's not an absolute success or failure, but rather a 'percentage' thing. That is, if the machine is miscalibrated, it doesn't always fail to read marks made with the wrong pen, but undercounts by some percentage. That's why they had to audit a bunch of ballots to notice that a few didn't count properly.
Good thing they still had the physical ballots!
"giving a receipt to the voter, along with keeping a paper copy for the polls, is the only way to insure that voting is handled properly"
While I agree with most of what you said, I have to point out that giving receipts to voters is a bad idea because:
- If the receipt indicates their votes, it can be used to coerce voters. ("If you show us a receipt with a vote for X, we'll give you $20")
- If the voter can take the receipt, it can't be used for an audit. ("We're having a recount, but only supports of X show up")
A better solution is to print a ballot that the voter can verify, but for the ballot to remain securely stored in the polling place for auditing and recounts.
Such a system is being written. Check out http://evm2003.sf.net.
That's exactly what the Open Voting Consortium's system does. Check out http://evm2003.sf.net for the software. They've even got an online demo of the system so that you can see what the ballot looks like.
The process is:
- Use a touchscreen (or audio for blind voters) station to enter your votes. This prints out a human readable ballot.
- If you want, take your ballot to a verification station that will read your ballot back to you. This is a stand-alone system, so it can't "cheat" coordinating with the voting station.
- Bring your ballot to a poll worker, who will scan it, and store your ballot in a locked box.
For an audit, you can count the physical ballots and match them against the electronic vote tallies, and of course the physical ballot "wins" if there's any discrepancy.
And, of course, since the software is open source, anyone can read the code, or set up their own test system.
When I go to high-end tech conferences (TED, PC Forum, Pop! Tech, etc., the kind company CTO's go to) all I see are PowerBooks. Heck, and PC Forum the lone Vaio user taped an Apple logo to the lid of his computer in order to "fit in." So Apple clearly completely owns the "leading edge" tech user market, which is a good indicator of where the general market is heading. That is, if the people that build Yahoo, eBay, etc., all use Mac's, then (1) the things they build work on Mac's, and (2) they influence everyone around them to consider Mac's.
And on a more mundane level, Apple is also more profitable than almost any other personal computer company (most are losing money, Apple is profitable). Apple has figured out how to make a retail store chain work (unlike Gateway). Apple has the best brand in the computer business, the best customer loyalty, and highest customer satisfaction. Apple completely dominates the new, rapidly growing digital music sales market. And their platform is the basis for the best price/performance supercomputer on the planet. That's all got to be worth something!
"now that Pocket PCs are comparably priced and sized, they outsell the PalmOS stuff"
r 15aug2003b.jsp) it looks like Palm's worldwide market share is growing (30.5% to 38%), as is Sony's (10.3% to 11%), while the WinCE licensees' market shares dropped, HP from 15.9% to 15.3%, and 'others' (including Dell) from 41.2% to 30.4%. RIM also grew from 2.1% to 5.3%.
Actually, according to Gartner data comparing 2Q02 and 2Q03 (http://www3.gartner.com/5_about/press_releases/p
In the US, Palm is more dominant, growing from 40.5% to 46.7%, while Sony shrank slightly, from 13.1% to 12.1%. RIM went from 3.1% to 7.3%, leaving all of the WinCE licensees dropping from43.3% to 33.9%.
So while Palm is doing very well so far, it's always possible that the next version of WinCE turns out to be easy to use, reliable and efficient. But since MS is still stuck with the "Windows everywhere" approach instead of the "sell the best possible product for the market" approach, I think they'll be stuck in second place for a while yet.
This is the usual Microsoft failing -- their winning strategy is to have a product that has more "features" than their competition. This is a winning strategy for the desktop, where users are guided by reviewers who make feature checklists, and people accept usability problems, inefficiency, and instability in return for getting more features quickly. But it's failing in the enterprise software market, and the consumer electronics market, where people care more about usability and reliability than features.