"Apparently one of the central machines from Election Systems & Software Inc. tallied 115 votes for Bush in a certain county, while another machine tallied 365 votes for that same county."
Please learn how to read. The article says that the results from one *voting* (not central) machine were corrupted on the memory card used to read the votes from the machine. When they went back to the actual machine, it showed that 115 votes were cast for Bush on that machine. In addition, 250 votes were cast for Bush on the other two voting machines used in that precinct (not county). The total for the three machines used in that precinct was 365 votes for Bush (115 plus 250). The only discrepancy that existed was the difference between the memory card results (which were impossible) and the voting machine. Overall, the revised results on this machine are as likely to be correct as are the results on any machine.
A 3893 vote error is bad enough. Do you have to dilute this by making up other errors that do not exist?
"why would vote one way, then be ashamed of it 5 minutes later"
Voter intimidation. For example, I knew someone who was both a union member and an NRA member. He was worried that the union might take action against him if he voted against them (for the NRA endorsed Republican). May be tin foil hat stuff, but he believed it and it would have affected his vote and exit poll results. He would have voted Republican when he believed no one could see and told the pollster that he voted for the Democrat.
It is also worth noting that those graphs are very skimpy on data. For example, what happened in the *other* 41 states? Or were the discrepancies from the eVoting precincts or the paper precincts (in Florida, the discrepancies were all in the paper based precincts). Were these polls taken throughout the day? Or were these the 5PM results, before many Republicans had a chance to get off work and vote? How did the exit polls predict other voter characteristics?
For example, does the male/female ratio match? One set of exit poll data that was being discussed had 60% of voters as female. Women were more likely to vote for Kerry than men. Thus, that data was likely skewed.
Any exit poll that does not include "refused to answer" in the results is being dishonest. Again, if the "refused to answer" group is composed of different characteristics than the "answered questions" group (for example, if women are more likely to answer than men), then it is likely that the data is skewed. The refused to answer group has to be considered as an additional source of skew over and above lying and statistical error.
"Personally I still want those 155K votes counted."
There is absolutely 0 chance of them not being counted; even if they are totally irrelevant to the result, they will still be counted. People just shouldn't expect them to change anything. If by some miracle it turned out that all 155,428 were for Kerry and at least 136,484 of them counted, Kerry would win Ohio and the election. However, I wouldn't recommend that you hold your breathe waiting for it to happen.
It is ridiculously unlikely. Even if 85% of the provisional ballots cast are counted for Kerry, he would still lose. He needs 88% plus an additional percentage point for each point Bush got. I.e. he needs an 88% *margin* over Bush. Bush getting as little as 7% of the provisional ballots would preclude Kerry from winning. Not to mention that not all of the provisional ballots will be deemed valid. It is quite possible that 15% or more of them will be rejected. That would be consistent with what happened in 2000.
It is far more likely that the Kerry will gain twenty or thirty thousand votes but still be over a 100,000 short. It's even possible that Bush will gain votes. They expect the provisional ballots to be more Kerry than Bush, but they don't actually know that.
"Yes, but are any of these anomalies statistically significant? If not, it's just random noise regardless of the source."
The random noise that cost Dole votes in Florida in '96 cost Gore the election in 2000. Let's learn from the mistakes and fix these problems *now* rather than wait until after they change the results of an election.
Bush won this election. Most likely without fraud. People shouldn't get their hopes up that Kerry will be assigned the election. At the same time, people shouldn't dismiss the clear problems that did occur. No, they didn't affect *this* election. However, they could have affected an election as close as 2000 (Gore lost by less than the size of the errors in at least two states: Florida and New Mexico, IIRC; either would have been enough to given him the election if he had won).
"Just because you stop youth on the street and ask them to register and they check the democrat box does mean they are going to vote for Kerry."
Actually, many of the partisan vote drives go further than that. They have *already* checked the party box for the registrant; thus, the box check has *nothing* to do with how that person intends to vote. All it demonstrates is that there were more Democrat vote drives than Republican vote drives.
I read a book about this in the early '90s. It pointed out that Democrats were living in the past. Once upon a time, it had in fact been the Democrats who did better among those who did not register to vote. However, that was because at that time, it was the Democrats who were in charge. Modernly, those who do not register lean more Republican.
This is easy enough to explain: Republicans currently hold all houses. If people wanted to change that, they would actively register to vote. Since people were not doing so, they weren't interested enough to change it. Making it easy to register them didn't change this sentiment. Thus, people who registered in vote drives were only lukewarm about the idea of change.
Gentoo is for amateurs. It's just that it's not for those who don't want to learn.
Compare to becoming a chef. Gentoo is like a very detailed recipe for Saucisse Minuit (the delicacy which Nero Wolfe is willing to leave his house to obtain) written for someone who has never cooked previously. Other distros (Red Hat, Suse, Linspire, etc.) are more like TV dinners. You don't become more of a chef by using them, but you won't be hungry (in need of an OS) afterwards.
"all that's needed is a trail linking the votes counted to the votes cast that can be validated by the voter."
If the voter can verify the vote, then someone else can verify the vote. It's like right click protection for images in a browser window, which can be worked around by simply taking a screenshot (even if save as is disabled, which they haven't started doing yet). It is not possible to make a system that only the voter can verify the vote, since the voter can give the relevant info to someone else to verify the vote.
ATMs do not have this problem, because banks do not regard it as a bad thing that the user's receipt may be shown to a third party. Even if you could find a third party that would pay money for an ATM receipt that demonstrates that you deposited $100 into an account, why would the bank care?
"once fraud can be demonstrated"
*IF* fraud can be demonstrated. Note that the two errors seen (in Ohio and North Carolina) seem to be bugs rather than fraud. There is no reason why an actual fraud could not be committed that looked like an error. Further, even if someone shows a discrepancy between the counted record and the receipt's indication; how do you fix it?
For example, what if someone changes all Kerry votes in a precinct to Bush votes (or vice versa). A voter comes forward and points out the error. At that point, what do you do with the other votes? Are all the Bush votes invalid? If so, then there is an incentive for people to fake this situation (by voting for the opposition and then complaining that their votes were changed). If not, then some number of voters are still lost.
Again, this doesn't come up with an ATM: it makes no difference to me if transactions in other accounts are valid; I only care about transactions on my account. If an ATM consistently shorts everyone $20 all day but only I am compensated, I'm still happy. In a vote, it's not just my vote that is important, but everyone else's.
To get back to the point. If votes can be lost even *with* voter verification, then wouldn't it be better to concentrate on securing the vote counting process? ATMs handle this by having two people open the deposits. Each one verifies that the other isn't pocketing any cash that might be there. Similarly, votes are counted by at *least* one person from each major party. Further, anyone who wants can be certified as an observer and be present when they open the ballot boxes.
In game theory terms, the no verification strategy weakly dominates the verification strategy: both are only as secure as the vote counting process (i.e. verification does not prevent fraud unless *everyone* uses it); no verification is not subject to vote selling.
"The problem is that the process of turning source code into binary code is opaque to the developer."
No, the problem with C is that it allows people to do things that they shouldn't. This is why it is a great language when the absolute best performance is required. It doesn't do multiple automatic input verifications; instead, it leaves input verification entirely to the programmer. In other words, C makes the programmer take the responsibility for writing secure programs.
The kind of problem that you are discussing is more what you see with the use of various APIs. The problem is that there isn't a good way in C to state that an API does or does not do input verification. Further, some of the APIs might be expected to do input verification but not (e.g. the JPEG library vulnerabilities).
Some people use this to argue that programming languages should be "idiot proofed" from buffer overflows, etc. While this is not ideal (automatic input verifications waste time, since they will check the same data multiple times), modern compilers should be able to compile out most of the inefficiencies. Further, APIs are having to do this anyway. If this is done in the language, then the compiler at least has the chance to compile out multiple instances of the same input checking.
Of course, this also means that programmers will lose the habit of adding input verification to their programs. This will make it difficult to find people to write the input verification into the compiler, as is required in this model. But then, many programmers never had the habit of writing in input verification; that's why there are so many programs vulnerable to buffer overflows.
"Who gets to decide who doesn't have to pay into Social Security?"
Everyone has to pay. People just have the option of putting some of their contribution into a private system rather than the public system. Presumably who does this will be determined by who wants to do so.
"And who is going to pay MORE Social Security tax to make up for the lost revenue?"
There is a surplus in the social security system. No one needs to pay more social security taxes...we already are paying more. We have been since the early 80s.
One of the greatest problems with the current system is that it doesn't actually save money for the future. Instead, the social security surplus is loaned to the federal government *before* deficit calculations are made. Partial privatization allows for actual saving of funds: something lacking from the current system.
"I can't understand the intense desire to automate voting."
You are looking at it backwards. It's not the cost of voting that is at issue. The problem was that in 2000, there was dispute over the vote totals. They fixed that with eVoting by making recounts effectively impossible. Thus no controversy over how the votes are cast.
Hopefully some of the problems in this election will highlight some of the possible problems that could occur in future elections. However, this might just be our 1996 (Dole in '96 got screwed by the same issue as Gore was in 2000; it just didn't affect the result, so no one bothered to complain). What if the North Carolina problem (where votes were actually lost; probably to Bush's detriment, but no one knows) had happened in a more competitive state? Particularly if it had been a state with enough electoral votes to have changed the outcome?
Btw, I doubt that the counts were swapped in Ohio. Note that most of the eVoting counties went Democrat and had been expected to do so.
No, it is very difficult to rig an election that has a paper trail. Otherwise, we would hear about rigged elections every so often; note that by their very nature, rigged elections involve multiple people, so they would have occasional collapses. Ballots in a lock box are a very secure voting method. While it is theoretically possible to compromise the process, it would be difficult to do so on the scale necessary to change the election.
Even with receipts, what dangers do black hats face? The receipt does not indicate who rigged the election. Yes, they make it slightly more likely that a change will be caught. However, even if it is, it can be blamed on a bug (as is currently occurring in Ohio and North Carolina) rather than on the black hat. Too lenient here, and there is no disincentive; too harsh, and there is an incentive to fake a receipt to trigger the penalties.
Conversely, vote rigging is essentially useless without receipts. With receipts, it is no more difficult than compromising *both* the paper ballots and the original eVoting machines. The weakness is primarily that one might get caught.
I think that you also underestimate the power of intimidation. I can remember one case of a fellow who was in both a union and the NRA. He was actively worried about contributing to an NRA supported candidate whom the union opposed. Receipts opens up a can of worms that is better left untouched. It's not just straight forward vote buying.
Actually, there are system designs that do this in various ways (including at least one that is completely paperless; no paper trail, just an electronic receipt). Yes, none of them have been implemented, but neither have touch screens with individual ballots to be dropped in a lock box (the preferred solution). There are some people who are actively advocating receipts...just look at the response below yours.
"They were able to check the machine that had malfunctioned"
No, the memory card malfunctioned. The machine worked fine. They know (as best they know for any of the machines) that the machine was correct because its vote totals add up with the paper sign up record...unlike those on the memory card. The issue is more that if the machine had malfunctioned, then it would have sent the wrong total to the memory card and *both* would have been wrong. If that had happened (or if there weren't two records, as happened in North Carolina), then it would have been major news, as the data would not have been recoverable.
The actual situation is bad enough. No need to dilute the point with FUD. Every time you do that, it allows opponents to point out the hole in the FUD rather than talk about the real issues.
Btw, I would be careful about using the term "printout." The Ohio machine does produce a printout (as required by Ohio law): of the summary results. The problem is that there is no vote by vote print out that is reviewed by voters as they cast their votes. Only the Sequoia machines offer that option. Even the Sequoia machines are not ideal, since they partially compromise privacy by retaining vote order on a per machine basis (it's a scrolling printout). They are simpler better than the ES&S and Diebold machines.
Votes need to be correct (cast as the voter intends); verifiable (i.e. the voter needs to be able to check the final form of the vote; no purely electronic system cannot do this, as the voter can't view the bits); and private (no one, not even the voter, should be able to verify that that voter's vote was cast later; otherwise, it allows vote selling, which is every bit as bad as fraud or miscast votes). This is all quite possible (the optical scan ballots can be used this way now; eVoting only needs the addition of individual ballots printed from machines).
"A wrinkle is the fact that all the early exit polls pointed to a Kerry victory,"
This would actually be expected in most voter models. Republicans should get the early advantage in people voting on their way to work (the first hour or so); then Democrats get the advantage as people out of work or in odd shifts vote (those same early exit polls also indicated that 60% of voters were women--the mid-day housewife bump); then Republicans recover in the evening as people get off work. This is more a problem with watching exit polls throughout the day.
There is a similar problem with watching the actual results. Republican suburbs report first, then Democrat cities, and finally republican rural areas. Thus, for most of the election, Democrats are over counted.
A more critical issue is that some feel that the *final* exit polls were more Kerry than Bush in a number of eVoting states. However, I have not seen independent support of this. CNN's exit polls agree with the vote count. It is possible that they may have adjusted them to better fit the actual voter profile.
"The house of representitives elections are becoming insane, with a lot of stupidly safe seats. only something like 10% of house seats are competetive,"
Becoming? They were always like that. In general, most races that involve an incumbent are safe (incumbents consistently win over 95% of the time, except in elections like '92, when only 92% of incumbents won).
It is hard to overcome the three advantages of the incumbent: one, the voters have voted for the incumbent previously and it is difficult to make them change their vote (one of the reasons for negative ads is to break people loose from their previous vote choices); two, the incumbent gets to send postal mail at taxpayer expense (worth about $250,000 in money that a challenger must pay just to match the incumbent); three, it is more worthwhile to bribe (contribute to the campaign) of an incumbent who can definitely help you now (and who has a voting record that you can use to verify that helpfulness) than a challenger who might be able to help you (if victorious).
Gerrymandering actually *decreases* the safety of seats. The point of gerrymandering is to move all the opposition votes into one safe district and to make as many seats as possible where you can be competitive. As practiced by Republicans, gerrymandering creates urban districts and suburban/rural districts. Gerrymandering will also frequently pit incumbents against each other to attempt to reduce the incumbents of your opponent, thus creating competitive elections where they would otherwise not exist.
If you want to reduce the number of safe elections, look to term limits (reduces the number of incumbents), primary reform (eliminate the artificial separation between parties that keeps centrists from winning primaries--half their support is in the other party; this could allow two members of the same party to emerge from the primary; where the moderate would normally have lost), multiple candidate management (plurality voting favors the candidate with the largest minority in multiple candidate elections; it loses the secondary, etc. preferences; i.e. it forgets that the liberal prefers the moderate to the conservative and the conservative prefers the moderate to the liberal; plurality voting doesn't allow for compromise), and campaign finance reform (in particular, changes that allow a challenger to match the incumbent's finances).
"Also, most states must be very close before a recount is required."
However, it is generally true that a recount can be called by the candidate and voters. For example, in Ohio, a recount is triggered automatically by a margin of.25% of the votes or less *OR* by the candidate and five voters requesting one.
Yes, it is possible that the candidate won't realize that a recount is indicated. If so, the candidate is screwed in *any* system.
Without a paper trail, there is no way to verify or correct voter fraud/errors if they occur. With a paper trail, it is at least possible (if a recount is done). Worrying about how best to trigger a recount is a comparatively minor issue. Yes, some changes should be made to support eVoting (including a recount in a random sampling of precincts to verify that the recorded results were the same as those exhibited by the electronic system), but the most important thing is to ensure that a recount *can* be done.
The existing eVote machines in Ohio (at least the one on which I voted) do not allow for recountable results. This is unacceptable. Particularly with the two publicized (discovered!) errors (one was in North Carolina).
"To increase the deterrent, you need to either increase the punishment, or increase the chance of being caught."
There is no evidence that increasing the punishment (jail time) deters any crime. The fact of punishment does (i.e. jail time has more of a deterrent effect than no jail time). Thus, increasing the chance of being caught is the only way to increase the deterrent.
The point of longer jail sentences is less about increasing the deterrent (except comparatively; murder is punished more harshly than kidnapping because that gives relative grades for those two crimes; more importantly, murderers are also pursued more strongly than mere kidnappers) and more about taking people out of situations where they can sin again. A major reason why murderers get life sentences is so that they never have the chance to murder again. Putting someone in jail may not deter others, but at least it keeps that person from committing crime again (other than jailhouse crimes, which are mostly against other criminals). This is the point of "three strikes" laws. They get people who commit crime regularly off the streets.
It's also worth noting that it is easier to get probable cause, etc. on someone with an existing record than it is to get it with someone who has never been in jail.
My favorite example was that patent Kodak owned that listed Smalltalk as prior art. I read the claims, but I didn't see *anything* that wasn't already part of the published Smalltalk work. Yet Sun still paid millions to settle the patent claim.
Microsoft is also appealing the Eolas patent, claiming that the original trial didn't give proper weight to the prior art.
That article also has some information on how the Sequoia machines work which suggests that they have a workable paper audit trail. Not done in what I would consider to be the ideal way (spooling causes privacy concerns; I would prefer to print the ballot and then put it into a standard lockbox), but certainly better than no paper trail.
"Where I've personally worked elections, the 2 or 3 lead people generally had 20-30 years experience doing elections."
So? Really, so? Do they have 20-30 years experience dealing with eVoting machines? Or were the first 15-25 years entirely with other mechanisms?
"Having gaming commission people audit elections equipment is like having firewall coders review database software. It might be interesting, but it's not a real-world test."
Yet it is perfectly reasonable to expect people who have always used paper and mechanical voting to review electronic voting.
The gaming commission deals with computer devices where changing the settings can cost them money. Electronic voting machines deal with computer devices where changing the settings can cause votes to be miscast. While a specific exploit is unlikely to be transferable from one to the other, things that look like vulnerabilities to the gaming commission are likely to have similar exploits in the voting machines.
"Can you guarantee that a pollworker won't wait until 7:30 and vote for 10 people that were in the pollbook but didn't show up to vote?"
No, of course not. However, that is a detectable problem. The ten signatures in the polling book could be recognized, because there *is* a paper record. Further, it requires compromising multiple poll workers (not just the one who votes, but the others watching as well). These are exactly the areas where 20-30 years of election experience are useful.
"I am a bit concerned with their track record and attitude, but that's not what we're talking about. We're talking about a massive and unjustified presumption of guilt on the part of elections people and machines."
Bull. We are *exactly* talking about problems with Diebold machines. We are *not* talking about election workers (except one very singular case involving some missing documentation; however, this is a minor issue). You are the one raising a straw man here.
"if you lack confidence in your elections people."
I don't. I lack confidence in machines that do not have reviewable (by me) paper audits. My complaint is quite specific to the possibility that these machines can be compromised *without* compromising the elections people without requiring any failures on the part of the election people.
Incidentally, Dole got screwed by the same effect in 1996 but no one complained, because it didn't matter to the result. If they had complained then, there would have been time to correct the problem before 2000.
I find it very unlikely that BlackBoxVoting can find problems in the Ohio (or other) election that will affect the final result. However, if there are problems, it is essential that we find these things out now rather than later, when it matters. Further, if there are things that look bad but really aren't, it would be better to find that out now rather than in a contentious election later.
"but I don't understand why people make such a big deal out of it... get a filter."
Obviously spoken by someone who has never lost work because of an email deleted by a filter.
Not to mention the server costs involved. Consider large ISPs, like AOL or Road Runner. If 2/3 of their bandwidth is spam, they could process their real mail with only 1/3 as many servers and probably use several sys admins for other work. For them, getting spammed is more like someone setting fire to the shrubbery. Maybe a car or two catches fire as well.
Personally, for a first offense, I would be happy with 3 years for a spammer. However, if they want to go nine, I won't complain. Particularly since I don't know anything about the surrounding circumstances. For example, if these spams were phishes or if these people have engaged in previous frauds, I would want the sentence to be harsher.
You're missing the point. It doesn't matter how dedicated, hard working, or impartial the elections people are if the machines themselves are fundamentally flawed. Particularly if the dedicated, hard working, impartial people don't really know enough to detect the fraud when it occurs. It's not like they're 1337 system admins. In general, they're office workers or volunteers.
Can you guarantee that the Diebold election machines are secure against tampering at the polls (by voters or machine admins)? When Las Vegas considered buying from Diebold, the Las Vegas/Nevada Gaming Commission reviewed the Diebold election machines and rejected them as insecure. Those also are dedicated, hard working, and impartial people. Further, they are people whose only job is to look for fraudulent manipulation of similar machines. They were unsatisfied with the *machines* (not the poll workers).
If BlackBoxVoting.org ultimately finds absolutely nothing wrong, that in and of itself justifies the time and effort. It would help renew faith in a system that was rocked in 2000.
It would be far more of a waste of effort if they found a problem, as there is really no way to correct a problem (for example, say I examined the vote results from my precinct and looked for my unique set of votes; what if I can't find it? At best, I might get the votes from my precinct thrown out; the problem is that my precinct went for Kerry over all; throwing out its votes would *hurt* Kerry).
Look at Florida in 2000. Clearly, many people who intended to vote for Gore had their votes counted for Buchanan instead. We know that. We have strong indications (look at the double marked ballots; far more people had the Buchanan/Gore pair than any other, tens of thousands more) that enough people did this that Gore would have won the race if their votes had been counted for him. This was never fixed. If there was tampering in this election, it probably won't be fixed either. Our greatest hope is that we might prevent *future* tampering.
They generally try to exit poll in multiple precincts with a representative sample of the state. According to here, CNN only got 28% of their exit poll data from Central Iowa (probably mostly Des Moines).
"I'm not even so concerned with overturning a bush presidency (although I will admit that from my point of view that would be sweet)"
And also very unlikely. It would be more likely that the Ohio electors would be disqualified completely, which would throw the election to the House (and Senate for VP). Bush wins (unless they also get enough House members disqualified to give a majority to the Dems; unlikely at the moment, since that would take something like 30 house seats).
Slashdot Mirror
"Apparently one of the central machines from Election Systems & Software Inc. tallied 115 votes for Bush in a certain county, while another machine tallied 365 votes for that same county."
Please learn how to read. The article says that the results from one *voting* (not central) machine were corrupted on the memory card used to read the votes from the machine. When they went back to the actual machine, it showed that 115 votes were cast for Bush on that machine. In addition, 250 votes were cast for Bush on the other two voting machines used in that precinct (not county). The total for the three machines used in that precinct was 365 votes for Bush (115 plus 250). The only discrepancy that existed was the difference between the memory card results (which were impossible) and the voting machine. Overall, the revised results on this machine are as likely to be correct as are the results on any machine.
A 3893 vote error is bad enough. Do you have to dilute this by making up other errors that do not exist?
"why would vote one way, then be ashamed of it 5 minutes later"
Voter intimidation. For example, I knew someone who was both a union member and an NRA member. He was worried that the union might take action against him if he voted against them (for the NRA endorsed Republican). May be tin foil hat stuff, but he believed it and it would have affected his vote and exit poll results. He would have voted Republican when he believed no one could see and told the pollster that he voted for the Democrat.
It is also worth noting that those graphs are very skimpy on data. For example, what happened in the *other* 41 states? Or were the discrepancies from the eVoting precincts or the paper precincts (in Florida, the discrepancies were all in the paper based precincts). Were these polls taken throughout the day? Or were these the 5PM results, before many Republicans had a chance to get off work and vote? How did the exit polls predict other voter characteristics?
For example, does the male/female ratio match? One set of exit poll data that was being discussed had 60% of voters as female. Women were more likely to vote for Kerry than men. Thus, that data was likely skewed.
Any exit poll that does not include "refused to answer" in the results is being dishonest. Again, if the "refused to answer" group is composed of different characteristics than the "answered questions" group (for example, if women are more likely to answer than men), then it is likely that the data is skewed. The refused to answer group has to be considered as an additional source of skew over and above lying and statistical error.
"Personally I still want those 155K votes counted."
There is absolutely 0 chance of them not being counted; even if they are totally irrelevant to the result, they will still be counted. People just shouldn't expect them to change anything. If by some miracle it turned out that all 155,428 were for Kerry and at least 136,484 of them counted, Kerry would win Ohio and the election. However, I wouldn't recommend that you hold your breathe waiting for it to happen.
It is ridiculously unlikely. Even if 85% of the provisional ballots cast are counted for Kerry, he would still lose. He needs 88% plus an additional percentage point for each point Bush got. I.e. he needs an 88% *margin* over Bush. Bush getting as little as 7% of the provisional ballots would preclude Kerry from winning. Not to mention that not all of the provisional ballots will be deemed valid. It is quite possible that 15% or more of them will be rejected. That would be consistent with what happened in 2000.
It is far more likely that the Kerry will gain twenty or thirty thousand votes but still be over a 100,000 short. It's even possible that Bush will gain votes. They expect the provisional ballots to be more Kerry than Bush, but they don't actually know that.
"Yes, but are any of these anomalies statistically significant? If not, it's just random noise regardless of the source."
The random noise that cost Dole votes in Florida in '96 cost Gore the election in 2000. Let's learn from the mistakes and fix these problems *now* rather than wait until after they change the results of an election.
Bush won this election. Most likely without fraud. People shouldn't get their hopes up that Kerry will be assigned the election. At the same time, people shouldn't dismiss the clear problems that did occur. No, they didn't affect *this* election. However, they could have affected an election as close as 2000 (Gore lost by less than the size of the errors in at least two states: Florida and New Mexico, IIRC; either would have been enough to given him the election if he had won).
"Just because you stop youth on the street and ask them to register and they check the democrat box does mean they are going to vote for Kerry."
Actually, many of the partisan vote drives go further than that. They have *already* checked the party box for the registrant; thus, the box check has *nothing* to do with how that person intends to vote. All it demonstrates is that there were more Democrat vote drives than Republican vote drives.
I read a book about this in the early '90s. It pointed out that Democrats were living in the past. Once upon a time, it had in fact been the Democrats who did better among those who did not register to vote. However, that was because at that time, it was the Democrats who were in charge. Modernly, those who do not register lean more Republican.
This is easy enough to explain: Republicans currently hold all houses. If people wanted to change that, they would actively register to vote. Since people were not doing so, they weren't interested enough to change it. Making it easy to register them didn't change this sentiment. Thus, people who registered in vote drives were only lukewarm about the idea of change.
Gentoo is for amateurs. It's just that it's not for those who don't want to learn.
Compare to becoming a chef. Gentoo is like a very detailed recipe for Saucisse Minuit (the delicacy which Nero Wolfe is willing to leave his house to obtain) written for someone who has never cooked previously. Other distros (Red Hat, Suse, Linspire, etc.) are more like TV dinners. You don't become more of a chef by using them, but you won't be hungry (in need of an OS) afterwards.
"all that's needed is a trail linking the votes counted to the votes cast that can be validated by the voter."
If the voter can verify the vote, then someone else can verify the vote. It's like right click protection for images in a browser window, which can be worked around by simply taking a screenshot (even if save as is disabled, which they haven't started doing yet). It is not possible to make a system that only the voter can verify the vote, since the voter can give the relevant info to someone else to verify the vote.
ATMs do not have this problem, because banks do not regard it as a bad thing that the user's receipt may be shown to a third party. Even if you could find a third party that would pay money for an ATM receipt that demonstrates that you deposited $100 into an account, why would the bank care?
"once fraud can be demonstrated"
*IF* fraud can be demonstrated. Note that the two errors seen (in Ohio and North Carolina) seem to be bugs rather than fraud. There is no reason why an actual fraud could not be committed that looked like an error. Further, even if someone shows a discrepancy between the counted record and the receipt's indication; how do you fix it?
For example, what if someone changes all Kerry votes in a precinct to Bush votes (or vice versa). A voter comes forward and points out the error. At that point, what do you do with the other votes? Are all the Bush votes invalid? If so, then there is an incentive for people to fake this situation (by voting for the opposition and then complaining that their votes were changed). If not, then some number of voters are still lost.
Again, this doesn't come up with an ATM: it makes no difference to me if transactions in other accounts are valid; I only care about transactions on my account. If an ATM consistently shorts everyone $20 all day but only I am compensated, I'm still happy. In a vote, it's not just my vote that is important, but everyone else's.
To get back to the point. If votes can be lost even *with* voter verification, then wouldn't it be better to concentrate on securing the vote counting process? ATMs handle this by having two people open the deposits. Each one verifies that the other isn't pocketing any cash that might be there. Similarly, votes are counted by at *least* one person from each major party. Further, anyone who wants can be certified as an observer and be present when they open the ballot boxes.
In game theory terms, the no verification strategy weakly dominates the verification strategy: both are only as secure as the vote counting process (i.e. verification does not prevent fraud unless *everyone* uses it); no verification is not subject to vote selling.
"The problem is that the process of turning source code into binary code is opaque to the developer."
No, the problem with C is that it allows people to do things that they shouldn't. This is why it is a great language when the absolute best performance is required. It doesn't do multiple automatic input verifications; instead, it leaves input verification entirely to the programmer. In other words, C makes the programmer take the responsibility for writing secure programs.
The kind of problem that you are discussing is more what you see with the use of various APIs. The problem is that there isn't a good way in C to state that an API does or does not do input verification. Further, some of the APIs might be expected to do input verification but not (e.g. the JPEG library vulnerabilities).
Some people use this to argue that programming languages should be "idiot proofed" from buffer overflows, etc. While this is not ideal (automatic input verifications waste time, since they will check the same data multiple times), modern compilers should be able to compile out most of the inefficiencies. Further, APIs are having to do this anyway. If this is done in the language, then the compiler at least has the chance to compile out multiple instances of the same input checking.
Of course, this also means that programmers will lose the habit of adding input verification to their programs. This will make it difficult to find people to write the input verification into the compiler, as is required in this model. But then, many programmers never had the habit of writing in input verification; that's why there are so many programs vulnerable to buffer overflows.
"Who gets to decide who doesn't have to pay into Social Security?"
Everyone has to pay. People just have the option of putting some of their contribution into a private system rather than the public system. Presumably who does this will be determined by who wants to do so.
"And who is going to pay MORE Social Security tax to make up for the lost revenue?"
There is a surplus in the social security system. No one needs to pay more social security taxes...we already are paying more. We have been since the early 80s.
One of the greatest problems with the current system is that it doesn't actually save money for the future. Instead, the social security surplus is loaned to the federal government *before* deficit calculations are made. Partial privatization allows for actual saving of funds: something lacking from the current system.
"I can't understand the intense desire to automate voting."
You are looking at it backwards. It's not the cost of voting that is at issue. The problem was that in 2000, there was dispute over the vote totals. They fixed that with eVoting by making recounts effectively impossible. Thus no controversy over how the votes are cast.
Hopefully some of the problems in this election will highlight some of the possible problems that could occur in future elections. However, this might just be our 1996 (Dole in '96 got screwed by the same issue as Gore was in 2000; it just didn't affect the result, so no one bothered to complain). What if the North Carolina problem (where votes were actually lost; probably to Bush's detriment, but no one knows) had happened in a more competitive state? Particularly if it had been a state with enough electoral votes to have changed the outcome?
Btw, I doubt that the counts were swapped in Ohio. Note that most of the eVoting counties went Democrat and had been expected to do so.
No, it is very difficult to rig an election that has a paper trail. Otherwise, we would hear about rigged elections every so often; note that by their very nature, rigged elections involve multiple people, so they would have occasional collapses. Ballots in a lock box are a very secure voting method. While it is theoretically possible to compromise the process, it would be difficult to do so on the scale necessary to change the election.
Even with receipts, what dangers do black hats face? The receipt does not indicate who rigged the election. Yes, they make it slightly more likely that a change will be caught. However, even if it is, it can be blamed on a bug (as is currently occurring in Ohio and North Carolina) rather than on the black hat. Too lenient here, and there is no disincentive; too harsh, and there is an incentive to fake a receipt to trigger the penalties.
Conversely, vote rigging is essentially useless without receipts. With receipts, it is no more difficult than compromising *both* the paper ballots and the original eVoting machines. The weakness is primarily that one might get caught.
I think that you also underestimate the power of intimidation. I can remember one case of a fellow who was in both a union and the NRA. He was actively worried about contributing to an NRA supported candidate whom the union opposed. Receipts opens up a can of worms that is better left untouched. It's not just straight forward vote buying.
Actually, there are system designs that do this in various ways (including at least one that is completely paperless; no paper trail, just an electronic receipt). Yes, none of them have been implemented, but neither have touch screens with individual ballots to be dropped in a lock box (the preferred solution). There are some people who are actively advocating receipts...just look at the response below yours.
"They were able to check the machine that had malfunctioned"
No, the memory card malfunctioned. The machine worked fine. They know (as best they know for any of the machines) that the machine was correct because its vote totals add up with the paper sign up record...unlike those on the memory card. The issue is more that if the machine had malfunctioned, then it would have sent the wrong total to the memory card and *both* would have been wrong. If that had happened (or if there weren't two records, as happened in North Carolina), then it would have been major news, as the data would not have been recoverable.
The actual situation is bad enough. No need to dilute the point with FUD. Every time you do that, it allows opponents to point out the hole in the FUD rather than talk about the real issues.
Btw, I would be careful about using the term "printout." The Ohio machine does produce a printout (as required by Ohio law): of the summary results. The problem is that there is no vote by vote print out that is reviewed by voters as they cast their votes. Only the Sequoia machines offer that option. Even the Sequoia machines are not ideal, since they partially compromise privacy by retaining vote order on a per machine basis (it's a scrolling printout). They are simpler better than the ES&S and Diebold machines.
Votes need to be correct (cast as the voter intends); verifiable (i.e. the voter needs to be able to check the final form of the vote; no purely electronic system cannot do this, as the voter can't view the bits); and private (no one, not even the voter, should be able to verify that that voter's vote was cast later; otherwise, it allows vote selling, which is every bit as bad as fraud or miscast votes). This is all quite possible (the optical scan ballots can be used this way now; eVoting only needs the addition of individual ballots printed from machines).
"A wrinkle is the fact that all the early exit polls pointed to a Kerry victory,"
This would actually be expected in most voter models. Republicans should get the early advantage in people voting on their way to work (the first hour or so); then Democrats get the advantage as people out of work or in odd shifts vote (those same early exit polls also indicated that 60% of voters were women--the mid-day housewife bump); then Republicans recover in the evening as people get off work. This is more a problem with watching exit polls throughout the day.
There is a similar problem with watching the actual results. Republican suburbs report first, then Democrat cities, and finally republican rural areas. Thus, for most of the election, Democrats are over counted.
A more critical issue is that some feel that the *final* exit polls were more Kerry than Bush in a number of eVoting states. However, I have not seen independent support of this. CNN's exit polls agree with the vote count. It is possible that they may have adjusted them to better fit the actual voter profile.
"The house of representitives elections are becoming insane, with a lot of stupidly safe seats. only something like 10% of house seats are competetive,"
Becoming? They were always like that. In general, most races that involve an incumbent are safe (incumbents consistently win over 95% of the time, except in elections like '92, when only 92% of incumbents won).
It is hard to overcome the three advantages of the incumbent: one, the voters have voted for the incumbent previously and it is difficult to make them change their vote (one of the reasons for negative ads is to break people loose from their previous vote choices); two, the incumbent gets to send postal mail at taxpayer expense (worth about $250,000 in money that a challenger must pay just to match the incumbent); three, it is more worthwhile to bribe (contribute to the campaign) of an incumbent who can definitely help you now (and who has a voting record that you can use to verify that helpfulness) than a challenger who might be able to help you (if victorious).
Gerrymandering actually *decreases* the safety of seats. The point of gerrymandering is to move all the opposition votes into one safe district and to make as many seats as possible where you can be competitive. As practiced by Republicans, gerrymandering creates urban districts and suburban/rural districts. Gerrymandering will also frequently pit incumbents against each other to attempt to reduce the incumbents of your opponent, thus creating competitive elections where they would otherwise not exist.
If you want to reduce the number of safe elections, look to term limits (reduces the number of incumbents), primary reform (eliminate the artificial separation between parties that keeps centrists from winning primaries--half their support is in the other party; this could allow two members of the same party to emerge from the primary; where the moderate would normally have lost), multiple candidate management (plurality voting favors the candidate with the largest minority in multiple candidate elections; it loses the secondary, etc. preferences; i.e. it forgets that the liberal prefers the moderate to the conservative and the conservative prefers the moderate to the liberal; plurality voting doesn't allow for compromise), and campaign finance reform (in particular, changes that allow a challenger to match the incumbent's finances).
"Also, most states must be very close before a recount is required."
.25% of the votes or less *OR* by the candidate and five voters requesting one.
However, it is generally true that a recount can be called by the candidate and voters. For example, in Ohio, a recount is triggered automatically by a margin of
Yes, it is possible that the candidate won't realize that a recount is indicated. If so, the candidate is screwed in *any* system.
Without a paper trail, there is no way to verify or correct voter fraud/errors if they occur. With a paper trail, it is at least possible (if a recount is done). Worrying about how best to trigger a recount is a comparatively minor issue. Yes, some changes should be made to support eVoting (including a recount in a random sampling of precincts to verify that the recorded results were the same as those exhibited by the electronic system), but the most important thing is to ensure that a recount *can* be done.
The existing eVote machines in Ohio (at least the one on which I voted) do not allow for recountable results. This is unacceptable. Particularly with the two publicized (discovered!) errors (one was in North Carolina).
You're right. That is even more stupid than I thought it was.
"To increase the deterrent, you need to either increase the punishment, or increase the chance of being caught."
There is no evidence that increasing the punishment (jail time) deters any crime. The fact of punishment does (i.e. jail time has more of a deterrent effect than no jail time). Thus, increasing the chance of being caught is the only way to increase the deterrent.
The point of longer jail sentences is less about increasing the deterrent (except comparatively; murder is punished more harshly than kidnapping because that gives relative grades for those two crimes; more importantly, murderers are also pursued more strongly than mere kidnappers) and more about taking people out of situations where they can sin again. A major reason why murderers get life sentences is so that they never have the chance to murder again. Putting someone in jail may not deter others, but at least it keeps that person from committing crime again (other than jailhouse crimes, which are mostly against other criminals). This is the point of "three strikes" laws. They get people who commit crime regularly off the streets.
It's also worth noting that it is easier to get probable cause, etc. on someone with an existing record than it is to get it with someone who has never been in jail.
Unfortunately, I think that you will have to modify the step 2 from the original Yankee group version:
1. Make ambiguous statement.
2. Sell it to Microsoft.
3. Profit!
I don't think that Microsoft will be willing to pay you for your prediction.
Sorry.
My favorite example was that patent Kodak owned that listed Smalltalk as prior art. I read the claims, but I didn't see *anything* that wasn't already part of the published Smalltalk work. Yet Sun still paid millions to settle the patent claim.
Microsoft is also appealing the Eolas patent, claiming that the original trial didn't give proper weight to the prior art.
I've been reading a bunch of stuff recently, so I don't remember exactly where I saw this. However, google gives the following: "Heller said he selected Sequoia for several reasons, including a report from the state Gaming Control Board on the security of Diebold."
That article also has some information on how the Sequoia machines work which suggests that they have a workable paper audit trail. Not done in what I would consider to be the ideal way (spooling causes privacy concerns; I would prefer to print the ballot and then put it into a standard lockbox), but certainly better than no paper trail.
"Where I've personally worked elections, the 2 or 3 lead people generally had 20-30 years experience doing elections."
So? Really, so? Do they have 20-30 years experience dealing with eVoting machines? Or were the first 15-25 years entirely with other mechanisms?
"Having gaming commission people audit elections equipment is like having firewall coders review database software. It might be interesting, but it's not a real-world test."
Yet it is perfectly reasonable to expect people who have always used paper and mechanical voting to review electronic voting.
The gaming commission deals with computer devices where changing the settings can cost them money. Electronic voting machines deal with computer devices where changing the settings can cause votes to be miscast. While a specific exploit is unlikely to be transferable from one to the other, things that look like vulnerabilities to the gaming commission are likely to have similar exploits in the voting machines.
"Can you guarantee that a pollworker won't wait until 7:30 and vote for 10 people that were in the pollbook but didn't show up to vote?"
No, of course not. However, that is a detectable problem. The ten signatures in the polling book could be recognized, because there *is* a paper record. Further, it requires compromising multiple poll workers (not just the one who votes, but the others watching as well). These are exactly the areas where 20-30 years of election experience are useful.
"I am a bit concerned with their track record and attitude, but that's not what we're talking about. We're talking about a massive and unjustified presumption of guilt on the part of elections people and machines."
Bull. We are *exactly* talking about problems with Diebold machines. We are *not* talking about election workers (except one very singular case involving some missing documentation; however, this is a minor issue). You are the one raising a straw man here.
"if you lack confidence in your elections people."
I don't. I lack confidence in machines that do not have reviewable (by me) paper audits. My complaint is quite specific to the possibility that these machines can be compromised *without* compromising the elections people without requiring any failures on the part of the election people.
"Got a cite?"
Sure, According to the study, 5,277 voters made a clean punch for Gore and a clean punch for Reform Party nominee Pat Buchanan, candidates whose political philosophies are poles apart. An additional 1,650 voters made clean punches for Bush and Buchanan. Tens of thousands comes from this article, which is broader in scope. Note: I'm not claiming that anything illegal happened nor that these votes should have been counted for Gore in a recount. I'm simply claiming that there is strong reason to believe that votes were miscast and that the nature of the ballots made it more likely that Gore voters would make mistakes than that Bush voters would. The votes that I would *really* like to count would be invisible, as they would be votes for Gore that showed up as votes for Buchanan.
Incidentally, Dole got screwed by the same effect in 1996 but no one complained, because it didn't matter to the result. If they had complained then, there would have been time to correct the problem before 2000.
I find it very unlikely that BlackBoxVoting can find problems in the Ohio (or other) election that will affect the final result. However, if there are problems, it is essential that we find these things out now rather than later, when it matters. Further, if there are things that look bad but really aren't, it would be better to find that out now rather than in a contentious election later.
"but I don't understand why people make such a big deal out of it ... get a filter."
Obviously spoken by someone who has never lost work because of an email deleted by a filter.
Not to mention the server costs involved. Consider large ISPs, like AOL or Road Runner. If 2/3 of their bandwidth is spam, they could process their real mail with only 1/3 as many servers and probably use several sys admins for other work. For them, getting spammed is more like someone setting fire to the shrubbery. Maybe a car or two catches fire as well.
Personally, for a first offense, I would be happy with 3 years for a spammer. However, if they want to go nine, I won't complain. Particularly since I don't know anything about the surrounding circumstances. For example, if these spams were phishes or if these people have engaged in previous frauds, I would want the sentence to be harsher.
You're missing the point. It doesn't matter how dedicated, hard working, or impartial the elections people are if the machines themselves are fundamentally flawed. Particularly if the dedicated, hard working, impartial people don't really know enough to detect the fraud when it occurs. It's not like they're 1337 system admins. In general, they're office workers or volunteers.
Can you guarantee that the Diebold election machines are secure against tampering at the polls (by voters or machine admins)? When Las Vegas considered buying from Diebold, the Las Vegas/Nevada Gaming Commission reviewed the Diebold election machines and rejected them as insecure. Those also are dedicated, hard working, and impartial people. Further, they are people whose only job is to look for fraudulent manipulation of similar machines. They were unsatisfied with the *machines* (not the poll workers).
If BlackBoxVoting.org ultimately finds absolutely nothing wrong, that in and of itself justifies the time and effort. It would help renew faith in a system that was rocked in 2000.
It would be far more of a waste of effort if they found a problem, as there is really no way to correct a problem (for example, say I examined the vote results from my precinct and looked for my unique set of votes; what if I can't find it? At best, I might get the votes from my precinct thrown out; the problem is that my precinct went for Kerry over all; throwing out its votes would *hurt* Kerry).
Look at Florida in 2000. Clearly, many people who intended to vote for Gore had their votes counted for Buchanan instead. We know that. We have strong indications (look at the double marked ballots; far more people had the Buchanan/Gore pair than any other, tens of thousands more) that enough people did this that Gore would have won the race if their votes had been counted for him. This was never fixed. If there was tampering in this election, it probably won't be fixed either. Our greatest hope is that we might prevent *future* tampering.
They generally try to exit poll in multiple precincts with a representative sample of the state. According to here, CNN only got 28% of their exit poll data from Central Iowa (probably mostly Des Moines).
"I'm not even so concerned with overturning a bush presidency (although I will admit that from my point of view that would be sweet)"
And also very unlikely. It would be more likely that the Ohio electors would be disqualified completely, which would throw the election to the House (and Senate for VP). Bush wins (unless they also get enough House members disqualified to give a majority to the Dems; unlikely at the moment, since that would take something like 30 house seats).