Unfortunately what this does not tell us is how much smarter high IQ people are.
For instance Usain Bolt being the current 100m world record holder, he would be the equivalent of someone with an IQ way above 150. Now 13 seconds is an average time for a 100m sprint. So does that mean that Usain Bolt can run 100m in 5 seconds? Of course not. His current record is 9.69 seconds. It's better than the average but not very much better in absolute terms than what most could achieve with a bit of training (Usain Bolt trained a lot so I feel it's a fair comparison).
Hopefully for us as a society, things are different for intelligence and high IQ people can really help us progress faster (assuming we, the masses, are not too dumb to recognize a good idea / discovery when we see one).
No, but it does put into question the other statements you make. Will you be offering the same apology later? 'I was indeed mistaken (realized it a bit after I had sent the post). It appears it wasn't X crashing, but rather my video card due to overheating because my computer is 10 years old and full of dust.'
So you're saying the dust is causing the crahs and not the X server. And dust is supposed to accumulate specifically when I try the newer server versions, and goes away right as soon as I downgrade.
I hope you do realize this your attitude is very counter productive.
I was indeed mistaken (realised it a bit after I had sent the post). The card has three outputs: a VGA port, an S-VHS port and... a DVI port. The DVI port is connected to the HDMI entry of the LCD screen. Now, does that change anything to whether X is stable or not?
How much memory do you have? I've mostly seen X crash while something is hogging all the memory and paging is slowing everything down.
X does crash through its own fault too. I have an ATI 7500 which is about 8 years old so you'd think that by now all the bugs would have been worked out. But if I start doing 3D stuff for more than 5 minutes there's a fifty percent chance the X display will be filled with goo that will only go away after a reboot, or will crash altogether. Furthermore I'm using xserver-xorg-video-ati 6.6.3 because the newer versions (at least 6.8.0) couldn't even initialize my graphics card HDMI port correctly (ok, I'll have to try again with 6.9.0 but I'm not holding my breath). (There's also annoying colored pixels surrounding text when I scroll a page with a non-white background in Firefox, but I'm not 100% sure if that's the driver's fault)
Finally, I'm involved in the Wine project and I regularly get to hear about other X drivers either causing rendering issues or outright crashes. So I strongly disagree with your insinuation that an X crash can only have external causes (yeah, I lump X and its drivers together because for a user they are one and the same).
Paper ballots return but electronic voting remains since the ballots will counted by optical scan machines.
Sure you can recount the ballots... after they've been moved around, taken out of sight from voters for hours, and then only if a candidate manages to get the recount ordered. As for the systematic 3% recounts, there's no way to check it really is randomly selected, and again it happens on ballots after they have been moved around, etc.
Ballot counting should be performed right there on the spot, in the voting station as soon as the election closes. Anything else is madness.
Having two rounds would help avoid that duopoly too. In the first round you vote for the candidate you really support, and in the second one you vote for the lesser of two evils. Switching to approval voting would be even better (but seems even more unlikely to ever happen).
So what happens if the OS gets wiped and need to be reinstalled from scratch? The serial # will be useless.:(
The serial number is only a way to create an account on codeweavers.com for free. Once you've done that, you can log into that account and get a new download at any time, including any new version that comes out in the next year. After that year, either you renew to continue getting upgrades and support, or you don't and can still get access to the last version that was released during that year.
Note that CodeWeavers has free trials all year round.
They are fully functional but time limited (that's why they're called trials). So anyone who missed yesterday's opportunity can still try the software risk-free.
Having 'games' in the name implies it is optimized for gaming, but does one use both for gaming, or is the pro a more light weight version without the gaming tweaks?
It's as you say, each is tested and tweaked for either games or 'productivity' applications.
Finally does one license number cover both?
This offer gives you Pro licenses which covers CrossOver Games too. So yes.
Just some 20 hours after that, every brazilian city - including those few, far deep in the rain forest - knew the name of their new mayor and councilors, who will take office for the 2009-2012 term.
What can justify taking 20 hours to count the votes? Even manual counting is done in an hour or two. Maybe these cities are very isolated but this should not matter since these sound like local elections, and thus should be entirely handled at the local level. And the article spins this as a great achievement because miscreants only had 20 hours to stuff ballots instead of 80?
All political parties have access to the source code, and digitally sign the executable code, and thus can confirm, at any individual machine, that the running software is the official one.
How? By looking at a checksum on the screen? Does the author realize that the machine can show whatever it wants so that this proves nothing? This affirmation sounds like official propaganda taken at face value.
In this screenshot we can clearly see what looks like a bog-standard BIOS. Do the political parties have its source too? Did they verify the corresponding binaries? Did they sign them?
I didn't count in 2006, but in 2004 my ballot had over 60 separate decisions to be made.
This complexity has been used to justify switching to electronic voting systems and that's something that has been bugging me for some time.
An election is a public debate. But how can you meaningfully debate 60 different issues simultaneously? How can people find the time to get informed about these 60 different issues, so they know how to vote? And if the answer is to just vote along the party lines, then what's the point of having anything more than a choice between party x, y and z in the first place?
In France we shifted the local elections by one year so that they would not fall between the legislative elections and the presidential elections, precisely for that reason. I think it makes a lot of sense.
So to me the complexity of your ballots is not a justification for using electronic voting machines. Quite the opposite. That you need such a complex and unverifiable voting system to handle them is further justification that running so many elections at the same time is wrong and should be revised.
But with electronic voting machines there's nothing for the candidate representatives or myself to verify. No way to know if the machines have been rigged or not.
That is an assertion, not a fact, and it's truth depends on the characteristics of a given implementation.
No this truth is independent of the implementation because it derives directly from the very nature of these systems.
The behavior of electronic systems is dictated by the way microscopic-scale transistors are wired together inside integrated circuits, and by the infinitesimal electric charges or magnetic fields you feed them (also known as programs). Humans cannot perceive either of these directly and thus have to rely on third parties to study them.
Among these third parties you will necessarily find other electronic systems. Of course you cannot use the electronic system you want to verify to perform the verification. That would be as effective as asking a liar if he is lying. So until you have built a 'Star-Trek tricorder' that is able to analyze a computer at the micron-scale from a distance, you will have to take the thing apart, which takes time and gives you ample opportunity for tampering with it.
Note that the above does not depend on the implementation. It does not matter if you use an Intel or a MIPS processor, if you use 1990s technology or something a million times faster, if you program in C or in Java, if the code is proprietary or open-source. It's still, all of it, invisible and thus requires you to trust third parties (human or electronic) in order to perform the analysis.
And then the complexity of the analysis kills you. An electronic voting system is composed of at least a hundred million critical parts: ~10 million transistors in the processor, ~128 million capacitors in a 16MB memory, ~1 million lines of code in the proprietary BIOS, ~1 million lines of code in the Linux kernel, etc. There's no way even a specialist can check all of this, even given years.
Compare this to the paper based voting systems. The whole system is composed of: the box, the lid, the lever, two locks, two keys, and the ballots themselves. That's under ten parts, plus a couple thousand ballots, and maybe envelopes too (all identical, each checked by a voter). All the parts are visible. All the parts are familiar to everyone. Anyone can verify the whole system in a few minutes with no possibility of tampering with it.
Consider this: would you use an electronic voting system provided by your worst enemy? What if you had one hour to verify it?
Then, would you use a transparent ballot box provided by your worst enemy? What if you had 5 minutes to verify it?
That's the key. Until you reduce the complexity of verifying an electronic voting system to match that of verifying a paper voting system you cannot meaningfully pretend to you are able to verify them.
Well, I don't think it's faith. It's a general perception that we generally are able to solve hard problems, of which this seems to be one.
But some of these perceptions are misplaced, there are issues that science cannot solve. And to me this is clearly one.
Who follows the ballot box?
In France you don't have to. The ballots are counted right on the spot, in the polling station, by voters, overseen by candidate representatives and civil servants. Once they've left the polling station they lose their legal value (which is how it should be).
Who has transparent ballot boxes
France. It's the law since 1989 and it has essentially killed election fraud.
Who is at the polling place at opening to check that it's empty?
Candidate representatives, at least two. It's the law (in France again). In most polling stations that means 5 or 6 people from opposing parties and thus unlikely to collude together. And if I have the slightest doubt, I know I can go and verify things myself.
But with electronic voting machines there's nothing for the candidate representatives or myself to verify. No way to know if the machines have been rigged or not.
Who runs sample ballots through to see if they are correctly tabulated?
Count the ballots manually (like in Fance). It's possible if you have a sane voting system and then you don't have the issue of rigged tabulators. Note that running sample ballots can help detect errors, but are totally ineffective at detecting fraud anyway.
The size of the set of people that know how to manipulate the paper process is larger than the size of the set of people that have the competence to screw with an electronic process.
But if you know how to rig the paper process, you will only be able to impact one polling station, that is only 1000 to 1500 votes. If you want to have any significant impact in a national election you will need accomplices in hundreds to thousands of polling stations.
If you know how to rig the electronic machines, you can rig all of them with only the help of a handful people (a security guard, someone with access to the master binaries). That's far more powerful than any paper fraud technique can be. It's like viruses: write it once, infect millions of computers. Only here it's: hack once, rig everywhere!
The machine DOES print a "receipt".
It is not "readable" but it can be verified if necessary - receipt and paper trail kept in the machine must match for starters.
The machine prints both the receipt and the internal paper trail so of course you'd rig both so that they match. And since the receipt cannot be verified by the voter, he won't be able to detect that it's been tampered with. So the mechanism you describe is useless for detecting fraud (its only use would be to detect innocent software errors).
Anyway, I've provided my sources. Please provide your source that claims these machines leave two paper trails.
Simple math tells me each machine holds little over 300 votes on average - and chances of fraud detection rise as more machines are tampered with.
That's true for paper elections because it means you need more accomplices. But with voting machines all you need is to tamper with the software that's installed everywhere and you run little more risk of the fraud being detected with 100 machines than with just 1.
I agree that verification is required. What I don't agree with is that it cannot be achieved. It's a hard problem, to be sure. But why not try to solve it, rather than pouting and stamping our feet, insisting that it simply can't be done?
Here's the requirement: for paper elections I can come early morning on election day and verify that the ballot box is empty and works as expected. I can keep an eye on it all day up until people are done with counting the ballots. I can verify the process in its entirety.
I want to be able to do the same with voting machines. However I write programs for a living and I know that just checking the software checksum would give me ample opportunity for tampering and thus would be denied. As to verifying the hardware, I would not even have the competence and it would take months (How do you verify a processor works as expected? Intel is the specialist and they let slip division errors!).
So as a professional in the field, your faith that these machines can be made to work as they should sounds like a completely unrealistic dream. But you're not alone and it frightens me to see these self-delusions help perpetuate something that may well bring democracy down.
E-voting has a huge potential for general issues that make the rigging of a whole national election possible.
Which makes it different from paper voting exactly how? Paper voting has been manipulated in the US for years (cf. Chicago, Florida and Ohio) and has very recently fucked us over egregiously
That's because your election regulations are broken. Two examples:
My understanding is that you don't have transparent ballot boxes. This simplifies ballot stuffing greatly.
Furthermore it seems like the ballot boxes are usually moved to a central location before being opened for counting. This of course makes it next to impossible for voters and candidate representatives to keep an eye on them during transport.
These issues and much more can be fixed by enacting appropriate laws and can make undetected election fraud virtually impossible... but only for paper elections.
I don't think e-voting is magic by any means, but I also don't see any reason to doubt that it can be made reasonably resilient and trustworthy.
On election day even the best computer science expert will never be able to verify that the voting machine he is using has not been rigged. He will have to trust that the civil servant (appointed by the mayor) was not corrupt, that the guards securing the warehouse housing the machines were not corrupt, that the person transporting them to the polling place was not corrupt, etc, etc, etc. No law can fix that.
Used an ATM lately? Then you agree that distributed hardware with unattended public access is reasonably safe. You get a receipt, but when was the last time you ever had to make use of it to make sure that your transaction was correct?
Receipts and bank statements are precisely what keeps banks honest. They know people can and do independently verify their contents and will catch them if they start stealing money from the accounts. But for an election you do not know what the result will be in advance and you cannot independently verify that it is correct.
In the US, we have seen that partisan officials can get in and fuck with paper voting systems more than well enough to affect elections. THAT is our real problem.
That may well be. But add electronic voting to the mix and now you have two problems to solve, instead of one.
Voter verified paper trail. IIRC, the machines in Brazil have one. In addition random hand recounts of precincts are needed as well.
Unfortunately it seems you remember wrong. According to Wikipedia:
they do not produce a printed vote verified by the voter which would permit an audit of the vote-counting. This makes them highly dependent on the trusting of the software. The application program which verifies the internal integrity of the system is itself vulnerable to adulterations.
When reading this article I've been immediately struck by the following:
Do her wider-set eyes, the longer distance between her hairline and the bridge of the nose, and the rounder shape of her face make her more beautiful?
As far as I know, facial recognition algorithms rely on these metrics to classify faces and be able to recognize them despite changes in makeup, hair cut, and lighting. So is this software the easy way to get around facial recognition technology?
You could take a photo of yourself with a digital camera, tweak it with this software, and then give it to the official the next time you get a passport. The official will identify the photo as being you because of the "unmistakable similarity" to the original touted by the article. But any software using your now 'official' photo will not recognize you.
Of course the solution is simple (and maybe already in place in some countries): don't let your citizens provide their passport photo.
There's no need to be sarcastic, I'm trying to explain the process the best as I can but looks like I'm not being successful.
And I'm trying to describe the obvious flaws in the process you describe (which I don't doubt corresponds to reality). But apparently I'm not successful either.
What I'm saying is that the system is sealed as soon as the signed binary is installed and there's no external access ports.
What I'm saying is that, even sealed, the binary could be changed at any time between when it is installed and election day (all you need is the right type of sticky tape and a bit of alcohol). I'll add that voters cannot keep the voting machines in their sight at all times during that period, thus they have to trust 'officials' so the election lacks transparency.
There's a paper trail
That's not what the fine article or the Wikipedia article say. To quote the Wikipedia article: "they do not produce a printed vote verified by the voter which would permit an audit of the vote-counting". If you have a better source of information, please produce it.
The binary is signed and any party can ask to check any ballot station.
Oh, come on! Don't be so naive!
So you say that on election day they will let me, shut down the voting computer, extract its flash memory card, plug it into my laptop, and check that its content matches the published signature? Of course not! (and with good reason)
I don't care that the voting computer had the right binary the day before the election, or that it has the right one the day after. All that matters is the binary used in the voting computer I use on election day (and even more precisely, during the election).
Signing a binary and installing it in great fanfare on some voting computers days or weeks prior to election day makes for a great show, but does nothing to prove that this binary will still be present on the voting computer on election day.
One VERY simple method used carbon paper so that the vote for each one would be copied and could be delivered to the candidate as "proof of voting" to retrieve some bucks from him.
The way you've described it, this cannot be used as a way to coerce someone into voting the right way:
First write the expected name on a piece of paper, so you have the carbon copy with the 'right name' on it. Then just use another piece of paper to vote.
For one, there's no doubt if a vote is valid or not
We both know that electronic votes can be tampered with. This can happen if someone modifies the software being run by the voting computer. So your above statement can only mean that one can immediately tell if an electronic ballot has been tampered with or not. So please tell me:
What differentiates a rigged electronic ballot from a genuine electronic ballot? What is this ballot property can the voting computer not fake perfectly?
If you find no such property, then we must conclude that it is impossible to bring material proof that an electronic ballot is fraudulent.
Scientia est Potentia
Indeed. Unfortunately you seem to be ignoring all the scientific issues with electronic voting.
It does not matter that you can audit the published source code. When you get to the polling station you have no way to verify that it is running the code that you audited.
They also can run simulations and test the system for security and fraud
The code running on the machine will only rig the results if more than 700 ballots have been cast, or if the election lasted for more than 10 hours, or if it's election day. Any tests you conduct are very unlikely to catch anything suspicious.
and request any ballot to be audited.
You still seem to be under the illusion that there is any ballot to be audited. The voting computer may well be only keeping a running total for each candidate so that there is no ballot at all. Even if there is one, it will be nothing more than a tiny electric charge in memory, one that was created by the very same software that's rigging the vote in the first place. There is nothing to audit.
The whole software and data is also available for 2 years after the election.
Three words: self erasing code.
Besides, even in the best case, what are you going to do twelve months later when you detect the fraud. Undo every law passed by the government in that interval? Undo any war started by said government? (don't say this cannot happen, look to your 'neighbor way north').
During the election days, representatives of any party can stay at any polling station to be sure that the election is not being rigged in this point.
Are they allowed to hook up a hardware debugger to the voting computer? No? How are they going to verify anything then? You cannot detect a rigged voting computer just by looking at it!
Personally, I think our system is quite secure and would require a major conspiracy involving basically everyone.
Quite the opposite. To rig a paper election you need one or more accomplices in each and every polling station otherwise you won't have any global effect. To rig an electronic election you need exactly one accomplice with access to the binary image being installed on the voting machines.
Slashdot Mirror
Unfortunately what this does not tell us is how much smarter high IQ people are.
For instance Usain Bolt being the current 100m world record holder, he would be the equivalent of someone with an IQ way above 150. Now 13 seconds is an average time for a 100m sprint. So does that mean that Usain Bolt can run 100m in 5 seconds? Of course not. His current record is 9.69 seconds. It's better than the average but not very much better in absolute terms than what most could achieve with a bit of training (Usain Bolt trained a lot so I feel it's a fair comparison).
Hopefully for us as a society, things are different for intelligence and high IQ people can really help us progress faster (assuming we, the masses, are not too dumb to recognize a good idea / discovery when we see one).
I ran a script to open and close the CD tray hoping to catch his attention.
For extra credit, time the open /close orders to send your message in Morse code.
No, but it does put into question the other statements you make. Will you be offering the same apology later? 'I was indeed mistaken (realized it a bit after I had sent the post). It appears it wasn't X crashing, but rather my video card due to overheating because my computer is 10 years old and full of dust.'
So you're saying the dust is causing the crahs and not the X server. And dust is supposed to accumulate specifically when I try the newer server versions, and goes away right as soon as I downgrade.
I hope you do realize this your attitude is very counter productive.
I was indeed mistaken (realised it a bit after I had sent the post). The card has three outputs: a VGA port, an S-VHS port and... a DVI port. The DVI port is connected to the HDMI entry of the LCD screen. Now, does that change anything to whether X is stable or not?
How much memory do you have? I've mostly seen X crash while something is hogging all the memory and paging is slowing everything down.
X does crash through its own fault too. I have an ATI 7500 which is about 8 years old so you'd think that by now all the bugs would have been worked out. But if I start doing 3D stuff for more than 5 minutes there's a fifty percent chance the X display will be filled with goo that will only go away after a reboot, or will crash altogether. Furthermore I'm using xserver-xorg-video-ati 6.6.3 because the newer versions (at least 6.8.0) couldn't even initialize my graphics card HDMI port correctly (ok, I'll have to try again with 6.9.0 but I'm not holding my breath). (There's also annoying colored pixels surrounding text when I scroll a page with a non-white background in Firefox, but I'm not 100% sure if that's the driver's fault)
Finally, I'm involved in the Wine project and I regularly get to hear about other X drivers either causing rendering issues or outright crashes. So I strongly disagree with your insinuation that an X crash can only have external causes (yeah, I lump X and its drivers together because for a user they are one and the same).
Paper ballots return but electronic voting remains since the ballots will counted by optical scan machines.
Sure you can recount the ballots... after they've been moved around, taken out of sight from voters for hours, and then only if a candidate manages to get the recount ordered. As for the systematic 3% recounts, there's no way to check it really is randomly selected, and again it happens on ballots after they have been moved around, etc.
Ballot counting should be performed right there on the spot, in the voting station as soon as the election closes. Anything else is madness.
Having two rounds would help avoid that duopoly too. In the first round you vote for the candidate you really support, and in the second one you vote for the lesser of two evils. Switching to approval voting would be even better (but seems even more unlikely to ever happen).
So what happens if the OS gets wiped and need to be reinstalled from scratch? The serial # will be useless. :(
The serial number is only a way to create an account on codeweavers.com for free. Once you've done that, you can log into that account and get a new download at any time, including any new version that comes out in the next year. After that year, either you renew to continue getting upgrades and support, or you don't and can still get access to the last version that was released during that year.
Note that CodeWeavers has free trials all year round.
They are fully functional but time limited (that's why they're called trials). So anyone who missed yesterday's opportunity can still try the software risk-free.
Having 'games' in the name implies it is optimized for gaming, but does one use both for gaming, or is the pro a more light weight version without the gaming tweaks?
It's as you say, each is tested and tweaked for either games or 'productivity' applications.
Finally does one license number cover both?
This offer gives you Pro licenses which covers CrossOver Games too. So yes.
These versions are unlocked - you don't need the serial, so it no longer matters that the server generating serials is not responding.
Note that you need a serial number to get a license! So do request one. The web site should be quite responsive now so this should be no trouble.
From the article:
Just some 20 hours after that, every brazilian city - including those few, far deep in the rain forest - knew the name of their new mayor and councilors, who will take office for the 2009-2012 term.
What can justify taking 20 hours to count the votes? Even manual counting is done in an hour or two. Maybe these cities are very isolated but this should not matter since these sound like local elections, and thus should be entirely handled at the local level. And the article spins this as a great achievement because miscreants only had 20 hours to stuff ballots instead of 80?
All political parties have access to the source code, and digitally sign the executable code, and thus can confirm, at any individual machine, that the running software is the official one.
How? By looking at a checksum on the screen? Does the author realize that the machine can show whatever it wants so that this proves nothing? This affirmation sounds like official propaganda taken at face value.
http://augustocampos.net/arquivos/uebrl-04.JPG
In this screenshot we can clearly see what looks like a bog-standard BIOS. Do the political parties have its source too? Did they verify the corresponding binaries? Did they sign them?
I didn't count in 2006, but in 2004 my ballot had over 60 separate decisions to be made.
This complexity has been used to justify switching to electronic voting systems and that's something that has been bugging me for some time.
An election is a public debate. But how can you meaningfully debate 60 different issues simultaneously? How can people find the time to get informed about these 60 different issues, so they know how to vote? And if the answer is to just vote along the party lines, then what's the point of having anything more than a choice between party x, y and z in the first place?
In France we shifted the local elections by one year so that they would not fall between the legislative elections and the presidential elections, precisely for that reason. I think it makes a lot of sense.
So to me the complexity of your ballots is not a justification for using electronic voting machines. Quite the opposite. That you need such a complex and unverifiable voting system to handle them is further justification that running so many elections at the same time is wrong and should be revised.
But with electronic voting machines there's nothing for the candidate representatives or myself to verify. No way to know if the machines have been rigged or not.
That is an assertion, not a fact, and it's truth depends on the characteristics of a given implementation.
No this truth is independent of the implementation because it derives directly from the very nature of these systems.
The behavior of electronic systems is dictated by the way microscopic-scale transistors are wired together inside integrated circuits, and by the infinitesimal electric charges or magnetic fields you feed them (also known as programs). Humans cannot perceive either of these directly and thus have to rely on third parties to study them.
Among these third parties you will necessarily find other electronic systems. Of course you cannot use the electronic system you want to verify to perform the verification. That would be as effective as asking a liar if he is lying. So until you have built a 'Star-Trek tricorder' that is able to analyze a computer at the micron-scale from a distance, you will have to take the thing apart, which takes time and gives you ample opportunity for tampering with it.
Note that the above does not depend on the implementation. It does not matter if you use an Intel or a MIPS processor, if you use 1990s technology or something a million times faster, if you program in C or in Java, if the code is proprietary or open-source. It's still, all of it, invisible and thus requires you to trust third parties (human or electronic) in order to perform the analysis.
And then the complexity of the analysis kills you. An electronic voting system is composed of at least a hundred million critical parts: ~10 million transistors in the processor, ~128 million capacitors in a 16MB memory, ~1 million lines of code in the proprietary BIOS, ~1 million lines of code in the Linux kernel, etc. There's no way even a specialist can check all of this, even given years.
Compare this to the paper based voting systems. The whole system is composed of: the box, the lid, the lever, two locks, two keys, and the ballots themselves. That's under ten parts, plus a couple thousand ballots, and maybe envelopes too (all identical, each checked by a voter). All the parts are visible. All the parts are familiar to everyone. Anyone can verify the whole system in a few minutes with no possibility of tampering with it.
Consider this: would you use an electronic voting system provided by your worst enemy? What if you had one hour to verify it?
Then, would you use a transparent ballot box provided by your worst enemy? What if you had 5 minutes to verify it?
That's the key. Until you reduce the complexity of verifying an electronic voting system to match that of verifying a paper voting system you cannot meaningfully pretend to you are able to verify them.
Well, I don't think it's faith. It's a general perception that we generally are able to solve hard problems, of which this seems to be one.
But some of these perceptions are misplaced, there are issues that science cannot solve. And to me this is clearly one.
Who follows the ballot box?
In France you don't have to. The ballots are counted right on the spot, in the polling station, by voters, overseen by candidate representatives and civil servants. Once they've left the polling station they lose their legal value (which is how it should be).
Who has transparent ballot boxes
France. It's the law since 1989 and it has essentially killed election fraud.
Who is at the polling place at opening to check that it's empty?
Candidate representatives, at least two. It's the law (in France again). In most polling stations that means 5 or 6 people from opposing parties and thus unlikely to collude together. And if I have the slightest doubt, I know I can go and verify things myself.
But with electronic voting machines there's nothing for the candidate representatives or myself to verify. No way to know if the machines have been rigged or not.
Who runs sample ballots through to see if they are correctly tabulated?
Count the ballots manually (like in Fance). It's possible if you have a sane voting system and then you don't have the issue of rigged tabulators. Note that running sample ballots can help detect errors, but are totally ineffective at detecting fraud anyway.
The size of the set of people that know how to manipulate the paper process is larger than the size of the set of people that have the competence to screw with an electronic process.
But if you know how to rig the paper process, you will only be able to impact one polling station, that is only 1000 to 1500 votes. If you want to have any significant impact in a national election you will need accomplices in hundreds to thousands of polling stations.
If you know how to rig the electronic machines, you can rig all of them with only the help of a handful people (a security guard, someone with access to the master binaries). That's far more powerful than any paper fraud technique can be. It's like viruses: write it once, infect millions of computers. Only here it's: hack once, rig everywhere!
The machine DOES print a "receipt". It is not "readable" but it can be verified if necessary - receipt and paper trail kept in the machine must match for starters.
The machine prints both the receipt and the internal paper trail so of course you'd rig both so that they match. And since the receipt cannot be verified by the voter, he won't be able to detect that it's been tampered with. So the mechanism you describe is useless for detecting fraud (its only use would be to detect innocent software errors).
Anyway, I've provided my sources. Please provide your source that claims these machines leave two paper trails.
Simple math tells me each machine holds little over 300 votes on average - and chances of fraud detection rise as more machines are tampered with.
That's true for paper elections because it means you need more accomplices. But with voting machines all you need is to tamper with the software that's installed everywhere and you run little more risk of the fraud being detected with 100 machines than with just 1.
I agree that verification is required. What I don't agree with is that it cannot be achieved. It's a hard problem, to be sure. But why not try to solve it, rather than pouting and stamping our feet, insisting that it simply can't be done?
Here's the requirement: for paper elections I can come early morning on election day and verify that the ballot box is empty and works as expected. I can keep an eye on it all day up until people are done with counting the ballots. I can verify the process in its entirety.
I want to be able to do the same with voting machines. However I write programs for a living and I know that just checking the software checksum would give me ample opportunity for tampering and thus would be denied. As to verifying the hardware, I would not even have the competence and it would take months (How do you verify a processor works as expected? Intel is the specialist and they let slip division errors!).
So as a professional in the field, your faith that these machines can be made to work as they should sounds like a completely unrealistic dream. But you're not alone and it frightens me to see these self-delusions help perpetuate something that may well bring democracy down.
E-voting has a huge potential for general issues that make the rigging of a whole national election possible.
Which makes it different from paper voting exactly how? Paper voting has been manipulated in the US for years (cf. Chicago, Florida and Ohio) and has very recently fucked us over egregiously
That's because your election regulations are broken. Two examples:
These issues and much more can be fixed by enacting appropriate laws and can make undetected election fraud virtually impossible... but only for paper elections.
I don't think e-voting is magic by any means, but I also don't see any reason to doubt that it can be made reasonably resilient and trustworthy.
On election day even the best computer science expert will never be able to verify that the voting machine he is using has not been rigged. He will have to trust that the civil servant (appointed by the mayor) was not corrupt, that the guards securing the warehouse housing the machines were not corrupt, that the person transporting them to the polling place was not corrupt, etc, etc, etc. No law can fix that.
Used an ATM lately? Then you agree that distributed hardware with unattended public access is reasonably safe. You get a receipt, but when was the last time you ever had to make use of it to make sure that your transaction was correct?
Receipts and bank statements are precisely what keeps banks honest. They know people can and do independently verify their contents and will catch them if they start stealing money from the accounts. But for an election you do not know what the result will be in advance and you cannot independently verify that it is correct.
In the US, we have seen that partisan officials can get in and fuck with paper voting systems more than well enough to affect elections. THAT is our real problem.
That may well be. But add electronic voting to the mix and now you have two problems to solve, instead of one.
Voter verified paper trail. IIRC, the machines in Brazil have one. In addition random hand recounts of precincts are needed as well.
Unfortunately it seems you remember wrong. According to Wikipedia:
they do not produce a printed vote verified by the voter which would permit an audit of the vote-counting. This makes them highly dependent on the trusting of the software. The application program which verifies the internal integrity of the system is itself vulnerable to adulterations.
When reading this article I've been immediately struck by the following:
Do her wider-set eyes, the longer distance between her hairline and the bridge of the nose, and the rounder shape of her face make her more beautiful?
As far as I know, facial recognition algorithms rely on these metrics to classify faces and be able to recognize them despite changes in makeup, hair cut, and lighting. So is this software the easy way to get around facial recognition technology?
You could take a photo of yourself with a digital camera, tweak it with this software, and then give it to the official the next time you get a passport. The official will identify the photo as being you because of the "unmistakable similarity" to the original touted by the article. But any software using your now 'official' photo will not recognize you.
Of course the solution is simple (and maybe already in place in some countries): don't let your citizens provide their passport photo.
There's no need to be sarcastic, I'm trying to explain the process the best as I can but looks like I'm not being successful.
And I'm trying to describe the obvious flaws in the process you describe (which I don't doubt corresponds to reality). But apparently I'm not successful either.
What I'm saying is that the system is sealed as soon as the signed binary is installed and there's no external access ports.
What I'm saying is that, even sealed, the binary could be changed at any time between when it is installed and election day (all you need is the right type of sticky tape and a bit of alcohol). I'll add that voters cannot keep the voting machines in their sight at all times during that period, thus they have to trust 'officials' so the election lacks transparency.
There's a paper trail
That's not what the fine article or the Wikipedia article say. To quote the Wikipedia article: "they do not produce a printed vote verified by the voter which would permit an audit of the vote-counting". If you have a better source of information, please produce it.
The binary is signed and any party can ask to check any ballot station.
Oh, come on! Don't be so naive!
So you say that on election day they will let me, shut down the voting computer, extract its flash memory card, plug it into my laptop, and check that its content matches the published signature? Of course not! (and with good reason)
I don't care that the voting computer had the right binary the day before the election, or that it has the right one the day after. All that matters is the binary used in the voting computer I use on election day (and even more precisely, during the election).
Signing a binary and installing it in great fanfare on some voting computers days or weeks prior to election day makes for a great show, but does nothing to prove that this binary will still be present on the voting computer on election day.
One VERY simple method used carbon paper so that the vote for each one would be copied and could be delivered to the candidate as "proof of voting" to retrieve some bucks from him.
The way you've described it, this cannot be used as a way to coerce someone into voting the right way:
First write the expected name on a piece of paper, so you have the carbon copy with the 'right name' on it. Then just use another piece of paper to vote.
For one, there's no doubt if a vote is valid or not
We both know that electronic votes can be tampered with. This can happen if someone modifies the software being run by the voting computer. So your above statement can only mean that one can immediately tell if an electronic ballot has been tampered with or not. So please tell me:
What differentiates a rigged electronic ballot from a genuine electronic ballot? What is this ballot property can the voting computer not fake perfectly?
If you find no such property, then we must conclude that it is impossible to bring material proof that an electronic ballot is fraudulent.
Scientia est Potentia
Indeed. Unfortunately you seem to be ignoring all the scientific issues with electronic voting.
As a matter of fact, contrary to what Wikipedia says, the source code *is* available. The Ministério PÃblico (something like the public prosecutor in US), the OAB - Ordem dos Advogados do Brasil, an organ that congregates all lawyers in the country and any of the political parties can have access not only to the source code but to the compilation, digital signing and installation process.
It does not matter that you can audit the published source code. When you get to the polling station you have no way to verify that it is running the code that you audited.
They also can run simulations and test the system for security and fraud
The code running on the machine will only rig the results if more than 700 ballots have been cast, or if the election lasted for more than 10 hours, or if it's election day. Any tests you conduct are very unlikely to catch anything suspicious.
and request any ballot to be audited.
You still seem to be under the illusion that there is any ballot to be audited. The voting computer may well be only keeping a running total for each candidate so that there is no ballot at all. Even if there is one, it will be nothing more than a tiny electric charge in memory, one that was created by the very same software that's rigging the vote in the first place. There is nothing to audit.
The whole software and data is also available for 2 years after the election.
Three words: self erasing code.
Besides, even in the best case, what are you going to do twelve months later when you detect the fraud. Undo every law passed by the government in that interval? Undo any war started by said government? (don't say this cannot happen, look to your 'neighbor way north').
During the election days, representatives of any party can stay at any polling station to be sure that the election is not being rigged in this point.
Are they allowed to hook up a hardware debugger to the voting computer? No? How are they going to verify anything then? You cannot detect a rigged voting computer just by looking at it!
But please, experiment for yourself, go play with this voting machine (yeah, it's in French, sorry): http://fgouget.free.fr/evote/evote.html.
Personally, I think our system is quite secure and would require a major conspiracy involving basically everyone.
Quite the opposite. To rig a paper election you need one or more accomplices in each and every polling station otherwise you won't have any global effect. To rig an electronic election you need exactly one accomplice with access to the binary image being installed on the voting machines.