OSS Election Systems Desired, but Not Ready

An anonymous reader writes "Even though many American voters are ready for open source systems at the polls, Newsforge (a Slashdot sister site) has an interesting story about why open source may not be ready for the polls. From the article: 'The only open source e-voting effort that Rubin [an e-voting expert] noted was the Open Voting Consortium (OVC). "I don't agree with everything they are doing, but they are all about transparency and open source," Rubin said. OVC President and CEO Alan Dechert says it would take a large investment of time and money to provide an alternative to traditional e-voting systems vendors, but he says an effort known as Open Voting Solutions (OVS) is looking to do just that.'"

Paper Ballots?

[Eightyford]

What's wrong with paper ballots? They work great in Canada. We even have election results within a few hours, at most. As far as I can tell the only "downside" is that paper ballots are hard to rig elections with.

Easy formula

[HairyCanary]

For public safety, I say we require three things from electronic voting systems:

1. Open source. We need to be able to trust these systems and how can we do that without being able to examine the code behind them?
2. Paper records kept for the government. Just in case there is a trust issue, this is a backup method for the recount.
3. Paper records for the voter. Worst case, every voter has a copy of their own vote. Hard to use for a recount, but could help identify irregularities.

So easy. I am all for having the convenience and speed of electronic voting, but I cannot for the life of me understand why we must give up the benefits of paper ballots at the same time, and even improve on them (as in the paper copy for the voter).

Huh?

[femto]

The article itself states (and other comments have pointed out):

"Successful open voting systems that are cheaper, easier to manage, and more transparent than proprietary systems can be found in Australia, Canada, Estonia, and other places."

Perhaps the author meant to say:

"no American vendor offers open source software and systems that are ready for voting."

Why do people belive OSS == trustable?

[jaywee]

Can anyone explain me how can I trust OSS running box more than the one running closed software? How can I verify that the software running in the box is the same I verified? How can I be sure the cpu isn't mangled by some foreign goverment? (Since most hw is now made on taiwan..) What's wrong with paper ballots?

Paper trail

[ArcherB]

I don't care how "open" or secure a system is, I want a paper trail.

We make photo kiosks. Every time someone places an order, we print a receipt. The receipt printer is one of the most reliable pieces of equipment on our systesm. We have about 60 employees. If we can do it, I see no reason why you could not have a voting machine print a paper receipt with your voting selection on it along with a unique, encrypted number. On the way out, the voter places the receipt (or paper ballot, if you will) in the drop box. Once the election is over, if everyone is satisfied with the results, the paper ballots are discarded. If there is a challenge, the paper receipts are counted and compared to the digital count. There should not be much of a difference. If the difference is enough to change the outcome, I'd say go with the paper count. However, if voting fraud is an issue, it will not be a small margin. It is doubtful that someone will try to fraud for only a couple of votes and there should never be more pieces of paper in the box than digital votes cast.

This will allow for a challenge, investigation, and is the only way to provide for a recount.

Privacy??

[Freaky Spook]

I haven't really read how this e-voting works, but if it means you can log on to a website and vote from home, wouldn't that make your vote not anonymus? What would happen with the log of your IP, your vote could be traced back to you.

I like paper ballots because they don't get traced back to you, once you put it in the box you have no identity.

Re:OSS ready for the polls

[Anonymous Coward]

I would have thought that the fundamental problem with closed source, in this particular application (not in general), is the fact that it is closed source. For elections to work it is important that the entire process be open to scrutiny. If something goes wrong, you need to be able to look through and find what/where... even if the only remedy is to say "bug x in function y of the source code makes this result invalid, we need to vote again using a different system (eg. paper)". But if the source is not available for scrutiny, you can't do this... you can look at the results and say "that's a bit odd", but you can't trace back to probable cause. This is precisely what closed source software can never get right, whereas OSS does by definition

Re:Paper Ballots?

[rewinn]

> People want election results fast

I disagree.

We may be told that we want results fast, but really we want them accurate.

Go ahead, ask anyone: "Would you rather have poll results within an hour of the polls closing, with a 50% chance that they would be wrong, or have them within 3 days with a 0.00001% chance that they might be wrong?"

You can play with the times and percentages a bit, but I would bet cash money that most people want accuracy & precision, not speed.

Re:OSS ready for the polls

[Dachannien]

But if closed source polls can't get it right, what makes us think that OSS polls can?

The difference is that, with an OSS voting system, if there's a problem with the code, the public will (be able to) know about it.

Compare that to Diebold and ask yourself how likely it is that they'd be forthcoming with crucial details if and when something goes haywire with their electronic voting machines.

Re:Easy formula

[???]

1. Open source. We need to be able to trust these systems and how can we do that without being able to examine the code behind them?

Indeed, I concur

2. Paper records kept for the government. Just in case there is a trust issue, this is a backup method for the recount.

So long as these records contain a human readable indication of an individual voter's intent, and were verified by the voter at vote-time.

3. Paper records for the voter. Worst case, every voter has a copy of their own vote. Hard to use for a recount, but could help identify irregularities.

Absolutely, uncategorically, under no circumstances. Proof of vote makes wholesale coercion, vote-buying and vote-selling methods practical.

Re:Oh right.

[Anonymous Coward]

Oh, right. Hackers putting together beige-box PC's running Linux and this simple software are going to get to install voting machines. Riiiight. And monkeys might fly out of my butt. Nice idea, but pretty damn silly, nonetheless.

Oh, right, troll. Proprietary vendors putting together shiny snake-oil security with closed source software and security by obscurity? Riiight? We already tried that one. You're also repeating very old "hackers/hobbyists" FUD and should try something new and intuitive.

Voting Machines are a Waste of Money

[Soong]

It's cheaper to count them by hand. [bolson.org] A full county wide voting machine system costs a lot of money, a lot of money that could buy a lot of ballot counting labor hours.

I love a technofix as much as the next geek, but computerized voting machines are not the technology for now.

Re:Paper trail

[???]

However, if voting fraud is an issue, it will not be a small margin. It is doubtful that someone will try to fraud for only a couple of votes

Then clearly, you underestimate the skills and resources of your adversary. It is precisely small margins that are concerning. Remember, a small margin of votes can be changed in a close race without producing statistically significant differences from polling (and exit-polling) to raise suspicion. Such small changes, well placed, can have a significant effect on the overall race.

If you think that people do not have the skill to predict where small vote count frauds will make a difference, you need to visit the "gerrymandering" page on wikipedia, particularly the "Gerrymandering computer technology" heading.

Re:Paper Ballots?

[stubear]

We have this thing in the US called States Rights. Voting systems are picked by each district, not on a Federal level and you'd have a very hard time forcing thousand of districts to replce their current systems. Some out of spite and stubborness, others out of financial hardship, and probably a mix of the two with the rest. The US Constitution was written to appease the States and as such the Federal Government could not appear to take too much power over their little feifdoms. Things like this are the result of this decision our forefathers made, for better or worse. Perhaps you should try to understand this concept and why it came about before you bash the US.

Re:Oh right.

[santaliqueur]

so are "hackers" going to be the ones writing the document formats for the commonwealth of massachusetts? troll much?

The worst part about OSS election software...

[EnronHaliburton2004]

The worst part about OSS election software is that someone else runs 'make', you run 'make install', but the install process installs too much crap and trashes some of your local files.

Then, you try to 'make uninstall' but the process fails halfway through and so you're left with a system in an unknown state, with rogue files hanging out everyyear.

But as Thomas Jefferson said, it's doubful that your current system will remain stable forever. Every once in a while you need to Reinstall the Operating System.

This is ridiculous, it really is.

[ScrewMaster]

Look. This is America. The nation that led the world in technological development for two hundred years, put men on the Moon a couple of times and invented the personal computer, and now we're saying that we can't even develop a machine that can count reliably???!!! Please. This is not, repeat not a technological issue. It is a political one, pure and simple.

The only reason that implementing a transparent, auditable electronic voting system is such a problem is because there are certain people that have a vested interest in making it a problem.

Who's ready?

[SEWilco]

"... open source may not be ready for the polls."

Is closed source ready for the polls?

Re:Always vote for the opposition

[Anonymous Coward]

Always voting for the opposition is in effect a vote against the two-party system

No!

Voting for the biggest opposition party is a vote *for* the two-party system. If you dislike that system, you should vote for a third party. It's a snowball effect, because the more people that vote for smaller parties, the more viable they look, and the more people will vote for them.

Re:Should be part of more sweeping election reform

[Jack Schitt]

I wrote this all out in notepad without spell check of any kind. I barely even proofread it.

This is my idea of a reform:
---
electronic balloting system:

user arrives at poll place
receives magnetic card with one-way hash of ssn.
user swipes card in cardreader at ballot box
this initiates the voting. touch screens or pushbuttons, etc
no records are kept at all at the ballot box.
Votes are immediatly printed twice via a standard receipt printer in human readable format.
There is also an XML translation of the vote with a checksum at the bottom.
A barcode uniquly identifies the vote.
Another barcode uniquely identifies the voter. (but not personnally identifiable)
User retains one copy of the vote and submits the other copy.
Both copies are identical and either (but only one) can be submitted.
Submitted papar-vote's barcodes are scanned to make sure that this voter has only voted once.
Voter is capable of making several paper ballots. All ballots would have same voter barcode, but different vote barcodes.
Voter is only allowd to submit one ballot, even if several were made.
At no point, other than receiving the voter mag-card is the voter identified by name or social security number.
At poll close, ballot is optically scanned (the entire ballot, on a flatbed scanner).
The ballot is electronically recognized (OCRed) and the XML section is decoded.
If the checksum matches, the ballot is electronically counted.
If the checksum does not match, the ballot is rejected electronically and must be manually entered by unbiased election officials.

All paper ballots must uniquely identify the voter without revealing who the voter is
All paper ballots must be individually uniquly identified in the event of a manual recount
All ballots also contain a date and time of when the ballot is printed.

Manual recount:
Because one voter can create multiple ballots (in case they change their mind, to prevent voter intimidation, etc). The ballots are uniquely identified. The voters are also uniquely identified. All ballots have two id barcodes on them.

If the results are disputed, the first step is an electronic recount.
The next step is a manual recount.
When fraud is charged such that the ballots in possession of the election officials cannot be trusted, the copies that the voters retains can be photocopied and mailed to the election officials. Only the copy that was submitted at the polling place should be submitted because an electronic record of submitted ballots (identifying the voter id and the ballot id) exists and the ballots will be checked upon receipt. If the paper-vote that is mailed has a different vote id than the record of the vote id, the voter is notified and may (if needed) recast their ballot.

Voter responsibilities:
It is the voter's responsibility to check the printed ballot against the vote they made on the ballot box. If they differ, they should try again, posibly with a different machine.
It is also the voter's responsibility to make sure the ballot's barcodes are scanned when submitted and afterward inserted into the ballot bin that is eventually sent to election officials for certification.

Missing paper ballots:
When ballots are submitted, the barcodes printed on them are scanned. This creates a record on an offsite database that contains ONLY the following information: The voter id, the ballot id (unique to voter, not globally unique), the date/time submitted (set by the offsite database), the polling place, and the station number. Each station is operated only by one worker per shift, the station must be logged into and out of by the worker.

(Based on a particular station)
In the event of a missing ballot, the ballot is ignored.
In the event of several missing ballots, the ballots are ignored and the poll worker responsible is fined.
In the event of a large number of missing ballots, ALL voters at that particular polling place are asked to photocopy and mail in their cop

Re:Paper trail

[killjoe]

In the last two election there was a statistically significant variance between exit polling and actual vote. In any other election, in any other country this would be a sign of voter fraud. In america nobody even cared.

Let's face it you could out and out rig the machines and nobody would care. This is america only 35% of people eligable for voting even care enough to stop by the polling place on the way from work.

Re:Why do people belive OSS == trustable?

[jonaskoelker]

(Mandatory reference) Reflections on trusting trust: http://www.acm.org/classics/sep95/ [acm.org]

Spot on! Another question: How can you trust the net card (there was post not long ago about IPMI, and the potential for hiding complete remote control backdoors in network interfaces).

Then again, how can you trust humans to count perfectly?

What's wrong with paper
Nothing! Absolutely nothing. As much as my mom suggests I should write my masters or Ph.D thesis on "on-line voting", I relly think this is one of the areas where correctness is just too important to ever trust networked computers (which, afaict, is a strict requirement). Also, there's a lot of long-haired issues: how do we make sure each voter can vote at most once? How do we make selling votes difficult (My best guess: through social ways, i.e. education)? How do we make sure each vote is anonymous, yet at the same time make sure each voter can vote at most once? These are just hard problems in my mind.

In effect, since it's the foundation of democracy (for those nations that are still at least somewhat democratic, i.e. excluding the USA), we need to treat this as safety-critical systems. That includes the provability (and proof!) of correctness, one-time pads for encryption and all that rigamarole.

No. Please. That's the one area where a two-mile bike ride plus waiting in line to put a cross on a piece of paper really pays off well. Stick with the primitive technology here, due to the advantages of being primitive.

Something stinks...

[TheLink]

Seems rather strange that the richest and most powerful country in the world can't afford decent voting systems (whether free or not). There are plenty of really smart people in the USA, good in crypto, systems, architecture etc. So the talent is there.

As for the money: this is the same country that has spent BILLIONS in Iraq for dubious reasons (the official reasons kept changing, so they can't have been the real reasons).

I heard one of the US Gov's "reasons" was to have democracy/free elections in Iraq, but that can't be the real reason since the US Gov was very obviously not pleased when there was democracy/free elections in Palestine and Hamas got elected ;).

I don't know what is really going on with the USA, but I doubt that the main issue is whether a voting system is OSS or non-OSS.

With all this "globalisation" being hyped as such a great thing, maybe the US should outsource their elections to India, and have UN observers for free to observe stuff. ;).

After all India is arguably the world's largest democracy (1 billion citizens). I bet if they had results as ridiculous as "more votes than voters", "negative votes" heads would _literally_ roll. They somehow have managed to get a decent chap as Prime Minister ( Dr. Manmohan Singh seems to be well-respected by most).

If I were a US citizen I'd _demand_ that all the people involved in supplying or approving crappy election systems be charged for _TREASON_.

After all, the USA keeps saying democracy is so important etc.

Prove it with actions and not bullshit.

Re:The disabled, the confused, and the stupid

[ObsessiveMathsFreak]

A blind citizen given a paper ballot has to get someone to help, raising problems of confidentiality and trust.

There's such a thing as braille. Blind people can actually read you know. They can even post on Slashdot with the right software.