Ask a "Star" of HBO's Voting Machine Documentary 342
Herbert H. Thompson, PhD ("Hugh" to his friends), is one of the people featured in the HBO documentary, Hacking Democracy, that Diebold tried to keep from airing. Hugh is a long-time Slashdot reader who called me to volunteer for this interview — on his own, not through anyone's PR department. Here's a YouTube excerpt from a CNN Lou Dobbs show with Hugh in it. (Find more articles by and about Hugh here. And perhaps check this brand-new MSNBC story about e-voting, too.) Hugh suggests that you give him "your wildest questions about what went on behind the scenes and how safe the e-voting systems actually are." Let's take him up on that challenge, hopefully while following Slashdot interview rules. Note to Diebold and other voting machine companies: We welcome comments and questions from you, same as we welcome them from everyone else. If you feel you are being vilified unfairly by Slashdot readers, please respond and set the record straight.
Here is my question... (Score:5, Insightful)
How do you prove that foul play (hacking) has been involved?
Do you even have a plan in place to check the results?
Please note that this is a very serious question. There was a saying, a few years back, that said a novice hacker is someone known in a small circle, a confirmed hacker is someone who is known all over the Internet, and a great hacker is someone who is totally invisible.
What if the election was subtly hacked, in a way that left lingering doubts (51%-vs-48% kind of results and all that), but no solid proof?
OT: Republican victory (Score:3, Insightful)
Re :Pen-and-paper voting (Score:5, Insightful)
The "problem" is that it doesn't shuffle enough of your tax money into corporate pockets.
Re:OSS? (Score:4, Insightful)
Before I poo-poo the idea, let me say I like the idea of OSS implementations of anything the government does: they pay for this implementation in my dollars, so I might as well get a chance to see how it works. But this does not make the system more secure.
Even with OSS, you're relying on an assurance by some clerk at the polling station that the code you've audited at home is the code that drives your voting choice from fingertip to election commission. You can't SEE software, and as this crowd knows, rootkits can virtualize the whole machine to appear to run one thing while really doing something else.
The only way for an individual to audit their vote is to see their vote on a tangible artifact, be it marks on paper, holes in paper, colored beads or whatever works in your village. It's already bad enough that you can't follow that vote artifact out of the voting booth into the counting center, and watch it every step of the way, but with many eyes from all vested parties along the path, you can have a small sense of security in this process.
Re:Why is it so hard? (Score:2, Insightful)
As a software engineer I'm constantly amazed that other engineers think this is simple and easy. The first time I heard about "touch-screen voting machines" I thought to myself, "Now, THERE'S a BAD idea". Voting is much harder to program for than financial transactions are. For one thing, the stakes are higher. If someone steals some money, the FBI investigates, the criminal is caught (or not), and the security hole is fixed. A company is out some money they likely accounted for when weighed the cost/benefit of the system. Witness the recent flap over reprogramming ATM machines to spit out $20 but debit $5. While it was embarrassing and cost some ATM owners money, it was not a national crisis. If someone steals votes, investigation is left to partisan poll watchers, if the fraud is detectable at all. The end result is a crooked politician in power for 2-6 years where we can only hope they do nothing worse than steal money.
As we all know well, the more security you add to a system, the less user friendly it tends to be. This is a major problem when the general public is REQUIRED to use the device (unlike ATMs where use is voluntary) and when you face the fact that so many poll workers are part-time or casual volunteers.
In financial transactions, auditing is carried out by credentialed professionals that are experts in the field and in the systems they audit. They can take any resonable period of time required and can demand access to almost any part of the process. They can review detailed logs of transactions, and query database records in various fashions to bring irregularities to light. Elections are "audited" by non-professional observers and poll watchers on election day. Ballot secrecy endlessly complicates the problem. As a very first step, the identity of the voter must be separated from the actual votes themselves. The only data typically available after the election is finished are the tabulated vote totals, and the original ballots (oops, many of the electronic systems don't have those!) As the 2000 and 2004 elections showed us, recounts are nearly impossible to carryout politically anyway, so the count REALLY has to be correct the first time.
Yeah, this is REALLY easy.
Re:Pen-and-paper voting (Score:4, Insightful)
It demeans the real challenges faced by individuals with handicaps to suggest that we need to diminish the reliability of our electoral system in order to encourage their participation.
2. Printing costs.
Costs for paper / pencil only systems are significantly less than for electronic systems, particularly when election administration is centralized (see Canadian electoral system costs). This is even before you consider that electronic voting equipment is being amortized over an absurdly long period of time (far longer than their estimated useful life. I would bet there will be a lot of counties writing off systems after the next cycle that still have significant unamortized book value).
3. Storage costs.
Storage costs are increased with electoral equipment. The equipment itself needs to be stored and takes more room than paper ballots. Further, the equipment typically has more stringent environmental requirements (temperature, humidity, etc. control) for the storage facility than paper ballots. Paper ballots need to be stored for less time than equipment. Paper ballots can be destroyed once disputes relating to them have been settled, and only have a useful life of at most one electoral cycle. Equipment must be stored throughout its useful life.
4. People.
It takes candidates' representatives and two officials from the authority conducting the election to count ballots in precinct. These are individuals who are already involved in the process, observing and administering (respectively) the conduct of the voting process of the election.
5. Quicker results.
We know who our Prime Minister is before bed-time EST on election night. How about you? Vote counting is a highly parallelizable activity.
Regardless, is it appropriate to set cost and speed above accuracy and security in elections administration?
Re:Pen-and-paper voting (Score:3, Insightful)
Re:OT: Republican victory (Score:1, Insightful)
The fact that you think it matters which parties are involved in which roles in the original hypothetical proves you don't understand the problem to begin with! The basic questions is:
How can anyone put faith in a system that isn't transparent in the event the results differ from the expectations. If the Democrats win even more seats than expected, it should trigger the same auditing process as if the Repuplicans lose fewer than expected. If we don't have the original ballots, whats the alternative? Exit polling backed by civil unrest worked well in the Ukraine, but for some reason I don't think this solution would work in the US.
Re:paper trail? (Score:5, Insightful)
But the point of the printed reciept is NOT for the voter to take it home. The point is for him to put it in a ballot box. Then it's no longer in his possession, so the laws to prevent vote-buying don't apply.
The printed "reciept" is actually the official ballot, and subject to recounts and audits. The voting machine becomes simply a ballot marking aid - which can opportunistically take a count as it operates. The machine's count can be used for rapid return reporting, but only becomes the official count if there are no challenges and the precinct doesn't happen to be randomly selected for auditing.
With a spit-out printed ballot added to the voting machines, the rest of the current software can remain in place. With an audit trail any fraud can be detected and corrected. (Further: With random sampling and the inevitable recount requests in close races and those where fraud is suspected, it is LIKELY to be detected.)
In the absense of the ability to untracably corrupt the count, voting macine fraud attempts become much less likely - and a path to prison rather than to political power.
Re:paper trail? (Score:1, Insightful)