Forgot your password?
typodupeerror

Hugh Thompson Answers Voting Machine Security Questions 122

Posted by Roblimo
from the paper-ballots-never-have-software-problems dept.
You posted your questions for Herbert H. Thompson, PhD, on November 3rd and 4th. He decided to wait to answer until after the election in case there was a flagrant voting machine problem he could include in his answers -- and there has been at least one, but it is probably not a "security" problem per se, and is a long way from being resolved in any case. So here we go. Good food for thought here.


1) paper trail?
by ummit


This is a really basic question and it seems I should know an answer, but it never seems to be discussed: Why are the electronic voting machine companies generally so dead-set against emitting verifiable and auditable paper records? It can't just be cost, because they could and would just pass that on to their customers.

Hugh: In some states the debate has already been settled in that there is legislation in place requiring a voter-verified paper trail. Verifiedvoting.org has a good tracker of this here.

There are a few points often cited by groups resistant to a voter-verified paper trail. A first argument is that printers can fail. In touch-screen - Direct Record Electronic or DRE machines - printers are often the only components with moving parts (although some systems do have hard drives) which increases the risk of mechanical failure. Printers also bring issues like running out of paper, jams, misprints, etc. Another reason (cited less frequently) is the cost of paper/printing, but as you pointed out, this is a cost that can be passed on to counties.

Some election officials have also made the argument that they've already bought machines that don't have a paper trail and retrofitting existing machines would be costly and painful. I've also heard the argument that having a paper receipt doesn't matter because in most cases they won't be referenced.

I don't think that the sum of these arguments against a paper trail come any where near countering the necessity of having some sort of redundant recording mechanism. A critical system should always failover securely and a voter verified paper trail, if implemented properly, can meet that need for DRE machines.

2) Re:paper trail?
by Thansal


Sort of a follow up, how do the states/districts decide what machine to go with? Is it a standard "go with the lowest bidder", is this why we see such shoddy machines going into action? Do the decision making organizations tend to have specific features they look for? Anything else you would like to share about the decision making processes that you have seen?

Hugh: There are a couple of key things to keep in mind. First, there are only a few main machine suppliers. Second, the Help America Vote act (see http://www.fec.gov/hava/law_ext.txt) provided a ton of money to invest in electronic voting machines within a short (debatably unrealistic) timeframe. Given these two factors, the sales that I've seen have boiled down to readily visible machine elements like purchase price, how many other places have used the machines successfully, deployment cost, maintainability, ongoing service/maintenance cost, personal relationships, etc.

Generally, buyers of this technology aren't factoring in security: the machines pass certification lab tests but the testing doesn't cover security well (or at all). The National Institute of Standards (NIST) is working on certification procedures to address this very problem and the hope is that security will factor prominently into buying decisions made in the future. Hopefully existing machines will be retrofitted to meet those new standards too.

3) Largest Inherent Flaw?
by eldavojohn


In your opinion, what is the largest inherent flaw within electronic voting systems today? Diebold's been in the news for having many potential problems ranging from securing the physical hardware to the ability to hack the software or firmware. I'm sure you're quite prepared to pose a case against implementations but can you think of a more intuitive scheme (encryption, network layout, verification scheme) to protect against "hacking our democracy?"

Hugh: The biggest problem with e-voting isn't technical; it's procedural. Ignoring the perennial social voting issues (voter suppression, dead people voting, etc.) there's no real guidance given to elections administrators on how to safely and effectively use electronic voting equipment. If one has no idea what a memory card is, why would you bother trying to secure it?

One glaring example of bad procedure is 'sleepovers', a practice where voting machines are sent home with poll workers before an election to make the process of transporting them to polling places on election day easier (see http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002204 for some info on this). If one were dealing with a box to hold ballots, 'sleepovers' wouldn't be a problem because the morning of the election a group of poll workers could inspect the box and verify that it was empty (including the old false bottom trick; see 'Stuffer's ballot box' at http://americanhistory.si.edu/vote/paperballots.html). If election officials knew the risks of tampering with some of these electronic voting machines (just search Slashdot for 'e-voting' for examples) then a voting machine sleepover suddenly seems like a pretty bad idea.

Right now we're at a point where election supervisors and poll workers are given a technology that they don't understand with little or no guidance on how to use that technology safely and securely. That's a recipe for serious risk, for voting or anything else.

4) Here is my question...
by Noryungi


Let's assume for a moment the 2006 US House/Senate election goes this way: Republicans keep control of both through a series of smallish victories, Democrats gain a few seats, and the results are explained away in the mainstream media as "fluke results", "margin of error", etc...

How do you prove that foul play (hacking) has been involved?

Do you even have a plan in place to check the results?

Please note that this is a very serious question. There was a saying, a few years back, that said a novice hacker is someone known in a small circle, a confirmed hacker is someone who is known all over the Internet, and a great hacker is someone who is totally invisible.

What if the election was subtly hacked, in a way that left lingering doubts (51%-vs-48% kind of results and all that), but no solid proof?

Hugh: First it's important to define e-voting security as a technology issue and not a partisan politics issue; what we've seen so far has been bad software and bad procedures to administer that software. Given the types of vulnerabilities that have been found, proving (and sometimes even detecting) foul play can be very difficult if the malicious person is skilled and the effect is minor (meaning a small percentage of the actual votes cast). For the types of vulnerabilities uncovered in some of the touch screens, optical scan readers, and backend tabulation systems, exploits can be written for some of them that are 'self erasing.' This means that the last executed bits of code can change things so that it looks like the original which could make slight tampering difficult to detect or prove in purely electronic systems. I think this argument speaks to the need for a voter-verified paper receipt so that there will be at least a good answer to the recount question.

5) OSS?
by Xzzy


Does the HBO show spend any time discussing the three "sides" to the debate? E-Voting, open sourced e-voting software, and paper voting? The last Slashdot article on this topic, when Diebold's complaint was announced, spent some time on this. The worry being, the debate is nothing more than "e-voting good" or "e-voting bad", ignoring the possibility that "open source e-voting" might be a viable middle ground.

How do you think open source could fit into this issue? Or should it?

Hugh: When it comes to voting, I'm not sure if it's a matter of open vs. closed source but instead a matter of standards and inspection by people who understand security. I'd be a fan of any solution, open or closed source, that allows trusted, knowledgeable, and independent software and hardware security practitioners the ability to inspect the systems and the code that runs them.

For example, I believe that there should be some sort of standards organization that is chartered with inspecting the system AND has proven security expertise to act as a representative of the people. For airplanes we put faith in FAA and airline carrier safety and security inspections. This kind of process has worked pretty well for a long time for machines that we place our trust in like airplanes, elevators, etc. but we're still a long way away from it in voting unfortunately. If the voting systems were open source, this may come automatically as a function of the 'citizen inspector' and might get us to where things should be faster but I think its still possible in a closed-source environment.

6) Pen-and-paper voting
by NetDanzr


What, exactly, is the argument against pen-and-paper voting? It seems to me that everybody wants to migrate to voting machines - electronic or mechanical - but so far nobody has explained to me what's wrong with good old-fashioned "put an X next to your candidate's name" voting.

Hugh: There are some pretty interesting (and legitimate) drivers behind e-voting and I'll go through the biggest.

The first is a push for disabled voters to be able cast their ballot using the same mechanism as able-bodied voters in a non-assisted way. Many states have mandated that machines must be able to service blind and illiterate voters and section 301 of the Help America Vote Act (HAVA)requires that such facilities at least be available (see HAVA section 301 from http://www.fec.gov/hava/law_ext.txt). Most touch screen machines do this through audio output to a headphone jack.

Another driver is the desire to capture voter intent unambiguously. Every year thousands of votes aren't counted because there's some ambiguity in how the voter intended to vote. In pen and paper voting, someone can put Xs (or shaded-in ovals) next to two candidate names instead of one or make a stray mark on a paper ballot which may lead to some late night debates involving lawyers and magnifying glasses. One of the hopes for e-voting was to drastically reduce voter intent ambiguity by guaranteeing that someone couldn't vote for multiple candidates in the same race simultaneously.

Efficiency (theoretically) has been another driver, more so in counting than in the actual voting process itself.

The sum of these present a good case to at least rethink pen-and-paper as the answer but, as with any new system, care has to be taken that the solution fixes more problems than it creates.

7) Why is it so hard?
by gorbachev


As a software engineer I'm constantly amazed at how incompetent Diebold and other companies making e-voting applications appear to be. This stuff is not rocket science at all, but fairly uncomplicated, basic software engineering.

Why do you think it's so hard for Diebold and other companies to come up with solutions that work well? Is it a stubborn unwillingness to listen and learn from critics, sheer incompetence, or something else?

Hugh: We've certainly seen some pretty glaring security problems in voting machines that span touch screens, tabulators, and optical scan devices. We've really seen problems across vendors too. The biggest problem I think is that there's no real economic driver to make the systems more secure. The people that buy voting machines typically haven't discriminated based on the security quality of the machines because they have no visibility into it. It's like buying a car without something like consumer reports crash test ratings. Unless someone actually starts looking at machine security and comparing it then we're left to making buying decisions based on qualities we can see like purchase price, market share, and whatever unsubstantiated thing the vendor wants to tell us about features and quality. Even given some of the vulnerabilities that have been found, and supposedly fixed, we're still no better off. If you determine that company X has vulnerability Y in one of their voting systems who's to say if the competition's voting system is any better or worse? We are at the point now where we know the systems that have been looked at are sub-par with respect to security and hopefully that's enough to spur consumers (counties that buy the machines) to start asking some tough questions to vendors about security and get us to a place where they can factor security quality into their buying decisions.

8) On Open vs. Closed Networks
by the-banker


It has always seemed to me that the real Achilles heel of e-voting is the networked approach that most vendors have taken. With a networked approach, fraud can be perpetrated on a mass scale if entry is gained at one weakness.

As a former election judge, I have enough experience to know that rigging a paper election is a daunting, nearly impossible task, as there are literally thousands of ballot boxes that would have to be compromised for any sort of advantage (on a state or national scale).

Are these concerns balanced (or even discussed) when officials are purchasing equipment? Do local Board of Elections have not only the expertise, but the concern to ask the right questions? And how do BoE directors react when they hear about your concerns and research?

Hugh: I agree that networking machines together is a serious risk certainly from a scale-of-attack perspective and unfortunately some counties continue to modem in results from polling places using procedures that are insecure.

I think the bigger issue is visibility and awareness; election officials just aren't given procedural guidance on how to administer the systems securely. The result is risk and I think many of these risks aren't weighed with the proper magnitude by election officials because it's unfamiliar territory. I think that most Board of Elections officials are good people who want to do the right thing but just don't know what questions to ask vendors about security and don't know how to interpret their answers. This isn't just a problem in voting, it's a problem with software security in general and I think it's important that if you're investing heavily in a software-based solution that you ask hard questions about security. I think a good starter set of questions to throw at software vendors (voting or otherwise) is:
  • What process improvements have you made as a result of vulnerabilities reported in your software?
  • What is your patch release (or update) strategy?
  • Have you had an external (and reputable) security auditing or penetration testing firm evaluate your system? Can we see a summary of their report?
  • Can we have our own security auditing firm evaluate your system?
  • Do you have a dedicated team to assess and respond to security vulnerability reports in your products?
  • What is your vulnerability response process?
  • What training do your development and testing groups receive on security?
  • What percentage of your test team is focused on security?
  • What are the terms and period of your security support agreement?
  • Do you offer security training, documentation or guidance to people that will be operating your system?
This list is by no means comprehensive but the answers will likely be illuminating. Some of the questions rely on vendor forthrightness while others use external validation. With someone technical and software security savvy on the team that's evaluating vendors though, you can get a good feel for how vendor answers compare with each other. The long term hope is that we'll have decent security standards for voting systems that are enforced. The National Institute of Standards (NIST) is making progress here and I look forward to the results.

9) The greatest threat to e-voting?
by sharkb8


Do you think the greatest threat of an e-voting system being hijacked is during the voting itself, with one or more people influencing things at the polling place, during the processing, with untrained, nonaccountable poll workers and supervisors, or do you think a greater threat would be someone maliciously attacking an electronic vote counting repository/database?

Hugh: In terms of attack, the greatest risk is still probably a people risk; and that has existed for a long time. The concern with e-voting is that some of the vulnerabilities found make it so that the number of folks that would have to be involved to tamper with results is fewer than before and that their efforts may scale. From that perspective I think there's risk at each stage of the process from how voter registration databases are stored and secured, to how they are cast on election day, to when they get aggregated at the central tabulator. The 'riskiest' piece of the process actually varies from state to state and county to county based on the procedures they have around security. In some places the biggest threat may exist in registration databases that are stored on unprotected servers. In other counties risk may come from poll workers that election officials know very little about who are allowed to take voting machines home the night before elections to make the setup process easier the next day. In others, the biggest risk might lay in the central tabulator which is housed in an unlocked room, where many people enter and exit throughout the day.

Many of these risks could be reduced by poll worker training and procedural change on how machines are operated and secured.

10) Is the Harm Really that Great?
by logicnazi


I am saddened and dismayed by the poor engineering and ignorance of basic security practices that our electronic voting machines show. However, is this really something we should panic about or even the biggest problem in our election system?

All voting systems are vulnerable to fraud. What makes these electronic systems different is that one or a very small number of individuals can engineer a fraud. However, their ability to execute a fraud is limited by the media polls (we will suspect something if the results are inexplicably different than polled) and knowledge of precinct history. Thus the danger from individuals changing the vote seems to really be that they will shift a close race (say 10% apart) one way or another.

However, this sort of shifting close races doesn't greatly degrade the structural force of voting. All candidates will still try to enact policies to garner support whether they need 50% of the votes or only 45%. Much of voting is random, affected by things like personal charisma rather than policy questions so clearly the system doesn't work because we always have the person who 50% want but rather it works because of the structural pressure not to stray too far from what the people want. Or to put it in political science terms, what does all the work is the tendency of all candidates to shift to the middle so in the long run who actually wins each race isn't so important.

But now comparing the potential for electronic vote fraud to things like machine politics (with conventional ballot stuffing), safe districts, voter disenfranchisement efforts, felon lists etc.. etc.. it doesn't seem like it is such a big deal. Making sure the polling places in the inner city don't have enough machines has a much bigger structural effect, by making sure one group's votes don't count at all, than just giving one candidate a random 10% of the vote. Creating a safe district removes virtually all of the structural pressure of voters on government and it seems far more effective and less dangerous to accidentally strike the wrong people from the rolls or put too few voting machines in some precincts.

In short are we letting our concern over the technology of voting blind us to the bigger issues? Shouldn't we be paying more attention to who gets to vote, how districts are drawn and other conventional aspects of voting than to the potential for individuals to electronically cheat?

Hugh: I think that the flaws we've seen with electronic voting are only a piece of the problem and that the largest issues we have in voting are people ones. The technical flaws, though, may amplify some of the classic people threats. As you pointed out, some of the vulnerabilities may allow a malicious person's actions to scale or may mean that a smaller number of people to have a bigger influence. Even just within the space of e-voting security I'd argue that many of the risks that come from machine vulnerabilities can be greatly reduced if we had some sound broad procedures/education around using and administering the machines securely.

The voting process has always posed some significant challenges. E-voting security is a small piece of the larger problem. It is a piece that we know we can do something about, though, by establishing some basic security assessment standards for the machines themselves and some procedural and education standards for those that administer elections. The biggest sin would be that e-voting vulnerabilities merit a prominent place on the laundry list of voting problems in years to come. I think we're at a point where some simple things can be done to move it off that list and I hope that some of the standards efforts that have begun now in earnest get rolled out so attention can be focused on other ongoing voting challenges.

This discussion has been archived. No new comments can be posted.

Hugh Thompson Answers Voting Machine Security Questions

Comments Filter:
  • The Democrats Won (Score:1, Insightful)

    by Anonymous Coward
    ....hence, there's no electronic voting fraud. None whatsoever.

    When the Republicans win again, it'll be a story again.
    • Re: (Score:1, Informative)

      by ebers (816511)
      The democrats aren't the ones receiving public endorsements (and major contributions) from the voting machine manufacturers. http://www.commondreams.org/headlines03/0828-08.ht m [commondreams.org]
    • Re: (Score:3, Interesting)

      by Peter Simpson (112887)
      I'm glad they won, but I still have a *huge* problem with the fact that touch-screen voting machines are the wrong solution to a problem that may not exist.

      I have heard "they're better for blind/disabled"...and I don't believe it for a second. How do you measure this? Do blind and disabled voters agree?

      I have heard "faster totals"...yeah, but - is fast better than accurate?

      I have heard "saves printing costs" - at the expense of having to hire more tech-savvy voting machine attendants?

      I'm not convinced at
      • Re: (Score:3, Interesting)

        by compro01 (777531)
        i personally call BS on the inability of blind voters to vote using paper ballots. my grandma (who is 94 and has 20/400 vision, legally blind is 20/200) is able to vote just fine with our paper ballots here in Canada.

        and if a person is completely blind, how in the name of whatever Deity you believe in is a touch screen that they can't see going to help?

        and just how disabled are you if you can't put an X in a 1.25" circle? even if you have tourette's or something and you screw up your ballot, you can get a
        • The Diebold in the back of the polling place last time I voted had a headset, presumably for giving voice prompts to walk a completely blind person through the process.
        • The following applies to my personal experience in California's most recent election using electonic Diebold machines with register-roll paper trail.

          and if a person is completely blind, how in the name of whatever Deity you believe in is a touch screen that they can't see going to help?

          A Diebold HAVA-capable machine audibly reads the whole ballot and choices to the blind voter using a headset. The voter presses their choices into a keypad with a dimple on the #5 key. While the process takes much much long
        • by carpeweb (949895)
          a solution in search of a problem

          Megamods; and even if blind voters can't use the same paper ballots as sight-advantaged (is that PC enough?) voters, wtf cares? Braille isn't the same "mechanism" as print, so why don't we re-invent the book in order to enable blind readers to read using the same "mechanism" as sight-advantaged readers? OK, I guess I just opened a can of worms.
      • by Anonymous Coward on Monday November 20, 2006 @02:43PM (#16918304)
        "it's about making sure every vote counts"

        This is a very widely accepted fallacy. As the size of the voting body rises, the chance of a perfect tally falls very quickly towards zero. Voting with any large group is a statistical process, not an exact one. Like any statistical measurement, there is a margin of error. The quality of the voting apparatus and process is only important in that it dictates the margin of error. Anytime the margin of error is greater than the margin of victory, the only sensible action is a runoff election, NOT a recount. If the margin of victory is consistently smaller than the margin of error, then perhaps we need to consider a compromise solution (e.g., scrap both candidates and start over) instead of sticking with the current "winner takes all" scenario, which pretty much guarantees that 49% of the population will be unhappy.

        I'm in favor of new technologies if they can provably reduce the margin of error by a significant amount. But really we should just acknowledge that all voting systems are imperfect, and redesign our election system around the inherent uncertainty.
        • by dircha (893383)
          You dispute that the goal is making sure every vote counts.

          "This is a very widely accepted fallacy. As the size of the voting body rises, the chance of a perfect tally falls very quickly towards zero. Voting with any large group is a statistical process, not an exact one."

          On the contrary, the probability that we can correctly tally all tallyable votes - "a perfect tally" - is very close to 1.

          You seem to misunderstand the function of elections. An election is not simply a poll to determine the preference of
        • by Clod9 (665325)
          "Voting with any large group is a statistical process, not an exact one."
          That's how things are now, but I still believe we should strive for perfection and can approach it.
          Sure there will always be opportunity for error, but in a properly designed E-voting system,
          if there is error, the system should provide an accurate measure of how big the error was and whether it affected the outcome.
          The errors that will always remain are those related to who was eligible to vote, etc. -- but once a vote is cast, it shou
      • by stevewa (930967)
        Indeed the Canadians have been lovingly hand-counting paper ballots for years.

        If a touch-screen experience is really that desirable, let's have a touch screen machine that spits out a human-verifiable paper ballot (and no thermal paper that fades after 30 days either!). The fact is a properly filled-out paper ballot is still the gold standard for verifiability.
      • I have heard "faster totals"...yeah, but - is fast better than accurate?

        Theoretically, an e-voting system should be faster and more accurate than punch-card or optical scan systems. For example, the contested votes in Florida in 2000 were counted a zillion times with a different answer each time. Some of this was due to vote ambiguity, and some was due to error on the part of recount officials - both of which can be alleviated by a properly designed e-voting system.

        The problem is that the e-voting compani
    • by darkonc (47285)
      Not necessarily. The voter attitude this election was just way too anti-republican. It's quite possible that the people who control the crooked process decided that -- especially with things like the HBO documentary -- this vote would be too 'hot' to crib to the point where the Republicans would win a commanding majority. Far better to just limit the damage, and save the big guns for the next (full-term) election.

      Besides, what better way to silence the forces of democracy than to allow the other side to

  • Secure tallying (Score:5, Interesting)

    by lawpoop (604919) on Monday November 20, 2006 @01:20PM (#16916900) Homepage Journal
    Problems with paper and electronic voting aside, I think what we really need is secure tallying.

    What I'm envisioning is some kind of method where votes can be tallied, and the running tally can be periodically published during the count. I imagine it would have some kind of hashing technology, like PGP, where tallies are perhaps encoded in a string, and the string is published. The hashing token, or whatever mechanism allowed a vote to be legitimately added to the tally, would be passed from one voter to another, after they voted. This puts the power to count votes into the hand of the voters, rather than a poorly-trained election volunteer, a partisan, or a hackable machine. Because of the constraints of the token and hashing, a voter can only vote as they are allowed, without destroying the tally hash string.

    Unfortunately, this is [X] a highly technamalogical solution, and while it might be possible, it would be difficult to get people to understand, and thus endorse it.
    • Re:Secure tallying (Score:5, Interesting)

      by mutterc (828335) on Monday November 20, 2006 @01:44PM (#16917292)

      Some places already have partial solutions to this problem. What follows is specific to Wake County, NC; your laws may vary:

      At poll closing time, the optical-scan machine prints multiple copies of a totals tape, showing total ballots cast (which bloody well needs to match the number of authorization forms issued), and totals for each race.

      Two of these results tapes go back to the BoE by different means (in addition to the scanner sending in its results electronically). A third is posted at the polling place.

      Therefore, you can check up on the official, precinct-by-precinct, certified results by going around to the precincts and copying down these numbers. If the official tallies differ by more than the number of absentee and provisional voters in the precinct, there's a problem.

      This will catch central-tallying anomalies (like someone hacking the central database). It doesn't catch problems with the individual precincts' scanners, but some random percentage of those are hand-count audited after each election to check up there.

      • by darkonc (47285)
        That works because the OCR forms function as the voter-verified paper trail that many e-vote groups are asking for. When you have a pure electronic system with no voter verified tickets, there's no way to figure out that the computer has messed up the vote other than the total vote count being different than the number of people who voted -- and if you can't keep a simple sum balanced on a computer system, then you're too stupid to get paid for your vote-rigging.

        It doesn't catch problems with the individ

    • Re: (Score:2, Insightful)

      by corbettw (214229)
      That would be a hugely bad idea. Just look at the 2000 election: the networks call the state of Florida (prematurely and incorrectly) for Gore, then when the ballots are counted it ends up going to Bush. But the turnout in Western parts of the state dropped off dramatically, since people thought "my vote doesn't count, it's already been decided". In my mind, it's better to hold off on making any pronouncements, one way or the other, until everyone has voted.
      • by skarphace (812333)

        Just look at the 2000 election: the networks call the state of Florida (prematurely and incorrectly) for Gore, then when the ballots are counted it ends up going to Bush.

        And this is one of the biggest reasons why people think that the election in Florida in 2006 was fixed.

        For 50 years(or however long they've been doing it), exit polling has been an excellent indicator of how people actually vote. Now why, after 50 years(?) would the system all of a sudden fail? And we're talking multiple pollsters,

    • by LPrecure (835868)
      I see a problem with publishing the vote totals DURING the election. Makes it too easy for the participants to tell where their efforts are working and where they need to rush the reinforcements.

      But I've had an idea for some time for "open vote counting":

      My e-voting system would be:

      At the time of voting, the voter gets a receipt that shows who he voted for. The printer is an impact printer, loaded with 2-part paper. The carbon is retained by the printer.

      The night of the election, the county publishes, on
      • by lawpoop (604919)
        "I see a problem with publishing the vote totals DURING the election. Makes it too easy for the participants to tell where their efforts are working and where they need to rush the reinforcements."

        That's called getting out the vote. I see no problem, legally or ethically, with encouraging people to go out and vote. These 'reinforcements' have to be registered to vote ahead of time, in a specific precinct. You can't just shuttle in voters from anywhere. One person, one vote. As long as it's not voter intim
  • Very good discussion. This has answered questions that have been itching at the back of my mind for a while.
  • by Absolut187 (816431) on Monday November 20, 2006 @01:33PM (#16917120) Homepage
    Why do we all need to vote on the same day?
    Why do we need to congregate at designated areas?
    I can do my banking securely online, why not vote?
    Why not have online voting?

    The voting period could span several days or weeks, instead of hours.

    The federal government could fairly easily create a webserver with logins for 300 million people. Each person would be given a userid and password. This could be sent in the mail or given online after supplying social security number and birthday, etc.

    People who don't own computers can be given access to one.
    The number of internet-capable personal computers owned by counties must be far in excess of the number of expensive Diebold machines. (Anybody know the cost of a Diebold vs. the cost of a basic Dell?). Someone at the federal government could easily create an image of a simple secure OS and browser that could be put on any x86 PC owned by a local library or school.

    I just don't see security being a huge problem. Every single voter could self-monitor that their vote counted by logging back in to make sure that no hacker had changed their vote.

    If hundreds of banks can make online banking work, why can't the goverment make online voting work?
    • Anonymity (Score:4, Insightful)

      by everphilski (877346) on Monday November 20, 2006 @01:45PM (#16917328) Journal
      Why not have online voting?
      The federal government could fairly easily create a webserver with logins for 300 million people. Each person would be given a userid and password. This could be sent in the mail or given online after supplying social security number and birthday, etc.
      Congratulations. Now your vote is tied to your social security number. The whole point of a ballot box is that the votes are uncorrelated with the voters. The total number of votes == the total number of voters, but we don't know who voted for whom.

      As to your other questions? Do you really think stretching out the vote for a week or month will increase accuracy? I have my doubts.
      • Anonymity from whom? Certainly my plan does not preclude secrecy of my vote from other voters. Secrecy of votes even from the G-men techies running the show would be possible, using the same techniques used for anonymizing generally.

        Plus, even if anonymity from the government were impossible, do you really suspect government reprisals? Implausible.
        At this point in our history, government reprisal against individual citizens for their voting records is not only unlikely to be attempted, it is certain to b

      • Do you really think stretching out the vote for a week or month will increase accuracy? I have my doubts.

        Yes, but actually I was mainly thinking that it would improve convenience and VASTLY improve voter turn-out.

        What were we at for this election?
        Im sure it was pathetic. Face it, 70% Americans are too lazy to leave their houses for anything but food.
        • I agree, it is pathetic, but voting is a right and a privelege, not a forced requirement. Maybe we are better off that people who don't care aren't throwing ill-advised votes in no particular direction (IE: just adding noise to the system).
      • Re: (Score:3, Interesting)

        by Odiumjunkie (926074)
        > Congratulations. Now your vote is tied to your social security number. The whole point of a ballot box is that the votes
        > are uncorrelated with the voters. The total number of votes == the total number of voters, but we don't know who voted for whom.

        The votes wouldn't need to be tied to the social security number, only the account would need to be. Have the server randomly generate voting pages where the options (A,B,C) each represent a candidate or party on a random basis (on my ballot A is democra
        • Re: (Score:3, Insightful)

          by Procyon101 (61366)
          It still needs to be publicly accessible source code. One of the issues is that no one trusts the machines because no one is allowed to open the little black boxes to see what they are actually doing. In your scenario, if the implementor is still able to hide the code executing the process, then the fact that he says you are anonymous holds very little clout.

          It doesn't neccissarily need to be open source (as in, the source is legally available for reuse) but it most certainly needs to be revealed source.
          • Frankly, screw the trust of Open Source geeks. You have ideals that do not match the mainstream. Why cater especially to you?

            This is a serious question.
            • Re:Anonymity (Score:4, Insightful)

              by Procyon101 (61366) on Monday November 20, 2006 @03:26PM (#16919082) Journal
              It's not about open source. It's about a visible process.

              The paper ballot/hand counting system is trusted by voters because they can see the process that is going on with their votes, and for all it's flaws, at least it's not a black box where some magical incarnation happens and the winner is announced with no assurance that anything was legitimate except the politician's word.

              By exposing the whole process, end to end, you have the equivelant openness of the paper ballot system. This has nothing to do with open source, which is about the free use of code... it's a stupid vote tally system and open sourcing it almost as silly as open sourcing "hello world" as any first year CS student could write one. This has everything to do with visibility and accountability for the process.

              And I reject that my ideals do not match the mainstream. The mainstream doesn't have this issue with things like ATM machines, for they can directly audit every aspect of the process of counting their money without needing to see the source code of the ATM machine. They cannot directly audit the voting process and verify accuracy, hence the need for more open procedures. The fact that the issue is popular enough that HBO runs specials on the untrustability of the process leads me to believe that making the process visible is not "catering especially to me."
              • I agree that open source is only part of the process. But certainly open source is visible to anyone that cares to view the code. So if we assume that a visible process is required, doesn't it follow that the source code needs to be visible to an auditor? What is open source if not visible? It seems to me that open source is a consequence of having a visible process, so a claim that open source has nothing to do with the openness of a ballot process is contradictory.
                • by Procyon101 (61366)
                  I disagree.

                  Open source is the concept that source code can be *reused* by the recipient under the conditions of the particular licence. I don't think that companies contracted to provide machines should neccissarily be forced to open their code to reuse by 3rd parties and thereby creating new competion for themselves. That said, I also don't think open source code for elections is a bad idea either. The concept of open source is different from the concept of visibility of the source code and the 2 concep
        • Re:Anonymity (Score:5, Informative)

          by corbettw (214229) <corbettw.yahoo@com> on Monday November 20, 2006 @02:39PM (#16918246) Journal
          How do you ensure that someone is a citizen and is allowed to vote? By having them log in, of course. Once they're logged in, what's to prevent their vote from being associated with their identity? Nothing, of course.

          That's why this will never happen. Nor should it, voting should be completely private, there should not even be the slimmest chance that your vote will be recorded as belonging to you.
          • That's why this will never happen. Nor should it, voting should be completely private, there should not even be the slimmest chance that your vote will be recorded as belonging to you.

            Here in the UK the voting slips are in numbered books and are ripped out and given to you. The Poll clerk then writes your voter number on the stub. Many tales of Special Branch (the more politicized police) turning up at town halls after the election and picking up the piles of communist/facist/socialist voters to be check

        • by monkeydo (173558)
          How do you know that the computer didn't record your token correctly, but your actual vote incorrectly?
        • by pacalis (970205)
          And again, congratulations, now you overlord employer can ensure that you voted for the right candidate in the privacy of your office.
      • Re: (Score:2, Insightful)

        by Pinkybum (960069)
        So why not make it an opt in system? This is similar to absentee ballots now - so there is no difference. When I mail in my absentee ballot they definitely know who it belongs to. The parent posters online scheme is exactly the same. There is nothing stopping anybody coercing people to become an absentee balloter - why would the coercing of your actual vote be any different?
      • Interestingly, anonymity is the #1 reason I've heard as an objection to a paper trail. How do you verify that somebody's paper matches what the machine says unless you give the machine the ability tell who voted which way? As soon as you've done that, you do not have a private ballot any longer, technically. You could make it illegal to check, etc., but the ability would have to be there, or the paper trail is not very useful. I don't know a way around this. BTW, the current system is not verifiable ei
      • by rbochan (827946)

        The whole point of a ballot box is that the votes are uncorrelated with the voters.

        Sadly, that's not the case. The district in which I live still uses the 30+ year old lever-based voting machines. ID is not required, but verifying your signature in comparison to that on the voter registration form is. The pollster then writes a number next to your name. That number is how far in line you were. I know what my number was, so do the pollsters, and it's written right next to my name on the register, and that c

    • Re: (Score:3, Insightful)

      by CastrTroy (595695)
      The simple reason they don't want you voting at home, is because it's supposed to be a secret ballot. There's no way of knowing that the vote is secret if you are at home.
      • Re: (Score:2, Informative)

        by thinbits (904652)
        Not true. Here in Oregon many (most?) people vote by mail. You fill in the ballot, but the ballot in the secrecy envelope, and then put the secrecy envelope in the mailing envelope and mail it.
      • by lawpoop (604919)
        So you are against the mail-in ballots that most states have at this point?
    • by Beryllium Sphere(tm) (193358) on Monday November 20, 2006 @01:57PM (#16917516) Homepage Journal
      >Why do we all need to vote on the same day?

      I believe the theory behind the law is to avoid gamesmanship and discouraged voters if the results are announced before voting finishes.

      >Why do we need to congregate at designated areas?

      Because coercion and vote buying is part of the threat model. Go into a booth where nobody can see you vote and both threats are mitigated.

      >I can do my banking securely online, why not vote?

      You can't, not in the age of phishing. Further answer from Bruce Schneier's blog: One of the dumber comments I hear about electronic voting goes something like this: "If we can secure multi-million-dollar financial transactions, we should be able to secure voting." Most financial security comes through audit: names are attached to every transaction, and transactions can be unwound if there are problems. Voting requires an anonymous ballot, which means that most of our anti-fraud systems from the financial world don't apply to voting. (I first explained this back in 2001.) [schneier.com]

      >I just don't see security being a huge problem.

      Stolen passwords, shared passwords, forgotten passwords, keyloggers, mysterious 500 errors, undue influence applied to vulnerable voters, difficulty in reaching poor or highly mobile voters. I'd go on but I have to run an errand.

      • by Dare nMc (468959)
        >I can do my banking securely online, why not vote?
        thats been the argument about diebold, and your response is correct: even the ATM isn't all that immune from simple attacks.
        http://www.theregister.co.uk/2006/11/18/mp3_player _atm_hack/ [theregister.co.uk]

        but, casting your ballot by US mail has to be a greater concern than casting your ballot by internet. Despite all the 3 envelops, signed sealed... that introduces 10 ways to disqualify/discard/... a ballot, with no notice if/why feedback to the voter.

        it does seam obvious
      • by inKubus (199753)
        The bottom line is that democracy is a farce. It's not the machines, or the voters. It's just like any other system, arranged from the top down. The person at the top has the real power. The people at them bottom entrust him with the power. How is this different than a king and serfs? It's not.

        The only real difference is in our minds. We think that voting serves the same purpose that armed rebellion used to serve back in the day. We think that we can replace our leaders by voting if we don't like them.
    • by stomv (80392) on Monday November 20, 2006 @01:58PM (#16917538) Homepage
      The voting period could span several days or weeks, instead of hours.

      Oregon uses vote by mail, and other states do have absentee ballots, so this process is (somewhat) available, depending on state law. An interesting side effect is that there is no campaign climax if people are voting over a two week span. Essentially, some people are choosing to vote without all available information, because they're voting before the campaigns are over.

      The federal government could fairly easily create a webserver with logins for 300 million people. Each person would be given a userid and password. This could be sent in the mail or given online after supplying social security number and birthday, etc.

      Secret ballots allow two important things: safety from coercion, and a prevention of the selling of ones vote. You can't be coerced if your vote is a secret vote with no receipt, and you can't sell a vote if you can't prove you actually voted the way you sold. There are some cases where people don't vote in secret -- see the question above, as well as instances where people with a handicap (blindness, for example) are assisted with their vote at the polling place. But, the vast majority of votes are cast in secret. Voting online prevents these guarantees, as well as guaranteeing that the person who cast the vote is the same as the person with the right to vote. Admittedly, this guarantee isn't 100% for meatspace voting, but the threshold is generally pretty high, and the chances of getting caught -- with a police officer right outside the door -- are high enough to keep nearly all people from becoming impostors in meatspace.

      Furthermore, the diffuse system we use to collect and tally votes helps to prevent a single "hack" swinging an entire election. A single person would have a hard time stuffing a ballot box to swing a major election with paper ballots; a networked election, however, doesn't have that safety.

      Finally, voting is a states rights issue -- with the exception of some specific issues like race in Constitutional amendments. Therefore, the US gov't can't make rules or collect votes for the states without each state's consent.

      Your last point, that

      I just don't see security being a huge problem. Every single voter could self-monitor that their vote counted by logging back in to make sure that no hacker had changed their vote.


      has tremendous problems. (1) What if my vote was changed and I claim it was changed? (2) What if my vote wasn't changed but I claim it was changed? (3) How does this guarantee against any other kind of tampering, incorrect addition and subtraction, etc.

      Voting on a network is putting all your eggs in one basket, and so is generally a terrible idea.
      • Secrecy/ Vote Selling:
        Don't we have techniques for storing data without making certain connections?
        I.E. store my vote, but never attach my vote to my name in a way that is visible to anyone, unless it is necessary due to allegation of fraud or mistake?

        Federalism:
        I'm arguing policy, not law. A constitutional amendment can quickly change the law, nevermind voluntary adoption by all 50 states.

        "What if my vote wasn't changed but I claim it was changed?"
        Then you are a liar, and we will look up the records and s
        • by stomv (80392) on Monday November 20, 2006 @02:44PM (#16918316) Homepage
          Don't we have techniques for storing data without making certain connections?
          I.E. store my vote, but never attach my vote to my name in a way that is visible to anyone, unless it is necessary due to allegation of fraud or mistake?


          So is it attached, or isn't it? If it is, then I have to trust my government -- a government I may be trying to vote out of office -- to not look at how I voted and take reprisals. If it isn't attached, then how can it be audited? If it can't be audited, that throws out an advantage of the proposed system.

          Federalism:
          I'm arguing policy, not law. A constitutional amendment can quickly change the law, nevermind voluntary adoption by all 50 states.


          You can't have the policy without the legal framework, and no constitutional amendment can be adopted quickly, by design. Furthermore, I'd argue that the diffuse, states-rights system we have now is superior to a federal voting system, precisely because it does help prevent the federal government from undermining the democratic process itself.

          "What if my vote wasn't changed but I claim it was changed?"
          Then you are a liar, and we will look up the records and see. Fraud = prison.


          So if my vote gets changed, I blow the whistle, and I can't prove it... then *I* go to prison. This seems like a perfect system for a totalitarian government. You vote the way *we* said you did, and if you say otherwise, to the gulag!


          "Voting on a network is putting all your eggs in one basket, and so is generally a terrible idea."
          This is the only argument you make that I am at all persuaded by.
          But I still think we can make it work. The likelihood of an UNDETECTED hack is low if you have webservers run by skilled people, right?


          Low isn't good enough, if one hack can wreck massive havoc on an election. The distributed, non-networked system we have now would require a massive conspiracy to have significant odds of changing the outcome of a presidential election. State elections have similar protections because each town has a different counting system, unlinked. A networked system requires you to trust that the sysadmins are always superior to all outsiders, and are above being influenced. I'm not so sure I'm happy about that system, especially given that most people simply don't know enough about systems administration to have faith in the entire framework. Most people do know how to count, which means that they can audit a paper trail ballot even if they can't be sure the initial count is correct.

          • The distributed, non-networked system we have now would require a massive conspiracy to have significant odds of changing the outcome of a presidential election.

            Does this statement hold true if a single company manufactures a large percentage of voting machines?
            Especially when the code they run is not open to public scrutiny?

            Does it hold true in Florida? :-)

            • Does this statement hold true if a single company manufactures a large percentage of voting machines?

              There are few companies making a significant majority of voting machines in tUS, which is a problem. However, many of those machines do have paper trails, either via optical scans, paper-trailed electronic machines, or otherwise. So long as those paper trails can be audited, the chance of a single entity (in this case, the voting machine manufacturer) swinging an election is extremely low.

              This is, of cours
    • by kabloom (755503)
      Why do we all need to vote on the same day?
      Why do we need to congregate at designated areas?
      I can do my banking securely online, why not vote?
      Why not have online voting?

      Because the day we have online voting is the day I come to your house, put a gun to your head and demand you vote for George W Bush. At least at the polling place, there are poll workers to ensure that no guns make it in, and no reliable reciept makes it out.

      Have a look at Three Ballot Voting [mit.edu]. Now, there are several [princeton.edu] critiques [princeton.edu] of Three Ballot
      • there are poll workers to ensure that no guns make it in, and no reliable reciept makes it out.

        Dude, it is not the unarmed 98-year old WW1 veteran at the polling place that prevents gun-wielding maniacs from forcing people to vote a certain way.

        That's like claiming that the greeters at Walmart prevent armed robbery.

        What prevents your scenario is the fact that 75% of America doesn't care enough to even vote, and the other 25% (generally) isn't crazy enough to pull a gun.
        • by monkeydo (173558)
          Dude, it is not the unarmed 98-year old WW1 veteran at the polling place that prevents gun-wielding maniacs from forcing people to vote a certain way.

          Of course it is. Because the 98 yo vet has to put his signature on your ballot, and he's not going to do that if there's hanky-panky going on.
        • Re: (Score:2, Interesting)

          by flink (18449)
          Where I vote, there is an armed uniform officer. You give your name to and address* to an election judge, they hand you a ballot and cross your name off the voter role. The ballot is paper and you mark your selections by filling in ovals with a black felt tip marker. After you come out of the booth, you give your name to to the officer who crosses you off a second list. Then you insert your ballot into the ballot box which has a built in optical scanner.

          The whole process took 10 minutes from walking in
          • by kabloom (755503)
            The whole process took 10 minutes from walking in the front door to walking out again. I didn't have to show ID. I can see the utility of computerized systems for giving independence to disabled voters, but I don't understand the mad rush to implement it for the general populace.


            Pregnant chads. Don't you remember?
    • by djrogers (153854)
      I just don't see security being a huge problem. Every single voter could self-monitor that their vote counted by logging back in to make sure that no hacker had changed their vote.
      Except that now your union rep could force you to vote the way the union wants, or I could go out and literally purchase votes to sell in a block on eBay. Any time there isn't an option for private voting, you open up a pandora's box of problems.
    • If you are allowed to vote from afar someone else can force you to vote the way they want. Husbands can fill out their wives ballots and make the wife sign it then send it in with their own. When you make everyone come down to the polling place, you verify that they are alive and no one is forcing them to vote one way or another.

      Wait, you say, most states already allow voting over serveral months, from anywhere, from people who may not even be alive, with little control over whether the vote was bought

      • Husbands can fill out their wives ballots and make the wife sign it then send it in with their own.

        So.. you're saying women don't need the right to vote?
        Right?

        haha
    • Re: (Score:3, Informative)

      by lawpoop (604919)
      "Why do we all need to vote on the same day?
      Why do we need to congregate at designated areas?
      I can do my banking securely online, why not vote?
      Why not have online voting?
      "

      There are some institutions in our society that have a vested interest in lower voter turnout.

      As far as your first concern, your best bet would be to start a petition for a constitutional amendment. The US constitution calls for elections on the first Tuesday after a Monday in November, so that needs to be amended to have voting at
    • Guarantees it. In fact from experience we *know* online banking is insecure but because it still saves the banks money in the end its a cost they are willing to accept. Who is going to guarantee your vote and whats their motivation to protect your interest?

    • Why not have online voting?

      Internet voting has been pretty much dismissed for the near future until the security/availability/connectivity issues have been resolved. As it stands now, would you trust it?

      The voting period could span several days or weeks, instead of hours.

      I've never quite understood this. Between absentee voting, early polling at a central location, which most cities do, and the half-day or more that polls are open, how is it that people don't have the time to vote?

      The federal government

    • Re: (Score:3, Insightful)

      by hernick (63550)
      > Why not have online voting?

      In asking all your questions and speculating on how easily you could design a secure voting system, you have forgotten the most important property of free and fair elections.

      They are conducted by SECRET BALLOT.

      SECRET BALLOTS are ESSENTIAL free and fair elections.

      If it is possible to check how somebody has voted, it will become easy to apply pressure on people to vote a certain way. For example, wives will tell their husbands how to vote and check over their shoulder as they c
    • by Noodles (39504)
      The simple answer is "Vote Selling".
    • Dear Sir,

      We regret to inform you that due to a recent systems error, your voting account information has been lost. In order to prevent your removal from the system and inability to vote, we sincerely ask you that you verify your identity by reply to this email with your full name, voting account number (Social), your voting password, and your address.

      Thank you, Voting Accounts Administration Department
    • by solosaint (699000)
      i agree with you, one point people havent made is that if you can vote by phone or mail, then it should be available via the internet, as they all would carry the same "vulnerabilities" such as risk of a vote being coerced. Jefferson said we need to review the constitution every 20 years, because our forefathers new countries change, people change, culture changes, and the laws need to change too. vote by internet, verifiable with a paper print out for the user (encoded so forgeries are not easy to do) a
    • Internet voting would be a great concept if implemented correctly, but if they can't get e-voting right, imagine what they'd do with internet voting.
    • by skarphace (812333)

      The federal government could fairly easily create a webserver with logins for 300 million people.

      Federal government doesn't, and probably shouldn't handle elections. I'd much prefer to leave that to state and counties.

      I don't like the internet solution very much. You have an anonymity problem that people have already mentioned, you have fairly serious security concerns too, and the computer access issues. Just like what Hugh mentioned above. A central server containing all this information has the


      • Federal government doesn't, and probably shouldn't handle elections. I'd much prefer to leave that to state and counties.

        Yeah!
        Thanks Florida!!

        Awesome...
    • http://leparlement.org/ [leparlement.org]

      Distributed Democracy. P2P, PGP signatures, electoral lists.

      Vote from anywhere, anytime, on anything.
  • by GodWasAnAlien (206300) on Monday November 20, 2006 @01:36PM (#16917182)
    I have decided that paper is the most reliable backup/journal mechanism.

    I have decided that instead of using DVD media to backup, I am going to print 2d bar codes to paper for every disk operation. Also, I will print the operation in english so I can verify that it did the right thing.

    Then if I have a disk crash, I just just scan in each operation in sequence to restore the disk.

    Yes, you probably think I am sarcastic and you will tell me that paper lets you verify the vote and allows spot audits.

    I would say that the "paper trail" addresses a media/news issue rather than a technical one.

    This demand for paper backup is an odd hope that 100 year old cash register technology is the best.

    One could accomplish the same thing, by writing the vote, and a human readable JPEG image to DVD, and show the image to the voter for verification.

    Or if DVD is too high tech, use microfiche,...

    • by Qzukk (229616) on Monday November 20, 2006 @01:54PM (#16917446) Journal
      One could accomplish the same thing, by writing the vote, and a human readable JPEG image to DVD, and show the image to the voter for verification.

      Or a hacker could accomplish the same thing as before by writing their vote, and a human readable JPEG image of their vote to DVD and show a JPEG of the voter's vote to the voter for verification.

      The key is that if you want to verify that a process is working, you can't use the same process to verify it, because if the process is broken, your verification is broken too.
    • by Alchemar (720449)
      There are actually systems that do just that. I have worked in chemical plants where every change that was made on the computer was also sent to a printer because the disk backup were not considered reliable to audit a problem. That is also the reason that most cash registers have a dual paper tape in addition to sending all information to the main computer. If something doesn't look right, they have something to audit. Most disk drive use does not need that kind of audit trail. You need to know if som
    • by mspohr (589790)
      Our county (Placer, California) uses a system which is similar to this...

      We vote on a "scantron" type sheet (fill in bubbles for candidates) and this is scanned into a reader before you leave the poll and the scanner keeps the paper form. If there are any problems reading the scan, you have the opportunity to fix it. There is also a paper trail of all of the forms that can be verified.

    • I would say that the "paper trail" addresses a media/news issue rather than a technical one. This demand for paper backup is an odd hope that 100 year old cash register technology is the best.

      A bit off-topic, but when it comes to longevity, paper records are hard to beat (with the possible exception of stone tablets). Check out this interesting article :Paper Trail - Can Digital Media Match The Longevity Of Plain Old Print? [sfgate.com]

    • I have decided that paper is the most reliable backup/journal mechanism. I have decided that instead of using DVD media to backup, I am going to print 2d bar codes to paper for every disk operation.

      Actually, I think Slashdot covered a story on this a couple years back, with a company that had developed a way to store around 1GB of data on a standard 8.5x11 page. 256-bit color 2D barcode at 1200dpi would do it, I guess. More seriously, I was told by a chap at the Corning Glass works that the most importa

    • One could accomplish the same thing, by writing the vote, and a human readable JPEG image to DVD

      You've obviously never written a JPEG decoder if you think the files are human-readable.

      Also paper doesn't have to be the solution... it could be anything large enough that people can sense and permanent enough to count. For example, you could engrave your vote on say a bar of soap or write your vote in ketchup on a hamburger -- as long as everybody is issued the same voting matter. Plus, this actually encourag
    • by LanMan04 (790429)
      One could accomplish the same thing, by writing the vote, and a human readable JPEG image to DVD, and show the image to the voter for verification.

      Sigh...no, because there is no guarantee that the image you were shown was written to the DVD.

      The point of having a paper trail (on the voting side, not necessarity the counting side) is that there is no invisible "techno-magic" happening; you are sure your vote was cast correctly.
      • Voter votes on an e-voting machine (touchscreen)
      • Voter watches as printhead
      • "Sigh...no, because there is no guarantee that the image you were shown was written to the DVD"

        With the current e-voting in California, the voter sees the printed vote and 2D barcode behind glass.

        If you are not going to believe that the image shown was actually read from the DVD (after being written), then I assume you would not trust the 2D barcode (which is what would be re-counted, after or along with other backup mechanisms).

        • by LanMan04 (790429)
          If you are not going to believe that the image shown was actually read from the DVD (after being written), then I assume you would not trust the 2D barcode (which is what would be re-counted, after or along with other backup mechanisms).

          Exactly, I shouldn't have to "believe" anything all. The paper trail MUST be human readable and verifiable. What the heck is the point of printing out a 2D barcode behind the glass for the voter to look at? It could say anything at all, and you would have no idea.

          Th
        • by Qzukk (229616)
          With the current e-voting in California, the voter sees the printed vote and 2D barcode behind glass.

          As long as the printed vote is there, then all it takes is a vigilant observer at the recount to go "hey wait, why does the pile for President Evil Overlord all have different names on the printed part of the ballot!"

          In the end, elections require vigilance on behalf of all people to ensure that they are carried out in a manner faithful to the voters' intent. Hiding parts of the process within a machine make
  • As seen here:

    Clear Evidence 2006 Congressional Elections Hacked [opednews.com]

    "We see evidence of pervasive fraud, but apparently calibrated to political conditions existing before recent developments shifted the political landscape," said attorney Jonathan Simon, co-founder of Election Defense Alliance, "so 'the fix' turned out not to be sufficient for the actual circumstances." Explained Simon, "When you set out to rig an election, you want to do just enough to win. The greater the shift from expectations, (from ex
    • Yikes, that's a pretty big stretch to make - regardless of the numbers. Of course, it makes it easy to dismiss when you see the headquarters [opednews.com] of the Election Defense Alliance leaders all working at someone's kitchen table on laptops. That's to say they aren't entirely legitimate and correct, but I might put there chances at, say, 10,000 to 1. ;-)
      • by Alien54 (180860)
        working at someone's kitchen table on laptops

        don't get the telecom mutter and home orifice people upset with you now
  • Any relation to Jack Thompson?
  • by guitaristx (791223) on Monday November 20, 2006 @01:56PM (#16917480) Journal
    Every year thousands of votes aren't counted because there's some ambiguity in how the voter intended to vote.

    This is ridiculous! If a paper ballot has an ambiguity and won't be counted, it should be flagged as such as soon as it's inserted into the machine so that the voter can have some sort of opportunity to ensure that their vote is counted. This is a terrible argument for touch-screen voting.

    Think about this for a moment; this means that things like ballot ordering or candidate name has an influence on whether or not your vote will even be counted, and you wouldn't ever know.
    • by enbody (472304)
      If a paper ballot has an ambiguity and won't be counted, it should be flagged as such as soon as it's inserted into the machine so that the voter can have some sort of opportunity to ensure that their vote is counted.

      Optically scanned ballots can do that checking (removing that "terrible argument"). However, old pencil-and-paper cannot be anonymously scanned without impacting the privacy of the vote.
    • We have new machines (from Seqoia) which do this. They will kick back any "wrong" ballot that cannot be counted. For instance, if you vote for two presidents it will tell you, and ask if you want to recast your vote. You always have the option of saying that you wanted to vote for two and not get counted. Here's a link about it in the LA Times... http://www.latimes.com/news/local/politics/cal/la - 110706glitches,0,2932115.story?coll=la-home-headli nes [latimes.com] ...interesting.
  • I think we should switch to optical scan ballots EVERYWHERE. Yes, the "voter filled in both candidates" problem still exists, but do we really want people that stupid influencing our political decisions anyway? If they invalidate their own ballot and don't even notice, screw 'em, that vote doesn't count. It's not like the 'hanging chad' thing where a reasonable attentive voter might not notice their ballot is invalidated.

    With optical scan systems, there's always a paper trail that one can go back to. Yes
    • by indros13 (531405) *
      Actually, the optical scan machines can prevent the "voting for two candidates" problem. In Minnesota, the machines will reject a ballot that has a mis-vote, notifying the voter BEFORE they leave the polling place and allowing them to correct the error on a new ballot. There may be other security issues to fix with optical scan machines, but they have the advantages of paper trail, electronic tabulation, and verification before the vote is cast.
      • by caldaan (583572)
        At least in my county in Michigan the optical scan kicks out over votes as well. The verifiable paper trail is important. Especially when one candidate ends up with negative votes..
    • by nasch (598556)

      With optical scan systems, there's always a paper trail that one can go back to. Yes, the scanning systems and vote tabulating systems are still vulnerable to attack, but at least it's POSSIBLE to do an accurate manual recount if it becomes necessary.

      The problem is, if the election is just slightly shifted, there's no recount and so nobody knows what happened. You can always randomly manually count 1-5% of the ballots, but that may or may not expose any fraud or error. Plus, as shown in Hacking Democracy,

      • by Linux_ho (205887)
        The problem is, if the election is just slightly shifted, there's no recount and so nobody knows what happened. You can always randomly manually count 1-5% of the ballots, but that may or may not expose any fraud or error. Plus, as shown in Hacking Democracy, sometimes "random" means "somebody chooses".

        These problems predated electronic voting. I didn't say optical scans are THE PERFECT SOLUTION. But I think they are a whole lot better than any other system available today. All the problems that optica
  • by internic (453511) on Monday November 20, 2006 @03:15PM (#16918854)
    10) Is the Harm Really that Great? by logicnazi

    [snip]

    All voting systems are vulnerable to fraud. What makes these electronic systems different is that one or a very small number of individuals can engineer a fraud. However, their ability to execute a fraud is limited by the media polls (we will suspect something if the results are inexplicably different than polled) and knowledge of precinct history.

    Haven't there already been several instances of claims of this kind? Isn't it the case that systematic problems with exit polling (and other polls) make it very difficult to make strong, credible claims about election results?

    Thus the danger from individuals changing the vote seems to really be that they will shift a close race (say 10% apart) one way or another.

    However, this sort of shifting close races doesn't greatly degrade the structural force of voting. All candidates will still try to enact policies to garner support whether they need 50% of the votes or only 45%. Much of voting is random, affected by things like personal charisma rather than policy questions so clearly the system doesn't work because we always have the person who 50% want but rather it works because of the structural pressure not to stray too far from what the people want. Or to put it in political science terms, what does all the work is the tendency of all candidates to shift to the middle so in the long run who actually wins each race isn't so important.

    But now comparing the potential for electronic vote fraud to things like machine politics (with conventional ballot stuffing), safe districts, voter disenfranchisement efforts, felon lists etc.. etc.. it doesn't seem like it is such a big deal. ...

    It seems like 10% is a fairly significant margin in most races, so I'm not sure why one would treat this as though it were a small thing. I do appreciate the point that somehow this may not change the structural correcting force arising from elections, but I do think that it can cause a situation where you have tyranny of the majority (or even a large minority). If a politician has a buffer zone of 10%, that may allow him to pander to one particular consituency while completely ignoring all others, as long as the buffer zone is enough to have him safely reelected. Persumably, in the fair election a politician has to aim to satisfy not just a majority of constituents but a sizable enough majority to ensure victory. So, it seems like such a vote buffer might still really lead to very significant qualitative change. If nothing else, one can look to how differently a legislature operates when the majority party has a margin of a few percent of seats versus when they have a margin of, say, 10%. In the latter case, one often sees compromise all but disappear.

    I guess another way to look at it is that policy difference can be quite large, even between relatively similar political candidates. People thought, for example, that Bush and Gore were pretty similar, and in many of their policies they were (when compared to the larger spectrum of political ideologies, compare with people like Bernie Sanders or Pat Buchanan). If you believe, however, that the Iraq war would not have happened under a Gore presidency (seems at least plausible), then we're talking about thousands of U.S. soldiers dead, tens of thousands wounded, tens or hundreds of thousands of Iraqis dead, hundreds of billions of dollars spent, and the fate of an entire nation radically changed. No matter your feelings about the Iraq war, my point is only that this is, indeed, quite signficant. I'd have a hard time trying to argue to the families of all those dead and wounded that it isn't.

    I appreciate the point that people aren't voting based on perfect (or, perhaps, even good) information anyway, and there are many other ways to steel elections, but it's hard to see how you can face up to facts like those just mentioned and not at least try. In any case, as Dr. Thompson alluded to, it's a false dichotomy. It's not as though you have to choose to fight only one source of fraud, and it will take different people with different expertise to combat each.

  • I cannot believe that this PhD's only concerns over paper trails and voting is the cost factor. THE biggest issue with paper trails is that they are reciepts of a voter's record. If voters are allowed to leave the polling place with an official record of how they voted in their posession, they are vulnerable to both bribery and extortion. The opportunity for groups to apply pressure to voters to make certain ballot choices and then present the proof afterwards for either a cash reward or a guarantee of s
  • ...the danger from individuals changing the vote seems to really be that they will shift a close race (say 10% apart) one way or another.

    Not only that. If you shifted the vote by a huge amount (say, 100% to 0%), that would go a long way to undermining the voting system and producing panic in the population.

  • I completely disagree with this ridiculous waste of money we've been spending in the US on electronic voting. The best solution by far is to do what Oregon does or what any voter can choose to do in California (and perhaps other states) which is get a ballot a month or so in advance and fill it out with a pencil. You don't have to mail it in, you can drop it off at the polling place last minute (usually the case for me).

    Now, addressing Hugh's points to this question:

    1] Disabled voters: Why in the world d
    • by will_die (586523)
      Most states provide something similar to what Oregon does, Texas does even more they set up voting places in malls and shopping centers months before the real election date.
      As for the other points.
      1) The abaility for disabled to use the exact same machine is a huge,huge political point for the disabled comunity. Lawsuit have been filed over similar setup which they label "seperate but equal". If an someting even more strange from your thinking look at cochlear implants and how they are causing the "geno

The only problem with being a man of leisure is that you can never stop and take a rest.

Working...