Slashdot Log In
Interview with Voting Machine Company Reps
Posted by
michael
on Sun Apr 20, 2003 06:09 AM
from the what-me-worry dept.
from the what-me-worry dept.
laupsavid writes "Here's an interesting interview with government and industry reps on the Black_Box_Voting site. I think it's funny (yet terrifying), almost like an extended Shark-Tank Unclear on the Concept item. They interview Paul Miller, Registration and Systems Manager of the Office of the Secretary of State. Black Box Voting is dedicated to informing people of reasons to reject electronic voting systems. I believe Bev Harris runs the site, and she claims to be an expert on accounting fraud. Also, see this area of the a site called Ecotalk for a list of instances of purported fraud by electronic voting."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Fraud in electronic voting? (Score:3, Funny)
It's not like many of us vote anyway..
Re:Fraud in electronic voting? (Score:5, Informative)
Hanging chads aren't really in any way a form a fraud. Fraud usually implies that the incorrect tallying of the votes was purposefully altered. Hanging chads are simply cards where the tiny circular piece of paper hasn't been fully punched out and is hanging from the hole. Actually, in 1996 I believe a house seat was won in Mass. by William Delahunt based on cards with "bulging chads." The cards simply had a little bump and they included that as "voter intent."
Parent
Re:Fraud in electronic voting? (Score:3, Interesting)
People should also consider the number of spo
Re:Fraud in electronic voting? (Score:3, Funny)
Voting machines give me the creeps (Score:5, Insightful)
As they stand right now, they give me the creeps: They do not give you a print-out for backup. And there is no way to look at the code by an independent auditor because the republican Kath "Cruella" Harris declared the code a propietary secret. Only the vendor has the right to audit their own code and certify it as bug free.
An open system should print a ballot that goes into a ballot box as a back-up and it should be open for any independent party to review. If not how do we know there is no fraud involved?
Parent
Re:Voting machines give me the creeps (Score:3, Interesting)
-prator
I like the idea of electronic voting systems.... (Score:5, Insightful)
and hate it at the same time.
This interview (while somewhat hostile), does illustrate why I hate it - we have voting system companies that refuse to make their systems open that are, in turn, monitored by officials that do not understand how the systems can be tampered with.
I think our elected officials just aren't ready to handle technology, unfortunately.
Oh, any voting system that doesn't provide a hard-copy output of how I voted to be used as a check is a voting system I don't trust - a pure touch-screen system should provide a printout that I can confirm, and hand in, where it will be filed much the way traditional ballots are file. The actual counting can be purely electronic for all I care, until a recount is requested, in which case the paper ballots should be used - any tampering significant enough to alter the election should be trivially detectable using this system.
Re:I like the idea of electronic voting systems... (Score:3, Interesting)
If anything is hidden, there is at least the perception that evil-doers *can* do things they shouldn't.
While I don't necessarily trust either the Democrat or the Republican election officials, I do feel fairly safe trusting that both are in no mood to let the other side get away with much of anything.
I don't have any answers, but unless anyone can at most anytime publicly ask any election official just what they are
Re:I like the idea of electronic voting systems... (Score:5, Informative)
Compared to most of the vocal
I made my first 'puter by wire-wrapping from a schematic back in 1976, and there is no way I'd trust a system without a hard copy output for anything more inportant than internet surfing.
basicaly what I got out of the interview is
1. a company make the voting machines named AccuVote
2. this company issues updates on CD's and if the update is significant it's independantly tested but nobody seems to have a definition of significant.
3. the CD's arrive from a source that's not explained, and don't seem to be verified as coming from an authorized source. Something like doing a MD5 checksum to verify the cd might be usefull for accounting purposes.
4. the CD are load into the system and they do what-ever they do and nobody seems to be accountable for tracking the machines that are updates; or even verifing which files have been changed.
5. before the election's the system is tested for Logic and Accuracy and if this test is passed, it's assumed valid for live data. of course off the top of my head an election would need huge amounts test data to cover all of the different vote possibilities and possible user responses.
I'd also have to agree with the interviewer, touch-screen voting machines are untestable.
Seems a pretty sloppy way for a secratary of state's office to do bussiness if you ask me
Parent
Re:I like the idea of electronic voting systems... (Score:3, Insightful)
I hate it when... (Score:2, Insightful)
In my opinion, anybody that presents an argument that electronic voting is particularly subject to fraud must factor in the amount of fraud that already goes on in non-electronic elections.
Re:I hate it when... (Score:5, Insightful)
With a paper vote, the system is intrincially very simple - the voter marks a ballot paper according to who they're voting for. The ballot papers can be counted by hand, and anyone who wants to can observe the counting.
With an electronic voting system, how can I check how it's working? Even if the source code is open for all to see, how do I know that the published source is what's actually being used? And how can someone who doesn't understand computer programming check that the system is correct.
Any voting system is vulnerable to fraud of some sort, but, imho, a system which anyone can understand is better than one which only a privilaged minority (geeks) can.
Parent
Re:I hate it when... (Score:2)
Testing, testing, and more testing. A huge number of rigorous tests.
Compared to many other projects, designing and implementing a secure, accurate voting machine isn't technically challenging. The challenge comes in proving that the voting machine is both secure and accurate.
This might be a good time to employ those crackers that have recently been discussed on Slashdot. Observe how they crack the system and eliminate that vulnerbility.
Re:I hate it when... (Score:3, Insightful)
Why is there a need for any voting machine? Why not mark the ballot papers by hand with a pen? (It works here in the UK) Why replace one solution that most people don't understand with another one they don't understand when there's one available that anyone
Re:I hate it when... (Score:2)
I'm not saying I agree... just that I can see the appeal.
Re:I hate it when... (Score:3, Insightful)
The fundamental problem being that the people who write the specs, make the purchase, and oversee the proof testing are the same people who have the greatest conflict o
Re:I hate it when things go over people's heads. (Score:2, Interesting)
th
Smart Card ID (Score:2)
This would allow vote buying. Currently, even if you give me $100 to vote for your candidate, I can go in and vote however I choose anyway, and you're none the wiser.
With smart cards and a web site - here's your $100, just hand over the smart card for a day.
Re:Smart Card ID (Score:2)
Suppose I give you $100 in government money I took from someone else?
Taxing one group and giving the money to another is nothing but vote buying.
Re:I hate it when... (Score:4, Insightful)
Personally, I believe votes are as important as money, and should get the same care in their accounting. That, rather than the electronic nature of the new machines, is what irritates me about the new machines. They are fundamentally broken from an accounting point of view, and nobody seems to give a shit because, apparently, votes are not as important as dollars in the United States of America.
Parent
WSJ article on election problems (Score:5, Interesting)
One of my favorite stories occured in a western state, I believe New Mexico. The local election official was suppose to set up the "tailor" files for the electronic vote counting system. Afterward, he was suppose to run a variety of test cases to make sure it all worked right. So on election night, their counting the ballots and someone noticed that the totals don't add up right. As I recall, a large group of ballots were being ignored. In a panic, they ID the problem and call the equipment vendor asking how to make the necessary changes. The vendor begs them not to change a thing and call a judge, pointing out that any changes made on election night will probably led to a election fraud trial. They call in a judge, who brings in reps from the handful of political parties. It takes days to fix the problem.
Wrong assumption of trust (Score:2, Insightful)
In other words, the problem isn't the mechanism, it's the implementers.
"Cha-Chunk!" (Score:3, Insightful)
In all seriousness though, with some hard-wirded electronics (rather than software), it should be pretty easy to construct a virtually fraud-proof voting machine that resembles the old-style ones but isn't as expensive to manufacture or maintain.
Re:"Cha-Chunk!" (Score:3, Insightful)
What's wrong with using a pen to put a mark next to the name of the candidate you're voting for? No more problems with hanging/swining/pregnant/... chads, and just as verifiable (although satirists might not like it...)
Re:"Cha-Chunk!" (Score:2)
As for people marking more than one candidate, well, anyone who's too dumb to understand "mark one candidate's name only" (or similar instructions) is pretty much beyond helping.
Re:"Cha-Chunk!" (Score:3, Insightful)
Re:"Cha-Chunk!" (Score:3, Informative)
We can't even manage a paperless office (Score:2, Interesting)
Without a hardcopy of each vote as it is cast, a recount is nearly useless.
I propose that each voting station be issued a single unperforated paper roll of ballots, with the voting booths in a line. Each vote would be punched and signed on the same roll.
Instead of having a pile of cards that could be selectively lost or stuffed, the individual rolls would be easier to keep track of. Plus, hand recounts would be far easier.
This could be abused too,
usefull links (Score:5, Informative)
There was also a discussion about election reform and voting voting fraud last summer and can be found on the cato [cato.org] site.
Or you can watch the even in Real video [cato.org]
Re: usefull links (Score:5, Insightful)
Anyone concerned with electoral fraud in the US, the use of poisoned databases to cull legitimate voters from the electoral rolls, and the future of voting might want to read Chapter One - Jim Crow In Cyberspace [PDF] [gregpalast.com] of the book.
Choice Quote -
"One can't sabotage democracy with felon lists alone. Balloteating machines worked well in Gadsden and other Black counties, but cyberspace offers even more opportunities for fun and games. This time, it's "touch screen" voting. No paper trail, no audit path, no fights over recounts: recounts are impossible.
"Florida is the first state to adopt this video-game voting technology. Secretary of State Harris immediately certified the reliability of one machine, the iVotronic, from Election Systems and Software of Omaha. On their Web site, there is a neat demo of their foolproof system you can try out. I did - and successfully cast an "over-vote," a double vote for one candidate. Then the site crashed my laptop. But hey, the bugs will be worked out . . . or worked in.
"The question is, who else is touching the touch screen? In the case of the iVotronics, it's Sandra Mortham. Ring a bell? She was Harris's Republican predecessor as secretary of state, the one who hired DBT. Now she's iVotronics representative in Florida."
Parent
What is wrong with paper? (Score:2)
Why do people think that a electronic system is s
The Legitimacy Of The Vote (Score:5, Insightful)
The purpose of a democratic election is not to determine a winner. Every conflict, democratic or not, peaceful or not, ends up generating winners. No, the purpose of an election is to make everyone agree who lost, and to generate (through a future election) a preplanned battlefield for a future engagement.
Only through this process can the costs of conflict -- which are often substantial, sometimes far greater than the value of what's being fought over -- itself be minimized.
Some engineers with no knowledge of politics imagine voting is a counting problem. Given hundreds, thousands, maybe hundreds of thousands of individual polling sites, how can the numbers be collated and reported accurately? How can the top scoring candidate be identified and informed of his or her success? In short: Who won?
They miss the point entirely: The problem is never the winner. The winner is not the one to doubt or challenge the system. The winner is always happy to win -- it's never the party in the lead that calls for a recount. No. The problem is with those to whom power has been denied. They are the ones that the entire system exists for; they are the ones who the process is designed to satisfy. We hold out a carrot -- you will have your chance again in some time -- and ultimately, a stick: You failed to convince enough people that your cause was worthy, that your message was true. We brought your message to the people, and they turned away.
That doesn't say "You won." That proves "You lost." This is why it is so critical to have a genuine paper trail for voting systems: Any idiot can tell you who won, but once the facts disappear -- once the finger rises from the touch screen -- there is no mark, no evidence, no proof at all. That doesn't mean the election won't have an outcome: Courts can quite easily, by fiat, declare that the voting system may not be challenged. By fiat, then, they decide who won.
Fiat -- legalese for "Because I said so" -- does not a proof make. Fiat declares a winner; it cannot prove a loser. Thus it fails, utterly and completely, to serve the purpose of the election system itself. Open and unambiguous access to the voting architecture is critical if we are to provide an election system that defies the sour grapes of a failed candidate. Anything less makes a farce of the election process -- why go through the rigamarole if people have no reason to believe the results?
The sad part is, most engineers have settled on the most obvious solution: Touch screen voting, with a human readable (but easily computer-auditable, through the use of the standard OCR fonts that have been on checks for decades) printout that is stored for recount purposes. (The printout is on difficult to forge official paper, and contains some piece of data that did not exist before the election, akin to POW's holding a newspaper.) At that point, there are a few choices -- have the touch screens also communicate to a central office, which collates votes and designates 5% of precincts randomly for immediate on-site audit, or perhaps skip the touch screen link and have each site read the votes from the printouts and only the printouts. Given a challenge, the computers speak the same language we do, and possess logs in the same physical format we can analyze. A challenged result can be answered with evidence -- and thus the challenge is not likely to be made at all, for that would be yet another failure for the candidate.
Elections without evidence see their legitimacy drain away like blood from a sliced jugular. Without evidence, it's not that the victor cannot be shown, it's that the challenger cannot be refuted. Shaking ones shoulders, saying "I'm not going to prove a negative", is insufficient. Blind touch-screeners leave elections vapid and useless, an exercise in futility that doesn't raise an eyebrow when precisely 100% of the (remaining?) population votes for Saddam.
It's honestly surprising that, in this d
Re:The Legitimacy Of The Vote (Score:3, Insightful)
If I can get a touch-screen system that generates auditable, _human readable_ sheets of paper or some other voter-and-auditor readable medium, then I'm very interested in electronic systems -- they're faster, cheaper, and potentially much more accurate.
Do not mistake the path for the goal.
--Dan
Online votes are not secret (Score:4, Informative)
An election is secret only if the voter is required to conceal his/her vote. This prevents votes from being bought (since the buyer cannot know if he actually gets the goods) and it prevents people from being pressurized into voting for a particular party (with online votes, a tyrannical husband can easily make sure his wife votes the right way).
Of course, vote by postal letter has the same problem which is why most democracies allow it only in case of unability to otherwise attend and also make it at least somewhat inconvenient.
shuck and jive (Score:2, Insightful)
phooie, it's a scam, a sophisticated scam
None of those
Electronic voting isn't particularly vulnerable (Score:3, Insightful)
Electronic voting is instant, traceable, and most importantly interactive: how much would all those idiots who accidentally voted for Buchanan in 2000 have appreciated a dialog box popping up saying "You are about to vote for X"?
You don't know what you're talking about (Score:3, Informative)
Re:You, dear sir, are an idiot (Score:3, Interesting)
Would you find it surprising that black Republicans in the 2000 Florida election had a 50-fold higher likelihood of having their ballots invalidated than black Democrats? It's true [freerepublic.com]. That's because the precincts where so many blacks had their votes stolen were actually under the control of the Democratic machine.
Statistical analysis shows that by far the most likely reason for so many "double punched"
Where is the open solution? (Score:3, Interesting)
I'd feel a lot better about electronic voting if someone could download the code and review it, to make sure some programmer didn't get and 'extra' bonus that election cycle.
I realize there's no money in it, but w/ all the /.ers talking about how the current systems are rife with opportunities to tamper, I would thinks that *someone would be working on it, if not for their own amusement, for the good of free democracy.
Unless of course all you coders are to busy playing America's Army...
2004 results (Score:4, Funny)
Better voting systems possible (Score:3, Insightful)
There are many voting systems possible besides simple "one man, one vote". In fact, "one man, one vote" is probably the worst of all (of course, Arrow proved no perfect voting system is possible [byu.edu]).
There are some alternative systems here [boulder.co.us].
No to electronic ballots (Score:5, Informative)
She only got the machines approved by the most ridiculous of explanations: A Printout of the memory card is just as good a audit trail as real ballots. Read about it here in our local paper [lvrj.com]. What did Ms. Ferguson do after leaving Clark County? Why she went to Santa Clara County in CA, where she stayed just long enough to throw out any auditable voting machines and replaced them with fully electronic voting machines from Sequoia.
After that, where did Ms. Ferguson go? Why she accepted a position as a Vice President... of Sequoia systems!
Do I think there is some wild conspiracy here? Nope. It's just a case of a political hack on the take, who doesn't care about the laws of the state that she is supposed to enforce [state.nv.us].
Plus, I think the Slashdot crowd understands full well how when you have critical software apps that are closed source, you are essentially outsourcing control of your apps. So any county that has these fully electronic devices has outsourced election security to the low bidder. Egads.
We use them here for years. No problem. (Score:2, Informative)
Options? (Score:2)
One possibility might be to get as many people as possible to vote absentee - thus returning the voting process to paper form. Perhaps overwhelming the election workers as well. Not, of course, that that would ever be part of anyone's motivation.
If you go in to the election location and refuse to vote on a machine, do the election types have to provide alternati
I have studied Electronic Voting (Score:5, Informative)
First off, every source believes that there should be a paper trail as a backup. This is good.
Second off, every source believes remote internet voting is too insecure to be feasible at this time.
Third off, my team's research shows it is impossible to have 'remote poll-site voting', in which a voter can cast his ballot at any station or kiosk in the county or state, while protecting voter anonymity and without relying on an always-up internet connection at each poll-site.. The crux of the problem is this: you can't update a voter's record in a central voter registration database (to change him to "VOTED" or something) without the polling stations being connected to that database over the internet , or phone lines, or some kind of link. So instead, you would give each polling station its own copy of the voter registration database. But that means if someone tries to vote twice (once each at two different polling stations), the only way to ensure that both votes are not counted is to associate the ballot with the voter-ID..
At this point, it becomes a matter of trusting the government. Even if the ballot that is associated with the voter-ID is encrypted, do you trust the government not to decrypt those ballots before duplicate votes have been resolved and the voter-IDs have been stripped off? Even if the voting system was open source, do you trust the government to not use a forked version that *doesn't* respect your privacy?
Another scenario is to set up secure links (internet w/ IPSec, or private phone circuits, or satellite...) from the polling stations so you *can* update the central voter database in real-time. All of a sudden, the entire voting system is subject to denial of service attacks. People would climb poles to cut wires, etc. And if your system was designed to be "failsafe", so that voters could still cast a ballot even if the link was down, you'd be back at the voter anonymity problem mentionend above: those failsafe ballots would essentially be the equivilent of modern-day "provisional ballots", in which your name and identifying information are written right on the front of the envelope.
I don't see a cryptographic solution to the problem, as such solutions seem to involve the government holding all the keys.
The professor of the class is a brilliant man, and he admitted to me that this is a fundamental problem and that he was, in fact, hoping a solution might come out of his assigning it to a bunch of students with fresh perspectives.
Great quote (Score:2)
"It's not the programmer that programs the machine."
Copy the ATM machine (Score:3, Insightful)
Get a cheap screen. Put some buttons on the side. The voter presses the button to go with the right candidate, as displayed on the screen. This interface is easier and more reliable than any touch screen I've used. And it's so damn simple and reliable...
When you're done, just like an ATM, you get a receipt (aka voter printout). The identical receipt is printed and stored inside the machine, and the result is electronically stored or immediately uploaded elsewhere. No one would ever make an ATM without that paper roll inside (or the receipts printed for the customer)... I honestly cannot think of any valid reason not to do so, except to deliberately enable fraud. The printers aren't expensive.
If you wanted to be clever, you'd put a number or bar code or somesuch on every ballot, and within maybe 30 minutes the voter could return to the machine, invalidate their old vote, and enter a new vote. If the voter gets a printout it's not as helpful if they can't do anything if they realized they voted incorrectly. But that correction process does add the potential for fraud (though of course the correction would be logged for future auditing).
Someone else suggested an even simpler system where the machine prints out a ballot, and the ballot is put in a ballot box (after confirmation by the voter). Create something both machine and human readable (machine by OCR, so there's no possibility for the vote being inconsistent)... not as fast to count as electronic results returned by a modem, but does that really matter? Higher accuracy than punch cards, and highly transparent (so long as ballot boxes don't get lost...)
Lastly, election boards should be running exit polls. Not for any official purpose or in order to report to the public, but as another safeguard against both fraud and mistaken results. If the results of that sampling are too far from the actual results, then something went wrong. It won't correct those problems, but it's a final way to check that there are no massive inaccuracies in the voting.
Telling parts. (Score:3, Interesting)
Harris: "Regardless of who sets up the ballot, the ballot does identify who is a Republican and who is a Democrat. So there would be a way for the program to know that. Why couldn't a programmer, for example, set the machine to wait for a couple hundred votes and then put, say, one out of every 10 Democrat votes into the Republican bin?"
Miller: "It's not the programmer that programs the machine."
Harris: "But whoever does it identifies, for example, who is a Democrat and who is a Republican, so regardless of who inputs that, the machine would be able to read and identify that too."
Miller: "I'm not going to talk about proving a negative."
Harris: "But the positive, which can be proved, is that every election system that's ever been used in the USA has, at one time or another, been tampered with. And what we do know is that $800 million has gone toward contributions to candidates. So certainly we can predict that someone will try to tamper with a programmer. And therefore, what I'm asking, is what safeguards do we have in place to make sure that, if someone tampers with a program or a CD update --"
Miller: "I think we've gone as far as we can go."
Easter Eggs. (Score:3, Insightful)
If you place your fingers on two or three pre-determined locations (e.g. opposite corners) while making a vote selection, then all current (or subsequent) vote are changed such that 1/3 of all votes go to your preferred choice.
This 'feature' would be essentially impossible to find in logic testing, and would not depend on the egg programmer knowing anything beforehand about what the vote questions would be, when the vote would take place or even how many 'test' votes were done.. All you would need would be someone who could make it to the polling station at the appropriate time in the voting process (beginning or end) to activate the egg.
Without a voter verified paper trail, it would be almost impossible to verify that such a cheat had been used. -- remember it could also be encoded in the prom firmware of the machine -- not just the truly soft software, and it could sit there for years, until an appropriately critical vote occurred (or an appropriately large bribe was paid).
Voting machines outside USA (Score:3, Informative)