Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

California Sec. of State Wants Open Source E-Voting Systems

Posted by Soulskill on Sat Sep 27, 2008 08:12 AM
from the nowhere-to-go-but-up dept.
Government Security Software News Politics
Lucas123 writes "California's Secretary of State, Debra Bowen, was among a group of e-voting experts at MIT yesterday who said the nation's electronic voting systems are still not secure and many run on faulty software. Among the suggestions offered to fix the problem: use open source software, stop delivering e-voting machines to polling places weeks in advance of an election, and keep a paper trail for auditing purposes. Bowen also believes that a ubiquitous Internet voting system could not work without the use of a national ID card system."
+ -
story

Related Stories

Submission: Prevent Unwanted Presidencies with a Paper Trail by Lucas123 (935744)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

California Sec. of State Wants Open Source E-Voting Systems 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Simple Solution. (Score:5, Funny)

    by bigtallmofo (695287) * on Saturday September 27 2008, @08:15AM (#25176819)
    No need to open source anything or make any other changes... Just slap a sticker with one of those disclaimers on each of the current voting machines that reads "This is not a scientific poll and is completely inaccurate."

    Problem solved.

  • Now for the BIG decision (Score:4, Funny)

    by Vinegar Joe (998110) on Saturday September 27 2008, @08:17AM (#25176827)
    KDE or Gnome? But since it's California, it'll probably be Enlightenment.

  • Another trick: reduce the time pressure issue (Score:5, Interesting)

    by compumike (454538) on Saturday September 27 2008, @08:21AM (#25176849) Homepage

    Lots of the problems described occur because a voter must actually punch a bunch of buttons in just a few minutes -- matching a (hopefully predetermined) set of things they wanted to vote for. It seems like there's lots of room for error because of the time crunch that everyone feels in this situation.

    What if you could actually do the ballot on your computer at home, carefully making sure that the buttons you push are what you intended, and then bring a printout with something like a barcode or other digital encoding of your selections? (This wouldn't have to be tied to your name -- that can still happen in the booth.) Then you bring that barcode to the booth, and it scans it after you walk in, and that "preloads" your selections. Then, you're just down to a verify step, under less pressure.

    Seems to even open a new market for various parties to distribute the barcodes of their respective positions... :-/ don't want to make things *that* easy.

    Just a thought...

    --
    Learn electronics! Microcontroller kits for the digital generation. [nerdkits.com]

    • Then how do you buy an election from diebold? All these papers with the bar code and print outs would be countable. When the machine vote and the ballots don't match, uh oh the jig is up.

      Although seriously you could probably stuff the ballot just like in the old days.....
    • The problem with that is a lot of people don't have/don't use printers. Take that times the high price of ink, and the fact that the barcode could be smeared or otherwise damaged, it wouldn't really work.

      • Uhhh works great for planes here in Australia.

        Used the system for the first time a few weeks ago.
        Go online, choose what seat you want, hit print.
        You get a page with all your info along with a couple of 2d barcodes.
        Works fine even with crinkles in the page.

        It replaces the boarding pass. You just walk right on to the plane.

      • The problem with that is a lot of people don't have/don't use printers.

        Spoken like a true geek who uses hard copy printouts as little as possible; and does not support people who can only think with a piece of paper in their hands. Paper printouts are the predominant technology; and more people understand paper technology. Non-technology people will spend more time and effort ensuring the paper printout is perfect than maintaining the system which creates the paper printout. And they will expend lots of eff

      • Re: (Score:3, Insightful)

        by MiKM (752717)

        What about public libraries? Libraries generally charge around ten cents to print a page, which isn't very much. Even so, I'm sure that libraries would be willing to make printing out ballots free-of-charge.

    • Re: (Score:2, Interesting)

      by mfh (56)

      If swift-boat politics were actually fueled by problem solving -- you would be on to something here! Sadly, it's about disaster capitalism... and therefore it's better when the voting machines have wide open security holes. But nice try!

    • Re:Another trick: reduce the time pressure issue (Score:4, Insightful)

      by arth1 (260657) on Saturday September 27 2008, @09:05AM (#25177107) Homepage Journal

      What if you could actually do the ballot on your computer at home, carefully making sure that the buttons you push are what you intended, and then bring a printout with something like a barcode or other digital encoding of your selections? (This wouldn't have to be tied to your name -- that can still happen in the booth.) Then you bring that barcode to the booth, and it scans it after you walk in, and that "preloads" your selections. Then, you're just down to a verify step, under less pressure.

      Bad idea, for many reasons:

      1. Not everyone has access to computers.
      2. It opens for coercion fraud and buying of votes. The coercer (whether it's a husband or someone who bought your vote) makes sure that you have only one printout, and that you don't spend long enough in the voting booth to fill out another.
      3. Dimpled chads will be replaced with blotting ink cartridges. Expect the printer manufacturers to get sued if a vote allegedly registers incorrectly.

      The possibility for buying votes and coercing the voter is also why Internet voting must not be allowed to take place unless and until we can open a connection between our mind and the Internet. The voting booth is there to ensure privacy. Please do not take that privacy away in the name of security. I think Ben Franklin had something to say about that trade-off.

      • Actually, Internet voting must not be allowed unless you can make a connection that can't be eavesdropped between your mind and the voting machine. If third parties can listen in (even if they need your consent to do so) - vote buying will again be possible.

        Imagine you manage to get this part right. Now you would only have to trust the voting machine to accurately store your vote, without the benefit of a voter-verifiable paper trail or anything you can possibly show to third parties to demonstrate that yo

  • Nice step forward (Score:5, Insightful)

    by daemonburrito (1026186) on Saturday September 27 2008, @08:30AM (#25176919) Journal

    Next step would be firing the so-called "technology experts" in the popular media, who apparently lack the the tech saavy to google for what "open-source" means.

    Coverage of the G1 launch was a beautiful example of their ignorance. Many times I heard the fakers pontificate about the "security concerns" in using open-source software, while not even knowing meaning of the term.

  • At Pycon 2007 in Dallas [pycon.org] I saw a lightning talk demonstrating how electronic voting could be secure in just 293 lines of code [zesty.ca].

    However the bottom line is that you shouldn't trust any voting system. What you should have is an auditing system where you can do recounts. The less moving parts or the fewer lines of code you have the easier it will be to audit a system.

    • Re: (Score:3, Insightful)

      by liquidpele (663430)
      Yes, pvote [pvote.org] is small (current version is 460 lines), but that does not take into account the software under the simple python script.. What about the OS, the Interpreter itself, drivers, how it stores the votes, etc. All that has to be secure... the actual interface to the voters is probably the LEAST of your worries.

  • A solution looking for a problem (Score:5, Insightful)

    by schnikies79 (788746) on Saturday September 27 2008, @09:04AM (#25177103)

    Just stick to paper. It works.

    • <car analogy>Yes. But the fact that walking 'works' has not stopped us from inventing cars. And mind you, the first ones were not exactly 'secure', and could claim much more than your vote.</car analogy>

      On the serious side, yes, don't substitute paper until you have an alternative that's superior on all counts. But keep in mind that there's a lot of drudgery and automatable effort behind voting, and that many simply can't vote because of physical problems.

  • The main problem with e-voting is that the average citizen can not reasonably check the ballot counting. With paper, even a seven-year-old can check if it is counted correctly. No one can look into the computer, so even if you have paper ballots, they still need to be counted. Nothing won there.

  • Every optical-scan voting system should use scantegrity [scantegrity.org].

  • E-Voting Machine made Easy & Secure (Score:5, Interesting)

    by FlyingGuy (989135) <flyingguy@gm a i l . c om> on Saturday September 27 2008, @09:33AM (#25177281)

    This is not that hard, and it sure isn't rocket science.

    Strip down a distro to the kernel then ad the following:

    • Driver for a touch screen display
    • Driver for audio output to drive headphones for the visually impaired
    • Driver for a brail input device as well
    • Driver for an thumb drive to boot from
    • Driver for a tape style printer (not thermal)

    Please a driver for something I missed....

    The device has only enough ROM to POST and is hard coded to boot from the thumb drive which contains the OS & drivers and voting software with a modified USB connector that is a different shape then standard. This is a mild security feature.

    An additional thumb drive will hold the data, again with a different shape so that the two cannot be confused, and both are encrypted using a two key scheme of some sort, suggestions?

    Insert the drive one, power up the machine, it will then POST itself and ask for the data key and will go no farther until it validates the Data Drive. Voting commences and when voting is complete, the machine is shut down, drives are pulled and returned to the registrar for counting.

    • Re:E-Voting Machine made Easy & Secure (Score:4, Interesting)

      by RAMMS+EIN (578166) on Saturday September 27 2008, @10:35AM (#25177619) Homepage Journal

      You have some good ideas, but I feel obliged to point out that your solution does not obviously ensure that

      1. Your vote gets counted correctly
      2. Your vote is not traceable back to you
      3. You cannot vote more than once

      I still have more faith in casting votes on paper and counting them by hand than I have in your solution. Actually recording your vote on the paper ballot can be done by machine, of course, as long as you get to inspect the ballot to check that the machine did what you wanted it to.

      • the easy part is only 1 vote. there are 2 options. 1. a second screen with a 'press to allow vote now' system kinda like the cashier pressing the 'credit' key at walmart. maybe even screen less, just an led... or something.

        not traceable back to you is harder, but not impossible ultimately this suggests that the poll workers don't get access to the voting machines ever, they're handled by someone else entirely etc.

        as for correct counting, that's not impossible either, you just have the machine have 2 copie

        • whoops forgot number 2 on the only 1 vote... the second option was to say have unique bar codes scanned in that only work once, and the voting machine won't let you vote without scanning in a new bar code.

    • Re: (Score:3, Insightful)

      by Burz (138833)

      Ramms+ein is right: Open source will not solve the problem of computerized voting, which transforms the ballot from a physical object that can be read by any poll worker, into an electromagnetic blip that cannot be verified except through extremely indirect and convoluted means using teams of hard-to-find experts.

      As you may know, the 'normal' transactions we perform on computers every week are coming under increasingly successful attack. And that is WITH the benefit of the transactions carrying the identiti

    • Re: (Score:3, Interesting)

      by tucuxi (1146347)

      I've got a better one. Don't trust the machine, trust the paper ballot - and let people bring in their own ballot-checking machines.

      So, yes - build your linux-powered machine (no need for special USB connectors; just make sure there's good physical security). Don't use any electronic recording mechanism - just print a piece of paper with the vote on it. Optically and humanly readable.

      And let there be as many machines as possible, from several providers (or even bring-your-own) that can read, display and i

  • Use a bank account. (Score:3, Interesting)

    by v(*_*)vvvv (233078) on Saturday September 27 2008, @09:47AM (#25177357)

    Create an account for each item on the ballot.
    Have voters register their bank accounts when registering to vote.
    Only votes from registered bank accounts are accepted.
    Only deposits of 1 cent are accepted.
    People can vote at ATMs, online banking, or at a teller.
    Check the balance at the end of the day.
    Everyone has a paper trail.

    *Just an example of using a solution for a solved problem for an unsolved problem.
    **The system can be implemented without the banks cooperation, but why not have them cooperate - they're nationalized now anyway.

  • At least in my country, the traditional paper method works well, is easy to implement, and what is most important in a democracy: easy to understand and easy to check for everyone.
    No matter if the electronic method is opensource or not, only a very small percentage of voters will actually understand how it works, how it is kept secure and safe from manipulation.
    So what immense advantages would electronic voting have to make up for this fundamental problem, that will never change, no matter what the electron

  • Why is it so hard? (Score:5, Interesting)

    by HairyCanary (688865) on Saturday September 27 2008, @10:02AM (#25177433)

    1. Take vote electronically.
    2. Assign a randomly generated UUID.
    3. Print UUID+vote on internal paper tape for backup.
    4. Print UUID+vote on paper receipt for voter to keep.
    5. Post UUID+vote on a public web site anyone can view.

    Now, anybody can see the tally, do the math themselves, etc. And everyone who cares can look at their own UUID and see if the public tally is accurate.

  • National ID Card for States? I think not (Score:4, Interesting)

    by markdavis (642305) on Saturday September 27 2008, @11:08AM (#25177799)

    "Bowen also believes that a ubiquitous Internet voting system could not work without the use of a national ID card system."

    For someone who seems to have a clue, she lost a lot of credibility with that statement. There is absolutely no need for a "national ID card system" to have secure and accurate voting. Voting is handled by the States, not the Federal Government.

  • A serious question (Score:3, Informative)

    by bill_kress (99356) on Saturday September 27 2008, @02:27PM (#25178975)

    It is supposed to be impossible for me to show someone how I voted. I can't be given a receipt or anything (it would be too easy to buy votes).

    With that as a given, how does a paper trail help? If I as a voter can't be sure that my specific vote is the one on the paper, then it seems like there are still thousands of ways for someone to change it out.

    The machine could print fake info first of all, so it would HAVE to be something I see and validate. Since it has to be a public record, it can't be tied to me by any kind of key though--so after it's printed it out for me to see, there is no saying that it doesn't print a second or third line for another candidate at some other time...

    If the paper trail disagrees with the digital tally, do you just assume that the paper wasn't messed with or substituted?

    I'm guessing people have thought about this more than I have, and I see the mention of "Paper Trail" a lot so I just thought I'd ask.

    • No, don't follow them. Electronic Voting is an inherently flawed idea, let's just stick to pen&paper voting.

      • No, don't follow them. Electronic Voting is an inherently flawed idea, let's just stick to pen&paper voting.

        ... everyone just go outside when the GoogleSat satellite goes over your region on election day.

        Raise your hand: right hand, McCain; left hand, Obama

        Google 's brilliant programmers have a flawless (albeit, beta) system that can correctly tally the votes.

        Probably.

      • Voting machines could print barcoded papers which can be counted electronically. This would allow fast vote counting without all the problems of the punch cards. Random samples of the paper could be counted manually as a security check.

        Whatever happens there must be a paper trail. These are important decisions and any system without bits of paper should be a no-starter.

          • Sure, the OCR part is easy. Teaching people to right and spel correctly -- still haven't implemented that effectively after hundreds of years of trying.

            Are you saying illiterates will all have their votes disqualified? But they have their high school diploma which states they gradiated from a government approved learning facility. The idiots can't be disqualified; that would be unfair.

            • Re: (Score:3, Interesting)

              by Joce640k (829181)

              How hard can it be to vote electronically?

              A machine can show voters a screen with photos/names/square boxes on it. At the side of the screen are physical buttons which correspond to the choices. When you press a button it goes beep and starts to flash. A flashing red 'X' also appears in the square box on screen. Your aim was off? Press a different button and the 'X' will go there.

              Next to the screen there's a printer which really really looks like a printer instead of something designed by Apple. On the fron

    • Re: (Score:3, Interesting)

      by RAMMS+EIN (578166)

      ``Honestly, how hard is it to write voting software?''

      Not incredibly hard, but that's not the issue. The issue is how easy it is to convince the right people that your voting system does what they want it to do.

      I think the problem is either that's it's too easy to convince the right people that a voting system works, or that the right people aren't the people we want it to be.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.