Computer Scientists Rally for Reliable Voting System 288
Kim Alexander writes "Silicon Valley computer scientists, led by Stanford professor David Dill are asking Santa Clara county to purchase a new computerized voting system only if it provides a voter verified paper trail. Their concerns are based on the lack of adequate testing of these voting systems, and the fact that the software is closed-source and proprietary. Requiring a voter-verified paper trail will mitigate many of these problems. Dill's 'Resolution on Electronic Voting' has been endorsed by prominent computer scientists from all over the country, including Ron Rivest. Counties all over California and the US are going through a similar process. Patriotic nerds who want to do something to help protect our fundamental right to vote with confidence that our votes will be counted can help by contacting their state and local reps, writing letters to supervisors and getting informed!"
Patriotic, Schmatriotic (Score:3, Interesting)
That's the kind of patriotism we need.
Closed-Source? (Score:5, Interesting)
Re:Keep in mind (Score:5, Interesting)
The best way to elect our representatives is not through the use of technology, wiz-bang gadgets, open source software or even legal challenges.
Its gett ing Joe Six-Pack and the rest of the disenchanted voters off thier duffs and out to the polls. Rather than complain, execrcise the right to vote people. Had this been the case in 2000, we would have had a clear winner
If there so worried the voting soft. is closed (Score:4, Interesting)
The scariest argument against computerized voting (Score:5, Interesting)
This is an article about Chuck Hagel who is a nebraska representative. He ran for office and won in a very close run off, and controls a large interest in the private company that counted the votes in his runoff election.
The majority of the information in the above blog came from http://blackboxvoting.com/, which is a book about the future of electronic voting.
Just some fairly creepy stuff that's turned me off towards any sort of private computerized voting.
A paper trail is too insecure. (Score:5, Interesting)
Elections in Western countries are meant to be by secret ballot, people. That means your vote is anonymous. Why? Because people don't want other people knowing who they voted for. If someone voted for the 'Kill All Geeks' party, that's their right, and you can't condemn them for their vote (although you can certainly condemn them for their actions).
The best alternative solution to a paper trail would be to use a secure database that has public access. That is, members of the public can run a set of limited commands on it.. like
SELECT COUNT() FROM votes WHERE party='republican';
Or
SELECT COUNT() FROM votes WHERE state='alabama' AND sexuality='gay';
That way, the populace can access the database over the net and query it by SQL, checking the validity of the votes.
Preferably you'd use a proprietary database system to store the votes, as then you can be sure security is not compromised. A paper trail just opens up a whole bag of communist ghouls.
Hear hear! (Score:5, Interesting)
The ballot needs to be:
Machine generated from a touch screen like device.
Machine and human readable.
Signed so as to be verifiable.
The ballot reciept, that's placed into the voting machine, is a random private key, handed to the voter before voting that is used to sign the ballot and ensure integrity. The voter can then take the receipt/key with them and use an Id number to check that their vote was actually tallyed.
This allows machine counts of paper ballots. It allows manual, human auditing of ballots and tally. It allows machine and human recounts of the ballots. It preserves the voting record for the election on something besides magnetic media. It allows "quick summary" for those willing to rely upon the stored, machine versions of the votes before physically counting the ballots.
This is the only way. You MUST have a piece of paper you can go back to and find a vote. Anything else is simply unacceptable.
And, no, it's not over the internet, but we know that will never fly anyway.
Re:Keep in mind (Score:4, Interesting)
Personally, I think voting ought to be made as difficult and inconvenient as possible. If voting were like crawling over broken glass, only those who really really were interested would do it, and we'd get a better product. Keep the ignorant and lazy out of the electoral process, I say.
The objection does not go far enough (Score:5, Interesting)
The fundamental issue is as follows....
Consider 2 elections. In one, you and I and everyone else have exactly a 75% chance of having their votes counted. In the other, the affluent young technocracy has a 99% chance of having their votes counted and the poor, old, or low-tech population has a 95% chance of having their votes counted. At first blush, the seond electiuon sounds more fair, but it is very clear that the first is totally fair and the second is terribly biased.
The problems in recent elections were not caused by technological failures. Dangling chads and the like are just a smokescreen and the recounts bore that out. The problems in elections are a lack of uniformity within the areas in which votes are pooled. Since the votes for president are done by electoral votes rather than popular vote, it is not necessary to have the entire country have identical machines and ballots, but this does need to happen at the state level. When I walk into my polling place, I should see an identical machine to every other voter in the state (randomly selected from the state pool). All the state ballots should be identical to every other ballot in the state. All the county ballots should be identical to every other ballot in the county, etc....
To do otherwise not only fails to solve the fairness problem, but it disinfranchises people for whom a mouse is a household pest.
Electronic Gambling Machines have more oversight! (Score:5, Interesting)
However, when it comes to protecting the foundation of democracy we can't even be given access to the source code as it is a "trade secret." Here's an example [sweetliberty.org] of this privatization of democracy:
Why are people making this so complicated? (Score:3, Interesting)
The udder simplicity of this problem, and how complicated people are making it, is staggering... A simple touch screen which returns who the voter wants, then print in the name on a piece of paper in a specified font so another computer can read it. Of course the typical "are you sure" messages are thrown in there somewhere and vola! computerized voting...
Re:Keep in mind (Score:2, Interesting)
Well, thats what we have right now as far as getting laws passed. Note how much its like "crawling over broken glass" [slashdot.org] to submit those forms they presented to contest the DMCA. See where that is getting us?
Re:Anonymous Voting != Secret Ballot (Score:5, Interesting)
What scares me is I used to work for a largeish credit card company. They would lose records from time to to time. Thouse records invovled real money but sometimes they just disappeared without any ability to trace them. Everytime I've audited a system that logged in two places, some records just don't end up in both place. The best ones seem to have about one in a hundred million go missing, but they are still lost. I want the voting system to be at least that good.
Paper still best (Score:3, Interesting)
Each voter is given a (numbered) balot form with one column of candidate names and one (mathcing) column of empty boxes into which may be entered an apropriate mark ("X" or numerically ordered preference) to indicate voting preference.
The votes are sorted, and the sorted votes counted. This is done manually.
Any disputed votes are examined by the returning officer and representatives of the candidates and assigned or discarded by cocsensis.
Whilst the numbering of the ballots, and the recording by hand on the master copy of the voters roll at the polling station of which ballot is given to which voter, may slightly compromise anonimity, it provides no convenient way to decern the vote of any individual.
The cost of the occaisional employment of large numbers of tellers is almost certainly less than that of the various "automated" polling systems and the audit trail far superior.
Re:Privacy... (Score:2, Interesting)
It was funny, too. I hadn't been handed a privacy sleeve for my ballot, and the directions said that I should place my ballot in one. I asked for one, (got one), and learned she was absolutely delighted that I had asked for one, since it meant I had to have had read all of the directions to find that I was supposed to have one.
You have to remember that most of the voting facilities (At least in West Michigan) are manned by people who experienced Pearl Harber and whose beliefs in America's freedom was reenforced by America's role in WWII.
My experience with a new voting system. (Score:5, Interesting)
I know that these machines have many drawbacks: they cost a lot of money to maintain, store, and "program", though I've always assumed that to "rig" these machines too commit wholesale fraudulent voting would be to time consuming and complex to pull off. Hence, I had a certain amount of faith that the lever I'd pull would actually correspond to the name on the paper strip, and my desired vote would be tallied. I know also that this faith was rooted in sentimentality; I'd accompanied my parents into machines just like that when I was a kid, back in the Sixties.
Two elections ago, however, during a primary vote in September, there was a man at the polling place who was demonstrating a new system, produced by LHS Associtates of Methuen, MA, the "Accu-Vote" system. It used paper ballots, with small circles like on a standardized multiple choice test (like SATs, except without the need for the No. 2 pencil). There was an optical scanner that looked somewhat like a paper shredder, the kind that fits on top of a wastepaper basket. You fed the ballot through the scanner and it read the marks, ejecting the paper out the other end, into a bag, thus preserving a paper trail in case of a recount.
I filled out one of these sample ballots. There were "joke" choices on the ballot, and I intentionally mis-voted, to see how fault-tolerant the system was. Under "Mayor", I placed a check mark in the box next to "Fiorello LaGuardia". For "Board of Cartoon Characters", I put a tiny dot next to "Bugs Bunny". Under "Superhero Committee", I filled in the box for "Wonder Woman", intentionally overfilling the mark, and for "Sports Authority" I filled two boxes, "Babe Ruth" and "Jackie Robinson".
I went over to the company representative who was showing the demo system and handed him my ballot. He fed it into the machine and it was spit out the other side. Though I'd intentionally cast a faulty ballot, there was no indication that anything was wrong, and I showed him the marks I'd made, pointing out my screw-ups.
"Well, this is just a demonstration," he said.
"So, all this does is roll the paper through the mechanism?" I asked.
"Um, well, it's just a demonstration."
"You mean it's not a real machine?"
"Right," he replied.
"So the real machine would reject this ballot, right?"
"I assume that this will be the case." He didn't sound too sure. At this point, the police who work the election detail started paying attention to our conversation. I guess election detail is pretty boring for them.
"So who audits the code that runs this machine?" I asked him.
"I don't know, maybe the Board of Elections," he said. "I can give you the name of the project manager. Maybe he can answer your questions." He wrote a name on the back of a business card. I took it and thanked him for his time. I called a few times but never got a callback, and I doubt I'd get a satisfactory answer.
My fear is that it's trivial for this sort of machine to register a vote for Foo to actually be tallied as a vote for Bar. With the old mechanical machines, this sort of fraud would take days, considering the hundreds or thousands of machines and the dozens of people from the Board of Elections that set them up. However a "black box" system like Accu-Vote need only be programmed with fraudulent code once, after which that code is distributed to hundreds or thousands of EEPROMS or Flash cards or whatever the Accu-Vote uses to store its programming. The barrier to entry for wholesale voting fraud has been lowered, and if the winning margin is large enough, there will never be a recount.
The Accu-Vote system was deployed for the November 2002 elections here in Boston. If there was a public hearing about this change from mechanical systems, I never heard about it, and I read the Boston Globe every day without fail.
k.
We also need to change the voting system- (Score:2, Interesting)
Do the math:
http://www.princeton.edu/~matalive/VirtualClass
http://www.ctl.ua.edu/math103/Voting/4popular.h
Or do a search for Borda Count on Google:
http://www.google.com/search?q=%22Borda+Count%2
Read the explanations above and then..Write your elected representatives..
Re:Closed-Source? (Score:3, Interesting)
Re:Requirements of a voting system (Score:1, Interesting)
You just reiterated what the constitution demands.
Anonymous, reliable, accountable. Imagine that. The government needs more redundant thinking like yours, please pursue a career in civil service.
Open Source, Closed Network (Score:3, Interesting)
This is a very serious accusation you're making. Unfortunately, a single accusation by someone on Slashdot will not make a difference, even though it has been mod'ed to +5.
Why not just outline what needs to be done, in a reasonable logical list, as clear and short as possible? Like (IMHO);
Polling Booth: A) System is to be un-networked, for security. Only networked WITHIN the polling location, not to the "internet." B) all polling booths will use minimal hardware (save money for taxpayers, simple to code because of legacy code base, hard to hack because there isn't enough RAM for an exploit to be loaded). C) After minimizing RAM for prevention of exploits, checksum code after each vote is cast to insure security?
Polling Station Logs: A) Polling Booth "checks in" digitally date/time/unit stamped vote into database for polling station. B) Check-in's are done to a single, CHEAP (but reliable) PC running open source database like PostgreSQL. C) Backups are done to removable media frequently (USB drives every half hour?) D) Backups are IMMEDIATELY taken MANALLY to central database to update voting. (Bypassing internet hacks, and "physical hijacks" of data are ruled out because the next delivery will show that there is a substantial error). E) Digital Forensics is used to investigate any accusations of "ballot stuffing" where every backup drive, every polling booth, every poling location PC, and every central database that receives manual updates can be instantly checked both physically, and against each other, as well as by looking at low-level info that was "quickly erased" from all storage media.
Now THAT'S an idea. Just one off the top of my head in 2 minutes. Sure, there are better ideas, but my point is; take 2 minutes to come up with them rather than the typical 10 seconds to poke holes in them and criticize. Why not come up with ideas rather than trash those that exist? Anyway.... Rant Over...
Attending Libertarian Party of CA convention (Score:1, Interesting)
This is definitely coming up tomorrow.
If you're interested in seeing a small-party convention and have the time, it's taking place Sat/Sun/Mon, Feb 15-17 in Ontario, California. (as opposed to that other "Ontario, CA")
http://www.ca.lp.org/conv/2003/
e-Voting (Score:4, Interesting)
The main driver of the project is to increase turnover, especially for young citizen that are supposed to be more prone to vote via these "new" technologies.
Our (swiss) laws already incorporate specific requirements regarding e-Voting, including the ability to audit the process, the security of the whole system and the secrecy of the votes.
Swiss citizens usually have to vote or elect several times a year and the voting process is considered as mature, every step being supervised by committees containing members of different parties/lobbying groups.
The voting registers are held at the local level, and are continuously updated every time a citizen moves in or out of the city, reaches the voting age or dies, and are crosschecked by the higher authority. Voting material and voting cards are automatically sent several weeks in advance to the possible voters, they do not have to register themselves or require anything. So by design, we have no dead people voting or minorities prevented to vote because they did not register themselves due to lack of information.
e-Voting is considered here as a good thing, as it allows to streamline the counting process and should increase (our low) turnover by not requiring voters to physically present themselves to the voting booth (in some states, the majority of voters already use the generalized absentee (snail mail) voting process).
I find it quite surprising that a large majority of the US "geeks" has such a mistrust in the electronic vote in particular, and the ability of their authorities to conduct a fair and lawful election in general. Aren't the USA supposed to be the most democratic country in this world ?
Re:Keep in mind (Score:2, Interesting)
If voting were like crawling over broken glass, only those who really really were interested would do it, and we'd get a better product.
That's one economic argument. Here's another: Concentrated beneficiaries hold a natural advantage over dispersed stakeholders. For example, insurance companies have a specific agenda to pay out as little as possible. Therefore, by putting a few thousand dollars into fancy dinners and presents for your state legislature, they can get a number of different state laws restricting any halfway fun activity passed. Can you imagine how much effort it then takes people dispersed throughout the population to organize against it? Voting should be made easier to offset special interests, not harder to encourage it.
Re:It's closed source, and nearly unauditable (Score:1, Interesting)
Regarding (3), if a paper were printed immediately after voting that the voter himself could stuff into a ballot box (as was done for centuries), secrecy is preserved. By comparison, the voter has no way of knowing if the machine also recorded his fingerprint while he was voting electronically.
Regarding (4), you could have have each party conduct their own count of the votes.
GNU.FREE - Heavy-duty Internet Voting (Score:3, Interesting)
--
Re:Closed-Source? (Score:3, Interesting)
But the only time when it matters to keep the margin of error to a minimum is when the race is that close. If you're going to give all the spoils to the victor, damn straight the margin of error had better be less than the margin of victory. If that means counting every ballot repeatedly until you're absolutely sure every single one has been correctly counted, so your margin of error is less than the five vote margin of victory, then so be it.
"I'm sorry your vote wasn't counted, but it was part of an overall margin of error that's calculated into the system, so it all balances out in the end" is not exactly the embodiment of the democratic spirit...
Re:Electronic Gambling Machines have more oversigh (Score:1, Interesting)
This is a good idea, but it does not go far enough. How would they know that the machine code was compiled from this version of the source code? What they need to do is get an image of the hard drive on the machine that the votes are tallied on. That way, they can examine that if fraud was suspected.
Solution (Score:2, Interesting)
2 - Voter goes to machine and punches in their number that they were given by the volunteer.
3 - Voter votes.
4 - Machine spits out a random number on paper that the voter can then take as their recipt.
5 - All votes are listed in plain text on a public internet server. The votes are arranged by the random number spit out to the voter.
This way there is anonyminity as there is several layers of obsfucation. Even if you controlled the software, the best you could do is associate a vote with a polling location. More importantly, there is checks and ballances: the voter can check the website and see if their random number is there and that it is associated with what they voted, and all the votes add up. If someone's number wasn't there, you'd know something was fishy. If the votes didn't add up or were different than what was reported you'd know something was wrong.