Observer Pans Touchscreen Voting Test 278
riversidevoter continues: "WinEDS, the program that is used to count votes, was only tested in a pre-election mode. The software was not tested in the configuration that it would be in on election day.
In addition to that, people signed a form that said that they had verified the results of the test before the test had finished running. Mischelle Townsend, the Riverside County Registrar of Voters, told Salon that the form that people signed was just an attendance form. But the form clearly states 'We the undersigned declare that we observed the process of
logic and accuracy testing of voting equipment performed by the Riverside County
Registrar of Voters, as required by law and that all tests performed resulted in accurate
voting of all units tested, including both touchscreen and absentee systems.'
You can see a copy of the Salon article here. You can see a copy of the form that people signed here.
I also believe that the observation group that witnessed the test was given a misleading description of Sequoia's system. For example, the fact that the votes are transferred from the DRE to a SQL Server database to be counted was never fully disclosed to all the members of the group.
Also, the sheer number of times that the phrase 'proprietary operating system' was used, among other things, helped to create the impression that Sequoia's system is not as reliant on Microsoft Windows as it really is.
I have created a website about this issue; please take a look at it.
On the website you can find my report on what happened that day (which outlines several problems I haven't mentioned in this posting) as well as some supporting documents. There is a letter and a note from Mischelle Townsend in which she mentions mailing the results to people or having the test results be picked up 'afterwards'...."
Accuracy could be easily assured... (Score:5, Interesting)
A copy of this bar code is printed at the same time inside the system.
If there was an audit, randomly call people to determine their key. Although you could decrypt it, it's better than just leaving the votes lying around. Then, verify the accuracy.
Since I have a printed record at the time of the voting, I can use it to verify my votes. The local voting office could decrypt it, and then I can verify my votes.
Thoughts on this approach are very much welcome.
The next revolution = voting. (Score:4, Interesting)
This line: In addition to that, people signed a form that said that they had verified the results of the test before the test had finished running.
Scares the hell out of me.
Agreed (Score:2, Interesting)
Now, you can debate about whether it's better to use a pull-lever stamping system to write out the ballots, or just marking an X with a plain old pen. The advantage of some kind of a pull-lever system (or press button system) is that you won't get ballots which are unclear (just a printout) and you can have an internal counter on the machine to give you a reasonable idea if your hand-count is correct.
Fundamentally, though, all good systems I've seen are very close to the pen and paper hand counting.
A method for electronic voting accountability (Score:5, Interesting)
Here's an idea to make the process accountable, without requiring a mound of paper at the voting site.
Later on, a text file is made publically accessible with a row for every vote. Each row would have only the hash and the person they voted for. The algorithm for computing the hash would also be published.
Anyone who is interested in confirming that their vote was properly recorded can look up their hash in the text file to make sure it lists the person they voted for.
Anyone who has a spreadsheet can do a recount.
Any third party with a bit of cryptography knowledge can write a web app for people to confirm that their hash was computed properly.
This method has the advantage of remaining completely anonymous and completely accountable.
Any thoughts?
I release this idea into the public domain.
Re:Oh man... (Score:1, Interesting)
When you sit down and begin enumerating all of the potential problems with electronic voting, ones that are inherent and systemic and cannot be overcome no matter how much testing or oversight you have, it's clear that this is not a viable application of computer technology.
And this is under the best of circumstances. When you look at in the light of how it is being implemented in reality it is horrific. The level of opaqueness involved where people are getting sued for defamation and hacking for bringing legitimate problems to light, where statistical analyses suggest that serious abuses have already taken place in a number of counties, and where the cost that we are paying as taxpayers for this violation will only mount as the years go by.
The inability to distinguish when and where specific technologies are well applied makes you the opposite of a Luddite, and just as wrong as a Luddite would be.
Re:Accuracy could be easily assured... (Score:5, Interesting)
I am opposed to this. Audits shouldn't involve contacting the general populace. ATMs have internal printers for similar reasons; as a permanent physical audit trail in case of power failure or such.
Since I have a printed record at the time of the voting, I can use it to verify my votes. The local voting office could decrypt it, and then I can verify my votes.
I oppose this as well for privacy reasons. There is one basic privacy tenant in ballot voting that would need to be upheld by any electronic voting system: plausible deniability.
For example, if I'm being coerced or paid by someone to vote a particular way, I need to be able to tell that person that I voted the way he/she wanted even if I didn't. There CAN NOT be a way to track down who I voted for at a later time. That's not what the paper trail is for. Once a person has the ability to decisively prove to someone else which candidate they voted for, then votes can be forced or sold.
Here is what I would suggest:
A citizen enters the voting center, is authenticated as a registered voter by the volunteer staff, and given a vote card.
The citizen enters a voting booth (behind a privacy screen) and activates the selection kiosk using their vote card.
Once their candidates and referendums have been chosen, the machine prints out a 2D barcode on the vote card and returns it to them.
The citizen exits the voting booth with his completed vote card.
The citizen has the option to verify his barcode using a separate verification kiosk which deciphers and displays the barcode (behind a privacy screen, of course). Once satisfied, the citizen leaves the verification kiosk.
While a staff member watches, the voter deposits his vote card into the official ballot kiosk's card reader.
This kiosk reads the barcode, electronically sends the vote to the regional counting center, and keeps the vote card for future audits.
This method is very similar to conventional voting methods. As far as electronic voting goes, it has several advantages. The selection and verification kiosks are not online, so would be less vulnerable to hacking. The ballot box is the only networked machine, but is under close surveillance by the staff for physical access. In case it is compromised via the network, there is a stack of 2D barcodes underneath or inside it that can be used to audit the results. As the article mentions, audits SHOULD be performed periodically, even on results that aren't suspicious, just to verify that the count is accurate and no tampering has occurred.
The vote cards can be cheap paper mag-stripe cards with signed serial numbers that are overwritten when the barcode is printed. This gives the selection kiosk the ability to reject previously used, non-activated (unsigned), or duplicated cards. If there are no privacy issues (I'd have to think about this more), the card's serial number could become part of the 2D barcode as well. The card reader/writer and printer are all OTC products, which would help keep costs down. The selection and verification kiosks could use commodity PCs with no I/O except a touchscreen and the card unit. In fact, the verification kiosk doesn't need any input other than an eject button.
While such a system would fix usability issues and paper audit trails, it doesn't touch on the issue of voter registration fraud and such. That's a whole 'nother ball of wax.
I voted on one of these machines (Score:2, Interesting)
Re:Unfortunate. (Score:5, Interesting)
You might want to check the next story's article [why-war.com]:
Wooo Whoo e-Voting. NOT! (Score:4, Interesting)
Yes, a secure voting machine that depends on the motor voter registration system so all the non-resident and undocumented aliens can vote along with all the dead people. You'd most likely jump up and down with glee if they web enabled the registration and voting systems because Secure e-Voting (TM) has to be better. Right?
From what you say you seem to think someone stands in line and votes the graveyard. The Chicago method is to get control of the voter registration rolls for a district and 'add' the graveyard. Then the 'impartial' volunteer election judge checks off the extra names and stuffs the ballot box after the polls close.
Any voting system without a 100% human readable audit trail that is accessible to the voter at the time they place the vote and without a 100% reliable method of matching a ballot to the registration list is vulnerable. What plagues the voting system in the US is we are too cheap to devote the required resources to the system. The UK and many European countries have next day election results using paper hand counted ballots. They however don't try to have only 17 polling places in a city of five hundred thousand, as is the case in so many US cities.