Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security Your Rights Online Technology

E-Voting Done Right - In Australia 485

Posted by simoniker
from the approved-by-kangaroo-jack dept.
tehanu writes "After all the furor over e-voting in America, Wired News has an article about e-voting done right in Australia. An important factor is that all of the software is open-source. The company responsible actually seems to have given consideration to the integrity of the democratic process, too - from the lead engineer: 'Why on earth should (voters) have to trust me -- someone with a vested interest in the project's success? A voter-verified audit trail is the only way to 'prove' the system's integrity to the vast majority of electors, who after all, own the democracy.' They also have scathing words for Diebold: 'The only possible motive I can see for disabling some of the security mechanisms and features in their system is to be able to rig elections. It is, at best, bad programming; at worst, the system has been designed to rig an election.' In general they are 'gob-smacked' by the whole situation with electronic voting machines in the US right now."
This discussion has been archived. No new comments can be posted.

E-Voting Done Right - In Australia

Comments Filter:
  • Open source? (Score:4, Insightful)

    by s20451 (410424) on Monday November 03, 2003 @02:06PM (#7379503) Journal
    Don't kid yourself: open source is nice, but it doesn't guarantee a fault-proof or secure voting system (suppose somebody installs wrong or malicious software on one of the machines?). The only way to do that is to provide voting receipts which can be counted independently, by hand -- and that does not exclude closed-source solutions.
    • by webtre (717698)
      provide voting receipts which can be counted independently, by hand

      *cough* Florida *cough* *cough*

    • Re:Open source? (Score:5, Insightful)

      by KD5YPT (714783) on Monday November 03, 2003 @02:11PM (#7379583) Journal
      Sure it doesn't guarantee a fault-proof or secure voting system, anyone can install wrong or malicious software on machines, even a closed system one. The point here is that we eliminated or reduced the possibility of having holes in the software intended to be in the machine. Hey, it's better to have hundreds and thousands of people to look at it, then to have a handful of stressed out employee with vested interest in the company to examine the code.

      In another note, voting receipts is nice, no question about that.
      • Re:Open source? (Score:5, Insightful)

        by GaelenBurns (716462) <`moc.seigolonhce ... ' `ta' `bneleag'> on Monday November 03, 2003 @02:44PM (#7379957) Homepage Journal
        We all need to send copies of the internal Diebold memos to all of the mainstream news sources and our congressmen. If we just push for this, and educate our officials and the populace, this blight will be removed. All we need to do is, as a community, get off our asses and fight.

        I'm not one for playing the mindless patriotism card, but I really do feel that (for the Americans out there) it is our duty to do something about this.
        • Re:Open source? (Score:3, Insightful)

          by cayenne8 (626475)
          I like their solution, and overall, a well thought out article. The only thing that bothered me was the comment at the very end...where he said others in the world should have a 'say' in who gets voted in as president in the US.

          That is a pretty scary statement in of itself...

        • Correct (Score:4, Insightful)

          by IthnkImParanoid (410494) on Monday November 03, 2003 @04:13PM (#7380948)
          I'm not one for playing the mindless patriotism card, but I really do feel that (for the Americans out there) it is our duty to do something about this.

          Mindless patriots support the government, while real patriots support the people, and challenge the government to do what's right for everyone. The implementation Diebold has come up with is not good for any of us, and is not right.
        • by quinkin (601839) on Monday November 03, 2003 @10:01PM (#7383654)
          I would love to be able to say that America can sort out it's own voting troubles, but that is not a realistic analysis of current world politics.

          In australia (and the rest of the world) we are extremely sensitive to the american political decisions, especially those relating to foreign trade and policy.

          The concept of a closed source system, developed by people who openly pledge to "deliver votes to the president" (you don't need references, it's all over the /. front page), can covertly apply patches and allegedly have back-doors, seems pure insanity to me.

          Just my AU$0.02...

          Q.

      • Re:Open source? (Score:5, Insightful)

        by poot_rootbeer (188613) on Monday November 03, 2003 @04:39PM (#7381230)
        The point here is that we eliminated or reduced the possibility of having holes in the software intended to be in the machine.

        Only if the binary that runs on the machine is compiled from the same copy of the source that you've analyzed just before you cast your vote. Oh, and you'll need to analyze the source code for the compiler that the voting machine's binaries is compiled on, to make sure that hasn't been compromised. And then you'll need to check the source of the program used to view the source code of the other programs...

    • Re:Open source? (Score:4, Insightful)

      by extrarice (212683) on Monday November 03, 2003 @02:13PM (#7379601) Homepage Journal
      [quote]
      Don't kid yourself: open source is nice, but it doesn't guarantee a fault-proof or secure voting system (suppose somebody installs wrong or malicious software on one of the machines?).
      [/quote]

      True, but with an open system, anyone can see what is going on. If the process is completely open, there is a greater likelyhood that any funny-business will be seen and dealt with before it is too late (*ahem* Florida).
    • Re:Open source? (Score:3, Informative)

      by sporty (27564)
      Nope, you are right. It's a wonderful idea.

      But with all the people who have a vested interest in it being done right, it's MORE likely that somethign stupid does NOT slip by. If this type of tech were around years ago, we could have a "why" a miscount would have happened and could have fixed it. If nothing has changed, last years (proverbial tech) is still being used.
    • Re:Open source? (Score:3, Insightful)

      The problem, then, is verifying the integrity of a paper trail. If someone is going to rig an election by tampering with electronic voting machines, they're also more than capable of forging the paper trail. There's also stories from the last presidential election about ballots being lost and destroyed. Even the paper trail is subject to tampering. The only certain way of making a voting process accurate and not subject to fraud is if you do away with the secret ballot. And I don't think that's worth it.
      • The problem, then, is verifying the integrity of a paper trail.

        You verify the paper trail by spot-checking precincts--eg. exit pools showed this precinct with 600 voters voted 52% for candidate Foo, yet the voting system showed only 45% for candidate Foo. Invite all supporters of candidate Foo to bring in their PKI signed paper voting receipts, when you get to 46% receipts for candidate Foo, you know you have a problem.
        • Re:Open source? (Score:3, Insightful)

          by Carbonite (183181)
          Invite all supporters of candidate Foo to bring in their PKI signed paper voting receipts, when you get to 46% receipts for candidate Foo, you know you have a problem.

          This would rarely be a practical way to verify a problem. Take your example with the precinct of 600 people.

          Let's assume the exit polls are 100% accurate and 52% of voters indeed voted for Foo. Let's also assume that 10% voted for various third party candidates and the remaining 38% voted for candidate Bar. These would be the actual vote to
          • Print TWO receipts, place one in a an old-fashioned ballot-box, to be used for spot-checking the electronic voting system. The voter keeps the other receipt. In the event of a manual recount, allow any voter to demand to compare his receipt with that in the contingency ballot-box. Yes, it costs a little more. But not as much as fixed elections will cost.
            • Re:Open source? (Score:3, Insightful)

              by monkeydo (173558)
              In the event of a manual recount, allow any voter to demand to compare his receipt with that in the contingency ballot-box.

              And you've destoyed the idea of the anonymous ballot.
            • Re:Open source? (Score:4, Insightful)

              by cduffy (652) <charles+slashdot@dyfis.net> on Monday November 03, 2003 @03:48PM (#7380674)
              This can only be done if the receipt the voter takes home can't be used to determine who they voted for -- otherwise vote-selling and related fraud is enabled.

              Now, if the receipt the voter takes home contains a *signature* of the data on receipt they dropped in the box (such that it can't be used to determine who they voted for but can be used to determine that their vote hasn't been tampered with), that's a different story.

              Personally, though, I think that's overkill -- putting a chain-signed receipt into a lockbox is Good Enough For Me.

              (chaining digital signatures, fyi, is a way to make it very hard to modify just one -- because the next receipt also happens to contain a signature of the previous one).
            • Re:Open source? (Score:3, Insightful)

              by WuphonsReach (684551)
              The problem with giving a voter a receipt that they can leave with (or show to others) is that you've now enabled corruption.

              If the voter can show someone else proof of how they voted, 2 things can happen:

              - voter gets paid if they can show they voted for a particular line item
              - voter can be threatened to vote for a particular line item or have bad things happen
      • Re:Open source? (Score:5, Insightful)

        by isaac (2852) on Monday November 03, 2003 @02:42PM (#7379940)
        If someone is going to rig an election by tampering with electronic voting machines, they're also more than capable of forging the paper trail.

        I'm sorry, that's not insightful - it's total bollocks. Of course it's possible to tamper with paper ballots, but to do so on a large scale (e.g. large enough to affect statewide or national elections) would inevitably attract attention because one would need to gain access to, and modify or destroy, literally tons of paper.

        Electronic voting systems may be tampered with without any heavy lifting, by few people, and the only access problem is electronic, not physical - do you trust that the home or office PC of the supervisor of elections in your county is secure? Having done computer work for municipal governments in the past, I certainly do not.

        -Isaac

      • Sure you can tamper with the paper trail. However the election judges in my hometown are smart enough to watch for trouble, and have a sense of what might go wrong. You can get around them, but they are far more likely to notice you attemptm since a physical presense is required on the day of the election. I understand computers, and I have no clue how I could be sure someone didn't crack electronic only machines the night before, and hide their tracks. (I have to sleep, and any alarm I put on can by b

      • The only certain way of making a voting process accurate and not subject to fraud is if you do away with the secret ballot.

        I believe that Quinn is correct in saying, 'A voter-verified audit trail is the only way to 'prove' the system's integrity to the vast majority of electors, who after all, own the democracy.' However I don't believe that means we have to do away with the secret ballot.

        I would like to see a system where what prints out after you vote is a GUID, globally unique identification number.

    • Re:Open source? (Score:5, Insightful)

      by molarmass192 (608071) on Monday November 03, 2003 @02:16PM (#7379639) Homepage Journal
      I agree with you but I'm curious, why would a public voting system be based on closed-source software? Is it to obscure the code to prevent fraud? We know for a fact that security through obscurity doesn't work. Is it to protect the copyright of the software author? No, that's what copyright law is for. So, that leaves only as a means to hide the underlying process. Not exactly something desirable for public elections. I believe there's a place for closed source solutions and a place for open source solutions. A building security system is a place for closed source solutions since few have a vested interest in the underlying mechanisms. On the other hand, a voting both is a place for open source solutions since we all have a vested interest in the underlying mechansim.
    • Re:Open source? (Score:3, Insightful)

      by Pakaran2 (138209)
      I think the easiest way to do this would be something as simple as a long band of thermal print paper (like a cash register, only behind a transparent window). The voter sees his vote on a screen, and confirms it, and watches it be printed on the paper.

      If you alternate through 3 spools of paper at random, or skip back and forth on the paper, there's no way to connect a voter with a vote after the fact. However, it IS impossible for software (closed source, open source, or polkadotted source) to change th
  • Isn't that what the US has been using for years anyway?
    • IIRC, "Australian Voting" refers to a secret ballot type of voting procedure. I don't think it accurately describes the actual voting procedure that is currently used in Australia.
    • by skwang (174902) on Monday November 03, 2003 @02:24PM (#7379737)

      The Austrailian ballot is where candidates (for all elections) are listed entirely on one ballot and you get to choose which candidate you want regardless of party.

      It may bewilder some people that before the 1920's when you went to vote, a member of the Republican or Democratic party stood outside your polling in place and handed you a "Republican" or "Democratic" ballot. Said ballot would have only the party nominations for President, Senator, House Representatives, State Governor, State Senator, etc. As a result you "voted the party line."

      The Austrailian ballot was introduced between the 1920s and 1940s in the US (different municipalities adopted it at different times). It changed US politics because now people could vote for a Democratic President but a Republican Senator. One major result is that since WWII there have been very few times when the party of the president coincided with the majority party of Congress. In fact the Bush administration which has had a Republican Congress for most of the three years it has been in office is an exception not a norm.

  • by KD5YPT (714783) on Monday November 03, 2003 @02:08PM (#7379537) Journal
    Now that's what I call engineering ethics, letting people know the truth about what you're doing. Fine, maybe a computer should at least keep the software code to themselves (patent it so no one else could use it, I do believe in some intellectual property rights), but Diebold should have at least let us see the code so we can tell them how holey it is.
  • by Anonymous Coward on Monday November 03, 2003 @02:09PM (#7379546)
    Aussies Do It Right: E-Voting By Kim Zetter
    Story location: http://www.wired.com/news/ebiz/0,1272,61045,00.htm l

    02:00 AM Nov. 03, 2003 PT

    While critics in the United States grow more concerned each day about the insecurity of electronic voting machines, Australians designed a system two years ago that addressed and eased most of those concerns: They chose to make the software running their system completely open to public scrutiny.

    Although a private Australian company designed the system, it was based on specifications set by independent election officials, who posted the code on the Internet for all to see and evaluate. What's more, it was accomplished from concept to product in six months. It went through a trial run in a state election in 2001.

    Critics say the development process is a model for how electronic voting machines should be made in the United States.

    Called eVACS, or Electronic Voting and Counting System, the system was created by a company called Software Improvements to run on Linux, an open-source operating system available on the Internet.

    Election officials in the Australian Capital Territory, one of eight states and territories in the country, turned to electronic voting for the same reason the United States did -- a close election in 1998 exposed errors in the state's hand-counting system. Two candidates were separated by only three or four votes, said Phillip Green, electoral commissioner for the territory. After recounting, officials discovered that out of 80,000 ballots, they had made about 100 mistakes. They decided to investigate other voting methods.

    In 1999, the Australian Capital Territory Electoral Commission put out a public call for e-vote proposals to see if an electronic option was viable. Over 15 proposals came in, but only one offered an open-source solution. Two companies proposed the plan in partnership after extensive consultation with academics at Australian National University. But one of the companies later dropped out of the project, leaving Software Improvements to build the system.

    Green said that going the open-source route was an obvious choice.

    "We'd been watching what had happened in America (in 2000), and we were wary of using propriety software that no one was allowed to see," he said. "We were very keen for the whole process to be transparent so that everyone -- particularly the political parties and the candidates, but also the world at large -- could be satisfied that the software was actually doing what it was meant to be doing."

    It took another year for changes in Australian law to allow electronic voting to go forward. Then in April 2001, Software Improvements contracted to build the system for the state's October election.

    Software Improvement's Matt Quinn, the lead engineer on the product, said the commission called all the shots.

    "They, as the customer, dictated requirements including security and functionality, (and they) were involved at every step of the development process, from requirements to testing," Quinn said. "They proofed every document we produced."

    The commission posted drafts as well as the finished software code on the Internet for the public to review.

    The reaction was very positive.

    "The fact that the source code had been published really deflected criticism," Quinn said.

    A few people wrote in to report bugs, including an academic at the Australian National University who found the most serious problem.

    "It wasn't a functional or a security issue but was a mistake nonetheless, and one that we were glad to have flagged for us," said Quinn.

    In addition to the public review, the commission hired an independent verification and validation company to audit the code, "specifically to prevent us, as a developer, from having any election-subverting code in there," Quinn said.

    "We were concerned that it wouldn't be secure enough," said Green, the electoral commissioner. The audit
  • by jaymz666 (34050) on Monday November 03, 2003 @02:12PM (#7379584)
    Isn't the voting system run by the state? Shouldn't the source code be available by the Freedom of Information Act or something?
    • Isn't the voting system run by the state? Shouldn't the source code be available by the Freedom of Information Act or something?

      FOIA is a federal act, and while most states have equivalent acts, FOIA requests can not be made to a state. For example, New Jersey's equivalent law is called the Open Public Records Act. With FOIA, and with OPRA, requests can be made to any executive branch agency. The Division of Elections would fall under this in New Jersey. I cannot speculate as to whether or not they would
      • I cannot speculate as to whether or not they would agree to the request without court action.

        I can. The FOIA, OPRA, or any other open records act is non-applicable. The source code is not produced by the government and is not a "record" of any form that would be applicable under the various laws. The voting machines and software are being produced by independant contractors -- not by a government agency. You could request the records related to the bidding process (although all but the winning bid may be
  • by Eraserhd (21298) on Monday November 03, 2003 @02:12PM (#7379585) Homepage
    This petition is the only way to guaruntee that your vote will be counted--it mandates that machine give the voter a human-readable receipt which the voter drops into a lock box in case. In the case of a recount, the paper receipts are counted. It also mandates a manual recount in .5% of districts to verify the accuracy of the machines. The petititions are linked to at the bottom of the VerifiedVoting [verifiedvoting.org] site.
    • But how do we know VerifiedVoting.org is counting signatures properly? I want a paper receipt! ;)
    • You do realize that signing online petitions does absolutely nothing, right? I could sign that thing 500 times if I wanted to. They're not very accurate and nobody takes them seriously.

      A better thing to do would be to actually write or call the people who will be voting on this issue, and tell them to support it. Although you're still not likely to make too much of a difference, doing this actually has SOMEWHAT of a chance of influencing things.
    • The manual recount is only of any use if the .5% of districts are chosen randomly after polls close.

      Otherwise the vote-changers will leave the known test districts alone and only change votes in those districts not
      being re-counted.

      When I was in California, the voter's pamphlet had a grid on the first page with all the punch locations (a grid of numbers) I marked that while examining the issues and voted acording to that in the booth. There is a take home record for anyone who wants it.
      • When I was in California, the voter's pamphlet had a grid on the first page with all the punch locations (a grid of numbers) I marked that while examining the issues and voted acording to that in the booth. There is a take home record for anyone who wants it.

        This is traditionally called the sample ballot. It will look different in every district, depending on your voting equipment. In my district, the sample ballot is the same exact sheet you see in the (electronic) voting machine, and is the same sheet u
  • My goodness! (Score:5, Insightful)

    by cK-Gunslinger (443452) on Monday November 03, 2003 @02:13PM (#7379594) Journal
    "If a voting system precludes any notion of a meaningful recount, is cloaked in secrecy and controlled by individuals with conflicts of interest, why would anyone buy it?," Quinn said. "At the very least give citizens the right to choose whether they want to use paper ballots ... thus allowing each elector to be personally satisfied as to the integrity of the process in which they are participating."

    That just makes... sense.
    • by cdrudge (68377) on Monday November 03, 2003 @02:51PM (#7380009) Homepage
      Except you will have some voters who will think that:
      - they could vote twice, once with each method
      - that one was just a practice vote and the other was one that counted
      - are confused that there are two voting methods and don't know what to do, so don't vote at all
      - paper discriminates against tree huggers and caters to the logging community
      - electronic voting discriminates against technology luddites and caters to the techno-savvy

  • by Fritz Benwalla (539483) <randomregs@gmail ... inus threevowels> on Monday November 03, 2003 @02:14PM (#7379609)

    The company responsible (namely Software Improvements) is clearly pushing to pick up a contract for machine development in the U.S., and saying All The Right Things (tm) to get it.

    Don't blame them really, Diebold left themselves wide open - should be easy pickins.

    ---

    • by Lord Grey (463613) *

      ... and saying All The Right Things (tm) ...

      I second that observation, wholeheartedly. It's incredibly refreshing to hear a vendor speak in plain, honest sentences when describing their work and/or their product. It's saying, in effect, "Look at our work and judge for yourself." No hand-waving, no market-speak, no smoke and mirrors.

      Amazing.

      I also like the idea of bringing these guys into the US market, ASAP. Let them compete with the likes of Diebold. If the majority of the people evaluating the vo

    • by quacking duck (607555) on Monday November 03, 2003 @03:02PM (#7380141)
      Aside from the double-meaning of my title (e.g. SI = metric system, something the US is also adverse to adopting), I see a couple obstacles facing the Aussie company if they want to break into the US market.

      1) Imagine the outcry from Americans when they learn they're contracting a foreign company to handle their voting system. Oddly enough they won't have cared that Diebold's being all secretive and evasive about their own flaws while SI is open and honest and better suited to uphold the fair democratic system the US claims to cherish. To them I'd say ditch the NIH (not invented here) syndrome--if it works better than what you have, either make a competing product that's truly better or shut up about it.

      2) Diebold will use MS' tactics, calling SI's system "un-American". Again, double meaning, but this time I mean because it's open source.

      3) Watch Diebold play points 1 and 2 to the hilt, calling on its political ties to ensure SI never gets a foothold in the US. In so doing they pull a two-fer, by simultaneously kicking out a leg from under the democratic underpinnings of the US, as well as another leg from the "capitalist" system the US also claims to be, e.g. where companies compete based on the merits of the product and marketing, without political interference.

      Incidentally, the Australian system requires you by law to vote. Maybe that's something the US ought to consider importing too. Argue if you want about being free to NOT vote, but voting is a duty, not just a right, and you should be compelled to do it. Just like you are to report to training if you get drafted, or filing a tax return--you're not free to refuse either of those without legal consequences, right?

      What's sad about my writing this is that I have no influence in US politics, being a Canadian, but I seem to have more interest in your politics than the majority of voting Americans, who don't even bother to go to the polls.
  • by ajm (9538) on Monday November 03, 2003 @02:15PM (#7379627)
    so his comments don't apply here. An electronic system in the US that statisfies the owners of the democracy in the US needs to staisfy the Republican party and its big money supporters. The Diebold system is perfect for this and hence is the choice in the US. Why bother how people vote when you can control how the votes are counted? So long as the difference between the opinion polls and exit polls and the official "results" aren't too large you can get away with stealing elections for as long as you want.
    • by ianscot (591483) on Monday November 03, 2003 @02:32PM (#7379825)
      You'll get modded as a troll for that, maybe, but it's a shade of one step from the truth. Diebold's CEO being a big Republican donor who's sworn to "deliver" Ohio's electoral votes for Bush next year, that isn't the message I'm reading in the Mpls. Star Tribune. Here it reads like "Techies are concerned about sloppiness in voting systems" instead. That's just the first step in this story.

      Election Systems and Software, the other major electronic voting company, is also, coincidentally, run by a big Repub' contributor. Senator Chuck Hagel of Nebraska has a stake in that company. Can you imagine that? A sitting senator with financial interests in a company responsible for counting votes? Unbelievable.

      Sort of makes me think about how incredibly brazen Halliburton's role is in Iraq now. These people don't even attempt to maintain the illusion of impartiality. So, see, you're right -- this Australian company's ideas about the proper way to ensure confidence, they just don't apply. As long as our Repubs can fly under the radar, they don't care whether it's right or not.

      • Yep, it's a sad day when stuff that would on other topics pass for trolling is close to the truth when talking about the democratic system. The thing is that there doesn't seem to be any outrage about this sort of stuff.
    • So long as the difference between the opinion polls and exit polls and the official "results" aren't too large

      Why should there be any differences?
      Who checks what happens with "poll votes" underway?
      Who funds the polls?
      Who is the management of companies that conduct the polls?

      We have elections instead of polls only because polls are considered highly unreliable comparing to elections. And their reliability is not only affected by statistical errors, but by many other "behind the scenes" factors too.

      So -
  • We have an incredibly secure infrastructure already in place that could easily handle e-voting. We can already buy stamps from ATM machines... I find it hard to believe that someone could write an app to be deployed on all the systems to handle an election. And as far as the constiuents that don't have an exsiting ATM card, I'm going to guess that its going to be a lot easier and cheaper to just issue them ATM-voter cards then to create/install e-voting needs for those without computers.
  • real democracy (Score:2, Insightful)

    by happyfrogcow (708359)
    a robust, fully secure, fully anonymous, standardized (across states, counties, whateveer your contry might have) would be a great step towards a true democracy instead of a, oh damnit my mind went blank and lost the word... a democracy that uses such machinations as an electoral college, as the U.S. uses. I would assume that the electoral college is in place simply because it would have been too hard to count millions of votes by hand. computers can count and sort easily. get rid of the middleman who may o
    • Re:real democracy (Score:5, Insightful)

      by stratjakt (596332) on Monday November 03, 2003 @02:37PM (#7379884) Journal
      Think of the implications of a true democracy.

      Think of the masses voting on each and every topic.

      How much does your average citizen know about foreign policy? Health care? Criminal and civil law?

      A true democracy would be the worst form of government I could think of, unless you happen to have the exact same opinions as >50% of the population, you're fucked.

      Realize that around 70% of Americans are christian. Now, lets vote on whether or not to allow that mosque or synagogue (sp) to open its doors on the corner, or whether gays should be allowed to parade, etc..
  • by bludger (701607) on Monday November 03, 2003 @02:27PM (#7379774)
    Foreign readers might also be interested in checking out the Australian preferential voting system. This is, in my opinion, a much fairer system than the "first past the post" system of the UK or US. In the preferential system, votes for minority candidates are never wasted as the vote cannot be split. This would be especially valid for a presidential system as in the US. For more details, check out: http://www.australianpolitics.com/voting/systems/p referential.shtml
    • by SlipJig (184130) on Monday November 03, 2003 @02:59PM (#7380104) Homepage
      Also known as Instant Runoff Voting (IRV). This method has serious problems [electionmethods.org] when examined according to technical fairness criteria.

      The issue is that IRV works OK until a third party becomes viable - then, all bets are off. The article mentioned above quotes the following as an advantage:

      It promotes a strong two-party system, ensuring stability in the parliamentary process.

      Is this an advantage? I think not. The more common system, plurality or "first-past-the-post", which to be fair is even worse than IRV, does the same thing by artificially encouraging people to vote for front-runners. I would argue that any such artificial bias towards any party is a bad thing, and that the vote should reflect the true preferences of the voters as accurately as possible. IRV is an illusory fad in this regard.

      Approval Voting and the Condorcet Method are much better. Condorcet is technically the best available method, but approval is (for the US anyway) also a good choice because it offers good technical compliance and ease of practical implementation.
      • Actually, I think you will find it is not the preferential voting system which promotes the two party system. Rather it is the system of having electroral districts. A party can poll 20% of the vote across the nation, and the likely outcome is no seat in parliament, since they don't get a majority in any one seat.

        The preferential system is also used in the Australian senate, where there are no boundaries within states. Here we see minority parties (Greens, Democrats, independents) getting seats and so

  • isn't it like saying the techniques to print money should be open source and available to the public because we want to know if our money is printed right? Whether it is open source or not is irrelevant. Obviously the government should have access to the source from the vendor (just like the government owns the designs to all the military aircraft it gives boeing or lockheed to build). Good software is software engineered properly. Whether it is open or not is irrelevant
  • by dl248 (67452) on Monday November 03, 2003 @02:34PM (#7379842) Homepage
    In most elections that I have witnessed in Canada, either municipal, provincial, or federal, there is ALWAYS a paper trail. I mark my ballot with a big fat X in the appropriate spot on a voting card.

    Then the magic begins: the cards are each fed, as collected, into a vote counting machine. The ballots are held in the case a recount (automated or manual), and the results are known just as soon as it takes to communicate the results from each of the machines at each polling station.

    We usually have the final, _official_ results within an hour or two of the poll closing time, and you can always go back to the paper ballot to verify the count. And who the heck has a hard time with a piece of paper and a pencil?

    No hanging or dimpled chads here, and this to me seems the best of both worlds - technology aiding the speed of vote-counting (isn't that what this is all about, anyway?), but with the safeguards (and transparency) of a manual voting system.
    • Its true. We had a federal election here pretty close to when that whole Florida thing was going on down in the US. The whole thing went smooth as silk. Paper and pencil voting and stuffing the vote into a normal cardboard box. Pretty much anyone can send an observer down and everything is over in a matter of hours.

      Adding complexity to a complex system rarely if ever creates reliability. I'm pretty sure that the voting system here will stay the way it is until someone can unambiguously show that their
  • Open Source (Score:4, Insightful)

    by Anonymous Coward on Monday November 03, 2003 @02:34PM (#7379851)
    Nobody says open source is better because it's open source. It has to be open source because is MUST be open source by principle.

    Get that in your damn head. Every citizen (who cares) should have the right to get a deep insight into how his vote is eletronically processed. If you're not allowed to know how your vote is processed you have no democrazy.

  • Trouble is ... (Score:4, Insightful)

    by Rudisaurus (675580) on Monday November 03, 2003 @02:40PM (#7379914)
    ... the fact that you can read "the" source code doesn't guarantee that's the version of the software -- or even the software itself -- actually being run on the machine. Is there some audit procedure for the compile/link/install process?
    • Re:Trouble is ... (Score:3, Informative)

      by infolib (618234)
      Is there some audit procedure for the compile/link/install process?

      From the very informative ACT FAQ [act.gov.au]

      audit trails and security systems will be in place to verify that the software used in production is identical to the tested and audited software, and to verify that the data actually counted is the data cast by voters in polling places.

      It doesn't say exactly what procedures will be in place, but AFAICT they've done everything The Right Way(TM) until now, so I suppose they'll handle this as well.

  • "A quote from the lead engineer: Why on earth should (voters) have to trust me ...

    Come to think of it, in the Diebold hoohah, I have never seen any quotes from any of the Diebold people who actually worked on the system. I'd expect to see some -- if no more than expressions of hurt feelings because people don't trust them.

    Hmm. Want to bet it's because the programmers are overseas? My bet is on Russia ...
    • Re:Lead Engineer (Score:3, Informative)

      by frankie (91710)
      never seen any quotes from any of the Diebold people

      Diebold is a US company with strong (and right-wing) management. They don't allow their lower echelons to speak to the press; all contact is handled by Public Relations. See for yourself [yahoo.com].

      BTW, Diebold's "programmers" are in Ohio. I use quote marks because they're mainly MCSEs who write front-ends for MS Access running on XP Tablet.
  • by barawn (25691) on Monday November 03, 2003 @03:11PM (#7380219) Homepage
    I don't know if the problem is really that the software needs to be open source, or simply the fact that there is software at all.

    I mean, think about it. What do you really want the system to do?

    State: Waiting for User
    State: Present User with Options
    State: Ask User to Confirm
    State: Record User Choice

    Four states. That's all you've got. Four states. Why, precisely, are they using cheap hardware for something that a pair of dual flip-flops could handle?

    Honestly - think about this. The only reason there are "security concerns" at all is because they were too cheap to design a dedicated system, no software, just pure logic, that can be run on a logic checking system looking for races, possible vulnerabilities, etc.

    Paper trail? Well, paper's not exactly THAT good (it does burn, and as Florida proved, it's not always verifiably correct). What about a write-once, read-many device? Like, I don't know, a CD-R, with packet-based writing?

    Embedded systems are becoming so much more popular over discretes because hardware is cheap, and bad software is cheaper. But in a case like this, I don't understand it. An idiot could design dedicated hardware voting terminals, which don't even have the possibility of tampering. It's just incompetence.

    (P.S.: Sounds like a decent business plan, doesn't it? "Tamper-proof Voting Terminals" - "No more software crashes, no more unreliable messes - works the same way, every time, guaranteed.")

    Yes, I know things are a bit more complicated than I'm pointing out here. But it is still correct: E-Voting doesn't HAVE to be fundamentally flawed. It just is when they use cheap hardware. C'mon. Haven't they seen the i-Opener BBSes? Hardware based on the "limit possibilities by creative software" is screaming to be hacked.
  • by cruachan (113813) on Monday November 03, 2003 @03:40PM (#7380549)
    Could someone explain to me why you can't just write an X on a bit of paper with a pencil, put it in a sealed box, and count up the totals at the end like we do here in the UK?

    I just don't see why you need to use any more technology. What is the point?
  • by Maclir (33773) on Monday November 03, 2003 @04:15PM (#7380967) Journal
    Australians invented the secret ballot - which was referred to originally as "the australian ballot". Australian electoral processes have complete preferential voting - or automatic runoff. Upper house ballots are generally on a multi-member electorate - for the Australian Senate, 12 senators are elected from each state at large, this way you get more than just the two major parties, and they generally hold the balance of power.

  • by KojakBang (721296) on Monday November 03, 2003 @04:18PM (#7380999)
    The important thing in democracy is not the voting, it's the counting.

    Any technology introduced to improve the act of voting cannot make the act of counting less transparent or democracy suffers.

    It is apparent that Diebold's systems (not to mention Diebold's paranoia for secrecy) render the act of counting less accountable and less transparent. Ergo, democracy suffers.

    If used in a close election - where exit polling and other secondary measurements are unable to confirm the results of the counting - the wrong person might actually get elected President of the United States of America.

    With no sense of responsibility to the coutry at large, this illegitimate President might launch a series of Napoleonic wars to to compensate for his own feelings of inadequacy.

    I digress into fantasy... the little blue ones I washed down with all those adult beverages must be kicking in.

  • by gerardrj (207690) * on Monday November 03, 2003 @04:28PM (#7381105) Journal
    The problems with all of these "touch screen" systems, wether based on open of closed source, is that there is no way to guarantee that what the voter chooses is what is voted electronically and that the same vote is recoded electronically and on the paper trail.

    The basis of the voting system (IMO) need to be the voter making a direct mark on some tangible and independently verifiable object. Touch screen systems fail at this, the voter touches the screen which electronically stores the vote. There is no way to verify that the vote recorded is that which was cast. It would be quite possible for a hacker to cause the machine to register one vote electronically and one vote manually.

    Such a touch-screen and paper trail system seem to demand an automatic "re-count", you count the automatic system tally, then you must also count the paper trail receipts. What's going to happen when the two are not the same to within 1%? Will the electronic tally be deemed faulty, or will the paper handling system be deemed faulty?

    With the single point voting systems this is not an issue. The "punch card" and "fill in the box" ballots both achieve the direct manipulation and independently verifiable tests. There have been some problems with them, but this should be taken care of with voter education, and voters actually caring about the process before the elections. You can't solve human stupidity with technology, you can only hide the symptoms.

    I live in Mesa, Arizona where we use the "blacken this area" type ballot. It's easy to understand and easy to do. There's no easy way to alter my ballot without it being obvious it was tampered with. The ballot leaves my hand directly in to the electronic voting thingie. If ever there were a recount, the paper ballot if authoritative since that is what I voted.
    Of course, we have our own problems here: the main one is that they don't check I.Ds at the votinc center. All you need to tell them is your name and your address. So all you need to vote multiple times is a phone book and a way to get to several voting centers.

  • /. Heresy (Score:4, Interesting)

    by jmichaelg (148257) on Monday November 03, 2003 @06:07PM (#7382080) Journal
    This isn't a troll but some of you may think I'm being intentionally inflamatory. All I can tell you is I think what I'm about to write is true.

    I think using computers to count vote is a mis-application of technology. My reasons are:

    1. Security. None of the operating systems and hardware in use are designed from the ground up to be secure. The reason is that security and ease-of-use are at loggerheads - get more of one you lose some of the other. One of the key features of every OS I've worked on is the ability to install a daemon somewhere in the message queue so you can remap devices to other purposes. For example, keyboard drivers are easily changed to morph a 'p' into a long sequence of instructions. No matter how well you try to detect a daemon/hook/wedge or whatever you want to call it, if the developer is intent on inserting his code and there are provisions for mapping into user space (I've yet to run on an OS that that couldn't be done) the code can be inserted. That means that open source, closed source, audited source, tested source are all susceptible to modification by a malacious bit of code. It just requires access. Touch screen/punch card/optical scan - it doesn't matter - if you're relying on a computer to do the tally and you can't guarantee that no one has inserted a daemon, you don't have a secure vote.

    2. Little gained. A lot of "improvements" to what's out there right now discuss the idea of a voter-inspectable audit trail. Voter uses a computer to vote and the computer produces a paper ballot that the user can inspect to make sure the computer isn't cheating. There are two things wrong here. First if a computer is going to tally the paper ballot, you're back to point 1. You've just moved the location of the fraud. If the computer is going to tally and the paper is just a backup, then in most cases, a fraud will go undetected. If the fraud is small enough to be within the bounds of statistical uncertainty but large enough to sway the vote, you're not going to catch it unless you hand count the entire population of ballots. Secondly, you're in essence using a machine to mark a piece of paper which a human can just as easily do - you haven't gained anything by introducing the voting machine into the mix.
    I think the Canadians who just use a paper and pencil and cross-checked human counters to tally the vote have it right. The whole system is very simple. You mark your ballot, put it in a box. When the poll closes, at least 3 pairs of eyes look at it, one person is the election official, the other two are from opposing parties. When all 3 agree what the vote is, it's tallied as such. They can cross check tallies as they go so you're not running into a transcription problem down the road. The precinct reports its tallies to a higher level up the tree and the results are published so that the three (or more) counters can check the tally was accurately registered at the next level. Anyone who wants to can check the process from start to finish. Open, transparent, accurate and simple. Contrast that to encrypted keys, password maintenance, static discharge induced miscounts, lack of audit trails and the rest of the mess that characterizes the spectrum of American voting techniques and you have to ask - why the hell do we bother using machines to do this when we can do a better job by hand?

    There are lots of times that tech is part of a solution. Then there are times, like vote counting, where it is part of the problem. It may be retro and old fashioned but I think it's time we just used paper and pen again. It worked all the way up to the sixties and the country managed then. If our parents and grandparents could manage it, shouldn't we be able to hand count as well?

Are you having fun yet?

Working...