E-Voting Done Right - In Australia 485
tehanu writes "After all the furor over e-voting in America, Wired News has an article about e-voting done right in Australia. An important factor is that all of the software is open-source. The company responsible actually seems to have given consideration to the integrity of the democratic process, too - from the lead engineer: 'Why on earth should (voters) have to trust me -- someone with a vested interest in the project's success? A voter-verified audit trail is the only way to 'prove' the system's integrity to the vast majority of electors, who after all, own the democracy.' They also have scathing words for Diebold: 'The only possible motive I can see for disabling some of the security mechanisms and features in their system is to be able to rig elections. It is, at best, bad programming; at worst, the system has been designed to rig an election.' In general they are 'gob-smacked' by the whole situation with electronic voting machines in the US right now."
Open source? (Score:4, Insightful)
e-voting is not secure (Score:1, Insightful)
Enginnering ethics... (Score:3, Insightful)
Re:Open source? (Score:5, Insightful)
In another note, voting receipts is nice, no question about that.
I'm not sure why the Diebold source isn't availabl (Score:3, Insightful)
My goodness! (Score:5, Insightful)
That just makes... sense.
Re:Open source? (Score:4, Insightful)
Don't kid yourself: open source is nice, but it doesn't guarantee a fault-proof or secure voting system (suppose somebody installs wrong or malicious software on one of the machines?).
[/quote]
True, but with an open system, anyone can see what is going on. If the process is completely open, there is a greater likelyhood that any funny-business will be seen and dealt with before it is too late (*ahem* Florida).
In other words. . . (Score:4, Insightful)
The company responsible (namely Software Improvements) is clearly pushing to pick up a contract for machine development in the U.S., and saying All The Right Things (tm) to get it.
Don't blame them really, Diebold left themselves wide open - should be easy pickins.
---
In the US the voters no longer own the democracy.. (Score:3, Insightful)
Re:Open source? (Score:3, Insightful)
Re:Open source? (Score:5, Insightful)
Simple solution for e-voting (Score:2, Insightful)
real democracy (Score:2, Insightful)
open source doesn't make right (Score:2, Insightful)
Re:e-voting is not secure (Score:2, Insightful)
It's so true it's not even a troll (Score:5, Insightful)
Election Systems and Software, the other major electronic voting company, is also, coincidentally, run by a big Repub' contributor. Senator Chuck Hagel of Nebraska has a stake in that company. Can you imagine that? A sitting senator with financial interests in a company responsible for counting votes? Unbelievable.
Sort of makes me think about how incredibly brazen Halliburton's role is in Iraq now. These people don't even attempt to maintain the illusion of impartiality. So, see, you're right -- this Australian company's ideas about the proper way to ensure confidence, they just don't apply. As long as our Repubs can fly under the radar, they don't care whether it's right or not.
Open Source (Score:4, Insightful)
Get that in your damn head. Every citizen (who cares) should have the right to get a deep insight into how his vote is eletronically processed. If you're not allowed to know how your vote is processed you have no democrazy.
Re:real democracy (Score:5, Insightful)
Think of the masses voting on each and every topic.
How much does your average citizen know about foreign policy? Health care? Criminal and civil law?
A true democracy would be the worst form of government I could think of, unless you happen to have the exact same opinions as >50% of the population, you're fucked.
Realize that around 70% of Americans are christian. Now, lets vote on whether or not to allow that mosque or synagogue (sp) to open its doors on the corner, or whether gays should be allowed to parade, etc..
Re:Open source? (Score:3, Insightful)
If you alternate through 3 spools of paper at random, or skip back and forth on the paper, there's no way to connect a voter with a vote after the fact. However, it IS impossible for software (closed source, open source, or polkadotted source) to change the "receipt" after the fact.
I think thermal printers are under fifty bucks (probably well under) and I don't see why this couldn't be added to any voting system.
Trouble is ... (Score:4, Insightful)
Re:Open source? (Score:5, Insightful)
I'm sorry, that's not insightful - it's total bollocks. Of course it's possible to tamper with paper ballots, but to do so on a large scale (e.g. large enough to affect statewide or national elections) would inevitably attract attention because one would need to gain access to, and modify or destroy, literally tons of paper.
Electronic voting systems may be tampered with without any heavy lifting, by few people, and the only access problem is electronic, not physical - do you trust that the home or office PC of the supervisor of elections in your county is secure? Having done computer work for municipal governments in the past, I certainly do not.
-Isaac
Re:Open source? (Score:5, Insightful)
I'm not one for playing the mindless patriotism card, but I really do feel that (for the Americans out there) it is our duty to do something about this.
Re:Question (Score:2, Insightful)
Re:e-voting is not secure (Score:5, Insightful)
Obstacles to US adoption of SI system (Score:5, Insightful)
1) Imagine the outcry from Americans when they learn they're contracting a foreign company to handle their voting system. Oddly enough they won't have cared that Diebold's being all secretive and evasive about their own flaws while SI is open and honest and better suited to uphold the fair democratic system the US claims to cherish. To them I'd say ditch the NIH (not invented here) syndrome--if it works better than what you have, either make a competing product that's truly better or shut up about it.
2) Diebold will use MS' tactics, calling SI's system "un-American". Again, double meaning, but this time I mean because it's open source.
3) Watch Diebold play points 1 and 2 to the hilt, calling on its political ties to ensure SI never gets a foothold in the US. In so doing they pull a two-fer, by simultaneously kicking out a leg from under the democratic underpinnings of the US, as well as another leg from the "capitalist" system the US also claims to be, e.g. where companies compete based on the merits of the product and marketing, without political interference.
Incidentally, the Australian system requires you by law to vote. Maybe that's something the US ought to consider importing too. Argue if you want about being free to NOT vote, but voting is a duty, not just a right, and you should be compelled to do it. Just like you are to report to training if you get drafted, or filing a tax return--you're not free to refuse either of those without legal consequences, right?
What's sad about my writing this is that I have no influence in US politics, being a Canadian, but I seem to have more interest in your politics than the majority of voting Americans, who don't even bother to go to the polls.
Re:To encourage competitors? (Score:3, Insightful)
Frankly, for the verification and transparancy of election systems process NOT to be open seems like a "kick me" sign for trouble.
Until now, the voting system and how votes were tabulated and kept were open. You could see the machines, the process and review it all.
The new electronic systems just presenent you with a total in essence, with no real transparancy in the system.
If this is the result of reform, I'd much rather pay 10X's as much per election, and go to scantron forms for the entire country.
Transparancy and open-ness is a REQUIREMENT for voting systems. Perhaps there are other ways to accomplish this without opensource software, but I doubt it.
Cheers,
Greg
Re:Trouble is ... (Score:2, Insightful)
How could you get around the fact that the creator of the voting machine controls the software and hardware and can print out whatever MD5 number they want?
Re:Question (Score:3, Insightful)
Here speaks someone who sounds like he has never been out of America.
You take most of the good things about America completely for granted, and that is because things are so stable, you don't realise just how lucky you are.
So speaks someone who is not American, and who knows how bad things can get.
Count your blessings, but first I suggest you figure out what they are.
I realise that I am assuming you are American or Canadian, or perhaps even to a lesser extent European, but my experience shows that those with their bum in the butter are typically the first to forget about the existence of butter. When was the last time you thought about the air that you breathe?
I can moan about Americans with the best of them, but I won't let that blind me to just what they have achieved, and the good parts of their life and system.
Moan about the cons, but do yourself a favour and remember the pros.
Re:Open source? (Score:3, Insightful)
This would rarely be a practical way to verify a problem. Take your example with the precinct of 600 people.
Let's assume the exit polls are 100% accurate and 52% of voters indeed voted for Foo. Let's also assume that 10% voted for various third party candidates and the remaining 38% voted for candidate Bar. These would be the actual vote totals:
Foo - 312
Bar - 228
Other - 60
The voting system shows only 270 votes for Foo. To use your method to check for a problem at least 271 voters must show their receipts. This amounts to 86.9% of Foo voters. It's certain that at least some of these people will have thrown their receipts out, lost them, or are unwilling or unable to turn them in to be verified.
I know you just came up with some sample numbers but the criticisms apply to almost all common voting scenarios. This method won't work unless it's a situation where a candidate's exit poll numbers are vastly different than the amount recorded by the voting system.
Re:Open source? (Score:3, Insightful)
And you've destoyed the idea of the anonymous ballot.
Re:Open source? (Score:1, Insightful)
All you need to log is date/time a user voted. The user could be asked to verify whether they did in fact vote at that day and time, through snail mail if required. You could even have a system where the user logs in to verify their own specific votes. Making any of that secure isn't really the issue.
The problem is making the adduser command for the system. It must verify the identity of the user as well as the current registration system does, otherwise Bob at address 742 evergreen terrace with SSN 999-55-1212 is gonna be making a lot of votes. Email authentication is not good enough. Online banking requires ssn, driver's license #, phone #, employer info, etc to authenticate a new account. Even then a real person is involved somewhere. The signup process is not entirely automated.
How is that any less secure than me walking into a few hundred voting booths with a few hundred fake ids of registered voters?
Re:Open source? (Score:3, Insightful)
That is a pretty scary statement in of itself...
Re:Open source? (Score:5, Insightful)
Why not pencil and paper? (Score:4, Insightful)
I just don't see why you need to use any more technology. What is the point?
Re:Open source? (Score:4, Insightful)
Now, if the receipt the voter takes home contains a *signature* of the data on receipt they dropped in the box (such that it can't be used to determine who they voted for but can be used to determine that their vote hasn't been tampered with), that's a different story.
Personally, though, I think that's overkill -- putting a chain-signed receipt into a lockbox is Good Enough For Me.
(chaining digital signatures, fyi, is a way to make it very hard to modify just one -- because the next receipt also happens to contain a signature of the previous one).
Re:Open source? (Score:2, Insightful)
Correct (Score:4, Insightful)
Mindless patriots support the government, while real patriots support the people, and challenge the government to do what's right for everyone. The implementation Diebold has come up with is not good for any of us, and is not right.
E-Voting is simply a bad idea (Score:3, Insightful)
Any technology introduced to improve the act of voting cannot make the act of counting less transparent or democracy suffers.
It is apparent that Diebold's systems (not to mention Diebold's paranoia for secrecy) render the act of counting less accountable and less transparent. Ergo, democracy suffers.
If used in a close election - where exit polling and other secondary measurements are unable to confirm the results of the counting - the wrong person might actually get elected President of the United States of America.
With no sense of responsibility to the coutry at large, this illegitimate President might launch a series of Napoleonic wars to to compensate for his own feelings of inadequacy.
I digress into fantasy... the little blue ones I washed down with all those adult beverages must be kicking in.
Re:Open source? (Score:3, Insightful)
Re:And here in Canada... (Score:2, Insightful)
It always amazes me that 10% of the population can't follow any instruction more complex than waiting in line. You can hand them a paper ballot, you can even have a little PICTURE of how they should fill in their vote, and what happens?
They will circle the candidate's name, mark all the candidates they DON'T want, write a poorly spelled version of the candidates name somewhere on the ballot, or goodness knows what else. Seriously, how do these people manage to get through the day?
Overall, I would say the ATM-style voting machine, printing out a human-readable ballot is the ideal combination of transparency and ease-of-use.
Re:Open source? (Score:5, Insightful)
Only if the binary that runs on the machine is compiled from the same copy of the source that you've analyzed just before you cast your vote. Oh, and you'll need to analyze the source code for the compiler that the voting machine's binaries is compiled on, to make sure that hasn't been compromised. And then you'll need to check the source of the program used to view the source code of the other programs...
Re:Open source? (Score:2, Insightful)
If by "human-readable printout" you mean that the punch cards themselves had larger punchout holes, and the candidate names printed right on the card next to the holes, I guess that would have worked. But that would have required new punch card ballot machines anyway.
Remember, punch cards themselves are human readable. You can see whether hole A21 was punched or not; but that doesn't help if it's not clear who a punch in A21 will be counted as a vote for.
If by "human-readable printout" you mean a second sheet of paper interpreting the punchcard, then you're on the right track, but you missed the target. This just underscores how easy it is to get this stuff wrong.
They could have added a seperate machine to the Florida punch-card voting system to re-read the punch card back to the voter. This would not only have caught the cases where a "Candidate A" voter accidentally selected "Candidate B", but also caught those "hanging chad" cases where the voters' intent was ambiguous.
But such a system is still vulnerable to compromise.
If it was built in collusion with the ballot preparer (the machine which punches the punch cards) it could wait for someone to vote "Candidate A", "incorrectly" mark the ballot for "Candidate B', then "incorrectly" interpret the "Candidate B" ballot as a ballot for "Candidate A". The voter would assume his "Candidate A" vote would count as a vote for "Candidate A", but the final vote tally (and any subsequent recounts) would show it as a vote for "Candidate B".
Even if the two systems could not collude, the punch card verifier could be built with a bias toward one candidate over the other. It could, for example, be very strict about ballots for "Candidate A", only confirming them as valid if the the ballot were very clearly and unambiguously marked, thus ensuring that virtually all of the votes for "Candidate A" would be valid and counted in the final tally. By contrast, a vote for "Candidate B" would be interpreted very liberally, accepting ballots for "Candidate B" wich will eventually (during tabulation or recount) be thrown-out as ambiguous.
This is tricky stuff, hard to get right, best if done as simple as possible.
Re:Open source? (Score:3, Insightful)
If the voter can show someone else proof of how they voted, 2 things can happen:
- voter gets paid if they can show they voted for a particular line item
- voter can be threatened to vote for a particular line item or have bad things happen
Re:Preferential voting system (Score:3, Insightful)
The preferential system is also used in the Australian senate, where there are no boundaries within states. Here we see minority parties (Greens, Democrats, independents) getting seats and so having a say in politics. This is why the senate is so important in Australia, as a house of review. In my opinion, the preferential system works well for multiple parties, despite its complexity.
Re:florida (Score:3, Insightful)
Disposing of hundreds / thousands / tends of thousands of paper votes is a bit trickier if you don't want to be discovered.
Paper is good because we have centuries of experience in knowing how to secure a paper audit trail. Experience that probably shouldn't be thrown out (baby with the bathwater) just to implement some new cool digital voting technology.
Re:Open source? (Score:3, Insightful)
Is this web form something they can access from outside the physical polling place?
If so, that means they can use it to prove who they voted to to a third party, and thus their vote can be bought or coerced.
Platonic Experts? No thanks! (Score:2, Insightful)
- Unfortunately, the idea is completely unrealistic today.
Seeing that the idea turned out to be completely unworkable when Plato himself tried to implement his system on Sicily, I dare say the idea was totally unrealistic right from the start.- Personally I think that the state should be ruled by a group of philosophers (in Plato's terminology), basically by scientists and other specialists (engineers, generals for Defence Ministry, etc.). The emphasis should be made on the consensus-based decision-making, but voting should still be an option. These rulers should be well-educated and raised to be honest. The selection should be done in an objective and transparent way.
First of all, scientists and specialists are not the impartial and unprejudiced uber-folk they are cracked up to be. For better and worse, they are human too, with all of the foibles and idiosyncrasies characteristic of humans whatever their specialist status. If you knew a fair number of them or if you knew anything about scientific history you would know this. (For an enjoyable read on the subject, cf. e.g., Steven Jay Gould's Bligh's Bounty and In A Jumbled Drawer in Bully For Brontosaurus or Thomas Kuhn's -- I think -- musings on paradigm shifts in science.) Sometimes they are perhaps 'better' than non-specialists, but sometimes they are decidedly 'worse' and sometimes they are just plain 'awful'. And as for their upbringing. I doubt there are very many people who were brought up to be dishonest; they may end up that way in the end, but do you really think that they were raised that way? And how are you going to ensure that a suitable upbringing is being applied anyway? By some 'Gattaca-like' analysis and selection coupled with some Spartan-like mandatory boarding schools for future leaders?Further, selecting them in an 'objective and transparent way' -- how? And by whom? By voters? In an election? Or do you perchance know of a better way to select/elect people? Maybe you think you do, after all, democracy has many flaws. So far, however, it has turned out to have the least flaws; to quote Winston Churchill: It has been said that Democracy is the worst form of government except all those other forms that have been tried from time to time.
Finally, let us imagine a hypothetical case in a society in ruled by your 'philosophers'. Let us imagine that we have a curvy road on which 100 fatal accidents occur every year. According to the appropriate road accident experts straightening the road would bring the death rate down to 50. We assume that they are right. Straightening the road would mean draining a swamp where the road would go. In the swamp lives a certain species of frog. Our frog experts inform us that this frog does not live anywhere else and that draining the swamp would render this particular kind of frog extinct. We assume that they are right. So now your society is faced with a choice: either let 50 people/year die or let the frog go extinct. We assume no other solutions are possible. How would your 'philosophers' solve this question? Consensus is out of the question as no compromise solution is possible. In other words, they would have to vote on the issue. Let me now suggest to you that we are already really close to doing what you suggest: we are already electing 'experts' but they are experts at choosing one thing over another rather than at the scientific reasons supporting that choice. Oh, and we prefer to call them 'politicians'.
Real data on this... (Score:2, Insightful)
OK.. I'll start by saying that maybe it is you who need to broaden your horizons a bit and get your news from sources other than Fox News (whose Chairman and CEO was the media director for the George HW Bush campaign in 1988 and the creator and executive producer of Rush Limbaugh's TV show) and heavily Republican-leaning talk radio. You yourself state that johnkerry.com isn't exactly un-biased (sic). Do you think Rush Limbaugh and Fox News are? I am not a Democrat, so that's not why I'm saying this. I'm saying it because the very facts you sarcastically say we shouldn't let get in our way don't support your position.
Take a peek at this. It's a presentation of the results of the recount. It starts by repeating that Bush won the official certified result by 537 votes (Bush 2,912,790; Gore 2,912,253). It then shows what would have happened in 5 different possible recount scenarios.
First, if Gore's request for recounts of four specific counties had been granted, he would have still lost, though by a smaller margin-- 225 votes (Bush 2,913,351; Gore 2,913,126).
The second scenario presented is if the Supreme Court had not stopped the partial recounts already underway in Florida. Again, Gore loses, by a margin very slightly smaller than the certified result-- 493 votes (Bush 2,916,559; Gore 2,916,066).
So far, two "Bush wins" results, both coming from what Democrats were seeking (Gore's request for a recount of 4 specific counties, plus completion of the partial recounts already in progress). Looks like Bush would win in any conceivable scenario, right? Let's continue.
First, they could have used "the most liberal methods they could, counting anything that even remotely looked like a vote for Gore" (as you put it), but they didn't. They did do one recount using a similar but fair standard, accepting any dimpled punch card or any mark on an optical scan ballot that indicated a candidate choice, whether it was Gore or Bush. The result? Gore won (so much for "In every recount they did Bush still won), by a very narrow margin of 107 votes (Gore 2,924,695; Bush 2,924,588). But if that were the only Gore victory, your argument, while wrong on some details, would still have a foundation of truth. Let's continue.
Given that very loose standard, one could fairly ask for a recount with a very rigid standard. For example, one could ask for a recount where only fully-punched ballot cards and correctly marked optical scan ballots are accepted, again, independent of the candidate chosen. Who'd win that one? Bush? Nope. I'll give you one more guess...
'Dja get it right? Let's check. Here's the result of the recount using that very rigid standard: Gore by 115 (Gore 2,915,245; Bush 2,915,130).
Hmmm... looks like your "recounting anything that even remotely looked like a vote for Gore" has been debunked by those inconvenient facts you mentioned, as has "In every recount they did Bush still won."
There is one more reasonable standard that could be applied to a recount: one could simply let each county's own standard apply to disputed ballots from that county. Recounting under those conditions yielded President Gore too, by a margin of 171 votes (Gore 2,917,847; Bush 2,918,676).
It's ironic that Gor
Re:Obstacles to US adoption of SI system(Note: OT) (Score:2, Insightful)
Good point, however I still believe that if you can vote then you should. It is one thing to rail at the government when you are disenfranchised, however it is quite another to have the opportunity to actually have a say and waste it.
Voting is not a right it is a responsibility. It is, for a lot of people, the only way to get a say in what the government does. If you voluntarily abdicate that responsibility then you have to wear the cost.
Re:Preferential voting system (Score:2, Insightful)
Not just americans... (Score:4, Insightful)
In australia (and the rest of the world) we are extremely sensitive to the american political decisions, especially those relating to foreign trade and policy.
The concept of a closed source system, developed by people who openly pledge to "deliver votes to the president" (you don't need references, it's all over the /. front page), can covertly apply patches and allegedly have back-doors, seems pure insanity to me.
Just my AU$0.02...
Q.