Sequoia Vote Machine Can't Do Simple Arithmetic? 254
whoever57 writes "Ed Felten is showing a scan of the summary from a Sequoia voting machine used in New Jersey. According to the paper record, the vote tallies don't add up — the total number of Republican ballots does not match the number of votes cast in the Republican primary and the total number of Democratic ballots does not match the number of votes cast in the Democratic primary. Felten has a number of discussions about the problems facing evoting, up to and including a semi-threatening email from Sequoia itself."
Update: 03/20 23:30 GMT by J : Later today, Felten added an update in which he analyzes Sequoia's explanation. He has questions, comments, and a demand.
Re:Enough Already! (Score:4, Interesting)
While I agree with you, I just have to point out that it's not all that hard...after all, the recent presidential election in Mexico was stolen the old-fashioned way.
Re:oh dear. (Score:4, Interesting)
What credibility are you talking about?
After all those neato stints that just about every voting machine company tried to pull their credibility is somewhere between a San Francisco Tenderloin crack hooker and a timeshare salesman for quite some time now.
Thinking about it the hookers credibility is probably a lot better then the ones of those voting machine vendors.
This is Jersey, we don't need fair elections! (Score:2, Interesting)
Re:Enough Already! (Score:2, Interesting)
You cannot prove correctness at all (Score:3, Interesting)
Re:Maybe the votes were not placed? (Score:3, Interesting)
I'm not a big fan of the argument that Open Source = Always Better and Closed Source = Always Worse, but in this case I think it applies. The voting machines' inner workings are hidden from view from everyone, including the government running the election. If you're running something like a public election system, your machines should be open for scrutiny. Your *ENTIRE* machines. This means hardware *AND* software. If a company cried foul when the government that bought their machines tries to get them independently evaluated, I start to smell something fishy. This is probably the only time I'd give credence to "Why do you complain if you have nothing to hide."
In my mind, the perfect eVoting system would be completely open (meaning the government officials could get any third-party individual to evaluate the code/hardware). The components would be off-the-shelf PC parts and would likely run on Linux or even on a hardened installation of Windows. (Yes, you can secure Windows, but that's another argument.) The machine would sit in plain view, but the monitor would be in the closed-off area. This would eliminate the possibility of a voter tampering with the machine while in the voting booth. They would only have access to a few components and not the main system.
The voter would select their choices via a simple (but large type) keypad. (Press 1 for Obama, Press 2 for Clinton, etc.) After voting in one race, the machine would switch to the next race. The voter could easily go back and review/change their vote. At the end of the voting session, the voter would be presented with their choices and be asked to confirm them. A receipt would be printed showing the choices also. The voter would be asked to review the receipt and confirm that it was accurate. A No answer might alert Poll workers to a problem. A Yes answer would prompt the voter to inset the receipt into a special slot. A random bar code printed on the receipt and read by a bar code reader would ensure that the correct receipt was inserted. Then the electronic vote would be recorded and the voting session would be over.
After the polls closed, the machines would burn their results to CD and would be hooked up (via wired connection most likely) to a VPN connection to a central server. The central server would take in all of the votes and tabulate them. If any voting irregularities were suspected, you could go back to the burnt CD results or the paper receipts.
I'm sure this system would have holes (any electronic system would... even non-electronic voting systems are subject to fraud), but it'd likely be a lot more secure/accurate than Sequoia. Now I just need to convince some government worker to pay me a couple million dollars to build it.
Re:Hypocrisy (Score:4, Interesting)
Re:Enough Already! (Score:3, Interesting)
I see eVoting as basically a first step to abandon democracy. Other then gaining the ability to temper with votes there simply isn't a need for eVoting.
Sparta NJ Referendum Results (Score:2, Interesting)
Re:Minor discrepancy...MAJOR problem. (Score:2, Interesting)
The problem with electronic voting in general is that there are a number of places where it can go wrong. Let's assume you do get the source code, and prove that it is correct. Can you also prove that this exact version is what is installed on every voting machine, in every polling location? Checksums are nice and all, but the checksumming software could be tampered with. Can you be sure that no other software is also installed that could alter the core application at run-time? Can you be positive that the results cannot be altered after they are already entered? Hell, can you be positive that the compiler used hasn't slipped something into the executable? As it stands right now, I think the answer to these questions is, collectively, no. Somewhere, there is a piece that is going to be extremely difficult to verify in all cases. It doesn't have to be much - a 1% error in the results would have swung a couple of the last elections. Some allege that this has already happened. (Hey, you all, in the back - with the tinfoil hats. Raise your hands...)
In addition to requiring open source code, we should also have in place an extensive system of consistency checks to ensure that we catch most of the obvious ways to rig an election. If there are not the same number of ballots cast as there are people casting, that's bad. If a number of votes get invalidated (because of hanging/dimpled/pregnant chads, or what have you) that's bad. If people that can't vote (say, because they are dead), somehow manage to, that's bad. All of these things have been used as evidence of voting fraud in the past - don't throw them out just because you 'validated' some random piece of code.
One more thing. If we are going to use electronic voting (and it seems like we are), you also need to get a voter-verifiable print-out - like, you know, on paper. This way, you can be sure that if something is wrong, it'll be caught on a hand-recount, and your vote will still mean something. This is really just the ultimate consistency check, and I don't see how we are going to get around the fact that without it, there will always be a way to tamper with the results. Check out http://coloradovoter.net/ [coloradovoter.net] for more - or look for a group of concerned citizens closer to where you live.
As someone who would like my vote to count, I think we should ban all voting machine manufactures that don't agree to these sorts of checks. If they are trying to avoid this for any reason, I think they've got a hidden agenda. No more excuses about proprietary source code - if you want your machines to be used, you submit to a battery of external reviews and consistency checks. No exceptions.
my experience as a NJ poll worker (Score:2, Interesting)
Re:Software bug (Score:3, Interesting)
If you RTFA, you will note that this error does not occur in every instance, meaning that this is not a simple off-by-one error, but something much more serious. Sequoia claims that this bug can be reproduced if the operator of the machine presses a valid button, but then an unused button. That is a "logic bomb," and is indicative of two things:
1.) Formal methods were not employed in the design of this software, and so the system was never proved to work.
2.) The product was not tested sufficiently, and the testers assumed that the machine operator would never make an error while operating the machine.
Neither of these situations leaves me with much confidence in Sequoia's ability to design a mission critical system. Sequoia needs to perform a review of its methods of design and testing before they sell any more voting machines, and the governments purchasing these machines need to start demanding that the designs be made available to the public.