Software Bug Adds 5K Votes To Election 239
eldavojohn writes "You may be able to argue that a five-thousand-vote error is a small price to pay for a national election, but these errors are certainly inadmissible on a much smaller scale. According to the Rapid City Journal, a software glitch added 4,875 phantom ballots in a South Dakota election for a seat on the city council. It's not a hardware security problem this time; it's a software glitch. Although not unheard of in electronic voting, this bug was about to cause a runoff vote since the incumbent did not hold a high enough percentage of the vote. That is no longer the case after the numbers were corrected. Wired notes it's probably a complex bug as it is not just multiplying the vote count by two. Here's to hoping that AutoMark follows suit and releases the source code for others to scrutinize."
How hard can it be? (Score:5, Insightful)
I mean really, I'm pretty sure I could write a program with a couple of buttons and a counter for each.
What's going on here?
How..... (Score:4, Insightful)
Blckboxvoting.org (Score:5, Insightful)
A software error resulting in +/- 5000 votes cast is unacceptable on any level, even if it gets drowned out on the national level in the US.
There is absolutely no reason or excuse for software to miscount votes. It isn't rocket science.
I know I'm preaching to the choir here, but this shit just pisses me off. It's a matter of national and local integrity that our voting systems are transparent. Please support blackboxvoting.org [blackboxvoting.org] if you don't have the time to get involved in a deeper fashion (calling/writing your legislators, etc).
Note: I'm not affiliated with blackboxvoting.org. I just appreciate their work.
!bug (Score:1, Insightful)
Re:How hard is it for a computer to do addition? (Score:5, Insightful)
Why is a voting system doing any kind of math at all? I voted yesterday in Belgium on a computer that puts my vote onto a card, which is then tallied separately. This same system has been working since at least 1995 with zero reports of fraud or failure (except normal "computer is broken" style failures).
How can a computer "add phantom ballots"? Software does not just "glitch", it breaks in ways that depend entirely on how it was built.
How do you know this system is fraud free? Reading your comment doesn't convince me one bit. I voted too, in the Netherlands, and for the first time in years I had to use a pencil again. No guarantee that there are no counting errors, but they won't be systematic on a large scale.
Re:How hard is it for a computer to do addition? (Score:4, Insightful)
Re:How hard can it be? (Score:4, Insightful)
What's going on here?
That, my friend, we will never find out. We would if these highly complex applications were OSS, but then again the complexity of these are so immense that 9/10 experienced programmers had their heads spontaneously explode upon viewing the first line of code. That or someone is bullshitting you.
Re:!bug (Score:4, Insightful)
yeah, cause the difference in saying something like "x+y/2" or "(x+y)/2" is obvious fraud, as it is a bug that wouldn't crash the system.
Re:!bug (Score:5, Insightful)
Re:How..... (Score:4, Insightful)
How does a local election provider define the ballot?
Depends, have a list of candidates, choose the candidate, submit it. For a yes or no issue have two buttons, one yes the other no.
How do you ensure that the ballot programming is accessible to politicos and not computer programmers?
Either have a GUI or hire a programmer, I'm sure that the cost of one programmer and one or two other people is a lot less than hiring a team to hand-count votes.
How do you QA the ballot program? How do you verify that nobody has tampered with the ballot program after it has been QAed?
Sign it. Have the program check the signature, good signature it lets it go, bad signature it rejects it and throws up an error message.
For QA, how do you do it without using official ballots that don't end up in the valid votes pile?
Reimage the machine after use.
What happens if the scanner (for optical scanners) gets miscalibrated, or the ballot printer was miscalibrated when it printed them, so that alignments aren't off? What if the initial votes and ballots are correct but later ones are not because of changes in calibration or alignment? Think about multiple ballot runs off a printer in a high-volume election.
Simple, don't use scanners. Simply have it be all digital with a paper printout that may be used if the electronic voting failed due to errors, etc. The paper printouts could be hand-counted if there was a major failure.
What about different election types? "Most-of", "at-large", "one-of", "instant-runoff", etc.? What about the interactions between these election types and other election types on a single ballot? What about multiple ballots in small regional areas? Who programs them and verifies the programs?
Programmers and the town. Have an open meeting where anyone can discuss them, fix them, etc. You only need to hire one competent programmer to program a ballot. Multiple ballots are simply more XML files, trivial to make.
Re:!bug (Score:1, Insightful)
when this kind of "error" appears in elections software, be sure that it's not by accident.
Just applying Hanlon's razor (Score:1, Insightful)
If that bug survived product testing, stupidity is no longer an adequate explanation. We are forced to suspect malice.
Re:Uh oh... (Score:3, Insightful)
I take it you've never really taken a good hard look at the crop of politicians currently in office. The 'droids have been running the show for quite some time now....
Re:I agree. (Score:3, Insightful)
Really, the very first step you'd need to make, is separating the system into a GUI client, operator client and vote server. The vote server would be easier to verify due to very few libraries and unrelated code being used. The GUI client would not be able to mangle _all_ vote results in an instance due to memory corruption issues. And requiring the operator to clear the vote server for receiving the next vote would avoid 5000 votes being registered due to a bug of any kind.
The server and GUI client would be separate users with different privileges and cryptographically signed log to append-write only medium. Hell, the final confirmation to the user should be displayed on screen by program using a plain-text message sent by the server to a different client process, just to ensure the GUI is showing a different choice from what it registers with the vote server. And I'm sure there's plenty of other stuff that would need to be done to make a truly secure and reliable voting system.
Re:my observation [ATMs DO fail] (Score:3, Insightful)
Nah, I've HAD the ATM screw up before, and record a deposit twice. The bank happily deducted it from my account later. I've also had an ATM record a withdrawal three times for the one transaction. Took me a couple weeks of back and forth for them to get it all straightened out. So, the ATMs *do* screw up, but the banks don't care because in the end they don't lose any money. The only one that suffers is the customer (by being out my $$ for two weeks).
Re:How hard is it for a computer to do addition? (Score:4, Insightful)
Right. Ask a computer to count 1 million records and stop exactly on the millionth, and then ask a person to count 1 million cards and stop on the millionth. If you had to bet your life on it, who would you think would be more precise? Obviously computers have value.
On the other hand, I'm a firm believer in the idea that the source code should be available for review to make sure there are no weird bugs that could multiply votes, and there should be a paper trail so that the computer can be checked for voter fraud. Computers are more efficient, but not only are they more efficient at doing the right thing, and they're more efficient at doing the wrong thing. If the code tells them to count votes incorrectly (whether it's fraud or an inadvertent bug) they will very efficiently count the votes incorrectly.
Re:How hard is it for a computer to do addition? (Score:3, Insightful)
I am not a programmer, nor an election official, but that process is as dumb as a blade of grass.
Why upload during the day? We are only interested in the whole day's total.
Why reset the local count? Like the server is infallible?
Why transmit ANYTHING? Like I trust even a modem call to a dedicated line. There is not much easier than diverting a landline. All you need are cutters and spare wire. My modem is just like your modem. MY server will be like your server. I can tap in and listen to a few connections and work out the details, of not for this election than for the next. Pwnage.
Really, if the concern for sending hourly updates is reliability, then reconsider the system. If the concern for sending updates is physical security and lost votes, you are doomed, get better poll monitors. If the concern is software problems, reconsider the system.
There is no need for interim results. If you want to audit the system during the day, have a team come in, stop the voting for a moment, take the tally card as would be done at the end of the day, document it and give the pool watchers a receipt, insert a new card, and voting recommences.
But paper is the simplest and surest way. Sorry, but it is.
Re:How hard is it for a computer to do addition? (Score:4, Insightful)
Sure, go ahead and add a field to the table and you've got a record of who voted for who, which is awesome!
The problem for slashdotters is that there is more to a voting system than JUST counting the votes properly.
You have to count the votes properly, provide proper auditing to validate that everyones vote got counted for who they voted for, all the while making sure that you don't actually know who specifically voted for who, even though you may need to prove that their vote was counted for a specific candidate later.
If all they had to do was count votes, they would have gotten it right cause even the $0.50/hour programmers from India can get that part right.
It does blow my mind however that we still get errors in electronic voting due to bugs, these companies are utterly failing and should be banned from making software such as these as soon as a bug like this is detected. It is not acceptable to have not tested your software properly before hand to detect this crap.
Re:Open source voting (Score:3, Insightful)
There are plenty of good paper based systems around.
They scale. The more voters you have, the more volunteers and observers you should be able to get.
The counting of each ballot can be observed by party representatives and independent 3rd party observers/monitors. In my country, the counter holds up each ballot paper to show it to "everyone". It'll take a fair number of magicians to cheat in this and they would have to work a lot harder to cheat without getting caught.
As I've said before- Elections don't just have to be fair, they have to be SEEN as fair. If democracy is important, it doesn't matter if it costs a few hours to get it right.
The best thing about it is, even if it's a surprise result - because the various observers see that it's mostly fair, the losers will grudgingly accept the result. If the result is close a recount can be done with even more stringent monitoring.
Where the cheating probably happens in my country is from the postal votes. But the electronic systems will also be vulnerable to this problem, in addition to being vulnerable to very many other problems inherent with e-voting.
E-voting fails my "seen to be fair" requirement- because it's some blackbox that the normal folk don't understand, and the IT security people understand and thus don't trust. Even if you have the source code, it's so hard to prove that it's the same software that actually runs during the counting, or that the rest of the hardware isn't messed with.
With e-voting, only a few specialists can understand and check the system, and the rest of the public have to near blindly trust them.
Whereas with hand counting, it's easy to explain to most people how it's done - and their party representatives are there checking each ballot as it's counted as well.
Is it so hard in the USA to find people who can count? Tell me it can't be so bad as "Counting votes is hard, let's go shopping!" right?
Choice, Responsibility and Punishment (Score:3, Insightful)
When you make the Choice to make something closed, especially something this important, you really should be taking on the responsibility for any errors, bugs, security flaws or back-doors that end up in the software.
If you're willing to take the responsibility, than any error should be considered criminal--as in jail time for the CEO and others who made the (now obviously wrong) decision to keep the information private.
If you don't want the responsibiliy, that's totally understandable--just open the software for peer review by anyone.
I'm getting kind of tired of CEOs and politicians with no competency doing jobs they obviously don't understand, taking authority and reward without responsibility. I realize they are hard jobs, but doesn't that make it even more important to hire someone intellictually and morally competent instead of some college drinking bud from the good ole' boy network?
Re:How hard is it for a computer to do addition? (Score:3, Insightful)
The real question is why is there a need for parallel processing? This is a voting machine, even a simple single core processor without any threads should be sufficient. As a matter of fact, I would try to make the software as simple as possible. When it is short and simple, there is less chance of hidden bugs or for a malicious programmer to hide something in the code. Also, any obfuscated code should not be allowed.
Re:How hard is it for a computer to do addition? (Score:4, Insightful)
Hold them responsable (Score:3, Insightful)
As part of the agreement for purchasing the voting machines, add a clause that subtracts $1.00 for each vote miscalculated.
This should make the voting machine creators be much more careful about the software they supply.