Forgot your password?
typodupeerror
Government Bug United States News Politics

Software Bug Adds 5K Votes To Election 239

Posted by CmdrTaco
from the margin-of-error dept.
eldavojohn writes "You may be able to argue that a five-thousand-vote error is a small price to pay for a national election, but these errors are certainly inadmissible on a much smaller scale. According to the Rapid City Journal, a software glitch added 4,875 phantom ballots in a South Dakota election for a seat on the city council. It's not a hardware security problem this time; it's a software glitch. Although not unheard of in electronic voting, this bug was about to cause a runoff vote since the incumbent did not hold a high enough percentage of the vote. That is no longer the case after the numbers were corrected. Wired notes it's probably a complex bug as it is not just multiplying the vote count by two. Here's to hoping that AutoMark follows suit and releases the source code for others to scrutinize."
This discussion has been archived. No new comments can be posted.

Software Bug Adds 5K Votes To Election

Comments Filter:
  • by pieterh (196118) on Monday June 08, 2009 @10:34AM (#28250865) Homepage

    Why is a voting system doing any kind of math at all? I voted yesterday in Belgium on a computer that puts my vote onto a card, which is then tallied separately. This same system has been working since at least 1995 with zero reports of fraud or failure (except normal "computer is broken" style failures).

    How can a computer "add phantom ballots"? Software does not just "glitch", it breaks in ways that depend entirely on how it was built.

  • by thekm (622569) on Monday June 08, 2009 @10:36AM (#28250895)
    ...but I can't understand how a glorified logger can be this far off. With hand-shaking and all the rest of it, it just staggers me that something this simple is so hard. If our systems or audit logging were off by more than 5k, our nuts would be in a sling, and our projects sure as heck aren't as big as these puppies.
  • by BlueKitties (1541613) <bluekitties616@gmail.com> on Monday June 08, 2009 @10:41AM (#28250957)
    I'm pretty sure, somewhere in that code, was a server thread handle which states "if {vote=="thisGuy"){thisGuy++;}else{otherGuy++;}" - because validating your requests might require extra code.
  • tampering? (Score:5, Interesting)

    by Ltap (1572175) on Monday June 08, 2009 @10:44AM (#28250987) Homepage
    TFA only tells me the numbers and the guy's plans, nothing about the actual bug. What was it? It seems awfully hard to screw up adding two numbers together to get a third number, which is basically what that software was doing. Has it occurred to anyone that it might have been tampering? It seems to me that, with the fairly large (tens of thousands) number of votes, adding or removing just enough to make it a runoff would be the perfect vote tampering scheme - too little to draw much attention, but enough to actually make a difference.
  • Re:How..... (Score:2, Interesting)

    by Anonymous Coward on Monday June 08, 2009 @10:49AM (#28251039)

    How does a local election provider define the ballot? How do you ensure that the ballot programming is accessible to politicos and not computer programmers? How do you QA the ballot program? How do you verify that nobody has tampered with the ballot program after it has been QAed?

    For QA, how do you do it without using official ballots that don't end up in the valid votes pile? Do you use a different form? Then the official ballot might be different from the test ballot and result in badly counted votes. What happens if the scanner (for optical scanners) gets miscalibrated, or the ballot printer was miscalibrated when it printed them, so that alignments aren't off? What if the initial votes and ballots are correct but later ones are not because of changes in calibration or alignment? Think about multiple ballot runs off a printer in a high-volume election.

    What about different election types? "Most-of", "at-large", "one-of", "instant-runoff", etc.? What about the interactions between these election types and other election types on a single ballot? What about multiple ballots in small regional areas? Who programs them and verifies the programs?

  • Re:How..... (Score:5, Interesting)

    by Shakrai (717556) on Monday June 08, 2009 @10:52AM (#28251061) Journal

    It still amazes me how "hard" it is to write a simple program. First have something to scan the ID, check that its unique then move to the voting. Have a few radio buttons that you click, then hit submit, each radio button corresponds to a candidate or a choice, they are added up and give you the results. How the crap do you screw that up?

    Well, in the case of New York State, our fearless leaders in Albany changed the requirements no less than 15 times after signing a contract with the vendor for new voting machines. Then after they finally agreed on a set of requirements they decided that they needed voting machines for 62 counties right now so they'd have them in time for the election. Then after the machines arrived they changed the requirements again and needed the new software for them right now.

    Doing business with the Government is not an easy undertaking. The only good thing that came out of it is our fearless leaders weren't stupid enough to go with a DRE (direct electronic recording) system. We still have paper ballots that can be counted by any human being if the computer system fails. All the computer does is tabulate them and provide an interface for those voters (the blind/handicapped) whom can't fill out paper ballots themselves.

  • by RenHoek (101570) on Monday June 08, 2009 @10:52AM (#28251069) Homepage

    Well, there's the

        candidate[x]++;

    that should be going on inside..

    Other then then, no math..

    Seems somebody is not following the K.I.S.S. method..

  • by jgtg32a (1173373) on Monday June 08, 2009 @10:54AM (#28251099)
    I'm not a programmer but why would totalVotes[candidate]++; not work?

    Is it a race condition, it pulls the number adds one and puts it back, and if the system is run parallel it will drop vote added at the same time?
  • by Tubal-Cain (1289912) on Monday June 08, 2009 @10:59AM (#28251157) Journal

    The obvious way to do addition in gcc c would be:

    totalVotes[candidate]++;

    but this will totally screw up the vote count.

    Why will it screw up? A bug? gcc trying to force good coding practices? Ignorant minds want to know.

  • by pieterh (196118) on Monday June 08, 2009 @11:07AM (#28251257) Homepage

    Belgian politics are not always polite. There is endless infighting. There is no monopoly of power, every government is a coalition and always fragile.

    This makes election fraud very hard to organise and probably impossible to keep a secret. One would need to buy too many people, for too long.

    So not because I trust the Belgian political establishment, but because I trust their incompetence and greed, I'm pretty satisfied that every vote is counted, and accurately.

  • In related news... (Score:3, Interesting)

    by Xiver (13712) on Monday June 08, 2009 @11:09AM (#28251291)
    In related news its apparently very easy to convince the media that programming voting machines is hard. I seriously doubt this was an accident. Independent testing should have flushed this bug out very early.
  • my observation (Score:3, Interesting)

    by Tumbleweed (3706) * on Monday June 08, 2009 @11:11AM (#28251315)

    I find it interesting that companies that make ATMs for systems that track things down to the penny are unable to track much smaller numbers with errors of plus or minus THOUSANDS.

    Maybe we should just start voting at ATMs?

    Oh wait, that's what the lobbyists do already.

  • by Anonymous Coward on Monday June 08, 2009 @11:12AM (#28251329)

    Additions just aren't so simple anymore in concurrent computing.

    Why would e-voting be a concurrent operation? Each voting machine should tally votes locally. Every hour (or at the end of the day, or at some other random interval), each machine would connect to a central server, upload its current tally, and reset its local info. This upload-and-reset should be done in a synchronous fashion, such that the server accepts only one tally at a time and the client resets only after it confirms the upload with the server. Surely existing database protocols such a two-phase commit would solve this problem satisfactorily.

  • Re:How..... (Score:2, Interesting)

    by S77IM (1371931) on Monday June 08, 2009 @11:19AM (#28251407)

    We still have paper ballots that can be counted by any human being if the computer system fails. All the computer does is tabulate them and provide an interface for those voters (the blind/handicapped) whom can't fill out paper ballots themselves.

    This is how all electronic voting systems should work. No automated result should be legally admissible for anything unless a human can double-check that result. It's like those robot radar guns that snap a photo of your license plate and then mail you a ticket. There's no defense against it or way to double check it -- there's no human to put on the stand and testify against you. (I'm sure there are legal ways around this that let places use this technology but I disagree with them.) It's the same with voting machines, and killing machines [slashdot.org]. Fallible though humans may be, I don't want my rights or future decided by computers.

      -- 77IM

  • by Anonymous Coward on Monday June 08, 2009 @11:19AM (#28251409)

    Yes, it's a threading issue. If you have multiple threads trying to update the value, some of them won't count. You'd either need to use a lock (and probably mark the variables as volatile) or use some kind of atomic update (like a read-modify-write operation).

    Still, you'd have to be an idiot to even try to count votes as they're coming in. A much better approach would be to use a database. Database servers are already really good at handling concurrency and scaling. When a vote is cast, simply add a record to the database. Once the election's over, do something like "SELECT COUNT(*), candidate_id FROM votes GROUP BY candidate_id", and the results will be calculated based on the records in the database.

    Really, you could only screw this up if you insisted on developing the entire system from scratch, rather than going with existing, well-tested code.

  • by Rakshasa Taisab (244699) on Monday June 08, 2009 @11:20AM (#28251421) Homepage
    Exactly... why would it fail on a single-threaded program? The problem is much more that just simple race-conditions on instruction level. What do you do if the program crashes? You have no way of recovering if all you do is increment an array. It really should keep a cryptographically signed logs of each vote, on hardware designed to be read only using specialized key+hardware. The GUI app and the vote management app should be separate programs, with different user/privileges. This would avoid the more complicated UI code having memory corruption issues affecting the vote registration. Each vote would need to do a proper syn/ack message passing to confirm the vote was registered, and a separate sequence sent to the operators controlling the voting booth so they can see the voter successfully cast a vote and tell the vote server when it can accept another vote.
  • too perfect (Score:3, Interesting)

    by Khashishi (775369) on Monday June 08, 2009 @02:10PM (#28253545) Journal

    The initial Tuesday night report said incumbent Ron Kroeger received 49.96 percent of the vote, short of the 50 percent plus 1 vote re-election requirement. The recount found he actually received 51.8 percent, more than enough to secure his seventh term over challengers John Roberts and Steve Rolinger.

    Doesn't anyone think that 49.96%, short of 50% is too perfect for a random error? Most software errors will cause the numbers to explode, either to 0 or some gigantic number.

My problem lies in reconciling my gross habits with my net income. -- Errol Flynn Any man who has $10,000 left when he dies is a failure. -- Errol Flynn

Working...