Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
United States Your Rights Online Technology

Interview with Voting Machine Company Reps 187

laupsavid writes "Here's an interesting interview with government and industry reps on the Black_Box_Voting site. I think it's funny (yet terrifying), almost like an extended Shark-Tank Unclear on the Concept item. They interview Paul Miller, Registration and Systems Manager of the Office of the Secretary of State. Black Box Voting is dedicated to informing people of reasons to reject electronic voting systems. I believe Bev Harris runs the site, and she claims to be an expert on accounting fraud. Also, see this area of the a site called Ecotalk for a list of instances of purported fraud by electronic voting."
This discussion has been archived. No new comments can be posted.

Interview with Voting Machine Company Reps

Comments Filter:
  • by Lord Fren ( 189373 ) on Sunday April 20, 2003 @06:15AM (#5768203) Journal
    Let me see here, they reject electronic voting due to fraud.. so what do they support, the fraud free special hanging chads when using paper ballots (in Florida)?

    It's not like many of us vote anyway..
    • Comment removed (Score:5, Informative)

      by account_deleted ( 4530225 ) on Sunday April 20, 2003 @06:43AM (#5768249)
      Comment removed based on user account deletion
      • Hanging chads aren't really in any way a form a fraud. Fraud usually implies that the incorrect tallying of the votes was purposefully altered. Hanging chads are simply cards where the tiny circular piece of paper hasn't been fully punched out and is hanging from the hole. Actually, in 1996 I believe a house seat was won in Mass. by William Delahunt based on cards with "bulging chads." The cards simply had a little bump and they included that as "voter intent."

        People should also consider the number of spo
      • Actually, some people think hanging chads occur on purpose and can be controlled to some extent. I have read that these machines have support bars underneath the ballot. Any candidate whose name appears over one of these bars is in danger of getting hanging chads instead of votes because the chads from previous votes for that candidate jam in the bars. After enough votes, chads build up in the bars making it impossible to fully detach chads by pressing the stylus through the ballot. Whose name do you su
    • by Kwelstr ( 114389 ) on Sunday April 20, 2003 @06:57AM (#5768270)
      I voted in the last election for governor in Florida with the new voting machines.

      As they stand right now, they give me the creeps: They do not give you a print-out for backup. And there is no way to look at the code by an independent auditor because the republican Kath "Cruella" Harris declared the code a propietary secret. Only the vendor has the right to audit their own code and certify it as bug free.

      An open system should print a ballot that goes into a ballot box as a back-up and it should be open for any independent party to review. If not how do we know there is no fraud involved?
    • I suggest you look up the principle of an "audit trail", my friend. Any accounting method without a paper trail is illegal under IRS rules. At least, when you're accounting for money.

      Votes, apparently, are less important than money.

      As for how to use electronic voting: In Brazil, the electronic voting machines printed out little paper slips with a cryptographic checksum at the bottom. The paper slips were inserted into a ballot box. At the end of the day, these slips were then hand-counted at the end by

  • by PugMajere ( 32183 ) on Sunday April 20, 2003 @06:23AM (#5768215) Homepage Journal

    and hate it at the same time.

    This interview (while somewhat hostile), does illustrate why I hate it - we have voting system companies that refuse to make their systems open that are, in turn, monitored by officials that do not understand how the systems can be tampered with.

    I think our elected officials just aren't ready to handle technology, unfortunately.

    Oh, any voting system that doesn't provide a hard-copy output of how I voted to be used as a check is a voting system I don't trust - a pure touch-screen system should provide a printout that I can confirm, and hand in, where it will be filed much the way traditional ballots are file. The actual counting can be purely electronic for all I care, until a recount is requested, in which case the paper ballots should be used - any tampering significant enough to alter the election should be trivially detectable using this system.
    • The more out-of-sight and automated a system is, the better is has to be. Just to break even.
      If anything is hidden, there is at least the perception that evil-doers *can* do things they shouldn't.
      While I don't necessarily trust either the Democrat or the Republican election officials, I do feel fairly safe trusting that both are in no mood to let the other side get away with much of anything.
      I don't have any answers, but unless anyone can at most anytime publicly ask any election official just what they are
    • by budgenator ( 254554 ) on Sunday April 20, 2003 @01:50PM (#5769551) Journal
      somewhat hostile
      Compared to most of the vocal /.ers on privacy naive or even gullable; I actualy thought the the FLA election fiasco was basicaly much ado about nothing. After reading the article, allowing for editorial liciense on the interviewer side and giving the election officail the benefit of the doubt the only thing I can conclude is that Miller should be ashamed to cash his pay check. This Miller guy was not somewhat hostile, he was downright evasive unaceptable for a public servant. I could except answers like, "I don't know that's Joe Snuffy's area of expertice, let me ask him and I'll Email back an answer ASAP"

      I made my first 'puter by wire-wrapping from a schematic back in 1976, and there is no way I'd trust a system without a hard copy output for anything more inportant than internet surfing.

      basicaly what I got out of the interview is
      1. a company make the voting machines named AccuVote
      2. this company issues updates on CD's and if the update is significant it's independantly tested but nobody seems to have a definition of significant.
      3. the CD's arrive from a source that's not explained, and don't seem to be verified as coming from an authorized source. Something like doing a MD5 checksum to verify the cd might be usefull for accounting purposes.
      4. the CD are load into the system and they do what-ever they do and nobody seems to be accountable for tracking the machines that are updates; or even verifing which files have been changed.
      5. before the election's the system is tested for Logic and Accuracy and if this test is passed, it's assumed valid for live data. of course off the top of my head an election would need huge amounts test data to cover all of the different vote possibilities and possible user responses.
      I'd also have to agree with the interviewer, touch-screen voting machines are untestable.
      Seems a pretty sloppy way for a secratary of state's office to do bussiness if you ask me
    • Not just fraud - but what happens if the machines ust screws up? Without a paper backup, are the votes just LOST?
    • I found them to be very cavalier about it all. I was very put off by that. Free elections are a serious matter, and every step should be made to make the process as accountable as possible to the will of the people.

      As far as recounts go, many places don't even allow a recount if an election is not within 1-4% difference between candidates. Make your fraud greater than that, and you can't even check it under the present laws period in those areas. How is that accountable?

      I want "None Of The Above" on the b
  • A technological solution to a problem is accused of shortcomings under the assumption that the manual solution to the problem does not have the same shortcomings.

    In my opinion, anybody that presents an argument that electronic voting is particularly subject to fraud must factor in the amount of fraud that already goes on in non-electronic elections.
    • by AndrewRUK ( 543993 ) on Sunday April 20, 2003 @07:29AM (#5768312)
      The problem with electronic voting is just as much about transparency and accountability as whether it is more susceptable to fraud than a dead-tree vote.
      With a paper vote, the system is intrincially very simple - the voter marks a ballot paper according to who they're voting for. The ballot papers can be counted by hand, and anyone who wants to can observe the counting.
      With an electronic voting system, how can I check how it's working? Even if the source code is open for all to see, how do I know that the published source is what's actually being used? And how can someone who doesn't understand computer programming check that the system is correct.
      Any voting system is vulnerable to fraud of some sort, but, imho, a system which anyone can understand is better than one which only a privilaged minority (geeks) can.
      • With an electronic voting system, how can I check how it's working?

        Testing, testing, and more testing. A huge number of rigorous tests.

        Compared to many other projects, designing and implementing a secure, accurate voting machine isn't technically challenging. The challenge comes in proving that the voting machine is both secure and accurate.

        This might be a good time to employ those crackers that have recently been discussed on Slashdot. Observe how they crack the system and eliminate that vulnerbility.
        • It's not as if the average person has a chance to examine the current voting machines today. Many places use machines whose actual workings are a mystery to them. I don't see why a more technologically advanced solution should make them worry more.

          Why is there a need for any voting machine? Why not mark the ballot papers by hand with a pen? (It works here in the UK) Why replace one solution that most people don't understand with another one they don't understand when there's one available that anyone
          • because everyone in America needs things NOW NOW NOW. Seriously... I mean, networks use exit polling to try to call the elections in a particular district before the polls even close. Everyone looks at electronic voting because it seems faster and seems to eliminate human tampering and error (it's a computer, right?).

            I'm not saying I agree... just that I can see the appeal.

            • because everyone in America needs things NOW NOW NOW.

              The strange thing is that in many cases it wouldn't matter. It's not as if the US president might be told to leave a few hours after the polls close...
        • by sphealey ( 2855 )

          With an electronic voting system, how can I check how it's working?

          Testing, testing, and more testing. A huge number of rigorous tests.

          Compared to many other projects, designing and implementing a secure, accurate voting machine isn't technically challenging. The challenge comes in proving that the voting machine is both secure and accurate.

          The fundamental problem being that the people who write the specs, make the purchase, and oversee the proof testing are the same people who have the greatest conflict o

        • finally, someone advocating testing! unfortunately, it's a technical solution to a social problem. how do you say "we have a reasonable confidence that noone tampered with the machines (read: voting process) in last night's election"? the last election i voted in (municipal) the people tallying the votes knew that i (or anyone) could walk in and observe the process. if anyone yelled hanky panky, it was possible to completely reconstruct the original data set at a later date and answer the challenge.
          th
        • Sure, testing is a wonderful way to put the system through its paces and determine if it behaves properly.

          The first problem is that each company that builds these things claims trade secret protection to the whole system so there's no way to actually audit these to the public's satisfaction.

          The second thing is while the system may be trusted, the individual machines might not be. We're not just talking about software, but an entire system. Suppose one machine in your precinct is deliberately compromised
      • With a paper vote, the system is intrincially very simple - the voter marks a ballot paper according to who they're voting for.

        It's also possible to set up a polling station in a shed in the middle of nowhere. Anyway an eletronic voting machine system probably really should come with the generators and telecoms hardware to ensure the whole thing could work in the middle of nowhere. So as to guard against the power going off. Thus you now need a large truck per polling localtion.

        The ballot papers can be
    • Re:I hate it when... (Score:2, Interesting)

      by UPSBrian ( 470009 )
      I think another anti-fraud device that an 'Electronic voting with Printout' system might have is cross checking.

      The procedure would be this

      1) You would get a printout-ballot encoded with machine AND human readable information after you make your selection via touch screen. Each printout ballot would be encoded with a unique, but anonymous control number.
      2) You would audit the printout to ensure the right selections were made.
      3) You would deposit the printout into a sealed ballot box.
      4) After the polling p
      • Why not use all paper then? The reason electronic voting is in demand is because people want faster counts. Counting the paper ballots makes it even more inefficient than the current system.
        • The machines reduce the error rate significantly. But without a paper backup there is just too much that can go wrong. There is no reason for the voters to have confidence in the system.

          Never mind fraud - without a paper backup, what happens if the machine just screws up -- are all those votes just lost?
        • you don't have to count them all, just a sufficient random set to audit the accuracy of the machines, probably no more than 1-5%, and they can be counted some time in the next couple weeks, ideally by a totally different group.
    • by Eric Green ( 627 ) on Sunday April 20, 2003 @09:23PM (#5771197) Homepage
      The problem, my friend, is that the current implementations of electronic voting machines violate basic principles of accounting. If you used those methods to account for money, the IRS would put your ass in jail, but apparently it's okay to lack a paper trail and an audit trail if it's votes rather than money.

      Personally, I believe votes are as important as money, and should get the same care in their accounting. That, rather than the electronic nature of the new machines, is what irritates me about the new machines. They are fundamentally broken from an accounting point of view, and nobody seems to give a shit because, apparently, votes are not as important as dollars in the United States of America.

  • by MyNameIsFred ( 543994 ) on Sunday April 20, 2003 @06:29AM (#5768224)
    In the months after the Bush-Gore election, the dead-tree version of the WSJ had a series of articles on election problems in other parts of the country. Stories that were overshadowed by the Florida story. One of the common themes of the stories was that election equipment and the associated budgets are low priority items throughout the U.S. Primarily because local officials would rather spend money on potholes that voters see everyday than equipment they see once every two years.

    One of my favorite stories occured in a western state, I believe New Mexico. The local election official was suppose to set up the "tailor" files for the electronic vote counting system. Afterward, he was suppose to run a variety of test cases to make sure it all worked right. So on election night, their counting the ballots and someone noticed that the totals don't add up right. As I recall, a large group of ballots were being ignored. In a panic, they ID the problem and call the equipment vendor asking how to make the necessary changes. The vendor begs them not to change a thing and call a judge, pointing out that any changes made on election night will probably led to a election fraud trial. They call in a judge, who brings in reps from the handful of political parties. It takes days to fix the problem.

  • It doesn't matter wether the votes are tallied electronically, manually or telepathically; if we have no [realistic] way to make the vote counters accountable, then it's all for nothing.

    In other words, the problem isn't the mechanism, it's the implementers.
    • You are correct that accountability is the key, but I believe you are wrong in your contention that technology can preserve that accountability. The traditional paper ballot system had accountability built in. Poll watchers were allowed to examine the empty ballot box prior to the start of voting. They were allowed to observe the counting of the votes in the ballot box at the end of the election day. If there was hanky panky, this level of accountability allowed them to detect it. About the only way there c
  • "Cha-Chunk!" (Score:3, Insightful)

    by snilloc ( 470200 ) <jlcollins@nOsPAM.hotmail.com> on Sunday April 20, 2003 @06:57AM (#5768267) Homepage
    Call me crazy, but there's just something very "real" and satisfying about pulling the lever on those old clunky mechanical voting machines.

    In all seriousness though, with some hard-wirded electronics (rather than software), it should be pretty easy to construct a virtually fraud-proof voting machine that resembles the old-style ones but isn't as expensive to manufacture or maintain.

    • Re:"Cha-Chunk!" (Score:3, Insightful)

      by AndrewRUK ( 543993 )
      Why do you need a machine at all?
      What's wrong with using a pen to put a mark next to the name of the candidate you're voting for? No more problems with hanging/swining/pregnant/... chads, and just as verifiable (although satirists might not like it...)
      • A machine can provide the voter instant feedback on whether or not thier vote is valid.
    • Note that the old mechanical voting machines were easy to "fix". For example, all you had to do was open the back and file a few teeth off the gear for the candidate you wanted to lose. That would make the machine randomly skip votes for that candidate. Very few elections inspectors were mechanical geniuses with eyesight sharp enough to notice a missing tooth on an internal gear, so all that was necessary was for the elections officer who stored the machine between elections to be "on the take".

      The proble

  • by Anonymous Coward
    Why on Earth should we attempt a paperless voting system?

    Without a hardcopy of each vote as it is cast, a recount is nearly useless.

    I propose that each voting station be issued a single unperforated paper roll of ballots, with the voting booths in a line. Each vote would be punched and signed on the same roll.

    Instead of having a pile of cards that could be selectively lost or stuffed, the individual rolls would be easier to keep track of. Plus, hand recounts would be far easier.

    This could be abused too,

  • usefull links (Score:5, Informative)

    by CreGen ( 628609 ) on Sunday April 20, 2003 @07:14AM (#5768288) Homepage
    Many ways to abuse this system. If your interested in voting fraud, a story can be found on the bbc website [bbc.co.uk] about implementing online voting in the UK.

    There was also a discussion about election reform and voting voting fraud last summer and can be found on the cato [cato.org] site.
    Or you can watch the even in Real video [cato.org]
    • Re: usefull links (Score:5, Insightful)

      by Blue Stone ( 582566 ) on Sunday April 20, 2003 @04:02PM (#5770038) Homepage Journal
      Greg Palast [gregpalast.com] covered the Florida election fraud, and in chapter one of "The Best Democracy Money Can Buy" [gregpalast.com] he talks about how the electronic voting machines were set to swallow spoiled ballots in mostly black areas, and return them for correction in mostly white areas.

      Anyone concerned with electoral fraud in the US, the use of poisoned databases to cull legitimate voters from the electoral rolls, and the future of voting might want to read Chapter One - Jim Crow In Cyberspace [PDF] [gregpalast.com] of the book.

      Choice Quote -

      "One can't sabotage democracy with felon lists alone. Balloteating machines worked well in Gadsden and other Black counties, but cyberspace offers even more opportunities for fun and games. This time, it's "touch screen" voting. No paper trail, no audit path, no fights over recounts: recounts are impossible.
      "Florida is the first state to adopt this video-game voting technology. Secretary of State Harris immediately certified the reliability of one machine, the iVotronic, from Election Systems and Software of Omaha. On their Web site, there is a neat demo of their foolproof system you can try out. I did - and successfully cast an "over-vote," a double vote for one candidate. Then the site crashed my laptop. But hey, the bugs will be worked out . . . or worked in.
      "The question is, who else is touching the touch screen? In the case of the iVotronics, it's Sandra Mortham. Ring a bell? She was Harris's Republican predecessor as secretary of state, the one who hired DBT. Now she's iVotronics representative in Florida.
      "

  • If they don't count the ballots at the poll in front of voters then the system is wide open for fraud. It doesn't matter what system they use. Here in Texas they lockup the ballot boxes in a car and haul them to the county court house. How do you know that the box is the same box as what left the polling place. How is an electronic system going to prevent a "virtual box swap" of ballot tampering. We allready have ballot tampering. This makes it easier.

    Why do people think that a electronic system is s
  • by Effugas ( 2378 ) on Sunday April 20, 2003 @08:15AM (#5768381) Homepage

    The purpose of a democratic election is not to determine a winner. Every conflict, democratic or not, peaceful or not, ends up generating winners. No, the purpose of an election is to make everyone agree who lost, and to generate (through a future election) a preplanned battlefield for a future engagement.

    Only through this process can the costs of conflict -- which are often substantial, sometimes far greater than the value of what's being fought over -- itself be minimized.

    Some engineers with no knowledge of politics imagine voting is a counting problem. Given hundreds, thousands, maybe hundreds of thousands of individual polling sites, how can the numbers be collated and reported accurately? How can the top scoring candidate be identified and informed of his or her success? In short: Who won?

    They miss the point entirely: The problem is never the winner. The winner is not the one to doubt or challenge the system. The winner is always happy to win -- it's never the party in the lead that calls for a recount. No. The problem is with those to whom power has been denied. They are the ones that the entire system exists for; they are the ones who the process is designed to satisfy. We hold out a carrot -- you will have your chance again in some time -- and ultimately, a stick: You failed to convince enough people that your cause was worthy, that your message was true. We brought your message to the people, and they turned away.

    That doesn't say "You won." That proves "You lost." This is why it is so critical to have a genuine paper trail for voting systems: Any idiot can tell you who won, but once the facts disappear -- once the finger rises from the touch screen -- there is no mark, no evidence, no proof at all. That doesn't mean the election won't have an outcome: Courts can quite easily, by fiat, declare that the voting system may not be challenged. By fiat, then, they decide who won.

    Fiat -- legalese for "Because I said so" -- does not a proof make. Fiat declares a winner; it cannot prove a loser. Thus it fails, utterly and completely, to serve the purpose of the election system itself. Open and unambiguous access to the voting architecture is critical if we are to provide an election system that defies the sour grapes of a failed candidate. Anything less makes a farce of the election process -- why go through the rigamarole if people have no reason to believe the results?

    The sad part is, most engineers have settled on the most obvious solution: Touch screen voting, with a human readable (but easily computer-auditable, through the use of the standard OCR fonts that have been on checks for decades) printout that is stored for recount purposes. (The printout is on difficult to forge official paper, and contains some piece of data that did not exist before the election, akin to POW's holding a newspaper.) At that point, there are a few choices -- have the touch screens also communicate to a central office, which collates votes and designates 5% of precincts randomly for immediate on-site audit, or perhaps skip the touch screen link and have each site read the votes from the printouts and only the printouts. Given a challenge, the computers speak the same language we do, and possess logs in the same physical format we can analyze. A challenged result can be answered with evidence -- and thus the challenge is not likely to be made at all, for that would be yet another failure for the candidate.

    Elections without evidence see their legitimacy drain away like blood from a sliced jugular. Without evidence, it's not that the victor cannot be shown, it's that the challenger cannot be refuted. Shaking ones shoulders, saying "I'm not going to prove a negative", is insufficient. Blind touch-screeners leave elections vapid and useless, an exercise in futility that doesn't raise an eyebrow when precisely 100% of the (remaining?) population votes for Saddam.

    It's honestly surprising that, in this d

  • by Cryogenes ( 324121 ) on Sunday April 20, 2003 @08:47AM (#5768449)
    and that is the true reason why they must be rejected. A society cannot claim to be a democracy unless it has free and secret elections.

    An election is secret only if the voter is required to conceal his/her vote. This prevents votes from being bought (since the buyer cannot know if he actually gets the goods) and it prevents people from being pressurized into voting for a particular party (with online votes, a tyrannical husband can easily make sure his wife votes the right way).

    Of course, vote by postal letter has the same problem which is why most democracies allow it only in case of unability to otherwise attend and also make it at least somewhat inconvenient.
  • shuck and jive (Score:2, Insightful)

    by zogger ( 617870 )
    ok, I read it, unfortunately what I expected. Shuck and jive and dodging the critical questions by the manufactureres rep. The election official gets a last minute Cd with the "upgrade" so it gets run. Who's verified the original program? "they did, trust them" Who's verified the Cd? "they did trust them" Who mailed it, was it switched, a man in the middle, what if the programmer is compromised through bribery and blackmail? "never happen, trust them"

    phooie, it's a scam, a sophisticated scam

    None of those
  • This is exactly the same syndrome that used to make people wary of e-commmerce back in the 90s: "it's in computers! I don't understand computers! Anything could happen!" And just like it's easier for the shop clerk to steal your credit card number when he's ringing up your purchase, it's actually a lot easier to rig elections when they're done manually than when they're done electronically (as Jeb Bush will happily inform you) because you can declare big chunks of those paper ballots "unreadable" and exclude them from manual counting, which is what happened in Florida in 2000 in a number of democrat areas.

    Electronic voting is instant, traceable, and most importantly interactive: how much would all those idiots who accidentally voted for Buchanan in 2000 have appreciated a dialog box popping up saying "You are about to vote for X"?
    • it's actually a lot easier to rig elections when they're done manually than when they're done electronically (as Jeb Bush will happily inform you)

      Only if the count isn't properly supervised.

      because you can declare big chunks of those paper ballots "unreadable" and exclude them from manual counting

      Kind of hard to do if a candidate or journalist says "let me see those papers or spend some time in a police cell".
    • Find out why a computer science professor who has forgotten more about computers than you are capable of learning leads the opposition to electronic voting machines with audit trails existing only in your imagination here [notablesoftware.com].
  • by teamhasnoi ( 554944 ) <teamhasnoi@yahoo.cLIONom minus cat> on Sunday April 20, 2003 @10:08AM (#5768664) Journal
    no time to type, but where are the open source voting programs?

    I'd feel a lot better about electronic voting if someone could download the code and review it, to make sure some programmer didn't get and 'extra' bonus that election cycle.

    I realize there's no money in it, but w/ all the /.ers talking about how the current systems are rife with opportunities to tamper, I would thinks that *someone would be working on it, if not for their own amusement, for the good of free democracy.

    Unless of course all you coders are to busy playing America's Army...

    • Have you ever seen a bit? Because all the DRE's are programmed on firmware. Even if we had the source, we still cannot be sure the provided code is whats on the firmware. Subtle compiler version differences, command line options, etc, can change the binary in large ways. Additionally, its pretty hard to inspect the ROM itself. On an outside against-the-odds shot, they could even resort to altering the binary of the compiler to recognize itself and the ROM, such that source code verification would be useless
      • Suppose we created an open-source electronic voting system that you could check your vote against?

        You go to the precinct and cast your vote. When the vote is completed you get a paper printout and a hash value/confirmation number.

        Then you could go back home and download the checker code. Punch in your precinct number and download the candidate list. Punch in your confirmation number and verify that it matches what you voted for.

        I'm sure there are still ways around this system and probably more securit
  • by paiute ( 550198 ) on Sunday April 20, 2003 @10:21AM (#5768713)
    We should have know something was amiss when Brokaw read the final totals: 15% for Bush, 15% for Kerry, 20% for Natalie Portman, and 50% for the next President of the United States, "that goatse guy".

  • by mc6809e ( 214243 ) on Sunday April 20, 2003 @10:48AM (#5768822)
    The real potential for electronic voting is the opportunity to improve the voting system itself.

    There are many voting systems possible besides simple "one man, one vote". In fact, "one man, one vote" is probably the worst of all (of course, Arrow proved no perfect voting system is possible [byu.edu]).

    There are some alternative systems here [boulder.co.us].
  • by TheNumberSix ( 580081 ) <NumberSix@simpli ... EL.com_minusfood> on Sunday April 20, 2003 @10:52AM (#5768837)
    Here in Clark County, Nevada, the very same Ms. Ferguson from the article was our elections supervisor at one time. She came in to the job, stayed just long enough to throw out all our old machines that had some kind of an audit trail and bought brand new totally electronic, un-auditable voting machines which violate state law from Sequoia Inc.

    She only got the machines approved by the most ridiculous of explanations: A Printout of the memory card is just as good a audit trail as real ballots. Read about it here in our local paper [lvrj.com]. What did Ms. Ferguson do after leaving Clark County? Why she went to Santa Clara County in CA, where she stayed just long enough to throw out any auditable voting machines and replaced them with fully electronic voting machines from Sequoia.

    After that, where did Ms. Ferguson go? Why she accepted a position as a Vice President... of Sequoia systems!

    Do I think there is some wild conspiracy here? Nope. It's just a case of a political hack on the take, who doesn't care about the laws of the state that she is supposed to enforce [state.nv.us].

    Plus, I think the Slashdot crowd understands full well how when you have critical software apps that are closed source, you are essentially outsourcing control of your apps. So any county that has these fully electronic devices has outsourced election security to the low bidder. Egads.
  • Here in Brazil we've been using them for more them 10 years AFAIR and in 100% of our territory (which it's quite big and *very* hard to reach in some places). The secret is there is no secrets. 1) Despite the source for the application is not open to everyone, any political party (we have dozens of them) can have their own experts auditing the code. 2) Some machines print the vote so the citizen can have a copy. 3) A random % of the all machines are audited by an independent group. This way we can have prec
  • Given that the powers-what-am seem to be determined to sell themselves (and by extension all the rest of us) out, what options might there be?

    One possibility might be to get as many people as possible to vote absentee - thus returning the voting process to paper form. Perhaps overwhelming the election workers as well. Not, of course, that that would ever be part of anyone's motivation.

    If you go in to the election location and refuse to vote on a machine, do the election types have to provide alternati

  • by bjtuna ( 70129 ) <brian&intercarve,net> on Sunday April 20, 2003 @12:11PM (#5769144) Homepage
    I am in a class [jhu.edu] in which our final project is to design a remote pollsite e-voting system. We read a bunch of definitive papers, including those by Caltech/MIT, the California Electronic Voting Task Force, and the National Science Foundation.

    First off, every source believes that there should be a paper trail as a backup. This is good.

    Second off, every source believes remote internet voting is too insecure to be feasible at this time.

    Third off, my team's research shows it is impossible to have 'remote poll-site voting', in which a voter can cast his ballot at any station or kiosk in the county or state, while protecting voter anonymity and without relying on an always-up internet connection at each poll-site.. The crux of the problem is this: you can't update a voter's record in a central voter registration database (to change him to "VOTED" or something) without the polling stations being connected to that database over the internet , or phone lines, or some kind of link. So instead, you would give each polling station its own copy of the voter registration database. But that means if someone tries to vote twice (once each at two different polling stations), the only way to ensure that both votes are not counted is to associate the ballot with the voter-ID..

    At this point, it becomes a matter of trusting the government. Even if the ballot that is associated with the voter-ID is encrypted, do you trust the government not to decrypt those ballots before duplicate votes have been resolved and the voter-IDs have been stripped off? Even if the voting system was open source, do you trust the government to not use a forked version that *doesn't* respect your privacy?

    Another scenario is to set up secure links (internet w/ IPSec, or private phone circuits, or satellite...) from the polling stations so you *can* update the central voter database in real-time. All of a sudden, the entire voting system is subject to denial of service attacks. People would climb poles to cut wires, etc. And if your system was designed to be "failsafe", so that voters could still cast a ballot even if the link was down, you'd be back at the voter anonymity problem mentionend above: those failsafe ballots would essentially be the equivilent of modern-day "provisional ballots", in which your name and identifying information are written right on the front of the envelope.

    I don't see a cryptographic solution to the problem, as such solutions seem to involve the government holding all the keys.

    The professor of the class is a brilliant man, and he admitted to me that this is a fundamental problem and that he was, in fact, hoping a solution might come out of his assigning it to a bunch of students with fresh perspectives.
    • ... my team's research shows it is impossible to have 'remote poll-site voting', in which a voter can cast his ballot at any station or kiosk in the county or state, while protecting voter anonymity and without relying on an always-up internet connection at each poll-site.

      So what? That's not possible with paper systems either, and it's not part of the way voting works now, at least in my experience. You have to vote in your ward and precinct, not anywhere in the state you like.

      If you're talking ab

      • You're missing the point. The task was to use electronic voting to ACHIEVE remote poll-site voting, as a way of improving upon the current system where you are tied to a home district.

        The NSF, Caltech/MIT, and California papers all concluded that remote poll-site voting was possible now, but none of them offered implementation details or tackled the privacy problem I outline in my original post.
    • the only way to ensure that both votes are not counted is to associate the ballot with the voter-ID

      The best, albeit not 100% complete, solution to this is to have the voter ID be non-identifying, i.e., a single-use ID for that election. The ID would have to be linked to an actual voter, but that information could be stored in a completely separate database (and most certainly NOT connected to any network). Access to that database would require specific legal justification and would have to be tightly co

  • A quote from the interview that deserves to be read and admired in its crystal simplicity, brilliance and depth of understanding.

    "It's not the programmer that programs the machine."

  • I've served as a Baltimore City election judge (Republican - in a Democratic-majority jurisdiction) a couple of times, plus I've observed (and reported on) all phases of the vote-counting process at one point or another in my career.

    Based on my experience and observations, the mechanical voting machines used in Baltimore were far more cumbersome and caused more problems than any conceivable "pen and paper" hand-count system.

    I am not anti-computer. (Note that I am not using pen and paper to post this comme
    • France has a very simple system: voters isolate themselves to put a printed bulletin carrying the name of their candidate in an envelope, then go to the desk; their id is checked with respect to the electoral roll, they sign in front of their name and case the vote into the ballot box.

      The box is made of clear plastic and before voting begins witnesses can assert it is empty.

      After voting ends, counting begins on the spot; neither the ballot box or the ballots are moved out of the room. Volunteers come to c
  • by Ian Bicking ( 980 ) <ianb@colPASCALorstudy.com minus language> on Sunday April 20, 2003 @03:38PM (#5769952) Homepage
    It seems like ATM machines are exactly the right style for a voting machine. Who needs hi-tech?

    Get a cheap screen. Put some buttons on the side. The voter presses the button to go with the right candidate, as displayed on the screen. This interface is easier and more reliable than any touch screen I've used. And it's so damn simple and reliable...

    When you're done, just like an ATM, you get a receipt (aka voter printout). The identical receipt is printed and stored inside the machine, and the result is electronically stored or immediately uploaded elsewhere. No one would ever make an ATM without that paper roll inside (or the receipts printed for the customer)... I honestly cannot think of any valid reason not to do so, except to deliberately enable fraud. The printers aren't expensive.

    If you wanted to be clever, you'd put a number or bar code or somesuch on every ballot, and within maybe 30 minutes the voter could return to the machine, invalidate their old vote, and enter a new vote. If the voter gets a printout it's not as helpful if they can't do anything if they realized they voted incorrectly. But that correction process does add the potential for fraud (though of course the correction would be logged for future auditing).

    Someone else suggested an even simpler system where the machine prints out a ballot, and the ballot is put in a ballot box (after confirmation by the voter). Create something both machine and human readable (machine by OCR, so there's no possibility for the vote being inconsistent)... not as fast to count as electronic results returned by a modem, but does that really matter? Higher accuracy than punch cards, and highly transparent (so long as ballot boxes don't get lost...)

    Lastly, election boards should be running exit polls. Not for any official purpose or in order to report to the public, but as another safeguard against both fraud and mistaken results. If the results of that sampling are too far from the actual results, then something went wrong. It won't correct those problems, but it's a final way to check that there are no massive inaccuracies in the voting.

    • No one would ever make an ATM without that paper roll inside (or the receipts printed for the customer)... I honestly cannot think of any valid reason not to do so, except to deliberately enable fraud. The printers aren't expensive.

      Just to be sure, ATMs in Germany don't give you receipts either. Apparently it's possible and justified by someone (although the reasoning is unknown to me).

      • To clarify, I'm talking about the internal printer. Every transaction at an ATM gets written to a roll of paper inside the machine, which can be used to audit the transactions at that ATM. The actual user of the ATM might not want a receipt, but there's always a paper record. Well, unless they don't refill the machine's paper (happened once when I had a problem with an ATM).
    • No one would ever make an ATM without that paper roll inside (or the receipts printed for the customer)... I honestly cannot think of any valid reason not to do so, except to deliberately enable fraud. The printers aren't expensive.

      Well, the ATMs at my bank ask if you want a receipt, a fairly new innovation within the last year or so. I suspect they're trying to get customers accustomed to not getting receipts -- after all, printing that little piece of paper adds a fraction of a cent to the cost of eac
  • How hard is it to build an electronic voting machine around a PC? It presents the ballot in the form of multiple choice forms, records the results when the voter hits the VOTE button, prints the ballot choices on a POS-style printer inside the machine that's only used at recounts, uses a second printer to give the voter an "I Voted!" tag.

    I could have done this 15 years ago with BASIC on a C-64 and a DIY cartridge port to interface with physical hardware. The majority of people here could do one without di

  • Voting irregularity is a function of local political organizations, not technology.

    The classic example of widespread voter fraud is New York City's Tammany Hall Democratic machine. The Tammany people would hide votes, pay voters, cut off non-voters from political patronage, etc.

    Vote machine manipulation is by far the least common means of voter fraud. It's far easier to manipulate people than machines -- and you can't audit people anyway.

  • This is an exerpt from:
    http://www.blackboxvoting.com/modules.php? n ame=New s&file=article&sid=22

    "They actually WANT us to use a voter-verified paper trail!

    Avante produced the first voter-verifiable touch-screen voting machine, called Vote-Trakker. Harris interviewed Kevin Chung, Avante's founder, and though she's not finished yet -- she is putting this company through the same investigative process she used with ES&S, Diebold, and Sequoia -- Harris noticed something different. This company act
  • Telling parts. (Score:3, Interesting)

    by Irvu ( 248207 ) on Monday April 21, 2003 @10:26AM (#5773427)
    Miller: "What you're implying is that there is a way for a programmer to know where a candidate will be on the ballot to give that candidate a benefit. That's impossible."

    Harris: "Regardless of who sets up the ballot, the ballot does identify who is a Republican and who is a Democrat. So there would be a way for the program to know that. Why couldn't a programmer, for example, set the machine to wait for a couple hundred votes and then put, say, one out of every 10 Democrat votes into the Republican bin?"

    Miller: "It's not the programmer that programs the machine."

    Harris: "But whoever does it identifies, for example, who is a Democrat and who is a Republican, so regardless of who inputs that, the machine would be able to read and identify that too."

    Miller: "I'm not going to talk about proving a negative."

    Harris: "But the positive, which can be proved, is that every election system that's ever been used in the USA has, at one time or another, been tampered with. And what we do know is that $800 million has gone toward contributions to candidates. So certainly we can predict that someone will try to tamper with a programmer. And therefore, what I'm asking, is what safeguards do we have in place to make sure that, if someone tampers with a program or a CD update --"

    Miller: "I think we've gone as far as we can go."
  • Easter Eggs. (Score:3, Insightful)

    by Black Copter Control ( 464012 ) <samuel-local@bcgre e n . c om> on Monday April 21, 2003 @11:15AM (#5773773) Homepage Journal
    A simple counter-example for people who figure that they can secure electronic voting machines without having *complete* access to the sourse and the ability to compile it from scratch: Lets say that a rogue programmer (or even the CIO) at an electronic voting machine company decides to include the following 'spock pinch' easter egg:

    If you place your fingers on two or three pre-determined locations (e.g. opposite corners) while making a vote selection, then all current (or subsequent) vote are changed such that 1/3 of all votes go to your preferred choice.

    This 'feature' would be essentially impossible to find in logic testing, and would not depend on the egg programmer knowing anything beforehand about what the vote questions would be, when the vote would take place or even how many 'test' votes were done.. All you would need would be someone who could make it to the polling station at the appropriate time in the voting process (beginning or end) to activate the egg.

    Without a voter verified paper trail, it would be almost impossible to verify that such a cheat had been used. -- remember it could also be encoded in the prom firmware of the machine -- not just the truly soft software, and it could sit there for years, until an appropriately critical vote occurred (or an appropriately large bribe was paid).

"Hello again, Peabody here..." -- Mister Peabody

Working...