Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
United States Technology Your Rights Online

Electronic Voting: The Other Side of the Story 192

_randy_64 writes "We've all read about the perils of online voting. But in an article in MIT's Tech Review, noted technologist Simson Garfinkel looks at the other side of the story and comes away thinking that e-voting might not be so bad, if done properly. He mentions several ways that traditional ballot voting is just as 'hackable' as the electronic version."
This discussion has been archived. No new comments can be posted.

Electronic Voting: The Other Side of the Story

Comments Filter:
  • by astrashe ( 7452 ) * on Friday September 05, 2003 @09:20PM (#6885023) Journal
    I don't understand why a cryptographic protocol using a blind signature can't be used to make an auditable voting system.

    To me it seems like it could be a special case of the digital cash problem that guys like David Chaum worked on. You give everyone a single vote that they can cast -- a blob of data with a blinded digital signature. Then you let them spend them (vote) however they want.

    You could even let candidates set up their own sites to collect their own votes. So someone could give Dean or Bush their vote, and then Dean or Bush could turn them into the election commision. It wouldn't be necessary to do that -- a central site makes more sense -- but wouldn't it be secure enough to let the candidates collect their own votes, with a realtime online election commision protecting against double voting?

    If DigiCash is secure (and although it's been dead for a long time, I think it was considered secure), it seems like this should be secure.

    The article is right when it points out that we have a lot of election fraud now -- it ought to be possible to improve things substantially.
    • by Mr. Darl McBride ( 704524 ) on Friday September 05, 2003 @09:25PM (#6885042)
      I think you've hit the nail on the head. The problem is that the new election systems are trying to mimic the old systems. Votes are accumulated and summed locally, and nothing but a number is sent upstream.

      This model should be put to rest and replaced by something more secure, and more tuned to the technology we have today that wasn't available thousands of years ago when paper ballots were first put to use.

      If the vote is trackable through the system today, but only by the originating party, then fraud would be rapidly exposed. If the voter's ballot is a key countersigned by the party receiving the vote upon voting, then anonynimity is protected, and all votes are provable in both directions.

      • by Anonymous Coward

        If the vote is trackable through the system today, but only by the originating party, then fraud would be rapidly exposed. If the voter's ballot is a key countersigned by the party receiving the vote upon voting, then anonynimity is protected, and all votes are provable in both directions.

        This might not be a good idea. The basis for non-trackability of the vote is rooted in the need to remove incentive to buy votes. If somebody pays me to vote properly then he/she certainly wants the proof that I did vot

      • Direct manipulation of the vote is not the only means of exploitation. The goal of the Australian vote is to discourage coersion. Imagine a form of fraud the voter took part in. Say a third party is paying people to vote a certain way. Giving people a way to prove they voted one way or the other removes this secrecy. Now you just have to show Big Boss that you voted the right way to collect your 30 bucks.

        Kinda makes me wonder how much a vote is worth these days...
    • by Moridineas ( 213502 ) on Friday September 05, 2003 @10:00PM (#6885218) Journal
      I think you've just pointed out the best reason NOT to go for online voting. Surely you're familiar with the voting corruption of Old America--the political machines and of the buying of immigrants (and others) votes. Do you have any idea how much corrupt people would LOVE a situation where you could buy someone's vote and there would be no way to prove this? Something like you advocate would usher in an unprecedented era of vote selling and corruption.

      I'm all for technology when it helps, but my opinion is if you won't expand the effort to send in an absentee ballet (which itself is open to problems) or, god forbid, drive to a local polling place (where they SHOULD check ID's) and place your vote in person, I'd personally rather you didn't vote :)

      Personally the ballets I like best are those recently adopted in my state--there is a candidates name, and a arrow drawn like:

      President (PICK ONE)
      == ===> George Bush
      == ===> Al Gore

      and you use a stirdy black marker to fill in the arrow. Very easy, very hard to mess up.

      I wouldn't MIND 100% computer voting, but there absolutely has to be a paper trail. Think what would have happened in the Florida election--Gore would have lost by a couple hundred votes, there would have been a huge fuss, and then what? We never would have been able to go back and see that Bush indeed did the higher number of votes. This is a problem.
      • Comment removed based on user account deletion
        • There are ways of checking for this. Obviously we will never be able to check 100%, but you can bet that many irregularities taking place near voting centers are noted. In any case, the situation would only be made less trackable, easier, and wider in span online. Not to mention, if I give you $100 to vote for Gore, how do I know you REALLY voted for Gore? Whereas if you can send me your eVote token or whatnot, you can be sure.
    • Wait! Let's not dive into the good ideas just yet. First, someone needs to point out that the article author is a little confused on several key issues.

      Got a hotel with perfectly good door locks and metal keys? Rip them out and replace them with computerized locks and swipe-cards.

      There is nothing "perfectly good" about a lock whose keying needs to be changed every few days for liability and safety purposes. On-staff locksmitch or programmable locks? Hmmm.

      These computer professionals say that
      • by Minna Kirai ( 624281 ) on Friday September 05, 2003 @10:38PM (#6885393)
        Eh? How, exactly, is it easier to print big fonts on a screen than a piece of paper? I think the cost of paper varies less strongly with size than, say CRT and LCD technology.

        There's a graphical trick an electronic screen can do called "scrolling". A single piece of equipment can show data in a series, not just one predetermined thing. One LCD screen, 640x400 pixels, can display 100s of candidates in succession- and in huge fonts (if the voter wishes).

        To do that on paper would be expensive not just to print them all, but more importantly because it makes counting the votes that much harder. There's more paper to store, and collating from a stapled packet is much harder than just reading individual cards.

        WTF? And computers are less buggy than paper?!?! Help me.

        Ok. For data over a certain size, individual sheets of paper are more error-prone than computer files. As you saw in the Florida election, just having the votes in hand doesn't mean you know what the total is. For nations the size of the US, counting votes can be a monthlong procedure- and that's with a significant chance of error on each one (better form design can reduce it greatly- no butterfly+chad). The inabliity to count & recount quickly is itself a kind of buginess.

        Many of the ways that a paper vote can be hacked are just allegations- but that's the problem. Because huge stacks of paper are so unwieldy to analyze, we can't be sure how many disputed votes might've really made a difference.

        Another paper problem is its fragility- a single saboteur could destroy 10000s of paper votes by fire, but digital votes can be distributed to multiple remote sites immediately as they're cast. Historically, what happens if some ballots are "lost"? Do the authorities redo the whole election? Not on your life.

        This, the last paragraph, is the only one worth reading, and interestingly it contradicts some of the earlier statements with which I took issue

        The whole point of the article was to support electronic voting. It just laid out the typical objections first- but the subtitle of the page clearly telegraphed what the conclusion would be. How the last paragraph contradicts (or even addresses) much else in the article escapes me.

        PS. I generally do not approve [slashdot.org] of this guy's reportage.
        • Ok. For data over a certain size, individual sheets of paper are more error-prone than computer files. As you saw in the Florida election, just having the votes in hand doesn't mean you know what the total is. For nations the size of the US, counting votes can be a monthlong procedure- and that's with a significant chance of error on each one (better form design can reduce it greatly- no butterfly+chad). The inabliity to count & recount quickly is itself a kind of buginess.

          Actually, speed of count is

      • What's even more amusing than the lame analogy is that doctors are actually using leeches [thebakersf...hannel.com] a lot in medicine, because they work better.
      • There is nothing "perfectly good" about a lock whose keying needs to be changed every few days for liability and safety purposes. On-staff locksmitch or programmable locks? Hmmm.

        Electronic door locks come with their own new and unique vulnerabilities. It isn't obvious that they are better than mechanical locks.

      • WTF? And computers are less buggy than paper?!?! Help me.

        Generally, I agree with you. But this statement... well, yeah, computers are less buggy than paper.

        You might be thinking of the thing on top of your desk as a computer. It is, but there are a lotta types of computers in this world. Dedicated machines do pretty well. When's the last time your digital watch crashed? Ever have to re-boot your microwave in mid-cooking? You think currency counters make many mistakes?

        Sure, if you want a flexible user i

      • tens of thousands of people were removed, some apparently in error.

        Oh no, the felons couldn't vote. Whatever shall we do? Jeebus, I think I know the case in question, and the "some apparently in error" were 2 people with repeatedly rejected appeals. Not pending appeals mind you, flat-out rejections for appeal -- though apparently the felons claimed that was unfair. this is not the sort of election hacking that worries me.

        Didn't you read the portion that you copied where it said "tens of thousands

    • Though DigiCash is gone, PayPal [paypal.com] certainly could serve as an example of the concept that's been pretty well "exposed to the elements" for some time now--I'd think there'd be even more incentive to hacking financial transactions than votes.

      Nice concept.
      • More incentive? I'd say not. Power seems very desirable, to judge by the number of already wealthy who seek it.

        One advantage financial transactions have over electoral transactions is verifiability. Each pair of parties in a transaction will ensure their end happens properly. And stays that way. A vote is cast into the void, with no good way to ensure that it stays cast.
    • by StillNeedMoreCoffee ( 123989 ) on Friday September 05, 2003 @11:11PM (#6885528)
      Our forefathers didn't trust each other. They knew that opposing interests and herd behavior were dangerous things and devised a three part government that allowed things to go slowly enough and within sight of all (for the most part) as checks and balances to loosing our freedoms (current government take note).

      One of the most successful business technologies in the past few centuries, that made business possible, was the creation of double entry bookkeeping, with its built in checks and balances. But even that is not enough, companies are audited by independent auditors (we usually independent, see what happens when they are not).

      Without these transparancies of process and independent oversight we would have many more, Savings and Loan scandals, or Enron's or WorldComs. Even with those in place, greedy people will be constantly trying and finding ways around those controls.

      So let's have a non-transparent centralized computer tally of votes. Lets require that citizens understand and or have the electronic technology to vote. We don't need to maintain our freedoms that badly do we?

      Today they annouced another round of hackable exploits to Microsoft Office software. Also, today Taiwan is being attacked digitally from China.

      Electronic technology itself isn't the answer. Encryption does not protect against attack, it only slows it down. Case in point, I have heard it said that the DES standard was adjusted to be fewer bits so only the large NSA computers could crack it. The government is nervous about any technology that prevents them the ability to spy on information or individuals. So then only the holders of the most computer resources could crack your vote. Do you trust who is in control of policy there now? Or more importanly do you trust who is going to be in control of those resources in the future. That is the fundemental pessimism that was built into our three branches of government for good reason. Any solution to the voting problem, and we do have a serious voting problem as exhibited by the last presidential election, needs to include transparent checks and balances, needs to be simple and non-technological for the voter, and needs to have the eyes of many people of differing views watching the process like a hawk. Our very future is at stake and we can't let it be controlled out of sight or hackable, by anyone.
      • I have heard it said that the DES standard was adjusted to be fewer bits so only the large NSA computers could crack it. The government is nervous about any technology that prevents them the ability to spy on information or individuals.

        The government did ask IBM to change part of the DES specification without explanation. However, years later some academic researchers discovered a new cryptanalysis technique and was shocked to find that the government's changes made DES more secure in light of this atta
    • by Hettinga ( 196924 ) <rah@nOspaM.ibuc.com> on Friday September 05, 2003 @11:20PM (#6885563) Homepage
      I don't understand why a cryptographic protocol using a blind signature can't be used to make an auditable voting system.

      It's real simple.

      The paradox of internet voting is that you can't vote on the net without being able to sell your vote.

      That's because blind signatures -- certainly the most secure, and probably the cheapest way to do things, especially since the patent expires in a year -- create bearer financial instruments.

      Can you say, "equity", boys and girls? I knew you could... :-)

      In other words, blind signatures, right out of the box, create a secure anonymous vote, but it is, by definition, a vote you can buy or sell. In bearer form. For the most part, anonymously. For cash, in bearer form. That is, anonymous cash. :-).

      In fact, without a mondo-draconian is-a-person, gimmie-a-sperm-sample biometric identity scheme (say, voting in meatspace like we do now), you can't vote on the net. The paradox again.

      For us anarcho-capitalists, buying and selling votes is a feature, not a bug. It's even a god-given right. But for you *statists*, on the other hand, that's a problem, yes? ;-).

      Seriously. At the 2001 Financial Cryptography conference in (where else? :-)) Grand Cayman, there was this panel session where various famous, and mostly liberal, academic cryptographers were beside themselves, in front of an audience of people mostly of the same mind -- pissed off and liberal, not famous -- about how to do a cryptographic voting protocol in light of Bush "stealing" the election in Florida.

      They started this panel at 10-ish, and one "yeah, what he said" lead to another, and they fulminated all the way through lunch before they finally took questions from the floor.

      I was first in line. :-). I noted that not once in the entire three hours had they talked about financial voting (equity, remember?) at the world's only financial cryptography conference. If, say, the conference was your idea, or something, it might even make you want to terminate the academic discount, or something... :-).

      One of the reasons that this got up my nose is, as you might have guessed by my .sig, below, I define cryptography into two kinds. (There are two kinds of people, those who think in dichotomies, and -- well, you get the idea...) The first kind of cryptography is political cryptography. That is, these days, at least, cryptography used for and against nation states, since empires mostly don't exist, feudal ones, anyway. Political cryptography is the stuff involved in, say, your "rights" (see, "rights" below), online.

      All the rest, for lack of a better term, is financial cryptography. I mean, sooner or later it all boils down to money, right? I'd even shoehorn Schneier's "your kid sister" in here too, just to be ornery, except that sibling rivalry is politics, if there ever was any.

      And, I would say, even after USElection2K -- and 9/11, especially after 9/11, where the stock market was almost taken out, if they'd waited an hour or two for a few hundred million shares in un-cleared and un-settled trades to build up, because *that* would have caused more pure hell and hardship than even 3000 deaths could cause-- financial cryptography is *still* the only cryptography that matters.

      Finally, that paradox, that the only secure vote on the net is voting a share of mostly anonymous digital bearer equity in exchange for mostly anonymous cash is probably proof of my political/financial crypto dichotomy if there ever was one. Why? Because it points, some day, to efficient, competitive markets for force and the collapse of force monopoly, which is the very foundation of what the average statist would call "government". All cops and soldiers become rent-a-cops, in other words, reporting to their shareholders and customers like everyone else in the economy.

      Secure voting, indeed. Efficient markets are the most secure, anonymous votes there are.

      "When the hares made speeches in the assembly and demanded that all should have equality, the lions replied, "Where are your claws and teeth?" -- attributed to Antisthenes in Aristotle, 'Politics', 3.7.2
    • Having them collect ther eown votes is a reciepe for disaster.
      People who are in favor of a particular canidate will try to prevent other people from reaching there candidate, as seen the 2000 mockery of an election.

      You need a place people go to, vote annonymously(relitively). Hell, there should even be an exit poll allowed, and there certianly should be 0 poll reporting in the media.

      I know how to make electronic voting secure, I just can't seem to meet with the right(read any) money people.
    • I don't understand why a cryptographic protocol using a blind signature can't be used to make an auditable voting system.

      That's because you're stupid. :)

      Seriously though - it's simply because most people can't see and count electrons. Therefore they cannot participate in the verification process (i.e. recount). This puts the entire election in the hands of a select few computer programmers.

      Why do people like you let yourselves get blinded by all this shiny new technology to the point where you forget

  • by Mr. Darl McBride ( 704524 ) on Friday September 05, 2003 @09:20PM (#6885025)
    It's not something that gets widely publicized, but it's pretty much the rule that paper elections have their problems -- S. Garfield could have spoken a bit more about this. Political analysts like to quote that for any election within 10% of a tie, it's a coin toss as to who really won.

    Not to beat a dead horse, but this was very much the issue with the 2000 presidential election. When it became clear that Florida needed to be counted more carefully, it was discovered that boxes of ballots had been damaged, left in insecure locations, lost, or in one case even stolen. The large delays weren't on account of time needed to actually recount, but to establish how to compensate for the above, and for the fact that many boxes were discovered to never have been counted in the first place!

    Election engineers constantly vow to correct these problems, but for 200 years, we've been having the same problems over and over. At times it almost seems like some parties simply don't want the problems solved!

    • All the more reason to create a new system. We have had time to analyze our current voting process and identify it's faults. Therefore, we should theoretically be able to create a new voting process that lacks these faults. The problema shouldn't be so difficult to eliminate if we start from scratch.

      Then again, I'm sure this is the same mentality that Microsoft harbors when approaching one of their hazardous applications.

      • I think the barrier to this kind of a sea change is as much about comforting the public as it is about improving the technology. Try explaining keysigning to your grandmother or the brimstone and hellfire fundamentalists. Both are heavy voters, but neither grandma nor the fundies trust anything invented in the last hundred years if it takes more than five words to explain.
    • I'd really like to see your sources for the following comments:

      it was discovered that boxes of ballots had been damaged

      left in insecure locations

      lost

      one case even stolen

      The large delays weren't on account of time needed to actually recount, but to establish how to compensate for the above, and for the fact that many boxes were discovered to never have been counted in the first place!

      I want facts, not propaganda or liberal conjecture.

      • Well here in California some ballots were found floating is SF bay, and a ballot box left too long in the trunk of a pollworker's car. I don't have the facts, but I read it in several different local newspapers. No, I don't have sources, since I through out newspapers more than a week old.

        But simple logic should tell you that after a few recounts in Dade county involving manual handling, the odds of unpunched chads becoming loose or even falling out, are not insignificant.

        I also have experience on the lat
    • by plalonde2 ( 527372 ) on Friday September 05, 2003 @10:03PM (#6885236)
      The key to paper ballot accuracy is *local* counting. Here in Canada, ballots are counted at the polling station at the close of voting, by a multi-partisan committee - I believe each candidate is allowed to provide someone for each station.

      That helps in a number of ways:

      1. There are relatively few votes at a polling station to count - several thousand, max.

      2. There are *many* eyes supervising a *short* counting session, allowing counters and verifiers to remain focused.

      In any system where the ballots (in boxes or not) are moved before counting (which I understand is common in the US) fraud is much easier: ballot boxes can disappear or be replaced in transit, centralized counting require much longer attention spans, non-partisan counters are almost certainly not, and so on.

      Regarding electronic voting, sure, use a machine, but make the machine generate a voter-verifiable paper ballot. Insist that ballots be counted at the polling station *immediately* at the close of the polls, confirming the electronic result.

      Anything else and I'm not sure your votes mean anything.

    • I admit that I haven't read the article yet but I'll say this. Much of the voter fraud in paper ballots would stop if they simply counted the ballots at the polling place first, in public view, before they load them up and haul them to the court house. If the ballot box never leaves the sight of the public then it is much harder to mess with the vote. Any system can be fouled with but the more eyeballs on the event the harder it is to pull off.

      I am not a programmer so I will never trust a computerised e
    • Which is why they need a re-vote NOT a recount.

      I'm not happy Bush won. That is not the reason I wanted a re-vote. If he had won in a re-vote, I wouldn't be happy with the winner, but I would have been happy with the process.
  • by Jack Porter ( 310054 ) on Friday September 05, 2003 @09:22PM (#6885037)
    Here's a non-HTTPs one for those of use who don't trust encryption technology in general, not just electronic voting :-)

    http://www.technologyreview.com/articles/wo_garfin kel090303.asp [technologyreview.com]
    • SSL has proven quite amiable. I see no reason not to trust it. It is this same mentality that is holding the adoption of electronic voting back. A healthy dose of skepticism is needed when approaching all things, but I am confident that SSL has long since passed the test.
      • I think the dude was joking. Who the hell cares if you use https to read an article in Technology Review? It's not, like, secret information!
    • Uh yeah, because accessing publicly-available information over SSL is such a security risk. Not.
  • ITYM "Garfinkel" (Score:4, Informative)

    by KnightStalker ( 1929 ) <map_sort_map@yahoo.com> on Friday September 05, 2003 @09:24PM (#6885041) Homepage
    You know, like the author of "Practical UNIX and Internet Security."
  • by SargeZT ( 609463 ) <pshanahan@mn.rr.com> on Friday September 05, 2003 @09:26PM (#6885048) Homepage
    Nevertheless, most computer professionals are opposed to the DRE machines. One reason is that there is fundamentally no way to audit them: If 600 people vote at a DRE on Election Day and the machine says that 310 voted for the Democratic candidate, who is to say that the number 310 is true? Perhaps only 280 voted Democratic, but the machine was programmed to randomly flip 5 percent of the Republican votes to Democrat before recording them on the computer's hard drive. To make this sort of programmatic tampering harder to detect, perhaps the program was devised so that the flipping would only happen on the first Tuesday in November. On other days--presumably the days when election officials tested the voting machine--no vote flipping would take place. To make it even harder to detect, perhaps the flipping occurs only when the machine discerns that the vote is close; this would avoid the embarrassment of having polls predict one outcome, and having the machines tally another.

    This only shows the need for open-source software in the governement. If the source for the voting machines was available to all programmers world-wide, then there would not be this concern! If you used closed source software, then who knows what backdoor's the programmers could put in?
    • by Anonymous Coward
      There's no guarantee that the source we're shown is the same as the source that generated the executable handling voting.

      A better choice is an electronic system that allows voters to make and edit their choices, then print out a ballot that lists the choices the voter made, which printed ballot is then used for tallying votes. It might include a bar code to be machine readable in addition to the human readable component. The ballots could be processed in batches, with randomly selected batches hand count
      • by wadiwood ( 601205 ) on Friday September 05, 2003 @11:02PM (#6885496) Journal
        Although I'm not sure that vote buying or selling should necessarily be wrong, ie people are still responsible for their vote, they just choose and accept to give it in exchange for money. They'd have to choose and accept the actions of the person whom they elect that way.

        From here about half way down [niu.edu]

        38 / March 2000 Illinois Issues

        One major vote fraud technique was "chain voting," where a wily precinct captain would obtain a blank punch card, often by securing an absentee ballot, and punch in the "right" votes. He would then give the prepunched card to a voter -- sometimes solicited off the street with a few bucks or a bottle of cheap wine -- have him go in to vote, drop the prepunched card in the box on the way out and hand the precinct captain another unpunched card. The "chain" could go on all day, as long as cooperating voters could be found and friendly election judges didn't examine things too closely.

        ----------
        Note that this method probably works with any paper voting system.

        It would be interesting to have a system whereby a computer can be used to facilitate the vote (eg with photos of candidates etc) print the filled out ballot, and it also records the result. Then the paper vote count could be compared with the computer vote count. If they were different you'd know that some stuffing around had occured although you still couldn't rule out "chain voting". Hmm, maybe if the paper had a security tag that beeped if it left the room...and you could see people putting their ballots in, and they had no opportunity to hand blank ballots over to bodgy election officials without being seen by everyone else that is voting.

        I think if we're game to use the internet or computers for banking we should be game to use it for voting. Also if we do stick with paper, a computer system that prints out the ballot would still help people who can't read or see paper or whom have dodgy handwriting. Ie it would still be better than paper alone.
        • how about, the computer prints out a piece of paper, behind glass, so you can verify what it says, but you never get to touch it in any way? all the pieces of paper are collected in a secure location in each machine. verifying that the computer has no way to mess with the paper once it's printed shouldn't be very hard.

          it looks like the chain voting thing works because the manipulator can verify to some extent that the voter picked the right candidate. if you don't give the voter any kind of paper to carry
    • by ClarkEvans ( 102211 ) on Friday September 05, 2003 @09:55PM (#6885194) Homepage
      by providing a backup "counting" mechanism which can be used to verify that the voting machine is working correctly. Open source will not solve it (although it will make it harder) as you still have many ways which the machine can be tampered with. Clearly the reporter disagrees with this view, and says:

      "What about the value of a paper trail? I asked Selker. Just having a vote on paper is no guarantee that it will be correctly counted, he explained. He cited an example (again from Chicago) of an election commissioner who bragged about counting votes for a Republican candidate and then writing them down as votes for the Democrat."

      While this is cute, and it is possible to mess with the paper ballots by mis-counting them -- the point of paper ballots is that you can re-count them under bright lights... and since someone _could_ be shown to have lied it makes catching evil election commissioners much easier. Recounting an electronic votes, however, well, is this even possible?

      This reporter has an axe to grind and I think he is seriously playing games. Especially when he says "Before talking with Selker, I was squarely in the anti-DRE camp." How someone can be evern remotely informed about DRE and propose an "alternative" while not even mentioning a reference to and then completely mis-representing the adecemics and practioners who are in the "anti-DRE" camp [1]? This quote is just yet another stratigically placed logical flaw that his paper is riddled with.

      [1] (VerifiedVoting [verifiedvoting.org]).
      • Oh No! The county court house burned down! Just hours after we finished counting the ballots! What an amazing coincidence!

        Guess how LBJ (Lyndon B. Johnson) got the nickname "Landslide Lyndon"?

    • This only shows the need for open-source software in the governement. If the source for the voting machines was available to all programmers world-wide, then there would not be this concern! If you used closed source software, then who knows what backdoor's the programmers could put in?

      So what if a worker slips a virus onto the computer somehow? What if there is a 1 in a million memory error (and with the number of elections and voters in America, you better believe there will be flaws). Power outage

    • While the software might be open source, what guarantees do you have that the software you examined is what is installed in the machine?

      Typically, there is a delay between examining the software and implementing it, usually for logistical reasons (inventory, machine deployment, etc.). It is entirely possible to put in logic, between the times of examination before the vote and after the vote, that would alter the results and disappear, leaving no trace that it was ever there.

      Democrats cannot trust large c
  • by Psychotic_Wrath ( 693928 ) on Friday September 05, 2003 @09:26PM (#6885049)
    It has to be secure if it is online... Nobody has EVER had their credit card number stolen online... =D
  • Garfinkel, dammit. (Score:2, Interesting)

    by lungofish ( 6224 )
    Not Garfield.

    It's right there at the top of his site.
  • Most of these techniques of stealing an election, "stationing tow trucks outside the polls to intimidate voters; setting up police roadblocks (as was done in Florida in 2000); intentionally designing confusing ballots; putting people on the ballot with the same name as your opponent; and getting votes the old fashioned way--by buying them" can be used for e voting, too. In addition, usually three people view the paper ballot before recording the vote, no one person reviews ballots and records them. I stil
  • yeah, well... (Score:4, Insightful)

    by bryanthompson ( 627923 ) <logansbro AT gmail DOT com> on Friday September 05, 2003 @09:30PM (#6885067) Homepage Journal
    Simson Garfield looks at the other side of the story and comes away thinking that e-voting might not be so bad, if done properly....
    I don't think electronic voting being a good or bad thing is the debate at all. Most people think it'd be a better, more organized way to do it. Most of the people who are against it are the typical nay-sayers who are going to be against any type of progress/innovation.

    The real debate is about who'se going to be making the software/equipment to make it happen. We've heard about the buggyness [slashdot.org] of the Diebold voting systems, and talked about how we'd design [slashdot.org] the voting systems...

    So why don't some of us get together and just do it? Seriously, if someone made an OpenSource voting booth that was secure and worked well, it'd be huge -- plus, it'd be cheaper for the government. I can't think of a better way to get some exposure to OpenSource.
  • A clear answer: (Score:3, Insightful)

    by greppling ( 601175 ) on Friday September 05, 2003 @09:31PM (#6885071)
    Open source laws have often been criticized because they might favour one solution over another for ideological reasons, ignoring the techincal ones.

    This should be an obvious case where even the general public might be possible to convince that all the software in such a system must be open source. There is no excuse for not doing so.

    Of course, this is not yet the complete solution, but without it I cannot think of one.

  • Nope. What Garfinkel is calling hacking old style elections has nothing to do with electronic voting problems.

    Those same old techniques - tampering with voter rolls, discouraging minorities from voting and so on - those can all STILL happen with electronic voting.

    Apples and oranges.

    Electronic voting will just add another way to tamper with elections.

    His essay does not make much sense at all.

    • His essay does make sense. If you go from paper to electronic voting, yes, you still have the traditional forms of intimidation... but the actual voting mechanism?

      Right now a vote can be thrown out because the voter makes a stupid mistake. Perhaps the voter is stupid or maybe the ballot format is. A vote can be ignored if a vote counter at each counting location doesn't like the vote and slips it into the garbage or, as the essay says, just records the Republican votes as Democratic votes. The number

  • by ClarkEvans ( 102211 ) on Friday September 05, 2003 @09:34PM (#6885086) Homepage
    The article starts out with a False Choice logical fallacy. The reporter asserts early on that we either have touch screens or paper -- to create tension and proport to show "another side" of the argument. But it is really a misrepresentation of the facts. The Verified Voting [verifiedvoting.org] people went way out of their way to make sure that they wern't against paper ballots. What VerifiedVoting is For is a PHYSICAL verification of electronic voting.
  • Redundancy, anyone? (Score:5, Interesting)

    by Empiric ( 675968 ) * on Friday September 05, 2003 @09:35PM (#6885087)
    He mentions several ways that traditional ballot voting is just as 'hackable' as the electronic version.

    Though, naturally, the distinction between manual ballot stuffing and computer ballot-stuffing (and the like) has similar differences as between bank robbery and embezzlement... the former usually leaves a lot more physical signature and is usually more easily traceable as to the "who's" and "how's".

    update nationalvotes set candidatechosen = "Bush" where name like "%e%" ... could be hard to detect or trace, if there was a security lapse.

    As an idea, how about having in effect two buttons for a given candidate, each of which hooks up to a completely different network run by a different company, then comparing the results between the two? It seems like this could go a long way to verifying accuracy and providing a traceback method for voting fraud.

    Just a thought.
  • by beacher ( 82033 ) on Friday September 05, 2003 @09:37PM (#6885097) Homepage
    Just did a basic search on Simson Garfinkel [oreillynet.com] I didn't know who he was... He's a writer for O'Reilly and has penned/contributed to some of their books "Practical Unix & Internet Security, 3rd Edition","Web Security, Privacy & Commerce, 2nd Edition","Database Nation (Paperback) "... damn he's been writing Unix security books since '91...
    • Written? Or "ghostwritten"? I wonder how big of a "contribution" his part was. I suspect he's a wordsmith who can spell the computer-terms properly, and helps engineers format their thoughts into 15 orderly chapters.
      • As one of his co-authors on the last version of Practical Unix and Internet Security (3rd ed), I assure you that he practices, reesearches, and writes about security, and is not being ghostwritten. Yes, he's a good writer, but he's also a computer professional (you might search for some of his academic research papers). O'Reilly typically uses editors to help engineers format their thoughts, not authors. :)

        Of course, that doesn't mean you have to agree with anything he's written, or think that his journali
    • So did Stephen Glass [rickmcginnis.com].

      While Simpson's tech background is beyond reproach (and he's really quite a talented writer, damn him) and Selker is a first rate inventor, being smart doesn't mean you can't be wrong [oralchelation.net].

      ...Or perhaps taken out of context by a once academic and critical magazine that now survives by making tech "readable" and exciting, and by following Wired's ill-conceived lead in embracing a Marshall McLuhan-esqe embrace of subjectivity.

  • by commrade ( 79346 ) on Friday September 05, 2003 @09:37PM (#6885104)
    The mechanism of voting must be ethically secure from all forms of fraud. Currently, there is no standard voting mechanism. Paper voting machines, long the standard, are cumbersome and inefficient. Electronic voting mechanisms are prone to fraud from outside interestes or from internal corruption.

    To solve the problem of voting fraud at a mechanical level, many would seek to improve the mechanism. These voting machines are, at their core, computers. From touchscreens to punchcards to beans in a hat, voting machines are all computational devices. There are limits to the security/infallibility of any secret voting machine. The mechanism can be tampered with at too many levels. Any mechanism installed to monitor another anti-fraud mechanism could be tampered with as well.

    The only solution that comes to mind is public voting. Public voting would be the case that you let your vote be associated with you. No more voting anonymously. This may seem like a great loss of freedom, but consider the increased power it gives the public. Votes could be counted and recounted by several independant parties after and during the vote. Being responsible and accountable for the vote that you make might seem like a liablity, but it may be a small price to pay for equal and accurate representation.

    • Yah, public voting is a good idea.

      It lets a group of people who want to coerce others into voting the "right way" know who to beat up when they fail to follow the party line.

      It lets people buy votes secure in the knowledge that the vote they bought was cast correctly.

      It makes it easy to find those in a community who are prone to wrongthink.

      Yah, lets go with it - it is so clearly a vast improvement over the other messy systems that might actually allow for independent thought.

  • We need a system where the politicians sit down and discuss the problems, agree what's in the best interests of all the people, and then do it. You might say to yourself "That is exactly what we do. The trouble is that people don't wlways agree. In fact, they hardly ever do".

    I would say that they should be made to agree.

    I am your father.

  • Hail to the Theif! (Score:2, Interesting)

    by YoungBonzi ( 692874 )
    There will always be ways to cheat a system, electronic or not. The focus should be on ways to validate a vote. For instance in the case of electronic voting, flags should be raised if a voter votes outside his party, or has not voted in past elections. I'd personally like to see something in writing telling me who I voted for when the voting is over, like a site where I can query my voting history.

  • Can anyone explain exactly what chain voting is? I saw something about having someone go in with a ballot, turn in that one, and then come out with the one they were issued, but I don't see what the point is.

    An electronic machine *with* paper trail, along with random spot-checks of recounting the paper ballots, should be immune to this, right?
    • Re:chain voting (Score:2, Informative)

      by aridg ( 441976 )
      Here's my guess:

      Chain voting is *not* a way to fraudulently change the vote, it is a way for a rich guy to pay voters for verified votes for the rich guy's candidate, which is impossible with a true secret ballot.

      Rich guy somehow gets his hands on a paper ballot cast for his candidate -- maybe by going to vote himself and not putting it in the box. Rich guy can now go to someone about to vote, and say: here's a ballot cast for my candidate. You go mark your ballot for my candidate, but put my ballot in
    • I gave a preesntation to my Computers and Society class discussing voting technology, and in part I covered more traditional fraud methods. Chain voting is a method of vote selling exploiting weak ballot accounting for ballots.

      The buyer of said votes pays for blank ballots, and offers out prevoted ballots. A selling voter takes the prevoted with them to the polling place, and switches the blank ballot issued to them for the prevoted ballot. They then return to the buyer and collect for their empty ballot.

  • Yes I know this is a pseudo trollish post, but the write-up mentions e-voting as being just as hackable right...
    But is it just as <bushism>stealable</bushism> (Dr Evil laugh muwahahaha .... muwahahaha)
  • Psych vs Reality (Score:4, Insightful)

    by Erick the Red ( 684990 ) on Friday September 05, 2003 @10:01PM (#6885221)
    While both systems have their flaws, I suspect that more people will try to exploit the e-voting system than the current physical system. Currently, you either have to be present at the voting station, or in contact with a box of ballets to mess with the results. With the internet, there's less evidence to leave behind, and you can scam the system from the comfort of your home (or a public comp if you want less of a trail).
  • Missing the point? (Score:4, Insightful)

    by carsont ( 648940 ) <tc+slashdot@jc.dsl.teler a m a .com> on Friday September 05, 2003 @10:04PM (#6885240)
    The article points out many problems with the traditional voting system, but few of them would be eliminated by the adoption of electronic voting machines. No matter what sort of device is used to record the votes, corrupt officials can still disenfranchise or intimidate voters, poll workers can still be ignorant, and so on.

    Just because the current system is broken doesn't mean it's okay to go ahead and adopt one that will introduce even more vulnerabilities. Setting up roadblocks is one thing, arbitrarily altering votes remotely with no audit trail is another.

    I don't think it's necessarily impossible for a sufficiently secure electronic voting machine to be built, but the Diebold system sure ain't it; such a dangerously insecure system deservers nothing less than the stiff opposition Garfinkel pokes fun at.
  • Why not make it a multi-step process. Use three separate machines designed and tested independently which are used for the voting process. Along with a memory chip (key-chain style) with a unique ID.

    The first machine you make your vote. The second machine you confirm your vote. If you want to change your vote you go back to the first machine. As a final step you give your chip to the last machine which does not return it.

    The chip and each machine contains an independent record of your vote. Overly c
  • I think their title is a bit misleading. They call themselves MIT Technology Review, but I can't find any relationship between them and the Massachusetts Institute of Technology. I also can't find what the MIT in their name is supposed to mean.

    If you look at their staff list [technologyreview.com], you will notice they have ONE fact checker and 21 people involved in marketing and sales.

    I give this article about as much credibility as I gave the last several MIT Technology Review articles posted here on Slashdot. In other w

  • Are we supposed to take anything said by Simson Garfinkel seriously? Just look at this hilarious article [simson.net] he wrote 3 years ago. It predicted that Linux would be destroyed by viruses. Hasn't happened (even though Linux "anti-virus" software, his proposed solution, is a rarity)

    Yah, yah, I know, "Look at the merits of the argument, not it's deliverer". I just thought it was funny to look back at the the old article in light of the Microsoft worms that rampaged over the last month.
  • e-voting might not be so bad, if done properly.

    A government project that is implemented well. Isn't that an oxymoron???
  • It's a heck of a lot more work to stuff 5,000,000 extra ballots into boxes around the country (town, state, county, whatever) than to write a program that does it.

    It's the same reason email spam is a lot more annoying than bulk snailmail. So saying that this is just as hackable as paper ballots is, frankly, a stretch.

  • Idiot /. editors (Score:3, Informative)

    by Junior J. Junior III ( 192702 ) on Friday September 05, 2003 @10:27PM (#6885347) Homepage
    Simson GarFINKEL, not Garfield. Who's editor today, George W. Bush?
  • Comment removed based on user account deletion
  • Hackable... (Score:5, Insightful)

    by PRickard ( 16563 ) <prNO@SPAMms-bc.com> on Friday September 05, 2003 @10:28PM (#6885353) Homepage
    Are the old paper ballot systems easy to commit fraud with? Certainly. Any group of people who supervise a traditional voting station could conspire to fudge some voting results. At one precinct. One vote at a time.

    Electronic voting systems allow massive tampering across multiple precincts - from thousands of miles away. And you can't narrow the suspects down to two or three people who supervised voting in one precinct - anyone with a modem and technical know-how can be a suspect when electronic voting goes sour.

  • by lordvdr ( 682194 ) on Friday September 05, 2003 @10:32PM (#6885370)
    Who says "the solution" has to include the internet in some or any form?
    Put a kiosk in every grocery store, have it dial-up to a central server push/pull whatever it needs to. for practical purposes, you could have it do this every 30 min to save phone lines or something.
    Alternately, have the kiosk connected to internet, but "hide" all IPs, this isn't a security through obscurity issue, this is because every stupid script-kiddie would DOS any "central" or even semi-central server.

    And just as a side note, at least in Texas, stop w/ this bullshit about having to go to a specific location to vote. I have to drive half way across town to vote in "my district". Put the voter registration on the server as well, when I scan my barcoded AND (wtf?) magstriped DL through it, mark me voted. You can know what to pull up based on my voter registration.
  • oh boy... (Score:3, Funny)

    by Joe the Lesser ( 533425 ) on Friday September 05, 2003 @10:37PM (#6885386) Homepage Journal
    Why do I have the feeling that a mysterious man known as 'Cowboy Neal' would win every election.
  • Here's how we fix our electronic voting problem;

    1: The software is open source and produced by the open source community, not by the goverment or any corperations. There should be several different voting projects at any given time to ensure no single group of people control the software. Encryption schemes and the softwares structure needs to be changed on a yearly basis to ensure that it is difficult to tamper with.

    2: All voting machines will be x86 based boxes (for simplicity and cheapness sake)
  • Fatal exception. (Score:3, Insightful)

    by Mulletproof ( 513805 ) on Friday September 05, 2003 @11:35PM (#6885621) Homepage Journal
    Hell, open heart surgery "might not be so bad, if done properly," either. The trick is doing it properly, which seems to have the odds stacked heavily against it. I still maintain ist a hellva lot easier to have a few thousand digitally altered votes go unnoticed than it is a few thousand dead people or illegal immigrants voting. At least there is normally some sort of paper trail on the latter people can point fingers at.
  • paper voting option (Score:3, Interesting)

    by JimBobJoe ( 2758 ) on Saturday September 06, 2003 @12:40AM (#6885852)
    I've started the process of lobbying my state legislature (Ohio) to allow a voter to opt-out from using the DRE's...and vote on a paper ballot to be counted by the pollworker...if they wanted.

    In fact, this is what I sent a state representative today:

    The controversy concerning voting machine technology reliability and security alarm many Ohioans. The beauty of the elections system is that it has been tried and tested for many decades...processing votes by hand.

    As a pollwoker myself, I believe that an Ohioan should be able to vote in the way they feel most comfortable and confident; clearly the failures in Florida reflect this. If a voter doesn't feel that the voting machine will count their vote accurately, they should not be forced to vote that way.

    For this reason, I request that legislation be introduced allowing for an Ohio voter to opt out of using the machine and vote on a paper ballot.

    I am not entirely sure on how this would work...certainly a county could print up a number of pre-printed cards with the candidate/referendum choices. However, it could also be possible for a voter to simply write down their choices, at the polls, on a piece of paper, and that paper be submitted into a ballot box (or envelope) for counting at the end of the night.

    I believe this greatly enhances the security of the voting machines...voting machine companies would always be competing with the tried and true method of voting, and that competition will make for a better voting system. Not to mention the fact that Ohio voters will appreciate having the choice.

    There's no reason why someone should be forced to vote on a machine they don't want to use, please make it possible for Ohio law to recognize this.

  • The article was extremely misleading in its claim that academics such as David Dill at Stanford are opposed to DRE voting systems. Dill does not *oppose* DREs, he just believes that they should produce a paper ballot, which should be used at least for a back-up or verification of the electronically recorded votes.

    The article mentions a "chain voting scam" that backup paper ballots are supposedly vulnerable to, but it says nothing whatsoever about how the scam works. Does anyone know what this is all about?
  • Many have cited the larger population size as a reason why plain pen-and-paper ballots with hand counting won't work in the United States even though it works in Canada, European countries, and other places.

    Sure, the US has about ten times the population of Canada. But that also means they have access to ten times as many vote counters! What matters is the percentage of the population who would be interested in vote counting, not the absolute population size. I'm sure there are enough politically intere

Genius is ten percent inspiration and fifty percent capital gains.

Working...