Slashdot Log In
Brave New Ballot
Posted by
samzenpus
on Wed Sep 20, 2006 03:17 PM
from the fraud-is-easy dept.
from the fraud-is-easy dept.
Ben Rothke writes "In an important new book Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting, Avi Rubin writes 'too often in American life, when it comes to divisive issues, the facts can be less important than the weight of public opinion'. That basically sums up Rubin's story in this fascinating story of his frustrations in dealing with government and corporate officials in his quest to show that e-voting was not as secure as it was originally made out to be." Read the rest of Ben's review.
Brave New Ballot (BNB) is Rubin's story of how in 2003, he and his graduate students at Johns Hopkins University demonstrated that the Diebold Election Systems electronic voting technology in wide use was full of security problems. It was just in 2002 that Sherron Watkins of Enron was named Time magazine person of the year for her work in uncovering fraud at Enron. It would have been thought that Rubin's work would have immediately won him some sort of patriot of the year award for his work.
While the accolades were indeed many, his team's research was maligned as being that of a homework assignment, and the Administrator for Elections for the state of Maryland (where Rubin lives and works) publicly stated that 'computer scientists (a direct reference to Rubin and his team) who question the security of electronic voting machines are undermining our democracy.' Such a scenario makes up much of the story that the book tells in Rubin's team's efforts to blow the whistle on unsecure e-voting machines.
As to the Administrator for Elections for the state of Maryland and her disdain for computer scientists, she would likely find constituents such as the zombie-like Stepford wives more to her liking. Unfortunately, she ended up with Professor Rubin.
It is not that secure electronic voting is inherently unattainable. Rather, nearly all of the commercial solutions that have shipped to date have not been adequate designed with security in mind. This is due to many factors, some of which are that the makers of these devices do not completely understand the security risks and countermeasures, in addition to public officials who are far too trusting of these commercial e-voting vendors.
The early chapters of the book detail how Rubin's team analyzed the security and cryptography used within extremely sloppy coding of the Diebold Accuvote-TS director recording electronic device. One particularly humorous incident is when the Diebold programmers reference Bruce Schneier's Applied Cryptography in their C++ code for their decision of which algorithm to use of a for pseudorandom number generation. The only problem is that Applied Cryptography states that the specific algorithm they used should specifically not be utilized for random number generation. Rubin comically states about that incident that Diebold should have consulted with Schneier, rather than have their staff misunderstand what they read in his book.
I had a similar frustrating incident when consulting on an e-voting systems some years ago. The lead developer (who obviously was no expert in cryptography) documented that the e-voting system used 120-bit encryption. Upon analysis, we found that the system was using 40-bit encryption. When countered about that, the developer replied that they perform the 40-bit encryption routine three times using the same key, for an effective 120-bit key length. Of course, 40-bit encryption will always be (insecure) 40-bit encryption, no matter how many iterations he put it through; but it is frightening that he did not know that.
After his team presented their report in 2003, Rubin writes in detail how Diebold started a smear campaign against him. Not only was it Diebold, but also election officials in municipalities that had deployed the Accuvote-TS system that also maligned Rubin. This was done primarily by misinterpreting his objections, and also by refusing to pay attention to other independent reports on the insecurity of the devices.
For a more timely and somewhat humorous account of how insecure Diebold really is, see 'Hotel Minibar Key Opens Diebold Voting Machines'.
Being a whistle-blower always takes a toll on a person and Rubin was no different. He work on e-voting consumed him and took a toll on his family, career and his students. The book chronicles how Rubin found himself caught in a crossfire between big business, partisan politics, and overworked election officials. Rubin also found himself between the crosshairs of the ITAA (Information Technology Association of America), powerful vendor-based lobbying group. The ITAA, of which Diebold was a client, attempted to discredit him on many occasions, but their evidence was always weak and reckless, and in the end only served to bolster Rubin's claims against the Diebold systems.
Part of the absurd claims of the ITAA was that the open-source movement is using the issue of e-voting security to wage a 'religious war' that pits open-source software against proprietary software. Rubin could have filed chapters with similar ITAA absurdities, but wisely chose not to.
Similarly, an article I wrote 'E-Voting: It's Security, Stupid' also was the recipient of the wrathful ITAA reply. In their so-called rebuttal mistakenly titled 'E-Voting Does Work', Harris Miller of the ITAA follows his modus operandi of first attacking the person, avoiding the issue, stating vague meaningless comments, and concluding the issue by missing the point.
99% of the voting public does not know about backdoors, insecure code, Trojan Horses, insider threats, and scores of other security issues that the e-voting vendors have yet failed to fully address. The election process as we know it is rapidly being migrated to these electronic voting machines that are replacing the older, but more reliable mechanical systems.
BNB is a timely and important book as it details the very real defects on which these e-voting systems are built on (and Windows is only one of them). The ITAA made claims such that the only vulnerability within e-voting is that of a rogue programmer conspiring to steal public office. Such politicking only serves to confuse the issue for a public that is inherently trustful of these voting machines. Yet if these e-voting machines were built to the same stringencies and regulations that the aviation and pharmaceutical industry faces, they would never make it within a mile of a voting booth.
Brave New Ballot is to e-voting what Rachel Carson's Silent Spring is to the global environmental movement. It is a vitally important book that details the problem of e-voting and what can be done in the future to make certain that it can one day be carried out in a secure manner.
Of course, the image of an embedded crypto key or plaintext password in an e-voting system does not convey the same impact on the public as that of a thalidomide baby. Pictures of thalidomide babies caused heads to roll at the FDA, and one should hope the that the publication of Brave New Ballot will awaken the public from their slumber on the topic of electronic voting, and encourage the Election Assistance Commission to immediately ban electronic voting until it can be secured.
Deforest Soaries, the first Chairman of the United States Election Assistance Commission sums it up best when he states 'If the integrity of our sacred right of voting is less important than partisan politics, corporate interests, or bureaucratic systems, then shame on us for presenting ourselves as the global standard bearers of democracy. As Brave New Ballot shows, there is a lot of shame going around.
You can purchase Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Related Stories
[+]
IT: Hotel Minibar Key Opens Diebold Voting Machines 341 comments
Billosaur writes, "As if Diebold doesn't have enough to worry about! On the Freedom To Tinker blog, Ed Felten, one of the co-authors of the recent report 'Security Analysis of the Diebold AccuVote-TS Voting Machine', reveals an even more bizarre finding related to the initial report. It turns out that you can gain access to an AccuVote-TS machine using a hotel minibar key. In fact, the key in question is a utilitarian type used to open office furniture, electronic equipment, jukeboxes, and the like. They might as well hand them out like candy."
[+]
Politics: Maryland Governor Wants Paper Ballots 433 comments
supabeast! writes, "Fed up with all the problems in the state's electronic voting system, Maryland Governor Robert Erlich wants the state to scrap the entire system and return to paper ballots. He's threatened to call a special session of the legislature to change the law to allow paper ballots. What makes this particularly interesting is that Erlich is a Republican — the party often maligned for exploiting flaws in electronic systems — and his attempts to clean up Maryland's voting problems are being opposed by Democrats, the party that is usually complaining about electronic voting!"
[+]
Politics: Maryland Fights to Keep E-voting 250 comments
crystalattice writes "Apparently Maryland election officials never have computer problems. That's why they're fighting so hard to keep their Diebold e-voting machines. Washington Post reporter Marc Fisher received nothing but bad attitudes, dodges, and excuses when he attempted to discuss the issue with the state elections administration and Diebold." From the article: "I asked the state's elections administrator, Linda Lamone, whether Maryland wasn't just a bit too quick to adopt electronic voting. Doesn't the computer at your desk ever freeze up on you? 'No,' she replied. Never? 'No.' But surely people in your office have had that experience? 'No.' (Maybe we've found the solution to Maryland's voting problem: Everybody head on down to Linda Lamone's office, where the machines work 100 percent of the time.)"
[+]
Interviews: Ask a "Star" of HBO's Voting Machine Documentary 342 comments
Herbert H. Thompson, PhD ("Hugh" to his friends), is one of the people featured in the HBO documentary, Hacking Democracy, that Diebold tried to keep from airing. Hugh is a long-time Slashdot reader who called me to volunteer for this interview — on his own, not through anyone's PR department. Here's a YouTube excerpt from a CNN Lou Dobbs show with Hugh in it. (Find more articles by and about Hugh here. And perhaps check this brand-new MSNBC story about e-voting, too.) Hugh suggests that you give him "your wildest questions about what went on behind the scenes and how safe the e-voting systems actually are." Let's take him up on that challenge, hopefully while following Slashdot interview rules. Note to Diebold and other voting machine companies: We welcome comments and questions from you, same as we welcome them from everyone else. If you feel you are being vilified unfairly by Slashdot readers, please respond and set the record straight.
[+]
Politics: Federal Panel [not NIST] Rejects Paper Trail For E-Voting 191 comments
emil10001 writes "The National Institute of Standards and Technology (NIST) has rejected a proposal suggesting that electronic voting have a paper trail. The draft recommendation was developed by NIST scientists, who called out electronic voting machines as being 'impossible' to secure." From the article: "Committee member Brit Williams, who opposed the measure, said, 'You are talking about basically a reinstallation of the entire voting system hardware.' The proposal failed to obtain the 8 of 15 votes needed to pass. Five states — Delaware, Georgia, Louisiana, Maryland and South Carolina — use machines without a paper record exclusively. Eleven states and the District either use them in some jurisdictions or allow voters to chose whether to use them or some other voting system." So ... accountability in voting will be a joke for the foreseeable future because it costs too much?
Update: 12/11 03:20 GMT by KD : Correction: It was not NIST that rejected NIST's recommendations, it was a federal panel chartered by Congress, the Technical Guidelines Development Committee.
Update: 12/11 03:20 GMT by KD : Correction: It was not NIST that rejected NIST's recommendations, it was a federal panel chartered by Congress, the Technical Guidelines Development Committee.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
public opinion is more important (Score:4, Insightful)
Bzzzzt, WRONG. (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Um... It's a bell curve. Do you mean below the mean?
Re: (Score:2)
Re: (Score:2)
But if you're talking about a large test group, like the whole world, then a smaller section of it, like the U.S., could have different averages than the entire thing.
Harris Miller is not a good representative (Score:2)
Similarly, an article I wrote 'E-Voting: It's Security, Stupid' also was the recipient of the wrathful ITAA reply. In their so-called rebuttal mistakenly titled 'E-Voting Does Work', Harris Miller of the ITAA follows his modus operandi of first attacking the person, avoiding the issue, stating vague meaningless comments, and concluding the issue by missing the point.
Yep, that's exactly been my experience with the ITAA- they're not so much interested in facts
Re: (Score:2)
Re: (Score:2)
In the meantime though, there's all sorts of other issues that need consideration-
Re: (Score:3, Interesting)
So what? You can distribute the storage just as you can distribute human-handled vote-counting. In fact, counting vote is one of those few extremely parallelizable, highly scalable operations. That's why democracy and paper ballots work in a country like India, with 1 billion citizens and more potential voters than the total US population.
Storing a hundred pallets of ball
Re: (Score:2)
Interesting example, considering that India has given up counting votes by hand [sepiamutiny.com].
optical scanners in e-votiing machines (Score:2)
In the meantime though, there's all sorts of other issues that need consideration- especially in the area of recounts and tampering with the machines. Your optical scan ballots are the same- there's nothing, for instance, to stop an unscrupulous worker from reprogramming the machine to reject votes for Democrats without showing the error.
Ah, but while the machines may be reprogrammed there's still a paper receipt the electronic results can be compared to and validated. Since the ballots are good enough
CS Supports Al Queda (Score:5, Insightful)
And don't forget support al Queda.
What an ass. Don't question the government. They know what's best for you.
Re: (Score:3, Interesting)
Election officials and those they work for don't want the voting machines to be secure, nor do they want them to generate an audit trail. They want to be able to silently steal elections. They want to become the New Ruling Class.
Real democracy brings instability to the government. It's the very nature of democracy. These people don't want instability -- they want stability, which means they want to be in charge and to remain in charge. They don't want to serve the people. They want to serve thems
Excessive Complexity for a Simple Solution (Score:5, Insightful)
1. Each electronic vote is recorded onto a paper log.
2. The voter keeps a paper receipt.
3. A challenge by any candidate results in a recount of the paper log.
4. A voter who doubts the accurate registering of her vote can go to the appropriate government office to check her vote against the paper log.
Why do we need a 272-page book to elaborate further?
What perplexes me even more is why some state governments actually allowed e-voting without a paper trail?
Re:Excessive Complexity for a Simple Solution (Score:5, Insightful)
A much better idea is to have it print out a short slip with your choices clearly printed on there. You then drop that slip in a box on the way out and if there is any question as to the accuracy of the machines the pollworkers just have to crack open the box and go through all of the recipts. After the voting is complete and the elections are done, a few random counties should have their boxes double checked as well, just to verify that nothing is screwey with any of the electronic tabluation equipment.
Parent
I disagree (Score:3, Interesting)
Since the unique ID does not need to be traceable, it would not mean a loss of privacy. But it WOULD mean that the voters for the first time in history had the power to discover fraud.
Still Excessive Complexity for a Simple Solution (Score:2)
1) Each vote is recorded onto an optically sortable paper ballot, with human readable votes
2) The ballots are mechanically sorted into piles based on the optical marks
3) The ballots are mechanically counted one pile at a time.
Sure, it means three machines to do the work that other e-voting companies claim to do with 1, but look at what happens:
1) The voting booth is now simply a frontend. People select what they're voting for, and a piece of paper co
Re: (Score:2)
First this election had no fanfare, no media emphasis, it just showed up in the mail one day... AS the subject dealt with increases to city coffers it is understandable the want as few people discussing it ahead of time.
Next a large format postcard shows saying "Uh oh! we maile
2. The voter keeps a paper receipt. (Score:2)
Bad idea, very bad idea. Receipts showing how someone voted were gotten rid of where they were tried because the voter's boss, mafia don, or thug could demand the voter hand over the receipt to make sure they voted the way they were instructed to vote. Simply receipts take away anonymity.
FalconIndeed. Computer ballots (electrons) cannot work. (Score:2)
Using billions of electronic on/off switches in a machine that is meant to record 4-10 bits of information per transaction? Anonymously?? I don't think so!
The anonymous nature of the transaction makes our voting process fundamentally incompatible with highly complex electronic information processing. It's far, far too corruptible.
I don't think it will ever "eventually work" except in a form where the voter receives a computer-printed ballot they can verify before casting it. As for the el
Re: (Score:2)
Enjoy a free Big Mac today if you bring in your slip that says you voted for X!!
Or: Ah, late on the rent again. Tell ya what. Bring me in your voting slip next week that says you voted for X, and we'll call it even, otherwise you're out on the street.
This could be avoided if it was deliberatly made easy to counterfeit the receipts, but it's still an issue.
Re: (Score:2)
Can we PLEASE (Score:3, Insightful)
The general public does not know about the shit that goes on behind closed doors. They need to be told!
"Age of Electronic voting? (Score:5, Insightful)
Of course, I wouldn't be satisfied by anything but publishing the voters' choices. Not by name -- give them an anonymous unique voter ID so that they look at the database, they can say "ah, they got mine right".
Re: (Score:3, Interesting)
Not good enough: They might give all the people expected to vote for the Democratic candidate the same voter ID. If any of those people end up voting republican, the only visible discrepancy would be that some Republican votes were counted as Democratic -- which obviously wouldn't be considered caus
Re: (Score:2)
I don't think people would be too keen to participate if they thought nonces were involved.
Re:"Age of Electronic voting? (Score:4, Insightful)
And then, as you leave the polling place, a big guy mugs you, copies down your 'anonymous' voter ID along with your name (or just steals the voter ID and your ID), and delivers it to his boss. Hope you voted for the person they wanted you to... or else! In other words, you've just opened up the voting public to bullying.
The real solution to e-voting can be found at the Open Voting Consortium [openvotingconsortium.org].
Parent
Re: (Score:2)
Second, OVC is great, but I'm still putting too much trust in others without publicly auditable records.
Electronic voting and thugs (Score:2)
Okay, first of all -- hiring a mugger for each person and each election (your ID is unique to that election) tends to get expensive real quick.
Boy those receipts must be real heavy if a thug can only collect one of them.
FalconRe: (Score:2)
Re: (Score:2)
No, the solution to e-voting can be found in not using e-voting in the first place.
Undetectable Fraud Undermines Democracy! (Score:5, Insightful)
Our democracy has existed for 230 years. Electronic voting do little to nothing to expand democracy. What they do expand is the possibilities for hard to detect fraud -- something which *does* undermine our democracy.
Government and corporate officials (Score:4, Insightful)
Not as secure as it was originally made out to be (Score:4, Insightful)
Paper ballots? How quaint!.. The Floridian "poor", you see, were disproportionatly confused by them — much easier to have them use computers, which even a retired librarian, overseing the voting station on election day, will be able fix and to spot any and all possible tampering with...
Re:Not as secure as it was originally made out to (Score:2)
I find this to be an excellent point. I do not understand why anyone should choose electronic ballots. For me a computerized solution only works if actually provides some kind of improvement on the paper ballot system. And
Re:Not as secure as it was originally made out to (Score:2)
Paper ballots? How quaint!.. The Floridian "poor", you see, were disproportionatly confused by them -- much easier to have them use computers, which even a retired librarian, overseing the voting station on election day, will be able fix and to spot any and all possible tampering with...
So, 1 the librarian can read code, and is able to tell when the code was altered? And two, the librarian gets to see how you vote?
FalconPrivate Voting, Public Counting (Score:5, Informative)
Someone in this thread is going to state that HAVA 2002 mandates the use of electronic voting machines (aka "DRE" or direct recording electronic). That is false, as thoroughly explained in Voters Unite's Myth Breakers [votersunite.org] document.
Someone in this thread will make some statement about how electronic voting devices permit the disabled to vote in private. That's not exactly true. To the best of my knowledge, the existing products do not preserve the secret ballot. Nor are they particularly accessible. Meanwhile, there are solutions which do preserve the secret ballot and are accessible to disabled voters. Such as ES&S's AutoMark, the Vote-PAD, and EqualiVote. (There are some other novel systems, too. I just haven't researched them yet.)
Someone in this thread is going to state that electronic voting is just splendid, and we can make it work, if we just try harder next time. Fine. Show me. Then let's talk. Meanwhile, all current systems suck.
Someone in this thread is going to suggest that we have all paper ballots counted manually. Like Canada. Or Germany. It's not a bad idea. But it wouldn't work in the USA with our current constraints and expectations. To contrast, in Canada, the races are very simple and so the tabulation is feasible. In Germany, they have proportional representation and rely on their superior form of exit polls. Meaning their system is very tolerant of errors. And they have legions of civil servants working weeks to get the exact manual tally. Whereas here in the USA, politicians and news networks demand results now, now, now!
Someone in this thread may suggest it's all about the Republicans. Or the Democrats. It hasn't proven that simple. I believe it's a fight between the people in power, who want to stay in power, and us voters. I'm a pretty progressive guy. But I readily acknowledge the bad guys (with respect to election integrity) here in King County Washington are in the Democratic leadership. (My experience is that the rank and file of both major parties are completely on board with election integrity.)
Someone in this thread may also suggest that we eliminate the need for electronic voting at poll sites by transistioning to forced mail voting (100% vote by mail). Like Oregon State has done and where most of Washington State is heading. It's terribly idea. No more secret ballot. No more public vote count. Higher error rate. Huge more expensive. Long-term decline in voter turnout. It's a big topic. We've been researching it for about 9 months and have only scratched the surface. We discuss
Someone in this thread will also exhort the necessity of using a voter verified paper audit trail. They may even encourage others to support Rush Holt's HR 550. Unfortunately, the VVPAT is a placebo. What guarantees what's recorded is what's printed? Nothing. And experiences to date demonstrate that actually auditing the VVPAT is infeasible (1h 15m per ballot cast). That said, the efforts of VerifiedVoting.org and other are not misguided. Many states already have electronic voting machines without the VVPAT. So passing HR 550 would be better than nothing.
The take away point is this:
The most reliable, secure way to vote in the USA today is to use voter-correctable precinct-based optical scanners. That means paper ballots at poll sites fed into a ballot scanner.
Please support Voter Action [voteraction.org]. They have successfully prevented the use and procurement of electronic voting machines in a few states already. They are expanding the fight as fast as they can
Re: (Score:2, Interesting)
You're on. Where voter-verified paper audit trails (VVPAT) exist and enough are randomly sampled and recounted to detect fraud, it can be a success. Show me otherwise.
Unfortunately, the VVPAT is a placebo. What guarantees what's recorded is what's printed? Nothing. And experiences to date demonstrate that actually auditing the VVPAT is infeasible (1h 15m
EACH vote should be auditable (Score:2)
The precludes random-sampling schemes and non-physical ballots. (Leave the random-sampling to the exit polls, OK?)
We are talking about our political capital here: Would you trust a computerized service to make *anonymous* payments for you? Or would you prefer to use green pieces of special paper?
No wait, I'll answer anyway: Anyone choosing the former over the latter is purblind stupid or has a nasty agenda.
Random sampling of ballots (Score:2)
While it's true you can't get a sample that's properly weighted for age, gender, etc., you can get one that's random in each precinct, and you can further select additional preceincts either totally at random or weighted using historical data for 100% paper-ballot counts.
Here's how you do it:
You pick the closest race to determine your minimum sample size to have an acceptable confidence interval. All you ca
Re: (Score:2)
You don't need "legions of civil servants working weeks" to get manual tallies. You may want them to verify and officialize the tallies, but the counting can be started by election officials right after the booths close, in front of the public. Just get one person to record count and one to count ballots, put another pair to recount the s
And once you've taken care of casting the votes (Score:2)
FDA & Thalidomide (Score:4, Informative)
Actually, thalidomide [wikipedia.org] was one of the FDA's great successes...the drug was never approved in the US; most of the birth defects happened in Europe. It's one of the reason the FDA's drug approval process is so slow relative to other countries.
The public doesn't get it.... (Score:3, Interesting)
Of course, this will mean jail time for the perps, but I have two things to say about that. 1) Some would consider that a small price to pay for preserving democracy. 2) You might be able to get a light sentence if you mailed, before the election, some letters (saying "Do not open until after the election" on them) to several news agencies declaring that you are going to rig the election in order to expose the dangers to our democracy.
We have even more problems (Score:2)
True, significant, but not as bad (Score:2)
With GEMS, for example, one single person could change numbers in an Access database and throw an alection.
Re: (Score:2)
You forgot Ghouls, Mules, and Pools.
Re: (Score:3, Informative)
Here is what Rachel Carson actually said in her book:
Re: (Score:2)
Apparently you haven't been reading the news lately: Thai coup leader to install new PM in two weeks. [reuters.com] Looks like Thailand opted for the military option.