US Voting Machines Standards Open To Public

Online Voting writes "The U.S. Election Assistance Commission has published new voting systems testing and certification standards for 190 days of public comment. For all the critics of electronic voting, this is your opportunity to improve the process. This will be the second version of the federal voting system standards (the first version is the VVSG 05). To learn more about these Voluntary Voting System Standards see this FAQ."

Counterfeiting voting receipt

[Harmonious Botch]

It could be PGP tagged.

Why the continued paranoia?

[grahamsz]

Where does this fear of opening source code come from? Is there really a concern that some competing software vendor will copy their "tally up the votes" routine. I can see why banks and private companies want closed source, but why here?

The only answer I can see is that the machines are badly programmed or they have been rigged in some way.

Re:Sweet

[thatskinnyguy]

Several generations of my family have worked for Diebold. They're a fixture in the community of Canton, Ohio. They're really good at physical security. Hell. They make most of the bank vaults and ATMs that you see.

But when it comes to voting machines, the only thing that separates the voting machines from their other products is strong bias. Tamper with an ATM at the factory, sure some FDIC bank will lose a few thousand dollars but the one doing the tampering gains nothing. Tampering with a voting machine, the perpetrator stands to influence an election in ways they see fit.

My opinion on "software independence."

[zestyping]

Now for the subjective part of my comment. The concept of "software independence" is a laudable goal -- and achieving "software independence" as defined in the guidelines is certainly an improvement. Voting systems that fail to meet the guidelines' definition of "software independence" deserve little confidence, given what we know about bugs and complexity in software.

My problem with the term "software independence" is that it is misnamed. The guidelines give a definition of "software independence" that does not actually mean the election's correctness will be independent of software. Their definition is much narrower -- to achieve what they call "software independence," all that is necessary is a software-free way to audit the count of recorded votes. This has two big weaknesses:

1. Altering recorded votes is not the only way to tamper with an election. For example, this definition ignores the preparation and presentation of the ballots to voters. What about votes that are wrongly recorded, or never recorded at all? What if software failures are biased toward a particular group of voters?
2. It describes a vote count that is less than fully dependent on software. A voting system that is vulnerable to software bugs in 99.9% of realistic situations still counts as "software independent," as long as it's not 100% dependent. A system can technically be called "software independent" matter how vanishingly small the chances are of detecting a software error, and no matter how much work it would take to detect the error, as long as someone can conceive of a procedure that would detect it.

I think this is kind of sad, because it means we can no longer say "software independent" to describe voting systems that are actually independent of software, as in not dependent on software, i.e. what most people would think the term means.

Its not that freaking hard people

[Anonymous Coward]

I worked on the old mechanical voting machines in the early 90s. They were hard programed for with little keys that controlled the voting levers for each question. At the end, a giant summary sheet was printed out and totals were hand checked against number of people who voted and totals on the summary sheet. After the election was certified the machines had all the keys removed.

So how freaking hard is it to burn one PROM with the questions/canadates names to be displayed on the screen and a second PROM to contain the "Voting Control Keys"?

1) Certify the serial numbered PROMs
2) Seal the machines
3) Have the election
4) Certify the machine, print the summary sheet.
5) recover and process the machines results.
6) verify automated results vs summary sheets totals.
7) Certify the election
8) Wait whatever time needed for recount appeals
9) Break seals and pull PROMs and put in sealed storage.

Copyright (c) by the human race.

Still no access to source code

[simong]

Bzzt. Thanks for playing. The United States of America is still a banana republic. What is so difficult about full and open scrutiny? The first principle of any electronic voting system is that it should be open. There can be no proprietary code. It doesn't matter if Joe Six-pack can't read it, as long as someone who is independent from the government and the contractor can.

Re:big problem

[bVork]

Sounds like the problem is with your country's implementation of paper ballots, and not the general idea itself. Here in Canada, voting takes maybe half an hour at most. You show up, verify your identity, get your ballot, go behind a screen and put an X in the circle next to the candidate, fold it up, hand it to the person working the box, watch them place the ballot in the box, go home.

To supervise the whole thing, we require people from multiple parties to be present at the polling station. It's hard to fiddle with something when it has to be verified by two (or more) opposing people at the same time.

I don't understand your references to multiple ballots. Is each party on a separate ballot or something? Why in the world would it be done like that?

Re:I certainly much better now!

[Tim C]

at least people could verify the integrity of the systems

How would they do that?

Access to the source of the code running on your own PC is an excellent thing. It lets you modify it, confirm that it does only what it claims to do, find and fix bugs, and so on.

Access to the source of the code running on a machine that you have no control over is useless. You cannot confirm that it is the source of the running code. You cannot confirm that there are no hardware issues - intentional or otherwise - that are affecting the correct operation of the code.

Your swipe at MS, while predictable, is entirely irrelevant to this discussion. To continue your analogy, you want the source to the code running on your XBox or Playstation because you don't trust it. You don't trust the company providing the code, but they also provide the hardware and yet you do trust that?

You don't trust the system. You need to be able to verify the correct operation of the system. Access to the source to one part of that system does not give you anything but a false sense of security.

Re:How about

[Quince alPillan]

Or you could put the receipt in a ballot box after you're done reading it and it could be counted during a manual recount instead of what the machine counted.

Re:I certainly much better now!

[Rob the Bold]

Access to the source of the code running on a machine that you have no control over is useless. You cannot confirm that it is the source of the running code. You cannot confirm that there are no hardware issues - intentional or otherwise - that are affecting the correct operation of the code.

Amen to that. I worked for a temp firm for a contractor to ES&S when they were prepping the code for audit by a 3rd party under the previous version of the voting machine audit standards. The code needed major cleanup to comply with the coding standards (for readability), and we were in a time crunch, so everyone dropped what he was doing and worked on sanitizing the iVotronic code. After it was done, we had beautiful code. All variables were declared at the top of functions and names that made sense. No more globals. Functions had meaningful names and headers describing purpose, input, output, method, etc., etc., etc. We sent that software off to be audited for use in US elections. Of course, that code was never compiled. And it never made it back into the production s/w vault.