4121051
story
Comments: 114 +- News: Finnish Court Dismisses E-Voting Result on Saturday April 11 2009, @04:02PM
Posted
by
kdawson
on Saturday April 11 2009, @04:02PM
from the go-back-jack-do-it-again dept.
from the go-back-jack-do-it-again dept.
background: url(//a.fsdn.com/sd/topics/topicgovt.gif); width:57px; height:80px;
government
background: url(//a.fsdn.com/sd/topics/topicnews.gif); width:60px; height:66px;
news
wizzor writes in with a follow-up on the Finnish municipal election in which 2% of the votes were lost by a defective e-voting system, and which the Helsinki Administrative Court had found acceptable. Now the Supreme Administrative Court of Finland has rejected the election results (original in Finnish; bad Google translation here) and ordered the election to be re-run. The submitter adds, "Apparently 98% of the votes isn't enough to determine how the remaining 2% voted, after all."
Related Stories
The doctrine of human equality reposes on this: that there is no man
really clever who has not found that he is stupid.
-- Gilbert K. Chesterson
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
2% were lost... (Score:5, Insightful)
Re:2% were lost... (Score:4, Funny)
Depends how well they were "calibrated"...
Parent
Re: (Score:3, Insightful)
If 2% of the votes were lost, how many were incorrect or not registered properly? If the system can lose votes, it can very easily put them for the wrong person as well...
All of them. The voting device had serious usability issues, enabling people to get out of the booth without registering the vote.
Re:Usability Glitch? (Score:5, Insightful)
by Antique Geekmeister (740220) on 2008-10-29 8:47 (#25552091)
The card should have been locked into the machine until the voter said 'OK' or cleared the screen, and locked it in with an alert and a deactivation warning if the person left the booth without doing either. Anyone can get confused about simple directions for an entirely new system. How many of us have tried to walk away from an ATM with our card still in it because we were distracted?
Re:2% were lost... (Score:5, Insightful)
Parent
Re: (Score:3, Insightful)
Uh, no
You don't think there may be differences in how people who are "elderly or those who work in schools", "usually unemployed or work non-standard hours" and "usually work a regular day job" might react to bad UI design?
(Using the categories proposed by GP).
2% creates doubt and mistrust (Score:3, Insightful)
2% creates doubt and mistrust in the election results and that is unacceptable. What if the votes were lost in a non-random fashion? What if the same e-voting system gets reused later in a case where 2% could mean the difference between a seat going to one candidate or another? What if the root cause of the loss caused other problems as well? What does it say about the quality control and security of the system? People should be able to trust the outcome of an election.
Where do you draw the line? (Score:2)
If 2% is acceptable then what about 5%? 10%...? Where do you draw the line?
The running of an entire country is at stake here and 2% is certainly enough to show there's serious problems with the system.
how many coffin nails will it take? (Score:5, Insightful)
E-voting has had more lives than a cat. It should be over, done, kaput. An experiment that failed.
Re: (Score:2, Insightful)
It still amazes me that we put full trust (and R&D $$$) into electronic banking systems yet can't get the same technology to work for something as simple as counting votes.
Banking doesn't usually require anonymity (Score:5, Insightful)
Parent
Re: (Score:2, Informative)
This is actually a solved problem. When you vote, you get a unique random sequence of characters. After the election is completed, a list of all votes is published. Next to each vote, the SHA1 sum of the voter's personal ID number concatenated with the random characters is listed. Example (truncated SHA1 sums):
64038c437f2c republicans
aea7fb41626d republicans
86895065f8
Re:Banking doesn't usually require anonymity (Score:5, Insightful)
Parent
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Unfortunately this enables coercion and vote-selling, as does any system that gives the voter a receipt that can be linked to how they voted. An Evil Election Stealer can say, if you vote for candidate X, everything will be fine. But please tell us the code that the voting machine gave you, so we can be sure you did what we told you to do.
Re:Banking doesn't usually require anonymity (Score:5, Informative)
If you gave up secret voting, you could likely make a 'secure enough' voting system, since anyone could check their own vote in the system.
There's no need to give up on secret voting to get this. Thanks to advances in cryptography we can have secret *and* verifiable ballots. An example implementation can be found at Helios voting [heliosvoting.org]. Also, check out a description of a paper based system: Scratch and Vote [adida.net] [PDF]
Parent
Re: (Score:2)
Re: (Score:2)
But that raises the next question: Verifiable by who?
Saying that there are some experts who can verify the proper execution of an election simply isn't good enough, at least not if you want to call that election "democratic". With paper ballots marked with pens and placed in a ballot box, any voter of normal intelligence can observe an election, understand the security properties needed at each step, and see for themselves if those security prop
Re: (Score:2)
Utter bull.
The mathematics do not address situations like results of temporary calculations being stored in hard disk and never overwritten.
Re: (Score:2, Insightful)
To verify the system, only a small absolute number (not percentage) of people needs to verify it. Assume 1% of the votes are incorrect and 500 random (from the cheater's perspective) people verify their hashes. The probability that none of these are victims of a forged vote is 0.65%. If only 0.1% of the votes are tampered with, you need 5000 people to achieve a similar percentage.
You
Re: (Score:3, Informative)
I'm also a Finn and I was counting the votes at the municipal elections in Helsinki late last year. The system is even more tamper proof than described previously. First of all, the ballot box is checked at the casting of the first vote that there's no extra votes within the box. The first vote is stamped (like the rest will be) and put in to the box. The parties have a right to set an observer for the whole time until the votes have been counted. The next day the votes are recounted (which is where I was p
Re: (Score:3, Informative)
Internet-voting is absolute horror. It can be made technically sound but that's about it. Who can assure that it is my wife who gives the vote and not me who stole my wife's ID card or whatever (not that I would do so, just for example)? Who can assure that one isn't giving vote under physical threat? Rhetorical questions but current paper & pen method prevents these kinds of situations perfectly.
Re:how many coffin nails will it take? (Score:4, Insightful)
It still amazes me that we put full trust (and R&D $$$) into electronic banking systems yet can't get the same technology to work for something as simple as counting votes.
"I consider it completely unimportant who in the party will vote, or how; but what is extraordinarily important is this--who will count the votes, and how." - J. Stalin
Electronic voting does not have an inherent paper trail.
Parent
Re: (Score:2)
(potentially) overjoyed (Score:2)
A pro-cycling candidate didn't get in because he was short just a handful of votes. Well, now they're organizing the voting again (from the article in Finnish (yeah, I'm one of those who actually understand that crazy language)) and my candidate has another shot at it :o)
Don't you love second chances?
Of course, the real reason I'm happy is that this absurdity with 2% invalid voting has been overturned. Everybody knew that Helsinki Administrative Court's (Hallinto Oikeus) decision was shit - so, I celebrate
Re: (Score:2)
How is it a second chance? There so far has been no first chance, since the votes made the first time around don't count.
Think of it as a chance for whoever is in charge of that election *NOT* to misplace 2% of the electorate.
Re: (Score:2)
Or viewed from the other side, a chance to participate in a fair[er] election.
A bold prediction (Score:5, Funny)
I bet Diebold, or Premier, or whatever it is that pack of cheats and liars are calling themselves these days, won't be trying to place their voting machines in Finland any time soon. I doubt they could attain 98% accuracy even with only one candidate on the ballot.
Re: (Score:2)
Re: (Score:2)
Since the election used a blackbox system (ie. no voter verified paper trail), we have no way of knowing whether the votes were recorded as cast or not. It's relatively easy to discover if the total number of votes recorded is inaccurate. Finding out whether they were recorded as cast is an entirely different thing.
The problem in this case appears to be a usability issue, so there is no reason to be more suspiciou
Most still voted with traditional methods (Score:4, Informative)
From EFFI (Score:5, Informative)
Effi has an English article on this (Score:3, Informative)
Electronic Frontier Finland (Effi) has an English article [effi.org] on this matter as well.
More Info in English (Score:4, Informative)
More about the case in English
Yle News [yle.fi]
Helsingin Sanomat [www.hs.fi]
Newsroom Finland [finland.fi]
2% of the Vote? (Score:2)
And why should they be? Not every country has a 'winner take all' simple majority voting system. And even if Finland doesn't, every vote has to be understood to have been counted even if they didn't go to some arbitrary clear-cut winner.
Besides, that race might very well have been neck-and-neck. 2% of the vote either way might have decided it.
News in English (Score:5, Informative)
Finnish e-voting results annulled, municipalities to hold new elections [effi.org] by Electronic Frontier Finland ry (Effi), the best summary in English, IMO;
Helsingin Sanomat [www.hs.fi];
Helsinki Times [helsinkitimes.fi];
The Brad Blog [bradblog.com];
NewsRoom Finland [finland.fi];
YLE [www.yle.fi]; and
Turre [turre.com] (the lawyers that won the case).
The voting system was provided by Tieto [tieto.com] and Scytl [scytl.com]. In their News Page [scytl.com], Scytl declares: "Scytl's Pnyx.core successfully used in local elections in Finland" Shouldn't they update this...? It is even possible that the 2% of the votes lost was due to the Pnyx.core, instead of usability issues with the voting terminals, as has been commonly assumed - who knows.
Interesting facts about the case (Score:4, Interesting)
It is of course a completely correct decision from the supreme court to re-run the elections, and we are very happy about it.
But it has been interesting to follow the developments and the various attempts to avoid this outcome.
Before the elections, the minister of justice, Tuija Brax claimed any possible problems were "science fiction". After the elections and when the problems were announced, she has not been a support of new elections, just stating that the courts need to decide. However, she was quick to launch an internal investigation and fire the Director of Elections. Not sure the director was really the true guilty person here, but at least a scapegoat had been found...
The city voting boards very resisting new elections for the last second. They came up with interesting claims to prevent this from happening. One claim that we've heard often -- even after the decision -- is that the new elections do not matter, because the party situations would not change. Well, they were missing the minor issue that in Finland the election system is based on voting on persons, not parties. Some of us do care about who we vote there. A more sinister claim was that the voters had conspired to misuse the voting system on purpose, to show that it was unreliable (!). Now, talk about science fiction, maybe these guys could be of some use in the JFK murder investigation? Not to mention the fact that a correctly implemented voting system should not be vulnerable to such misuse.
The three cities involved are now extremely unhappy with the ministry, as the law requires them to pay for the new elections. The ministry has promised an extra budget to help out... though in my mind, the architects and vendors of the system should get to pay.
Its also been extremely difficult to get any information from the government on the details of the system. The local EFF wanted to take a look before the elections, but was refused (or impossible NDAs were requested). I made an official request to get the cost information of the entire project, and the government claimed that they have no such information. One number that has been circulated in the press was 700 000 euros, but that seems low, given that a large number of design and specification work went in, even at the ministry level not to mention the vendors.
All in all, a happy outcome:
- director of elections fired :-)
- minister is now pro-open source and paper trail
- general knowledge of possible problems in e-voting was increased in the country
- elections are re-run
However, everyone is quite focused on the specific bugs we experienced, thinking that individual bugs can easily be fixed. I'm more worried about the process and the way that these things are done. I don't see a way to avoid bugs next time either, for instance. Lack of verifiability, openness, government not listening to citizens or outside experts, blind acceptance of vendor sales pitches, lack of sensible motivation for the entire effort are the worrisome aspects.
Re:What was the margin of victory? (Score:5, Informative)
If the margin of victory was greater then 2 percent,
It was not, as best as I can tell from the translation:
Kauniainen municipality electronically of the votes lost to two percent, and for missing votes in the number would have been enough change in the outcome of the elections.
Parent
Quick and dirty translation (Score:4, Informative)
The story isn't that well written. The system allowed the user to remove his ID card before the vote was registered. The lack of a paper trail is a large problem, and the lack of openness in the design doesn't help to gain the users' trust. Further, the system was designed by Tieto Oy (formerly TietoEnator), also responsible for the new systems at Sampo Bank (with numerous login problems, XSS exploits and such). Vestigia terrent.
Parent
Re:What was the margin of victory? (Score:5, Insightful)
In theory, because of the voting system used, 2% of the votes could have dramatic consequences. Of course, we'll never know because the votes are anonymous and the recipients secret, but if you think that quite a lot of candidates got in with just a few dozen of votes, you can clearly see how 2% could have determined a lot.
Parent
Re: (Score:3, Interesting)
If the margin of victory was greater then 2 percent, then it should be non-issue as far as who is in office. But it should be fixed for the next election.
There were several issues here. First, according to some sources, a few elections were close enough that 2% may have made a difference. Second, the machines put in place did not have adequate safeguards against fraud or adequate ability to do accurate recounts. The former is enough to have to do one or two elections over, but the latter was such that the people running the elections were declared to have been potentially acting in bad faith and the equivalent of a constitutional right to equal voting was vi
Re: (Score:3, Informative)
In municipal elections of Finland, each municipality chooses it's leaders. The amount of depends on the size of the municipality but in mine (Vantaa), there are 67 representatives for less than 200 000 people and not nearly everyone votes (it's closer to 100 000 people voting).
Add to that that we use different system than the USA. The person who gets most votes within any given party gets all the votes given for that party. The person who would have gotten second most votes gets half of the votes given to t
Re: (Score:3, Interesting)
And besides that is not even the point in my opinion. I was candidate in our municipality (but not in those in question) and I couldn't care less if one or two votes were missing. The issue I think is that we can now point our fingers and say "There, there is the problem. Now fix it!" and because this was forced on us by our goverment it is the goverment's job to fix the problem. So it is no matter if 1, 2, 3 or 50 percent of votes were lost. Just fix the damn problem and be done with it!
Of course fixing th
Re: (Score:2)
With an error so large in such a critical application, you cant be sure that 2% is the correct number. A flaw this large calls the entire result in question, as it rightfully should.
Re: (Score:2)
Unless you're actually serious about the importance of voting, in which case the response here is very simple: Throw out the invalid votes (all of them) and re-run the election.
Re: (Score:3, Interesting)
"300 years"? Really. What, then, did the ballot act of 1872 [wikipedia.org] do?
And then there is the matter of numbered ballots...
Re: (Score:2)
Industrial Design 101: A system, such as a user interface, whether mechanical, software-based, or both, that allows a transaction to be left in an ambiguous state, is indeed a defective design.
At the very least, they could have designed it to warn the user, upon yanking out their ID card *mid-transaction*, with loud sounds and flashing screen messages. Or, to notify the voting administrators that a vo
Re: (Score:2)
Some ATMs are designed to perform in this way - your card is not returned until you have completed whatever function(s) you began.
So a person distracted with music or a cell phone takes their money from the ATM and for some reason runs off, leaving their card.
Around these parts it used to be that way, now it's the opposite: you make your transaction, and the machine spits out your card and prompts you to take it before it spits out the money and/or receipt. YMMV.
Re: (Score:2, Interesting)
I guess the problem was that these people also "knew", and thus didn't see the need to actually test the interface on a sufficient number of people - There's a 95% change that at least 1 out of 150 random testers would fall victim to a 2% failure rate. If you allowed the testers to leave feedback, the mistakes could probably have been discovered a lot faste
Re: (Score:3, Insightful)
It sure seems like an easy problem, doesn't it.
As a programming problem, it seems like an easy problem because it is. Thing is - it's not a programming problem. It's a security problem. As a security problem, the programmer is the most significant potential attacker. Does it still seem easy?