Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Government Security Politics Technology

Avi Rubin and More on Electronic Voting 404

jgo writes "Johns Hopkins Computer Science professor Avi Rubin, posted his experience as an election judge on his website. It's an interesting read and exposes some potential security problems with electronic voting. At one point he held in his hand the five memory cards containing all of his precinct's votes." Rubin had posted his experience in the primary election earlier.
This discussion has been archived. No new comments can be posted.

Avi Rubin and More on Electronic Voting

Comments Filter:
  • by nerd256 ( 794968 ) on Saturday November 06, 2004 @04:20PM (#10743117) Homepage
    "At one point he held in his hand the five memory cards containing all of his precinct's votes"

    whats keeping him from replacing one/all of them with doctored records. He complains that the voting machines could be tampered with, but there needs to be more safeguards than just the code.

    How hard is it to add a little printer? it would be much more conspicuous replacing a four-foot stack of receipts with ones from the back of your van.
    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Saturday November 06, 2004 @04:41PM (#10743203)
      Comment removed based on user account deletion
      • by Anonymous Coward on Saturday November 06, 2004 @04:51PM (#10743242)
        Or you're just designing a system with a layer of redundancy.

        Do you say the same thigns about the redundant systems on an aircraft, a nuclear power plant, cruise missiles, nukes? No? Ok then.

        In the case of something improtant, no matter how well you've designed the system, you always have layers of redundancy. In this case, it's leaving a paper trail.
        • by plastik55 ( 218435 ) on Sunday November 07, 2004 @03:48AM (#10745555) Homepage
          You can duct tape a Timex onto an atomic clock but that doesn't make it a redundant system.

          It's simply false that redundancy is an indicator of reliability. Did you know that the rate of deaths in twin-engine aircraft is an order of magnitude greater than the rate of deaths in single engine craft?

          In the cases of aircraft, powerplants, and weapons, the designers of the system have carefully considered the failure modes of their system, and ensured that if there are redundant systems, that they are effective.

          I work in the medical devices industry--before we can bring a device to market, we must convince FDA that the design followed an accountable process and that the potential risks to patients from failure of the device are suitably small. The procedures for documenting the process and performing the risk analysis are fairly well established and work well. Similar sorts of standards are enforced by the FAA, DOE, and the military for the systems they deal with.

          The lack of such a standard for elections, and the complicit lack of a risk-management mentality, is glaring. But each of the aforementioned agencies seeems to have arrived at its procedures seperately and independently, after a spotty history of accidents, so it's not a big surprise that we'd have to re-invent the wheel yet again for elections. Multiply that by the fact that each municipality determines the standards for its own elections and there's a lot of re-learning to be done.

          Presumably the intent of a paper trail is to reduce the probability that votes are lost or falsified.

          So do the risk analysis: How likely is it that the electronic system will have its results lost or falsified? Now, what measures are in place for detecting a failure?

          How likely is it that IF the electronic system fails, then the failure will be detected? How likely will it be that a failure is indicated when no failure has actually taken place?

          Now how likely is it that if the failure is correctly detected, that the paper trail will provide useful results?

          Get in the habit of asking these questions and you soon realize, the mode in which the vote is implemented doesn't matter, it's the process. Two systems can be wed to provide a more reliable whole, but more often when you tie two systems together you just have a larger system that exhibits all the failure modes of its components, PLUS all the failure modes of their composition.

          At work I'm constantly shooting down hare-brained redundant systems. Typically we are considering some safety issue and a check that has been put into place to try to address it. Only problem is the mitigator is only effective in a very idealized case (oh teh noes!!! haxx0rs in teh yu0r voting boxxen!!!!1!!one), while a more typical falure takes out the mitigator as well. Considering the inherent unreliability of additional complexity, these schemes are less than worthless, and should be replaced with a proper design for the original system.

          I find it absolutely hilarious that the huge push towards electronic voting was motivated by the perceived unreliability of paper-based voting systems in the 2000 elections, yet the techno pundits are insistent on wedding them to paper records like some kind of magic talisman.
      • by evilquaker ( 35963 ) on Saturday November 06, 2004 @04:54PM (#10743251)
        I keep hearing this argument that electronic voting machines should have a paper trail. Apart from the fact that it is meaningless (any programmer knows that the printout doesn't have to match the vote that was recorded internally) there is a more fundamental problem.

        The idea is that the voter can verify that the printout matches their wishes. The printout is the master copy, not the internal count. The latter is just more convenient -- for the voter and for the tallier.

        By adding a printer, you're conceding that the electronic voting machine may not innately be able to provide complete confidence in the result.

        No piece of non-trivial software can ever be considered bug free, and therefore, no software ever deserves complete confidence. For that matter, hand-counting shouldn't have your complete confidence either. People make mistakes; shit happens. That's the whole reason for QC.

        By conceding that the electronic voting machine's results cannot be trusted, you're saying that you have no basis upon which to reject a request for a recount of the paper receipts. In other words, you're back to hand-counting paper votes each time.

        You should have no basis upon which to reject a recount. The paper ballots are the masters. If there is a serious challenge, then they should be recounted. But in any case: you should verify a selected sample of the machines' votes in every polling station to make sure that they are giving reasonable numbers. This is just the application of industry-standard quality control procedures to voting machines. It boggles my mind that electronic voting was ever considered without them.

        • Re: (Score:3, Insightful)

          Comment removed based on user account deletion
          • Hand counting is not infallible, but at least a layman can go and watch the people doing the counting.

            Big deal... I can watch the guy count. I can understand what he's doing. Without actually recounting it myself, I can't make sure he's actually counting it correctly. The fact that it's simpler to understand doesn't make it simpler to verify.

            How do you determine whether your voting machine is working or not ? You have to employ an engineer ($$$), and then you have to trust that he's not lying to yo

            • Big deal... I can watch the guy count. I can understand what he's doing. Without actually recounting it myself, I can't make sure he's actually counting it correctly. The fact that it's simpler to understand doesn't make it simpler to verify.

              We're really talking about finding a technological solution to a social problem. Until the nation as a whole acknowledges in their heart every citizen's right to cast their vote and have it be counted, we're screwed.

              Here's a simple low-tech step in the right direct
              • Keep the polls open for a few days? That does nothing to help the problem. You realize that in many areas of the country they're struggling to get the required election inspectors at each polling station? You realize that these people already give 12 hours of their day, and that many of them are senior citizens? You can't ask them to work three 12 hour days in a row, and you can't find the workforce to fill in where needed.

                The nation as a whole already acknowledges every citizen's right to vote, hence
        • boggles my mind that electronic voting was ever considered without them.

          And is still being considered. That's what happens when you get self-serving politicians making very unfortunate decisions. After all that's been said about Diebold, security, the dangers of having proprietary software govern the voting process, and the lack of quality control, I can't believe that ANY government in the US is still buying. But they are.

          Actually that would be an interesting OS project - voting software.
      • by nerd256 ( 794968 ) on Saturday November 06, 2004 @04:54PM (#10743252) Homepage
        I take it you don't like to run test cases on your code.

        (1) the paper trail advocates argue mostly for the post-electoral controversy. The voter will confirm that his/her paper ballot matches the intended vote before it falls into the receipt bin. Thus, afterwards, if a hacker/act of god changes the electronic vote, one can verify them with the paper ones. It is much harder to inconspicuously change the paper printout.

        (2) The votes would only be checked on seeing a noticable anomaly or severe difference of votes than one would expect.

        (3) "you have no basis upon which to reject a request for a recount of the paper receipts." True, however, not if a politician knew this was futile, he would not sacrifice the time and sanity of people by asking for a recount. Case in point: Kerry steps down to Bush though he could have easily pressed legal action.

        Electronic voting is not perfect, but with the right safeguards it can become a practical alternative to the time-consuming sole-paper methods.
        • Re: (Score:3, Insightful)

          Comment removed based on user account deletion
          • by cookd ( 72933 ) <douglascook@NOSpam.juno.com> on Saturday November 06, 2004 @06:39PM (#10743756) Journal
            The same way we decide about a recount in any other situation. Whether electronic voting machines are involved has nothing to do with it. If (we need a recount) { do a recount; } The type of vote tabulation system doesn't enter into the equation, unless the system doesn't allow for recounts, which is a Bad Thing(TM).

            There are laws about how to determine the value of (we need a recount). Generally, if one of those laws applies, a party can sue for a recount, and if the judge agrees that the law applies, a recount is ordered.

            Current methods of determining (we need a recount) include:

            -- Was the vote sufficiently close that the margin of error in the vote tabulation system might have been enough to swing the vote? (Most systems have a reasonably well known margin of error. A few tenths of a percent of bubbles don't get read correctly by the bubble-sheet scanners, a few percent of holes don't get read correctly on punch cards, etc.)

            -- Were the results of the vote significantly different from exit polls or opinion polls?

            -- Was there evidence of fraud?
      • by melquiades ( 314628 ) on Saturday November 06, 2004 @04:56PM (#10743265) Homepage
        The machine doesn't just print out a paper record internally; what voting rights groups are asking for is a voter-verifiable paper trail: the voter can inspect the paper record of their vote. This paper record goes into a ballot box, just like a normal ballot. If the result is disputed, it's possible to have a paper recount.

        Of course, this is still subject to security problems -- e.g. what if an election judge discards some of the paper receipts? -- but they are problems shared by traditional paper balloting. The thing is, it's a lot harder to get a corrupt election judge in every precinct than it is to get one corrupt programmer in every voting machine company, so widespread rigging is more difficult and easier to discover.
      • What is the problem with counting paper ballots? In Canada, we use paper ballots where the voter checks off his preferd candidate with a pencil.


        We always get our results in a timely manner and, to my recollection, there have never been any problems with the vote counting.

        • Also in Canada.

          This only works where there is one thing to choose on the ballot. It would take many hours to tally votes for many positions as I assume is done in the USA. I am custodian in a school that has been used for federal, provincial, and municipal elections. It takes a couple of hours after the polls close to hand count the 'choose one candidate' ballots and finsh the paperwork.

          For the municipal election in Edmonton, where we vote for mayor, councillors, public or separate school trustees and any

      • What's wrong with a pencil, a piece of paper, and a count process to which the candidates (and their lawyers) can be invited to ?

        Because that would be, like, so untechnological. If ever there was a thing that *should be* untechnological, it'd be voting.

        The US, in its wisdom and reliance on expensive stuff, thinks that plain old paper is not good enough.

        You deserve what you allow the computers to get away with.
      • by jbr439 ( 214107 ) on Saturday November 06, 2004 @05:21PM (#10743363)
        In Canada we take a piece of paper, mark an X on it, go home, and wait for a bunch of people to count the results. It doesn't get much simpler than that.

        Canada does any number of things wrong, but I've got to say, the US fixation on a high-tech solution to a low-tech problem is mind-boggling. There must be lawyers involved somehow.
  • by asadodetira ( 664509 ) on Saturday November 06, 2004 @04:20PM (#10743120) Homepage
    Human mistakes could affect results in voting machines.
    The voting machines should be supervised by robots...with shotguns
  • Doubts (Score:5, Insightful)

    by base_chakra ( 230686 ) * on Saturday November 06, 2004 @04:21PM (#10743123)
    From Professor Rubin's account: "If we continue to use the kind of insecure DREs that were used in this election, it is only a matter of time before somebody exploits them. And the worst part is that we may never know it." [emphasis added]

    It seems that no one really wants to come forward and raise this as a serious concern for this election, despite the fact that it's entirely plausible. Unfortunately, it seems highly unlikely that anyone who dares cast doubt on this election will be regarded as objective.
    • Re:Doubts (Score:5, Interesting)

      by EyeSavant ( 725627 ) on Saturday November 06, 2004 @04:36PM (#10743186)
      It seems that no one really wants to come forward and raise this as a serious concern for this election, despite the fact that it's entirely plausible. Yeah, that worries me a bit too. A wrinkle is the fact that all the early exit polls pointed to a Kerry victory, the republicans were depressed, the democrats estatic. Then when the real results started coming in the situation was reversed. Especially when you have the president of Diebold a very strong Repubican. There is probabally nothing in it, and for whatever reason the exit polls were wrong. Normally they are pretty accurate though. It is probably for the best to try to forget about it, and make sure that these stuff is fixed for the next election. The other huge problem is the amount of gerrymandering that goes on. You really need to get the partisan officials OUT of the redistricting. The house of representitives elections are becoming insane, with a lot of stupidly safe seats. only something like 10% of house seats are competetive, and that is really really bad for democracy. If the only way you can lose your seat is if you get deselected by the party faithful, then it polaizes the politics, and noone moves to the centre, and it becomes a real mess.
      • Re:Doubts (Score:2, Interesting)

        by alfredo ( 18243 )
        More than doubts, check out this PDF
        Graphs.pdf [infionline.net] Clicking this link will start a download.
      • Re: (Score:3, Insightful)

        Comment removed based on user account deletion
      • Re:Doubts (Score:5, Interesting)

        by CAIMLAS ( 41445 ) on Saturday November 06, 2004 @08:10PM (#10744214)
        Probably nothing to it? Probably nothing to it, you say!

        Then I guess it's just a big coincidence that exit polls have been fairly reliable, up until the point that digital voting machines began to be used. Starting then, exit polls stopped being used as a 'reliable' predictor for the vote.
      • Exit polls (Score:3, Informative)

        by mdfst13 ( 664665 )
        "A wrinkle is the fact that all the early exit polls pointed to a Kerry victory,"

        This would actually be expected in most voter models. Republicans should get the early advantage in people voting on their way to work (the first hour or so); then Democrats get the advantage as people out of work or in odd shifts vote (those same early exit polls also indicated that 60% of voters were women--the mid-day housewife bump); then Republicans recover in the evening as people get off work. This is more a problem w
    • Re:Doubts (Score:5, Interesting)

      by lawpoop ( 604919 ) on Saturday November 06, 2004 @04:37PM (#10743187) Homepage Journal
      "Unfortunately, it seems highly unlikely that anyone who dares cast doubt on this election will be regarded as objective."

      Time to put the tinfoil hat back on, you paranoid pinko!

      Seriously, someone has cast doubt [slashdot.org]. Blackboxvoting.org [blackboxvoting.org] blanket the country with freedom of information requests on election night. They currently need $50,000 to complete the audit. I gave [slashdot.org] $100. Let's see what we can do together as slashdot.

  • VIVA.... (Score:3, Funny)

    by ilikeitraw ( 706793 ) <dca_102@hotmail.com> on Saturday November 06, 2004 @04:21PM (#10743126)
    ... CANADA ! I'm OUTTA here. Later suckers !
    (free weed, no guns (only laser warfare), and you can travel and not be hated... amazing).

    Laaaaaaaaaaaaaaaaaaaaaaaaaaaaaate !
  • by DigitalRaptor ( 815681 ) on Saturday November 06, 2004 @04:22PM (#10743132)
    With stuff like this [cnn.com] already being detected, and such weaknesses in the system (one man being able to "lose" or otherwise destroy or alter all votes in an entire precinct), non-open source electronic voting is a dangerous situation.

    We're on the verge (or way past it) of the average citizen losing all power and control within their country, and electronic voting is just another step.

    The only hope is for citizens and groups to adamantly insist on open source, safety procedures, regular audits, and paper trails. Unfortunatley, I see few if any of those things happening anytime soon.

    • No more machines (Score:5, Insightful)

      by tinrobot ( 314936 ) on Saturday November 06, 2004 @04:51PM (#10743244)
      I'm as much of a geek as anyone here, but there are some problems that cannot be solved by technology. I don't care if the voting machine is open source, voter verified, paper backup... whatever, when the votes are counted on a machine, there is more chance for abuse. Single point of failure,

      I am a voting Luddite. Vote on paper, count on paper. Distribute the load.
    • They want electronic voter sign in. The books will be replaced by an electronic sign in. This will be connected to the voting machine. So much for a secret ballot, so much for comparing the number of voters to the number of votes cast.

      BTW, the owners and main programmers for Diebold are not just Bush pioneers, but are also Dominionist. Google the goals of the Dominionist.
    • A voting machine can be tampered with in many ways. Even if you audit the code of the voting software itself, you can not trust the machine.
      F.e. you would also have to audit the toolchain (in binary - not the source), the whole OS, the means of transportation (exchanging CF cards or tampering with routers) and the backend. (How can you be sure the database isn't changed afterward?)

      And you have to make absolutely sure only the revieved components are used on each machine.

      This is perfectly not doable.

      You c
  • by djaxl ( 543958 ) <[moc.puorgavaleulb] [ta] [ikswolsewa]> on Saturday November 06, 2004 @04:24PM (#10743138)
    Glitch gave Bush extra votes in Ohio.
    Franklin County's unofficial results had Bush receiving 4,258 votes to Democrat John Kerry's 260 votes in a precinct in Gahanna. [cnn.com]
    Records show only 638 voters cast ballots in that precinct.
    • by Skuld-Chan ( 302449 ) on Saturday November 06, 2004 @07:07PM (#10743915)
      What I found funny about this article is they were quick to say no other counties were affected. How do they know? The only reason someone noticed this is because the machine gave Bush votes to 4000+ people more than the town had.

      Also - it isn't curious how the machine errored on the side of Bush?

      Plus there's no talk on what kind of bug could automatically enter in votes for Bush? I support point of sale software for a living, and despite the many bugs they do have I've never once, ever, ever, ever seen the programs I support enter line items automatically, or create invoices automatically - or even create more than one invoice when the user only wanted to create one.
  • A Suggestion (Score:5, Interesting)

    by 26199 ( 577806 ) on Saturday November 06, 2004 @04:27PM (#10743147) Homepage

    How's this for a way of safely conducting electronic voting...

    Give everyone a GUID, a complete random key of sufficient length that you can't simply guess and get a valid GUID. Mail it to them.

    When a person votes, their vote is stored against their GUID, in a publically accessable database. Anyone can check that their vote has been correctly counted by looking up their GUID in the table.

    Voting would effectively be pseudonymous instead of anonymous. (With a new pseudonym for every election).

    • Re:A Suggestion (Score:5, Insightful)

      by macdaddy357 ( 582412 ) <macdaddy357@hotmail.com> on Saturday November 06, 2004 @04:33PM (#10743171)
      None of these high-tech whizbangs is trustworthy, and all of them are too expensive. Marking paper ballots with No. 2 pencils is a simple and effective solution. If the scanning whizbangs screw up human eyes won't.
    • clever idea
    • Re:A Suggestion (Score:2, Interesting)

      Voting is anonymous for a reason.

      People lose information like this quite frequently. My ability to vote should not be dependant upon whether or not I can keep track of a slip of paper for 2 years.

      And most importantly, we shouldn't need to impose a system such as this in the first place. We should have secure, open machines with a procedural protocol so that there is little room for a malicious person to tamper in the first place.

      This idea tries to patch up problems caused by eVoting machine
    • Give everyone a GUID, a complete random key of sufficient length that you can't simply guess and get a valid GUID. Mail it to them. [snip]

      But who's checking for votes from dead and imaginary people?

      The GUID would be based partially on voter precinct, so if the number of registered voters is less than the number of GUIDs for a district, raise the red flag. But that remaining problem is an old one: how does one prevent insiders from 'creating' new constituents?

    • The problem with not having an anonymous election is that there's always the possibility of coercion. eg.

      "If you don't give me your GUID after the election and prove to me that you voted for candidate X, I'll make sure that you'll regret it."

      Is there any way you can ensure there's no coercion? I'm not convinced. Furthermore, if you mail a unique ID to people (as you've suggested), you have no guarantee that someone's not going to run around mail boxes collecting them, or that everyone who's ha

    • Give everyone a GUID, a complete random key of sufficient length that you can't simply guess and get a valid GUID. Mail it to them.

      When a person votes, their vote is stored against their GUID, in a publically accessable database. Anyone can check that their vote has been correctly counted by looking up their GUID in the table.

      The problem with this is that people could easily sell their vote. And then the buyer could check with the GUID.. I still believe that the only good way to vote is with hand coun

  • by tinrobot ( 314936 ) on Saturday November 06, 2004 @04:28PM (#10743149)
    When all of the votes are on one machine, one person can contol the votes. We need checks and balances.

    With a manual system, it takes hundreds of people to count the vote. Sure, it takes more time, buit I can wait. Sure there may be a few people with nefarious intentions, but those few people might be able to throw a precinct, not a whole state (or country!) Usually when hand counting, two or three people count anyways, so there's even more checks and balances built into the system. Our country is built on checks an balances. We need that in the voting system as well.

    I truly belive voting problems are the number one issue facing our country. If can't trust the vote, then we don't have a democracy. If one election can be stolen, the next one will be stolen as well. Very slippery slope.
    • In New Zealand we have party-appointed scrutineers looking over the shoulders of our (human) vote-counters; as a result, we're pretty sure that our votes will be counted correctly. And they're all counted by the end of election night -- no dimpled chads :-)

      But our election system is much simpler than that of the US. I've seen your ballots - they've got vast numbers of choices on them, and this makes manually counting the votes much more difficult. Here, and I suspect in most other countries where votes
  • Black Box Voting (Score:5, Interesting)

    by cardmagic ( 224509 ) on Saturday November 06, 2004 @04:28PM (#10743152) Homepage

    Please watch this free 30-minute film [votergate.tv] about black box voting machines.



    We have all been scared about Diebold and other black box voting [wikipedia.org] machines, and for good reason [cnn.com]. Apparently one of the central machines from Election Systems & Software Inc. tallied 115 votes for Bush in a certain county, while another machine tallied 365 votes for that same county. Which one was right? There is no way to tell, because "it is too hard" to add a printer to a counting machine. It is not like they have been doing that for 30 [wikipedia.org] years [wikipedia.org]. But who needs to do a recount when the machines are infallible, right?



    Most infuriating of all is that Republican Senator Hagel, the former Senate Ethics Director, resigned after admitting that he owned Election Systems & Software [scoop.co.nz]! That's right, the same voting machine maker that 60% of ALL VOTES in the U.S. are counted on, the same one that provably miscounted votes in Ohio and other states, and the same one that refuses to print receipts to recount these votes. No wonder legislation [wikipedia.org] trying to require printers on voting machines is taking so long to get through congress when congressmen can vote themselves into office without a paper trail.

  • by nusratt ( 751548 ) on Saturday November 06, 2004 @04:29PM (#10743156) Journal
    ...for standardized, reliable, secure, auditable national voting procedures & infrastructure --

    but we have plenty to use for Pentagon studies on psychic teleportation. [slashdot.org]
  • by brxndxn ( 461473 ) on Saturday November 06, 2004 @04:29PM (#10743157)
    We walk into a grocery store and usually buy stuff instead of stuffing it in our pockets and running. We know it's wrong to leave without paying.

    Why do votes need uber security check technology? Whatever happened to scrutiny by peers?

    IMO, paper ballots are best because it is just tougher to destroy them. But, we should get receipts showing how we voted for our own records.

    But, trying to turn the entire election process into zero possibility of error or fraud undermines the election itself and goes against the ideals of our society. People in general are honest - and those that aren't get caught eventually by honest people.

    Suggesting that 'one person' should not be able to hold an entire precincts' votes just doesn't make much sense. People are often responsible for others. I suppose twenty people should all carry a piece of the nuclear football too..

    • When's the last time you could make millions robbing a grocery store?

      If you don't think Bush and his staff make millions on the war in Iraq, wake up.
    • by Why2K ( 29813 ) on Saturday November 06, 2004 @04:47PM (#10743229)
      But, we should get receipts showing how we voted for our own records.

      No, we shouldn't. This would cause more problems that it would solve. Being able to prove to someone who you voted for would make it possible for them to buy your vote. Right now, you could take their money and then still vote for someone else, since no one will know who you vote for. This makes it much more difficult to conduct this kind of fraud.

    • we should get receipts showing how we voted for our own records.

      We should absolutely not. Voting is supposed to be anonymous - that means that there can be nothing that links any of your identifying information to the vote you made.

      What should happen is that after voting it prints a reciept that you get to see. After making sure everything is correct on the reciept, you can press a button, which puts your reciept (with no identifying information) into a box with the reciepts of the people who vo
    • Re: (Score:3, Informative)

      Comment removed based on user account deletion
  • It seems to me... (Score:5, Interesting)

    by rkww ( 675767 ) on Saturday November 06, 2004 @04:30PM (#10743158)
    It seems th me that the most constructive thing to do would be to publically, physically destroy a voting machine (or perhaps just the memory card) after the votes are in, and focus the public on the fact that there is no backup.

    There is a question, of course, about how long you might be locked up for doing so.

  • by FiReaNGeL ( 312636 ) <fireang3l.hotmail@com> on Saturday November 06, 2004 @04:36PM (#10743182) Homepage
    The scary part isn`t the stuff that you can trace back (i.e he exchange some of the memory cards for some containing results in favor of Candidate A or B), but stuff you can`t nor detect, nor trace back.

    Remember, NO LOGS of the voting process are kept on these machines. Think of "Irregularities" in the code that add a vote for Candidate A when a certain vote pattern is met. Or as Mr Rubins said, physical tampering allowing you to "one could change a few bytes in the ballot definition file and votes for the two major Presidential candidates would be swapped. In that case, none of the procedures we had in place could detect that votes were tallied for the wrong candidates."

    Great. Maybe this time no one abused the system. But think long-term; in 50 years, when e-voting will be predominant and everyone will be confident in it...
  • by 2TecTom ( 311314 ) on Saturday November 06, 2004 @04:44PM (#10743218) Homepage Journal
    then you are simply naive, imho. It seems clear to me that no matter who you vote for, the powerful remain in control and the powerless carry the costs.
  • by PotatoHead ( 12771 ) * <doug@NoSpAM.opengeek.org> on Saturday November 06, 2004 @04:51PM (#10743241) Homepage Journal
    that Open Source is not going to be able to address.

    The reality is that electronic records of the vote require the humans trust the machine. Open Source or closed, the binaries on the machine can not be directly examined, rendering the nature of the code used a moot point.

    Voting by machine is voting by proxy. We must trust the proxy and cannot observe its operation. Subtle manupulations of the vote will go unnoticed, unless we keep paper records and perform mandatory audits.

    This means the only electronic solution is one that records the vote on a ballot that both humans and machines can read. Those ballots can be machine counted and audited as we have always done.

    What's the point really? Why not just use paper ballots and make them easy to use and read by both machines and humans and spend the money reforming the process to make it fast, taking humans into account.

    Remember, there are plenty of old folks willing to do their civic duty. We can get fast and trustworthy results with a far smaller investment than we have made on electronic solutions to date.

    This is not a hard conclusion to come to. The fact that it is ignored means those in power WANT IT TO BE THAT WAY.

    It's wrong and we need to demand change continiously until we get it; otherwise, we lose our democracy.

  • by daveschroeder ( 516195 ) * on Saturday November 06, 2004 @04:56PM (#10743261)
    H.R.2239 [loc.gov] and S.1980 [loc.gov], discussed further here [verifiedvoting.org], will amend the Help America Vote Act (an act designed to ensure consistent voting systems that meet certain standards be available to ALL voters in ALL jurisdictions), such that there is "a voter-verified permanent record or hardcopy" attached with each and every ballot cast by every voter.

    Please, simply support this legislation.

    Additionally, the electronic voting manufacturers, such as Diebold, already have the ability to add permanent, individual voter-verified paper audit trails to their products .[1] Don't believe people who make it seem like companies like Diebold are resisting. They aren't. They'll build - and sell - whatever municipalities will buy.

    The roadblock, as it turns out, is often local election boards. First, the new paper verification systems NEED to go through the government certification process - remember, it's the e-voting watchdogs who are chastising non-certified patches/updates being put into place; the paper audit systems need to go through the same certification process. Further, many municipalities can't understand why they should be forcing paper audit trails; after all, they think, they are just getting away from paper ballots - why should they be arguing for paper ballots (and all the headaches that go along with them, ON TOP of the headaches they already have from learning to deal with e-voting), so why should they go back to them?

    Folks, so many people are involved in elections at so many different levels that there is literally no way that any central entity could rig an election across an entire state. Experts dealing with e-voting don't even have this on their radar. [cnn.com] Their concern is more errors and failures. E.g., most of Ohio is still punchcard as it is (the majority of the 35 counties moving to e-voting pushed off the transition until AFTER the election because of problems), and someone like Diebold doesn't even have access to this equipment after the fact. Yes, an unscrupulous election official or enterprising hacker might be able to breach individual machines and potentially even a county - it's possible. But the likelihood of something like that happening on any significant scale, ESPECIALLY without being caught (the articles we're talking about here actually prove that the audit processes, be they what they are, do work) is very, very low.

    That said, we absolutely should be ensuring that there is a permanent, voter-verified, paper record. It is absolutely critical to our voting process, even if the software is still proprietary on these systems (though it, too, should be open for public inspection). But the permanent voter-verified paper record alone eliminates the chances for any widespread fraud with the counting process itself, and at the very least makes any fraud easily reversible and/or detectable.

    Contact your representative and senators, and urge them to support the above bills. It will be a lot more productive that imagining fantasies about Diebold "handing" Bush the election. (If ANYTHING remotely like that happened, there are a shitload of professors, campaign staff, scholars, journalists, and researchers who know a LOT more than you do who would be all over this in a heartbeat. Kerry's $300 million, two-year campaign didn't just roll over for no reason. Bush won, whether anyone likes it or not, and it wasn't because electronic voting handed anyone anything. The POINT here, is that instead of inventing wild conspiracy theories, we should be ensuring that there is voter verification and a permanent paper record for all future elections, because HAVA will require a shift to electronic voting for everyone - before that happens, we should make sure that it's veri
    • Here's yet another person who is an expert in political polling and exit polls, talking about why the polls were wrong (hint: it's not because electronic voting machines were rigged):

      http://www.wm.edu/news/?id=4027 [wm.edu]

      Notable quote [wm.edu]:

      I think the important thing about exit polls is they show us why people won and the dynamics of the race. The mistake most people make is they see polls as a horse-race, but they are actually the explanation of what happened.

      The polls may have been wrong about who won, but th
  • by discontinuity ( 792010 ) on Saturday November 06, 2004 @05:03PM (#10743287)

    I voted on an electronic machine here in Atlanta, GA. Previously, I have voted using mechanical machines in NY and Pennsylvania. One big difference: less privacy with the electronic machines. It's not a particularly big deal to me, but some might feel weird about that. Especially if they intend to vote for a candidate that is very unpopular in their district.

    I felt the process and UI was fine (clear, minimal opportunity for human error, etc.).

    Main complaint (other than security concerns): the potential of the electronic machines was not realized. For example, there were several initiatives on the ballot here. One was a widely publicized gay bashing, er, I mean, marriage protection ammendment. Another was a lesser publicized amendment relating to judicial jurisdiction. (Both described here [state.ga.us]) I knew a great deal about the gay bashing measure, but hadn't heard of the proposed amendment about the courts. All they put on the ballot was a yes or no to the following statement: "Shall the Constitution be amended so as to provide that the Supreme Court shall have jurisdiction and authority to answer questions of law from any state appellate or federal district or appellate court?" Um, how about maybe?

    It would be great if a more clear explanation could be added to the ballot. The electronic medium makes this crazy easy. It's no more expensive to do. The website linked above even has a very clear description that could have been used. (Of course, this opens up questions about potential bias that can be worked in to the description. However, I think something is almost certainly better than nothing.)

    I think electronic voting will be a good thing if the security concerns are worked out. Will they be? That's hard to say. In the near future will most Americans think they are? Yes, almost certainly.

  • by CdBee ( 742846 ) on Saturday November 06, 2004 @05:12PM (#10743318)
    Avi Rubin. The only thing more perfect would be if he'd given this report to an online TV station, it could be Rubin.Avi then.

    I'm gonna change my name to Mpeg Smith in honour of him.
  • eVoting BAD (Score:4, Interesting)

    by shubert1966 ( 739403 ) on Saturday November 06, 2004 @05:12PM (#10743324) Journal
    Why are we introducing the chances for errors into our most important civic institution? This is insanity! As another poster wrote there is no reason that a printout will accurately reflect how the machine handles your input, it's only showing you what was sent to the printer. We have so many other obfuscating problems as well, like magnets and code tampering and using phone lines to transmit results.

    The real problem is taking the physical stylus out of the hand of the voter. I would only consider eVoting for disabled persons, and I would think the majority of them have few problems.

    1) To avoid fraud, why not submit the ballot into more than one ballot box. One for each candidate on the ticket. If democrats and republicans have their own ballot box - they'll likely have the same number of votes - the incentive to cheat is removed without duopoly. [investopedia.com]

    2) Allow all candidates nationwide to be on the ballot if they garner .5% in the polls. It'll be 10 people and 10 ballot boxes per precinct - tops. Wood is not expensive so don't go there.

    Here's a nice page to Federal Contact Information http://www.eff.org/congress/ [eff.org] - tell them what you think - you're on /. so you've got more insight than most folks.

  • by melted ( 227442 ) on Saturday November 06, 2004 @05:28PM (#10743390) Homepage
    It doesn't matter how you vote, it only matters who counts the votes.

    The man knew what he was saying. While US election system is more robust to fraud than, say, popular votes in other countries (fraud can only occur on state level) with electronic voting this may change. One CIA agent will be enough to affect the vote of the entire states. Heck, CIA agents may not even be necessary, because there just may be a secret fragment of code in software which will basically go:
    if(democratWins())
    {
    throttleDemocratVotes();
    }
    Look at countries which merely have electronic vote counting systems (even though the ballots are actually paper), like Russia. Whoever controls the system wins, always, repeatably, with predetermined percentages.

    In the US correspondingly whoever controls the companies that make voting machines will win. Right now these companies are controlled by Republicans. Democrats, take note.
  • by Ranger ( 1783 ) on Saturday November 06, 2004 @05:30PM (#10743402) Homepage
    It's ironic that some are paranoid that their purchases are tracked electronically, but that others are also paranoid that their votes cannot be tracked electronically.

    Move along. These aren't the votes you are looking for.
  • by chip33550336 ( 614139 ) <halesm@hotmail.com> on Saturday November 06, 2004 @05:56PM (#10743525)
    It seems like the major benefit of the electronic voting machines is that they provide a good user interface. Much better than your standard ballot. I think you could just have an interface that prints out a ballot. Then the voter could validate the ballot if they wanted to. Then have another machine do the counting.
  • stats & charts (Score:3, Interesting)

    by Anonymous Coward on Saturday November 06, 2004 @06:36PM (#10743743)
    There's the surprising pattern of Florida vote here [ustogether.org] and a related plot [ustogether.org] of votes for a party president versus the number of voters registered to that party, or the side-by-side chart [therandirhodesshow.com] of exit polls and tallyed votes with paper ballots versus electronic voting.

    Your mileage may vary.

  • by bwilliam13 ( 736256 ) on Saturday November 06, 2004 @07:45PM (#10744097)
    What everyone doesn't understand/get: 1. The paper receipt is there as a justification tool against what's on the memory cards or electronic storage media. It doesn't guarantee though that the vote hasn't been tampered with. It could very weel be tampered with while the person is pushing the "vote" button. 2. The purpose of the DRE (touchscreen), is to prevent over and undervotes. Overvotes *confuse* optical scan machines. Remember the standardized tests back when you were in grade school? This is why they told you to darken ONE oval...the machines are intelligent enough to determine what's what...so if someone darkens two ovals for the same candidate, it doesn't count either...it records it as an error--in this case an overvote...so that vote doesn't count. DRE's prevent this from happening. You can only choose Kerry OR Bush...you can't choose both. 3. You can't just take the memory cards out and change the ballot or the results. It doesn't work that way. Different companies use different ways of encryption and verification. Basically, if that key on the memory card doesn't match one on the aggregating machine that also programmed those memory cards, as well as every file validity check --depending on the company, this could be CRC, PGP, MD5, and the list goes on--but the files just aren't there waiting to be modified/deleted/replaced. The machine/process ceases to work if one file is changed/deleted/modified in any way...period. That's how at least two company's technology works. One thing I find funny, is that since all this proverbial shit has hit the fan starting a couple years ago, Avi Rubin in one year has all of a sudden become it seems the world's expert on voting machines. There are very talented programmers who work on this stuff every day...and have worked on this every day for the past 20 years. And before you can understand the issues that may plague an election system, you have to understand the laws in whatever jurisdiction those election systems will be deployed in. And that's one HUGE issue that no one wants to address or take the time to learn. I'm pretty confident Avi Rubin doesn't know why some Florida laws prevent touchscreens from being used in say, Texas...and vice versa. Any jackass can get on 60 minutes and say "This sucks, that sucks, it all sucks, and my vote isn't secure." But it takes a person of a little bit more intelligence to understand why it is that way. Example: I hear arguments all the time (from Computer Science people like Avi Rubin) that say that relational databases and other technology like that should be used to validate votes vs voters coming into the polling place. Wrong. The whole democratic system in the USA is based upon the fact every voter should be able to remain anonymous in the polling place regarding what/who they voted for. Introduce a database to keep track of voter and their ballot results and you've just violated the very law/premise that our democracy stands on. My message to everyone including Avi Rubin and anyone else in Academia who thinks they are an election system expert after one year: Learn every state law...then try to build an election system that conforms to every single state law with the same piece of software. If anyone can do that within 5 years, I'll be very impressed... If you want a system that can't be electronically compromised, do it like the jurisdictions in the UK. They scan all the paper ballots electronically, then recount them by hand until the numbers match. That's the only way to ensure they aren't electronically altered, and that no over/under votes are incorrectly counted.
  • by Noksagt ( 69097 ) on Saturday November 06, 2004 @08:07PM (#10744197) Homepage
    In the most recent posting [google.com] on comp.risks, the lead article is a compelling summary of the issues surrounding evoting & contains a link to an extensive document that summarizes many problems from the past decades.
  • VoterGate video (Score:3, Insightful)

    by not_hylas( ) ( 703994 ) on Saturday November 06, 2004 @08:47PM (#10744376) Homepage Journal
    The elephant in the living room that no one will acknowledge:

    http://www.theinquirer.net/?article=10393

    Also:

    "Our video files have been attacked and taken out. Who doesn't want you to see this film? We are working around the clock to get the video files back online right away. Please check back soon."

    http://www.votergate.tv/

    http://www.blackboxvoting.org/

  • by zogger ( 617870 ) on Saturday November 06, 2004 @09:02PM (#10744426) Homepage Journal
    ..is obvious. The tally is not human readable. It has to be filtered through the computers programming. Programming can make any output reflect any input. The amount of money and power that is represented by controlling the US government is simpy staggering. It is the largest potential jackpot a criminally bent individual or group can approach. The temptation is overwhelming,and now *they* have the complete technical ability to achieve that goal and to get away with it, the perfect crime.

    A traditional paper ballot in a locked box is human readable/countable by anyone who can count at the end of the day. It requires very little in the form of specialised skills or hardware. It is very inexpensive. Challenges can be mounted and results verified quickly and transparently. Once you get into machine reading, whether tabulated bubbles or punched out cards or pure digitial like with the diebold machines-then you have your potential problems, and with the last few elections we can see we have new problems, and they look a lot more like "on purpose" troubles than accidental. They especially look on purpose given the revelations of what was found on diebolds website and published, and with other anecdotals showing some rather distrubing intent as to election honesty. The consortium pushing electronic closed source computer voting is a who's who of the mega-profits from tax money and governmental contracts military industrial complex. This is three serious alarm bells to anyone really thinking about this subject.

    The old way had it's faults, but computerised has introduced faults above and beyond that can not be addressed without trusting what is inherently untrustworthy by it's design criteria.
  • by Animats ( 122034 ) on Sunday November 07, 2004 @02:22AM (#10745362) Homepage
    That article has too much Rubin mouthing off and not enough about voting. Only a few paragraphs in that article actually talk about what happened at the November 2 election. He mentions seal issues, but doesn't tell whether they're numbered or signed. He says "some of the smart cards did not work very well", but doesn't say more about the problems. He mentions driving the smart cards with the totals to the Board of Elections office, but says nothing about what physical controls were applied then. As an election judge, this guy is a dud.

    This is too important an issue to become a vehicle for self-promotion.

  • by Fantastic Lad ( 198284 ) on Sunday November 07, 2004 @02:36AM (#10745386)


    Spoilage Rates Are Most Prevalent In Counties With High Concentrations Of Minority Voters. Of the 100 counties with the highest spoilage rates, 67 have black populations above 12%. Of the top 100 counties with the lowest spoilage rates, the reverse is true - only 10 had sizeable black populations, while the population of 70 of the counties was over 75% white. There is also a strong correlation between uncounted ballots and black population; specifically, as the black population in a county increases, the uncounted ballot rate correspondingly increases.

    ---Full Story here [harvard.edu]

    155,000 provisional ballots were cast in Ohio. Probably Democrat, but not quite enough to close the 130,000 vote gap. (Because about half were cast in counties which went Kerry.) But just in case. . .

    The ballots aren't counted until after Election Day so officials can confirm the voter's registration and make sure the voter didn't cast a ballot elsewhere. [. . .] Secretary of State Ken Blackwell, the state's chief elections official, told county boards to adhere to a rule that provisional ballots cast by voters in the wrong precincts aren't to be counted - and legions of Republican lawyers were ready to make sure the order was heeded.

    ---Full Story here [cleveland.com]


    -FL

Almost anything derogatory you could say about today's software design would be accurate. -- K.E. Iverson

Working...