CA Sec. of State Panel on Open Source Elections

goombah99 writes "The Open Voting Consortium has announced that California Secretary of State Bruce McPherson is forming a panel to investigate using open source software in elections. Suggested Panel members include Security expert Bruce Perens and Python guru David Mertz who is associated with the sourceforge EVM2003 voting machine project. This is big since a favorable outcome could help fund prototypes of true open source election equipment and systems."

Oh goody.

[Pig Hogger]

Now watch Microsoft and the *AA attacking this resolution on the ground that it is "unamerican" and fostering terrorism.

Re:Oh goody.

[Rei]

It is unamerican. The "American Dream" is the notion that anybody, if they work hard enough, will strike it rich. Which is more American - free, government-developed, open-source software, or software that someone made a fortune on through raising venture capital and excellent lobbying/marketing?

No.

[StarKruzr]

You are conflating "strike it rich" with "be successful," which is the REAL end of the American dream (though American consumer culture has kind of squashed that fact flat a bit).

In fact, the real idea of the American dream is that anybody, if they work hard enough, can achieve their goals. This is an important distinction to make.

If the goal is accurate, secure, reliable voting software, well... I think reasonable people can disagree as to which method (free, gov't-developed, OSS or corporate) is better -

Re:No.

[Rei]

Well, for starters, wikipedia [wikipedia.org] says:

"The American Dream is the idea (often associated with the Protestant work ethic) held by many in the United States of America that through hard work, courage and determination one can achieve prosperity. These were values held by many early European settlers, and have been passed on to subsequent generations. What the American Dream has become is a question under constant discussion."

That's what I've always heard it taught as, as well. Where does your variant come from?

Is there really

[StarKruzr]

that much difference between "success" and "prosperity?" How do you define prosperity? Wikipedia says [reference.com] it's synonymous with successfulness.

It isn't just about money. I suspect the Puritans who developed the aforementioned work ethic would tell you the same.

Re:Is there really

[Rei]

Don't just read my summary of the article - read on, they go into a lot of depth, completely backing up my position. You better get your own source which contradicts the Wikipedia version.

In fact, as mentioned in the Wikipedia article, the concept of the "American Dream" was really popularized by Horatio Alger, Jr [wikipedia.org], a writer who in his time was as big of a seller as Mark Twain. All of Alger's stories were the same general outline: a boy grows up in poverty, but through a combination of luck and hard work, he ends up wealthy.

Nah

[StarKruzr]

I don't really care to, feel free to claim victory if you want.

What bothered me originally is that your first post in this thread seemed to infer that the "American way" is bad because it encourages capitalist activity with regard to software development.

1) I don't think it DIScourages Free/OSS development.
2) I don't think commercial, closed software development is bad in and of itself,

though I suspect we agree on the question of which is better for a voting system.

why bother?

[commodoresloat]

You better get your own source which contradicts the Wikipedia version.

Better yet, just change the Wikipedia version and claim victory!

Re:Is there really

[ZachPruckowski]

I think the main critique is between "successful"/"Prosperity" and "rich". My parents are by no means rich, but they live comfortably off their salaries, and own their own home (the half that the bank doesn't). Furthermore, they raised 2 kids, and have gotten me into college, with my little sister not far behind. The American Dream is if you work hard, you'll make it through OK. Now, on to the topic: It's a darn good thing. This way, we can all see flaws or attempts to manipulate the ballot (not that

My Goal

[leereyno]

Well my goal is to make babies with Jennifer Connelly, Winona Ryder, Alicia Witt, and of course Natalie Portman.

How hard will I have to work do you think? Or will this goal remain just a dream; american, wet, or otherwise?

Re:Oh goody.

[Homology]

The "American Dream" is the notion that anybody, if they work hard enough, will strike it rich.

The dream might have been true once, but not anymore. Today it's an illusion, a type of propaganda, to accept the status quo: That the very rich becomes ever more rich at the expense of the rest. Many have two jobs, but can't really makes end meets. They work hard, but they will never strike it rich. No Western country has such an uneven distribution of wealth and capital, and is so rich at the same time. But still the poor is left to fend for themselves as best as they can as recent events so tragically shows.

Re:Oh goody.

[That's Unpossible!]

Today it's an illusion, a type of propaganda, to accept the status quo: That the very rich becomes ever more rich at the expense of the rest.

The status quo is class warfare, which you have perpetuated wonderfully in your post.

First, rich don't get riched "at the expense" of anyone. When someone gets richer, that doesn't mean they stole that money from someone else. Why do you hold such disdain for someone who is successful, who has worked smarter or harder, or planned better than someone else? Can you not reserve some of your disrespect for those poor people that neglected their educations, have never worked hard, have come to rely on the teat of the government instead of themselves, their family and friends?

We have people in America that qualify as "poor" but own TVs, cars, have cable service, cell phones, name brand clothing, free K-12 education, and the list goes on and on.

Just because we classify someone as poor doesn't mean they are really poor, especially when compared to other countries around the world which you hold in such high regard.

They work hard, but they will never strike it rich.

Simply working "hard" doesn't mean you will -- or even deserve -- to strike it rich. That's lunacy. That's not the American dream. The American Dream is that the only one stopping you from being successful in America is yourself.

That, and the bureaucrats.

But still the poor is left to fend for themselves as best as they can as recent events so tragically shows.

The tragedy is that this was the first time many of these people had to rely on themselves instead of mother government. Now you see what happens when you make people rely on government... and the inevitable happens: government stumbles.

What happened to personal responsibility? That is the corner stone of the American Dream. If the American Dream truly is dead as you claim, then it is for this reason alone.

Re:Oh goody.

[sunwukong]

Simply working "hard" doesn't mean you will -- or even deserve -- to strike it rich.

Of course, "deserve" has nothing to do with this discussion at all. The rich are not a meritocracy, especially since you can inherit yourself into the club.

Re:Oh goody.

[cgenman]

First, rich don't get riched "at the expense" of anyone. When someone gets richer, that doesn't mean they stole that money from someone else. Why do you hold such disdain for someone who is successful, who has worked smarter or harder, or planned better than someone else?

Clearly you haven't seen some of the golden parachutes flying around. Carly Fiona got 21 million dollars as a reward for getting fired for driving HP into the ground. Of course, her job at HP was a reward for getting fired for driving Lucent into the ground. You can work hard, work smart, and make a nice 120,000 dollar a year living for yourself. Or you can raid pension funds, make terrible but flashy decisions, and jump ship with millions of dollars before the consequences of your bad decisions catch up to you. And while you're at it, don't forget to cook the books leaving your workers out in the cold when your company goes under. Don't worry, by that time you'll have made your money and cashed out.

Money isn't a zero-sum game, but it can be close. The GDP only goes up by so much every year. I totally agree that the person who invented bubble wrap deserves the fortune he has recieved. And there are some examples of that kind of wealth. But most of the people who get rich do so doing things like re-selling consulting services at 500% markups to poor dupes. Or selling substandard armor to the military at insane prices. Or by using marketing techniques to make parents feel bad if they don't buy their kids McDonalds every day. And nearly everyone who is rich is so because their parents were rich.

Simply working "hard" doesn't mean you will -- or even deserve -- to strike it rich. That's lunacy. That's not the American dream. The American Dream is that the only one stopping you from being successful in America is yourself.

And that is what the grandparent poster was saying was incorrect. It's not "yourself" that stops you from getting rich in the US. Getting rich is a secret club, and if you don't happen to have a friend at diebold, or had the misfortune of being born black, you're pretty much screwed. That's not to say there aren't successful black people out there, but how many black presidents have we had? How many presidents have we had that dragged themselves out of poverty as kids?

One of the odd things about the American Dream is that it perpetuates the myth that the lower class is the lower class because they are lazy or uncreative. Go read Nickel and Dimed: On (Not) Getting By in America [amazon.com]. She goes into some great details like how if you can't save up 3 months rent, you must rent by the week at much higher costs, further preventing you from saving anything. Or how by being poor and therefore not having a car, the only jobs you can get are on bus lines, severely limiting your options and further guaranteeing that you will stay poor.

Or better yet, take a sabbatical from wherever you work, and live a lower-class life for a few months. I think you'll be surprised to find that the working class, despite having different lingual characteristics, are every bit as bright as you or I, and generally work their tails off. But the American Dream says that if they are doing that, why aren't they successful? Either they must be actually lazy, or the American Dream is wrong.

You can guess which one I believe in.

the only one stopping you from being successful in America is yourself. That, and the bureaucrats.

Right. Those god-damned people at the FDA. My coolant-pops were a big hit at the auto shop. It's all a bunch of red tape about fill-out-this-paper and half-of-our-mice-died. Just get off my back!

What happened to personal responsibility? That is the corner stone of the American Dream. If the American Dream truly is dead as you claim, then it is for this reason alone.

I'l

Re:Oh goody.

[Russ Nelson]

No Western country has such an uneven distribution of wealth and capital, and is so rich at the same time.

I couldn't say it better myself. Homology has hit directly at the heart of capitalism: that while everyone gets more richer under capitalism than under any other system yet discovered, some get much richer than others. While I would prefer a system in which everyone is wealthy and there is an even distribution of wealth, I prefer a system in which there *is* wealth and uneven distribution to one in wh

Re:Oh goody.

[zekemacneil]

Of the G8 nations, the US is in 6th place when it comes to standards of living. The five nations ahead of us are in Europe.

Re:Oh goody.

[M. Baranczak]

Which is more American - free, government-developed, open-source software, or software that someone made a fortune on

In this particular case, it's irrelevant. Chances are that the government will still be contracting the work out to private companies. Why do people automatically assume that nobody ever gets paid to write open-source software?

Re:Oh goody.

[UserGoogol]

Hey... fucking people is hard work too, you know.

Diebold

[heavy snowfall]

I'd be more concerned about diebold attacking this because it's a potential threat to their bottom line. After all, Q3 is soon over and Quarter Panic has set in.

--
Use your bluetooth phone as a modem for Linux [arpx.net]

Canada already has open-source voting machines

[temojen]

Paper and pencils can be made by anyone. Scrutineers are handy too; and scaleable.

Re:Canada already has open-source voting machines

[Smidge204]

Considering the average voter in America is equally like to:

1) Fill out the form correctly
2) Fill in ALL the checkboxes
3) Leave it half filled out or completely blank (arguably overlaps with #1 in some cases)
4) Stab themselves with the pencil
4a) ...and sue everyone in the room for not stopping them ...making the vote process easier (and free of sharp edges/pointy ends) is almost a necessity. Of course, this brings up the question if they should be allowed to vote at all, because the system only works with a

Re:Canada already has open-source voting machines

[Clover_Kicker]

> 1) Fill out the form correctly
> 2) Fill in ALL the checkboxes
> 3) Leave it half filled out or completely blank (arguably overlaps with #1 in some cases)
> 4) Stab themselves with the pencil

There's no form, just a little ballot with 5 or six names on it, with little party logos. The little boxes you check are white boxes on a black background.

I know people like making fun of Yanks, but we've no shortage of idiots up here.

Re:Canada already has open-source voting machines

[HybridJeff]

"That's a 'form'. And as a 'yank' I can assure you there are people who will not be able to mark it correctly. God only knows how they get to the polling places..." Perhaps you would be better off if those people DID screw up and had their ballots spoiled. If they're too stupid to check a box after someone has told them to only check the box of who they want to vote for, well lets just say youd be better off without their votes.

Re:Canada already has open-source voting machines

[Trepalium]

Since the Canadian system doesn't involve huge payoffs, er, contracts to friends of whichever party is in power at the time for faulty voting machines, it obviously cannot be used in the US elections. Corporate welfare is the only policy both US parties agree on, the only thing they really disagree about is who should get the money.

I hope we never change our system in Canada. It may be archaic, quaint, or just plain old, but it's surprisingly transparent, and resistent to tampering. Elections Canada is

Re:Canada already has open-source voting machines

[John Hasler]

> Since the Canadian system doesn't involve huge payoffs, er,
> contracts to friends of whichever party is in power at the time
> for faulty voting machines, it obviously cannot be used in the US
> elections.

Bullshit. Spring lake Township, Pierce County, Wisconsin uses paper ballots in every election. So do many other jurisdictions in the US.

Re:Canada already has open-source voting machines

[Thing 1]

Everyone who is a citizen of the required age is allowed to vote, even if they're incarcerated.

It always bugs me when I see mention of this. It's something that I learned by distant example while reading Atlas Shrugged (choice quote below); all the US government needs to do is make a felony out of something innocuous and enjoyed predominantly by a certain class/race/lifestyle (like smoking pot), and BANG! All of a sudden, there's nobody left who smokes pot who isn't a felon, and therefore the ineffi

Re:Canada already has open-source voting machines

[taniwha]

NZ too - we just had a national election - counted manually at the precinct level - polls closed at 7pm main results were in by 11pm

Of course we don't actually have a real result yet because the results are almost too close to call and the special votes haven't been counted yet (10% of the total and the 2 main parties are 1% apart) - still no one's panicing, the electoral office is taking it's time (2 weeks), doing it correctly, no lawsuits, no anguish ... people are being patient, better to get it right

Re:Canada already has open-source voting machines

[taniwha]

why? are your electorates larger than 4 million? (I've lived there for the past 20 years, I know the answer is 'no') - besides how did you vote before we had computers, it wasn't that long ago, certainly after the US was more than 50 million people

In NZ we have proportional representation along the German model so one of our 2 votes is a party vote that is nation wide - while in the US you just vote for a local representative or state-wide vote for the electoral college - under the US system you never vot

Synopsis of issues in Electronic voting and OVC

[goombah99]

First the OVC system is a hybrid. It has paper ballots and touchscreen entry and hand counting and electronic counting. The cool thing is they pull all of that off in way that is simple and workable, not layers of complexity.

Second, this hybrid is more secure than either paper ballots or electronic voting alone.

Third it's potentially very cheap. Various bussiness models can be applied. One is that cheap commodity hardware is used and the computers given away to schools after every election. That ways maintainence, storage and physical security costs are minimized. Another possible bussniess model is that OVC becomes a standard and certifies vendors to that standard. They can only use OVC software, which is open source. THus no funny bussiness but professionally run elections and reusable hardware. Of course states could own all their own hardware and conduct their own election set-ups just like they do now so there's no need for a radical bussiness plan.

since the hardware is very cheap, states can have excess numbers of voting stations per precint to elminate lines. when heavy turn-out is expected adding more stations is not a problem.

It can be booted clean from CD. so there are fewer risks with physcial security and the software is immutable and verifiable afterwards (compared to harddisk or firmware in which validating what software actually ran is difficult to prove later).

The OVC systems has many of the virtues of touchscreen voting such as handicapped and language assitance. It also can handle multiple jursidictions in a single precint

OVC is techincally not a DRE system. it's a ballot printer system

The OVC system also avoids the major pitfalls most other electronic systems have namely:
1) no roll fed paper ballots under glass. OVC uses cut sheets the voter puts in the ballot box
2) standalone ballot bar code readers are available and separate from the vote casting machine. this allows voters to independently validate the bar code or have it readback to them in audio mode in a way that prevents any machine collusion
3) standalone ballot counters. again zero collusion with the ballot printer.

If something goes wrong and the machine loses the votes, the paper ballots still function as aperfect record of the vote.

the OVC system has many exingencies worked out like what happens if a voter flees. What happens if the number of electronic ballots differed from the number of paper. and many others. Election's expert Doug Jones consulted on many of these features.

The basic process is this. Vote on the terminal and it prints our a single sheet ballot with an edge bar code and a summary of all your choices in human readable form. if you don't like it just discard the ballot and vote again. Since there's no "terminal activation" tokens there's no hassle to vote over. When you have a ballot on paper that you like you can optionally validate the bar code with a wand which will read it back to you. then you place it in the ballot box and go get drunk.

when the polls close the election judges open the sealed box. then in the presence of witnesses they shuffle all the ballots, permenantly destroying any serial vote order. Next they wand each ballot and a computer reads it in, diplays the english version of the ballot on screen, and correlates that vote with the previously recorded electronic record. There must be an electronic record for every ballot to prevent stuffing the ballot box. the election judge can spot check as many screen texts with the printed texts as they want so there is now a second check on the bar codes. The existance of even a single discrepancy in the bar code and the printed text would signify a software malfunction and appropriate steps taken. The bar code adds a number of secure features. First it can be made hard to forge and possibly contain signaures. Second it can contain checksums and handshaking codes to assure the code was read correctly (unlike a conventional hand marked paper ba

canadian elections are different that US elections

[goombah99]

Canadians have different kind of election system as do all parlimentary countires. Elecitons are normally aperiodic (due to no-confidence votes) and thus the election ballots are ususally just for a single branch of goverment at a time. There are also fewer elected offices. IN the US it is common to vote for things like "county surveyor" and in some places the dog catcher. there are fewer ballot initatives and bond issues. As a result ballots are simpler.

In the US there are also many places of overlap

Yeah, right, like that will really happen

[Locke2005]

Just ask yourself the following: "Who has more money to pay lobbyists -- Diebold or the Open Source Movement?"

Re:Yeah, right, like that will really happen

[arbitraryaardvark]

Just ask yourself the following: "Who has more money to pay lobbyists -- Diebold or the Open Source Movement?"

Who has more lobbyists? Who has lobbyists who will work for free?

Now the tricky one is who has better lobbyists.

Re:Yeah, right, like that will really happen

[P0ldy]

True enough. "Hobbyist" is just an inch from being "Lobbyist."

Very VERY good

[lilmouse]

This is very important in terms of keeping what's left of our democracy alive.

The number of abuses possible using Diebold's is simply staggering...

I'm impressed with a lot of the people campaigning against slimy voting machines - one is http://blackboxvoting.org/ [blackboxvoting.org]; there are people who have been devoting their lives to this since the last election... More then I'm good for!

Open Source voting machines will make it much easier for potential problems to be spotted, and a hell of a lot easier to get them fixed! The current companies don't really need to worry about fixing their problems - after all, what's wrong with fixing elections?

--LWM

Re:Very VERY good

[LionKimbro]

It doesn't matter if it's Closed or Open. It's still easy to subvert. [slashdot.org]

One of us went to jail on the issue...

[JimMarch(equalccw)]

http://www.bbvforums.org/forums/messages/1954/8556 .html?1122679073 [bbvforums.org]

http://www.bbvforums.org/forums/messages/1954/8568 .html?1122664155 [bbvforums.org]

The good news is, it was only 18 hours. Still sucked :). And coming up with $10k in bail was a pain.

But the DA's office dropped all charges:

http://www.bbvforums.org/forums/messages/1954/9425 .html?1124737282 [bbvforums.org] ...and I've taken the first step in suing 'em:

http://www.equalccw.com/claimforcivildamagesnet.pd f [equalccw.com]

Great! Now we just need receipts..

[RUFFyamahaRYDER]

I think it's a great to have open source machines. I just wished they gave us a receipt. This site [deanactivist.com] has a great page about receipts keeping our voting electronic voting secure.

NO NO NO NO NO

[crimethinker]

A hundred times, NO. I've beat this horse to death many times before, but it seems to be moving a bit, so here's another whack.

A receipt, whether a plain-text record or a number you can use over the phone or the internet, makes coercion so easy as to be laughable. What happens when your employer support some particular ballot measure, sees it fail at the ballot box, and then has an off-the-record policy where you show your receipt to the right people, and if it that says you voted for the measure, it will be in your favour the next time layoffs come around? What about a union shop that wants to make sure people voted, and voted for the "right" people? How about the police department wondering who supported the tax increase to pay for more police officers?

Sadly, because there are so many ways to abuse a verification mechanism, I have to conclude that a secret ballot must be kept absolutely secret, even from the voter himself once he drops it in the ballot box. And that's why I still favour pencil and paper, or punched cards. At least there's something tangible to go back and recount.

-paul

Re:NO NO NO NO NO

[schwaang]

And I've said before: paying thousands of people for their votes is still more democratic than paying a few people (CEO of Diebold, etc.) for thousands of votes.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:NO NO NO NO NO

[schwaang]

Don't think it wouldn't happen. I've met several high level people with very very very strong political views (they were also assholes).

Oh - so you met Wally O'Dell then?
(cluestick: he's CEO of Diebold, and he has strong political views [commondreams.org].)

Re:NO NO NO NO NO

[wyldeone]

The correct way to implement this would be to not let people keep their reciepts. You would vote, it would add your vote to a databse, and then print out a verfication slip. You then look at it, and verify that it is correct, and then you drop it in a lock box, which is then kept for a recount.

Re:NO NO NO NO NO

[John Hasler]

> The correct way to implement this would be to not let people keep
> their reciepts. You would vote, it would add your vote to a
> databse, and then print out a verfication slip. You then look at
> it, and verify that it is correct, and then you drop it in a lock
> box, which is then kept for a recount.

You're part way there. Now leave out the part about the database and substitute count for recount and you'll almost have it.

Re:NO NO NO NO NO

[cpeikert]

The "correct" way is for the paper vote itself to be the official ballot -- not just a backup in case of a recount.

Re:NO NO NO NO NO

[Frogbert]

Well if you did that there would be no way to verify if someone had dropped in in the lock box. It would be better if you had a glass screen that showed you the printout and then dropped it in the box itself.

Re:NO NO NO NO NO

[_Sharp'r_]

The obvious solution to that dilemma is to have the voter use whatever computer/machine to create the human-and-machine readable ballot, let them look it over all they want before they leave the voting booth, then they actually vote by dropping their particular ballot into the ballot counting machine next to the judges.

Just like they do in most places right now, stick a serial number on each ballot and record the serial numbers you give out to each registered voter (not recorded matched to the individual) s

Re:NO NO NO NO NO

[Tiger4]

Looks good to me. I agree wholeheartedly.

"See, the flaw in electronic voting isn't the user interface, it's in the storage and transmission of the vote results. That's where we need the transparency, because that's the major fraud potential."

The problem became blindingly obvious with the physical medium of punched card ballots. Hanging chads and how the votes "change" every time the card is handled. It is far from the only problem with the votiing process, but it is the most obvious.

And the knee jerk sol

Re:NO NO NO NO NO

[mabhatter654]

I love my Michigan ballots! In my county we use "connect the bars" type ballots. You get a simple sheet of paper with the issues on it and connect-the-bars to flag your vote. You have to make a half-inch black line to connect a larger line. To count the votes they are scanned in to an electronic counter/lockbox. All the election officals have to do is read off the numbers to the state office... nice and simple. Then the lock boxes are sequestered for several months until the election is confirmed then

Re:NO NO NO.... YES YES YES YES YES!!!

[RUFFyamahaRYDER]

Fair argument, BUUUUT - I think there is less of a chance of union representatives or police officers abusing the verification mechanism than the higher up officials whether it be within a state or the nation. I point to exibit A: Our last presidential election!

And even if it does happen with some union reps or police officers looking for a raise, I promise it would be on a smaller scale.

Re:NO NO NO NO NO

[naasking]

A receipt, whether a plain-text record or a number you can use over the phone or the internet, makes coercion so easy as to be laughable.

The people behind these open voting designs are not so stupid as to forget about the coercion vulnerabilities. There was a voting machine design proposed a few years ago, in which the printout was a pair of tranparencies with an encrypted code indicating the vote (readable by computer). Each transparency was unreadable by humans individually. Overlapping the transparencies

Re:NO NO NO NO NO

[Dwonis]

David Chaum solved [votingindustry.com] the receipt problem not too long ago.

Re:NO NO NO NO NO

[statusbar]

The print-outs needs to go into a box in the voting machine after they are visually validated by the voter.

If you can hold the vote receipt, then you have to be able to deal with the forged vote receipts as well

jeff

Well, here's hoping...

[necro81]

I don't hold out much hope, especially since this is California - the land of the Guvernator. On the other hand, it is also the hotbed of the open source movement. So, there might be some hope.

What we really need is a tremendous scandal in an election: something like all votes are lost and Ross Perot gets elected to the school board, or something. Only then will people actually wake up and realize that they vote is easily in jeopardy from proprietary and unresponsive (and partisan, I might add) election powerhouses like Diebold.

let the flamebait mod down begin...

Re:Well, here's hoping...

[schwaang]

Well one thing I give props to da Guvernator for is his support of a ballot measure [ktvu.com] that gives a panel of retired judges authority over redistricting. This could help avoid the nonsense we have now in Kalleefornia where the legislature draws the district boundaries so that no incumbent of either party loses his/her seat.

(Much less the Tom DeLay nonsense in Texas, where only Democrats lose their seats by fiat.)

Unfortunately, (and predictably) the measure isn't supported by either party, and it will probably

Re:Well, here's hoping...

[MsGeek]

Retired judges who, by the way, are appointed by the Governor. In this case, Herr Gropenfuhrer.

All Californian Slashdotters should vote NO ON EVERYTHING this November. There are a couple of propositions on the ballot I would have actually gotten behind if they had been on any ballot other than this one. The Special Election is bad, wrong, and a waste of $80 Million US which could have been used in any number of better ways. This is Arnold's vanity election. Just say Nein. And don't forget, he's up for elect

Re:Well, here's hoping...

[schwaang]

Retired judges who, by the way, are appointed by the Governor. In this case, Herr Gropenfuhrer.

If it's good enough for common cause [commoncause.org] it's good enough for me. They aren't party stooges.

Pencil & paper: the true tools of democracy.

[CyricZ]

A paper ballot listing the candidates names, along with a pencil to mark a vote on the paper ballot, have proven time and time again for years on end to be the true tools of democracy. They just work, in countries like Britain, Canada, Australia, New Zealand, Hungary, Belgium, Germany, Holland, France, South Korea, Poland, Japan, Argentina, Chile, Mexico, Spain, Italy, Greece, and so on.

Re:Pencil & paper: the true tools of democracy

[learn fast]

Pssht. Everyone knows that in order to work better, it has to be newer and more expensive.

exactly!

[RelliK]

In all this open source/closed source voting debate people completely miss the more important question: *why* are you pushing for voting machines in the first place? What problem are you trying to solve?

As a Canadian, I am completely baffled by our neighbours south of the border. Here in Canada, the *entire country* uses identical paper ballots and it works beautifully. Nothing can be more simple, transparent and verifiable than that.

Let me give you an example I really like. Back in 2000, Canadian federal e

Re:exactly!

[John Hasler]

> In all this open source/closed source voting debate people
> completely miss the more important question: *why* are you pushing
> for voting machines in the first place? What problem are you
> trying to solve?

The usual arguments for machines are speed, accuracy, and handicap access. Speed, of course, only matters to the newsies. To hell with them. Well-designed ballots, simple templates, and competent election judges can provide more than adequate accuracy. The handicapped can continue to hav

Hey, Bruce -

[StarKruzr]

What kind of research/career work are you doing right now that's related to security of something like voting machines, and what kind of concerns do you have that you'd like to see addressed by an open-source voting system (besides the obvious one of transparency)?

Re:Hey, Bruce -

[Bruce Perens]

I think I'm the Open Source expert :-) . I would like to involve experts like Bruce Schneiner to address the security issues.

It's 2 AM here in Norway, so I'm not going to write much else tonight.

Bruce

Re:Hey, Bruce -

[StarKruzr]

Looking forward to it.

(Also, I should note I am a Ph.D. student in CS at University of Notre Dame, and as such anything you say can and will be quoted in my Operating Systems class ;)

It's only fully open if...

[maggeth]

...we can inspect the source on the actual machines prior to their use (like, before they are locked down 24 hours before the election starts). Better yet, if the entire compile operation has to be done in front of the public so observers can see if any "special libraries" are added in at the last second.

The concern here is that since it is open source, any neer-do-well with a compiler could set up a backdoor to do evil things with the software, and then [Diebold, Microsoft, Satan, etc.] can claim that "oh noes! open source is open to attack!" and scare people back into the dark.

This has to be done in a completely transparent manner or else it could be disasterous.

Re:It's only fully open if...

[LionKimbro]

No, I'm sorry, but that's not sufficient.

The compiler (which is executed as a binary) itself could be subverted. [acm.org]

The compiler can take the good friendly Open Source, compile like normal (for the most part,) but then inject some nastiness wherever it was programmed to.

Even observing the compilation of the compiler does not help, because someone can subvert the compiler that compiles the compiler.

What I recommend: Humans performing pencil & paper counting under scrutiny of video camera and representatives of competing parties. Distribute the video tapes of the counting process on the Internet, and maintain archives for at least 12 years.

Re:It's only fully open if...

[Grym]

Easy enough. Compile each stand-alone section of the system using different compilers compiled by different programs. If something isn't working correctly, either the voter is going to notice (when the paper ballot reader reads it back to him or her), or there's going to be a discrepancy between the paper tally and the electronic tally.

But honestly, isn't that a bit far-fetched? As if someone is going to be able to insert code into the GCC compiler? Well, if you think it's realistic, tell me: how doe

Re:It's only fully open if...

[LionKimbro]

Will the voter notice? I don't think so. If I were hacking the election machine, I would make the paper ballot match whatever the voter put it.

As for the paper tally, I don't think there will be one. If there were any in the previous elections, I am not at all aware of them. The reason people want to do electronic voting, is so that they don't have to perform a paper tally.

Is it far fetched? "As if someone is going to be able to insert code into the GCC compiler?" No, I'm afraid it is not far fetched. Just

Open-source not the most important thing

[Todd Knarr]

I think they need to concentrate not on a system that's open-source, but on a system where you don't need to trust the hardware to be able to verify the results. Open-source would be nice, but IMHO the critical requirement is more that you should be able to determine whether the reported results are correct without having to put unconditional trust in any one part of the system.

Eg., a system where the terminal records your vote electronically, then produces a printed ballot with both human-readable and barcode on it. The barcodes can be scanned quickly, so it's possible to compare the electronic results to the printed ballots. A template of the barcode for each possible value can be used to let humans quickly determine whether the barcodes match the human-readable name. And the voter can verify before putting his printed ballot in the box that the human-readable names on his ballot match the way he voted. Securing the physical ballots is similarly amenable to methods that insure that it'd take an improbable conspiracy to actually succeed in tampering with them.

Re:Open-source not the most important thing

[Tiger4]

Can't go along with the barcode. This needs to be easy. 4th grade education, with one bad eye and a drool easy.

Human readable only. Or at worst, a short numeric code for the person or proposition voted for. Bob Smith 0041, Joe Smokes 0042, Jim Jakes 0043, etc.

Anything that needs translation can be subverted. I like the use of computers to make it fast, but we need to be able to fall back to pencil and paper methods smoothly. Ultimately, dump the computers and just live with the delay of getting full r

Re:Open-source not the most important thing

[Todd Knarr]

Problem: human-readable is hard for machines to interpret at high speed. With barcode you can scan ballots and tally them basically as fast as you can feed sheets through the scanner. That allows for convenient cross-checking of the electronic total, and makes it feasible to verify a large percentage of the ballots (in theory you could scan 100% of the ballots in a few days, making the electronic totals simply an early prediction and not the official result). That makes it really hard to fudge the electronic totals without it being caught.

And yes, I allowed for the possibility of the terminals programmed to print a different barcode than the voter wanted. That's why there's also a human-readable version printed. To check whether the human-readable and barcode entries are the same, a human can read the name, pick a template of the barcode that should go with that name, put the template against the printed barcode and see if it seamlessly matches (barcode OK) or if the lines don't match (barcode doesn't match name). Humans are good at that kind of visual pattern-matching, so it should be possible to check 20% or so of ballots this way. If the checks are done at random, it should be very very hard for the barcodes to be fudged without it being caught.

As a final check, in case someone has managed to both alter the barcodes the terminals print and the templates used to check the barcode-to-name matching, you can manually count ballots using only the human-readable names. You wouldn't do this for a large percentage of the ballots, say 1 precinct in 20 selected at random. I'd have both the selection and the counting of ballots done not by election officials but by representatives of the various parties and interest groups observing the election. They don't all want the same outcome, so it'll be very hard to get all of them to agree to fudge the results the same way. If the manual count disagrees with the electronic or barcode counts, we go to more extensive manual counts.

Three different layers, all using different technologies and methods to verify the count. If the barcode scanners are made by a different vendor than the voting terminals, the barcode checking templates are prepared by someone unconnected to the terminal and scanner vendors and the name counting is done by people not connected to the rest of the voting system and with competing interests, it should be almost impossible to fudge the count by any method other than wholesale replacement of the printed ballots prior to the first barcode scan. And that, quite frankly, is a problem that can be handled by simpler techniques than those needed to secure a fully-electronic system.

Re:Open-source not the most important thing

[e2d2]

I think they need to concentrate not on a system that's open-source, but on a system where you don't need to trust the hardware to be able to verify the results. Open-source would be nice, but IMHO the critical requirement is more that you should be able to determine whether the reported results are correct without having to put unconditional trust in any one part of the system.

But see that's impossible. How can you run your code on a piece of hardware and not expect it to have complete control? Anything th

Re:Open-source not the most important thing

[Todd Knarr]

You're right, but then that's what I said: we need a system where we never have to trust any one piece completely. We can't trust the hardware. Even if it's open-source, we can't trust the software because the hardware might not be running the software we think it is. So you design a system where even if the voting terminals are completely compromised we can still tell whether they produced the correct count or not.

In short, I don't want a system we can trust, I want a system we don't have to trust to be c

A Step in the Right Direction

[Comatose51]

I don't see how anyone can argue against using Open Source in a democractic process or having the code be open to examination. Being open seems in line with the spirit of democracy and akin to the idea of transparency [wikipedia.org].

transparency is introduced as a means of holding public officials accountable and fighting corruption. When government meetings are open to the press and the public, when budgets and financial statements may be reviewed by anyone, when laws, rules and decisions are open to discussion, they are seen as transparent and there is less opportunity for the authorities to abuse the system in their own interest.

Closeness and secrecy tend to be associated with dictatorships and tyranny.

I'll argue against it

[Soong]

Easy. I argue that voting machines are a waste of money. It would be cheaper to count paper ballots by hand. [bolson.org] When we can build super-cheap, super-reliable and super-trustworthy voting machines, then will be the time to move away from paper ballots. I'm a geek who loves the techno-fix for anything else, but it just doesn't make sense for voting.

How about one that is to the point and simple

[Rac3r5]

So far the best E-voting system I have seen is the one used in India. Each EVM cost only $120. Even here in Canada we use the backwards pencil and paper system.

Here is a description of the one used in India: http://www.eci.gov.in/EVM/index.htm [eci.gov.in]

Here is a comparision between the Deibold and the Indian EVM system:http://techaos.blogspot.com/2004/05/indian- evm-compared-with-diebold.html [blogspot.com]

Here is a wikipedia article on it:http://en.wikipedia.org/wiki/Indian_voting_mach ines [wikipedia.org]

Implementing a system like this c

Open Voting Consortium website

[karl.auerbach]

If you are looking for the Open Voting Consortium website, it may be found at http://www.openvotingconsortium.org/ [openvotingconsortium.org].

The basic idea that the OVC promotes is that of a computer-assisted voting station (or stations, to accomodate different kinds of voters who have physical impairments) that produces a paper ballot that *is* the official ballot and that can be read by both humans and computers.

This goes one step beyond verified voting. Verified voting has paper records that serve as audit trails but that are not themselves the official ballots. The OVC system goes one step further and makes the paper that the voter sees and approves the actual ballot.

There are a lot of complexities in voting systems; the OVC system avoids many of these difficulties because it is really a conservative application of computers to traditional methods.

In addition, the OVC system, because it produces a paper ballot, can have many different kinds of voting stations to accomodate the different physical needs of different voters.

The OVC wants voting software to be, at a minimum, open to inspection and testing by anyone.

Personally, I can conceive of some people who might come up with clever user interface mechanisms to help voters deal with ballots - and I personally don't think that those mechanism need to be part of the open voting systems. However, the core aspects of creating, handling, and counting ballots should not be wrapped in inpenetrable proprietary shrouds - every voter must know for a fact that his/her vote has been correctly recorded and correctly counted.

By-the-way - full disclosure time - I'm on the Board of Directors of the OVC.

Not just voting machines

[axonal]

Anyone else notice that Diebold also handles other highly critical transactions? They make ATMs for Wells Fargo to card access for campuses?

Re:Not just voting machines

[demachina]

Its not clear what point you are making here.

- Is it they do other critical transactions so they must be good at it.

- Or is it that their ATM machines might be bad too.

If its the later, ATM machines are completely different problem from voting machines.

ATM machines have to have printers and provide a receipt at least as an option. Most of Diebold's machines have no printer and no option to get a receipt.

If Diebold's ATM machines start doing wrong transactions it would become immediately apparent to the bank and any customer who has a bookkeeping system.

ATM machines and bank transactions don't have to maintain anonymity of the user, voting systems do. It really complicates validation of the transaction.

A paper receipt, verifiable by the voter, deposited in a lock box and subjet to very random recounts would solve most of the uncertainty in electronic voting.

All in all open source would be better than closed source for electronic voting machines but it would provide zero certainty that the election still isn't being rigged electronically. The only two good ways to insure good elections are:

- paper ballets marked with a pencil, watch and counted like a hawk by multiple adverserial observers which works great in just about every country but America.

- if you have to do evoting, you have to have a printer, and a human verifiable receipt going in to a lockbox and hand recounted by adverserial.

From a PR standpoint, this could be HUGE

[diakka]

Just think about how many people are pissed about the last two elections and all the criticism of Diebold from very visable sources like Farenheit 9/11 and all. Regardless of what your view on that was, I think that this is an opportunity for FOSS to really shine in the eyes of voters.

de-centralize

[nsayer]

Canada does elections right.

They crack open the boxes at the precinct level. Anyone who wants to sit around and watch the counting is welcome to do so. Once the counters and witnesses sign off on a count, it's done and over with. All that remains is to transmit the precinct numbers, which could be easily done over the phone, with confirmation by transmitting the signed count document.

What's so hard about doing it that way and having the ballots just be big squares of newsprint with boxes you put an X inside?

Re:de-centralize

[John Hasler]

> What's so hard about doing it that way and having the ballots just
> be big squares of newsprint with boxes you put an X inside?

Nothing, and that's just the way we do it here in Spring Lake Township, Pierce County, Wisconsin. Our "voting machine" is a tin and wood box about 100 years old.

No, it wasn't stolen

[abigor]

"I am committed to helping Ohio deliver its electoral votes to the president next year."

        -Diebold CEO Walden O'Dell, in an invitation letter to Republicans for a $1000-a-plate fund raiser

"They had an event for Pioneers and Rangers, and I am one - and proud of it."

        -O'Dell again

perfect example of a need for trusted computing

[geekee]

There have been comments suggesting that not only does the source code needs to be transparent, but the binary needs to be verified to represent the source code acurrately without tampering. Trusted computing makes it a lot easier to prevent tampering of the binary by an attacker that has been signed off on as good. Of course you always need to trust people with physical access to the machines, so election monitors need to be more sophisticated to detect physical tampering.

"Security expert Bruce Perens"?

[Master of Transhuman]

I thought Bruce Schneier was the security expert and Perens the OSS advocate. I just looked up Bruce Perens' bio and there's nothing in there about security.

Re:"Security expert Bruce Perens"?

[Russ Nelson]

I don't think Bruce (Perens) claimed to be the security expert. Somebody else put that hat on him and set him up a nice pose with just the right lighting.
-russ

Re:"Security expert Bruce Perens"?

[brennz]

Saw this.

http://www.cspri.seas.gwu.edu/library/current_news /20021205.php [gwu.edu]

Here it says he started working at GW's Cyber Security Policy and Research Institute (CSPRI) in 2002.

He also has a long background in Unix internals. There aren't many people that know Unix internals and are totally clueless about security.

Imagine the mayhem if this fails in California ...

[joelsanda]

The mayhem from an OSS voting system in California could be potentially horrible for open source software. It's impossible to have an election with paper and pencil that doesn't get scrutinized. Hell, it was impossible for Florida to have an election with punch cards.

If paper and pencil or styli and punch cards can be questioned open source could be trashed by the media and politicans alike. It won't be long before Microsoft and HP roll out their own 'secure' and 'trusted' and 'robust' solution to mop up the mess.

This could also be a move to discredit open souce if the CA panel finds that OSS is too insecure to use for elections.

This seems like a bad idea to me. All it takes is one stupid reporter jacking up a mass emotional response by saying the OSS operating system has "known security flaws with well documented vulnerabilities that anyone can download off the Internet" to result in an (appointed) ludite judge ruling the machines are too insecure to use for an election. Watch the lawsuits fly off the wall faster than attorneys can catch them.

Before the OSS party line is toed too closely I see this posing a far greater risk to the general acceptability of OSS than the marketing armies of proprietary software companies.

Justice Is Blind

[Doc Ruby]

No, the source must be closed for security. And the machines welded shut, accessible only by authorized Diebold technicians sent from the factory. The votes must be counted in secret so no one can mess with them. The winners have executive privilege to suppress all the laws they make to spend all the money, so the "bad guys" can't get advance notice of our plans. We'll sort them out in secret trials to ensure justice isn't soiled by clever lawyers. I feel safer already - just don't lift my blindfold.

Why are machines needed at all?

[chris_sawtell]

Genuine question.

I voted last week using a piece of paper and a felt tipped pen. It worked well, I made my marks to indicate my votes, and the polling booth staff counted my votes after the poll closed. Simple, straightforward, no computers involved in the counting process to enable election fraud. Debian [debian.org] used to run Apache [apache.org] which displays the results [electionresults.govt.nz] on the WWW.

So could some kind soul please explain how and why using a complicated machine to record the voter's choice enhances democracy?

Re:Even open source software is a bad idea

[Rei]

safe by design-- i.e., based on paper

Yes, because everybody knows that paper is a write-once, ready many system with built-in user authentication which cannot be hidden, destroyed, or otherwise tampered with.

terminals which print out an ink ballot

That's part of the push for open source voting systems - you have a hard copy for verification. There are much better ways than just having it print out who you voted for so that you can drop it in a box - for example, one method which I read about not only keeps a paper record (which the user never has to handle, but is there for recounts), but prints out a tracking number that the user can enter on the election board's website and verify that their vote is in the system and who it is listed as being for.

Re:Even open source software is a bad idea

[Chris Burke]

for example, one method which I read about not only keeps a paper record (which the user never has to handle, but is there for recounts)

Though hopefully they can see this paper, so they can verify that it is correct before it is automatically placed in the box. This is where the verification takes place, and after that you have all the usual physical security issues.

but prints out a tracking number that the user can enter on the election board's website and verify that their vote is in the system and who i

Re:Even open source software is a bad idea

[Rei]

You're still anonymous; it's your choice as whether or not to violate your own anonymity. The former part of what you mentioned is illegal, and can (and is) done without such a voting system. The latter part is an outright criminal threat, which could go on without such a system. Would you have responded to all enabling technology that helps people out like that?

"Give me your password. If not, I'll just have to break your kneecaps."
"Give me your ATM pin number. If not, I'll just have

Re:Even open source software is a bad idea

[Chris Burke]

You're still anonymous; it's your choice as whether or not to violate your own anonymity.

Right, and as long as someone knows that you can "choose" to violate your own anonymity, they can coerce you into doing it. Was my little dialogue not clear enough on that?

The former part of what you mentioned is illegal, and can (and is) done without such a voting system.

Yeah, I'm thinking it's illegal too. Now how do you do it if there is no way to verify that a certain person voted for a certain candidate? How doe

Re:Even open source software is a bad idea

[Rei]

Yeah, I'm thinking it's illegal too. Now how do you do it if there is no way to verify that a certain person voted for a certain candidate? How does that version of the evil plan work?

Where were you during the huge Nader/Gore and Nader/Kerry vote exchange campaigns?

I said you must keep anonymity

You *do* keep anonymity, *at your option*. I should have the right to give up *my* anonymity if I choose to. I should have the right to make sure that my vote is in the registry. If *you* don't want to be able to

How To Hold An Election.

[mcc]

Yes, because everybody knows that paper is a write-once, ready many system with built-in user authentication which cannot be hidden, destroyed, or otherwise tampered with.

It can be made so.

The trick here is to use an external system to verify the correctness of the voting system, called "election observers". The idea is that any person can volunteer to become an "election observer", and once they volunteer they get to sit around to verify that every voter is correctly verified and audited; ensure that everyone who comes in gets an equal chance to vote and put their vote in the box; and ensure that the box is correctly escorted and not tampered with. Because the "vote" is a piece of physical paper, this can all be done with relative ease. The database is a box. You can look at it.

When votes are electronic, this is not an option. You cannot sit there and stare at a Microsoft Access database file to ensure its integrity is preserved. You cannot sit and watch the electrons pouring over the ethernet cable to make sure none of them are being tampered with. You can of course write a computer program to do these things-- audit, observe, etc-- but then you run facefirst into a truly intractable security program, that of trusting trust. Okay, you've got this e-vote auditor program. How do you trust the auditor? How do you know the numbers the auditor is looking at are the ones that are really going into the database? How do you know the auditor hasn't been compromised?

When votes are physical objects marked in private booths and dropped into little boxes, we can trust the auditors because the task of auditing is simple, and because the auditors are numerous and diverse. Election stations will typically be watched by members of two or more political parties, meaning that if you wish to rig an election you can perhaps corrupt or fool a small number of the election observers but certainly not all of them. If you want to know how easily electronic auditors can be fooled en masse, well, look at every Microsoft worm ever. Then consider that the Nachi Worm [asianlaws.org] successfully infected ATMs at banks, ATMs made incidentally by voting machine manufacturer Diebold...

Re:Even open source software is a bad idea

[mcrbids]

terminals which print out an ink ballot

That's part of the push for open source voting systems - you have a hard copy for verification.

The crux of the problem with electronic voting system is: How do you

A) Guarantee the anonymity of a particular voter from the voting machine?

B) Allow a voter to later confirm that their vote was, in fact, part of the final tally?

One way I thought of was to use the reproducable "random" numbers produced by cellular automata algorithms as concieved by Stephen Wolfram [wolframscience.com] can be us

Re:Even open source software is a bad idea

[Russ Nelson]

Sigh. You are so clueless it's a wonder that I let you vote. The whole point behind having a secret ballot is so that nobody can force you to vote one way or another. As soon as there's a way for you to tell how you voted outside of the polling place, somebody can coerce that information out of you. No. The only useful purpose an electronic voting machine can serve is to make the choices painfully obvious and then commit them to paper so the person can read their vote and then drop it into the ballot b

Re:Fear and loathing

[follower_of_christ]

This could go very very wrong. I have ugly visions of bureaucrats and academics working on this. Bad, Bad, Bad!

Or even worse. The inventor of the Internet, Al Gore!

Re:Bruce Perens? What about Bruce Schneier??

[Bruce Perens]

I volunteered to help OVC, and that's one reason I'm mentioned. I think I'm supposed to be the Open Source expert, although I do security work. Schneiner is several orders of magnitude above me in that regard. If there is the slightest possibility that we can get Schneiner to participate, I'd do everything possible to get him on board.

Bruce

Re:Bruce Perens? What about Bruce Schneier??

[Bruce Perens]

Thanks! Like all community folks, you are welcome to call me at 510-526-1165 and discuss this stuff. I'll be there on Monday. :-)

Bruce