Sequoia v. Ed Felten
Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property." Certainly a democracy would have no reason to want to know about the "behavior" of its voting machines.
Posted Mar 18, 2008 14:52 UTC (Tue)
by tjc (guest, #137)
[Link] (9 responses)
Posted Mar 18, 2008 15:18 UTC (Tue)
by flewellyn (subscriber, #5047)
[Link] (8 responses)
Posted Mar 18, 2008 18:09 UTC (Tue)
by tjc (guest, #137)
[Link] (7 responses)
Posted Mar 18, 2008 18:22 UTC (Tue)
by epa (subscriber, #39769)
[Link] (6 responses)
Posted Mar 18, 2008 18:34 UTC (Tue)
by AJWM (guest, #15888)
[Link] (5 responses)
Posted Mar 18, 2008 20:24 UTC (Tue)
by flewellyn (subscriber, #5047)
[Link] (4 responses)
Posted Mar 18, 2008 21:12 UTC (Tue)
by tjc (guest, #137)
[Link] (3 responses)
Posted Mar 18, 2008 21:31 UTC (Tue)
by flewellyn (subscriber, #5047)
[Link] (2 responses)
Posted Mar 19, 2008 15:41 UTC (Wed)
by tjc (guest, #137)
[Link] (1 responses)
Posted Mar 19, 2008 17:47 UTC (Wed)
by flewellyn (subscriber, #5047)
[Link]
Posted Mar 18, 2008 15:39 UTC (Tue)
by proski (subscriber, #104)
[Link] (1 responses)
Posted Mar 18, 2008 17:22 UTC (Tue)
by dmarti (subscriber, #11625)
[Link]
Posted Mar 18, 2008 15:51 UTC (Tue)
by ccyoung (guest, #16340)
[Link] (19 responses)
Posted Mar 18, 2008 16:23 UTC (Tue)
by kirkengaard (guest, #15022)
[Link]
Posted Mar 18, 2008 16:28 UTC (Tue)
by grouch (guest, #27289)
[Link] (17 responses)
Typical, current process in the U.S.:
Which of the above verifies any part of: One vote has been cast by one voter, is held safely for counting until voting is finished and then is properly counted?
Typical paper balloting:
In the so-called voting involving an electronic device, the internal operations of the device are concealed from the electorate. A number comes from those internal operations of the device but no one can attest to that number being representative of the electorate.
Unless and until voters can observe the activity of electrons in wires, publicly verifiable voting by electronics is impossible.
Posted Mar 18, 2008 17:50 UTC (Tue)
by smoogen (subscriber, #97)
[Link] (9 responses)
Posted Mar 18, 2008 18:51 UTC (Tue)
by AJWM (guest, #15888)
[Link] (4 responses)
Posted Mar 18, 2008 20:32 UTC (Tue)
by smoogen (subscriber, #97)
[Link] (3 responses)
Posted Mar 19, 2008 8:25 UTC (Wed)
by riddochc (guest, #43)
[Link] (2 responses)
Posted Mar 19, 2008 14:51 UTC (Wed)
by smoogen (subscriber, #97)
[Link]
Posted Mar 22, 2008 2:39 UTC (Sat)
by dvdeug (guest, #10998)
[Link]
Posted Mar 18, 2008 23:50 UTC (Tue)
by gdt (subscriber, #6284)
[Link] (2 responses)
"While those steps are auditable.. they are rarely audited..." Writing from Australia, which uses paper-and-pencil ballots administered by a central government agency, this is wrong. Political parties have their representatives auditing every step of the election process at every election. Some merely interested individuals also do the same. I mean every step, from sitting all day in a polling place watching ballots being cast, to accompanying the ballot boxes to the tally room, to watching every vote being counted, to making sure those exact counts appear on the board in the national tally room. Your typical vote will have three mutually-untrusting people ensuring that your vote has been fairly and accurately treated from the moment you are given the ballot paper to the declaration of the election results. As for speed, at the recent election we knew the result by 10pm east coast time (that is, the west coast polling booths had been closed for an hour). I'd say the paper-based system adds a delay of thirty minutes to an hour. Not a huge amount considering the many-weeks delay non-paper-and-pencil systems caused in determining the US Presidency in the Bush v Gore election.
Posted Mar 19, 2008 15:08 UTC (Wed)
by holstein (guest, #6122)
[Link] (1 responses)
Posted Mar 19, 2008 16:20 UTC (Wed)
by smoogen (subscriber, #97)
[Link]
Posted Mar 25, 2008 7:37 UTC (Tue)
by ekj (guest, #1524)
[Link]
Posted Mar 18, 2008 18:12 UTC (Tue)
by joey (guest, #328)
[Link] (6 responses)
Posted Mar 18, 2008 18:58 UTC (Tue)
by AJWM (guest, #15888)
[Link] (1 responses)
Posted Mar 18, 2008 19:34 UTC (Tue)
by tialaramex (subscriber, #21167)
[Link]
Posted Mar 18, 2008 23:11 UTC (Tue)
by joey (guest, #328)
[Link] (3 responses)
Posted Mar 18, 2008 23:42 UTC (Tue)
by hingo (guest, #14792)
[Link] (2 responses)
Posted Mar 19, 2008 7:41 UTC (Wed)
by pkolloch (subscriber, #21709)
[Link]
Posted Mar 19, 2008 9:43 UTC (Wed)
by tialaramex (subscriber, #21167)
[Link]
Posted Mar 18, 2008 16:23 UTC (Tue)
by caitlinbestler (guest, #32532)
[Link] (1 responses)
Posted Mar 18, 2008 18:04 UTC (Tue)
by jordanb (guest, #45668)
[Link]
Posted Mar 18, 2008 16:24 UTC (Tue)
by pr1268 (guest, #24648)
[Link] (2 responses)
I can't imagine Sequoia's cease-and-desist order has any legal weight. Voters would certainly appreciate a measure of accountability in the whole voting process, and Sequoia's tactics of hiding its software/hardware functionality behind the veil of license restrictions and legal threats wouldn't go over well with the very voters forced to use these machines. I'm curious, in the U.S. (or any other territory, for that matter), can a voter, exercising his/her right to cast a vote, refuse to do so using a computer?
Posted Mar 18, 2008 16:34 UTC (Tue)
by kirkengaard (guest, #15022)
[Link]
Posted Mar 19, 2008 2:28 UTC (Wed)
by freemars (subscriber, #4235)
[Link]
I can't imagine Sequoia's cease-and-desist order has any legal weight.
I can see it having weight. I can also see a counter-request that all Sequoia votes be deemed invalid until the suit and counter suits are all settled. (And I can see some judges going forward on that basis.)
Posted Mar 18, 2008 16:31 UTC (Tue)
by kirkengaard (guest, #15022)
[Link] (1 responses)
Posted Mar 19, 2008 4:47 UTC (Wed)
by pr1268 (guest, #24648)
[Link]
New Jersey voting officials, clients/users of these machines, seem to be all in favor of having them independently analyzed, by Ed Felten. Adding to this, I think it would be wise for NJ officials and citizens to flatly reject the Sequoia voting machines because of the cease-and-desist letter Sequoia sent Felten. Of course, I'm not a NJ citizen, so my opinion doesn't matter in this case.
Posted Mar 18, 2008 18:31 UTC (Tue)
by jebba (guest, #4439)
[Link]
Posted Mar 19, 2008 10:36 UTC (Wed)
by amw (subscriber, #29081)
[Link]
Posted Mar 19, 2008 14:27 UTC (Wed)
by jebba (guest, #4439)
[Link]
Posted Mar 20, 2008 2:37 UTC (Thu)
by freemars (subscriber, #4235)
[Link] (1 responses)
Posted Mar 20, 2008 6:45 UTC (Thu)
by pr1268 (guest, #24648)
[Link]
An enlightening technical and legal summary of shortcomings in Sequoia's voting software appears as Appendix A in the PDF linked from one of the commenters in Felten's blog (link to PDF here): http://www.bbvdocs.org/sequoia/Maricopa-County-Elections-Report.pdf Sounds like Sequoia has some explaining to do...
Sequoia v. Ed Felten
> Certainly a democracy would have no reason to want to know about the "behavior" of its
voting machines.
Off topic (maybe), but the U.S. isn't a democracy, it's a constitutional republic. As far as
I know there currently are no pure democracies in the world, since they tend to implode in
just a few years.
Sequoia v. Ed Felten
That's semantic nitpicking. "Democracy" is a class that covers a lot of different
governments, whether republics like ours, constitutional monarchies, parliamentary systems, or
what have you. Saying "we live in a Republic, not a Democracy" contributes nothing to the
discussion.
Sequoia v. Ed Felten
> Saying "we live in a Republic, not a Democracy" contributes nothing
> to the discussion.
Some of our founding fathers would have disagreed with you!
"Democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a
democracy yet that did not commit suicide." - John Adams
"A democracy is nothing more than mob rule, where fifty-one percent of the people may take
away the rights of the other forty-nine." - Thomas Jefferson
I personally hold John Adams and Thomas Jefferson in higher regard than our current leaders,
so I will give careful consideration to what they said.
Sequoia v. Ed Felten
However, the constitution has changed from that envisaged by the founding fathers: senators
are now elected, rather than chosen by the states, similarly the president is (more or less)
directly elected. Women and black people can now vote, whereas originally the franchise was
limited to landowners. So the USA is nowadays a democracy, even if (arguably) it didn't start
off as one.
Sequoia v. Ed Felten
> So the USA is nowadays a democracy, even if (arguably) it didn't start off as one.
And it's starting to look like John Adams (see above) was right.
Sequoia v. Ed Felten
No, he wasn't. That which is killing the US is not an excess of democracy, but a paucity of
it.
Sequoia v. Ed Felten
That statement can not be proven to be correct. At best it may be possible to demonstrate
that it is wrong, but by then the negative consequences may be enormous, and possibly
irreversible.
Sequoia v. Ed Felten
Considering that the people currently in charge, who are wrecking the country, are about as
anti-democratic as you can get, I think we have convincing evidence that it's correct.
Sequoia v. Ed Felten
I often times take exception to decisions made by our current leaders, but I'm even more
concerned about the general population. An alarmingly large group of people seem to hold the
naive belief that one person, or group of persons -- the president, or congress -- can "fix
everything," if we just get the right people in office.
The idea is that the rest of us can get back to living our self-absorbed lives without the
dark cloud of scary news on the tube every night. That'll never work.
Sequoia v. Ed Felten
Well, no, nor should it. "Eternal vigilance is the price of freedom" and all that.
It's more than just a legal question. There should be no behind-the-scenes interference with the voting results. If there is no law requiring independent testing of the voting machines, there should be such law. Free voting is one of the foundations of democracy. Once there is a backdoor, somebody will use it. Even if there is just a perception of a backdoor, it will erode legitimacy of those elected with the use of such machines.
It should be taken very seriously
Translating corporate speak
Corporate speak: "our intellectual property"
English: "our right to prevent someone from doing something we don't like"
The "property" they're talking about is a government-granted monopoly in the first place.
So the way to prevent "behind-the-scenes interference with the voting results" isn't to
require independent testing, it's to make sure that the existing copyright and trade secret
laws do not apply to voting software, or to software whose output is government evidence in a
criminal case, as with a breathalyzer or photo radar machine.
voting "machines"
wish people would say voting "software" - any $200 computer with a touch screen can be a
voting machine - to say software emphasizes what's really going on and what we really should
be paying attention to.
voting "machines"
In which case, the order could be constructively construed -- to the extent that the order
refers to an entire system, component analysis, i.e. of the software, outside of its context
of the entire system, could be seen as valid. Now, I haven't read the order enough to say
this might even work, so keep in mind this is blue sky and possibly irrelevant.
It wouldn't matter if the voting machine used software, transistors or gears -- if the voters cannot watch and verify the process of voting, the voting is flawed. (At least in the case of geared voting machines, the gears could be made observable by the general public at all times during the process. This can't happen with electrons).
voting "machines" eliminate voting
voting "machines" eliminate voting
While those steps are auditable.. they are rarely audited... leaving most voting in the same
state as electronics. Looking at a gear system doesnt say much if the gears in the system are
so complicated all you can tell is that something moved and you end up with not looking at the
counters but the punch tape that no-one can see for 'privacy' concerns.
And then there is which paper system you are going to use. At some point you are going to
count a million or so votes and people want answers quickly.. so automatic systems are going
to be used. The software in that is as easily hacked and unless the vote is 'close' or highly
out of whack with external polling.. its not going to be rechecked.
voting "machines" eliminate voting
Plenty of countries, and subdivisions thereof, around the world have no problem manually
counting paper ballots in a timely fashion. It is a task that can be (and usually is) broken
down into many parallel sub-tasks.
Mind, that's simplified even further if you print up a separate ballot for each separate
contest/issue in the election, as opposed to e.g. some of the massive four-page ballots I've
seen with multiple issues and positions to vote on. Color code them so they get put in the
right ballot boxes.
Reliable paper-balloting systems aren't difficult (there'll still be attempts to defraud, as
with missing ballot boxes, improperly registered voters, etc, these tend to be rather
obvious). Even automated paper-counting systems can be spot-checked with manual counts, and
the whole automatic count thrown out if there's a problem (you may end up with the "hanging
chad" issue; that can be resolved by ballot redesign and making very clear ahead of time what
constitutes a valid vs invalid vote.) Reliable machine-balloting systems are extremely
difficult, with too many ways to stealthily influence the outcome.
voting "machines" eliminate voting
> Plenty of countries, and subdivisions thereof, around the world have no
> problem manually counting paper ballots in a timely fashion. It is a
> task that can be (and usually is) broken down into many parallel
> sub-tasks.
OK for the record I am for paper ballots, but I do not see them as a panacea as places like
Chicago, Louisiana and New Mexico have shown that they can be rigged for a long time.
The main problem is that as much as we argue about accountability, that is not what matters..
cost matters. The cost of using an automated counting system with a cramped ballot versus the
cost of paying 10's of thousands of people to count ballots by hand, ( and then doing
background checks on those people to see which ones have been paid off by various 'interested'
groups etc). And the problems are those are short term costs versus trying to figure out what
a long term cost of a subverted election would be. As long as the perceived cost of the
machines is smaller than the man-power costs.. you are on a losing argument.
voting "machines" eliminate voting
What?
Are you seriously arguing that having an affordable system is more important than
accountability? I don't know the numbers on how much it costs to run an election with the
different systems we're talking about, but really... if accountability doesn't matter more
than cost, what's the point of holding the election? Let's just skip the election and just
give the presidency to whichever candidate is more popular with the supreme court. That *has*
to be more affordable, and therefore better than actually bothering to count votes.
Oh, wait. Somehow, I get the feeling that this could be a really, really bad idea.
voting "machines" eliminate voting
I am not arguing that affordable is better than accountability.. I am arguing that it is
usually considered more important by people. People as a group are usually short-sighted and
end up with not thinking things through. So when they see they have to hire more people to run
an election or get some roads repaired, or raise taxes.. they will go with the roads getting
repaired. If they have the choice between hiring more people for an election or a bright
shiney gadget that will solve their problems and they dont have to stop road repairs or raise
taxes.. they will go for the gadget (because don't gadgets always make life easier?)
And only when it turns out that they made a bad decision, they will hem and haw for a couple
more elections until some better gadget comes out.. because we humans are built not to
recognize we bought a lemon.
voting "machines" eliminate voting
If something is not affordable, it won't happen. In a count of hands, you can do a recount
easily. A vote of the populace is rarely a complete recount, because it's too expensive to. If
the equivalent of recounting the paper ballots is cheap, it may be standard practice for every
ballot; if it's too expensive, it will only occur when a smoking gun appears. That's reality.
voting "machines" eliminate voting
voting "machines" eliminate voting
It's the same here in Canada: major party representative are present in every step of the
vote.
I never understood why it could not be done this way in the US. It's not like it's rocket
science.
voting "machines" eliminate voting
I think it has to do with the differences in states levels of control in Canada and the US..
plus the differences between parliamentary governments and the US 'style'. Each US state can
set its own election rules on who deals with the election materials. The Federal government
can really only give outlines and say that if you 'fail' to meet those standards you lose
federal funding. The states are really protective of this, as it is one of the last
'sovereign' powers they have in comparison to the Federal government.
However, I will admit that I am on a thin branch here.. and could be quite wrong.
voting "machines" eliminate voting
It's not hard to count a million, or a hundred million, paper-votes quickly and correctly.
The task is trivial to split in any wanted number of smaller tasks.
You'll need about 3 hours to count 10.000 votes, count twice by two different people who don't
know the answers the other got and don't know who the other is, and let the result count as
the preliminary result if the numbers they give are off by less than say 1/1000.
But you don't even need to do that: Have voting-machines that record votes electronically AND
print a paper-ballot. Deposit the paper-ballot the traditional way.
Use the numbers from the machine for the preliminary results. Randomly check say 1% or 5% of
the ballots, by the trivially simple method of actually counting the slips of paper and
comparing them to the number the machine gave. If the numbers disagree, count everything, or
invalidate the entire election, probably okay here too to accept 1:10000 error or similar.
You don't need to count all the paper all the time. You DO need to be ABLE to check the
result. There's a difference.
voting "machines" eliminate voting
It's certianly possible to do verifiable electronic voting. Here, for example, is the tally
sheet for the last Debian election. Using this tally sheet, each voter can verify that their
vote was counted, while the secrecy of who they voted for is preserved.
http://www.debian.org/vote/2007/vote_001_tally.txt
The ballots themselves are gpg signed by the voters.
Every step of this vote can be verified and audited.
voting "machines" eliminate voting
> The ballots themselves are gpg signed by the voters.
Looks like the voters combine their vote with a personal secret key and find the md5sum,
making it difficult to reverse to break anonymity.
That's fine for a relatively small set of technically competent voters. How would you design
a system that implements this for, say, 100 million voters, half of whom are of below-average
intelligence?
voting "machines" eliminate voting
Right, the most important thing about any voting system is public confidence. Most people in a
democracy have only a vague and probably erroneous idea of how it actually works, but so long
as they have confidence that it /does/ work it remains viable.
It's much like the situation with runs on the bank. Irrational behavior by investors who've
lost confidence can bring a well run financial institution to its knees in hours, while over
the road a confidence trickster is running a pyramid scam doomed to fail but they can't take
money from investors fast enough.
It's not enough to build a system that math wizards and other experts judge to be sound, it
must be so simple that you can take a dozen people off the street and expect every one of them
to explain correctly how and why it works. That's why so many countries have stuck with marks
written on pieces of paper, stuffing the pieces of paper into sealed metal boxes, and lots of
people standing around putting the papers into piles and counting them. My grandmother can
understand that.
It even aids public understanding when things go wrong. Some guy with a nice suit who
"modified the binary code of a voting machine" and thus changed the outcome of an election is
difficult to understand - a jury may never grasp what he's really accused of doing. But the
equivalent operation on real ballot papers involves a group of people deliberately miscounting
or putting papers in the wrong piles. A child can see that's naughty, and a jury will convict.
voting "machines" eliminate voting
In all fairness, I should note that publishing a tally sheet like this, which you can use to
prove your vote to a third party, does make it easy for votes to be bought. Which is a
property that is not desirable in a real-life voting system..
As I understand it, the Debian voting is also based on sending gpg encrypted and signed votes to a server that is trusted to keep it secret. That would also not work in real elections. A good voting protocol must be designed so that the "who gave this vote" and "what is the content of the vote" are never known to the same party/component. At the same time of course it must be proven that who gave the vote is eligible to vote and voted only once.
voting "machines" eliminate voting
There are however protocols that can do this, some quite good, some "almost there". This is quite a good summary of all protocols out there.
voting "machines" eliminate voting
Or look at
http://de.wikipedia.org/wiki/Bingo_Voting (German)
or
http://punchscan.org/
voting "machines" eliminate voting
A good voting protocol must be designed so that...
As I wrote above, the important thing is public confidence. Britain's major public elections
have always made it possible (though not trivial) to match every single vote cast to the
voter's name and address. But British people have yet to do more than occasionally moan that
this seems a little underhanded.
To get specific, each ballot paper in a British election is numbered and when you're handed a
ballot paper its number is written next to your name on the list of those eligible to vote in
the election. This material must by law be kept for some time after the election is over. All
you need is a reverse index (painful sixty years ago, but easy now) and you have a list of how
everyone voted.
We know (from documents released under a time limit rule) that previous governments have
secretly authorised security services to match the numbers up and then target people who voted
for certain minority parties. Obviously today's government denies that it would do such a
thing, but that's the nature of politics.
Sequoia v. Ed Felten
The attitude of the vendors here is perplexing.
Having a rigorous audit trail, complete with public comment
periods, formal responses to queries, etc. would all be
excellent barriers to entry for would-be competitors.
As things stand, anyone can whip up some GUI software
over generic hardware and just bribe the same government
officials. That's not much of a barrier to entry at all.
Sequoia v. Ed Felten
That's a good point. It's worth noting, though, that their behavior towards auditing is only
irrational if you assume they have nothing to hide. ;)
Sequoia v. Ed Felten
Hobson's choice
Yes, but it's frequently no choice at all. What I understand is that the jurisdictions are
supposed to retain the ability to process paper (non-machine) ballots, but I've seen this
relegated to a not-well-prepared "back-up plan" in case of power failure or some-such. The
option is certainly not well publicized in many jurisdictions, and may have something to do
with their vendor contracts.
Sequoia v. Ed Felten
Sequoia v. Ed Felten
It helps to consider that there is context not mentioned -- New Jersey voting officials,
clients/users of these machines, seem to be all in favor of having them independently
analyzed, by Ed Felten. We should be applauding this, because NJ is then doing the right
thing. Sequoia is attempting to prevent this analysis, on the basis of their contract with
the New Jersey county in question.
"IP" is being used here to chill the investigation into the operation of the tools being used
for our democratic process, by which the governance of the republic at all levels is
determined. Secrecy is being invoked by the tool-maker to prevent external view of what the
tool actually does in a variety of conditions not constrained by the maker.
Sequoia v. Ed Felten
Sequoia v. Ed Felten
A few years back Diebold sent out a bunch of cease and desist notices (including one to me)
when their practices became public via someone putting up over one gig of their internal
mailing list archives. In the end, Diebold was found guilty of violating the DMCA (!). For
details see:
http://www.eff.org/cases/online-policy-group-v-diebold
Lots more info about these systems is available here:
http://www.blackboxvoting.org/
They have nothing to hide except fraud and corruption (their jobs).
-Jeff
Writing to Sequoia
If you feel you might like to write to Sequoia Voting Systems to express your opinions, you
can do so at info@sequoiavote.com, esmith@sequoiavote.com and jsargent@sequoiavote.com.
Writing to esmith will currently get you an out of office reply "I am out of the office on
March 14th and unreachable that day. If you need urgent assistance please call 720-264-2531
and ask for Judy Sargent. Thanks."
If enough people write to them maybe they'll have a change of heart???
Sequoia v. Ed Felten
"Union County has backed off a plan to let a Princeton University computer scientist examine
voting machines where errors occurred in the presidential primary tallies, after the
manufacturer of the machines threatened to sue, officials said today."
http://www.nj.com/news/index.ssf/2008/03/voting_machine_m...
Ed Felten v. Sequoia
Felten fires back in today's post:
http://www.freedom-to-tinker.com/?p=1266
in which he analyzes the paper tapes produced by the machines.
Fascinating document about Sequoia linked within link