User: Password:
|
|
Subscribe / Log in / New account

Securing our votes

Securing our votes

Posted Aug 9, 2007 2:54 UTC (Thu) by Baylink (guest, #755)
Parent article: Securing our votes

I shake my head in disbelief.

There are clearly obvious solutions to all of these problems, and I didn't even think them up.

*Don't use the computers to count the votes*. Just use them to do the UI. Get the votes, and print everything as OCR-A on a cardboard card that drops through the printer into a clear plexiglas box where the voter can confirm that it contains everything they voted for (by the simple expedient of printing everything for which they did *not* vote as well, clearly tagged differently), then have them turn a mechanical knob that drops the ballot into a locked box, or into a trash box/small shredder.

Count the ballots using an OCR-A optical scanner. Serial number and checksum the data. 100.00% accuracy shouldn't be hard at all.

Your counting machines then reduce to one per precinct... or per area. And humans can count the ballots too, should the Republicans try to steal yet another election.

Sure, you can keep a running count in each machine, but that shouldn't be the *certifiable* count. You can't *recount* that (says a Floridian, looking over his shoulder). You can recount printed cards.

I can't personally think of a failure mode in this design that can't be avoided.

Anyone?


(Log in to post comments)

Securing our votes

Posted Aug 9, 2007 6:47 UTC (Thu) by tadmini (guest, #41980) [Link]

Good point. I never understood why would somebody want to use a computer to count the votes, given the immaturity of most information systems today.

Can't we just stick to good old paper ballots and be done?

Securing our votes

Posted Aug 9, 2007 15:17 UTC (Thu) by Baylink (guest, #755) [Link]

You'll note the-solution-that-isn't-actually-mine does, in fact, utilize recountable, human-readable, paper ballots, which can be the critical path on the count.

Securing our votes

Posted Aug 9, 2007 10:57 UTC (Thu) by NRArnot (subscriber, #3033) [Link]

Some voters will be short-sighted or have impaired vision, and won't be able to check a paper under a plexiglass cover, especially if printed in horrid OCR-A.

Better: print out an oldfashioned paper with a big X against the voter's chosen candidate, which he can view with a magnifying glass at a distance of three inches if he needs to, and then deposit in a ballot box. There should be no problem developing software that can locate a printed X in one of N boxes.

But still not good. You have increased the vulnerability of the election to rigging by pre-stuffed ballot boxes, since all papers will appear identically marked. The oldfashioned marked-by-hand paper is better, because no two voters will mark their X alike. It's far harder for one miscreant to produce 1000 convincingly differently handmarked votes, than 1000 identical printed ones.

A scanner can do a perfectly good fast first approximation sort and count of handmarked ballots, which in most elections will be good enough. When it's close, one then moves to iterative refinement, rechecking and recounting bundles of papers (by hand) over and over again (usually, the first recount suffices) until sufficient accuracy is attained.

Another improvement would be if the printer also sequentially numbered the papers it printed, starting at a random number not known before the polling station opened for business. This would make pre-stuffing easily detectable (and correctable). The problem would be convincing voters that it wasn't destroying the secrecy of their vote.

One word that all posts above forget:

Posted Aug 9, 2007 13:57 UTC (Thu) by hummassa (subscriber, #307) [Link]

VOTE SECRECY. There is a very good reason why your vote is secret.

<slashdot-esque-fiction-mode>
1. I am your boss (and the boss of 10000 other people)
2. I say to you: "vote on Joe Corrupt for me, and then take a pic of the
thingy on the clearbox with your cell phone and bring it to me by monday,
or don't bother coming at all." (*)
3. Joe Corrupt wins the election by 10000 votes.
4. ???
5. Profit!!
</slashdot-esque-fiction-mode>

(*) just to be clear: I work in a governmental institution with 3000
employees and 300 interns and apprentices. The two buildings have,
combined, some 4000 cell phones. I believe at least 3000 of them have
cameras.

I haven't seen a good (== fast && cheap && secure [IMHO]) alternative to
electronic voting yet. So, I'll refer you to my reccount of my experiences
and opinions:

http://lwn.net/Articles/100202/
http://lwn.net/Articles/100326/

HTH.

One word that all posts above forget:

Posted Aug 9, 2007 15:34 UTC (Thu) by Baylink (guest, #755) [Link]

All currently available approaches have this problem. Collecting your camera phone at the counter and giving it back to you after is the only solution I can see; IE: a policy against taking cameras of any kind to the booth. Since the booths aren't actually booths anymore, they're generally in the open, this is less of an issue, I suspect -- it would be obvious if you had a phone or camera out.

Loved your riff, though. :-)

One word that all posts above forget:

Posted Aug 9, 2007 15:38 UTC (Thu) by Baylink (guest, #755) [Link]

One other observation: if the ballots are numbered sequentially, and you log the random starting number -- or print "FIRST BALLOT" on it -- then you can audit that a stack is complete, and extra-counting organizations, as you mention in your other posting, can tell they have all the ballots.

And it should be cheap enough to build counting boxes that lots of different people can do it commercially, and such orgs can all buy them from different people, or even build them themselves, and if the paper handling is good enough, then the ballots will *survive* 50 counts.

Hell, the election officials themselves could buy counting machines from different manufacturers and run each election through twice and compare.

And *none of the equipment is on the security critical path* in this approach, in case anyone missed that.

You *can* have preliminary counts come out of the terminals themselves, but there's no sense in hacking those, because the system procedures make it worthless to change them -- the dual count of voter-approved paper will show any mistakes.

One word that all posts above forget:

Posted Aug 16, 2007 22:30 UTC (Thu) by edgewood (subscriber, #1123) [Link]

Jane Employee: OK, boss!

Jane ventures down to the voting booth, punches up a ballot for Joe Corrupt, <click> takes a picture of it under the plexiglass, then presses the "Spoiled Ballot" button. She votes for her preferred candidate, then pushes the "Correct Ballot" button.

She then delivers the picture of the vote she didn't actually cast to her boss, and anonymously calls the Election Commission on her way home.

Securing our votes

Posted Aug 9, 2007 15:31 UTC (Thu) by Baylink (guest, #755) [Link]

Yes, but handmarked ballots don't solve the problem which electronic voting terminals were putatively primarily intended to solve: people who can't write, or can't see.

OCR-B is fine with me. :-)

That's an implementation detail.

The paper would be something like 8.5x5.5 inches, with the information printed in at least 14 point, and pressed against the plex box at eye level, with a sliding magnifier and appropriate lighting.

As for stuffing, both the random-start sequential number and my own idea: a transparent locked catch box, will solve that problem. I actually want to catch and count all the spoils as well.

As far as

> The problem would be convincing voters that it wasn't destroying the secrecy of their vote.

what makes you think they care now? You *did* watch the last 2 presidential elections, right?

Those in a position to evaluate will be, I think, satisfied with the answers.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds