Where free software should be required by law
These systems are based on closed source code. There is no external audit trail, no way of verifying that they are recording votes as they were actually cast. Trade secret law forbids the inspection of the code in the systems. One just has to trust the vendor that the results are correct.
A primary election held there recently turned up a whole set of problems, ranging from basic usability issues to outright failure.
There has been a lot of interest recently in laws requiring governments to
use free software in many or all situations. It remains unclear, to some
people anyway, that such laws are really in the best interest of
government, the governed, or the free software community. But, in the
case of voting systems, the case seems clear: no part of the system that
elects people into positions of power should be opaque. The creation of a
free, transparent, verifyable electronic voting system should not be that
hard a task for governments or the free software community. There is no
excuse for using anything else.
Posted Sep 12, 2002 9:11 UTC (Thu)
by beejaybee (guest, #1581)
[Link]
And I bet that no-one in the Florida electoral office was priveleged to hear any explanations as to why this should be. Scary stuff, when the corporations who develop this sort of software are already gross abusers of the lobby system. Rig a few votes (or a lot, if neccessary) then claim that "the people" have decided? What price democracy now? There are numerous other issues with electronic voting - personation is one of the more obvious ones - but the system really does need to be sound. The old technology ("X" on a ballot paper) isn't perfect but it seems to be more so than the "modern" alternatives.
Posted Sep 12, 2002 9:31 UTC (Thu)
by tres (guest, #352)
[Link] (1 responses)
Regards,
Posted Sep 12, 2002 13:24 UTC (Thu)
by AAP (guest, #721)
[Link]
Posted Sep 12, 2002 14:38 UTC (Thu)
by pflugstad (subscriber, #224)
[Link] (4 responses)
The printed piece of paper can be a simple sheet, with bar codes With this *simple* *basic* idea, I don't care if the voting As Ms Mercuri notes: Brazil uses electronic voting, but they Pete Flugstad
Posted Sep 12, 2002 17:37 UTC (Thu)
by ksmathers (guest, #2353)
[Link] (3 responses)
Printing a machine readable copy of the completed ballot is necessary but not sufficient I think. The printed ballot also has to be human readable; otherwise any electronic recording system would be sufficient. What you want is a way to visually verify that the vote has been recorded correctly.
My first guess would be to use an OCR font to print the information in plain english. The records that the machine uses to maintain its count must be in the same format so that any printed voting record can be accurately compared to the corresponding database record, by independently developed software if need be. Also the OCR'able output should be printed twice, once for the voter, and once for the voting machine, preferably one being a carbon copy of the other, like the output from cash registers.
Posted Sep 13, 2002 16:26 UTC (Fri)
by gswoods (subscriber, #37)
[Link] (2 responses)
Yes, this is a problem with absentee ballots too, which is why I am always
Posted Sep 13, 2002 17:59 UTC (Fri)
by pflugstad (subscriber, #224)
[Link] (1 responses)
The Human looks at the human part of it and if it looks right, If there is any question about the validity of election, these This is NOT a hard problem. There are *simple* solutions to It's not like the hardware requirements are terribly difficult But these are all just details. The reason this is failing is Pete Flugstad
Posted Sep 15, 2002 1:44 UTC (Sun)
by Baylink (guest, #755)
[Link]
*My* personal approach was, indeed, to separate the ballot *validation* from the accelerated electronic *counting* by...
Numbering the races, lettering the candidates (1A - Janet Reno, 1B - Bill McBride), etc, on the voting screen, and then, once the ballot is accepted, *print it out on Polaroid SX-70 film, in OCR font, without the candidate names*, show the voter a screen *with both codes and candidate names*, and then let them compare and approve.
Once they do, they drop the film in a scanner at the table, and it adds the vote to the totals, making a noise and updating a ballot totalizer counter. It then drops into a locked box, with a slot too small to reach into. Say, an ammo box with a replacement cover.
At the end of the night, you plug each counter into a phone line box, and like ET, it phones home.
Simple, reasonably hard to screw with -- it even gives you *something to recount* (say it with me now: "a vote is a physical object") -- and the only *problem* with it is Sequoia Votings Systems will only make about 1/3 as much money.
But who knows, maybe it's just me.
Posted Sep 12, 2002 19:51 UTC (Thu)
by Odinson (guest, #1402)
[Link] (1 responses)
Any lawyers want to get involved in a national debate of presidential proportions? Contact one of the above lugs and tell them you want want to check the software for incorrect or hidden instructions too.
Posted Sep 13, 2002 5:02 UTC (Fri)
by costa (guest, #3670)
[Link]
"There is no external audit trail, no way of verifying that they are recording votes as they were actually cast. Trade secret law forbids the inspection of the code in the systems. One just has to trust the vendor that the results are correct."Where free software should be required by law
Considering the two types of security, "black box" and "crystal ball", otherwise knowm as proprietary and Free Software, I believe that there are instances for both. As I pointed out in a letter to the editor this week, if I'm a cancer patient that is going in to be exposed to radiation, I want the software to be the best. Since not that many programmers are writing programs for radiation machines the quality of the software is something less than desired. The same for the voting machines. With a team of talented and dedicated programmers, I have no doubt that a quality free software solution could be developed. On the other hand, if the project cannot not attrack a cryptographer and security expert to help in auditing the code then problems will surely develop. If all of the states wanted to adopt a new system then they could band together and produce, or hire the job out, some quality software that is capable of doing the job. Short of that, the idiom becomes: security through obscurity. Even though we all know that it is not a very good security system, we must admit that it is better than nothing.Where free software should be required by law
Tres
My own question would be, why NOT open the source? True, it might be hard to attract geeks to specialty projects, but somebody writes those programs now. Why not pay them to write those programs, as they now do, and release the source for public scrutiny? Presumably, they don't make money off the software, just off the radiation treatments/voting machines. The only minus is that if they screw up, the proof will be out there.
Where free software should be required by law
The thing many people miss (even Open Source proponents) when Just PRINT the ballot
looking at this problem (and the one thing suggested by Ms.
Mercuri in her Risks posting) is that the solution to these
problems is very simple: just print out the damn ballot after
the user has finished using the computer to select his candidates.
or other mechanisms (can you say scantrons like you did your
SAT's on) to make it easily computer readable (no more hanging
chad, pregnant chad, etc, crap) that can be used as SECONDARY
AUDIT system. The voter can LOOK at it and verify that it
reflects his vote. Then it's saved along with his electronic
vote. The electronic vote can be used for quick returns, but
if there is any question about the validity of the electronic
returns, the paper ballot is the backup and "official" record.
machines are proprietary or not (of course, I would prefer
open source), as if there are problems with the electronic
vote, the paper ballot is present as a backup and actual
official ballot. This is literally the best of both worlds.
have retrofited many of their voting machines with printers,
expressily for this purpose. Of course, NPR Morning Edition
had a segment this morning indicating that that may not last
(it's not up yet or I'd post a URL...).Just PRINT the ballot
You most definitely do NOT want the voter to leave the booth with a recordJust PRINT the ballot
showing how they voted. One reason that you have to vote by going to a
polling place and voting in a booth where nobody can see is that nobody
ever knows how you voted. This is important for preventing coercion. An
abusive husband, for instance, would be able to force his wife to vote how
he wanted her to if he were able to verify how she voted. Other types of
coercion (boss to employee, etc.) are also possible, but are voided if
there is no after-the-fact record of how a person voted.
opposed to any "voting by mail" schemes. None of them adequately address
the issue of vote coercion.
What I meant, which I apparently didn't communicate properly,Just PRINT the ballot
is that you print the ballot in both HUMAN and MANCHINE readable
forms, on the same PAGE, one corresponding to the other. The
human form would be OCR capable, but that's not a requirement.
drops it into a slot right next to the electronic voting machine.
Or they even walk to a seperate ballot box and drop it in - that's
no different than they do now. This turns the computer into a
glorified display engine, which is what it's good at.
PAPER ballots are the "official" record. They can be easily run
through a machine reader, which can both tally the vote as well
as try to OCR it and verify the human and machine readable parts
are the same, and maybe put up a copy of the human readable part
on the screen (derived from the machine part) for a HUMAN to verify
that what the machine thinks is on the page is really what the
human saw, etc, etc, etc. If there are *any* descrepencies,
then you know there's a problem with the balloting machines,
and then you hunt down the people responsible for it and convict
them of election fraud.
all these, and Open Source is not necessarily one of them. I
personally think Open Source would be the *best* way to do it,
but I can see private companies doing it as well and trying to
make money at it.
- a touch screen and a low end PC platform (regular old Pentium
is probably more than enough) running linux plus some GUI display.
The only hard part is figuring out a cheap, readable printer - you
need a printer that preferably doesn't need ink at all, so you just
have to keep it supplied with paper. Thermal printers are a
possibilty, but their output had traditionally been very poor.
Maybe they've improved. If you have to add ink, then set it up
so that you add ink and paper at the same time, in a simple drop
in package.
because the idiot politicians are NOT LISTENING to the ENGINEERS.
Instead they are listening to big companies who stand to make
$millions on this, and of COURSE are going to be biased. DOH!
Indeed, Pete. Apparently, gswoods hasn't ever voted -- you've *always* walked away from the booth with a readable ballot (although perhaps you had to hold it up to a voting machine to read it, but...
Just PRINT the ballot
http://www.linux.org/groups/usa/florida.html
Florida LUGs, your state needs you.
U (USA citizens) have lost all of your freedom afterFlorida LUGs, your state needs you.
horrible 11 september events. So why do U need such
election machines? Just use tirany instead.