NIST Condemns Paperless Electronic Voting

quizzicus writes "Paperless electronic voting machines 'cannot be made secure' [pdf] according to the National Institute of Standards and Technology (NIST). In the most sweeping condemnation of voting machines issued by any federal agency, NIST echoes what critics have been saying all along, that due to the lack of verifiability, 'a single programmer could rig a major election.' Rather than adding printers, though, NIST endorses the hand-marked optical-scan system as the most reliable."

because without a verifiable paper trail...

[holden caufield (111364)]

you can never be certain when duplicate events can occur.

Re:because without a verifiable paper trail...

[Stellian (673475)]

because without a verifiable paper trail... you can never be certain when duplicate events can occur.

You are wrong. You can never be certain of anything. Your paper trail can be counterfeited or destroyed. Repressive governments used to steal elections long before e-voting came along. There's nothing inherently secure about paper voting, except that's been around for long, and people are used to it.
When a single programmer can steal the elections, it's because the electronic voting system is poorly designed.

Re:because without a verifiable paper trail...

[catchblue22 (1004569)]

Elections can be stolen with paper ballot elections. However it is far more work to do so than with a fully electronic election. To steal a paper ballot election, especially if it isn't close, you would likely have to create a large number of fake ballots manually, and then selectively replace your victim's ballots. When there are many hundreds of thousands of ballots, this is a huge task, and cannot be done quickly. And to really cover your tracks you might want to shuffle the ballots, so they are not sorted by choice. Scrambling a deck of 52 cards is hard enough. Imagine hundreds of thousands of ballots. And of course all of these changes would have to match with the vote tallies. Any errors will be obvious, and could be considered evidence for voting fraud.

Contrast this with electronic paperless voting, where a single piece of software can replicate itself through many voting machines, as was shown possible [princeton.edu] by two Princeton professors. This code can then invisibly alter votes, and then eradicate itself after use. The fraud in this case would be undetectable.

Hand-marked is the way to go

[koehn (575405)]

Here in Minnesota we use the hand-marked optical scan system, and it's great. There's a high degree of confidence that your vote actually counts for something. That, coupled with a mandated recount in a random sampling of districts in each county after the election.

Re:Hand-marked is the way to go

[vandon (233276)]

That, coupled with a mandated recount in a random sampling of districts in each county after the election.

If you ever get a chance to watch HBOs "Hacking Democracy", you should watch it. It's mainly about electronic voting, but not just about electronic voting. It's about the non-transparency of present day voting.
One of the things they cover is about the manditory 3% or 4% recount to make sure they don't need a full recount. The problem lies in the fact that the ballots selected are not random. The law specifies that the 3% is "randomly self-selected" by the district/state elections clerk. This means that out of 10,000 ballots, they pick and choose 300-400 ballots to have public volunteers recount.
The public volunteers suspected that the ballots were picked specifically to match the final percentages so there would be no recount. Most of the ballots were grouped together by party lines as if they picked out a certain number of (R) ballots, a certain number of (D) ballots, and a certain number of (I) ballots but forgot to shuffle them together.

Re:

[toddhisattva (127032)]

"Why are we doing this at all? is the question people are asking," said Warren Stewart, policy director of VoteTrustUSA, a group critical of electronic voting systems. "We have a perfectly good system -- the paper-ballot optical-scan system."

The parent answers the question from the end of TFA. It needs to be modded up:

To understand the history of the push for e-voting, we must understand the main event sparking this push. That event is the presidential election of 2000. Several voters who lacked the most b

Re:Old paper ballots were fine.

[MtViewGuy (197597)]

Only one thing though: the 2000 election fiasco was caused by punched card ballots, not mark-sense paper ballots. That's why most voting jurisdictions are using mark-sense ballots nowadays, if only because they can be both hand-read and machine-read.

Re:Old paper ballots were fine.

[by Anonymous Coward]

Several voters who lacked the most basic intelligence in comprehending the shockingly simple instructions on a paper ballot voted in Florida

Do you actually understand what happened? Do you know how punch ballots work? "Shockingly simple" isn't even funny as a joke. You're given a ballot card with perforations that mark off squares. You're given a round pointy piece of metal. Instructions: Poke out a square hole with a round stick. "Hanging chads" are of course rampant, and for decades, they have been a known problem with a well-established solution for determining whether you voted or not: If the chad is hanging by only one or two corners, you voted whether or not the machine can read your vote. Cue the 2000 election, and Republicans whining about Gore's whining for a hand count for hanging chads. Cue retarded insults like yours that ignores the fact that hanging chads have been around for decades with an established procedure for dealing with them. Cue the supreme court canceling the recount, without any constitutional authority to tell Florida how to run an election or to demand Presidential election results on any particular day prior to the electoral college's ballot.

Punchscan.org

[themaddone (180841)]

Now might be a good time to point people in the direction of Punchscan.org [punchscan.org], previously chronicled on Slashdot here [slashdot.org]

Sleight Of Hand

[Spinlock_1977 (777598)]

More sleight-of-hand. An election can never be 100% verifiable until and unless the complete list of every vote is published for all to see and verify (privacy protected by numbers and codes of course). Profit Makers and Election Riggers will argue differently, no doubt.

Re:

[ebyrob (165903)]

Who's to say that Joe, Jim and Jake Schmoe aren't both issued the same "code" while Sally Stockholder's vote is applied to 3 codes?

Note: I'm not saying secure computer-assisted voted is impossible. Just that nothing remotely close has been invented yet.

MOD PARENT DOWN

[Phroggy (441)]

Vote buying. We've been over this. If you've got some code that will allow you to determine from the published results how your vote was counted, then I can ask you to tell me your code as soon as you've voted (before the results are published), use it to verify your vote the same way you can, and reward/punish you accordingly. Knowing that I have the ability to do this, people without strong convictions will vote how I tell them in exchange for the reward I offer or to avoid the punishment I threaten.

Ye

Moderation isn't for squeltching points of view

[MarkusQ (450076)]

MOD PARENT DOWN

Vote buying. We've been over this. If you've got some code that will allow you to determine from the published results how your vote was counted, then I can ask you to tell me your code as soon as you've voted (before the results are published), use it to verify your vote the same way you can, and reward/punish you accordingly. Knowing that I have the ability to do this, people without strong convictions will vote how I tell them in exchange for the reward I offer or to avoid the punishment I threaten.

Yes, that would be illegal, and if I'm caught, I'd be in trouble, unless I just got my friends elected to a position where they can get me off the hook.

"We" may have been over this before, but that doesn't mean you are correct, and it certainly doesn't mean you should be calling for people to be modded down just because you disagree with them.

Letting the voter verify that their vote was counted as cast, might, as you suggest, make vote buying easier. But it would also, as the GP points out, make stealing an election wholesale much harder. To make a rational choice between the two, you have to consider the relative risks, and doing so does not lead to the conclusion you're advocating. Even with receipts of some sort, vote buying is a very risky proposition, since by its very nature a lot of people would have to know about it before the election. If you want to buy ten thousand votes, at least ten thousand people will have to know about it, including who to vote for and what the payoff or threat is. If even a few of them blab, you're goose is cooked.

Conversely, without receipts, elections can be stolen by a small group of people with no witnesses except for the machines, and they can steal as many votes as they want--a million isn't that much harder than a dozen.

--MarkusQ

Re:

[nine-times (778537)]

Even then, how do you verify? Go back and ask every single person who they voted for, and compare against the list? How would you know that the recounting process will be more accurate and tamper-proof than the original election?

Nothing is 100% accurate or 100% verifiable. The best you can hope for is a result where the difference is larger than your estimated margin of error, and then you can feel pretty sure. Even then, you have to just hope that human affairs are not so important or delicate that an

And no ID verification to boot (at least in MD)

[galego (110613)]

I *verbally* told them my name and address (I live in MD) ... no photo or other ID required. That has nothing to do with the paper-trail or other verifications that should be built into any voting system. But personally, I think the problem is deeper than paper-vs-electronic.

I agree

[Bobo_The_Boinger (306158)]

Having worked as an election judge in Maryland, which is now using Diebold machines, I just don't trust them. I have seen the printed tape shown at the beginning and end of each election, so I know the machine told me that it took X number of votes, and that that total matched my hand tabulated total from who went to each machine, but how do I know that when the button for candidate X was pressed, the machine actually recored it for X. I don't know. No one knows. And furthermore, there is no possible WAY to know after the voter leaves the machine.

It is a stupid system, and I am proud that someone with more authority than me is saying so. I believe all the politicians who decided that touch screen voting was a "great idea" should be voted out of office ASAP.

Direct Democracy

[conn3x (989931)]

I remember learning that an effective method of democracy was this, a representative democracy, because of the issue of people not being able to get to a poll to vote, and because people didn't necessarily have the time to learn all of the issues. Certainly information has grown leaps and bounds, and now a lot of us do have the ability to directly represent ourselves. After seeing a special on this very issue about people waiting in line for 5 hours to vote, seeing the corruption of representatives over and over again, and watching the corporations cheat and run america in their best interests, isn't it time that we, as the information community, try to implement a secure, more direct democracy? Just a thought

Re:

[Telvin_3d (855514)]

At one time I strongly agreed with this position. That time was for about 2 weeks in high school before I paid much attention to the actual process of government. The reason we ahve representitive government instead of direct democracy is because keeping up with issues and bills is a full time job for an entire staff of people. I am sure you feel qualified to vote on a handful of issues that are close to your heart, but what about the other 99.9% of thing going on? What about the really boring stuff tha

Re:Direct Democracy

[Random Utinni (208410)]

The problem with direct democracy is one of time. The more detailed and complicated the world becomes, the more complex the problems and the solutions. It's why people specialize in tiny little areas of knowledge instead of knowing everything about everything... there's simply too much to know.

Politics and governance is no different. Specializing is a good thing, and representative democracy allows people to specialize in governance. We don't even let generalist physicians do surgery, let alone the average layperson. It's too complicated, and too important... so we give the job to a specialist. Same with government. We could let the average person make decisions about long term taxes, economic growth, foreign policy, and the like, but I think it's too complicated.

I'm in California, and we've got more direct democracy than pretty much any other state in the union. And every election we're bombarded with propositions. No one really bothers to read the text of the summaries, let alone the actual text of the proposed legislation. So people vote based on their instincts, the television ads, and what their friends tell them. These aren't well-considered or thought out reasons... just the reasons that people have time for. I try my best to wade through them, but I've got a job and a family, and there often just isn't the time.

If you've got the time to keep up with all the information that *should* go into making these decisions, more power to you. But I think that the vast majority of the population doesn't have the time, interest, or education to do the same.

NIST also condemned current paper trails!

[VidEdit (703021)]

The headline of the post makes it seem like the NIST thinks that paper trails are the answer. That is not their conclusion, in fact they say the current paper-trail systems don't work.

"The NIST is also going to recommend changes to the design of machines equipped with paper rolls that provide audit trails.
Currently, the paper rolls produce records that are illegible or otherwise unusable, and NIST is recommending that "paper rolls should not be used in new voting systems."

via http://www.bradblog.com/?p=3860#more-3860 [bradblog.com]

We really should just use optical scan ballots. That is a paper trail voters have to verify, and the ballots can be meaningfully recounted. Then Diebold and the other vendors should be sued for knowingly selling defective products--possibly fraudulently.

Re:NIST also condemned current paper trails!

[spisska (796395)]

I posted this elsewhere in this thread but I'll repeat it. NIST is onto something that no one else has seemed to pick up on yet. Federal law requires that states keep election materials, including paper trails from DREs, for 22 months. But most DRE paper trails are recorded on thermal paper, which degrades after a few months.

If found quickly enough, a faded thermal paper can still be read accurately with specialized equipment, but it is not a simple matter and is completely ineffective after an extended period.

I know this because of a horse race -- I left the track before a race, had a winning ticket (printed on thermal paper), and had it fade on me either because it sat in direct sunlight or because it was in my pocket, either of which exposed it to enough heat to render it unreadable to a person. I wasn't too hopeful about redeeming it, but I explained the situation the next time I was at the track, two weeks later. They managed to read the ticket (and pay me my $8 on a $2 bet) but needed a special reader to do so. They also explained that given another month or two they wouldn't be able to read it.

The point is that any given election official who next summer checks the DRE paper trails from the November election may just find a cabinet full of blank rolls. Unreadable in less that half the time that Federal law requires the records be kept. This is a big problem.

Wow, just when Domecrats win

[dcollins (135727)]

Goddam funny that the federal government gets concerned with this just as Democrats are poised to take power in Washington, after several election cycles where it apparently didn't give a damn.

Whatever, it's the right thing to do, finally.

Optical scanning offers significant benefits

[hmbcarol (937668)]

1 - Fail-safe. The machine can break, power can go out, etc. The paper ballot still exists and can be easily hand counted.

2 - Inexpensive scaling. Since you mark on paper the polling station can have 20 booths for people which are not much more than a table, curtain, and a pen; yet they can share one or two optical scanners. Touch screen systems require one expensive machine per booth.

Do the math. 20 expensive touch screen machines per polling station, versus 2 less expensive optical scanners.

This cost savings could be used in urban areas where there traditionally have not been enough resources for the election.

3 - Trustable. Any dispute can be settled by the actual piece of paper I wrote on. Optical scanners are based on technology used by schools to grade for decades and require little more than a motor, light sensor, and a very low end CPU. There is little to go wrong and very little which can hide tricks.

4 - Easy to use. I take a pen and fill in a box. Touch screen systems appear to suffer serious "alignment" issues which can cause votes to be mis-registered and which require frequent realignment in the field.

5 - Robust. There is no screen to be scratched, or broken. The voter never interacts with the scanner except to slide a piece of paper into it. There is no printer to jam, or foul, or have other issues.

I call bull puckey

[Ungrounded Lightning (62228)]

... the potential for corruption is identical for paper ballots and electronic ones.

I call bull puckey.

The potential for corruption is massively greater when THERE IS NO WAY TO CHECK FOR IT.

When it can be detected (and is routinely watched for), trying to rig an election stops being a path to power and becomes a path to jail.

Re:Electronic Voting

[cluckshot (658931)]

I have a job reviewing the software that runs the elections. As a result I have several of the packages in question on my machine. The auditing I do has nothing to do with the election security. It is technical. None the less; I have looked at the security issue. I agree with the critics entirely. Electronic Voting without a proper paper trail is a sucking security hole. The Diebold software has several leaks in it including USB drive access. I have reviewed on package I would trust and it does use a paper trail. In general the critics of this methodology of voting without paper trails are more than correct.

Any election even with a paper trail, should have several other controls built in. The development of regionally accessible voting is a good step. This is where you can vote anywhere the election is being held. It makes stuffing boxes kind of hard. Another method needs to be 3 way tally. The voting totals need to be local, reported to a regional and to a central authority and the results compared. The paper ballots should automatically be recounted by machine and a certain number of them sampled for hand recount. The custody of the paper ballots should be under ARMED WITNESSED GUARD at a central location such as the State Agency. It should not be under the control of local officials. In general the election oversight agency of a State should be most carefully constructed with agents who are not subject to political whim for employment.

I have worked as an election official in the past. The number one concern of any citizen in an election should be that the election tally's and results are properly handled. A Former County Commissioner from my district was wrongly not certified for election because of probate Judge who was dishonest and it took a federal suit to over turn his ruling. He was placed in office about 13 months late after the hack the judge certified wrongly had pretty well looted the office. Election stealing is a very real issue and one of the highest concern for people with an elected government. In the election in question, the Probate Judge certified a box as valid when it had 1100 more votes (all cast were for one candidate) cast than the box had voters.

I cannot emphasize enough that any machine voting system that does not track with a proper receipt system and with other major controls is simply a machine to steal elections more efficiently. Such a system makes stealing easy and removes all evidence that it was stolen.