California to Start Review of Voting Machines 154
An anonymous reader writes "California Secretary of State Debra Bowen just announced details about the previously discussed 'top-to-bottom review' of almost all voting and counting systems used in the state. The team features big names in e-voting security: David Wagner, Matt Bishop, Ed Felten, Matt Blaze, and Harri Hursti, among others. Vendors have time to submit their machines including documentation and source code until July 1st or face severe restrictions, including decertification, for the 2008 elections. Scheduled to start next week, the review will include a red-team attack and going through the source code."
Some of these machines have been in use since 2000 (Score:5, Funny)
Re:Some of these machines have been in use since 2 (Score:5, Funny)
Re: (Score:2)
Re: (Score:2, Funny)
Re: (Score:2)
Source code and freedom of information? (Score:5, Interesting)
Re: (Score:3, Insightful)
In other words, you can't look in the machine as see what it's doing.
Paper trails are useless, since you can't invoke them unless there is a good enough reason to do so (close enough election usually 1% or so - not a big deal really, just set your machines to steal more than 3%).
At the end of the day, the onl
FOIA doesn't apply (Score:3, Insightful)
Moreover (Score:2)
one more thing (Score:2)
California should use Certified mail. (Score:4, Interesting)
Re: (Score:2)
No...
No...
NO!
That would enable vote-selling/blackmail and break the secrecy of the secret ballot. "Bring me your vote for candidate X, and I'll pay you $10!" or "Bring me your vote for candidate X, and your house won't mysteriously burn down tomorrow."
Re: (Score:2)
There's absolutely no reason to trust any direct-recorded electronic voting results. They're just invisible bits a memory device - they could be anything and they could have been set the way they are in any way at any time. I consider them significantly less reliable as a results metric than exit polls or even the pre-election betting odds.
Not to sound particularly paranoid, but... (Score:5, Interesting)
How will the state ensure that these machines will be identical to those used on election day? Will random voting machines be checked with similar precision during the elections, or what guarantee do we have that these machines will not have been tampered with through "enhanced" source code? I had a glimpse at the FAQ but could not find any information on this, perhaps someone has some pointers?
For this same reason, Consumer Reports and other reviewers buy products anonymously from stores instead of receiving them from vendors, due to previous cases in which the process (such as that intended with the voting machine review) has been taken advantage of.
Re: (Score:2)
AFAIK, States with electronic voting already have procedures in place to check the integrity of the voting machine software. Though some of these checks happen after the election.
That's how they've caught Diebold (I don't recall if other companies did the same)doing last minute software updates to correct functionality issues.
The biggest stick that the States have is that if they catch a company cheating, there are
Re: (Score:2)
Re: (Score:2)
How? Is the hash-generation functionality built into the software? If so, the tampered version can just always return the expected hash.
The general problem here is that these "voting machines" are general purpose computers, and so you get into the same "can't ever truly know if the m
Re: (Score:2)
Chuck the Lot (Score:3, Insightful)
At VERY minimum, institute scantron (filled in boxes on paper) voting.
Uh, no. (Score:5, Insightful)
Electronic voting machines are in virtually every way superior to paper voting machines.
They prevent you from accidentally submitting an invalid ballot.
They can be updated with a correct ballot much easier than actually printing ballots.
They can more easily accommodate voting by the disabled.
They can randomly display the list of candidates, eliminating the 'first ballot position' advantage.
What does NOT have many advantages, and has several disadvantages, is electronic vote-STORING machines. We definitely don't want any of those. But as long as the voting machine kicks out a voter-readable paper ballot, we don't really even need to know the software it's running. Anything nefarious will be obvious on the ballots.
Re: (Score:2)
Too bad for the trees, how about staying away from McDonald's on election day... there's a lot more environmental damage in a meal there, than a sing
I don't think you understand how this works. (Score:2)
If you are willing to accept a scantron with votes as a ballot, there's no logical reason not to accept a sheet printed by an electronic voting machine as a ballot. The only difference is that one is filled out with a pen and one is filled out with a fancy typewriter.
Re: (Score:2)
Yeah, that's better.
But I don't see that this is any better than a well-designed Scantron (darken-the-box) paper ballot.
Just seems like a way to waste money. And I'm sure that visually-impaired types would rather
handle paper than look at a screen and use a touch screen, or whatever.
Re: (Score:2, Interesting)
The resultant ballot sheet should contain a list of the items that you voted on, with your answer easily readable next to each item (using a machine AND voter-readable font, since hav
Re:I don't think you understand how this works. (Score:5, Interesting)
Machine counting of votes is also sketchy. The big controversies in the 2004 election weren't about direct-recording machines, they were about the automated ballot counting machines. Unless you have a policy in place to require that the paper ballots be retained after scanning (rather than being destroyed) and a way to force a manual recount if *anyone* suspects machine tampering, you really haven't gained anything.
Someone on Slashdot once suggested separating ballot sorting from ballot counting. Put the ballots in a sorting machine and then use a dumb counting machine to count the sorted stacks. That's a much better plan (as long as the counter checks the stack to verify that it's sorted).
Re: (Score:2)
basically, you go in, make your selections on the machine, then when you're done, hit print. out comes 2 copies of your votes, which you can check against what is on screen, then drop one of them in the ballot box and take one home with you. the vote paper would be machine-and-human-readable (ala scantron), allowing for quick tabulation (not as fast as pure electronic voting, but fast eno
Re:Uh, no. (Score:5, Insightful)
It wouldd be most
What I'm subtly alluding to is vote buying/intimidation being possible if you take an official record of your voting behaviours home with you.
Re: (Score:2)
scratch that part of the plan then. it doesn't exist with current paper ballots, which i have reasonable confidance in, so i don't feel it is absolutely nessesary for it.
Re: (Score:2)
Maybe I'm missing something, but... (Score:2)
Um, how would we divert millions of dollars in taxpayer money to our cronies in the electronic-voting industry under this plan?
Unless those are special, patented, electronic pens, which only write in invisible ink that can only be displayed with a special reader, I don't think that plan w
Re: (Score:2)
Everything you complain about is exactly the same as it is now with regular paper machines. Electronic machines that print but do not store are superior to mechanical systems (when done right) and have fewer concerns. Going to a well-designed print-only electronic voting system is an improvement over the best mechanical systems available.
Re: (Score:3, Informative)
Electronic voting machines are in virtually every way superior to paper voting machines.
Um...
They prevent you from accidentally submitting an invalid ballot.
So do precinct count optical scan ballots (i.e. scantron). The way it goes is that you fill out your ballot and then a poll worker scans it through the machine to make sure you have no overvotes or doodles outside of the designated boxes. If you screwed up, your ballot is destroyed and you get a new one and re-vote. This doesn't happen for central count optical scan ballots (where they box them all up and take t
Re: (Score:2)
When I was in junior high, I had a teacher that hated technology. She thought Scantron was the devil's tool. When we took such tests and she ran them through the reader, she would run everything through twice. The way it marked errors, you could see where it marked ones right once and wrong once. I can't recall a single time where there wasn't an error. Who is to say that the calibration in the local devices is the same as the ones doing the o
Re: (Score:2)
You totally failed to understand his "update with a correct ballot comment". And brought in side issues that are not required at all as part of his idea. Yeah, in the CURRENT system they require pre-printed ballots - if they were implement his concept that would not be a requirement. His concept is basically that the 'election' machines would
Re: (Score:2)
Re: (Score:2)
They can randomly display the list of candidates, eliminating the 'first ballot position' advantage.
Both of these could be cheaply achieved by using a computer and printer to print the ballots on the spot at the polling station.
Re: (Score:2)
We spend enough time teaching every US citizen to fill out standardized tests in school that we should be able to expect them to handle a multiple choice ballot. One thing that might help the "multiple mark" problem would be moving to Approval Voting, which also has other advantages.
Re: (Score:2)
They prevent you from accidentally submitting an invalid ballot.
Damn straight! You can do it so easily with some code like this:
public boolean isBallotValid()
{
if (ballot.isRepublicanStraightTicket())
return true;
if (ballot.hasDemocratSelected())
return
Mod +1 Informative, although.... (Score:2)
Re: (Score:3, Insightful)
I don't want to waste my time writing down possibilities that are going to be ignored, so anybody who's curious can just use their imagination on how to defraud a paper ballot based system.
Electronic voting can be secured as much as modern paper ballots - it's not inherently impossible.
Re: (Score:3, Interesting)
Actually, it is inherently impossible for the security properties that matter most for a voting system. Specifically, every voter needs to be able to understand the security of voting process well enough that they can recognize attempts at voting fraud. That's a property that paper ballots that go in ballot boxes can easily have, but is strictly impossible for software installed on a computer.
Consider a 62 y
Re: (Score:2)
with canadian voting, it works quite fine, as you're only deciding on one person (your MP or MLA, for federal and provincial elections respectively), but when you're deciding on the presidant, the judges, the schoolboard, etc. it gets more than slightly confusing and becomes difficult to keep the ballot to a reasonable size and have it remain usable by the visually impaired.
though scantron would b
Re: (Score:2)
Re:Chuck the Lot (Score:4, Insightful)
It would also entirely destroy the concept of an anonymous voting system. One of the important parts of voting is knowing the winning candidate won't be able to track down anyone who didn't vote for them.
Re: (Score:3, Insightful)
To quote from the xDebate wiki [xdebate.org]:
There are other ways to encourage participation (Score:2)
In Australia, all citizens who are eligible to vote must attend a polling place on election day. Anyone who doesn't vote is fined (unless they have a sufficient reason, like illness or injury). Apparently several other countries do the same.
Ref: http://www.australianpolitics.com/voting/systems/c ompulsory.shtml [australianpolitics.com]
This web page:
http://geography.about.com/od/politicalgeography/a
has a discussion of some of the pros and
Re: (Score:2)
Wonderful .... yesterday, I read way too many comments here on slashdot about people railing against the idea of a federal, government-mandated ID ..... and now you're thinking that somebody should need a driver's license to vote?
What the bloody hell does the ability to operate a car legally have to do with somebody's right to vote?
Re: (Score:2)
There is a difference between having to establish that you have the right to vote, and connecting this vote with that person.
Take my case, though
You would be amazed a
That's all well and good, but... (Score:2)
What about paper ballots. (Score:2)
Voting is fun again (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Instead of "Winner Take All", since electoral votes are allocated on the basis of House and Senate representation, I propose:
The winner in each Congressional district receives one electoral vote. The overall winner in each state receives the two votes allocated due to Senate representation.
Re: (Score:2)
Hey, who modded the parent flamebait? It's a reasonable question which should be answered instead of downmodded.
In effect, they're trying that, but without amending the Constitution. (I don't think it will do anything, though. The swing states like the special attention they get, and so I doubt they'll ever follow Maryland's lead. Maryland knows this, so the bill must be symbolic.)
Re: (Score:2)
I'm all for abolishing the electoral college too, but it's not going to happen any other way than this. Getting rid of it completely would take a constitutional amendment, and passing one of those would take the votes of the legislatures of too many small states whose citizens get a disproportionate amount of power in presidential elections under the current system. Any small state that votes to get rid of the electoral college is in essence voting to reduce its own national influence. Maybe one or two migh
Diebold won't comply (Score:2)
Link [eff.org]
Re:Diebold won't comply (Score:4, Interesting)
If they pull out of California because of that, they may as well just quit the election systems game altogether. It's the largest market, and more importantly, when California does significant things, other states very often follow its lead, for better or worse.
Not, mind you, that I'm saying it's a bad thing for Diebold to get out of the market. (Which it's been reported they're considering doing anyway.) Don't let the door hit your ass on the way out, I say to them.
Re: (Score:2)
Diebold was already decertified in California and sued by the state on charges of fraud. I have heard nothing about recertification since then.
And yes, they might as well pull out of the election market. Just today I saw "Diebold" written on an ATM, and couldn't help but lose faith in the ATM.
Re: (Score:2)
Re:Diebold won't comply (Score:5, Informative)
As one of the people involved in the crafting of the North Carolina law and supporting Joyce's lawsuit, I can clarify a bit. We suspect Diebold pulled out of North Carolina not because of the source code escrow issues (which they claim to have complied with in Georgia) but because the CEO of each voting company had to sign a legally binding document saying that the source code his company installed on our machines was the same code that would be placed in escrow and provided to the examiners. On the day this document was due Diebold pulled out of the state, sending a "helpful" letter to the State Board of Elections offering to help "reform" our newly-passed law.
-jdm
Re: (Score:2)
State of California Read This and Save Millions! (Score:5, Insightful)
1) Determine if the voting machine produces a voter-readable, paper ballot.
2) Determine if this ballot is the OFFICIAL voting record.
3) If 1 and 2 are true, then the machine is good. If not, it's not.
There you go. Why do people insist on making easy problems hard?
Re:State of California Read This and Save Millions (Score:4, Funny)
If only there was a way to mark a piece of paper with the candidate's names and then have a box next to each!
And perhaps some sort of paper marking implement to be given to the voter such that they may indicate their choice...
I fear such technology may be beyond us.
Re: (Score:2)
What if they are blind or without hands? Are such voters to be disenfranchised or reliant on helpers?
What if they are of such limited capabilities that they cannot understand the instructions, such as the Florida November 2000 voters could not understand how to punch out cards to vote? Are such people to be disenfranchised?
All a paper ballot is is a test for the voter and we threw out poll tests
Re: (Score:2)
And are able to be operated by people with no hands?
Yah, right. If there are specialised machines for that now then keep 'em, everyone else can put a tick in a box. It's even simpler than punch cards. You use a pen and put a tick in the big black box.
If you can't put a tick in a box because you're too dumb then you shouldn't be breathing, let alone voting.
Re: (Score:2)
You don't understand the problem.
The problem isn't the voters. If all we had to do was throw out the ballots of people who couldn't check boxes correctly, we'd be in good shape. But that's not the case.
The problem is the counters.
Who decides what counts as a ticked box and what doesn't?
Scantrons, checked boxes, punch cards, etc, are not yes/no mediums. They are open to INTERPRETATION. And when you
Re: (Score:2)
Sure. It's far better to force a small percentage of the population to rely on a person of their choice that they trust than it is to require everyone to rely on machines that are inherently untrustworthy.
If people are that incompetent, why would you expect them to be able to operate a computerized voting machine? Not th
Re: (Score:2)
Re:State of California Read This and Save Millions (Score:2)
In any case: As part of the process, each TEV has a printer. At the beginning of the voting period, the election official has to run a "zero-report" showing the machine has zero votes cast. The offi
You're an idiot. Absoltue, complete, moron. (Score:2)
Guaranteeing that the number of votes cast matches the number of votes in the machine DOES NOT GUARANTEE THAT THE NUMBER OF VOTES CAST FOR EACH CANDIDATE MATCH THE NUMBER OF VOTES RECORDED!
Putting yellow tape around a machine does not do a damn thing to guarantee that the software running in the machine is legitimate.
That machine could have software in it that worked fine during any testing phase, then on election day took vote
Re: (Score:2)
And if you have any responsibility for the election process, you should be fired.
Well, fortunately, I don't have any responsibility for elections. I just happen to know some of the people who do and am an advocate for ensuring every person gets their vote counted.
Guaranteeing that the number of votes cast matches the number of votes in the machine DOES NOT GUARANTEE THAT THE NUMBER OF VOTES CAST FOR EACH CANDIDATE MATCH THE NUMBER OF VOTES RECORDED!
Um, no. You are correct. How
stupid... (Score:4, Insightful)
There is only one specification for a secure voting machine, and it is easy to test. There is no need to see the source code. If the machine meets the spec, it is a secure voting machine. Otherwise, it is not, and should not be certified.
Here is the specification:
1. The voter votes on the machine.
2. The machine prints out a ballot.
3. The voter checks the ballot for accuracy, then deposits it in the ballot box.
4. Ballots in the box are tallied for the official vote count.
Simple, easy, secure, reliable, and recountable. There is no need to see any source code.
A voting machine which doesn't meet this spec is not secure. It doesn't matter how many times you check the source, the machine will still not be secure. An "open source" voting machine which does not meet this spec is not secure.
Re: (Score:2)
You forgot a few key bullets to name a few:
1a) Only a valid voter may vote
3a) the ballot matches the vote that is recorded internally and wasn't spoofed to the printer
4a) the storage method, accounting method, global upload, global tally are all secure
Re: (Score:2)
This is not checked by machines today in any precinct that I know of. I see no reason to hand this responsibility to a machine.
3a) the ballot matches the vote that is recorded internally and wasn't spoofed to the printer
I think you misunderstand the design. There is no vote recorded by the machine. The only tally that counts is the tally of the printed ballots.
4a) the storage method, accounting method, global upload, global tally are all secure
Again, this isn't done by loca
Re: (Score:2)
Also, you might want to check for security problems in the code. Yes, the printed ballot should be checked by the voter before accepting, but not every voter is perfect. It's nice to have multiple levels of error checking for some
Re: (Score:2)
If the machine is outputting a paper ballot, how it produces that ballot is completely irrelevant.
Talking about source code is just a distraction from the important thing: the voter can visually see what vote they're casting.
Re: (Score:2)
And if you can walk into a voting machine booth, push a magic button combination, and cause it to print 200 paper ballots for your candidate, is it still irrelevant?
(Remember that many of these machines store the paper ballot internally like a receipt spool, visible through a glass plate, and thus it does not have to be "handed in".)
Re: (Score:2)
That's not acceptable, because it prevents an election observer from detecting fraud.
Re: (Score:2)
This is just one of the many reasons why it is a complete and utter waste of time to check the source code. Even worse, the source code is a distraction from the real issue, which is security.
Re: (Score:2)
Yes there is. You compile the source yourself and then check the hash of the resulting binary against that in the machine.
Geez, I thought that slashdot was the home of computer-literate people.
Re: (Score:2)
Ever heard of a root kit? You can't trust anything displayed on a computer screen.
Re: (Score:2)
That's not strictly true. If you built the whole computer system from the transistors up through the software by hand then you, personally, can trust the computer - as long as you've never let it out of your sight.
Re: (Score:2)
Re: (Score:2)
Sure there is. You inspect the code yourself. You compile it yourself. You load it on a flash drive yourself. You put that flash drive in the voting machine yourself (with a read-only switch on the flash drive) and physically secure the machine.
I don't get the "here's what we tell you we will be putting on it later" syndrome. If security is important, then don't let the
Re: (Score:2)
Who is "them"? And who is this mythical person that can be trusted with the software for every voting machine in the country? I mean, I know *I* can be trusted, I just think I'll have trouble hitting every precinct before the polls open on election day. I'm not Santa Clause.
I don't trust anyone, and I don't trust any machine that I see to not be already cracked and rootkit'd before I get there. These are not unreasonable assumptions if you are desig
Re: (Score:2)
Obviously, the people that made and submitted the code. It was clear from the context.
I don't trust anyone, and I don't trust any machine that I see to not be already cracked and rootkit'd before I get there.
Tell me the flaw in my scenario. The OS runs from a removable flash drive. You make and insert the flash drive yourself. So, do you not trust yourself? Since you are so distrusting of others, I can only presume you are not trustworthy yourself. So maybe that isn't so far fetche
Re: (Score:2)
Re: (Score:2)
I'm sorry. I presumed that because you were able to figure out how to type and use a computer that you had the ability to form coherent thoughts. Apparently, I was in error. Please read what I wrote, not what it is that you think I really meant, nor how you think it could be twisted into something that wouldn't work.
I'll give you a hint. You said you wouldn't trust *any* machine. I stated how you could trust a machine. You apparently can fin
Re: (Score:2)
Re: (Score:2)
Voting machines are irrelevant. The real issue is voting protocol security, and the presence or absence of a voting machine shouldn't matter if the protocol is secure. The best protocol I know of for use by non-mathematicians involves a directly visually verifiable physical ballot and a physical ballot box - how the ballot is produced is irrele
Re: (Score:2)
*yawn* (Score:2)
Support Open Voting (Score:2)
This guy [openvotingconsortium.org] (Alan Dechert) is active in CA and needs your help. I've ponied up some dough; please join me.
He's speaking at the Red Hat Summit [redhat.com] today!
Dems vs GOP (Score:2)
Is it because the companies that make the current crop of machines are somehow perceived (or in actuality) in the pocket of the Republicans?
I wonder. . . (Score:2)
If you expose voter fraud, then you become a hero. And everybody wants a hero for president.
I wonder how this game of Illuminati will play out? I wonder if it even matters at this point, what with the sky starting to fall and all that.
-FL
Re: (Score:3, Informative)
Secretary of State is an elected position in California, and Debra Bowen got elected last November, so she hasn't been in place long. Previously she was in the state assembly and then state senate, where she was one of the influential people on open government, open records, and privacy issues, and made a big issue of doing something about the voting machine problems. I gather there are other issues where some people passionately hate her, but for the most part she's been vie
Re: (Score:2)
False, It's possible to see that a ballot box is empty, and someone watching the ballot box can tell if it's being stuffed. You can't observe digital votes directly at all, so there's no way to know what they are.
False, an observer can easily spot these attacks.
The UK can't quite get that to work .. (Score:2)
The problem lies in authenticating the ballots, and ensuring the counting is done properly as well. The postal system has multiple points of failure, for example "lost" post from certain demographics - a technique apparently used in the US elections to control the results in some states. Works better by mail, I guess, all you need is to control the sorting..
So, maybe you need to revise the Ohio results too?
Not a problem, just send me the results when you're done. By post