Punchscan Wins Open Source Voting Competition

An anonymous reader writes "Punchscan emerged victorious at the open source university voting systems competition, VoComp. For their efforts, they will receive the US$10,000 prize provided by ES&S (which has recently been named in a scandal in Florida). The second-place team put up a good fight: 'Per Ron Rivest, one of the contest's judges, the runner-up team, the Pret-a-Voter team from the University of Surrey in the UK, gave Punchscan a tough run for the first-place money until the Punchscan team dug through Pret-a-Voter's source code and found a significant security flaw in their random number generation. Oops.' It will be interesting to see if these systems ever make it into the mainstream. Kudos to ES&S for showing their forward thinking in this area, as the other voting machine vendors, such as Diebold, did not support the competition."

So

A system with a significant flaw in security comes second?

Re:So

What do you expect, when one with an undocumented number of security flaws is marked for real-life use?

But an interesting competition. Puts responsibility back in the way people write their code, not license it and hide behind the legalese.

Open source, crypto, and random numbers

Well, this flaw found in the second place team's code is the perfect example of why e-voting software should be open source. If it was hidden, odds are that flaw would never be discovered; and might not require a deliberate attack to cause problems in the

Why do they use a random number generator?

Does this explain the last two presidential elections?

Re:

Without knowing the specifics of the system, I'd guess it's probably used as some part of an authentication token. You want to make sure that you can verify that the printed paper receipts correspond to a vote, but you don't want to give away the voter's

Re:

No, if the president was truly selected randomly [stochasticracy.net], then a second-party candidate might have won.

The only problem I see with this

The only problem I see with this system, as it was with the hanging chads, is that people with poor vision or low brain power will be easily confused by the way the choices are out-of-order. Maybe they could use colored letters to make it easier to match them up, or even use pictures, e.g. a dog for Clinton, a snake for Giuliani.

Re:

They were already using that in Shakespeare's time: "The Cat, the Rat and Lovel the Dog, rule all England under the Hog."

Irrelevant

To quote a now dead, but once very powerful man: "He who votes decides nothing. He who COUNTS the votes decides everything."
It's charming to see people coming up with Open Source voting and other governmental tools, but extremely naive to think that they

Re:

Even more disturbing...how will we know if they're implementing an open source system? If a voting machine is a black box, it wouldn't exactly be easy to determine whether or not the source code originates from an open source system.

Oversight

It's called oversight. Punchscan makes it easy for every single voter to ensure that the items they marked are exactly what was entered into the database. People can even download large randomly-selected chunks of the database to help ensure integrity. Read Wikipedia [wikipedia.org] for more of the security features.

Re:

I was referring more to a GPL violation, or whatever license the code is distributed under. If you can't see the code, how do you know what system it is?

Re:

It's charming to see people coming up with Open Source voting and other governmental tools, but extremely naive to think that they'll ever be implemented.

Well, if users could verify that their vote was accurately counted, doesn't that kind of undermine th

Re:

Yeah yeah, and we may as well throw in "A witty saying proves nothing" from Voltaire.

In this case, however, the words were backed by real action. Comrade Joe was indeed the one counting the votes, and he did in fact end up deciding everything in his nation

And let me guess

It was a pharoh who said to take everything with a grain of salt?

More publicity for OSS voting machines, please.

We need more than preaching to the choir - everyone should link to this from their blogs, post it as a bulletin to their friends on Myspace, etc. etc. etc.... the more people hear about these things, the more likely it will be that we actually start using OSS-based voting machines on a large scale.

3 2 1, GO!

Re:

Hearing is not caring.

Re:

Hearing is exposure. Don't underestimate exposure. Ever heard of the saying, "Even bad publicity is good publicity?"

Re:

Hearing is not caring.

How can not hearing ever lead to caring?

Re:

I love OSS as much as the next Slashdotter, but I'm not sure it's a panacea here.

As long as the system relies on software, rather than something that can be physically verified, to actually tally votes, then you are at the mercy of the software. And that i

Re:

Did you RTFA? You can verify your votes at a later time online with your vote tally. This is a major element in verifying election integrity. Sure, it isn't perfect - but what truly is? We're always chasing after a better solution, and this is definitely a

Re:

OSS based machine doesn't solve anything. How can you be sure that the published source is the one being used by the machine ? I am sorry, I see no way of doing this with an electronically programmable machine.

Re:

We do it in Canada, and since counting ballots scales perfectly well, no matter how many people you have, there are no problems. The more ballots you have to count, the more people you have to count the votes, the more people you have to watch the countin

Was it a fair competition?

After seeing the machines, the 6 judges cast their votes electronically. The votes were 2 for Pret-a-voter, 3 for Punchscan and 107,345 for Diebold.

But...

How did they count the votes to determine who won?

I wish I had heard about this earlier

I would like to have had the chance to put my mailclad.com idea into the running on that one.

Anyhow I need to actually get my code up on sourceforge first I guess.

Anyone want to help get this thing off the ground.

John

This is Not^w Just an exercise....

In the North Carolina case, ES&S attributed the problem to a software glitch that caused the machines to falsely sense that their memories were full. Although the machines allowed voters to continue to cast ballots, the votes were not recorded.

I gue

OSS is the *only* option for this

For something that is literally the heart of democracy, i.e., voting, proprietary systems are anathema. May Diebold act in accordance with its name, dying a bold and noble death, in searing flames....

Diebold Afraid to Compete vs Superior Products

as the other voting machine vendors, such as Diebold, did not support the competition.

Of course they didn't support it. The first or second place projects in the competition are both better than the crappy voting system marketed by Diebold and they are *free*. If your competition is free and it is better then you are in a world of hurt. Diebold is the classic example of a company which didn't make a very good transition of expertise in physical real world security products to software products.

Color me unimpressed

While the Punchscan system appears to resolve the problems of auditability and vote tampering quite well, the issuance of a ballot receipt - no matter how indirect - allows verifiable vote buying.

The system also does not resolve one of the key points of HA

Re:

Thank you for posting one of the more coherent comments in this thread.

Even more unimpressive is the dramatic lack of understanding of the complexity of various state's laws with regard to voting (for example, many states require specific and repeatable ca

Call me cynical, but ...

... my first thought was, "So what kind of voting machine did they use to count the votes for best voting machine? Was is the Punchscan machine?"

What exactly was the point?

So, the free and open source solution has won a competition. Is the point now to somehow compel Diebold to seriously consider actually using this open source solution?

Re:

So, the free and open source solution has won a competition.

Well, the competition was only open to free and open source solutions. So that's not the important part.

Is the point now to somehow compel Diebold to seriously consider actually using this open source solution?

Presumably, the point is that the publicity will let everybody know that a free, open source solution actually exists. It doesn't matter if Diebold ad

Significant Security Flaw

``a significant security flaw in their random number generation''

Inquiring minds want to know: what was the flaw?

Re:How can reciepts ever work?

"Any random voter could go home and make a fake receipt to claim the results were tampered with."

TFA explains how that would be pointless, since the pairing of letters with names is different on each form. The receipt doesn't tell you anything about who you voted for, only what letters you chose. And if their point was to try to change an election, they would need a large group of people to be in on it to guarantee their desired outcome, and the larger the group, the more likely their fraud would be to be exposed.

Re:

Well since they used a random number generator, I assume that there is a cryptographic reason that they can't forge the receipt as well ...

Re:

And if their point was to try to change an election, they would need a large group of people to be in on it to guarantee their desired outcome, and the larger the group, the more likely their fraud would be to be exposed.

More to your point, if you could

Re:

Sure, you could combat that by keeping record of which ballots, with their identifying numbers, were passed out, but if you're going to tamper with the election results, you could delete the vote from the count and the list, then when the voter complains t

Re:public key techonology

Voters would be able to see that their vote counted in the right direction, and unless someone else knows your private key, nobody would be able to tell who you voted for.

That "unless" part is the biggest problem with this approach. Digitally signing the ballot eliminates the anonymity of it. On measures that are controversial or highly contentious (stem cell research, gay marriage, abortion, legalization of drugs, to name a few), people need to be able to cast their votes without fear of reprisal or being ostracized be their community. If I'm digitally signing my ballot, that creates a solid link between me and my votes, which may make me reluctant to vote in ways that don't conform with the views of my neighbors.

Of course, the Government has a solid reputation of keeping secrets, so there's no chance that the ballot data could be stolen [newsnet5.com], hacked [virginia.edu] or otherwise compromised [stltoday.com], or have their contents improperly made available to the general public [pcworld.com]. And encryption never [slashdot.org], ever [slashdot.org] gets cracked. And the public would never fall for any tricks to get them to divulge their passphrase or surrender their key (for example, a phishing site claiming to be a Voter Verification Portal). Nope, the security here is 100%, nothing to worry about, just go about your business....

Re:

Digitally signing the ballot eliminates the anonymity of it

Not so, fortunately. Think about it. You can verify a signed object against a public key without knowing who owns the corresponding private key. There is nothing in the key pair itself which c

Re:

Not so, fortunately. Think about it. You can verify a signed object against a public key without knowing who owns the corresponding private key. There is nothing in the key pair itself which carries identity.

Of course, someone know who owns the correspond

Re:

unless identity is not provided in order to have the key issued, or the key and the provided identity are never connected in the process

Exactly, like a double blind.

Civic duty?

The if the fear of the unlikely chance of voter key compromise is reason enough to put you off on voting freely we've already lost.

Re:

Every registered voter has a public / private key.
Votes are digitally signed by the voters.
Then after the election (or during), the signed messages are posted online.
Voters would be able to see that their vote counted in the right direction, and unless som

Re:

Someone issued your public/private key combo, and probably required your identity when they provided it to you. That someone knows your private key.

Not necessarily. The voting machine can generate the key pair, and sign it with its own certificate. Then it gives you the private key in a printout. The machine doesn't need to know who's voting at it, just that it is some voter.

Re:

And then after the election, cousin vinnie comes along and says "ok, now you prove that you voted for uncle enzo, or I break your kneecaps". Since you do have a method of proving who your vote was for, you're kinda stuck...

This is exactly right. I can force you to surrender your private key. What if you refuse? My, eh, associates will break your legs.

How can I verify that the private key you provide is actually yours? Your odds of randomly guessing a valid private key are t

Re:

Punchscan handles this scenario. It means you can prove that you voted for A, A, D and C (and validate that this set of votes was counted correctly) -- but you can't prove who option A on item #1 was on your ballot (as opposed to someone else's ballot), so

Re:

So if all I can verify is that I voted for A, A, D, and C, then how can I actually verify that my vote was counted correctly. I'm not sure of all the details of the system, but it seems to me like it would be possible to show someone a scanned image of th

Re:

So if all I can verify is that I voted for A, A, D, and C, then how can I actually verify that my vote was counted correctly.

Read the wikipedia article describing Punchscan; my previous post was an oversimplification. Punchscan actually creates two compone