Punchscan Wins Open Source Voting Competition 98
An anonymous reader writes "Punchscan emerged victorious at the open source university voting systems competition, VoComp. For their efforts, they will receive the US$10,000 prize provided by ES&S (which has recently been named in a scandal in Florida). The second-place team put up a good fight: 'Per Ron Rivest, one of the contest's judges, the runner-up team, the Pret-a-Voter team from the University of Surrey in the UK, gave Punchscan a tough run for the first-place money until the Punchscan team dug through Pret-a-Voter's source code and found a significant security flaw in their random number generation. Oops.' It will be interesting to see if these systems ever make it into the mainstream. Kudos to ES&S for showing their forward thinking in this area, as the other voting machine vendors, such as Diebold, did not support the competition."
So (Score:2, Funny)
Re:So (Score:5, Insightful)
But an interesting competition. Puts responsibility back in the way people write their code, not license it and hide behind the legalese.
Open source, crypto, and random numbers (Score:2, Insightful)
There is a strong correspondence between e-voting and encryption technology. The assumption for all encryption technology is that evesdroppers will always know your method (i.e., the source code), so instead you make that knowledge useless by using
Why do they use a random number generator? (Score:4, Funny)
Re: (Score:3, Insightful)
Re: (Score:2)
How can reciepts ever work? (Score:1, Interesting)
Re:How can reciepts ever work? (Score:5, Informative)
TFA explains how that would be pointless, since the pairing of letters with names is different on each form. The receipt doesn't tell you anything about who you voted for, only what letters you chose. And if their point was to try to change an election, they would need a large group of people to be in on it to guarantee their desired outcome, and the larger the group, the more likely their fraud would be to be exposed.
Re: (Score:2)
Re: (Score:3, Insightful)
More to your point, if you could organize that many people to swing the vote a certain way, couldn't you have just gotten those same people to vote your way at the start without any fraud?
Re: (Score:2)
You can make a copy of each receipt at the polling place and give it to one or more trusted third parties (e.g. the League of Women Voters, or the ACLU (supposing for the moment that none o
The only problem I see with this (Score:5, Funny)
Re: (Score:3, Interesting)
Re: (Score:1)
Irrelevant (Score:2, Insightful)
It's charming to see people coming up with Open Source voting and other governmental tools, but extremely naive to think that they'll ever be implemented. Even if they make their way into governmental dialog, they'll be co-opted by Diebold, et.al. in the 11th hour before any policy is changed.
Re: (Score:2)
Oversight (Score:5, Informative)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
In this case, however, the words were backed by real action. Comrade Joe was indeed the one counting the votes, and he did in fact end up deciding everything in his nation.
And let me guess (Score:2)
Re: (Score:2)
Well, if users could verify that their vote was accurately counted, doesn't that kind of undermine the purpose of staging an election?
Counting Methods (Score:2)
Quite true. At least we can get a fair count with this system, or a verifiable count. I expect an OSS system would be first used by small towns in low tax areas. Chaum's desire for licensing revenue could scuttle the whole ship, though. Can somebody please give him a grant to keep him happy? He's done good work, but a patent on this kind of think can do bad things for democracy.
Spe
More publicity for OSS voting machines, please. (Score:5, Insightful)
3 2 1, GO!
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
As long as the system relies on software, rather than something that can be physically verified, to actually tally votes, then you are at the mercy of the software. And that is a problem. Even if the code is available, you still have a long way to go. You have to ensure that the code that's running on every one of the voting machines is actually the source code that's available. And you have to have a completely clean, verified
Re: (Score:2)
How about redundancy...I think we can all agree that the more independent, distributed systems that are in place to verify voting integrity, the better. It's hard to hack 10 separate systems to change voting res
Re: (Score:2)
Elections and democracy are about people, I absolutely can not understand why some governments are so desperate to get people out of the system, it should be driven as an inclusionary process, is it fundamentally the most important part, the ultimate defining act of any democracy.
Sure you might have el
Re: (Score:2)
Re: (Score:1)
A point well made, but not made nearly often enough.
People will complain that it's impossible to individually count ballots, by hand, on a single day, using nothing more than volunteer labor, despite the fact that they are all individually cast, by hand, on a single day, using nothing more than volunteer labor.
Re: (Score:3, Insightful)
Re: (Score:2)
Link to more info [folketinget.dk] (in English).
Re: (Score:2)
public key techonology (Score:1, Interesting)
Every registered voter has a public / private key.
Votes are digitally signed by the voters.
Then after the election (or during), the signed messages are posted online.
Voters would be able to see that their vote counted in the right direction, and unless someone else knows your private key, nobody would be able to tell who you voted for.
The non-digital analog to this went something like this. Th
Re: (Score:1, Insightful)
The solution to high-tech fraud is not "make low tech fraud easy". We've seen this sort of low tech fraud in the past; while scale problems make it hard to pull off for president, it's common in smaller-scale elections.
Moreover, a fraudster now just has to be careful to not change votes
Re: (Score:2)
Bloody hell, people, learn how this works before you trash it.
Re: (Score:2)
Re: (Score:2)
Read the wikipedia article describing Punchscan; my previous post was an oversimplification. Punchscan actually creates two components to a vote's record; the voter can select either one to be used to count them (and act as their receipt), whereas the other one is shredded. Both pieces tell whether the voter selected the first, second, third or fourth punch; one additionally tells whi
Re: (Score:2)
Re: (Score:2)
Well, I guess that's where the "appeal to authority" approach kicks in. Your average high-school-education individual doesn't need to know how it works; they need to know that it works, and how to do their part in validation (if they're so incined). (The whole "university degree in software engineering" doesn't go that far with me, btw -- when spending time in the ivory tower myself, I was astounded at th
Re: (Score:2)
And then after the election, cousin vinnie comes along and says "ok, now you prove that you voted for uncle enzo, or I break your kneecaps". Since you do have a method of proving who your vote was for, you're kinda stuck...
This is exactly right. I can force you to surrender your private key. What if you refuse? My, eh, associates will break your legs.
How can I verify that the private key you provide is actually yours? Your odds of randomly guessing a valid private key are terrible, but it's trivial to verify that a private key is valid for some ballot. I can brute-force check every signed ballot against your private key.
If one of them does match, and the matching ballot shows that you didn't vote for my guy, my associates wi
Re: (Score:1)
Re:public key techonology (Score:4, Insightful)
That "unless" part is the biggest problem with this approach. Digitally signing the ballot eliminates the anonymity of it. On measures that are controversial or highly contentious (stem cell research, gay marriage, abortion, legalization of drugs, to name a few), people need to be able to cast their votes without fear of reprisal or being ostracized be their community. If I'm digitally signing my ballot, that creates a solid link between me and my votes, which may make me reluctant to vote in ways that don't conform with the views of my neighbors.
Of course, the Government has a solid reputation of keeping secrets, so there's no chance that the ballot data could be stolen [newsnet5.com], hacked [virginia.edu] or otherwise compromised [stltoday.com], or have their contents improperly made available to the general public [pcworld.com]. And encryption never [slashdot.org], ever [slashdot.org] gets cracked. And the public would never fall for any tricks to get them to divulge their passphrase or surrender their key (for example, a phishing site claiming to be a Voter Verification Portal). Nope, the security here is 100%, nothing to worry about, just go about your business....
Re: (Score:2)
Not so, fortunately. Think about it. You can verify a signed object against a public key without knowing who owns the corresponding private key. There is nothing in the key pair itself which carries identity.
And if you make use of a certificate infrastructure, you can verify that the public half of the key pair was signed by an authority whose identity you do know.
Certificates can be used to carry many sorts of identity, including anonymize
Re: (Score:2)
Of course, someone know who owns the corresponding private key, unless identity is not provided in order to have the key issued, or the key and the provided identity are never connected in the process.
Even the threat that they might be connected covertly by government could have a distorting effect on
Re: (Score:2)
Exactly, like a double blind.
Civic duty? (Score:2)
Re: (Score:2)
Someone issued your public/private key combo, and probably required your identity when they provided it to you. That someone knows your private key.
Re: (Score:2)
Re: (Score:1)
Someone issued your public/private key combo, and probably required your identity when they provided it to you. That someone knows your private key.
Not necessarily. The voting machine can generate the key pair, and sign it with its own certificate. Then it gives you the private key in a printout. The machine doesn't need to know who's voting at it, just that it is some voter.
As it has been mentioned before in many threads, anytime the ability is given to verify your vote at a later time opens the ability for fraud as well. Examples include a candidate (or supporter) offers cash for every verifiable vote, or an employer requiring proof to keep ones job.
I think the best solution I've heard is that the voting machine does nothing more than prompt for votes and then print the ballot in clear text with the selections marked showing the votes placed that the voter can verify visual
Re: (Score:2)
This is true in many cases, but its quite possible to have a system where the voter has the information to verify their vote, but no one else can with any certainty verify the voters vote, even with the voters receipt. Of course, such a system necessarily cannot be used to by the voter to challenge the results if their is fraud, it can only provide personal
Re: (Score:2)
Having said that, I'm not sure if his system doesn't suffer from the same problem.
On the other hand, the system you proposed can fail in ways that Chaum's can't. For example, your private key could be obtained by a malicious party, or they could coerce you into proving whom you voted for.
Was it a fair competition? (Score:5, Funny)
When Lousiana upgrade our voting machines... (Score:2)
Don't believe all the bad things you have read about Lousiana politics. In all reality, it is much much worse!
UMBC FTW (Score:1)
Re: (Score:1)
But... (Score:3, Funny)
I wish I had heard about this earlier (Score:2)
Anyhow I need to actually get my code up on sourceforge first I guess.
Anyone want to help get this thing off the ground.
John
This is Not^w Just an exercise.... (Score:2)
I guess they figured that, for PR reasons, it was better to silently throw out votes than inform the voter that the ballot box was stuffed^w full.
OSS is the *only* option for this (Score:2)
Diebold Afraid to Compete vs Superior Products (Score:3)
Of course they didn't support it. The first or second place projects in the competition are both better than the crappy voting system marketed by Diebold and they are *free*. If your competition is free and it is better then you are in a world of hurt. Diebold is the classic example of a company which didn't make a very good transition of expertise in physical real world security products to software products.
Re: (Score:1)
Color me unimpressed (Score:2, Insightful)
The system also does not resolve one of the key points of HAVA - which, while deeply flawed, addresses some very deeply held concerns of disabled voters. That problem is one of ballot access - Punchscan is not disabled-friendly.
Re: (Score:1, Informative)
Re: (Score:2)
Re: (Score:2)
Even more unimpressive is the dramatic lack of understanding of the complexity of various state's laws with regard to voting (for example, many states require specific and repeatable candidate ordering), and the lack of understanding of how easily the average voter is overwhelmed by the least complexity (many voters are barely able to follow the simplest instructions such as "Vote for One," and "Mark only in the oval").
A system that resu
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Punchscan does not address physical handicaps; people with CP, MD and other severely disabling diseases cannot use paper systems - they have to have computer-assisted voting if they want to vote on their own without assistance.
Braille doesn't assist with ballot verification. How do you know your ballot was just marked? Ballot receipts are not a secure answer, and they only work if you check up after the election is over.
Call me cynical, but ... (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
And remember... (Score:1)
What exactly was the point? (Score:2)
Re: (Score:2)
So, the free and open source solution has won a competition.
Well, the competition was only open to free and open source solutions. So that's not the important part.
Is the point now to somehow compel Diebold to seriously consider actually using this open source solution?
Presumably, the point is that the publicity will let everybody know that a free, open source solution actually exists. It doesn't matter if Diebold adopts it, or somebody else, so long as somebody does.
Re: (Score:2)
Re: (Score:2)
Significant Security Flaw (Score:2)
Inquiring minds want to know: what was the flaw?
Re: (Score:1)