Become a fan of Slashdot on Facebook


Forgot your password?

Paper Trails Don't Ensure Accurate E-Voting Totals 363

An anonymous reader writes "In an new report from the Information Technology and Innovation Foundation they say that paper trails increase costs and can actually reduce the chances a voters' choices are accurately counted. Congress is considering a 'Voter Confidence and Increased Accountability Act of 2007,' which would mandate 'voter-verified' paper audit trails."
This discussion has been archived. No new comments can be posted.

Paper Trails Don't Ensure Accurate E-Voting Totals

Comments Filter:
  • What do you expect ? (Score:5, Informative)

    by foobsr ( 693224 ) * on Friday September 14, 2007 @05:29AM (#20600775) Homepage Journal
    The rest of the board is similar (link []).

    "Rhett Dawson is President and CEO of the Information Technology Industry Council (ITI). Immediately prior to being selected as President of ITI, Dawson was Senior Vice President of Law and Public Policy for the Potomac Electric Power Company. In the Reagan administration, Dawson was Assistant to the President for Operations. At the White House, he managed the staff and decision-making process for President Reagan and was responsible for three White House support units: the White House Office, the Office of Administration, and the White House Military Office. He also was Executive Director of two presidential commissions, the President's Special Review Board (the Tower Board) that investigated the Iran-Contra matter, and the President's Blue Ribbon Commission on Defense Management (the Packard Commission). During the 1980s Dawson was a partner in two Washington law firms. Earlier in his career, he was Staff Director and Chief Counsel for the Senate Committee on Armed Services, Minority Counsel for the Senate Committee to Study Governmental Operations with Respect to Intelligence Activities (the Church Committee), and Minority Counsel for the Joint Committee on Defense Production. He is a member of the statutory Commission on National Guard and Reserve, and he is Vice Chair of the State Department's advisory committee on International Communication and Information Policy. Dawson received his undergraduate degree from Illinois Wesleyan University, where he was recognized in 2001 as the Alumni of the Year. He was awarded his law degree from Washington University."

    • by JoelKatz ( 46478 ) on Friday September 14, 2007 @05:39AM (#20600821)
      I would have much more confidence in a cryptographic scheme that makes it effectively impossible for a voting machine to cheat. This is not all that difficult to accomplish and the necessary design criteria are widely available in the literature. A paper trail doesn't really help.

      The basic idea (and I'm oversimplifying, I apologize) works like this:

      1) You go to vote. You are shown a voter ID number on the screen. You are welcome to write it down if you wish.

      2) You select your candidate of choice. If you wish, you are given a paper receipt providing cryptographic proof that the voter ID you were shown in step 1 voted for the candidate you chose.

      3) If anything goes wrong in steps 1 or 2, complain loudly and immediately. This is equivalent to you not being allowed to enter the voting area or a machine displaying a candidate other than the one you pushed.

      4) If you wish, you may opt to receive copies of paper receipts of other votes for other candidates too. (So that someone can't demand to see your receipt to prove you voted for a particular candidate, since you can get a receipt of someone else who voted for any candidate.)

      5) When the results are publicized, the total number of votes is checked against the total number of voters. Any voter with a paper receipt not on the final tally knows their vote wasn't counted. (Though they can't prove it was their vote, of course, they can prove that *a* valid vote wasn't counted.)

      6) The receipts can be scannable with barcode and groups may, if they wish, stay outside of voting areas and ask voters if they may scan their receipts. A church group, for example, could make sure all of its members votes are counted this way, though they could never be truly sure how each member voted.
      • Vote counting 101 (Score:5, Insightful)

        by TapeCutter ( 624760 ) on Friday September 14, 2007 @06:01AM (#20600913) Journal
        "I would have much more confidence in a cryptographic scheme that makes it effectively impossible for a voting machine to cheat. This is not all that difficult to accomplish and the necessary design criteria are widely available in the literature. A paper trail doesn't really help."

        There is just one simple, practical, logical rule for machine assisted voting that anyone need remeber:

        A machine that prints your choice is at worst a waste of money, a machine that counts your choice is at best a waste of money.
        • Re: (Score:2, Insightful)

          by JoelKatz ( 46478 )
          A printout at best proves that your vote was counted. At worst, it's ignored or lost. Cryptographic proof that your vote was counted is superior to a printout in every imaginable way.

          How is your vote being printed on a piece of paper that might get lost, ignored, misread, or replaced with another better than a cryptographic receipt that must appear on the final tally or you can prove conclusivley that a validly cast vote was not counted?
          • by TapeCutter ( 624760 ) on Friday September 14, 2007 @08:00AM (#20601581) Journal
            "How is your vote being printed on a piece of paper...."

            The basic protocols of manual counting have been tried and tested for well over 100yrs. They are not perfect and are suscepible to "retail fraud" (eg: box stuffing, stand over tactics, ect), ANYTHING that can tie an individual to a particular vote opens the door to stand-over merchants. What is worse is that ANY counting machine is suceptible to "wholesale fraud" (eg: one person + one point of attack = flip an entire election any way you want).

            The old fashion system is fast, efficient, auditable, well understood and extensively tested - most importantly the human counters MISTRUST each other by design. Before you reinvent the wheel try googling for "election observers" or "secret ballot".
            • Re: (Score:2, Insightful)

              Which is exactly why any electronic vote needs a paper trail. If there's any suspected election tampering, the paper votes can always be counted by hand.

              Paper voting is by and large the most secure form of voting in existence. But if we must have electronic results, then we must have a paper trail.

              No matter what level of security you apply to the system, it can and will be defeated. As long as everyone checks their paper ballot before turning it in, it doesn't matter how it gets printed, just that it doe
          • by Moraelin ( 679338 ) on Friday September 14, 2007 @10:13AM (#20602803) Journal
            Ok, let's say you receive your crypto token, and can prove at any point that your vote was counted all the way to the grand total.

            Also remember that it's not enough to hold on for it for 5 minutes. You must hold on to it all the way to the recounts, at least. If you just prove before leaving that the machine still has your vote, then there's not thing to say someone can't flip the votes in the database later.

            The problem is this: any proof of how you voted, can be used for electoral fraud by itself. E.g.:

            - Someone else can demand that proof that you voted for their candidate, or else. Let's say Don Corleone, the respectable head of the local mafia group, is running for mayor. If you have your ticket that you can check at a terminal, then so can Don Corleone's goons for you. It makes an electoral racket as simple as a protection racket. You know, you only have one kneecap in each leg, it would be a shame if that were to change. Show your ticket proving that you voted for Don Corleone, and you have our "protection" so it doesn't.

            - Outright buying votes. Let's say I've won the lottery jackpot and want to be governor. Or just mayor. It's as this: everyone who shows me a ticket proving that they've voted for me, gets 100$, no questions asked. (And I'll store the crypto token on a database of my own, of course, so several people can't come with the same ticket.) In fact, let's turn up peer pressure a notch: if you can also prove that your spouse (if applicable) and at least one parent or child of voting age also voted for me, you get an extra 100$. You know, just to have old retired moms call their sons and do the "you won't even do that for me?" sobbing act.

            - Pure social pressure. E.g., if you're a student still living with your parents, whoppee, they can control who you voted for. You know, under the old principle of, "as long as you're in _my_ house, you'll do what _I_ say, young man. Now let's go to a terminal and you'll prove to me that you voted as I told you to." E.g., if you want to keep working at my office, better "voluntarily" prove that you voted for my favourite candidate.


            Yeah, I'm sure _you_ would bravely stand your ground, stick to your ideals, and never betray the sanctity of the free democratic voting. Maybe. But considering that elections have been won by a 0.1% lead before, the funny thing is: you don't need to get _everyone_ to cooperate.

            Some of those aren't even easy to legislate against. E.g., how would you legislate against parents demanding to see their 21 year old son's ticket?

            So, no. Please don't do that. The important thing about votes isn't just that they're counted, but also that they're secret and hard to influence. The moment all that remains is that they're counted, but someone can easily influence the voters and/or check what they voted... well, you might as well not bother pretending it's a democracy any more.
      • by foobsr ( 693224 ) on Friday September 14, 2007 @06:06AM (#20600931) Homepage Journal
        My opinion is that there is no 'secure' e-voting system.

        I also do not see any reason to abandon paper-based voting, which still is not 100% secure, but much more difficult to 'hack' due to transparency by distribution of control.

        • Re: (Score:2, Interesting)

          by JoelKatz ( 46478 )
          "My opinion is that there is no 'secure' e-voting system."

          I think we can all agree that there is no secure paper voting system. The paper votes can either not lost can be replaced with other pieces of paper.

          "I also do not see any reason to abandon paper-based voting, which still is not 100% secure, but much more difficult to 'hack' due to transparency by distribution of control."

          How is paper based voting more difficult to hack than a cryptographically signed, publically available "receipt" for each vote? Pi
          • by TheRaven64 ( 641858 ) on Friday September 14, 2007 @07:58AM (#20601561) Journal

            A cryptographic receipt cannot be lost, because you can then prove it's not in the final tally.

            I might be able to prove it's in the final tally. You, too, might be able to prove it's in the final tally. 99% of the voting population, however, have not studied cryptography and would have to rely on an expert to check their vote (and, of course, such a system would have to be designed to make it impossible for the voter to prove to someone else which way they voted).

            An election is only democratic if the electorate is able to trust it. If I have a magic wand I wave and then pronounce the results, it doesn't matter if I am 100% accurate, because no one will trust it. And they shouldn't trust it, because there is nothing stopping me from simply making up the result.

            In a paper election, anyone who doesn't trust the system can observe the entire procedure. They can watch the ballot box, from the point they enter their vote, watch the counting, and watch the reporting. Verification is not limited to the technorati, it is available to every single voter. This is why paper voting remains superior.

          • Paper voting systems are extremely vulnerable to localized, small scale fraud by a relatively large number of conspirators.

            Any hypothetical electronic system, no matter how secure, is vulnerable to basically _universal_, unauditable fraud by a tiny number of conspirators in the right place - as low as 1. Any kind of cryptographic system can be defeated by the guy who actually controls where the actually-compiled source code - and the COMPILER source code - came from. Even in an OSS system, it's awfully ha
            • by Trifthen ( 40989 ) on Friday September 14, 2007 @10:23AM (#20602905) Homepage
              Worse. Not to launch into a conspiracy tirade, but who says the machine prints out the user's selection? In a perfectly—or even halfway competent—world, all it would take is one dishonest group of people (Diebold?) to code the system with two result columns. The first stores the user's actual vote, the one it can print out on request given an encrypted value, or present on a confirmation screen for the user. The other stores the desired vote; maybe on a statistically weighted basis for a specific candidate or party as to make the slant non-obvious. The second column is used for tallies.

              Suddenly your printed receipt is absolutely worthless. Sure, you can rest easy the system correctly registered your vote, but it's the master counting system, and the values it receives, that matters.

              Paper ballots require a massive concerted effort with hudreds, or even thousands of conspirators. With Electronic voting, since the code is closed (and even if it was open, we can't ensure that's the code they used in the final machine), it takes one manager with an agenda and a handful of hand-chosen coders to implement it.

              There may be a way around this, but I sure as hell don't know what it is.
      • Yep, that sounds good.

        However, I still wonder what advantage this brings over the old fashioned way...
      • Re: (Score:3, Insightful)

        by will_die ( 586523 )
        1) Good luck finding a write instrument, how many have you gone to post office, bank, etc where you need a pen to fill out a form and could actually find a pen? :) Besides you are giving them a printout why not print it on there.
        3) How would that printout prove anything on how your vote is recorded, if you really wanted to mess up the machine you would display the correct results and record the wrong. If I wanted to add votes the old ways are still the best ways; get the dead to vote.
        4) The giving of e
        • Re: (Score:2, Insightful)

          by JoelKatz ( 46478 )
          "1) Good luck finding a write instrument, how many have you gone to post office, bank, etc where you need a pen to fill out a form and could actually find a pen? :) Besides you are giving them a printout why not print it on there."

          This is not really essential. It's just to protect against a tampered voting machine that basically doesn't record your vote at all. Even paper trails have this same limitation -- if a voter doesn't *look* at the paper, it does no good.

          "3) How would that printout prove anything on
          • "So I am saying, your assumptions about voting are broken. If you want to be able to judge voting systems competently, the first thing you have to do is figure out what your requirements are and what's good and what's bad. And you are probably doing that wrong because you have a lot of mistaken assumptions about properties of voting systems. (Not you personally.)"

            I've answered you elsewhere but this bit struck me, I am of the opinion you (personally) do not understand the "checks and balances" built into
      • is that only the mathematicians really understand what's going on.

        We may know that (if and only if the algorithm is implemented correctly) the method works, but for the rest of the citizenry, this is asking them to put their trust in (yet another) technical priesthood.

        The system has to be simple enough for anyone to see, and simple enough that anyone willing to comprehend freedom can comprehend it. It has to be visible.

        Thus, the stubbed, anonymous paper ballot, the stub and the ballot going in separate, lo
      • by zotz ( 3951 )
        Something in this all is not making sense to me... Perhaps it is just too early and I was up too late.

        So, assuming what you say above is right for a minute, I would say, just print a paper ballot along with the paper receipt providing cryptographic proof that the voter ID you were shown in step 1 voted for the candidate you chose. And you optional receipts... no optional ballots...

        Put the ballot in the box outside the booth and carry on with your plan from there on.


        all the best,


        http://pc.celtx. []
      • by phurley ( 65499 )
        My problem is with your step 5, if there is a tally of votes, my vote is not anonymous -- if the guy checking my "receipt" is given someone else's receipt, among other things it is possible he will get "duplicates" which will get me in trouble. If you consider this a non-issue, as duplicates will not be detected/found etc, then it is just as easy for the system to provide multiple votes the same receipt while casting votes for a different candidate.

        There is one significant problem, if there is a tally somew
    • by sslo ( 1143755 ) on Friday September 14, 2007 @05:45AM (#20600851)
      Information Week has given itself a black eye by saying nothing at all of any interest or substance about this issue, while hyping a report that it can't even describe adequately. All this means is that a "Black is White, Up is Down" paper will be forthcoming soon from an industry shill. The only news here is that this a self-inflicted reminder not to read Information Week.
      • This is what Information Week always does; it's not new. There's a reason my user CSS file displays a read troll warning after any links.
    • Re: (Score:3, Informative)

      by Asic Eng ( 193332 )
      The board and the staff, too. I thought it would be of interest to have a look at the educational background of this "foundation":


      Cal Dooley - Masters degree in Management
      Jennifer Dunn - BA
      Dr. Robert D. Atkinson - Ph.D. in City and Regional Planning
      Rhett B. Dawson - undergrad law degree
      David Hart - Professor of Public policy


      Dr. Robert D. Atkinson - Ph.D. in City and Regional Planning
      Julie A. Hedlund - M.A. degree
      Daniel D. Castro - M.S. in Information Security Technology and Managemen

  • by jimicus ( 737525 ) on Friday September 14, 2007 @05:35AM (#20600811)
    Who are the "Information Technology and Whatsit Foundation"? Because it wouldn't surprise me in the slightest if they're a lobby group representing Diebold.
  • Worthless article (Score:5, Insightful)

    by Confused ( 34234 ) on Friday September 14, 2007 @05:40AM (#20600825) Homepage
    The article is totally worthless. It just states that some industry-sponsored organisation doesn't like paper trails. Let me guess, it's sponsored by the voting machine manufacturers or by Buy-An-Election Inc.

    As to why paper trails are bad, they don't say, just that they will publish a paper really soon now. News at 11.
    • Re:Worthless article (Score:5, Interesting)

      by VirusEqualsVeryYes ( 981719 ) on Friday September 14, 2007 @06:25AM (#20601027)

      As to why paper trails are bad, they don't say
      That's textbook FUD for ya. Make a claim, let the news sink in, then follow up later with easily debunked reasoning far after everyone's stopped paying attention.

      I've been interested in the Caltech/MIT Voting Technology Project [] for awhile now, and they have quite a few papers on voting issues, including discrepancies, statistics, technologies, reliability. One paper in particular [] (PDF warning) speaks of a study done on different methods of verifying user voting. For the mock election, they randomly inserted incorrect vote records, and thus tested different methods of auditing, to see how often voters noticed the discrepancy. With the paper trail, only 8% acknowledged any problem (i.e., realized that the machine voted wrong). For an auditing system, that's not at all counterproductive as the topical article would have you believe, but it's still pathetically ineffective.

      A different kind of auditing system is advocated in the paper: one using audio via headphones to play back the recorded votes to the voter. 77% of voters caught the errors. Of course with every added system, there is inherent risk -- listening devices, accessibility, etc. -- and, of course, audio auditing is relatively untested, but this seems promising. This, however, assumes that the problem is with voters or the machines making an honest mistake and not with the machines maliciously changing votes. Thus, the best course of action would be to have both paper and audio: one to help the voter, the other to verify recounts and prove unreliability.

      Of course, no auditing system, no matter the sophistication or rate of helpfulness, will matter if the machines themselves are designed to be corrupted and the vote counts manipulated. Ultimately, it will be far more beneficial to the American people if, rather than trying to force accountability and regulations on corrupted producing companies bought and paid for by corrupt political crooks, the machines are written and produced, or at least heavily tested, by independent committees.... May I suggest academic committees, such as this Caltech/MIT VTP, or similar groups? Their ultimate goal is to certify reliability, and since academics is far less motivated by money, they're far less likely to be corrupted. Or so goes my theory, anyway.
      • by nahdude812 ( 88157 ) * on Friday September 14, 2007 @06:49AM (#20601129) Homepage
        Headphones would also be a substantial health hazard. There's no way I would put an object on my head which has been on the head of hundreds of other people just today.

        The biggest concern is not with people making a mistake in recording their votes (though this is a concern, but one which is easily correctable with a good user interface), but with machines which may be tampered with to alter the outcome of the vote.

        Even the marbles-in-a-jug thing is easily falsifiable since anyone with two marbles gets two votes, let alone with a hundred marbles.

        The idea is that you have to make the "authority" on which vote is which an immutable record. That is to say something which can't be changed after the vote has been cast. There's nothing in the computer world where this is the case. Not even cryptography would suffice since the voting machine does all the cryptography, and it could easily show you one cryptographically signed vote and record a different cryptographically signed vote. If it has everything it needs to do the original signing, it has everything it needs to forge the signing of different data.

        This immutable authority is most easily done as a paper trail. The paper can be shown to users through a piece of glass, and once confirmed, be fed into a locked audit box. Unfortunately even this is still vulnerable to a malicious machine continuing on to forge votes between users and feeding those votes into the box. At least the machine couldn't delete existing votes, it would only be able to add to them, and that would show up as more votes registered than votes cast.

        So I think the current approach is that each voter would be issued an audit card as they enter the voting booth. The machine doesn't have these, and the user feeds the card into the machine for their vote to be recorded.
    • Re:Worthless article (Score:4, Informative)

      by tbannist ( 230135 ) on Friday September 14, 2007 @09:29AM (#20602279)
      Oh that's easy. Paper trails are "bad" because people counting ballots are more expensive and less accurate than digital counting*.

      * barring the presence of any bad actors in the simulation.

      It's always the caveats that get you. See these guys are interested in "resilience against corruption". They're only interested in cheaper and more accurate because that's the only thing that supports their position.

      I have to agree with you, the whole article screams "Industry Shills".
  • by Jah-Wren Ryel ( 80510 ) on Friday September 14, 2007 @05:44AM (#20600849)
    Just a quick browse of their "ITIF in the news" [] page and it looks like they are big fans of Real-ID and RFID tagging in general. On network neutrality [] they appear to be in favor of just leaving it up to the FCC to determine on a case-by-case basis what telecomm companies are abusive and which aren't - no legislation required, and their justification seems to be that some of the proposed legislation has been over-the-top (typical FUD about preventing telecomms from 'innovating').

    Who funds these people?
  • Yet again ... (Score:5, Insightful)

    by Anonymous Coward on Friday September 14, 2007 @05:48AM (#20600867)
    ... the answer is very simple.

    The voter marks the ballot paper with a pencil. The ballots are counted by hand by human beings.

    Completely transparent, complete audit trail, safeguards against all the failure modes discovered over the decades, results within hours, recounts within hours if needed.

    Oh, and I expect it's cheaper than all this inappropriate mucking around with computers too. Computers aren't the answer to everything. This is one application in which they have no place.
    • The problem is that a significant number of people have difficulty understanding how to correctly cast their vote using a pencil and a piece of paper. A racist political party in the UK has won a case to have a ballot recounted because of this: []
    • by Yvanhoe ( 564877 )
      I am amazed at how technophobic people enjoy electronic voting without seeing the problems of it.

      Hell, I am ready to get my brain wired to a computer through surgery but when discussing of the e-voting problems with people I am being told that I must not be afraid of progress...
    • results within hours
      No they aren't. It just looks that way because other nations have shorter ballots due to the proportional representation system.
      • by SerpentMage ( 13390 ) <[ ] ['' in gap]> on Friday September 14, 2007 @07:12AM (#20601255)
        American's are not the only ones with long ballots. Germany has long ballots as well because you get to vote twice (your first vote and second vote). Then add in all of the tom-dick-harry parties and ballots become 24 inches long. In Switzerland folks vote every three to four months since it is a direct democracy. My point is the long ballot is not an excuse.

        What I think is problematic in the US is that there is this automatic tendency to automate tasks and thus making it difficult for the people to carry out the task. Case in point the ballots with hanging chads. Why on earth is there such a ballot? Oh yeah so that you can save a few bucks on counting the votes. But who cares that the voter has to take a Phd on casting votes.

        To put this in context. India in 2004 put in electronic voting machines for 348 million people []

        I am sure its not perfect, BUT you have to think twice about this. In a country that is mostly poverty stricken and where people can't really read they have a working democratic system and 348 million people can vote electronically. And what was the population of the US? 300 million...

        No, the problem here is quite simple the American voting infrastructure. It's not the fault of the people, nor the political system, but the folks who run the voting infrastructure! They need a good "flogging."

      • The UK has a first-past-the-post electoral system, not any kind of proportional representation. Not that it makes a difference; whether you vote for a party or a candidate, the complexity is the same. Ireland, on the other hand, uses a Single Transferable Vote (STV) system. In this system each voter lists all candidates in order of preference. Votes are counted once, then if no candidate has more than 50%, the least popular candidate's votes are redistributed among the other candidates by looking at the
      • by amorsen ( 7485 )
        No they aren't. It just looks that way because other nations have shorter ballots due to the proportional representation system.

        Proportional representation doesn't magically make ballots shorter. Candidates are listed, and you can vote for them directly.
    • Re: (Score:3, Insightful)

      by karmatic ( 776420 )
      Actually, there's a better answer still.

      You enter your options on a screen, and it prints your ballot out for you, and a barcode with a checksum. The ballot is read optically (like it often is now), and the checksum is verified. No match, it's counted by hand.

      A system like this ensures no hanging chads, etc. It's 100% verifiable by the voter. The paper trail is just as good as the current system, and can be fully counted by hand. It's impossible for the voter to prove which way he voted; if he takes th
  • by Anonymous Coward on Friday September 14, 2007 @05:49AM (#20600871)
    "ITIF wants to spark discussion of how new technology can solve the problems. The report outlines innovations in voting machines that offer "end-to-end verifiability." It explains the cryptography the systems use and says that Congress should pass legislation based on S. 730 and H.R. 2360, which require verifiable audit trails without specifying that paper be used."

    1. Not end to end. I can't do cryptography decryption in my head, and the vote verifier at the other end, he can't also do decryptions in his head. So any solution that involved cryptography isn't end to end.

    2. One doesn't preclude the other. You can encrypt the electronic vote AND STILL HAVE THE PAPER AUDIT TRAIL to check the machine's cryptographic vote matches the voters intentions.

    3. Papertrails, or ballots as we use to call them, have a proven track record of uncovering fraud in voting. To date the fraud in electronic voting is suspect but unproven. It is unlikely that fraud is eliminated in electronic voting, because fraud is *easier* not *harder* to do when votes can be changed so easily and untraceably on mass in a computer. So the lack of uncovering fraud is likely to be a weakness in the auditability of these machines. i.e. we suspect voter fraud because of systematic irregularities in key districts, but nothing can be proved because the lack of paper trail to verify against.

    Why does he want unauditable machines? I see from his history that he's a professional technology lobbyists, but I'm curious why the FUD to keep the voting machines unauditable?
  • Crikey (Score:3, Insightful)

    by TechnoBunny ( 991156 ) on Friday September 14, 2007 @05:50AM (#20600873)
    A technology company producing a report suggesting that plain old paper may be unreliable?

    Im shocked. Really.

    Up next - 'Republican Party publish report saying the the Republican Party is better than the Democrats'?
    • They are not a company, just a lobby group. They publish whatever report they are asked to publish - check their page, with one exception they have no technology background. They have not the slightest idea what they are talking about.
  • by karl.auerbach ( 157250 ) on Friday September 14, 2007 @06:00AM (#20600903) Homepage
    There are those who want us to delay replacing the Diebold (and similar) voting machines, forever if necessary, until we have a perfect solution.

    Of course, there is no perfect solution. We only have adequate solutions.

    Condorcet voting is mathematically better than simple tallies or "instant runoff" voting. But does anyone except mathematicians comprehend it? Would switching to it increase our confidence in voting or would people be suspicious and trust voting even less?

    Paper is adequate. And what's better, it is something that mere mortals understand. And the attack vectors for paper are reasonbly well understood after more than a century of use of the "Australian" ballot style that we all use today.

    The proposal by this group opens the door to FUD and infinite delay, and thus infinite retention of flawed DRE voting machines. Diebold would win, democracy would lose.
  • It is not hard to make a voter-verifiable paper-trail voting system. Publish a database of election results that includes a unique ID generated by the voting machine for each vote. Also print that ID on a paper receipt that the voter can take home after voting. Then the voter can verify via the internet if the vote was tallied with the right party/candidate. And it will also be possible to verify the totals by downloading the full database and doing the sums yourself.

    On the same paper receipt, the candida

    • Re: (Score:3, Insightful)

      by lpontiac ( 173839 )
      Votes can't be verifiable after you leave the venue, or you don't have a secret ballot.
      • It IS easy to deal with. The voter-verifiable piece of paper isn't a receipt to take home, it's a paper which is cast into a ballot box, presumably after John Q. Public has scanned through it to check the accuracy. If there's any discrepancy it's immediately brought to the attention of the the election official at the location to be dealt with. If there are later any discrepancies in -- or questions about -- the machine counts, machine data are dumped and those paper slips are counted. Because they're clear
        • Granted that this is probably the way to go, it produces an ballot that can be quickly read in, most importantly provides a user interface that prevents the vast majority of ballot problems.
 The problems in Flordia came about because people did not take proper case of the machine, ie empting out the trash containers. With requiring them to enter ink and paper what kinds of problems are you causing and who are you going to get to do that?
      • by timotten ( 5411 )
        Of course, it's not that simple. I'll take a stab explaining this (although IANBS and I haven't thought much about this in a long time.)

        Under the scheme described by the grand-parent, the secrecy of the ballot depends on the confidentiality of the unique ID number: if an attacker can correlate the unique ID to a particular person, then the secrecy is compromised. If no attacker can make those correlations, then the secrecy is protected.

        It is feasible to assign a unique ID to each voter during the election p
      • Votes can't be verifiable after you leave the venue, or you don't have a secret ballot.

        Think again. That's where the unique ID per vote helps. Instead of attaching the identity of the voter to the vote, each voter gets a unique anonymous ID number. An easy way to get a unique ID is to use a true random number generator and spit out sufficient bits to make the chance of collisions negligible.

        Or you can use something a little more advanced that is still anonymous, but removes any chance of collisions betw

    • by sjames ( 1099 )

      That's an excellent proposal.

      Since just one verifiable reciept that doesn't match the database (or that isn't in the database) or where the human readable portion shows a different vote than the encrypted hex would be enough to reveal fraud or failure.

      The voting machines should also print a journal roll just like a cash register and those should be retained for a number of years. In at least one election so far, verification was impossible after suspected irregularities because the memory cards were al

      • The only drawback can be handled by law. There is a (perhaps legitimate) fear that some employers might try to dictate employee votes and check reciepts. Simply make it a felony to demand someone's vote reciept or to offer any sort of coercion or incentive to show a vote reciept . Being under orders/instruction to do so with coercion is a mitigating circumstance but should not excuse the crime. It should likewise be a felony to instruct another to do so. Publicise that law well through PSAs before the elect

    • by frdmfghtr ( 603968 ) on Friday September 14, 2007 @08:37AM (#20601851)

      It is not hard to make a voter-verifiable paper-trail voting system. Publish a database of election results that includes a unique ID generated by the voting machine for each vote. Also print that ID on a paper receipt that the voter can take home after voting. Then the voter can verify via the internet if the vote was tallied with the right party/candidate. And it will also be possible to verify the totals by downloading the full database and doing the sums yourself.

      On the same paper receipt, the candidate/party that was voted on can be printed. But it is better to hash that information together with the unique ID and encrypt it using a private election key and then print the result on the receipt (e.g. as a hex string). This generates a voting receipt that, when decoded with the public key, is verifyably a receipt of a vote that should have been counted for that election.
      No, no, NO!

      WHY do people keep bringing up this corruption-laden idea of a take-home receipt with your vote printed on it, or some other way of verifying your vote outside the polling place?

      As has been stated repeatedly here and elsewhere, taking home a receipt opens the floodgates for corruption. "Bring me a vote for Candidate XXX, and I'll pay you $10!" "Bring me a vote for Candidate XXX, or you might suffer an 'accident' in the near future."

      You verify the paper ballot in the privacy of the voting booth; once verified, the ballot drops into a secure ballot box and serves as the permanent record of your vote. No name, no identifying information is on the ballot, and NO RECEIPT.
  • by jesterzog ( 189797 ) on Friday September 14, 2007 @06:04AM (#20600925) Homepage Journal

    The likeliness that computers are capable of correctly counting 100,000 perfectly submitted votes more accurately than humans in an ideal world isn't exactly a surprise, but this isn't really the point because the world isn't ideal and it's not realistic.

    Even if paper trails are slightly less accurate in the counting (something I'd dispute once factoring in less measurable quantities like corruption of officials and potential hacking), one of the most important advantages of paper trails is that they can be easily understood by virtually everyone who votes. A voter verifies their correct vote is recorded on a slip of paper, places it in a ballot box, and then the votes recorded on the papers in the ballot boxes are counted, with the process being vetted by people who have reasons to make sure it's being done properly. The entire process is completely visible and clear from start to finish.

    This is quite different to voting through computer interfaces, where the ability for nearly everyone to understand ends at them pressing a touch-screen. The abstract concepts of what goes on inside the system are very difficult for most people to grasp, unless they have a relatively high education. Furthermore, very few people can verify and confirm that it's working correctly.

    Trust of as much of the population as possible is of huge importance in elections, and systems with paper trails are the ones that are easiest for the majority of people to trust.

  • by Nymz ( 905908 ) on Friday September 14, 2007 @06:06AM (#20600929) Journal
    High - When I buy anything with a credit card - (requires ID, receive receipt)
    Medium - When I get $20 out of an ATM - (requires ID, receive receipt)
    Low - When I buy a hamburger & fries - (no ID, receive receipt)
    Worthless - When I vote - (no ID, no receipt, no confidence)
    • Re: (Score:2, Insightful)

      High - When I buy anything with a credit card - (requires ID, receive receipt)

      No, no id is required, unless you are confused and think that a credit card is some form of identification. Surely some cocksure dumbass will come along with an anecdote about how they were required to provide ID when they used a credit card, and if I really cared I would go cite the MC and Visa merchant rules that say a merchant can ask for but can not require id except when they have strong reason to believe there is fraud.

      Worthless - When I vote - (no ID, no receipt, no confidence)

      Let me guess, you have never voted? It's pretty common for voters in the USA to

      • by Nymz ( 905908 )

        Let me guess, you have never voted? It's pretty common for voters in the USA to show id when they vote so that the poll staff can verify that you are registered to vote and registered to vote at that polling location.

        Nope, worse than never voting, I live in California. If you pull out an ID, poll workers will tell you to put it away, refusing to look at it. Also, this last election I recieved my voter information in Spanish first, and had to wait two weeks for an English version to arrive, but that's anot

        • If you pull out an ID, poll workers will tell you to put it away, refusing to look at it.
          That's something I have a hard time understanding. What's the harm in requiring ID to vote? What's the point in registering to vote if ID isn't checked at the polling place? Of course, your identity doesn't get tied to your vote, it just gets you in the door; check your ID, put a check mark next to your name in the voter registration list, and you are in the door, ready to vote.
  • by kcbrown ( 7426 )

    A proper voter-verified paper ballot system is as good as it gets when it comes to a combination of accuracy, verifiability, and accountability.

    It's real simple: the voter makes his selection using, say, a voting machine. Voting machine spits out paper ballot and shows it to voter. Voter examines ballot to make sure ballot is good. If ballot is good, voter tells machine to accept the ballot and machine drops ballot into sealed box. If not, voter tells machine to reject the ballot and machine allows

    • by kenh ( 9056 )
      At issue, as I see it, is that if you have an electronic total and a paper total for a given election, and they diverge - which do you trust? And if you decide to always trust, say, the paper total over the electronic total when they diverge, what is the real value of the electronic total?

      Put another way, if there are two children in a room (Tim and Mary) and I hear a lamp break, when I investigate if I decide to ignore whatever Tim says (unless it agrees with what Mary says), why ask Tim what happened?


  • Organisation says "Paper trails aren't enough to ensure accurate vote counts" (on their own, anyway?) - Next week we'll tell you why!

    No news here. Not until next week, anyway.

  • According to the provocative and highly enlightening documentary Orwell Rolls in His Grave [], there's a switch on voting machines that either accepts, then discounts an incorrectly filled-out ballot, or spits the spoiled ballot back out so you can vote again. Apparently, in some areas heavily populated with blacks, the wrong ballots were received and not returned. In predominantly white districts, the incorrect ballot was spit back out so they could vote again.

    So yeah, paper votes can be and have been manipul
  • by e**(i pi)-1 ( 462311 ) on Friday September 14, 2007 @07:15AM (#20601269) Homepage Journal
    In other news: Backups Don't Ensure your data are safe.

    "In an new report from the Information Technology and Innovation Foundation they say that backups can increase costs and can actually reduce the chances that users data have to be recreated."
  • The paper trail is used for an accurate recount, as a way to double-check the original count should there be any concerns about tampering.

    TFA is merely a means to divert the discussion away from the real problem here: without a paper trail, it is too easy to tamper with the voting machines and not be caught.

  • Where's the proof? (Score:3, Interesting)

    by trianglman ( 1024223 ) on Friday September 14, 2007 @08:27AM (#20601749) Journal

    Are there any facts associated with this article? It appears that this is just one group's claim, backed up by nothing other than their opinion.

    The facts of the matter are:

    • The current mixed method voting options are very prone to error. Most are in a non-human readable format (marked, or worse punched, dots on a piece of paper). And all are paper ballot trails.
    • Electronic voting, with closed source machines (and even to some extent with open source machines), is inherently insecure if the vote count that matters is only stored electronically.
    • Paper voting trails are reliably valid under three conditions: The people voting look at the papers and verify that it reflects their vote. The ballots are secured the same as any other paper ballot. The paper ballots are regularly and thoroughly audited after, during and in between each election.

    with all this, a well mandated, accessible, audited electronic voting system is more secure than previous voting methods. There is no excuse for these companies to have created and sold the craptastic voting machines they did. There is no reason for Diebold, an ATM maker, to have only made voting machines that had no paper trail capabilities. If they tried to sell something like that toa bank, their contract would have been dropped in a heartbeat, but election boards across the country didn't blink an eye. It is time that there be a nationwide standard that works within a degree of certainty. Electronic voting machines with paper audit trails are accessible, human readable, and as secure as anything we currently use. You don't have questions of "Did this voter actually mark a circle?" or "Which of these half erased circles did the voter mean?" or "That chad isn't punched all the way through, so I will just do it for them because I know what they meant." It is very hard for an auditor to see "President: Al Gore" printed on a receipt in human readable form and say that the voter chose George Bush.

  • by PotatoHead ( 12771 ) <doug&opengeek,org> on Friday September 14, 2007 @10:39AM (#20603091) Homepage Journal
    We use it here in Oregon, and it works well.

    Anybody registered to vote, gets checked, then mailed their ballot to their address on file. Signature checks, collected at the DMV, are used to validate votes. Votes are mailed in a double secret envelope that allows verification but does not tie votes to voters.

    The counting system is optical scan, is done in one location with security in place there. Audits are performed, and most importantly:

    -the voter can verify their own vote

    -said vote is human and machine readable

    -casting of votes is distributed over time and space.

  • by volkris ( 694 ) on Friday September 14, 2007 @10:44AM (#20603141)
    Finally somebody getting around to speaking against the amazingly widespread myth that somehow a printed ballot is more accurate, more trustworthy, or more useful than an electronic record.

    It's pretty incredible to see the Slashdot crowd speak of paper trails as if they were some sort of magic talisman ready to right the evils of the election system. Slashdotters of all people should understand that the whole point of digital computation is to improve precision of calculations far beyond what could be achieved by manual counts and paper trails, and that proper application of encryption and communications technologies can entirely reverse the weaknesses of either paper or poorly implemented eVoting.

    It's so blindingly simple: a paper backup cannot possibly have the precision needed to resolve a close election. It's physically impossible. So what happens when the paper disagrees with the electronics? When the backup is more flawed from the start what good is it?

    I could go on, but wow... it's so refreshing to see this story posted to Slashdot. I just wish the rest of the US would stop and think for a second to demand decent electronic voting systems instead of insisting on a broken solution to the wrong problem.
  • by lymond01 ( 314120 ) on Friday September 14, 2007 @11:29AM (#20603671)
    I wonder if, perhaps, anonymous voting is going to have to go away. People register with their Social Security Numbers or RealIDs, vote, then can review their vote on a website along with everyone else's.

    Of course, as with paper or e-voting, what the final tally shows may not reflect the paper/button press you submitted. Electronic or paper, you still need to trust the vote counters OR be able to verify your vote later.

    Congress should have power. Congresspeople should not.
  • Error (Score:5, Funny)

    by PPH ( 736903 ) on Friday September 14, 2007 @12:05PM (#20604273)

    In an new report from the Information Technology and Innovation Foundation

    You misspelled Diebold.

Logic is a pretty flower that smells bad.