Follow Slashdot stories on Twitter


Forgot your password?
Open Source Government United States Politics

E-Voting Reform In an Out Year? 218

An anonymous reader writes "Most of us know the many problems with electronic voting systems. They are closed source and hackable, some have a default candidate checked, and many are unauditable (doing a recount is equivalent to hitting a browser's refresh button). But these issues only come to our attention around election time. Now is the time to think about open source voting, end-to-end auditable voting systems and open source governance. Not in November of 2012, when it will, once again, be far, far too late to do anything about it." It'll be interesting to see what e-voting oddities start cropping up in the current election cycle; Republican straw polls have already started, and the primaries kick off this winter.
This discussion has been archived. No new comments can be posted.

E-Voting Reform In an Out Year?

Comments Filter:
  • Those of us who know and care -- and I don't mean me, I mean people like Dr Rebecca Mercuri, whose postgrad work has been right on this point -- have been trying to get that to happen since, oh, at least 1996 or so.

    You can see the (total lack of) results, right?

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      The problem is that the list of people with the power to do something about it is almost identical to the list of people who benefit from it being corrupt and unauditable.

      • on the ballot they tend to have a (D) or (R) next to their name.

        I won't trust voting till...

        1) There is an audit trail

        2) The code is up for inspection

        3) You are required to show ID to vote

        • by jd ( 1658 )

          The e-voting system I've suggested a few times (anonymous generation of private/public key pairs issued to those who have ID) would make the showing of ID superfluous. You can vote with an invalid encryption key if you like, but there's bugger all the voting computer can do with it as it can't decrypt it. This also avoids the objections (which are valid) by individuals who have complained excessive ID requirements make voting impossible (in violation of the Federal laws on voting, not to mention the 15th Am

        • Re: (Score:3, Informative)

          by riverat1 ( 1048260 )

          If you are required to show ID when you vote then the only valid ID should be a voter card they issue you free of charge when you register to vote.

          The reason that Republicans want you to show ID when you vote is to suppress the voting of people who are more likely to vote for Democrats. The level of voter fraud, that is people who are not eligible to vote voting, is so minuscule in this country it's not an issue. In Ohio in 2004 they looked for that and only found 4 out of millions of votes. Yes it could

          • Why is it that people who don't have any state or federal ID are more likely to vote (D)? I'm really wondering about that.

            Illegal immigrants? No sympathy here: if you want to be afforded full citizen rights, you need to do it legally. Immigration sucks? Yes it does, but if you're already not prone to following the laws just getting in, why should anyone believe you're going to follow the laws once you're in? Voting is a right for citizens. If your party is reliant on illegal voting to get a majority,

            • The ID's required are picture ID's. Most often that is either a drivers license or a passport. Many poor people and people who live in cities with decent public transportation have neither. That is definitely a Democratic leaning demographic.

              As people get older they may give up renewing their drivers licenses so they're expired or as in one example I heard about in Indiana a bunch of nuns living in a convent who had been voting for decades were not allowed to vote after Indiana's ID law was passed becaus

    • Any voting machine which is closed source is equal to allowing a magician to count the votes.

      First of all there must be a papertrail for any electronic voting machine. While the counting process can be automated, the voting machine should only exist to make voting easier, such as push a button to select a candidate. This should generate a receipt with a unique number representing the digital signature of the person voting. This would make counting easier and would also allow one to vote via the internet whe

      • by Chris Burke ( 6130 ) on Friday June 24, 2011 @09:02PM (#36563188) Homepage

        Open source is really irrelevant. You can never prove that the voting machine is running an un-altered binary produced from that code on unaltered hardware and with unalterable memory. It's not bad, but it doesn't guarantee anything, so if that's what you think is keeping voting from being equal to a magician counting the votes, then that's a false sense of security you're feeling.

        The way you make voting secure is to take the part where you have to trust the machine's memory, with no way for the voter to confirm that its contents are correct -- the magician, essentially -- out of the picture.

        Instead, the machine should simply be an enabler for printing a correct ballot. That paper ballot must be the only ballot that matters. That ballot can be machine readable, but it must also be human readable, and it must be the same markings that both human and machines read to determine who the ballot is for.

        In this regime, it doesn't matter if the source is open or closed. It doesn't matter if the voting machine is compromised. Because now the "magic" is out in the open, so if the machine tries to pull any tricks, the voter has the ability to actually see that their vote was recorded incorrectly, and not put that ballot in the ballot box.

        • by jd ( 1658 )

          That's one of a number of possible solutions to the veracity problem. Because there are many solutions to veracity, not all of which are compatible with the many solutions to other parts of the puzzle, it's not useful to focus on that one solution. What you ideally want to do is to start with the bits for which there are provably very few solutions because then you minimize the risk of producing flaws elsewhere by having to leave out parts.

          • What you ideally want to do is to start with the bits for which there are provably very few solutions because then you minimize the risk of producing flaws elsewhere by having to leave out parts.

            I'm not sure I agree with this statement -- given that any security system is only as strong as the weakest link, you need to get it all right (or right enough, anyway), and why not start with the low-hanging fruit? But, regardless of that, I'm interested to hear what you think are the bits that provably have very few solutions, and what you think should be done to address them. It sounds like you've put some thought into it; I'd like to hear it.

            • by jd ( 1658 )

              Think of it as a SQL statement. If you start with the smallest table and join onto that, both you as a developer/tester and the computer will have the least work to do.

              Ok, the smallest solution-space would seem to be to make each ballot unlinkable to a voter and yet be able to prove that the mapping of ballots to votes is a perfect 1:1, that all voters were authorized and that the ballots counted were the ones presented.

              This is small because you have veracity of every set and every relationship at the same

              • by AK Marc ( 707885 )

                Ok, the smallest solution-space would seem to be to make each ballot unlinkable to a voter

                I would prefer a system that would link to a voter. This country was founded on open ballots, and vote fraud and intimidation was low until the civil war. I agree it would fail in locations of intimidation, but for a mature democracy like the US, it should be simpler and much more reliable to just go back to a system that didn't require complete anonymity.

                • by weicco ( 645927 )

                  It would be great to be able to link vote to the voter! I could finally make sure that my family members voted correctly and take appropriate measures if they didn't ;)

                  • I'd like to see voter accountability. If you are not willing to stand up and say 'I agree with this person's principles, I will vote for him,' then I'm not sure that your vote is worth much. On the other hand, this can only work if coupled with strict enforcement of very harsh penalties for voter intimidation. Voter intimidation is an attempt to subvert the government, and needs to be treated as such.

                    By the way, the scenario that you outline is far more common than it should be with postal votes in the

                    • by AK Marc ( 707885 )
                      Voter intimidation could be done now. Cell phone cameras, mail-in (as you mention) and such could already be used. But we don't have that problem in the US. And spending so much effort to make sure we can't make it easier while we are simultaneously pushing for mail in ballots (which open the hole even more explicitly) and such is silly.

                      Just get over it and bring back open ballots. It'll be simpler, easier, and will eliminate almost all other kinds of fraud instantly (dead people can't vote when you
                    • Voter intimidation is an attempt to subvert the government, and needs to be treated as such.

                      It already has been treated as such with preemptive rules that make it far more difficult, rules which you would like to subvert. Availability of anonymity is a necessary prerequisite of free speech.

              • I think the problems you are trying to solve have been very addressed more practically and thoroughly by David Chaum's Punchscan and Scantegrity systems.
              • A voter casts an encrypted ballot in which the key they possess is useless to anyone wishing to find out what the vote was, but where there is one and only one key that can decrypt that ballot and produce a valid record. This requires that you have two machines - the one generating the key pair and the one doing the decryption, where both are tamper-proof, the link is unidirectional and the link is also tamper-proof.

                Oh wow, when you said there were other methods to solve the veracity problem, this is not what I thought you meant. I'm sorry, but this is a hard fail.

                If we had voting machines which were tamper-proof, and which could be trusted to record the voter's vote reliably, and rigorously obeyed all requirements like "destroy the encryption keys" or "don't change the voter's vote before encrypting it" then we wouldn't be having this conversation.

                Your whole system falls apart because there is no way for the voter to

        • E-voting is like global thermonuclear war. Call me old fashioned, but I like the idea of marking a paper ballot with a pen, and putting it a box.

          Here in Taiwan, ballots are counted at the precinct level. The counting is done in public, with representatives of the major parties present. The whole process takes a couple of hours.

          The whole idea of "machine voting" is stupid. It's worse than a waste of money, it invites all kinds of suspicion and dispute. There has to be a paper trail. No exceptions.

          Using a mac

        • by AK Marc ( 707885 )
          It still doesn't have anything built in for lost/damaged/added ballots.
  • Why not use semi-electronic voting where you use a pencil and a scantron-type ballot, primary results can be done electronically while there are paper records that can be counted by hand if the results are challenged. It seems to be the best of both worlds, preventing a lot of the flaws of e-voting while still allowing results to be counted quickly, easily and without bias.
    • by blair1q ( 305137 )

      I prefer the type where you enter your vote on a touchscreen and get a printout that is duplicated and dropped in a lockbox by the machine itself.

      Cleaner and auditable right down to you presenting your votes to be compared with the ones in the lockbox and the ones recorded in the central DB.

      Unfortunately, I think I just invented it, so I doubt I'll find it anywhere.

      • Re: (Score:3, Interesting)

        by Anonymous Coward

        You can't have people leaving with proof about how they voted, lest they'd be coerced by thugs waiting around the corner for proof that they voted as agreed upon, or else.

        • I'm not sure you read that as intended. The paper duplicate would be dropped in a safe, presumably in the base of the machine - not given to the voter to be carried out.

        • by jd ( 1658 )

          You are correct that voters should never be attachable to a vote, but the prior poster is also correct that it is essential that it be provable that the votes counted were the ones cast and that all legitimate votes cast were counted. A sufficiently powerful cryptographic hash (perhaps with sufficient salt from the myriads of identification documents everyone has on file) might work. You have a hash, you can look up to see if the hash is listed amongst the votes counted, but all anyone else could do would e

          • by AK Marc ( 707885 )

            You are correct that voters should never be attachable to a vote,

            Why? Vote verification is possible now, and there are no incidents I've heard of it being abused. Open ballots are good enough for the first 100 years or so of the US, ended only because of the Civil War, which, last I heard, is over.

        • by AK Marc ( 707885 )
          The US was founded on an open ballot had it for 100 years without a problem. It wasn't until a Civil War where the thugs in the south perverted the system. We wouldn't have thugs in the US doing that, even if other locations on the planet may have problems.
      • I prefer the type where you enter your vote on a touchscreen and get a printout that is duplicated and dropped in a lockbox by the machine itself.

        Change it to where the voter drops the one-and-only printout into the lockbox themselves, after verifying that it is correct. Then we're in agreement.

        First, because otherwise how does the voter know the printout put in the box is the same as the one they're holding? If we trusted the machine to do that correctly, we wouldn't be having this discussion.

        Second, because any idea which sacrifices the secret ballot is a horrible idea.

        • by AK Marc ( 707885 )

          Second, because any idea which sacrifices the secret ballot is a horrible idea.


          • by Luckyo ( 1726890 )

            "You will vote for candidate I like, or you're fired".
            "... or you're going to be beaten up"
            "... or my men will come and rape your wife while you watch it"
            "... [insert method of coercion that you prefer here]"

      • Scan-trons are faster and less expensive... One scantron can process 40 voters faster than one e-voting booth with a touchscreen.. AZ has both.
    • by Trerro ( 711448 ) on Friday June 24, 2011 @08:41PM (#36562994)

      This is how CT does it. You bubble in the form, feed it to the machine, and if there's a close race, they pull out all of the paper ballots and recount manually.

      Additionally, the state picks a few towns and a few offices at random, and has people from other towns come in and hand count the results to make sure no BS has occurred.

      Needless to say, we don't get many claims of election fraud in this state.

      I helped with both forms of recount, one where some guy lost by 10 votes, and one random audit. On the recount, the difference between the hand and machine counts was a single vote (which is actually amazing considering how many X'ed the bubble, checked it, or otherwise failed to read the directions). On the audit, the difference was 3 votes. Both left a margin of error of 0.1%, which is pretty damn close to perfect. Multiple recounts may be needed if someone wins by 0.1%, but that's pretty damn rare. (The guy who lost by 10 votes lost by 10/1300ish).

      It's really not that hard to keep elections honest, the people just need to demand it, everywhere.

      • by Trerro ( 711448 )

        Both of those 0.1% figures should say "less than 0.1%", Slashdot ate the less than sign because it apparently thought I was trying to do HTML. (Post mode was "plain old text" before you ask. :P)

        • (Post mode was "plain old text" before you ask. :P)

          Which, intuitively, means "Use html, but interpret blank lines as paragraph indicators for <p> tags." Which is what "html formatted" means, as far as I can tell. It's been that way for so long, I've kinda stopped thinking about. Used to be you had to select a middle option between html and plain-text to get the "html but with automatic paragraphs" functionality.

          Now, let me see... Okay, "extrans (html tags to text)" seems to be just what you'd think "plain old text" would be. And "code", which I w

  • I'm only partly through two of the links, but I just thought of something. What if BitCoins were used for elections? Wouldn't it guarantee that sending my coins to cast my vote would be guaranteed?
  • Just because it's open source doesn't mean you can feel safe. There could be backdoors critical areas such as the compiler, or other places.

    We know that government agencies would pay, bribe, or trick developers into sneaking a backdoor in. That's all it would take.

    So who audits the code? How is it audited? In specific the kernel and compilers must be free of backdoors.

    • by techno-vampire ( 666512 ) on Friday June 24, 2011 @08:58PM (#36563166) Homepage
      We know that government agencies would pay, bribe, or trick developers into sneaking a backdoor in.

      Really? You know that for a fact? What evidence do you have, or are you just spouting your mouth off?
      • It's better to assume politicians are corrupt and watch them, than to assume them honest and not.
      • I think that the accusation in question is far-fetched, although not impossible, but the important part is that the government are open to this accusation and there is no way for them to defend themselves against it. This undermines the whole democratic process.

        It reminds me of a time when we were holding a controversial referendum here in Northern Ireland. One of the parties said that the government would try to throw the outcome of the referendum. The government responded by inviting that party to place t

    • by bieber ( 998013 )
      The difference is that if there's a backdoor in a proprietary system then you'll never, ever know about it. Seriously though, if you assume that those in power are just outright manipulating the results, then there's no reason they'd need influential developers to sneak a back door into the system and risk someone catching it on a code audit. They could just as easily pay some lackey to break in wherever the machines are being stored and install a new firmware, pay off poll workers to manually edit result
  • I don't care if they're printed by machine or filled out by hand but the end result should be a paper ballot that can be hand counted if necessary. Anything else is too easily manipulated. I'm not saying paper ballots can't be manipulated but it's far harder with them than with some electronic record.

    • Better yet, start out with both. Any errors in the e-voting system will show up immediately.
    • Who is to say that what gets printed or counted is the same thing the voter marked?

      Ultimately trust is a matter of finding a way to trust and verify the entire process. E-voting is just a minor part of this.

      • Who is to say that what gets printed or counted is the same thing the voter marked?

        The voter should be able to ensure that what gets printed is what he or she marked.

        Ensuring that the ballots are counted as cast is another problem, but one that we know how to solve well enough to ensure that large-scale manipulations of the vote will be found. Once you've got clearly-marked paper ballots that the voter has verified correct, the rest of what follows is well-understood, and your next anti-fraud focus should be on voter registration processes.

      • You can vote on a machine, have the machine print a voting ballot, and have the voter verify the ballot before dropping it in the box.
      • I should have been clearer. If the ballot is printed by machine that machine is not counting the ballot, just printing it. The only thing that actually gets counted is the paper ballot that the voter has verified is an accurate reflection of their intention. If you use a scantron or some other machine to count ballots then they should be randomly audited by hand counting to verify that they are accurate.

  • In the US it varies by state; each state makes its own laws regarding voting machines based on HAVA 2002. NC has a pretty strong law. Getting software changes approved is a long and complicated process. NC could not get an open source requirement passed in '05. But the compromise that resulted required vendors to supply their source code to a limited set. This was enough to run off the evil Diebold machines; they sued, lost and backed out of the bidding process; as did Sequoia, which was still in business
    • Diebold was known to load new software onto voting machines just before an election, without authorization. I don't recall anyone going to jail over it.
  • I don't get this e-voting thing.

    Even if the software is open sourced how can i ever know that the version running is the one it claims to be ?

    I also don't understand how the count can ever be verified without compromising the anonymity of the vote. If you don't trust the system you cannot trust any kind of verification it would do nor any kind of output it would produce (including any paper trail). Does anyone have any insight on the subject ?

    And i'm not even talking about software bugs. Even without any ki

    • Can you trust non e-voting either?

      The RSA trust issue discussed in a different story teaches that trust is not a matter of the process, but rather a social issue.

      • by mbone ( 558574 )

        Can you trust non e-voting either?

        Not entirely, but there are steps that can be taken to help insure that non e-votes are counted properly. Those steps are not available for e-voting, and I frankly do not think that the American political system is mature enough to be trusted with it.

    • by [Zappo] ( 68222 )

      I also don't understand how the count can ever be verified without compromising the anonymity of the vote. If you don't trust the system you cannot trust any kind of verification it would do nor any kind of output it would produce (including any paper trail). Does anyone have any insight on the subject ?

      The paper trail for a vote should be human-readable, inspected by the voter for correctness before deposit into a secure container at a polling place, and have no content that identifies the voter.

      Physical pieces of paper can be physically watched (even shuffled) by multiple parties who are unlikely to collude (e.g. opposing political groups plus the press).

      The 'e' part is just to speed counting. The paper makes it possible to handle claims of fraud, bugs, etc.

  • The computer should print the ballot on paper, you look it over, then it goes into the ballot box. That should be the only form of computer voting allowed. Anything else means you can't see how you voted, and can't see them count the votes- and that means you can't trust it. It doesn't make any difference what kind of government you have if you have no say in it, or can't trust that you do.
  • What makes vote tabulation trustworthy is having multiple, independently-reported tallies stored in multiple formats. Just like balancing a checkbook (remember that?), the key is getting agreement on the numbers from more than one source.

    For example, in the state of Virginia where I am a poll worker, we count the number of people who have been allowed to vote, and we count the number of votes cast on the machines. Each hour, we compare the two numbers, and call them into the Registrar who records them in

    • by Luckyo ( 1726890 )

      There is one major issue with allowing voter to check what his personal vote was outside poll station. Coercion.

      Specifically it means that whoever is coercing voters can check who/what they voted for. The current system is designed not to allow this for a reason.

      On the other hand if verification you suggest doesn't show what voter voted for, what assurances does voter actually have that his vote didn't get changed to whatever people who are falsifying the ballot want it to be?

      That's why paper is such a grea

      • "That's why paper is such a great medium."

        Your confidence in the efficacy of paper is misplaced. As paper is physically harder to manage, there are more opportunities for error, and thus _less_ reliable results. It's like the difference between doing your accounting with paper records and hand-written ledger books vs. using a software app.

        The digital verification I'm thinking of would show the vote, but nothing about the voter, thus coercion is not possible. The verification would also take place after t

  • It's called a pencil and a printed piece of paper with the candidates on.

    This is the system used in the UK and a lot of other countries in the world. It can't be hacked, it is fully human readable, and it is completely transparent so any attempts to hack it immediately become obvious.

    The election results are typically known beyond doubt within less than 24 hours of the poll closing, and the final results are typically declared within a day or two.

    Reminds me of that old joke/urban myth where the USA spent $m

"Let every man teach his son, teach his daughter, that labor is honorable." -- Robert G. Ingersoll