Guest post by The mounting irregularities of closed-source proprietary e-voting systems clearly show the need for a new approach to securing elections in the U.S. — one centered on the use of open source technologies, writes Paul Venezia. ‘It’s time for us to make good on the promise of open elections and open our e-voting systems as well,’ Venezia writes, outlining the technical blueprint for a cheap, secure, open source e-voting system. The call for open voting systems has grown louder as of late, with several projects, such as Pvote and the Open Voting Consortium, demonstrating how the voting booth could benefit from open source code. Such systems are already securing elections in Australia and Brazil.
Even open source cannot fix a broken system.
Pen&Paper&Counting by humans works in every real democracy. It is tried and tested.
Electronic voting cannot be as secure and is not understandable.
Read these comments for more info:
http://lwn.net/Articles/303070/
I was just about to post nearly the same.
On the other hand, I think we should not miss out on new opportunities to use modern technology when it is available for improvements.
*Possible* improvements in the area of voting are clearly visible:
– No counting errors
– No unintentionally voided votes (system guarantees to cast the vote to the voter)
– Better usability possible to voters, faster voting process
– Much less human work needed
– Counting is done while voting, so no explicit counting stage necessary (think about U.S. election 2000, where it was ruled to _not_ re-count votes)
– Overall more cost-effictive
The question is: Is it possible to find an electronic voting system that can compete with pen&paper on the security level?
This question is IMHO not answered yet. Until it is answered, electronic voting systems should not be used. But also, one should wait for research instead of completely abandoning the idea.
About understandability: Think about a system where all votes are publicly printed in the voting room. After finishing a vote, one gets an anonymous id printed which is also found on the vote printout. Every voter can anonymously check if her vote was really cast. Vote helpers can check if the printout maches the system’s database. This is just one simple idea to improve understandability compared to what is used today (I don’t know why the current systems do best in avoiding understandability!).
Edited 2008-10-27 19:58 UTC
Your “possible” improvements are unfortunately not possible at all. You’ll simply never get the political will to do any of it.
On the technology, there will never be a way for anyone to look inside the machine and see what source code the running code was compiled from. I don’t care if the source is opened – how do you verify that the code you downloaded last night is the code running on the voting machine today – or that some other device hasn’t hijacked some function using a root-kit technique.
There are too many incentives and too many ways for people to cheat in an electronic voting system. Even worse, cheating is far more likely to occur than mistakes in every conceivable kind of voting. Given that, the only solution is to minimize cheating as best we can – even if we have to pay for that with mistakes.
The most effective way to minimize cheating is to simply use many many hands and eyes to count hand filled voting ballots. Contrast that with what it takes to steel an e-vote – just one or two individuals that program and/or setup these ridiculous machines.
Yeah, humans can make mistakes and humans can be bribed – but what a task it is to steal enough checked and balanced – hand counting humans to make a difference, vs. hiring one company/individual to make sure the computers are set up to count in your favor (this includes scan-trons).
There’s a reason politicians are happy to spend many more times the amount of money for a system that is less reliable and much easier to tamper with (e-voting), rather than spending fewer dollars on simply designing easier to read paper ballots. And there’s a reason obvious intimidation drops when e-voting machines are installed (that’s for you NCAAP). Think about it. Why would so many incumbents support a more expensive, less reliable, easier to tamper with system. The answer is obvious.
Don’t even get me started on the “legal” ways in which people are kept from voting.
http://www.stealbackyourvote.org/
How about this – you are presented with a screen where you select the candidate you want. Then, the machine prints a small paper slip indicating your selection and you can look at the slip to make sure it’s right and then put it in a ballot box. That way, counting is done electronically saving time, effort and money and there is a paper copy too in case a recount is needed.
Its a great idea, but its far too simple. It will never work.
mankind needs something complex, prone to tampering and unreliable for the device to be truly accepted.
Believe it or not, there was a man who came up with a system like this several years ago, very similar to what you describe. It was called TruVote and was developed by a man called Athan Gibbs. Gibbs died in a highly-suspicious head-on collision in 2004.
Here’s some of what the system offered:
“TruVote allows voters to touch their candidates’ names on a computer screen and receive receipts of their vote at the end of the process. They can then go to a Web site, punch in their voter validation number and make sure their vote was recorded.”
Also…
“After voters touch the screen, a paper ballot prints out under plexiglass and once the voter compares it to his actual vote and approves it, the ballot drops into a lockbox and is issued a numbered receipt. The voter’s receipt allows the track his particular vote to make sure that it was transferred from the polling place to the election tabulation center.”
As I stated, Athan Gibbs died before his dream was ever realized.
Edited 2008-10-28 14:13 UTC
Even a system like that is simply not enough. It would be trivial to display the correct vote on the screen, both at the booth and over the net, and print the correct info on a paper receipt (which far too many people will simply not bother to check) but still tally up the vote to skew the results by greater than 5% or 10% in the end (scan-trons can do that too).
Recounts are usually only allowed if the vote tally is close enough (less than 3% or so, depending on the jurisdiction). Which leads to an easy solution for cheaters with e-voting machines – just steal it by greater than 3%.
Contrast that complicated, and expensive system with a hand filled out (verified by default) ballot, that is hand counted by many individual in a checked/balanced system. It’s far cheaper, and far more difficult to bribe that many people.
As for getting more immediate voting results – you need only consult the polls. When not using these silly voting machines, they are quite accurate – which should raise alarm bells for anyone following the madness over these expensive, ineffective electronic voting machines.
An open source voting system will not fix the problem with electronic voting.
The paper&pen system is only more secure because it requires a bit more effort to screw with.
A proper electronic voting system needs to allow citizens to trust their vote has been cast without having to trust the system used to cast the vote.
Any single person should be able to verify the whole election. This is likely possible to do with a system of public/private key cryptography. Which would actually be more secure than paper and pens because it would actually allow verification instead of just expecting the result is correct because it’s a bit difficult to subvert it.
– Jesse McNelis
There is no such thing as secure E voting.
At least with a paper ballot it can be verified.
How many articles on security holes, attacks, virus’s and worms and such have we read on OSnews? TOO many to trust with a vote.
It would be more likely that one typical group would tend to participate in voter fraud.
I really am struggling to understand this whole notion that there’s no possible way for it to be secure.
Why not apply the same logic to e-commerce, e-banking, EFTPOS, ATMs and so on? Heck, they even use wireless.
When there’s a will there’s a way and there also has to be a balance between cost and benefit.
Innovation, creation and the will to explore and move forward is what puts us humans ahead of all other species on earth. There IS a way, probably several, to have secure, reliable and auditable e-voting.. it’s just not thought of yet.
The problem is, in voting, you want voter anonymity, but still want to sum result correctly without duplicates. In bank transactions, it doesn’t matter (in fact, bank wants the transaction to be recorded). That’s why it’s so complex to devise a good voting system.
Is it really that hard? Authenticate the user, record their vote without any relation to date, time or individual.
Record elsewhere that the individual has voted with no relation to date, time or vote.
What you want is a hybrid system..
One that presents you with a screen, you cast your vote on the screen, the computer keeps a tally (quick count) and prints you a paper vote and a receipt both containing cryptographic hashes but no other identifying information…
You place the paper vote in a ballot box and keep the receipt.
Votes can be counted manually to verify the electronic count is correct, and you can verify your receipt against a database of votes to ensure your vote was counted correctly, making any problems easier to detect and prove… And if there are significant discrepancies the election should be declared void and redone.
Why e-banking can be more or less secure? Because of authentication! You check the fingerprint of the banks HTTPS certificate and the bank checks your login data and couple all your transactions to *your* account.
However, in voting you do not want this! You want your votes to by anonymous! Security in computer systems rely on things like authentication (besides encryption) etc. But you cannot use those things with e-voting.
You could never make any form of electronic voting that is as secure as pen & paper voting! Can you see how the bytes travel with you plain eyes? No. But you can see how the votes travel. Into a box that was empty before. Afterwards the votes are counted. Simple enough. Security in electronic systems depend on authentication! But your vote *has* to be anonymous! If it isn’t it’s not democracy.
What security measures do you need for storage the simple boxes before the election? None. What security measures do you need for the voting computers? A whole butload! Systems that display a hashcode (fingerprint) are no solution either. The fingerprint could be fake.
In Germany the Chaos Computer Club demonstrated the easy manipulation of voting computers made by the company “Nedap”:
http://www.heise.de/newsticker/CCC-legt-Abschlussbericht-zur-Wahlbe…
And the fact that poll worker usually are no IT experts is another problem. The keyboard/screen of a voting computer is a lot smaller than a big paper ballot that could be folded several times: The text on voting computers is a lot smaller and can not be read by elderly people.
Voting computers usually work as the following: 1. Press the button of your candidate. 2. press “enter” (or some kind of confirmation button).
The second step is often neglected by voters because they don’t know that they have to do it. So they did not vote at all!
Manipulations in paper systems are hard. You have to infiltrate a lot of polling stations and then statistical methods can detect the abnormalities. But it’s very easy for a single person to manipulate the voting computers at the producers site. You could even write it in a way, that it erases any trace of manipulation after the election ended!
Say no to voting computers! Computer based elections are no democratic elections! You loose the “openness” democratic elections need. Everyone can comprehend how paper based voting works. Electronic voting is only comprehended by programmers.
PS: Manipulated voting computers will use exactly the same algorithms one use to detect abnormalities, they’ll use the same statistical functions. Therefore such a manipulation stays undetected.
Even when you use a paper trail you need some indication that the voting was tampered with so the paper trail gets counted. In some countries/states where there are paper trails only the electronic votes are valid in therms of the law.
In Germany there was the idea of a electronic voting pen: It will read an invisible code from the paper when you make the X and count your vote. The problem is that the code is invisible. When you make manipulated ballots (where everywhere is the same code) a human can not detect this. You could forge such a ballot using a normal consumer scanner and printer!
Good grief, how complicated can this be ?
What about a system of punched cards ?
Yeah, but what about Florida?
In Denmark we still use good old paper ballots (usually a few yards long, though), and it works fine (a bit unwieldy on occasion).
Or what about the “ta-da” ballot?
…in the Philippines, e-voting is supposed to stop massive election fraud with manually counted paper ballots. No one seems to be too worried about making cheating easier.
In my opinion, Secure E-Voting is an oximoron.
I live in a state where there’s a saying, “In every cemetary, at least 10% of the people buried still actively vote in every election.”
And it’s the truth.
What good is having secure e-voting if proper identification and even the registration process is flawed?
Previous comments regaring a broken system are quite correct. There’s a lot of voter fraud involved with registration as well as who is actually casting the ballot.
My personal desire is to see the following:
1. Use of valid picture ID card when you arrive to vote. Many areas do NOT require proof of who you are in order to vote. No national ID card, just a state driver’s license.
2. Return to paper ballots for all elections. I believe that this is still the best system and election fraud is far less.
3. Allow people to register to vote at various agencies such as Post Offices, Police Stations, Libraries, etc. Wait! Some areas allow this! But not all.
4. Utilize Census data as a partial means of identification at registration or at elections.
5. Get rid of the agencies that register people to vote as they’re just another uneccessary cog in the over-weighted wheel.
My thoughts.
The Australian Electoral Commission an independent federal body oversees all Australian local, state and federal elections. All paper ballots are marked by hand with a soft pencil and kept for three years. The system works extremely well and election results are still known within a few hours of the polls closing.
There are no electronic or mechanical voting booths in Australia and they have never been seriously considered.
It is a legal requirement for all Australian citizens aged 18 and over to enrol and vote at state and federal elections.