Wisconsin Requires Open Source, Verifiable Voting

AdamBLang writes "Previously covered on Slashdot, Wisconsin Governor Jim Doyle today signed legislation that "will require the software of touch-screen voting machines used in elections to be open-source. Municipalities that use electronic voting machines are responsible for providing to the public, on request, the code used." Madison's Capital Times reports "the bill requires that if a municipality uses an electronic voting system that consists of a voting machine, the machine must generate a complete paper ballot showing all votes cast by each elector that is visually verifiable by the elector before he or she leaves the machine.""

KISS

[grub (11606)]

[T]he machine must generate a complete paper ballot showing all votes cast by each elector that is visually verifiable by the elector before he or she leaves the machine.

And how do we know that the prinout matches whatever counter is incremented within the computer? Being open source makes it tamper-resistent, not tamper-proof. Would it not be easier to just use a paper ballot in the first place? Then any recount could be performed against the actual ballots cast, not as a spot check against computer (glitches|fraud).

Re:KISS

[McGiraf (196030)]

if there is a doubt you ask for a recount and count .... the paper ballots!

duh ..

Re:KISS

[grub (11606)]

"if". Being that leadership of government is being determined, I'd prefer the actual cast ballots be counted. Canada does it in a few hours with 1/10th the US population (and the public can view the count I believe)

Re:KISS

[hazem (472289)]

What I've always thought would be a good idea would be a computer to help generate the ballot, and then a separate computer to count those ballots.

This offers the advantages of multi-language ballots with brail, audio prompts, etc. And the resulting ballot is standardized so it can be read by both machine and human - and no "hanging chads".

The ballots can then be easily counted by another machine - and human validated as necessary.

The ballot-generating computer never needs to "count" - but it could do so as a spot check against the counting computer.

Re:KISS

[cortana (588495)]

Like EVM2K3 [sourceforge.net]? :)

Re:KISS

[mooneyd (233024)]

That's exactly how it should be done. Use a touch screen to make your choices, it prints out a op-scannable ballot you can hold in your hand and verify. You then stick it in one of two slots: the scanner slot or the shredder slot. That action will either confirm or reject your vote inherantly. If you reject the ballot, you can go through it again on the touchscreen, otherwise you are done.

And the machines should be developed by national research labratory in a completely open and transparent way. The source code, design plans and manufacturing process would be completely auditable by the public. No corporate control of voting machines. No security through obscurity.

Re:KISS

[hackstraw (262471)]

I wish I was on a website with computer geeks.

"hanging chads"

Bullshit. Punchcards were first made in the early 1800's and then used more commonly by big computer companies like IBM in the late 1800's. They were not used after the late 70's because they sucked. I work with people that used punch cards to program computers. They never talk about "chads" they talk about things like getting cards out of order, dropping them on the ground and not being able to edit them once made. They don't talk about "chads", those are invented words for the 2000 election well after nobody used punchcards for over 20 years.

I've taken a number of standardized tests for over 20 years that have never, ever used punchcards or had hanging chads. They were all done with standard #2 pencils and a piece of paper that could scan them at remarkable speeds and accuracy. I'm sure somebody could counter with a time that one kid had his SAT score off by a point or two out of 1600 or the 2400 or whatever it is now, but AFAK they are beyond human accuracy, and never, ever have "chad" issues.

So, why all the talk and fuss about this stuff? Are elections routinely rigged? Is this the new terrorist plot? Are the scantron type ballots that I have used rigged or wrong? Are the mechanical vote counters rigged or wrong? Was the President of the United States chosen by popular ballot in 2000? Does it even matter?

The more this disinformation keeps us busy, it makes those who really matter in these matters more free to have more room to do whatever they want to do.

I don't believe its any more difficult to count nominal data accurately than it ever was. Its the people that do the counting that are always variable, and will always be.

Re:KISS

[mrhartwig (61215)]

From what I understand, the hanging chads were most likely the result of voter fraud by the election officials in charge.

Bullshit. While I happen to suspect that there was some fraud in the 2000 election (in Florida along with a bunch of other places) this sounds like nothing more than a Conspiracy Theory, knee-jerk, reaction.

We use the same ballot system here in my little corner of Missouri, and I assure you that it's very possible to leave a chad hanging, even with the "approved" punch device that's part of the voting station. No icepick required.

If you did use an icepick in the manner described in the parent, you couldn't do very many cards at once; there would be quite obvious damage around the hole, as the icepick would be significantly bigger than the chad hole. And the wrong shape (round vs. rectangular).

I don't remember if I'm making this up, but I believe our instructions include a step having you check to make sure all the chads have been totally punched out. If we do have such an instruction, I don't know if it was there before 2000. But I've always checked, instruction or not; it's not that complicated. :-)

Also to add an on-topic comment; Wisconsin's law is a great step, but I agree with other posters that a much better system would be to make the vote generation device separately from the vote counting device.

Re:KISS

[Dutchmaan (442553)]

We can only move in the right direction.. This is a positive step to be sure, and as flaws in this system reveal themselves we will take further steps toward refining the process of preserving intergrity in the voting system.

The perfect democracy is a goal and can never really be perfectly attained... but it serves as a compass to keep us going in the right direction.

Re:KISS

[SatanicPuppy (611928)]

I'm all about e-voting, but the way it's shaped up, I'm going to have to agree with you. Everybody fills it out with a #2 pencil, fill in the WHOLE bubble Grandma, then put your thumbprint in the corner, and stuff it in the nice locked box.

Even that probably isn't truly secure in our system. The joker who picks up the boxes will lob a couple in the lake on the way to get them counted.

Re:KISS

[kfg (145172)]

. . .put your thumbprint in the corner . . .

No.

KFG

Re:KISS

[Rude Turnip (49495)]

To elaborate on kfg's comment..."No. I'd rather not give my employer or corrupt union leader a way of tracing my ballot back to me. I appreciate my status of being employed and only wish to have my bones broken due to a skiing accident."

Re:KISS

[HUADPE (903765)]

Agreed. One of the major tenets of democratic voting is the secret ballot. This is in and of itself a problem with electronic voting because the order of votes can be counted as well as the votes themselves. A determined individual can then match the order and time of votes to individuals as they signed in to the polling place. Non-secret ballots can allow for voter intimidation (will the new mayor fire people who voted against him?)

Re:KISS

[AKAImBatman (238306)]

Your system really isn't any different than the one in the US. In the US, you must first register to vote. This only needs to be done once, after which the voting place will expect you. As soon as you check in, your name is crossed out and you're given a ballot. That ballor has no identifying information, thus securing your right to a secret ballot. If a recount goes into effect, two things can happen:

1) The ballots themselves are recounted
2) The voters who showed up are verified to ensure that no one voted who shouldn't have. (e.g. Dead people.)

The system is tedious, but it works. The problem that has arisen, however, is that districts want to streamline voting by using electronic ballots. Since it can be difficult to *prove* that a counted vote wasn't changed after the fact, we have various stories like this one pointing out the many problems with E-Voting.

Re:KISS

[AKAImBatman (238306)]

Mod parent up:

100% Correct
100% American
100% Insightful

Remember that one of the key points in an election is anonymous ballots. The entire point is that someone can't hold a gun to your head (or hold your family hostage, blackmail you, or do millions of other nasty things) to force you to vote the way they want you to. The moment a ballot can be traced back to its owner is the day our entire system will collapse.

Re:KISS

[cait56 (677299)]

That's why you also need a write-only audit trail produced
before the voter leaves the booth. A second paper copy is
certainly one form of a write-only audit trail.

Keep in mind that paper-ballots were far from perfect.
Counters could and did vote for people who neglected
to fill in for some contests, and/or create extraneous
marks on the ballot to make it retroactively ambiguous.

A print-out with full candidate names is a lot harder
to alter than a pre-printed form with Xs inside of boxes.

Re:KISS

[blazer1024 (72405)]

Voting systems are only as good as the people administering them. Even with the most super-secure systems, if you pay/kill off enough of the right people, it doesn't matter what the vote really was. Especially if you screw with random polling on television so it *looks* like the vote is going to head in the direction you want it to, as well... nobody's going to question the local news station's informal polls anyway.

If all that fails, just get plenty of dead people to vote. That what they do here in Albuque

Re:KISS

[hackstraw (262471)]

Being open source makes it tamper-resistent, not tamper-proof.

Somebody, probably not me or you will compile the final code to be run on some computer that we don't know the details of anyway. That somebody may know how to alter the code, maybe not.

I know of no way that a computer recount could happen without a paper trail.

Would it not be easier to just use a paper ballot in the first place?

I don't see how this is so difficult. Each voting place I've been to scratches off your name when you show up to vote off of a roster of registered voters, and there should be a total count of those registered which should equal the number of pieces of paper in the ballot box.

There can be simple large scantron type cards that are immediately sorted into something like X party, Y party and Z party, and maybe "other". These can be quickly gone though and if there was an X in the Y party box, something might be fishy. If the Z party box weighs more than the X party box which has more than Y, then Z won. It could counted if mass is that big of a controversy.

In this country, people have the right to anonymously vote for a particular candidate, but not to vote anonymously. It is known when you vote, and for good reason so that dead people don't go around voting over and over again or even live people.

What is so difficult with counting nominal data these days?

Re:KISS

[skiflyer (716312)]

What is so difficult with counting nominal data these days?

It's not difficult to count nominal data these days, it's difficult to verify (to yourself and outsiders) that no one along the way has been able to modify the count. In the paper ballot days, a simple recount is what was offered, this addresses mistakes, and malicious counters who lie about what they tallied. But it doesn't help with ballot stuffing or tossing the box into the river... so then you could have the ballots inspected, and a committ

Re:KISS

[oni (41625)]

Just off the top of my head, I would say:
Give the voter a receipt that consists of, 1) a long randomly generated ReceiptID, 2) a plaintext record of the vote (as in, "you voted for Kodos"), and 3) a cryptographic signature.

So in other words, I have a peice of paper that I get to take home with me and on that peice of paper is written:
------ Begin PHP Signed Text -----
ReceiptID 243524534523423454345234234
Voted For: Kodos
------ Begin PHP Signatre Block -----
(signature here)
------ End PHP Signatre Block -----
------ End PHP Signed Text -----

After the election, you can publish the ReceiptIDs and vote records on a website. Anyone who wants to verify the authenticity of the election can tally all the votes themselves. If I want to make sure that MY vote counted, I can look it up. If I see that they changed my vote, I can come forward with my reciept. I can't change my receipt because it's crytographically signed. Nobody can find out who I am because my reciept number has nothing at all to do with me, it's just a random unique number.

(why is it that this stuff always seems easy to us slashdotians? Why do corporations always make it so complicated and broken??)

Re:KISS

[hazem (472289)]

The problem with a receipt is that it can then be used to make sure you voted a certain way.

corrupt boss: Joe, have fun voting, and be sure to bring back your receipt so I can know how you voted and decide if I'm going to fire you. Oh yeah, and if you don't have a receipt, I'll fire you.

Re:KISS

[sam1am (753369)]

As has been mentioned elsewhere; this is a bad idea, because you could be "persuaded" to share your receipt number with someone else, who could use it to verify you voted a certain way.

Guy sets up booth taking receipts that prove a vote for candidate A, you get $10.

Or more insidious, your boss tells you you need to vote for candidate A. In order to obtain your next paycheck, you must show your receipt that you voted for candidate A.

Once you leave the polling place, you should not be able to verify your vote to yourself or anyone else.

(Now, if you took that receipt and dropped it in the ballot box on the way out of the polling place, that's another story)

Re:KISS

[kernelpanicked (882802)]

------ Begin PHP Signed Text -----
ReceiptID 243524534523423454345234234
Voted For: Kodos
------ Begin PHP Signatre Block -----
(signature here)
------ End PHP Signatre Block -----
------ End PHP Signed Text -----

I think what you're looking for is 'PGP" signed, but hen again some folks will use php for damn near anything.

Re:KISS

[iluvcapra (782887)]

Well, if you're using PHP, I know exactly how I'd vote:

Enter your vote below:

Kodos; INSERT INTO votes ('candidate') VALUES ('Kodos'); INSERT INTO votes ('candidate') VALUES ('Kodos'); INSERT INTO votes ('candidate') VALUES ('Kodos'); INSERT INTO votes ('candidate') VALUES ('Kodos'); INSERT INTO votes ('candidate') VALUES ('Kodos'); INSERT INTO votes ('candidate') VALUES ('Kodos');INSERT INTO votes ('candidate') VALUES ('Kodos'); INSERT INTO votes ('candidate') VALUES ('Kodos');

Etc...

Re:KISS

[j. andrew rogers (774820)]

Something similar is done in Nevada, which is generally regarded as being clueful about preventing fraud in electronic machines thanks to many years of dealing with elaborate attempts at electronic gambling machine fraud. Much of the value of electronic voting machines are that they are inexpensive, fast, and theoretically less error-prone to manage compared to pre-printed paper ballots and other older methods.

While no voting system is fool-proof, the Nevada method is something like this: Electronic voting with a voter-verified paper receipt to ensure that what is on the paper is what was selected electronically by voter. The paper receipts are collected and a few percent of the total paper records are randomly and independently audited to verify the electronic records. The important thing that happens here is that the verification and authentication of the vote is distributed among multiple authorities, providing strong statistical evidence that an election was indeed counted as it was voted while providing no single point of failure or manipulation that is likely to go unnoticed. It also does not have the overhead of manually counting every single paper ballot.

This is actually a more robust voting protocol in many ways than the paper ballots it replaces. I do not know if Wisconsin is doing things precisely this way, but I imagine that they would use some variation of the Nevada protocol.

BIG PROBLEM

[goombah99 (560566)]

The problem here is that there are no open source voting machines on the market at this time. So what is going to happen?
In most cases they can't be since the OS is closed source. Moreover, federal certification is no longer just for stand alone voting machines but requires the whole "system" of vote counting and vote merging software to be certified. So even when the vote counters could be open source the vote databases may not be. Diebolds run on windows CE, ES&S ivotronics probably run on windows CE, ES&S opscans run on Qnix, sequoia touchscreen kiosks run on some undisclosed proprietary software and the ballot database software runs on windows. No word what Sequoia Optek/insights run on but again the ballot data bases run on windows.

thus these companies can't open their source since it's not theirs to open.

Accupol is built on linux and java so it could in principle be open source at their discretion. But because the accupols are cobbled together from mainly commodity components the company investors is averse to open sourcing their only real IP.

Not sure about avante and harte and unilect but it appears they contain windows software.

OVC is the only system truly designed with open source in mind. But it's not ready for sale yet.

Re:KISS

[deblau (68023)]

And how do we know that the prinout matches whatever counter is incremented within the computer?

We don't, other than by inspecting the source. Once we cast our vote using a paper ballot, how do we know it was actually counted? We don't, other than by having observers present. Source inspection is the digital analogue of human election observers.

IMHO, having computers count is more accurate than having people count. Remember, as Stalin may or may not have said [about.com], "those who cast the votes decide nothing; those who count the votes decide everything." Florida 2000 and Ohio 2004 showed us that. Computers have no motivation to lie, and I can inspect a computer's source code. I can't inspect the mind of the person counting my paper ballot. To me, computers have more accountability.

Re:KISS

[Rich0 (548339)]

Agreed - the simplest and most efficent solution is full automation with some percentage of completely random auditing.

In each state pick 10 precients at random, and count every last vote in them - they better agree to the automated total.

The proposal to always count them manually amounts to 100% auditing. Sure, it works, but it really isn't necessary. In fact, it is likely to have a higher error rate since there is no value being checked against (unless you have two independant groups count all the votes separately and submit separate counts which are then cross-checked).

Have each machine programmed, assembled, and sealed by an individual who signs some dotted line. If the count turns out wrong, the machine gets a major investigation. If there is fraud, the individual gets sent to prison with an opportunity to somewhat reduce his sentence by singing like a canary.

The EU uses systems like this for drug imports. If you want to certify a lot of manufactured drugs as safe for use in Europe, you have to have an EU citizen sign on the final line. The logic is that there is at least somebody personally accountable for the action who lives in the EU jurisdiction. In the same way, if a megacorp builds a bridge there is still an individual engineer signing each drawing.

The key to law enforcement is individual accountability. No need to waste huge amounts of money counting every vote by hand. You just need to make sure the system fosters accountability. If you check 5% of the precients across the country the chance of any widespread fraud going uncaught is very low. Once widespread fraud is detected you would of course count every last piece of paper three times, and send the bill to the perpetrators...

That's great, but

[LodCrappo (705968)]

unfortunately you will still have to vote for either a republican, a democrat, or someone who will lose.

ABOUT GODDAMN TIME!

[Mattness (636060)]

Paper receipts should be a no brainer, as should be open source software for voting machines. Too bad this isn't occurring in every state, yet. Or is it? I am an ignorant person about this topic. Someone enlighten me.

Re:ABOUT GODDAMN TIME!

[SilverspurG (844751)]

will require the software of touch-screen voting machines used in elections to be open-source.

Likely, the moment the lobbyists get their move on this, open source will be redefined to be source code printed on punch cards submitted to the state archives under an NDA to be kept in a vault next to Hoffa's shoes and The Ring of Power.

The printed receipt is fine. Governments have known how to manipulate those for centuries.

Re:ABOUT GODDAMN TIME!

[General Fault (689426)]

Nor should a voting system require a multi-function operating system like windows nt. Really, do we need something with more power than nasa had 10 years ago just for the ++ op of voting? See the solution that India [sepiamutiny.com] came up with. Cheap, simple, verifiable and easy to copy. Honestly, how many Mhz do you need to count a vote and how many MB do you need to store a tally?

PAPER RECEIPTS ARE BAD!

[justanyone (308934)]

There are two meanings for "paper receipts":
1. paper ballot which is the actual ballot, kept by the county clerk / election officials;
2. paper receipt, kept by the voter, proving they've voted and indicating who they voted for.

The latter concept is VERY BAD. It would encourage the ability of someone to buy an election by paying money or favors to someone in exchange for their receipt proving they voted for someone in particular.

This is the reason we have secret ballots - to make vote-buying quite difficu

Unfortunately,

[Sheetrock (152993)]

There's also a provision that the voting machines be made out of cheddar.

Uh oh! I see the next calamity approaching!

[mister_llah (891540)]

So instead of people who can't figure out how to punch the proper hole, now we'll have people pushing the wrong button, accidentely pushing the "Are you sure?" prompt's "OK" ....

Oh wait, whew, Wisconsin, not Florida...

This is amazing

[TubeSteak (669689)]

Municipalities that use electronic voting machines are responsible for providing to the public, on request, the code used.

This isn't like North Carolina requiring that the source be placed in escrow, they're actually requiring it be available to the public.

I can't wait to see what http://www.blackboxvoting.org/ [blackboxvoting.org] has to say about this one.

It means they won't have to jump through fucking hoops just to test the machine (like in California)

Doesn't precude bar codes

[justanyone (308934)]

There seems to be (happily) no preclusion of printing bar codes indicating the choices underneath the names of the candidates. This should allow for rapid and accurate scanning and counting. Ballots can be verified by hand or other (possibly 3rd party) means to prove that the bar codes equal the name on the ballot.

This will speed up and make more accurate the counting vs. OCR of the candidates' names.

Nonsense

[bheading (467684)]

It hardly matters if it is open source. Who will compile it before it is uploaded to the machine ? Who will check that the correct software is loaded ? Who will check the guy doing the checking ?

Automated vote counting of any kind - electronic or mechanical - makes fraud considerably easier, puts a mystery shroud around the counting process and as such is incompatible with democracy. In the UK we count all the votes in our elections within 12 hours including the odd recount. Why are Americans obsessed with diluting their democracy by using machines to do it ?

Re:Nonsense

[Whafro (193881)]

the board of elections in your local municipality (depending on state, etc) is responsible for choosing the machines and the software. These are either elected officials or are appointed by elected officials, and therefore responsible for representing your interests.

The Board of Elections is responsible for ensuring that the correct software is loaded, and you, as a voter, will check the Board of Elections.

Elections don't just happen, they are overseen by people you put there, directly or indirectly.

The op

Re:Nonsense

[bheading (467684)]

the board of elections in your local municipality (depending on state, etc) is responsible for choosing the machines and the software. These are either elected officials or are appointed by elected officials, and therefore responsible for representing your interests.

Presumably they're elected in a vote which will be counted by one of the electronic machines they've bought ? What makes you convinced that corruption or (more realistically) incompetence cannot interfere with the result of an election ? Do you

Re:Nonsense

[AeroIllini (726211)]

I don't get why you guys are coming off with this kind of response KNOWING how in Florida 2000 we all got to see how it did NOT work, and how people got confused or thrown off by their poor understanding of how it DID work. Through what may be deliberate fiddling, or more likely incompetence, the ballot paper in parts of Florida made it potentially unclear to some people who they were voting for, and unclear to those counting the votes who the voter had actually voted for. That is what I call a total farce, and it couldn't have happened if the election had been conducted using a simple sheet of paper with a handwritten X scrawled next to the chosen candidate.

I agree with you whole-heartedly, but there are several factors keeping things from being that simple.

The ballots here in the US usually contain a huge number of elections. In the last presidential election, we were asked not only to vote for the president, but also for congressmen, judges, city councilmen, county board members, and other various municipal elected officials, not to mention the three to five different local resolutions on each ballot. The butterfly ballot system (which became famous in Florida in 2000 for the Pat Buchanan situation) is simply a way to condense a large amount of information in an anonymous way onto a small ballot card. These things are literally books, usually with ten or more pages of elections to vote for. It's not a perfect system, certainly, but putting all the same information on a single sheet of paper with room for marking a candidate, clearly delimiting the various elections taking place, allowing for instructions in both English and Spanish, and making the text large enough to read makes for a rather large sheet of paper. And asking people to read candidates off one sheet and mark their choice on another sheet creates all the same confusion and problems people had with the butterfly ballots.

I think our best bet in the US for paper ballots is to create printed booklets with instructions and a single election on each page. The actual listed candidates and boxes for marking a vote would be contained on a perforated sheet like a coupon, which the voter rips out and stuffs in the ballot box. The voter would keep the booklet after voting. The creation of these booklets could be automated without much fuss; each municipality could retrieve their booklets as a PDF file and have them printed and stapled before the election. It's not like ballots are secret until the day of the election.

But truly, in any voting system, accuracy boils down to the skill of the people recording the votes. In paper voting, that means the people counting, the people recording the votes, the people calling in the numbers to state headquarters, and the people assisting voters with questions. In computerized voting, that means the people who designed and built the hardware, the people who wrote the firmware, the people who wrote the software, and the people in charge of the networks doing the reporting to a central agency. Mistakes will be made, and recounts will happen. If automation does not help fix the mistakes that are made, and in fact creates many more problems, then it is not worth the trouble.

Re:Nonsense

[killmenow (184444)]

Why are Americans obsessed with diluting their democracy by using machines to do it ?

Shhh! It's easier to control the populace this way. Now shut up!

buried in the legalese

[revery (456516)]

the bill requires that if a municipality uses an electronic voting system that consists of a voting machine, the machine must generate a complete paper ballot showing all votes cast by each elector that is visually verifiable by the elector before he or she leaves the machine.

Of course buried in the legalese was the rest of the bill:

The vote-tallying software shall be closed source and shall be owned in whole by Diebold. As such, the printed ballot shown to elector may have no bearing on actual vote recorded. Names may be substituted based on (1) party of candidate (2) intelligence of choice (3) corruption in district (4) time of day (5) OR if you live in Palm Beach or Broward County, pure whimsy. Additionally, elector may be fined or audited based on vote case, or in extreme cases, placed on the National Do-Not-Fly list and scheduled for investigation by the Department of Homeland Security.

Democracy run amok!

[second class skygod (242575)]

They're acting as if they want to avoid rampant abuse and fraud. While it sounds great, I don't think America is ready for such a radical notion.

-- scsg

Federal Mandate Time

[Kefaa (76147)]

Can someone explain why we can standardize street signs and the amount of sugar allowed in school lunches but we cannot get a standardized election system?

After the 2000 election debacle, we had money thrown at the states to "fix the problem." So we ended up with 35 different solutions.

A simple federal mandate - the voter must be verifiable, their vote must be able to be able to be authenticated after they leave the booth, in the event of a recount and the system can be fully audited. Instead, we have systems with no paper trails, questionable vendor operations, and seemingly contradictory election results.

We can make millions of secure stock sales, bank transfers and on-line purchases daily, and we cannot get a vote counted and auditable? The people who produced these machines should be fired for stupidity and forced to return our money.

Re:Federal Mandate Time

[User 956 (568564)]

After the 2000 election debacle, we had money thrown at the states to "fix the problem." So we ended up with 35 different solutions.

Only 35 solutions? I'm pretty sure we have more states than that... Are you using wikipedia for reference again?

Not really Open Source

[hweimer (709734)]

From TFB [state.wi.us]:

5.91 (19) The coding for the software that is used to operate the system on election day and to tally the votes cast is publicly accessible and may be used to independently verify the accuracy and reliability of the operating and tallying procedures to be employed at any election.

This is somewhat less than what is usually meant by the term "Open Source" [opensource.org]. But it seems that at least voting machines running a completely closed operating systems are ruled out.

Not the count, but the recount that's important...

[Ramses0 (63476)]

"""How do you recount? Election results must be reproduceable by a human afterwards, especially if a virus or spyware got into the election results (either on purpose, or with malicious intent). Open Voting has this part figured out by producing a paper ballot that can be validated without the use of a computer, or you can use a computer to check it faster."""

http://www.robertames.com/blog.cgi/entries/links/v ote-hacking-2004.html [robertames.com]

Links have broken with time, but here's an updated link to Open Voting...

http://www.openvotingconsortium.org/modules.php?na me=FAQ&myfaq=yes&id_cat=11&categories=Security%2C+ Resiliency%2C+Integrity%2C+Reliability [openvotingconsortium.org]

Their systems are reallly neat and they've had a lot of smart people looking at the problem. I've not been involved in it, but have read some of their documentations, and promised myself that I'd speak up and give them google-juice anytime voting came up. Some highlights:

    - Commodity hardware / software

    - Open source code

    - Paper "receipts" that can be verified by:

        * Sight

        * Barcode

        * Audio / Visual

        * Separate "reader / recounter"

    - Accurate computer counts (ie: select count(*) from votes group by person)

    - Paper trail for recounts (re-count manually or computer assisted the receipts), with useful information hidden in the water-marked receipts (kindof like scantron stuff, where both computers and humans can read it). ...all in all it seems like a pretty good system and like I said they've done a lot of thinking about it.

--Robert

Not Open Source

[John Hasler (414242)]

> Wisconsin Governor Jim Doyle today signed legislation that "will
> require the software of touch-screen voting machines used in
> elections to be open-source."

The law does not require that the software be Open Source. It merely requires that voters be able to examine and test it.

Re:This should not be news.

[Spy der Mann (805235)]

...but sadly, it is.

AH! But then it's GOOD NEWS! :)