Wisconsin Requires Open Source, Verifiable Voting

AdamBLang writes "Previously covered on Slashdot, Wisconsin Governor Jim Doyle today signed legislation that "will require the software of touch-screen voting machines used in elections to be open-source. Municipalities that use electronic voting machines are responsible for providing to the public, on request, the code used." Madison's Capital Times reports "the bill requires that if a municipality uses an electronic voting system that consists of a voting machine, the machine must generate a complete paper ballot showing all votes cast by each elector that is visually verifiable by the elector before he or she leaves the machine.""

This is amazing

[TubeSteak]

Municipalities that use electronic voting machines are responsible for providing to the public, on request, the code used.

This isn't like North Carolina requiring that the source be placed in escrow, they're actually requiring it be available to the public.

I can't wait to see what http://www.blackboxvoting.org/ [blackboxvoting.org] has to say about this one.

It means they won't have to jump through fucking hoops just to test the machine (like in California)

Re:ABOUT GODDAMN TIME!

[General Fault]

Nor should a voting system require a multi-function operating system like windows nt. Really, do we need something with more power than nasa had 10 years ago just for the ++ op of voting? See the solution that India [sepiamutiny.com] came up with. Cheap, simple, verifiable and easy to copy. Honestly, how many Mhz do you need to count a vote and how many MB do you need to store a tally?

PAPER RECEIPTS ARE BAD!

[justanyone]

There are two meanings for "paper receipts":
1. paper ballot which is the actual ballot, kept by the county clerk / election officials;
2. paper receipt, kept by the voter, proving they've voted and indicating who they voted for.

The latter concept is VERY BAD. It would encourage the ability of someone to buy an election by paying money or favors to someone in exchange for their receipt proving they voted for someone in particular.

This is the reason we have secret ballots - to make vote-buying quite difficult if not impossible.

Re:KISS

[hackstraw]

Being open source makes it tamper-resistent, not tamper-proof.

Somebody, probably not me or you will compile the final code to be run on some computer that we don't know the details of anyway. That somebody may know how to alter the code, maybe not.

I know of no way that a computer recount could happen without a paper trail.

Would it not be easier to just use a paper ballot in the first place?

I don't see how this is so difficult. Each voting place I've been to scratches off your name when you show up to vote off of a roster of registered voters, and there should be a total count of those registered which should equal the number of pieces of paper in the ballot box.

There can be simple large scantron type cards that are immediately sorted into something like X party, Y party and Z party, and maybe "other". These can be quickly gone though and if there was an X in the Y party box, something might be fishy. If the Z party box weighs more than the X party box which has more than Y, then Z won. It could counted if mass is that big of a controversy.

In this country, people have the right to anonymously vote for a particular candidate, but not to vote anonymously. It is known when you vote, and for good reason so that dead people don't go around voting over and over again or even live people.

What is so difficult with counting nominal data these days?

Re:KISS

[Joe U]

It would have helped if I actually pointed to a sample.

http://www.tulsacounty.org/documents/Dec13Sample.p df [tulsacounty.org]

Not really Open Source

[hweimer]

From TFB [state.wi.us]:

5.91 (19) The coding for the software that is used to operate the system on election day and to tally the votes cast is publicly accessible and may be used to independently verify the accuracy and reliability of the operating and tallying procedures to be employed at any election.

This is somewhat less than what is usually meant by the term "Open Source" [opensource.org]. But it seems that at least voting machines running a completely closed operating systems are ruled out.

Re:KISS

[skiflyer]

What is so difficult with counting nominal data these days?

It's not difficult to count nominal data these days, it's difficult to verify (to yourself and outsiders) that no one along the way has been able to modify the count. In the paper ballot days, a simple recount is what was offered, this addresses mistakes, and malicious counters who lie about what they tallied. But it doesn't help with ballot stuffing or tossing the box into the river... so then you could have the ballots inspected, and a committee would check for comparisons between vote totals and vote sign ins, and so and so forth.

One of the major difficulties with electronic tabulation is that if you keep it super simple, there's no great way to go back and verify. Everything is at the word of the computer.

As far as your scantron solution, that's great for a single ballot initiative, but last time I voted we had well over a hundred... do I fill out a hundred cards?

Re:KISS

[j. andrew rogers]

Something similar is done in Nevada, which is generally regarded as being clueful about preventing fraud in electronic machines thanks to many years of dealing with elaborate attempts at electronic gambling machine fraud. Much of the value of electronic voting machines are that they are inexpensive, fast, and theoretically less error-prone to manage compared to pre-printed paper ballots and other older methods.

While no voting system is fool-proof, the Nevada method is something like this: Electronic voting with a voter-verified paper receipt to ensure that what is on the paper is what was selected electronically by voter. The paper receipts are collected and a few percent of the total paper records are randomly and independently audited to verify the electronic records. The important thing that happens here is that the verification and authentication of the vote is distributed among multiple authorities, providing strong statistical evidence that an election was indeed counted as it was voted while providing no single point of failure or manipulation that is likely to go unnoticed. It also does not have the overhead of manually counting every single paper ballot.

This is actually a more robust voting protocol in many ways than the paper ballots it replaces. I do not know if Wisconsin is doing things precisely this way, but I imagine that they would use some variation of the Nevada protocol.

Not Open Source

[John Hasler]

> Wisconsin Governor Jim Doyle today signed legislation that "will
> require the software of touch-screen voting machines used in
> elections to be open-source."

The law does not require that the software be Open Source. It merely requires that voters be able to examine and test it.

BIG PROBLEM

[goombah99]

The problem here is that there are no open source voting machines on the market at this time. So what is going to happen?
In most cases they can't be since the OS is closed source. Moreover, federal certification is no longer just for stand alone voting machines but requires the whole "system" of vote counting and vote merging software to be certified. So even when the vote counters could be open source the vote databases may not be. Diebolds run on windows CE, ES&S ivotronics probably run on windows CE, ES&S opscans run on Qnix, sequoia touchscreen kiosks run on some undisclosed proprietary software and the ballot database software runs on windows. No word what Sequoia Optek/insights run on but again the ballot data bases run on windows.

thus these companies can't open their source since it's not theirs to open.

Accupol is built on linux and java so it could in principle be open source at their discretion. But because the accupols are cobbled together from mainly commodity components the company investors is averse to open sourcing their only real IP.

Not sure about avante and harte and unilect but it appears they contain windows software.

OVC is the only system truly designed with open source in mind. But it's not ready for sale yet.

Re:KISS

[gbobeck]

"In this country, people have the right to anonymously vote for a particular candidate, but not to vote anonymously. It is known when you vote, and for good reason so that dead people don't go around voting over and over again or even live people."

You've never dealt with the Chicago Board of Elections. Chicago is the only city in the US where the dead vote on a regular basis.

"There can be simple large scantron type cards that are immediately sorted into something like X party, Y party and Z party, and maybe "other". These can be quickly gone though and if there was an X in the Y party box, something might be fishy. If the Z party box weighs more than the X party box which has more than Y, then Z won. It could counted if mass is that big of a controversy."

Recently, the City of Chicago used a system where voters used punch-card systems (similar to the butterfly ballot used in Florida, but better laid out). Voters, after they finished punching their votes would feed them into a scanner and the vote would be counted. The only problem was that *some* election judges didn't spend the time going to basic training so they ended up telling the voters to re-feed their ballots into the machine numerous times, causing errors in the tallies.

Re:KISS

[Izaak]

And how do we know that the prinout matches whatever counter is
incremented within the computer?

Actually, the count of voters will also be tracked
independent of the machine. Voter registration is
checked before you vote. They check in a hardcopy
voter registration book that your name shows up
at the address you claim to be living at. You
need to show ID or something else with your address.
They then check you off as having voted by writing a
sequence number next your name. The number is not reliable
for determining how you voted because their are multiple
voting stations at each polling place and no way to
know which one you went to after making it through the
registration queue. Nevertheless, the total recorded
in the book must match the totals recorded in the
machines at the end of the night. It would be impossible
for the voting machine to add phantom votes to the paper
tape without it showing up when you check the registration
books.

I live in Wisconsin and have actually been a volunteer
poll observer. I am very happy to see this law, though
I still think optical scan machines are better for a
variety of reasons.

Later,

Thad

This is the one state...

[dimension6]

...whose senator [senate.gov] actually voted against the Patriot Act.

Re:KISS

[AKAImBatman]

TRue. Some states didn't even have voting until a hundred or so years after the United States was founded. There is, in fact, no Constitutional requirement that any State of the Union provide voting to any person or persons. Each state gets its allotted number of electorial votes, then it's up to the state to figure out how to allocate them.

That being said, most states I've lived in require voter registration to prevent fraud. North Dakota probably doesn't because it doesn't need it as much. No offense to you guys, but it's not like there are that many people for each voting station to sort through. Even when I lived in Wisconsin (which *does* require registration), everyone knew everyone well enough to keep fraud out. :-)

Re:KISS

[mrhartwig]

From what I understand, the hanging chads were most likely the result of voter fraud by the election officials in charge.

Bullshit. While I happen to suspect that there was some fraud in the 2000 election (in Florida along with a bunch of other places) this sounds like nothing more than a Conspiracy Theory, knee-jerk, reaction.

We use the same ballot system here in my little corner of Missouri, and I assure you that it's very possible to leave a chad hanging, even with the "approved" punch device that's part of the voting station. No icepick required.

If you did use an icepick in the manner described in the parent, you couldn't do very many cards at once; there would be quite obvious damage around the hole, as the icepick would be significantly bigger than the chad hole. And the wrong shape (round vs. rectangular).

I don't remember if I'm making this up, but I believe our instructions include a step having you check to make sure all the chads have been totally punched out. If we do have such an instruction, I don't know if it was there before 2000. But I've always checked, instruction or not; it's not that complicated. :-)

Also to add an on-topic comment; Wisconsin's law is a great step, but I agree with other posters that a much better system would be to make the vote generation device separately from the vote counting device.

Slot machines more secure than voting machines

[Anonymous Coward]

In Nevada, among other security measures, the state has a copies of the code used in all slot machines and audits machines to make sure they haven't been modified from the reference versions. Gamblers can request an immediate investigation of any machine they believe may have cheated them. After all, money is at stake. It would be nice to have at least the same level of security for our vote.

  Links to NY Times article "MAKING VOTES COUNT - Gambling on Voting",
  contrasting slot machine and voting machine security

http://theory.lcs.mit.edu/~rivest/voting/press/nyt /2004-06-13%20NYT%20Gambling%20on%20Voting.pdf [mit.edu] (PDF)
http://www.ejfi.org/Voting/Voting-31.htm [ejfi.org] (no registration required)
http://www.nytimes.com/2004/06/13/opinion/13SUN1.h tml [nytimes.com] (registration required)