Wisconsin Requires Open Source, Verifiable Voting 375
AdamBLang writes "Previously covered on Slashdot, Wisconsin Governor Jim Doyle today signed legislation that "will require the software of touch-screen voting machines used in elections to be open-source. Municipalities that use electronic voting machines are responsible for providing to the public, on request, the code used." Madison's Capital Times reports "the bill requires that if a municipality uses an electronic voting system that consists of a voting machine, the machine must generate a complete paper ballot showing all votes cast by each elector that is visually verifiable by the elector before he or she leaves the machine.""
KISS (Score:5, Insightful)
[T]he machine must generate a complete paper ballot showing all votes cast by each elector that is visually verifiable by the elector before he or she leaves the machine.
And how do we know that the prinout matches whatever counter is incremented within the computer? Being open source makes it tamper-resistent, not tamper-proof. Would it not be easier to just use a paper ballot in the first place? Then any recount could be performed against the actual ballots cast, not as a spot check against computer (glitches|fraud).
ABOUT GODDAMN TIME! (Score:3, Insightful)
Re:KISS (Score:3, Insightful)
duh
Re:KISS (Score:5, Insightful)
The perfect democracy is a goal and can never really be perfectly attained... but it serves as a compass to keep us going in the right direction.
Doesn't precude bar codes (Score:3, Insightful)
This will speed up and make more accurate the counting vs. OCR of the candidates' names.
Re:KISS (Score:3, Insightful)
Even that probably isn't truly secure in our system. The joker who picks up the boxes will lob a couple in the lake on the way to get them counted.
Re:KISS (Score:3, Insightful)
"if". Being that leadership of government is being determined, I'd prefer the actual cast ballots be counted. Canada does it in a few hours with 1/10th the US population (and the public can view the count I believe)
Re:KISS (Score:4, Insightful)
before the voter leaves the booth. A second paper copy is
certainly one form of a write-only audit trail.
Keep in mind that paper-ballots were far from perfect.
Counters could and did vote for people who neglected
to fill in for some contests, and/or create extraneous
marks on the ballot to make it retroactively ambiguous.
A print-out with full candidate names is a lot harder
to alter than a pre-printed form with Xs inside of boxes.
Re:KISS (Score:5, Insightful)
No.
KFG
Re:KISS (Score:3, Insightful)
If all that fails, just get plenty of dead people to vote. That what they do here in Albuquerque anyway.
Re:KISS (Score:5, Insightful)
Re:KISS (Score:3, Insightful)
100% Correct
100% American
100% Insightful
Remember that one of the key points in an election is anonymous ballots. The entire point is that someone can't hold a gun to your head (or hold your family hostage, blackmail you, or do millions of other nasty things) to force you to vote the way they want you to. The moment a ballot can be traced back to its owner is the day our entire system will collapse.
What about .... (Score:1, Insightful)
Also, just because you publish some source, that is no guarantee that that was the source that went into creating the binaries that are being executed. Are they going to use a mechanism to verify that a vendor publishes the exact source? Are they going to force vendors to react to bugs found within a specific timeframe. After all, someone examining the source could find a problem and potentially use it as an exploit, this usually isn't an issue because you're banking on someone else also finding the problem and being open/honest about it, but for something like voting, is that good enough? It seems like a lot of focus is being given to it being open source, but is ignoring other software deployment issues.
Re:KISS (Score:4, Insightful)
Give the voter a receipt that consists of, 1) a long randomly generated ReceiptID, 2) a plaintext record of the vote (as in, "you voted for Kodos"), and 3) a cryptographic signature.
So in other words, I have a peice of paper that I get to take home with me and on that peice of paper is written:
------ Begin PHP Signed Text -----
ReceiptID 243524534523423454345234234
Voted For: Kodos
------ Begin PHP Signatre Block -----
(signature here)
------ End PHP Signatre Block -----
------ End PHP Signed Text -----
After the election, you can publish the ReceiptIDs and vote records on a website. Anyone who wants to verify the authenticity of the election can tally all the votes themselves. If I want to make sure that MY vote counted, I can look it up. If I see that they changed my vote, I can come forward with my reciept. I can't change my receipt because it's crytographically signed. Nobody can find out who I am because my reciept number has nothing at all to do with me, it's just a random unique number.
(why is it that this stuff always seems easy to us slashdotians? Why do corporations always make it so complicated and broken??)
Federal Mandate Time (Score:5, Insightful)
After the 2000 election debacle, we had money thrown at the states to "fix the problem." So we ended up with 35 different solutions.
A simple federal mandate - the voter must be verifiable, their vote must be able to be able to be authenticated after they leave the booth, in the event of a recount and the system can be fully audited. Instead, we have systems with no paper trails, questionable vendor operations, and seemingly contradictory election results.
We can make millions of secure stock sales, bank transfers and on-line purchases daily, and we cannot get a vote counted and auditable? The people who produced these machines should be fired for stupidity and forced to return our money.
Re:KISS (Score:4, Insightful)
And the machines should be developed by national research labratory in a completely open and transparent way. The source code, design plans and manufacturing process would be completely auditable by the public. No corporate control of voting machines. No security through obscurity.
Re:KISS (Score:5, Insightful)
corrupt boss: Joe, have fun voting, and be sure to bring back your receipt so I can know how you voted and decide if I'm going to fire you. Oh yeah, and if you don't have a receipt, I'll fire you.
Re:KISS (Score:5, Insightful)
Guy sets up booth taking receipts that prove a vote for candidate A, you get $10.
Or more insidious, your boss tells you you need to vote for candidate A. In order to obtain your next paycheck, you must show your receipt that you voted for candidate A.
Once you leave the polling place, you should not be able to verify your vote to yourself or anyone else.
(Now, if you took that receipt and dropped it in the ballot box on the way out of the polling place, that's another story)
There isn't a voter name on the receipt, RTFP (Score:2, Insightful)
Although that would work on incredibly stupid voters, simple intimidation usually works on them anyway.
Voters with half a brain cell copy, forge or borrow a receipt to show to the boss.
There's no voter name on the receipt, thus no way for the boss to know how YOU voted.
Re:KISS (Score:4, Insightful)
In each state pick 10 precients at random, and count every last vote in them - they better agree to the automated total.
The proposal to always count them manually amounts to 100% auditing. Sure, it works, but it really isn't necessary. In fact, it is likely to have a higher error rate since there is no value being checked against (unless you have two independant groups count all the votes separately and submit separate counts which are then cross-checked).
Have each machine programmed, assembled, and sealed by an individual who signs some dotted line. If the count turns out wrong, the machine gets a major investigation. If there is fraud, the individual gets sent to prison with an opportunity to somewhat reduce his sentence by singing like a canary.
The EU uses systems like this for drug imports. If you want to certify a lot of manufactured drugs as safe for use in Europe, you have to have an EU citizen sign on the final line. The logic is that there is at least somebody personally accountable for the action who lives in the EU jurisdiction. In the same way, if a megacorp builds a bridge there is still an individual engineer signing each drawing.
The key to law enforcement is individual accountability. No need to waste huge amounts of money counting every vote by hand. You just need to make sure the system fosters accountability. If you check 5% of the precients across the country the chance of any widespread fraud going uncaught is very low. Once widespread fraud is detected you would of course count every last piece of paper three times, and send the bill to the perpetrators...
Re:KISS (Score:1, Insightful)
If I lie to him (making up a number), he can verify that it doesn't match anything, and the next day... ouch.
If I tell him the truth, he can now verify whether or not I voted for Quimby, and thus will probably succeed in affecting my vote via threatening me.
This is why no real voting system provides any sort of reciept to the voter which can in any way be used to connect a voter to a vote -- they open the door to vote-buying and threats.
Or as a great man once said, every complex problem has a solution which is simple, attractive, and wrong. Providing a reciept, whether plaintext, cryptographically signed, or carved in stone, is simple, solves one problem (assuring the voter his vote was counted), and creates another (allowing bought or compelled votes).
Re:KISS (Score:3, Insightful)
Re:KISS (Score:1, Insightful)
Why is this "open source"? (Score:3, Insightful)
The WIS quote only says that "the coding for the software that is used to operate the system on election day and to tally the votes cast is publicly accessible and may be used to independently verify the accuracy and reliability of the operating and tallying procedures to be employed at any election". For them to call this open source is bad enough, but for Slashdot to repeat this misunderstanding of the term is ridiculous.
Re:KISS (Score:5, Insightful)
I wish I was on a website with computer geeks.
"hanging chads"
Bullshit. Punchcards were first made in the early 1800's and then used more commonly by big computer companies like IBM in the late 1800's. They were not used after the late 70's because they sucked. I work with people that used punch cards to program computers. They never talk about "chads" they talk about things like getting cards out of order, dropping them on the ground and not being able to edit them once made. They don't talk about "chads", those are invented words for the 2000 election well after nobody used punchcards for over 20 years.
I've taken a number of standardized tests for over 20 years that have never, ever used punchcards or had hanging chads. They were all done with standard #2 pencils and a piece of paper that could scan them at remarkable speeds and accuracy. I'm sure somebody could counter with a time that one kid had his SAT score off by a point or two out of 1600 or the 2400 or whatever it is now, but AFAK they are beyond human accuracy, and never, ever have "chad" issues.
So, why all the talk and fuss about this stuff? Are elections routinely rigged? Is this the new terrorist plot? Are the scantron type ballots that I have used rigged or wrong? Are the mechanical vote counters rigged or wrong? Was the President of the United States chosen by popular ballot in 2000? Does it even matter?
The more this disinformation keeps us busy, it makes those who really matter in these matters more free to have more room to do whatever they want to do.
I don't believe its any more difficult to count nominal data accurately than it ever was. Its the people that do the counting that are always variable, and will always be.
Re:KISS (Score:3, Insightful)
If your talking about the current system of paper ballots its simply a matter of what was avaiable at the time of creation and the unmobility of the average election council to go with unproven new systems. If your refering to things such as diebold I again point to the untechness of the election coucils. Now diebold themselves, is most likly a combination of lazy employees just trying to earn a buck.... and TRAITORS!
Re:Condorcet, not IRV (Score:3, Insightful)
Wikipedia lists seven different algorithms for resolving cycles. Can you imagine TV news explaining to the average American how the set theory behind the Schwartz set method determines the President?
IRV may be flawed, but it's easily understandable, and a huge improvement on FPTP.
Re:KISS (Score:3, Insightful)
They would take a stack of ballots, and run an icepick through their preferred candidate's hole.
If their candidate was the same as the voters, the card was unchanged. If it wasn't, a new hole would be made and the vote invalided for multiple voting. Since Icepicks weren't the proper instrument for voting, they left chads hanging.
Of course, who you think the fraudulent election officials were fucking up ballots for depends largely on your party affiliation.
Personally, I only remember one candidate in the 2000 election trying to cherry-pick areas to recount, and these chosen areas became famous for their hanging chads.
Of course, I don't have any substatiation of this, so take it with a grain of salt.
More directly on topic, I'm all for wisconsin's law to be adopted here in New Hampshire for electronic voting machines. The voting machine computer tally could be hand counted (or verified by a machine from a completely different vendor for speed) in maybe 1-3% of the voting districts, randomly chosen after the election, for consistency.
Re:KISS (Score:3, Insightful)
Source: http://assembler.law.cornell.edu/uscode/html/usco
Ah, yes, those pesky laws.