Time...

[danaeris]

...for some interesting dialogue.

There's some educated, intelligent, and opinionated folk on my friends list.

Some people I've spoken to are convinced that electronic voting machines are the things of the future; others are convinced that they are far more corruptible than old fashioned methods. What do you think?

And while I'm at it, what do you think of INTERNET voting?

Comments

its all about trust.

[earthdragon.livejournal.com]

The user interface and (hopefully) ability to change your mind and correct mistakes easaly is good. I don't trust a black box voting machine, if they had a astounding auditing trail, or a verifiable paper trail, then I'd say go for it.
Any Tech can be spoofed, there is a long tradition of graveyard voting among other things.

Internet voting seems like a bad idea, even if you have a system that the security geeks I know would trust, you can't monitor the user end at all. If you vote at your computer, I can hold a gun to your head and make you vote.

[phantomdancer.livejournal.com]

I think that like with any process that involves this many people, ways will be found to screw it up both intentionally and by accident. I don't think it's any more or less reliable than any other method, but since it's a new system, the mistakes are a little more visible.

[basmati.livejournal.com]

"the things of the future" is probably about right. I don't think it's there yet, and I'm certainly not ready to see the Diebold-type system being used, as there have been so many serious security flaws discovered in their system.

That said, I think it will be there someday. As it stands now, I find it pretty scary; I don't want to see an electronic voting system in place until there are some pretty compelling safeguards against fraud.

[polkamadness.livejournal.com]

Disclaimer: I'm a researcher in computer science; one of my specialties is security. One of my ex-coworkers chaired the California committee on Internet voting.

Electronic voting machines: all the existing ones are horribly insecure. However, there's new research based on visual cryptography that promises to produce a secure electronic voting machine. It produces a paper ballot that the voter can verify. Because the paper ballots are counted directly, the security of the voting machine itself is almost immaterial. Lots of other good features I don't have room to describe in this Common box

[polkamadness.livejournal.com]

/Common/comment/

Internet voting: given that in entire states, everyone votes via absentee ballot, it's hard to get too worked up about people being forced to vote a certain way. The only safe version of this I know of involves mailing people ballots with PINs for each possible ballot choice; when voting, you type in the appropriate pins. (This would work over the telephone also)

[polkamadness.livejournal.com]

I found a press release on an older version of the visual cryptography scheme:


Date: Fri, 22 Feb 2002 15:36:24 -0800
To: Declan McCullagh <declan@well.com>
From: David Chaum <david@surevote.com>
Subject: Breakthrough allows first receipts from voting booths!

FOR IMMEDIATE RELEASE
Breakthrough allows receipts from voting booths:
First-ever legal receipts are surprisingly powerful
-- and may be just in time!

Los Angles, CA - Receipts showing exactly who you voted for, just what
people want and expect these days, are generally outlawed to protect
against vote selling and other abuses; a scientist has, however, come up
with the first receipt that cannot be used for any such abuse and yet can
ensure that your vote is actually included in the final tally.
The new type of receipt, which can be printed by a modified version of
familiar receipt printers, contains your vote -- but in a coded form. You
can read it clearly in the booth, when it is still printed on two layers.
When the layers are separated, either one you choose to take has the vote
information you saw coded in it, but it cannot be read (except by computers
run by election officials).
When the votes have to be added up for the final tally, the actual
receipts posted on an official public website are the input to the process.
The results of the process are then subject to a public audit. A lotto-like
draw selects which items must be decrypted, but never enough to compromise
privacy. Anyone with a pc can then check all the decryptions published on
the website and thereby verify that the final tally must be correct. The
audit is so strong that it cannot be fooled by breaking any code or
malicious software running on voting machines.
The cryptographer, Dr. David Chaum, known for inventing eCash and his
pioneering company DigiCash, who came up with the receipt system said "The
more you look into how elections are actually run, even in this country,
the clearer the gap becomes between the way it is done and what we could
and really should be doing". Chaum also said "Today's trusted black-box
mentality has led to very high costs, meaning computerized voting mainly
for rich counties, an utter lack of real control and no way to re-deploy
the hardware for schools and libraries."
At a time when the House has passed the first ever federal subsidy, at
$2.65b, and a similar bill is on the Senate floor with a $3.5b price tag,
one has to wonder: Will receipts and other new solutions have a chance, or
will the subsides backfire and put currently-certified computerized systems
in place on such a scale that major change will be a very long way off?
There is a complex interlocking of state and federal laws, agencies, and
quasi-governmental bodies that has erected a set of design specifications
and time-consuming steps that only new systems must navigate, first at the
federal level and then for most states separately. "When this was all first
set up more than a decade ago" Chaum quipped, "the rationale was to keep
unscrupulous vendors out, now it may just keep innovation out."

Contact: David Chaum, SureVote:
(818) 512-1024 (cellular/voicemail) david@survote.com
Jim Dolbear, Larkin Associates:
(310) 621-3580 (cellular/voicemail) jim@larkin.com

[digitalsidhe.livejournal.com]

My quick take: there's nothing about electronic voting per se (i.e., in theory) that says it has to be insecure. (After all, there are all sorts of ways to rig an election just with paper and pencil.)

But the various proprietary electronic voting solutions currently being rushed into practice all have numerous, well-documented and hideous security flaws. Diebold is the most well-known for this; some observers have even said that they can't see any reason for certain "features" except to make an election riggable.

And the DMCA-based takedown orders they've been issuing, IMO, make it clear that they are not the sort of people that you want to entrust your democracy to. (Heck, I wouldn't even entrust a neighbor's democracy to them.)

I really do believe that any system that counts votes in an election should be, if not open-source, then at least published-source. That is, the source should be made completely available to anyone who will be casting votes through it, with no restrictions. (I think making the source fully open - that is, accepting good patches and other code from anyone, worldwide - can only make it that much stronger, by expanding the available developer pool far beyond what any single government could hope to finance.)

Those who claim that publishing the source will make it easier for people to figure out ways to hack the system are missing the point. I don't want an election system that can only be tampered with if you have access to the code. I want an election system that can't be tampered with even if you do have access to the code - even if you're the election commissioner hirself. After 2000, in particular, I want that election system to be bulletproof.

[auros]

There is already strong evidence that, intentionally or not, a lot of these machines are unreliable. Until they start printing out double receipts (one for the voter, one for storage in case exit polling disagrees with the machines' reported results, in which case a recount is called for) I will consider them unsafe.

Additionally, I think it's outrageous that they are using closed-source code on these machines. The process of public elections should be open to the inspection of the electorate.

I think internet voting is an interesting idea, but unless the general population suddenly became capable of picking strong passwords, dealing with security tokens, etc, I think the potential for fraud is too serious to consider it a good alternative.

[thirdson.livejournal.com]

the problem is that these things are obviously not being designed and produced by cryptographers or real computer security people. other people have already commented on how bad the security of the diebold machines are... the administration is the problem, not the technology as a whole. why get professionals from cryptography and computer security involved when you can use your in-house engineers to create a closed proprietary black-box system for cheap that you can later then use to your advantage?

but, I'll avoid getting back on this rant. the problem is with the people, not with the technology. if you want to make a truly secure electronic/internet/whatever voting system, it's impossible. if you want to make something that's considerably more secure than what we currently have, it's possible, it's feasible, it's just a matter of whether the people who have the ability to bring this technology into use actually want it. and right now, it's obvious that they don't.

[nathanjw]

Most of the points have been made already, but I'll try to sum up:

• Current e-voting systems are terrible. They are various combinations of unreliable, unusable, insecure, unauditable, and corrupted.
  
• E-voting offers only limited advantages over conventional voting systems. Some areas where they may help are accessibility, presenting information (pictures of candidates, for example), and preventing invalid votes. Conventional voting systems can do almost as well, and results can be obtained just as quickly (although we would do well, as a society, to get better about our addiction to instant results).
  
• Interesting cryptography exists that may make reliable, auditable e-voting possible. It remains to be seen if it can be done in a practical way, as opposed to a merely theoretical way. I'll point out that the systems mentioned involve printing complicated receipts; how long has it been since you encountered a retail receipt-printer that jammed? It happens to me on a monthly basis... and it's still more expensive than "plain" e-voting, which is itself more expensive than conventional voting.
  
• Internet voting is even harder to do properly than e-voting. It is much more open to coercion of voters, because there is no state-created barrier between the voter and the rest of the world. It is true that this is not worse than the all-absentee/mail voting practiced in some states, but that's an indictment of all-absentee voting, not a vindication of internet voting.
  

Anyone looking into this must read Rebecca Mercuri's site on the subject. She's thought it about it harder than any of us, and done a lot of research.

One argument that I hear a lot and feel a particular need to discuss is the idea that since, as a society, we successfully have and use ATMs, that we should be able to successfully have and use e-voting machines. Such an argument ignores a key fact, which is that ATMs do have an error rate, but since financial transactions are both auditable and identifiable, they can be reversed or corrected as necessary. Voting systems must not be identifiable, and reversibility is much harder.

[polkamadness.livejournal.com]

One other possible advantage of electronic voting machines: they might let you vote at any polling place, not just the one you are assigned to.

[nathanjw]

Maybe. It adds a lot of complexity, since different precints have subtly different local races (congressional district vs. senate district vs. school board ward vs. water district vs.....). I'm wondering what the benefit of this would be - do you think that it's difficult for people to get to their local precinct? It also makes the problem of impersonating someone worse, since it can be done at any precinct in the relevant district, not just one.

[polkamadness.livejournal.com]

I think it's mostly an issue of lines -- currently everyone votes before or after work because their polling places are near their homes. If people could vote at polling places near their work, it might spread out the load better. In theory, large companies could have their own polling places so their employees could vote throughout the day.

If we cared about impersonation, wouldn't we check photo IDs?

Classism

[urbanbard.livejournal.com]

I'm going to bring up one other point which hasn't been discussed, but which is a huge issue every time we try to change voting technology, particularly in ways that involve expensive machines: class/money issues. Voting machines are purchased on a county level. The richer the county, the more money they have to spend on top quality voting machines. In the last few elections, the numver of people whose votes were not counted because of machine error was drastically higher in poorer neighborhoods. In this last gubenatorial election, it is estimated that in the primarily African American and Hispanic Neighborhoods of the poor sections of LA and Oakland, as many as 2-4 out of every ballot cast was thrown out due to machine error. Every time voter technology has been upgraded, the upgrades have not made it into the poorer communities, further disenfranchising those areas.

A lot of these technology ideas are potentially cool, and I admit I don't know where I stand yet on each individual one. But I hope class issues will be remembered during the whole discussion- the problem won't be solved simply by puting the best possible voting machine out on the market for the richer counties to buy, but by creating a system that is universal and can be used, and afforded, by the entire nation.

Re: Classism

[auros]

One of the few aspects of the Help America Vote Act that was actually good was the part about bringing all precincts up to date... But I don't think they funded it with actual federal cash. Unfunded mandates to the states generally don't work out very well. :-P

[auros]

With a punchcard or scantron, I can look at it before I turn it in and verify that it records the vote I intend to cast. I do think it'd be nice to have a carbon copy to take away with me as well, but there's at least always a single "receipt".

As for the mistake/fraud thing, Hagel's sweep of black districts in Omaha is awfully fishy (especially considering that the machines being voted on were produced by a company in which he owns a large stake). The bad guys have gotten a lot more brazen than we're used to. And why shouldn't they? They keep getting away with it.

[auros]

Hey, Xerox PARC loves you!

[auros]

And here's a report on the PARC seminar, from the exceptionally nifty zestyping.