Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Abuse of Electronic Voting Systems

By inspire in Media
Sun Oct 01, 2000 at 02:37:05 PM EST
Tags: Culture (all tags)
Culture

Let's begin with an example.

Recently, one of the more reputable Australian television broadcasters ran an innovative TV series - "Race Around Oz". The premise of this show was to provide six young people with TV cameras and send them to different locations around Australia. They each had 10 days per location to come up with a short film, which was then voted on by judges and the audience.

Unfortunately, a small technical hitch marred the event - the abuse of an online voting site which led to the unfair victory of one of the contestants.

Read on...


Details of the abuse surfaced on a "media watchdog" show on the same network called "Media Watch". The audience-voted winner of the show Stacy McCleary later faced allegations that she stuffed the online ballot by forging email addresses, and encouraging others to do the same.

Stacy's videos were consistently voted lowly by the judges, who ranked her film last four times out of six. However, the audience vote was exactly the opposite, her films winning by margins of more votes than the others put together.

The Media Watch transcripts (available here and here) claim that statistically, she had a 1% chance of winning the vote by the margin that she did. Several choice quotes from the transcripts are below:

Stacey's film about the Nullarbor was the prime example.

Those shocking judges placed it last, with the lowest score on record.

But the public placed it first, giving Stacey nearly 90 per cent of the votes.

Stranger still, Stacey was soooo popular that five times as many people voted that week. 1318 against 257 the week before.

The second transcript shows some email she had supposed to have sent to friends, encouraging them to stuff the vote:

You can vote using as many bogus email addresses as you like. Let?s pump so much traffic through the site we bring it down!!!!!!!

P.S. If you feel like sending this on to your distribution list feel free - I want to get more votes than just the dear old blue rinses who feel sorry for the girl who came last!!
(Stacey email 26/5/00)

The ABC (the network airing the show) disclaimed liability instantly, saying "It is impossible to prove or disprove whether a particular person has submitted multiple votes. (ABC Online email to Media Watch 28/8/00)". The matter was then investigated further by the ABC, eventually finding that the voting system was abused, and forcing Stacy to hand back the prizes she won on the show (a video camera and a film course).

The kuro5hin (and Slashdot) community have not been strangers to this type of vote-stuffing, of course (see the recent article "Linux and the media" for an example). The regular poll topics on Slashdot and kuro5hin are about as statistically valid as a horoscope you read in the comics section of a newspaper (the poll attached to this article being no exception :))

The ABC are justifiably disappointed at this outcome, and are not likely to use the Internet as a way of interacting with viewers in the near future. This is a loss, as I feel that the Internet greatly enhances a TV show, adding an element of interactivity instead of just sitting down to the scripted-6-months-in-advance series.

Additionally, this has implications over the perenneal standby of government everywhere - online voting. The same problems apply to electing a government as to selecting the winner of the TV show (well, it's a matter of scale).

Is fair voting online possible, or is it just a pipe dream? What safeguards would you implement to ensure that ballots held online are fair and free from interference?

References

RISKS Digest Vol 21 Issue 6, published 25 September 2000. Available online at http://catless.ncl.ac.uk/Risks/21.06.html.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Is fair online voting possible?
o Duh. 97%

Votes: 143
Results | Other Polls

Related Links
o Slashdot
o Kuro5hin
o Race Around Oz
o online voting site
o here
o here [2]
o Linux and the media
o http://cat less.ncl.ac.uk/Risks/21.06.html
o Also by inspire


Display: Sort:
Abuse of Electronic Voting Systems | 26 comments (21 topical, 5 editorial, 0 hidden)
Love the poll (2.75 / 8) (#3)
by Elendale on Sun Oct 01, 2000 at 11:34:27 AM EST

Reminds me of a poll on The Other Site that went something like this
Your favorite number:
1
Of course, only 93% or so actually voted for 1...

Seriously, though, online voting will become an important issue for the 21st century.

-Elendale
---

When free speech is outlawed, only criminals will complain.


Re: Love the poll (4.00 / 1) (#19)
by Mrs Edna Graustein on Mon Oct 02, 2000 at 06:57:53 AM EST

And? I didn't vote for Duh as my option... Is that a spoiled e-ballot paper? :-)
--
And if any of you put that in a .sig, I'll hunt you down and kill you twice. ;-)
Rusty
[ Parent ]
It's a question of scale. (3.85 / 7) (#7)
by _cbj on Sun Oct 01, 2000 at 01:38:07 PM EST

Online voting can be implemented properly with the right protocols. It would first require some unique real-life correlated identifier, to make sure the voters were real. For governmental elections, they would do it right (or at least try to).

That takes effort though. Opinion polls and television ballots are self-consciously worthless, no matter how loudly they may publically protest otherwise, so they won't go to an expense when the end product (entertainment) is unaltered.

Protocols aren't enough (2.00 / 3) (#8)
by cesarb on Sun Oct 01, 2000 at 01:49:53 PM EST

Sorry, but even the better protocols won't avoid all the issues.

No protocol would prevent you being forced to cast a vote for someone, for instance; the only way to prevent it is to make sure you are alone while voting, which can only be done in the physical world.

Even if you can make sure the person is alone, you still have to make sure there's no way anyone else can know which option was chosen; this means you have to do something to prevent microcameras, both being carried by the person or placed in the voting area before. You have to prevent someone checking for fingerprints after the vote (to find out which keys were pressed). You have to use a TEMPEST shield to prevent EM leaks that would tell which keys were being pressed in real time. And that's just the attacks I could think of in a small amount of time.

[ Parent ]
Re: Protocols aren't enough (3.50 / 4) (#9)
by _cbj on Sun Oct 01, 2000 at 02:20:37 PM EST

Hmm. Okay, but in the first instance I would dismiss that as statistically mostly harmless we don't need perfection, just something as effective as now but cooler, apparently and the second is your own problem, not that of the system.

[ Parent ]
Re: Protocols aren't enough (none / 0) (#22)
by interiot on Mon Oct 02, 2000 at 01:49:11 PM EST

If no one can see you vote, then you can't prove that you voted one way or another, so bribery is essentially nullified (even if someone tries to bribe you, you'll still vote the way you want, so people won't even try).

[ Parent ]
Would this really be neccessary? (3.00 / 2) (#13)
by shook on Sun Oct 01, 2000 at 04:31:32 PM EST

my troll sheilds are up, but I'm responding to this anyway. My apologies if you aren't actually trolling You have succeeded in confusing me. I don't know how you vote, but we (in Alabama, USA) sit down at a big long table (preferably a few spaces from anyone else) and then fill in the bubbles. Walking up and glancing over someone's shoulder would not be hard to do. Maybe with a small camera, even. I don't see why online voting would require such extensive privacy measures when they are not deemed necessary in the physical world. All of this boils down to fact that few of us Americans actually care about the elections anyway. (Evidenced by low voter turnout). There is no physical identification required to register here either. You pick up a postcard. You fill out your info, and mail it in. By doing this a few times, and get a few fake-ID's to present at the polling place, you could vote several times. But maybe not enough to swing anything but a local election. I could see this being much more of a problem in the online realm, where voting 10,000 times unnoticed might not be much harder than voting 5 times.

[ Parent ]
Re: Would this really be neccessary? (3.50 / 2) (#16)
by cesarb on Sun Oct 01, 2000 at 08:47:01 PM EST

No, I wasn't trolling.

Here in Brazil voters do their voting protected by cardboard shields, which makes it impossible to simply look over a voter's shoulder. I should know -- municipal elections were today.

Currently, voting is made eletronically; voters type the candidate's number in a special machine. And yes, the machine is protected by the same old cardboard shields that were used before, when voting was done manually. You can't vote twice; your voter ID is registered in a keyboard connected to the machine, and you have to sign your name in the list of people who vote in a certain section. (Before, you just had to sign the list.)

Lately there have been questioning about the security of electronic voting; the possible attacks described were as esoteric as the ones I described (some even along the lines of the classic Reflections on Trusting Trust).

The concern I expressed in the parent post was about voter coercion, which is a problem in the poorer areas of the country (even with all the measures to prevent knowing who you voted for). Before electronic voting, it was even more common (the person was given an already marked ticket by people outside the section, and were expected to give back the blank ticked they received there -- thus forcing the person to vote in what was already marked there).

[ Parent ]
Re: Would this really be neccessary? (4.00 / 1) (#17)
by shook on Sun Oct 01, 2000 at 10:09:14 PM EST

Thanks for the followup. I sometimes suffer from that American syndrome of thinking everyplace is like the USA. I can definitely see how privacy and coercion would be of concern under a situation like that. It also has made me realize how jaded my views of the US political system have become. I forget that voting can be (is supposed to be) meaningful.
This system you described where voting is done with a machine is common in some regions of the US (so I hear, I've never actually used one). I live in a more rural region, and we still use the paper ballots.

[ Parent ]
Vote vs Poll vs Feedback (3.00 / 9) (#10)
by Speare on Sun Oct 01, 2000 at 03:20:44 PM EST

A vote requires a prior identification, so that those who may vote are counted exactly once, and those who may not vote are counted exactly never. It implies:

  1. that there is a known set of eligible voters,
  2. it is ideally desirable to get response from the full set of eligible voters, and
  3. that the tallied outcome can and will be used in decision-making.

A poll does not require prior identification, but each target should only get one response. A poll does not have a goal to reach everyone, nor should the results ever be used to make decisions (except perhaps to decide exactly what deserves a more accurate vote). To be scientifically accurate, a poll must:

  1. not forewarn potential targets with any information other than the question(s),
  2. select unique targets from within the population indiscriminately, and
  3. select a significant percentage of the population as targets.

Anything that lets people choose to submit their opinion is merely feedback. It can be stacked by the participants in several ways.

  1. targets who have weak interest will not submit their opinions,
  2. targets who have strong interest will taint friends to submit supportive opinions,
  3. targets who have an interest in clouding the results will find automated ways to falsify submission of opinions.

Now, if this contest stuck to those fundamentals, the contestant wouldn't have stolen the prizes, and the officials wouldn't have had to re-steal the prizes away from the contestant.


[ e d @ h a l l e y . c c ]
Vote vs Poll vs Feedback (4.16 / 12) (#11)
by Speare on Sun Oct 01, 2000 at 03:25:53 PM EST

A vote requires a prior identification, so that those who may vote are counted exactly once, and those who may not vote are counted exactly never. It implies:

  1. that there is a known set of eligible voters,
  2. it is ideally desirable to get response from the full set of eligible voters, and
  3. that the tallied outcome can and will be used in decision-making.

A poll does not require prior identification, but each target should only get one response. A poll does not have a goal to reach everyone, nor should the results ever be used to make decisions (except perhaps to decide exactly what deserves a more accurate vote). To be scientifically accurate, a poll must:

  1. not forewarn potential targets with any information other than the question(s),
  2. select unique targets from within the population indiscriminately, and
  3. select a significant percentage of the population as targets.

Anything that lets people choose to submit their opinion is merely feedback. It can be stacked by the participants in several ways.

  1. targets who have weak interest will not submit their opinions,
  2. targets who have strong interest will taint friends to submit supportive opinions,
  3. targets who have an interest in clouding the results will find automated ways to falsify submission of opinions.

Now, if this contest stuck to those fundamentals, the contestant wouldn't have stolen the prizes, and the officials wouldn't have had to re-steal the prizes away from the contestant.


[ e d @ h a l l e y . c c ]
Re: oops (4.00 / 3) (#12)
by Speare on Sun Oct 01, 2000 at 03:38:22 PM EST

I accident^H^H^H^H^H^H wanted to prove my point, so I double-submitted my comments.

Apologies.


[ e d @ h a l l e y . c c ]
[ Parent ]
Poll for this story (3.00 / 4) (#14)
by shook on Sun Oct 01, 2000 at 04:41:02 PM EST

The "Is fair online voting possible?" poll that goes with this story is hilarious. I am sad to say I was starting to get ticked off, until the joke hit me a few seconds later. Good job, to whoever wrote that poll question.

Re: Poll for this story (none / 0) (#20)
by WWWWolf on Mon Oct 02, 2000 at 08:59:24 AM EST

What's even more perplexing is that at the moment, there are 99 votes, and 97 of them are for "Duh", even if it's the only option. So, the results so far: 97% "Duh", 3% "The other option that isn't even visible".

Looks like fair online polls are a myth. =)

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


[ Parent ]
I plead Guilty (5.00 / 2) (#21)
by Mrs Edna Graustein on Mon Oct 02, 2000 at 12:19:55 PM EST

I have to admit that I am responsible for two of the null votes (well, the article is titled *abuse*, and I have more than one account), and have e-mailed Rusty to say how it was done. I assume that the third vote now there was Rusty verifying this method.

Fair online polls may not be a myth- but they would be very hard to accomplish- IP's can be changed, as can most other attributes. I think that in order to have a fair online poll, you would need "magic boxes"- computers no users understood the workings of, or to change the nature of humanity (actually you would need to change it to either remove curiosity or the impulse to cheat).

Incidentally the option I voted for was "Fnord"- it seemed appropriate.
--
And if any of you put that in a .sig, I'll hunt you down and kill you twice. ;-)
Rusty
[ Parent ]

Re: I plead Guilty (none / 0) (#26)
by magney on Wed Oct 11, 2000 at 04:34:31 PM EST

Well done! This makes the poll's point in a way that the poll author didn't intend. :-)

Do I look like I speak for my employer?
[ Parent ]

two things: ip matching and scale (3.00 / 2) (#15)
by Rainy on Sun Oct 01, 2000 at 08:35:46 PM EST

First of all, the only realistic method to authenticate in this situation is to use ip numbers. Since dial up accounts change ips every time they reconnect, the scale has to be fairly large. For instance, if in that example the total number of voters was, let's say, 50,000 instead of about 250, and votes from the same ip weren't counted, each vote would cost them the price of dialing up (here in US it's 10c, iirc). So, falsifying 10k votes would cost $1k plus whatever time it takes them to program a little app that keeps redialing.

In fact, when the prizes are so cheap (video camera and video course), the ip checking should probably be enough. As a precaution measure, you can have 50% of votes assigned by judges and 50% by internet voters.

What happened was probably that they didn't have enough time/people to do it right so they just did the easiest thing: ask for email and vote in a webform.. append them to some text file and then add them all up. And then they go and say 'aww, we're so shocked internet's so unreliable!'. Heh.
--
Rainy "Collect all zero" Day

Re: two things: ip matching and scale (none / 0) (#18)
by Robert Gormley on Mon Oct 02, 2000 at 03:36:56 AM EST

In fact, when the prizes are so cheap (video camera and video course)

It's not though. In the past, most winners here have gone on, rightly or wrongly, to other commercial TV roles, as a result of being the winner of this series.

[ Parent ]

Update, correction to story. (5.00 / 1) (#23)
by inspire on Tue Oct 03, 2000 at 02:18:39 AM EST

Read in the paper today that in fact Stacy McCleary will not have to hand back her prizes.

The reason cited was that stuffing the online ballot was not against the official rules of the contest, and so she is allowed to keep her video camera.
--
What is the helix?

Yes, and its simple. (3.50 / 2) (#24)
by ultrasoul on Mon Oct 09, 2000 at 04:01:55 PM EST

Key-pair cryptography. For everyone. If I want to make a vote, I've got to sign it with my private key, which has to be verifiable by an escrow service. KISS.

Even with the present key escrow services, like keyserver, where anyone can post a key, it should still have a verifiable email address in it, which could be checked by a simple autoresponder that sends a message to the key's owner asking for verification.

This might not be perfect, yet, but it will happen. We should take care to implement the right way, not they're way.

Different solution for different problems (none / 0) (#25)
by Nickus on Wed Oct 11, 2000 at 02:28:53 PM EST

As I see it we can have two different kind of votes. First elections for goverment. This is serious stuff and errors are not permitted. The best way to cope with this is to use some kind of electronical ID. It is possible to get such an ID here in Finland right now but you won't have much use for it

Then we have these contests that doesn't mean that much. We could probably use some simple scheme with tracking IP-adresses. It is not a perfect solution but it should work. The world will not end just because someone fixed a poll about which operating system you use



Due to budget cuts, light at end of tunnel will be out. --Unknown
Abuse of Electronic Voting Systems | 26 comments (21 topical, 5 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!