Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Review of e-slate voting systems

By aphrael in Technology
Mon Aug 28, 2006 at 05:58:10 PM EST
Tags: elections, politics, technology, security (all tags)
Politics

I spent much of this afternoon in a mandatory (for poll workers) four hour training class on the Hart InterCivic eSlate voting system, soon to be in use in elections in my home county. (Hart InterCivic is a privately held firm out of Houston, specializing in election equipment and in software products for county records offices). Contrary to my previous impression, the machines are not touch screen machines, although they share some similarities.

I went into the class skeptical; I have been a critic of what I percieve as an unseemly rush to adopt insecure electronic voting systems. I emerged guardedly optimistic; the systems appear, from what I can tell, to be reasonably secure against vote manipulation by people who are not part of the election staff, and they appear to provide approximately the same level of security against election office malfeasance that paper ballots do. At the end of the day, if the election staff wants to tamper, they can; but that was true with paper ballots as well. That risk can be mitigated by election office procedures intended to mitigate it; in San Mateo County's case, those procedures have in some important regards not yet been established, as I will discuss below.



Broadly speaking, the voting system in any given polling place consists of two parts: the vote recording devices in the booths, and a controller at the table with the precinct board. The booths are connected to each other via a serial cable, and a serial cable also connects the controller to the closest booth. Each vote recording device has an attached printer. The printer has its own power supply, as does the controller, while the vote recording devices are powered by the controller via the serial connection. Printer, controller, and vote recording devices each have their own battery backup. The printer will maintain a paper record of each vote cast on the machine to which it is attached; each vote recording device will maintain a tally of the votes cast on that device, and the controller will maintain a tally, both on a hard drive and in flash ram, of the votes cast on it. In the event of a recount, the paper trail will be used, but all four can be cross-checked for data integrity.

At the start of the day, polling place officials will print out a tape representing all votes currently stored in the controller machine, and check to see that they are all zero. (This is identical to the procedure used in previous elections for optical-scanner machines in polling places.) The poll workers can also check the printers in each booth, verifying that they are displaying printed text saying that it is the start of the day and there are no votes already recorded. The vote recording devices can not be independently checked to see that they have recorded a total of zero.

As voters come in to vote, once their registration has been verified, the election official sitting at the controller will use the controller to issue a randomly-generated four digit code. That code will be printed out on a ticker tape receipt and handed to the voter. The voter will then go into one of the booths, select a language, and punch in the number. The vote recording device will query the controller over the serial line to see if the number is valid; numbers which were not issued by the controller, or which were issued and have already been used, will be rejected. The vote recording device will also reject numbers which were issued more than thirty minutes ago; such numbers are deemed to have expired, and the voter must return their access code to the precinct board and be issued a new one (just as if they had spoiled their ballot).

Once their access code has been confirmed, voters will be shown the ballot associated with their precinct. (In polling places with multiple precincts, the precinct board member operating the controller selects the correct precinct number prior to issuing the access code; this is a major potential point of failure, and should be addressed by election departments minimizing the number of such polling places.) They can scroll through different contests using the scroll wheel, selecting candidates or yes/no choices with a button. They can select blank entries in the simulated ballot, thereby entering a 'write-in' screen in which they can use the scroll wheel to select letters, spelling out a name. At any time they may press a 'help' button, which brings up a screen explaining how to use the interface; pressing 'help' again while in that screen sends a signal to the controller prompting the election board to send someone to provide help in person.

After they have made all of their selections, the voter is taken to a screen that summarizes their ballot. At that point, they press a button which says "cast ballot"; this will cause the printer to print out a paper version of their ballot, listing all of their choices. The voter is then supposed to compare the printed ballot with the list of choices on the screen, verifying that they are the same. If they are not, the voter can select a 'reject ballot' option, and go back and make further changes; the paper ballot is then marked as rejected. If they are the same, the voter can select 'accept ballot', at which point the ballot is marked as accepted and a bar code is generated representing the choices (allowing the ballot to be read both by hand and by machine).

(It is important to note that the presumption here is that the paper ballot and the on-screen record always say the same thing, and that a 'rejection' is instigated by the voter having realized that they made an error; neither the training class nor the provided material gave any indication as to what the proper procedure is if the two do not match.)

The machines provide incredible support for disabled voters. For vision impaired voters, all of the devices are different sizes and shapes and are labelled in braille, and there are headphones which can be used to hear someone read the ballot to you. (There's an issue here, of course: there's no real way to be sure that option #1 is really so-and-so when the voice says it is; but that's not a significantly greater issue than that faced by blind voters in previous systems). For people who are unable to use the buttons, each polling place will be equipped with tactile input switches; and the vote recording machine is capable of being controlled by a sip-and-puff device. There is even a procedure for curbside voting: once an access code has been entered into the last machine in the daisy chain and verified over the serial connection, a poll worker can disconnect the machine from the chain, take it out to the voter, and then bring it back in and reconnect it.

At the end of the day, the controller prints out the number of access codes issued, the number of votes cast, the number of votes cancelled via the controller, and the number of access codes never entered into a vote recording device. The expectation is that the number of access codes minus the number of cancelled votes should always equal the number of people who signed the roster; and that the number of access codes issued minus the number of cancelld votes minus the number of abandoned votes should always equal the number of votes cast. Should those totals not add, the polling place workers will have more than a little bit of explaining to do. (This is similar to the current system: if the number of ballots voted isn't the number of people who signed in the roster, there's a problem; if the number of ballots voted plus the number of ballots spoiled plus the number of ballots unused isn't the number of ballots issued, there's an even greater problem --- and the precinct board is accountable for it.)

The controller also prints out a paper total of the votes cast; that paper and the controller are rushed off to a tabulating facility by two poll workers. It is not clear to me at this time what happens to the printers, with their attached paper trails, and the vote tabulating devices. These are mounted into the voting booths, which have traditionally been left for a county employee to pick up the next day; but since we have also traditionally been asked to  take the paper ballots out of the optical scanner machines and return them directly to a secure facility, I imagine that a similar procedure will be in place. (Because these machines were recently acquired, a number of procedural issues have not been determined, and will be explained to us in an October procedure training class; today's class was primarily a "how-to-use-the-machines" class.)

Ways in which someone other than an elections worker could cause problems

The people conducting the training class repeated, insistently, that these systems are not "computers" and are therefore "not hackable". This is, of course, sheer nonsense: they quite clearly are computers, and like all computers may be hackable under certain circumstances. The county's insistence otherwise is for PR purposes --- and while I disagree, I did not avail myself of the opportunity to engage in a theological debate with the county elections department about what is and is not a computer. That said, once everything is set up in the morning, the system seems reasonably secure from deliberate interference by people other than the precinct board.

  • The vote tabulating devices have no external inputs other than the serial cable connecting them to the other tabulating devices/controller;

  • There does not appear to be any combination of key presses which will render the vote tabulating devices into a state that allows you to have programmatic access;

  • The controller has two external input ports: one for the serial connection to the controllers, and a different one to a device that clears the memory of the election and resets totals to zero. That device is not present in polling places;

  • The controller has no set of key combinations which drop it into a state that allows programmatic access.

There is, of course, the possibility that someone could plug a serial device into the chain and thereby intercept the data being sent to the controller and/or validate invalid access codes. Doing so would result in an inconsistency between the controller data and the vote recorder data, but that inconsistency would likely not be detected until after the election and could call the entire precinct's results into question. However, this possibility can be prevented by requiring the election board to maintain control of the daisy chain, and ensure that no unauthorized devices are attached. (Unfortunately, that point was not raised in the class, and it is one of several things I will be mailing the elections department about). Similarly, there is a possibility that someone could plug something into the controller and reset it; this, too, can be prevented by a sufficiently aware precinct board.

Ways in which an elections official could cause problems

These are, of course, legion. But they were with a paper system, too; at some point any system is going to rely on the integrity of its participants. I've listed the first handful of these to come to mind below:

  • There is no way to verify that the tabulation on the vote recording devices starts the day at zero. Those totals are only used for cross-checks, as recounts are done with paper and original counts from the controllers; however, a failed cross-check could cause the precinct's results to come into question, and selectively causing failed cross-checks could cause votes for one side or another to be invalidated disproportionately;

  • There is, of course, no way to verify that the vote recorded in the three memory locations is the same as the vote recorded on paper; this is a common problem with all electronic voting systems and is somewhat mitigated by using the paper trail in all recounts;

  • In the case of voters who wander off without voting, there is nothing to keep the precinct board from issuing new access codes for those voters and then voting them (this same problem already exists with paper ballots);

  • If the print records and the tabulation devices are not taken to a secure location immediately after the election, there is no way to prevent them from being tampered with;

  • Election officials could interpose unauthorized devices;

  • A sufficiently competent election official could presumably program the device to report a zero total when it did not in fact have a zero total, and then add votes in later (although this would be difficult, as the total added would need to be less than the total cast in order to prevent immediate suspicion, and the quad-redundancy check would cause problems unless the recording devices also had these votes added).


In general, however, these strike me as being equivalently secure to the paper-ballot-optical-scanner system the county used to use, assuming that these two glaring policy questions are answered wisely:

  1. What happens when a voter enters a code on their machine, starts to vote, and then leaves without finishing and telling the machine to cast their vote?  Is the correct thing for the election official to do to go tell the machine to count the vote (in which case the official has the opportunity, should he be corrupt, of changing the vote; and, if the vacancy were not noticed immediately, the same could be said for random passersby), or to make use of an override and cancel the vote entirely?

  2. At the end of the day, are the printers and vote recorders taken off to a secure facility, or are they left in a public place like empty voting booths used to be?


The county will be setting up a lab where poll workers can go play and ask questions; if you have questions that I can't answer, or want to know what happens in a particular situation, I'd be happy to go play and find out for you. :)


Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Hart InterCivic
o eSlate
o home county
o Also by aphrael


Display: Sort:
Review of e-slate voting systems | 106 comments (91 topical, 15 editorial, 0 hidden)
aphrae+1 (1.28 / 7) (#4)
by debacle on Sat Aug 26, 2006 at 10:47:42 PM EST

Did you see what I did there?

It tastes sweet.
About the serial connections (none / 1) (#6)
by godix on Sat Aug 26, 2006 at 11:43:05 PM EST

Are they behind a locked door? Tampering could easily be discouraged by a simple locking door covering the port that is used to reset the machine since no one in the polling place needs or should have access to it. As for the connection daisy chaining the machines together, simply have the machine go into a locked down error state the moment it loses communication with the other machines. The election monitors could have a password to bring it back into service. That way any playing the with serial connections would require someone to investigate before the machine is used again and presumably if there was evidence of actually tampering the machine could be pulled and it's votes investigated. Considering you have to entire a code to remove the curbside unit I'd assume something like this is already part of the system.

Another question, does it keep track of the four digit codes after they're used? You mention a half hour timer but I'm talking after that. Once the vote is cast or the timer is up can someone go into the machine and see that Code 1234 voted for X at Y time and according to the registration log it was issued to Voter ABC. Anonymity is just as important for our election system as being tamper proof after all.

And final question, is it easy or is this just begging for another rash of 'dumber than fucking bricks people vote for the wrong candidatee' stories like we had in 2000?


- An egotist is someone who thinks they're almost as good as I am.

Some responses. (none / 1) (#8)
by aphrael on Sat Aug 26, 2006 at 11:54:42 PM EST

Tampering could easily be discouraged by a simple locking door covering the port that is used to reset the machine since no one in the polling place needs or should have access to it.

The port used to reset the machine only exists on the controller, which is on the election official's desk. There is no locking cover over it. That said, nobody should be messing with stuff on the official table, and enforcing that rule is something we already have to do.

s for the connection daisy chaining the machines together, simply have the machine go into a locked down error state the moment it loses communication with the other machines.

This can't be done, because we have to be able to disconnect a machine from the daisy chain, take it out to people who can't get out of their cars, and bring it back. The code which has to be entered to go curbside is the normal access code --- eg, it has to be connected when you put in a voter's access code because otherwise it can't validate.

Once the vote is cast or the timer is up can someone go into the machine and see that Code 1234 voted for X at Y time and according to the registration log it was issued to Voter ABC. Anonymity is just as important for our election system as being tamper proof after all.

Good question. I don't know if it records that, and likely the election officials do not, as well. However, i'm not sure that it matters: the voter's name isn't entered into the machine, and while the roster records the fact that someone voted, except for the first voter of the day, the order in which they voted is not recorded, nor is the time that they voted. (The first voter of the day MUST be noted so that, if there's a question, they can be asked if the reports showed zero votes). So, aside from the first voter, even if it logged time, there would be no way to associate vote 'x' with voter 'y'.

Is it easy or is this just begging for another rash of 'dumber than fucking bricks people vote for the wrong candidatee' stories like we had in 2000

I found it very easy to use. I think it would be easy even for non-computer-people, but I can't be sure. :)

[ Parent ]

More devil's advocate. (none / 0) (#34)
by nuntius on Sun Aug 27, 2006 at 10:23:35 PM EST

This can't be done, because we have to be able to disconnect a machine from the daisy chain, take it out to people who can't get out of their cars, and bring it back. The code which has to be entered to go curbside is the normal access code --- eg, it has to be connected when you put in a voter's access code because otherwise it can't validate.
How do they get *in* their cars? Do they live in there? This seems like a vulnerability that compromises the entire population in order to accommodate the nonexistant situation. If they can bother me with their vote, they can be bothered to get out of the car. Are the polling places in your precinct *not* handicapped accessible?

[ Parent ]
Absentee Ballot (none / 0) (#52)
by Xptic on Mon Aug 28, 2006 at 09:14:46 PM EST

>>take it out to people who can't get out of their cars, and bring it back

No, you don't.  Their is a way for people to vote when they can't get to the polling station.  It's called an absentee ballot.

[ Parent ]

curbside voting (none / 0) (#53)
by aphrael on Mon Aug 28, 2006 at 09:33:07 PM EST

is a requirement of california election law.

[ Parent ]
Really? (none / 0) (#56)
by Xptic on Tue Aug 29, 2006 at 12:31:02 AM EST

From here:

http://www.ss.ca.gov/elections/elections_m.htm

Any registered voter may vote by absentee ballot. Rather than go to the polls to cast a ballot on election day, you may apply for an absentee ballot, which you will need to complete and return to your elections official.

So, as you can see, anyone in Cali can vote without going to the polls.  If you are permenantly incapicatated, you can apply for permenant absentee status.

Removing the voting machines from the polling station is, basicly, fraud wating to happen.

[ Parent ]

yes. (none / 0) (#58)
by aphrael on Tue Aug 29, 2006 at 01:54:12 AM EST

Support for curbside voting is required as part of the law governing polling place operations. I have been instructed on how to do it prior to every election for the last fifteen years, although i've never had to do it.

If the machine remains in the hands of two official poll workers at all time, how is it any more likely to give rise to fraud than the common practice with paper ballots of having them delivered to the polling place inspector, sealed, on the weekend before the election, and leaving them (sealed) in his hands until election morning?

[ Parent ]

Fraud (none / 0) (#62)
by Xptic on Tue Aug 29, 2006 at 04:09:24 AM EST

If the machine remains in the hands of two official poll workers at all time, how is it any more likely to give rise to fraud than the common practice with paper ballots of having them delivered to the polling place inspector, sealed, on the weekend before the election, and leaving them (sealed) in his hands until election morning?

You are right, it isn't.  And that's why popular elections will never take hold in the US.  There are ways to run secure elections, it's just that no one wants to do it.

Every day, banks process billions through ATMs.  If banks can issue a card and a number and have secure financial transactions, then why can't voters be given the same protections.

Mail every registered voter a card.  A few days later, mail them a PIN.  Ask them to call in and activate it with a very specific question.  "How much did you pay on federal income tax last year?" for example.

On election day, let people physicall go to booths to swipe their cards and cast a vote.  Or, let them call it in over the phone.  Let the systems remain open from 0001 East-Coast time till 2359 West-Coast time.  At 0030, West-Coast time, the winner could be announced with absolute certianty.

Maybe we can even outsource the call centers to India...

Anyway, if banks and credit-card companies can keep things relatively secure, then I'm sure a modified system could work for voting.

Oh, and on the topic of the ADA:  Those people are nothing more than terrorists.  I'm all for allowing the handicapped to access the local mall.  I think it's great that someone with no legs can shop for food.

However, I've seen the ADA lawyers sue internet cafes for having an access ramp 1/4" out of code.  What's more, they push local commites to change the codes.  As soon as the change is ratified, they begin to sue; usually before buisnesses even know the code has changed.

[ Parent ]

"If banks can issue a card and a number ... (none / 0) (#64)
by wiredog on Tue Aug 29, 2006 at 07:11:48 AM EST

and have secure financial transactions"

But they can't. Oh, they're more secure than they were several years ago, but the systems still get hacked. Any voting system will have flaws, as will any banking system.

Wilford Brimley scares my chickens.
Phil the Canuck

[ Parent ]

Banks (none / 0) (#66)
by Xptic on Tue Aug 29, 2006 at 11:06:08 AM EST

If banks get hacked, you better belive that the losses are only fractions of a percentage.  If banks were losing substantial ammounts, they'd kill off ATMs in a heartbeat.

I'd be willing to live with a voting system that only had a fraction of a percent error.  Especially if it gave instant results.

[ Parent ]

But.. (none / 0) (#76)
by Lacero on Wed Aug 30, 2006 at 08:42:48 AM EST

Would you be willing to live with that fraction of a percent error if the difference between who wins is a fraction of a percent?

Banks are solving a different problem.

[ Parent ]

the grandparent responded (none / 1) (#81)
by aphrael on Wed Aug 30, 2006 at 04:14:15 PM EST

in comment #77, attached to the article and not the comment thread.

[ Parent ]
Yes (none / 0) (#82)
by Xptic on Wed Aug 30, 2006 at 06:22:36 PM EST

Considering that the current system has an error of, what, 2%.  I think that getting that down to a fraction of a percent would be a big boost.  Not to mention, you'd be able to calculate the winner within minutes of the polls closing.

[ Parent ]
Lies, Damned Lies & Statistics (3.00 / 2) (#84)
by zappini on Thu Aug 31, 2006 at 12:06:59 AM EST

There's a huge difference between accuracy and precision. When an untested, unverifiable electronic voting machine conducts a secret vote count, would you know if it wasn't correct? You may have a very precise number, reproducible even, but there's no reason to believe it's accurate.

Also, and I don't know how this applies, but HAVA stipulates that there be an error rate of less than 1 vote in every 500,000 (1:500,000). Now I don't know if that's attainable. It's not like these systems are fail-safe or error-proof or anything suggesting they're reliable (quite the contrary, in fact). But I mention it because it's the law, applicable regardless of what you or I regard as an acceptable error rate.

[ Parent ]

Current (none / 0) (#88)
by Xptic on Thu Aug 31, 2006 at 11:21:19 PM EST

So, what current system meets this HAVA requirement?

Even if you went with pen & paper voting, the error rate would be higher than 0.00002%.  And the current system is really fucked.  In the 2000 election, there was a, what, 2% discrepency in Florida.  And that was enough to demand a recount.  And guess what?  The recounts changed the numbers.

So, do you want to stay with the current system, or go with something that works with few errors and delivers results instantly?

Or maybe we should just postpone all elections till some system can meet the requirements of the HAVA?  The NeoCons would love that!

[ Parent ]

False Choice (none / 1) (#89)
by zappini on Fri Sep 01, 2006 at 10:20:08 AM EST

There is no system that has few errors. I mention the HAVA requirement because HAVA is being used to cram these electronic voting systems down our throats. Yet those systems don't meet the HAVA requirements. Odd, that.

To address your question, present the electronic voting system which has few errors, "that works", and delivers results instantly, and then I'll consider the options.

All of the studies that I'm aware of have stated that the most reliable, secure voting system currently available to us is the voter-correctable precinct-based optical scanner. TrueVoteCT.org is celebrating their victory adopting such as system. Voter Action's lawsuit in New Mexico got them to see the light. Etc.

(Note that some areas in Florida turned off the "voter correctable" feature on the optical scanners in 2000. So voters in heavily Democratic areas didn't know when there was a problem with their ballots. Which is why the voter correctable feature shouldn't be optional.)

[ Parent ]

Model it After ATMs (none / 0) (#90)
by Xptic on Sat Sep 02, 2006 at 03:42:08 AM EST

Show me a money distribution system that works and then banks will consider the options...

The current ATM system is quite secure.  most insecurities in the system are based on the fact that everyone uses their ATM card for everything.

If you give people a card and PIN for voting, and model the system after the current ATM network, you'll have voting that is very accurate and very fast.

[ Parent ]

Very Accurate? (none / 0) (#96)
by zappini on Tue Sep 05, 2006 at 03:50:19 PM EST

I'm sorry, I'm getting lost in the thread.

If you give people a card and PIN for voting...

Yea. Totally. And if you gave my grandmother wheels, she'd be a trolley car.

Your point is a non-sequitur. In the USA, we use a secret ballot. If you gave everyone a pin, then it wouldn't be a secret ballot any more. So, yea, your proposed system would be accurate, fast, and no longer secret. Well, it's an interesting idea.

Many others have written about the falacies comparing ATMs to vote machines. Your ATM usage is tied to a bank account. That system uses double entries, meaning debits match credits. ATMs are also completely transparent and verifiable.

All of the attribute which make the ATM systems of the world sing exhaustively prohibit the use of similar systems for voting. It's that secret ballot again.

[ Parent ]

ATMs aren't a risk for the bank (none / 1) (#91)
by godix on Sat Sep 02, 2006 at 11:33:12 AM EST

they're a risk for the customer. Sure, many banks will cover ATM fraud as a customer service gesture but in many situations they don't actually have to. Plus ATMs save banks a huge amount of money since they need to employee fewer tellers than pre-ATM days. So in the end a banks cost benefit analysis may be that there is a statistically significant percentage of fraud with ATMs but it still works out cheaper anyway.

OTOH in voting ANY fraud is a problem regardless of if it's fraud on the users side or the machine operators side. And there is no cost/benefit analysis with voting to offset a statistically significant percentage of fraud. So while the ATM system make sense for banks it may not make sense for voting.


- An egotist is someone who thinks they're almost as good as I am.
[ Parent ]

hmm. (none / 1) (#59)
by aphrael on Tue Aug 29, 2006 at 03:06:58 AM EST

ok, apparently curbside voting isn't required by the elections code. all it says is that disabled voters must be treated in accordance with the americans with disabilities act.

however, the issue is that many polling places are not handicapped-accessible, and under ADA, there must be some provision for enabling them to cast an in-polling-place ballot when their polling place is not compliant.


[ Parent ]

also (none / 0) (#60)
by aphrael on Tue Aug 29, 2006 at 03:10:48 AM EST

this seems to claim that HAVA requires curbside voting. I'm not up on the contents of HAVA, so I can't confirm, but it seems like a credible claim: HAVA is the law which requires that blind people be able to vote unassisted, after all.

[ Parent ]
WARNING!!! (1.06 / 29) (#9)
by EminenceFront on Sun Aug 27, 2006 at 12:06:59 AM EST

THE AUTHOR IS A KNOWN HOMOSEXUAL

Yes, and? (3.00 / 2) (#12)
by aphrael on Sun Aug 27, 2006 at 12:11:12 AM EST

We're talking about electronic voting, not my sex life.

Now, if you'd rather talk about my sex life, we can take a side conversation to the diary ghetto, where such talk belongs. :)

[ Parent ]

What's your favorite position? (none / 1) (#21)
by debacle on Sun Aug 27, 2006 at 04:47:39 PM EST

Do you guys do any watersports/scat play?

Which one of you is kinkier?

It tastes sweet.
[ Parent ]

does this LOOK like the diary ghetto? (none / 0) (#23)
by aphrael on Sun Aug 27, 2006 at 05:14:57 PM EST



[ Parent ]
Yes it does (2.80 / 5) (#26)
by godix on Sun Aug 27, 2006 at 06:25:45 PM EST

It's a webpage with grey, white, a blue colors mostly. It has text. I can moderate comments. Most of them aren't worth reading much less moderating though. It's full of trolls and fuckwits. Look exactly like the diary ghetto to me.


- An egotist is someone who thinks they're almost as good as I am.
[ Parent ]
h5 PM [nt] (none / 0) (#28)
by debacle on Sun Aug 27, 2006 at 08:36:50 PM EST



It tastes sweet.
[ Parent ]
These days it all kind of blurs together. (none / 0) (#72)
by kitten on Tue Aug 29, 2006 at 09:05:15 PM EST


mirrorshades radio - darkwave, synthpop, industrial, futurepop.
[ Parent ]
WARNING!!! (2.75 / 4) (#15)
by BJH on Sun Aug 27, 2006 at 07:56:35 AM EST

THE PARENT IS AN OBVIOUS FUCKWIT
--
Roses are red, violets are blue.
I'm schizophrenic, and so am I.
-- Oscar Levant

[ Parent ]
Hey friend! (none / 0) (#63)
by Notorious WoW G on Tue Aug 29, 2006 at 05:09:41 AM EST

How's the programming career going? Still stuck in the 1970's? Please post a story to the queue describing your state-of-the-art optimisation techniques, such as inlining all functions and manual loop unrolling.
--
AND I HATE THE WORD 'FAT.' WHO CARES?!!! DON'T YOU KNOW HOW TO LOOK BEYOND A PERSONS APPEARANCE AND INTO THEIR HEART??! -- somaudlin
[ Parent ]
we're all faggots here (none / 0) (#17)
by circletimessquare on Sun Aug 27, 2006 at 11:24:54 AM EST

in the endearing, online name calling sense

NO YUO!!!!!!!!!!!!!!!!!!


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

excellent aph... (none / 0) (#14)
by terryfunk on Sun Aug 27, 2006 at 12:42:55 AM EST

FP from me...

Thanks!

I like you, I'll kill you last. - Killer Clown
The ScuttledMonkey: A Story Collection

technophilia (3.00 / 4) (#18)
by circletimessquare on Sun Aug 27, 2006 at 11:30:53 AM EST

what we need is simplicity when it comes to voting, not complexity. i believe we should never go to electronic voting, and even get rid of mechanical voting booths, which has a sordid history of tampering

of course you can do fraud scams with simple paper ballots too: lose them for entire districts, stuff the boxes with fake votes, etc. but any more complexity in the voting system doesn't remove these scams, it just adds a new layer of possible scams

fraud happens in all forms of voting mechanisms, and voting is just too much of an important and vulnerable part of our social cohesion and the source of so much faith in and integrity of our government. being so vital and vulnerable, the point in my mind would be to oversimplify the voting process on purpose. the more complex the system, the more points of failure and the more possibilities of fraud. so make the process very simple: paper ballots

i mean seriously, why the technophilia? voting is a problem that is not solved better with more technology, just made more complex. paper ballots i say. the k5 crowd of any crowd of people should know all about the various and sordid ways malfeasance can be achieved in electronic communication and electronic storage and voting (especially here!). voting is not a complex math problem. it's very simple. no computer need apply

electronic voting can be a downright scary prospect. don't mess with it, simplify it, which means avoiding computers in the voting process like the plague. i'm not a luddite, i am simply saying that specifically in reference to the voting process, it must be simplified technologically to ensure faith and integrity in our government

because people already doubt enough about how much their vote counts. why give them yet another paranoid schizophrenic reason for them to think their vote doesn't count/ doesn't matter ("it doesn't matter man, it's all in the computer, and they just change the votes to whatever they want them to be man")

The tigers of wrath are wiser than the horses of instruction.

i'm not fond of electronic voting (3.00 / 2) (#19)
by aphrael on Sun Aug 27, 2006 at 12:33:42 PM EST

but in this case, you've got to hand it to the disabled rights activists.

it is a requirement of federal law that disabled people be able to vote in a regular polling place without assistance.

this means that there MUST be a machine capable of allowing a blind person to mark a ballot themselves rather than having a poll worker mark it for them.

paper isn't gonna cut it anymore.


[ Parent ]

"Hmmm... (none / 0) (#20)
by circletimessquare on Sun Aug 27, 2006 at 01:13:59 PM EST

didja notice fred that 100% of blind people voted reynolds last election?"

The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
i'm not defending the law. (none / 1) (#22)
by aphrael on Sun Aug 27, 2006 at 04:58:30 PM EST

but the law is what it is, and failure to comply will get a county sued by disabled rights activists.

[ Parent ]
braille works on paper (3.00 / 3) (#32)
by nuntius on Sun Aug 27, 2006 at 10:14:32 PM EST

or do you think a flat touch-screen is easier to feel than paper?

Also, at what level do we have to compromise overall security, in order to accommodate everyone?  How about those in nursing homes who need assistance to eat?  Nah; I'm sure they're caretakers never say, "So you want to vote for <my favorite>, right?  He's much better than the other guy."

If not paper, I at least want a voting system where SOME SUBSTANTIAL PHYSICAL THING is destructively modified in the process.  I'm all in favor of replacing the paper trail with stamped metal sheets -- anything that makes vote tampering more expensive is a good thing.

I don't see any reason (other than a funding conspiracy/pressure from vested interests) why "disabled rights activists" would care in the least whether voting was done electronically.

[ Parent ]

Screen readers are better (none / 0) (#51)
by decrocher on Mon Aug 28, 2006 at 08:57:42 PM EST

Not a lot of visually impaired people know braille. It's a pretty complicated system to learn even if you were born blind (and forget about it if you're trying to learn it in the nursing home). Screen readers are better for this stuff, in general, and it tends to be cheaper.

[ Parent ]
three things (none / 0) (#54)
by aphrael on Mon Aug 28, 2006 at 09:50:52 PM EST

  1. Apparently some staggeringly large number of blind people can't read braille, and it's now taught at a minority of schools for the visually impaired. Also ... a touch screen plugged into a speaker can give you audio feedback about what you have done, and tell you what you need to do to correct it. Braille can't do that.

  2. I agree that compromising overall security in order to accomodate everyone is a bad idea; there's a tradeoff, and it's easily possible to go too far in either direciton.

  3. You may not see a good reason why disabled activists should care if voting is done electronically, but they care.


[ Parent ]
Ridiculous (none / 1) (#65)
by Kadin2048 on Tue Aug 29, 2006 at 09:52:41 AM EST

So we're going to potentially compromise our entire system of government, just so that a few blind people can theoretically participate unaided?

"Hey, the whole system may be rigged, and nobody has any faith in it, because the average person can't even understand it ... but damn if those blind people can't vote!"

What's the point? You're risking alienating everyone, because you don't want to alienate a handful of people?

It's like theater of the absurd. We'll all be equally disenfranchised when the ADA-types get done.

[ Parent ]

Disabled Voting (none / 1) (#68)
by zappini on Tue Aug 29, 2006 at 08:00:59 PM EST


it is a requirement of federal law that disabled people be able to vote in a regular polling place without assistance.

this means that there MUST be a machine capable of allowing a blind person to mark a ballot themselves rather than having a poll worker mark it for them.

paper isn't gonna cut it anymore.

First, I fully support the right of disabled voters to cast their ballots in private. Which is just another reason why I oppose electronic voting machines. Virtual ballots are not private ballots. Nor are they counted publicly.

Second, there are completely non-electronic alternatives to electronic voting machines. Like the Vote-PAD, for instance. Cheaper. Reliable. Private voting. Public counting. Paper based. Accommodates many more forms of disability than the Diebold AccuVote TSx touchscreens or the Hart/Intercivic eSlate electronic voting machines.

Third, please read Voters Unite's Myth Breakers, which soundly refutes all of the misinformation about HAVA requiring electronic voting. It simply isn't true.

Fourth, I can think of no justification why any of us should loss our secret ballots just so that others may vote using insecure, unreliable, expensive voting machines which neither protect the secret ballot or have an open counting process.

Finally, demand private voting and public counting. They're the two pillars of our democracy. It's also the law in many states (like my own Washington State). Lose those two attributes and you're no longer in a democracy. At least not like you think.


[ Parent ]

responses (3.00 / 2) (#69)
by aphrael on Tue Aug 29, 2006 at 08:14:32 PM EST

With the system described in this post, how are you losing your secret ballot? There is no way to associate a voter with their random access code, so there is correspondingly no way to associate a voter with their votes.

I am deeply concerned about the integrity and validity of the vote data in electronic systems, but I don't understand the allegation that it isn't secret.

[ Parent ]

Good Question (none / 0) (#70)
by zappini on Tue Aug 29, 2006 at 08:41:18 PM EST

With electronic voting, secret and verifiable are mutually exclusive. With some systems, like the Diebold optical scanners, it's neither. Not much is known about the eSlate's inner workings. Certainly not by me. So I don't know if they choose secrecy or verifiability.

[ Parent ]
um. (none / 0) (#73)
by aphrael on Wed Aug 30, 2006 at 01:42:03 AM EST

how are secrecy and verifiability in opposition here? puzzled look

[ Parent ]
Mutually Exclusive (none / 1) (#78)
by zappini on Wed Aug 30, 2006 at 12:05:15 PM EST

Haven't had my coffee yet and I'll probably make a hash of this. So please forgive. I appreciate you asking. Because I definitely need the practice explaining.

There are two separate functions, voting and counting. I'll start backwards with counting and work towards voting. An example electronic counting machine are the voter-correctable precinct-based optical scanners.

Data processing is input -> processing -> output. Software testing is feeding known inputs and verifying expected outputs. To be testable, a system's usage must be repeatable.

To maintain secrecy (the secret ballot) data must be  thrown away, to cut that processing step above in half, so that you can't work backwards to determine how someone voted. That's inherently unverifiable. You could do blackbox testing, sure, but that's not enough (in my opinion).

To maintain verifiability, you have to have a data path that you can inspect. That's how our paper based voting at poll sites currently works. It's intentionally. By cutting the problem in two, with paper serving as the information mediator (conveyer) from one stage to the next, and a ballot box to accumulate votes, we can get both the secret ballot and verifiability.

One way for electronic counting systems to tabulate the votes is to have accumulators. One for each candidate. Person gets a vote, increase their count by one. This approach throws data away (the transactionional information which would tie the votes to the voter). It is therefore unveriable.

Alternately, if a system recorded transactional data, like the full ballot, in the order where applied, etc. the system becomes testable. But it is no longer secret.

One clever trick is to use a one-way hash function on the time the ballot was cast. This could, if enough safeguards are in place, prevent anyone from tying the votes in memory with the order the voters signed into the poll site, thereby keeping the secret ballot.

(To the best of my knowledge, none of the systems use the clever trick of hashing the timestamp. There's some research papers about it. The Hart/Intercivic vendors claim their memory is encrypted. I have read, but not verified, that one system from Diebold, the AccuVote OS optical scanners, just records ballots in order in a table. Another system, Sequoia's optical scanner I think, actually records the entire ballot image in memory, in order. Both are "suboptimal" solutions.)

Now add voting, the casting of the ballot to be counted. With a DRE like the eSlate, there is exactly no way to determine if the votes entered are the votes recorded. You can test and test and test. But it's fundamentally a blackbox. Everything is input -> processing -> output.

(To make matters worse, these systems have separate "test" and "election day" modes. So the "logic & accuracy" tests conducted by elections officials are meaningless.  Wisconsin activist John Washburn has done the a huge amount work on this issue. http://washburnsworld.blogspot.com/)

If you can determine how someone voted, it's no longer a secret ballot. If you have a secret ballot, you can't verify an electronic system.

--

I gotta dash off to work. I love talking about this stuff. Election integrity activism is what I do off hours. If you'd like to followup or chat, my blog is zappini.blogspot.com, I post on washblog.com, and my email is user "zappini" on google mail.


[ Parent ]

especially for senior citizens (none / 0) (#100)
by terrialice on Mon Sep 11, 2006 at 06:08:34 PM EST

which also happen to be the largest demographic group that does vote regularly.

[ Parent ]
I don't get it (3.00 / 6) (#24)
by cdguru on Sun Aug 27, 2006 at 06:17:38 PM EST

Over an over the are discussions about electronic voting machines.  These machines are designed to:
  • Eliminate recounts, or at least make them so they take far less time.
  • Enable disabled people to vote themselves
  • Enable immediate reporting of results.

If we do not have this in the US, voting will soon be irrelevent.  The disabled activists will sue every jursidiction into oblivion.  The news organizations will report who they think should win.  People already look at news reports before voting and say "why bother?" because either their candidate is already ahead or so far behind it doesn't matter.

The random-choice-between-two-evils has gotten so bad that the results are within a couple of percentage points now, if that.  This is dangerously close to the margin of error with manual processes.  Again, if the difference is below the margin of error, what is the point of anyone voting?  It is all just a toss-up.  This was clearly shown in Oregon where each recount came back with different results.

So, something is needed and needed right away.  Fraud?  Fraud is far, far less severe a problem than apathy.  Fraud is far less of a problem than the vote being "stolen" by the news reports claiming someone has one before the West Coast polls have closed.

Why does the US population seem to demand results within a couple of hours when other countries can wait two weeks?  I don't know the answer to that, but I suspect it has to do with the whole idea of it being a "horserace" and there being a "winner" and a "loser".  You do not have to wait two weeks for the results of any other sort of "race".

Just to clarify about the margin of error here... If you sit 100 people down to count jellybeans in a 100 jars you will end up with somewhere around 1-2% error even with the most careful people.  It is possible to have every single operation repeated three times and only accept results where three different people come up with the same result, but that requires incredible patience, patience that the US population doesn't have for vote-counting.  Check how amusement parks count cash and compare this to how votes are counted.  It is highly unlikely we are going to see high-accuracy counting being done for votes.  When the margin between candidates is 10-15% nobody cares about 2% error.  When the margin between candidates is 0.2% then 2% error is 10 times the difference and it makes getting a repeatable, reliable and accurate vote count impossible.  That is where we are today.

Nani? (none / 1) (#33)
by vectro on Sun Aug 27, 2006 at 10:17:49 PM EST

People already look at news reports before voting and say "why bother?" because either their candidate is already ahead or so far behind it doesn't matter.

Ehhm, asides from gerrymandered House districts, most major races in the US are highly contested. Consider, for example, the most recent two presential races. Saying that most races are so decisively decided as to encourage apathy is just silly.

“The problem with that definition is just that it's bullshit.” -- localroger
[ Parent ]

In some ways he's right (3.00 / 3) (#35)
by godix on Sun Aug 27, 2006 at 10:30:20 PM EST

There are more 'safe' districts than contested ones although much of this is due to gerrymandering. On the national level, most states are easily predicted. I live in IL and in 2004 I knew my state would go for Kerry no matter how I personally voted. I'm sure anyone in NY or CA would know that long before the election as well. And pity the poor democract in TX, he never had a prayer of seeing his state go for Kerry. And lets not even get into the national elections where the winner is all but decided before the west coast polling time ends. To a large degree the reason many feel their vote doesn't matter is because to a large degree it really doesn't. On the other hand, if any third party could tap into a 'your vote doesn't matter so give it to me' vibe they could easily upset or win an election. Look at Ross Perot in '92 for example.


- An egotist is someone who thinks they're almost as good as I am.
[ Parent ]
Why don't you have single majority votes? (none / 0) (#37)
by tetsuwan on Mon Aug 28, 2006 at 04:44:47 AM EST

After all, you're not voting for a state governor, so why these crazy system with meaningless votes?

Njal's Saga: Just like Romeo & Juliet without the romance
[ Parent ]

History. (none / 0) (#39)
by rpresser on Mon Aug 28, 2006 at 08:52:37 AM EST

Goes back to the forming of the US Constitution; there was significant tension between states with small populations and those with large ones. Hilarity ensued; er, I mean compromises ensued. Each state gets two electoral votes for being a state, plus additional electoral votes based on its population. If it was strictly one man one vote nationwide, then the smaller states might as well not bother voting -- New York, Texas, California and Florida would decide the election.
------------
"In terms of both hyperbolic overreaching and eventual wrongness, the Permanent [Republican] Majority has set a new, and truly difficult to beat, standard." --rusty
[ Parent ]
Conclusion doesn't follow (none / 0) (#40)
by tetsuwan on Mon Aug 28, 2006 at 10:14:32 AM EST

If all votes were equal, all votes would count. Very simple. I understand the historical reasons, but it really doesn't make any sense now. People vote, not states.

Njal's Saga: Just like Romeo & Juliet without the romance
[ Parent ]

Voting (none / 0) (#50)
by Xptic on Mon Aug 28, 2006 at 08:55:24 PM EST

>>People vote, not states.

Actually, that's not true.  In the original system, The People voted for their State leadership.  After that, the State leaders would select Electorial Voters to represent that State in Federal elections.

Most (all?) States have no revised this so that the winner of the popular vote for the State earn all Electorial votes for that State.

Now, on to what I'd like to see.

First would be to change the Electorial system from winner take all to a proportional system.  Every State would have an odd number of Electors.  If the state split 60/40, then some of the Electors would vote Dem and some Repub.

Second would be to just count the popular vote and get rid of the Electors.  There may be some problems with regards to the US Constitution in this matter.  In any event, it would require an Ammendment to the Constitution.  We'll never see that because those in power don't want the system to change.

Finally, I'd like to see a system where every law voted on gets public review.  If the majority of the US votes against the DMCA, for instance, then no matter what Congress votes, it's off the books.  Kinda like a public veto system.

[ Parent ]

An interesting (but wrong) theory. (none / 0) (#41)
by vectro on Mon Aug 28, 2006 at 01:15:42 PM EST

We can measure it quite simply: Is voter turnout any higher in states with contested presential elections versus states with decisive elections?

Unfortunately, the data do not support your thesis. Running a regression analysis of voter turnout (% of eligible citizens) versus the popular vote differential (e.g., winner % minus loser %) yields almost no connection whatsoever (r=-.05).

Interestingly, comparing voter turnout to election result (% popular vote for Bush) yields a slightly more significant result (r=-.18), indicating that Democratic states tend to have higher turnout. What this suggests is that eliminating the electoral college would be an enormous win for the democratic party (and, conversely, an enormous lose for the republican), since not only are the more populus (thus underrepresented) states Democratic, but those states also tend to have higher turnout.


“The problem with that definition is just that it's bullshit.” -- localroger
[ Parent ]

god motherfucking damnit (2.75 / 16) (#25)
by rhiannon on Sun Aug 27, 2006 at 06:18:46 PM EST

Why are our voting machines developed and built by private companies without a standard or open source?

Voting is the most important part of our democracy, it's more important than the post office, the highway system, the military, the space program, the war on drugs, the judicial system, it's the fundamental rock on which our country is built upon, it's not a no-bid contract or another slice of pork.

The voting machine companies shouldn't be telling us how to vote, we the people and the federal government should be telling those companies exactly how to build our voting machines, then they should bid to build these machines exactly to our open specifications.

And voting days should be holidays for fucks sake.

-----------------------------------------
I continued to rebuff the advances... so many advances... of so many attractive women. -MC

-1, homosexual propaganda (1.00 / 30) (#36)
by The Chaos Grid on Mon Aug 28, 2006 at 02:25:57 AM EST

take your recruitment pitches elsewhere.

But what do I know? I'm just trolling you.

Did you know that (none / 1) (#42)
by zooty on Mon Aug 28, 2006 at 01:34:41 PM EST

in 1506, the Venetian prostitutes' guild complained that homosexuality had become so prevalent as to threaten its livelihood? Civilizations in decline typically take on the characteristics of Bonobo monkeys.

[ Parent ]
venice wasn't in decline in 1506. (none / 0) (#43)
by aphrael on Mon Aug 28, 2006 at 01:44:46 PM EST



[ Parent ]
The decline of Venice (none / 0) (#44)
by zooty on Mon Aug 28, 2006 at 01:52:54 PM EST

is typically stated to have begun in the second half of the 15th century, specifically the fall of Constantinople to the Turks in 1453.

[ Parent ]
i've never heard that said (3.00 / 4) (#45)
by aphrael on Mon Aug 28, 2006 at 02:00:16 PM EST

and i've done a fair amount of reading on both turkish and italian history. The sense I have is that Venice was at the height of its powers in the late fifteenth century, and that this is what drew most of the rest of Italy, not to mention the French into a balancing alliance against it.

To be sure, the Ottomans inflicted terrible losses in the 1470s, but Venice's fortunes revived in the 1480s, and they were able to take control of Cyprus during that decade. Most of Venice's problems in the first decade of the 1500s were on land, with Italian land powers, and not at sea; and it was not until the 1540s or so that Venice was forced to capitulate to whatever the Ottomans desired.

Up through the middle of the 16th century, Venice remained a widely feared power throughout the non-Ottoman mediterranean, and it wasn't really until the middle of the 17th century that it was widely regarded as a power past its prime.


[ Parent ]

Okay then. (none / 1) (#46)
by zooty on Mon Aug 28, 2006 at 02:14:33 PM EST

To be sure, the Ottomans inflicted terrible losses in the 1470s, but Venice's fortunes revived in the 1480s, and they were able to take control of Cyprus during that decade. Most of Venice's problems in the first decade of the 1500s were on land, with Italian land powers, and not at sea; and it was not until the 1540s or so that Venice was forced to capitulate to whatever the Ottomans desired.
Now tell me what about this description doesn't just scream "DECLINE!"

The decline of a country is a centuries-long process, not a sudden realization of "Oops, we're no longer #1, let's hope the Ay-rabs won't rape our women."

[ Parent ]

is it decline to suddenly encounter someone new? (none / 0) (#47)
by aphrael on Mon Aug 28, 2006 at 02:22:08 PM EST

'decline' does not equal 'being defeated in battle';  'decline' equals 'no longer being able to sustain yourself as a great power'.

Venice was defeated by the Ottomans in the 1470s, sure. But it held them off --- which nobody else at the time was able to do --- and maintained itself as a major power in the region.

It was so strong, in fact, that it provoked a balancing alliance against it; and it managed to hold that alliance off, as well.

Seems to me it was doing damned well at the time.

[ Parent ]

"Decline" for a country means (none / 0) (#48)
by zooty on Mon Aug 28, 2006 at 02:36:12 PM EST

having to work to maintain its status as a power instead of trouncing others, trying to holding on to what it has instead of expanding, having to defend itself against the ambitions of its competitors.

[ Parent ]
You imply (none / 0) (#79)
by tetsuwan on Wed Aug 30, 2006 at 02:30:22 PM EST

That all nations today are in a decline, regerdless of the world economy.

Njal's Saga: Just like Romeo & Juliet without the romance
[ Parent ]

Yeah, that's it blame the gays (none / 0) (#55)
by nlscb on Mon Aug 28, 2006 at 11:09:49 PM EST

for chunking up and getting lazy.

God, chicks can be worse than unions blaiming immigrants, blacks, and jews for their own failures.

Comment Search has returned - Like a beaten wife, I am pathetically grateful. - mr strange
[ Parent ]

write-ins (2.83 / 6) (#57)
by the77x42 on Tue Aug 29, 2006 at 01:53:22 AM EST

using a scroll wheel to select letters? that's a little discouraging.

i'd like to see someone sip-and-puff out "george washington" without passing out.

what's also discouraging is the fact that an electronic system is perceived to be needed. we are in a sad state if we need to rely on a computer to count pieces of paper for us.


"We're not here to educate. We're here to point and laugh." - creature
"You have some pretty stupid ideas." - indubitable ‮

Quick question (none / 0) (#61)
by The Diary Section on Tue Aug 29, 2006 at 03:45:37 AM EST

the candidates names appear on a screen right? These are presumably quite large screens.
Set my mind at ease, they all appear on the same page at the same time, no "1 of 3" or scrollbar I hope.
Spend 10 minutes in the company of an American and you end up feeling like a Keats or a Shelley: Thin, brilliant, suave, and desperate for industrial-scale quantities of opium.
depends. (none / 1) (#67)
by aphrael on Tue Aug 29, 2006 at 03:07:11 PM EST

for a normal race, they all appear on the screen together --- there's room for ~20 or so.

for something like the 2003 california recall, you're gonna have to scroll.

[ Parent ]

that is a little discouraging (none / 0) (#75)
by The Diary Section on Wed Aug 30, 2006 at 04:00:47 AM EST

the ridiculous thing you could do is that if you are running against a Mr Zin who is your closest rival and there are 20 candidates, you could get your friend Mr Zellwigger to enter the ballot and gain what I imagine from HCI studies would be a small but significant advantage over him.
Spend 10 minutes in the company of an American and you end up feeling like a Keats or a Shelley: Thin, brilliant, suave, and desperate for industrial-scale quantities of opium.
[ Parent ]
not so. (none / 1) (#80)
by aphrael on Wed Aug 30, 2006 at 04:08:52 PM EST

candidates are not listed in alphabetical order; the alphabet is randomly rearranged for each election.

also, there is NO CONCEIVABLE TECHNOLOGY which would list 153 candidates on one screen. when i was in santa cruz, this required three different pages in the multipage ballot.

same problem applies there.


[ Parent ]

Hrm ok (none / 1) (#86)
by The Diary Section on Thu Aug 31, 2006 at 03:51:12 AM EST

I forgot you lot held elections to see who is in charge of putting the trash out at the town hall.
That said, last council elections, we had a ballot that was A2 in size.
There are still arguments about electronic counting here so I can't see electronic voting ever coming in.

Spend 10 minutes in the company of an American and you end up feeling like a Keats or a Shelley: Thin, brilliant, suave, and desperate for industrial-scale quantities of opium.
[ Parent ]
Great Write Up (3.00 / 3) (#71)
by zappini on Tue Aug 29, 2006 at 08:54:48 PM EST

Hi aphrael-

Thank you for sharing your experiences with the Hart/Intercivic eSlate. I also wrote up my brief exposure to the eSlate Report: Public Examination of Diebold and Hart Systems (Jan 21, 2006). It's a bit long. The brief version is the eSlate doesn't suck as much as Diebold's AccuVote TSx.

I have a couple of responses to your article. Please bear with me, as I'm doing this in a rush.

Private Voting, Public Counting

In my opinion, all electronic voting is unconstitional. The foundation of our democracy is private voting and public counting. It's in our Washington State constitution. It's the basis of Paul Lehto's lawsuit against Sequoia Voting Systems and Snohomish County.

If I'm correct, this current discussion over electronic voting is moot. The reason is because their is no technical solution for a single machine to preserve both the secret ballot (private voting) and be testable (public count). The only viable solution is using retaining the paper ballot, perhaps generated with a ballot marking device, which is then run through an open source, audited, secured voter correctable precinct-based optical scanner.

Unauditable Paper Audit Trail

Way too many people place an inappropriate amount of faith in the voter verified paper audit trail. (Various names are used state to state.) It's a placebo. No amount of meaningful testing and auditing is performed. There's no way to determine if what's recorded electronically is the same what was printed. Many states don't regard the VVPAT as the "official ballot", so it has no legal standing. And the few efforts to actually conduct an audit using the paper trail were horrible experiences. Check out Voter Action, they did a lot of work in New Mexico and address this issue directly.

Also, I heard Jill LaVine, Sacramento County's registrar of voters testify during the April EAC meeting that manually auditing the paper trail is impractical. It took something like 1 hour per ballot cast.

Train Wreck

It's true that Hart/Intercivic isn't as notorious or awful as Diebold. But they aren't exactly angels either. I think their relative lack of infamy is mostly because of their smaller marketshare. If they were used more, we'd be hearing a lot more.

Check out Vote Trust USA's page on Hart/Intercivic. Some of it is not pretty.

Also, it's good to regularly check the Election Integrity News. Here's two helpful Google searches. One for "hart". Another more specific one for "eSlate".

Poll Worker

Thank you also for serving as a poll worker. You are too cool for words.

It's incredibly important that we geeks pull our weight. Problems with the electronic voting and electronic counting machines are happening nationwide. The more eye balls the better.

Here's the EAC's Be A Poll Worker site, just in case anyone else wants to join the party.

Or maybe everyone's trying to figure out how to get a toe hold on election integrity activism. Blackbox Voting has thoughtfully put together a Citizen Toolkit To Take Back Elections. It's full of great ideas.

Okay. That's it. Thanks for listening.


I would note (3.00 / 2) (#74)
by aphrael on Wed Aug 30, 2006 at 03:07:52 AM EST

that the very first story on the votetrust/usa page is about Hart agreeing to comply with any future requirement that things be open sourced, said agreement insisted on by my county's election department as a condition for approving the contract.

my opinion of warren slocum just went up a notch.


[ Parent ]

Open Source Intentions (none / 1) (#103)
by zappini on Mon Sep 11, 2006 at 06:58:50 PM EST

You say "very first story" and I would say "most recent story". If I was a skeptic, I might even be tempted to suggest that such an announcement was intended as a distraction.

I'll get excited when Hart/Intercivic actually releases all of their hardware and software as open source AND submits their wares to independent (e.g. non-industry funded) testing laboratories AND comes up with a technical solution which preserves the secret ballot as well as ensures a public vote count.

Until then, it's just more hot air.

I met the Hart/Intercivic reps working over Washington State. They were sharp, competent, and wholy professional. All good qualities. But I have to admit that I didn't pick up any alturistic vibes.

[ Parent ]

close elections (2.75 / 4) (#77)
by signifying nothing on Wed Aug 30, 2006 at 09:13:23 AM EST

Would you be willing to live with that fraction of a percent error if the difference between who wins is a fraction of a percent?


Yes, I would be willing to live with it. If one guy gets 48.88% for the vote, and someone else 48.89%, then (even if turnout is 100%), either result is about equally legitimate.


To claim that a narrow plurality choice being carried is vitally important to the integrity of the system is wrong-headed in my view.
A functional democratic system should ensure that a preference of (say) 60% of the population brings about a change of government. What happens when the population are very closely divided is not vitally important.

could not agree more (none / 1) (#94)
by Delirium on Sun Sep 03, 2006 at 12:48:48 AM EST

If the population is about equally divided, the two choices are about equally good as far as democracy goes, and it's a waste of time to try to figure out who "really" won. Why is there so much of a hangup on figuring out, out of 20,000 voters, who got 10,001 in favor and who got 9,999?

[ Parent ]
Printout order? (3.00 / 4) (#83)
by QuickFox on Wed Aug 30, 2006 at 07:04:47 PM EST

How are the printouts stored in each booth? If they are stored in the same order as the voters use the machines, the vote secrecy is very poor.

Give a man a fish and he eats for one day. Teach him how to fish, and though he'll eat for a lifetime, he'll call you a miser for not giving him your fish.<
re: Print Order? (none / 0) (#85)
by zappini on Thu Aug 31, 2006 at 12:09:15 AM EST

That's very good question. I'll ask if that voter verified paper audit trial is a public record.

[ Parent ]
Follow up (3.00 / 2) (#87)
by zappini on Thu Aug 31, 2006 at 03:43:33 PM EST

Well. Turns out that was a great question. The answer is non-obvious.

It appears that King County Washington's use of the DREs may lose the secret ballot. We have one DRE per poll site. Further, being a huge county, each precinct has its own ballot code. (There's a ballot code assigned for every combination of races, which differ per juridiction. For instance, you and I might be neighbors, but be in different fire districts.)

Two open questions remain.

There may be rules or procedures that will preserve the secret ballot. I can't see how, but the question still needs to be asked and answered.

The next question is how hard it is to infer the ballot code used from the VVPAT. My hunch is the ballot code is actually printed. I'll know in a day or two.

In summary, your mileage may vary. You'd really have to examine your own elections, procedures, and rules to determine if the secret ballot is preserved in your county. If you have multiple DREs per poll site, you're probably okay. If voters from multiple precincts use the same ballot code, then again you're probably okay.

Again, thanks for asking your question. Good stuff.

[ Parent ]

in our system (none / 0) (#98)
by aphrael on Thu Sep 07, 2006 at 06:58:26 PM EST

the code is not printed on the paper ballot, but it may be in the machine-readable bar code.


[ Parent ]
how so? (none / 0) (#97)
by aphrael on Thu Sep 07, 2006 at 06:57:34 PM EST

they are stored in the order received.

but it doesn't matter!

the voter comes in. his name is marked off in the roster (NOT numbered!). he is given a code (which can't be traced to him). he enters one of several booths and punches in the code.

you might be able to trace the vote to the code; but without being able to see the order in which voters came in, how does that help you trace the vote to teh voter?

[ Parent ]

Inspector's List (none / 0) (#101)
by zappini on Mon Sep 11, 2006 at 06:28:52 PM EST

I can only speak to King County Washington, where I've served as a poll worker. Though, honestly, I'd be surprised if your juridiction is significantly different.

That list of eligible voters is what we call a Poll Book. Additionally, voters print their own names on the Inspector's List. Each page of the Inspector's List is publicly posted, as law requires.

The Inspector's List is how poll watchers and observers keep track of who voted on election day. They check the list, compare it to their own voter file, and then will followup with an attempt to contact any voters who have not yet voted. It's standard GOTV.

[ Parent ]

in our jurisdiction (none / 0) (#105)
by aphrael on Wed Sep 13, 2006 at 01:38:23 PM EST

the roster is alphabetized, as are the public lists available for poll watchers.

you sign on the page where your name is found, and your name is crossed off of the public list.

after the first voter, how do you know who voted in what order? :)


[ Parent ]

Secure, my pasty white ass cheeks (3.00 / 3) (#92)
by trhurler on Sat Sep 02, 2006 at 07:24:38 PM EST

1) "There appears to be no combination of keypresses . . ." - so what? One of my former roommates believed there was no combination of keypresses that would give me root on his machine without knowing his password, too. Nevertheless, given a login prompt, I could get a root shell at will, because his machine had code in it (which I put there:) to allow just that.

2) Serial connections? Have you ever heard of a keystroke recorder? Similar serial devices which record or tamper with what passes through them exist.

3) These are different machines, but as an example of a type of security failure you haven't even considered, look at the Diebold machine: It has a door they don't tell most elections workers about on it which, when opened, reveals two flash card slots. This information, while NOT generally known to elections workers other than a special few, IS widely known on teh intarweb. Put the right flash card in the right slot, and you can manipulate vote counts mid-day with nobody being the wiser. You only need ten seconds with the machine. The "solution" in areas where they know of the problem is to eliminate voter privacy - a great deal, eh? But the overall point here is that you don't really know how the machine works - you just know what you were told about how it works.

4) The zero total device that is not present in polling places can almost certainly be trivially emulated. I'll bet it sends a very simple code that can't easily be changed, in order to prevent officials from screwing up and being unable to reset the machines.

I have seen serial cables with recording/tampering devices built into the cable ends. I have seen no end of devices which the public uses all the time (mall kiosks, etc,) which have non-obvious yet very simple ways to drop them into various debugging, administrative, and other similar modes in which mischief can be done. I have seen at least one device which was "secure" because "we aren't telling anyone it has a bluetooth interface."

Put simply, unless the full specifications and manuals for such a machine are made available for free to anyone who cares to examine them, I don't believe for one moment the machine is secure.

As for being no worse than paper ballot systems, that is likely. Most people have no clue just how completely insecure paper ballots have always been whenever there was a large scale election. It is possible to secure small scale elections almost trivially, but scale makes the problem MUCH harder.

--
'God dammit, your posts make me hard.' --LilDebbie

do I hear Free as in Freedom? (none / 1) (#93)
by Delirium on Sun Sep 03, 2006 at 12:47:15 AM EST

Put simply, unless the full specifications and manuals for such a machine are made available for free to anyone who cares to examine them, I don't believe for one moment the machine is secure.

[ Parent ]
Well, (none / 1) (#95)
by trhurler on Sun Sep 03, 2006 at 01:16:06 PM EST

I would rather compare it to the methods by which real cryptography is handled than to smelly bearded hippies, but yes, the principle is the same.

--
'God dammit, your posts make me hard.' --LilDebbie

[ Parent ]
all i'm asking (none / 0) (#99)
by aphrael on Thu Sep 07, 2006 at 07:01:28 PM EST

is that the system be as secure as the one it is replacing. :)

i happen to know a lot about voting systems from the inside, which leaves me convinced that the systems being replaced weren't very secure to begin with.

as for item #3: I can't speak to the diebold systems. HOWEVER, I can speak to the eSlate, since we were shown how to unmount them from the booths. Changing a card of that sort would require unmounting, which would be noticeable, as it's a pain in the fucking ass to do.


[ Parent ]

Expectations (none / 0) (#102)
by zappini on Mon Sep 11, 2006 at 06:39:39 PM EST

all i'm asking is that the system be as secure as the one it is replacing. :)

Interesting. I just re-read your original post. It sounds like your jurisdiction is replacing paper ballots tabulated on voter-correctable precinct-based optical scanners with eSlate DREs. (Curently the most reliable way to vote in the USA.) Is that correct?

In what ways is the new DRE-based system more secure than the old paper-based system?

I would point out that with paper ballots, physical security is paramount. With DREs, you compound the problem by mixing in electronic security.

I'm also curious if security is your only or perhaps primary consideration. What value do you place on cost, reliability, accessibility, verifiability, and openness?

My observation is that notions of security are difficult to define, because no one can agree on what "security" means, and security concerns are usually balanced against other factors. Or not.

[ Parent ]

my jurisdiction (none / 0) (#104)
by aphrael on Wed Sep 13, 2006 at 01:37:28 PM EST

my jurisdiction is replacing its paper ballots tabulated on precinct-based optical scanners (i don't see that they're voter correctible, except in cases of overvotes) because those machines have been decertified by the state and it's illegal to use them.

there are newer models of these, which are now available. my jurisdiction has decided not to use them because they believe that federal law requires them to have a disabled-access machine in each precinct, and they think it will be easier for precinct workers to handle one system in each precinct rather than two.

also, note, I don't expect the DRE to be more secure; I want it to be as secure. :)

Reliability strikes me as being a subset of security; in an electronic system, I don't see that their distinct questions. Verifiability is imposisble with a truly secret system. Openness is good, but i'm incapable of judging it, because the answer to the question do I understand how this works? is not indicative of how the average non-technical person would understand it.

As for balancing ... of course everything needs to be balanced; that's the hard part of doing public work.


[ Parent ]

Security Analysis of the Diebold AccuVote-TS (none / 0) (#106)
by trasel on Wed Sep 13, 2006 at 03:06:36 PM EST

http://itpolicy.princeton.edu/voting/

princeton cientists have found several security flaws in a voting machine.
Every Latino is born knowing two things: how to lower a Chevy and that the Gringos are always to blame. -- Gary Brecher

Review of e-slate voting systems | 106 comments (91 topical, 15 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!