Other important differences:
Miguel Farah • December 24, 2008 6:38 AM
Further thoughts on the first difference: slot machines are always kept on-site, while EVMs are kept in storage most of the time, making it easier (in theory) to tamper them undetected.
Frank Ch. Eigler • December 24, 2008 6:49 AM
@Peter: “governments can get a lot of influence in the design and operation of the [voting?] machines, for casinos that’s not going to happen as easily.”
My impression is that gambling computer software/hardware design is in fact intensely regulated by various governments (Nevada).
@Bruce: “For some reason I can’t fathom, electronic voting machine accuracy is seen as a political issue.”
That’s because there’s always a political party that loses and can cry sour grapes over perceived injustice.
jon • December 24, 2008 6:53 AM
ATMs are the same thing, too. I once took money from an ATM, but actually received none and got a receipt for the withdrawl. I marched into the bank office and got it taken care of immediately. I’m the only person I’ve ever heard of who had this problem with an ATM.
Yet it seems we willingly accept voting machines that can randomly (or nonrandomly) lose or change thousands of votes at a single machine, with no way to audit or correct mistakes. You’d think it shouldn’t be so hard to develop a voting machine that’s as accurate as an ATM.
C The Soup • December 24, 2008 7:18 AM
@jon
The reason an ATM can be accurate is because it can be audited. There’s a known amount of money in the machine that is reconciled daily. If the machine makes a mistake, you can take your receipt into the bank, and they can perform an audit and determine if it balances.
With an electronic voting machine, the only starting point is zero, and no one knows how many votes should be in the machine at any given moment in time. There’s no way to reconcile what should be in the machine.
It’s simple, electronic voting machines should be used to aid in counting PHYSICAL ballots. But there should always be a physical ballot. Optical readers seem to be tried and true. It feels like we’re trying to use electronic voting technology not to make voting more accurate or easier, but for technology’s sake.
SteveJ • December 24, 2008 7:26 AM
“Optical readers seem to be tried and true.”
Here, have some chads. We have both kinds: dimpled and hanging.
Gary • December 24, 2008 7:58 AM
One major diference (even with the propriatary code issues) is that voting machines are desinged to be honest. While slot machines are designed to be dis-honest.
See: http://www.excellentcontent.com/emuzone/ez132.htm
The emulation of slot machine ROMs has exposed that at specific times no matter what you press in a gamble you have Zero chance of winning.
Mark R • December 24, 2008 8:04 AM
Auditability is the key here. If you want people to vote with a machine, that’s fine – just have it spit out a paper ballot at the end that the voter can read and verity. The ballot goes into a secured ballot box. Then randomly audit samples and do a full manual recount if there’s any sign of trouble. And Bob’s your uncle.
This past election, I voted on an old-school paper ballot with a pencil, which was then read by an optical scanner. My wife used the machine (ironically, this took longer because most people seemed to prefer it). She said there was a ribbon of paper ticking out the back of the machine, but the voter couldn’t actually see what was on it. What would we call that – electoral integrity theater?
Andrew Shirley • December 24, 2008 8:26 AM
@Mark R
Not really theater as it is a legitimate audit trail, allbeit one which could be improved.
If the machine decides to forget all the votes made so far, you can use the hardcopy etc.
JRR • December 24, 2008 8:34 AM
@SteveJ:
Mark Sense works well. Punch cards, not so much.
IMHO, mark/sense ballots are about the epitome of voting technology. You get immediate feedback on overvotes or other spoiled ballot issues immediately, right while the voter is standing there and can correct it.
I have a friend who’s worked every election for 40 years, and my wife worked a different precinct this year and went through the training with the township clerk. They both said that they had NEVER had an inexplicable issue with a mark/sense ballot. In the few times they’d done recounts, the votes only changed by 4 or 5 votes, and in every single case the counters could see exactly what caused the machine to misfire, and there was no confusion.
Punch cards are just a really bad idea. Mark sense is a really good one. They don’t have the read problems of punch cards, but they are both machine readable and human readable and they are their own audit trail.
Lazlo • December 24, 2008 8:59 AM
Another difference, which helps explain the politicization, is that the expectation for a slot machine is that the person using it will lose, while the person owning it will win. If that changes, then the owner will remove it from service. With voting machines, it’s very possible, at least in some places, that everyone who uses it expects “their” side to win.
If you use a slot machine and lose your money, it doesn’t really violate your expectations. Everyone around you is using the same machines, and they’re mostly losing too. Winning is an aberration. If all of your circle of friends are Democrats who vote, and you find after the election that your district results were 51% Republican, you may suspect something is amiss. The Republican across town whose circle of friends is composed entirely of other Republicans who vote, would be likewise suspicious if the results were 51% Democratic. The only voters who go to a voting machine with the same expectation of loss as all slot machine users have are independents.
A nonny bunny • December 24, 2008 9:07 AM
@Gary
I don’t think that’s an issue of dishonesty. Your arrival at the slot machine is for all practical purposes random.
And digital machinery is not known for being random; it is bound to use a pseudo-random number generator.
On the other hand, once the cards in a game of blackjack have been shuffled; there is invariably a sequence of choices where you have no chance of winning. Again, it’s a matter of what state you find the game in as you enter.
You can always flip a coin to decide to play or not; that makes it fair. If the game is set to lose, and you flip “don’t play”, you win; if you flip “play” you lose. Vice versa if the game is set to win.
sooth sayer • December 24, 2008 9:11 AM
They are becoming harder to fix, that’s why you see politicians promoting absentee ballots — why ?
– Cuz Postal ballots can be left in the car-trunks and only used when needed.
– Cuz you can mark them youself .. no need for Dallas football team.
There is about 1000% more crime in absentee ballots; making any errors in voting machine irrelavant.
Tom Welsh • December 24, 2008 9:12 AM
“For some reason I can’t fathom, electronic voting machine accuracy is seen as a political issue”.
Maybe because Republicans seem to be keener on using voting machines, and when things go wrong as a result, the Republican Party seems to be the beneficiary more often than not. Then there are the blatant conflicts of interest. For example, Wikipedia gives the following information.
“In August 2003, Walden O’Dell, then the chief executive of Diebold, announced that he had been a top fund-raiser for President George W. Bush and had sent a get-out-the-funds letter to 100 wealthy and politically inclined friends in the Republican Party…”
Maybe that’s a one-sided view of the matter. The Wikipedia articles goes on to say that “When assailed by critics for the conflict of interest, [O’Dell] pointed out that the company’s election machines division is run out of Texas by a registered Democrat”.
But who swings more weight – the CEO or a divisional manager?
In case you think I’m politically biased, by the way, I’m British and a member of the British Conservative Party.
Jeff • December 24, 2008 9:34 AM
Really, the problem is that electronic voting systems use the same machine to prepare ballots and to count the prepared ballots, with the only verification being the same machine (again) showing you an ephemeral copy of the ballot. It’s simple enough to design a better system:
I realize the preceding is somewhat off-topic, and far too long, but the system will work, and it’s a very simple design, so it’s really annoying to keep reading “improved” designs that try to fix what should be replaced.
Jeremy D. Young • December 24, 2008 10:01 AM
On voting machines being a political issue, have you ever seen a politician not make something they control a political issue?
The two major parties re-draw districts to make them more solidly one party or the other so that the votes aren’t close. They basically work to establish each district as one way or the other. Why wouldn’t they want to work deals to jimmy the votes in those districts to not vary from the intended outcomes?? They just get mad at each other when the other party steals votes in a non-prearranged way.
Any time you have a concentration of power without the ability for the citizens to audit and review the complete process, you have corruption. If not at the start then at least eventually.
Christopher Browne • December 24, 2008 10:08 AM
An important difference between voting machines and slot machines is in the parameterization of the inputs and the results.
With a voting machine, the inputs are variable, as the set of candidates and propositional votes vary from jurisdiction to jurisdiction. In contrast, the inputs and outputs of slot machines are almost totally fungible with minimal ability to modify behaviour.
It doesn’t necessarily invalidate the idea of comparing security between these systems, but there will legitimately be differences in their behaviours and analyses.
Thunderlobster • December 24, 2008 10:36 AM
@A nonny bunny
Your argument that you can make the game “fair” by flipping a coin to decide whether to play or not is troublesome. Consider the case where a mugger is waiting in an alley to slug you and take your wallet. If you flip a coin to decide whether to go down the alley, does that make the mugging “fair?”
joe • December 24, 2008 10:38 AM
Great points. I’m actually studying this stuff in my postdoc… BTW, that graphic is from 2006.
Carlo Graziani • December 24, 2008 11:01 AM
“Slot machines involve money. Electronic voting machines involve something much more abstract.”
To me, this is the key differentiating point. The problem is that votes are worthless to the people administering the election.
If state legislatures were to ascribe a dollar value — say $100 — to each vote, mandate an independent audit of each election, and penalize their state election board’s budget by the aggregate dollar amount of the lost/miscounted votes, I bet elections and voting machines would get a lot more accurate.
Anonymous • December 24, 2008 11:30 AM
@A Nonny Bunny
Did you read the article pointed to? It said there was ZERO chance to win in certain situations. The machine was rigged to beat you no matter what you did, as it was programmed to do. There was nothing pseudo-random about it. If you would, explain how that is gambling.
NeoDevin • December 24, 2008 11:34 AM
How about just making the voting machines open source? Have the source code that is to be actually used in the machines available to be scrutinized by the public well in advance of the election?
Peter • December 24, 2008 11:34 AM
@Frank Ch. Eigle:”My impression is that gambling computer software/hardware design is in fact intensely regulated by various governments (Nevada).”
It was an analogy, in a casino it is the casino that benefits on messing about with the machines and regulated by the government. In an election it is the current political party in government that can benefit from machine rigging and is regulated by the electoral commission (apparently).
Petréa Mitchell • December 24, 2008 11:37 AM
Another important one: Slot machines were invented to perform entirely new tasks (new types of games); electronic voting machines are simply replacing another sort of equipment for the same task, and so just get treated the same as the old ones even though the vulnerabilities are not always identical. (Sometimes they are– lever voting machines have long been acknowledged to be randomly broken and unreliable, and yet New York state has used nothing else for a long time.)
Not that the existing procedures were necessarily airtight for the old equipment, either. Read Election Administration Reports for a while if you want to get worried about every form of voting used in the US.
Cos • December 24, 2008 12:05 PM
And the most important difference of all: Voting machines are supposed to give us a verifiably accurate count that is objectively correct, but their audit trail, if any, must be anonymous. Slot machines do not have anything like voting’s requirement for a secret ballot. We must know how many votes were cast and what was on each one, but we must not be able to reconstruct who cast which vote.
Cos • December 24, 2008 12:10 PM
@Mark R
@Andrew
Actually, yes, it is theater. If a computer voting machine spits out a paper tape and not all voters see it, and the paper tape is used only for auditing, there is no reason whatsoever to trust the paper tape any more than the voting machine’s electronic count. Any bug in the machine that produces incorrect totals, could just as easily produce incorrect printouts.
The key to paper ballots is that:
1. The voter him/herself marks or examines the paper ballot and casts it
2. The paper ballot itself is what is counted
If you don’t have that, “paper trails” are at least part theater.
Note: Optical scanners satisfy the above conditions. You can trust that the pile of ballots you have is legitimate for recount, if you mistrust the machine’s count. They’re real ballots. Having a ballot marking machine that produces ballots that a separate optical scanner then reads, also satisfied these conditions, as long as the voter gets to take the ballot from the marking machine to the optical scanner.
actor • December 24, 2008 12:51 PM
“For some reason I can’t fathom, electronic voting machine accuracy is seen as a political issue.”
@Bruce
There’s a partial explanation for this. But it’s easily overlooked–unless you remember some of the history of the activist campaign. There’s path dependence in the political process.
Setting aside early advocacy by Rebecca Mercuri and a very few others, much of the first grassroots activism arose from the Seattle area. CS people in Redmond not only easily grasped the issue, but moreover were socially acquainted with Boeing engineers grounded in a culture of risk-analysis for critical systems.
When those early grassroots activists approached their political representatives, the representatives they approached –and began to convince– were Democrats.
As the issue gained momentum, the Republicans reflexively opposed a “Democratic” movement.
A path dependent outcome.
Indepenent-Minded Correct-Thinker • December 24, 2008 12:58 PM
If you use a slot machine and lose your money,
it doesn’t really violate your expectations.
Everyone around you is using the same
machines, and they’re mostly losing too.
Winning is an aberration.
That also describes using voting machines, too.
I expect lose money every time.
ApplesNOranges • December 24, 2008 1:14 PM
@gary: The Washington Post graphic was about computerized gambling machines in Nevada, USA. The crooked machine described in the article linked by your comment appears to be British.
So, this could be understood as an example of what happens when the regulatory regime is inadequate.
Anonymous • December 24, 2008 1:14 PM
Former Slot machine designer here, slot machines aren’t that secure. Despite all of the measures in place, if a rotten egg developer wants to make a machine payout, they can. It happens more often than is generally assumed, but the scope is limited as the idiot draws attention to themselves my suspiciously winning large amounts of money. The other layers of security, auditing payouts ratios, casino’s pooling of information together about suspicious players works pretty well at catching all kinds of chicanery.
And that’s what is different between the two. When you have rivals that have a vested intrerest in their collective security working together, you’ll have better security.
Anon for annon’s sake.
Dwayne • December 24, 2008 1:18 PM
@Gary
@Nonny Bunny
@Anonymous
In regards to the emulator game not being fair, I think there is a misconception going on here. It is quite likely that the game has randomly (using a pseudo RNG that obviously starts with the same seed value in this case) determined what the win amount would be. This is random (or pseudo, you get the idea) and fair. The fact that no matter what you do within that particular game state changes the payout is irrelevant; it’s still random, it’s just giving you the illusion of choice.
To couch this in another way, think of a game where you pick a token to reveal a win amount below the token. One way to implement this is to decide how much the player will win, then place that amount under whatever token they choose. This is still random, but it’s giving the player the illusion of choice, which adds to the excitement and involvement in the game.
Cos • December 24, 2008 1:27 PM
@actor
“much of the first grassroots activism arose from the Seattle area.”
I strongly dispute that. But perhaps you live near Seattle, so that’s what you saw? I’m not sure.
Activism on voting machine issues became a nationwide thing rather suddenly, in response to the 2000 Florida recount and then, within a couple of years, HAVA and the sudden proliferation of touchscreen voting as a result of HAVA. It was in those two years that this activism suddenly blossomed throughout the country.
You are right that a lot of it started with groups that were lefty / liberal / progressive / Green / Democrat. That had nothing to do with Seattle, Microsoft, or Boeing.
actor • December 24, 2008 1:44 PM
“I strongly dispute that. But perhaps you live near Seattle, so that’s what you saw? I’m not sure….
“Activism on voting machine issues became a nationwide thing rather suddenly….”
@Cos
Then tell me your story…. about the early days when you first brought the issue to people’s attention, and they’d never before thought about it quite like that. Perhaps they looked at you like some kind of weirdo…. But, fortunately, people with strong technical backgrounds tolerated weirdos and would try to listen to what you had to say. The politicians were harder.
Tell me your story. I’d like to hear it. So tell me your story.
HJohn • December 24, 2008 1:49 PM
@Cos: “You are right that a lot of it started with groups that were lefty / liberal / progressive / Green / Democrat. That had nothing to do with Seattle, Microsoft, or Boeing.”
I think you’re right. Had the razor thin Florida count went just as thinly the other way, righty groups may have done the same thing (or they may have blamed it on faulty registration, or something else in the process).
A parrallel: I saw a boxing match a few years ago, and after the final bell one of the fighters and his manager were celebrating and hugging. He had his hands raised with a big smile, then the announcer declared the other fighter the winner. The losing fighter was furious, sure he lost because of poor scorekeepers and not because the other guy may have landed more punches. The winning fighter thought the score was fine.
I have a close friend who works for Ceasars in customer service. He deals with a lot of people who thinks the machines are rigged or broken. I bet he’ll never have someone come in after hitting a jackpot and say “man, i think somethings wrong with your machine, I am sure I lost.”
Moral of the story: it shouldn’t suprise any of us that those who lose are the ones most likely to think the process needs to change.
So, ideally some things shouldn’t be political. Realistically, it’s not hard to see why they are, as wrong as it is.
Matt Ginzton • December 24, 2008 7:10 PM
The real difference is that with slot machines, everyone expects anyone who’s able to cheat to do so, so there’s an obvious need for counter-cheating measures and accountability.
With voting machines, nobody can come out and say that they expect cheating, so there’s basically a mass delusion that security isn’t so important because hey what are you really defending against anyway. Who would try to steal an election? And if you try to answer that you risk sounding like a crackpot, paranoid or conspiracy theorist.
WarLord • December 24, 2008 10:40 PM
Greetings
Do any of you actualy KNOW anything about slot machines or do you just like to whine about gambling?
Smart people here? Not so much.
But the point that an electronic device with a specific designed payout can be made secure from hacking and on site tampering because somebody spent time and money to prevent fraud and attacks in design and operation is very much relevant
papa zita • December 25, 2008 10:18 AM
I’m certainly not whining about slot machines (or fruit machines in GB). That pejorative is petty and gratuitous. Every part of any slot game can be made to have a statistical chance to win (even if it is 10,000,000 – 1 or any other vanishingly small amount) and keep the payout at whatever percentage the house requires. I certainly hope that’s what they do in Nevada (nobody here seems to have found out what the laws are in that regard). When you have a chance that is zero at any handle pull, that is cheating, just like the pea under the shell game. Aggregating payouts for all the machines shouldn’t be allowed exactly for that reason – it would be easy (and perhaps even necessary) to have a machine that had a payout of zero, and since most gamblers are transient (and the machines can be easily moved), it would be a clever way of cheating some customers. When you choose to gamble and it is government-sanctioned, there are laws against cheating, enforcement, and (I hope) review by agencies of the machines used. I would expect nothing less. Casinos are certainly profitable enough to stand the cost of auditing. Tag a few machines, have them brought in for analysis. It would be easy to find if machines are paying out too much or too little. No machine should be allowed to be set to zero payout, which is the responsibility of the manufacturers. If found to be possible, the manufacturer cannot sell machines in the state.
With touch-screen voting machines, it amazes me how little security is built into them, how their totals are so easily manipulated. If the person I voted for disappoints me, that’s one thing and can be rectified next time around, but if my vote is transferred to another candidate, that strikes at the heart of the state. There was no reason for these machines to be built in the first place, except fatuous ones. Speed need not be an issue if enough people are used to check votes. The scanning system appears better as there is a paper trail, but again it can be gamed because recounts are not allowed unless a vote total is close enough by law to merit such a recount.
Random recounts in random districts would take care of that, and if the machines aren’t in compliance statistically, a total recount then needs to be done (which can be done with verified machines or by hand).
BTW, I have only gambled a few times in my life when with friends who took me to casinos or racetracks for (what they considered) festive occasions. On my own I never gamble.
gw • December 25, 2008 11:02 AM
@Gary
The ‘monopoly’ game you refer to does not meet current Nevada regulations as I understand them, in particular the regulations for the PRNG. The regulations are available from:
Cos • December 25, 2008 1:53 PM
@actor
As I said, this movement blossomed spontaneously all over the country due to some major national events. I got interested in vote counting process around the same time millions of other people did, during the Florida recount.
In 2002, HAVA passed, and had the maybe-unintended side effect of bringing touchscreen voting to many many jurisdictions in a very short time, and it was in response to that that I became active in voting process reform, as did many many other activists – it was the sudden influx of new paperless machines in the wake of HAVA that did it, and this was happening all over the country.
A lot of leaders emerged in the grassroots movement around 2002/2003 in the wake of HAVA, some who had been concerned about these issues for a while, some who were new to it. A lot of them, and a lot of the local activist groups that worked with them, started independently of each other, all over the country.
One of the more prominent activists, Bev Harris, is indeed from the Seattle area. She started at about the same time as most of the rest, first getting involved in 2002 IIRC, and doing some real work by 2003. I don’t recall that she had any particular tech background before then – she learned the tech stuff as a result of getting into voting machine activism.
Other leaders and prominent activists emerging around the same time were elsewhere. Professor David Dill at Stanford (in the bay area), for example – and the organization founded around his work, Verified Voting, based in San Francisco. US Representative Rush Holt from New Jersey (one of the few scientists in Congress), who became concerned about paperless voting during the debate over HAVA in 2002, and was already introducing bills to evolve the law in the direction of paper by 2003.
FYI, I heard of Dill, Holt, and Verified Voting, and had actually worked with them, well before I was familiar with Bev Harris and Paul Lehto, the most promiment Seattle-area people I can think of in this movement. I also think their side of the movement has not been the most effective (though the amount of information Bev Harris has dug up is amazing, and has been very useful to others).
papa zita • December 25, 2008 3:52 PM
@gw
Thanks for the regulations. It appears that Regulation 14 addresses those machines. I’ll read the pdf when I have a few moments.
Richard • December 25, 2008 7:58 PM
What scared me today is that I went to an ATM and took out some money, then noticed the manufacturer’s name on the machine – our old friends at Diebold. I’m never using that bank’s ATMs again.
actor • December 25, 2008 9:06 PM
@Cos
Thanks very much for your story.
Incidentally, I want to correct one misperception: I didn’t mean to claim that prominent, contemporary movement leadership personalities ever emerged from crackpot, paranoid, conspiracy-theorist weirdos.
Bev Harris might possibly be an exception to that rule. Although afaik, she doesn’t have a technical background in CS, EE or Aerospace. And, of course, she came along quite some time after NIST SP 500-158 in August of 1988: “Accuracy, Integrity, and Security in Computerized Vote-Tallying”
http://www.nist.gov/itl/lab/specpubs/500-158.htm
Anyhow, though, thanks for your story.
John G • December 26, 2008 9:00 PM
I wrote a little article in early 2004 about why e-banking was not a good justification for e-voting. No doubt I got some of the ideas from Bruce S’s writings.
http://pages.ca.inter.net/~euclid1/e-voting%20SciTech.htm
I hadn’t thought of e-gambling machines. (I would think that some of the logic in favor of electronic slot machines can be transferred to online gambling devices.)
Slot machines are programmed so the house always wins, in that it profits from the activity – but the customer can win some of the time (a lot more of the take from slot machines goes to the customer than the take from state lotteries, in most places.)
That element of the programming has no place in election machines, of course.
tensor • December 27, 2008 12:51 PM
Another part of the reason is voter-suppression by one Party, against the constituents (real or supposed) of another Party. Here in the States, the Republican Party has a two-decade history of voter-suppression (until the 1960’s, the Democrats did this in the South). Also in the last twenty years, Republican candidates have won more small-turnout elections, and the Democrats have won more of the large-turnout elections (at least, that’s the overall perception). Hence, keeping turnout low has become the province of one Party; confusing vote schemes help to lower turnout.
Let them eat Hung Chads • December 28, 2008 10:36 PM
usually a political group/party tends to be more popular, and tends to win election to the bureaucracy that runs the district’s elections. therefore, another group that often loses elections will suspect hankypanky.
Fred P • December 29, 2008 9:50 AM
I’ll note that most slots aren’t incredibly accurate. Typically, the most accurate ones are the ones run by a state, where there are legal requirements for accuracy (an example: West Virginia Lottery Commission). A lot of white and grey market slots and slot features that try to break into the VLT market encounter this problem – they weren’t really designed to always be right to start with.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Peter • December 24, 2008 6:33 AM
Can add another one to the list… governments can get a lot of influence in the design and operation of the machines, for casinos that’s not going to happen as easily.
c.f. the last Scottish elections – the government at the time made a mess of the forms against specific advice and the election turned out to be a complete farse, and that’s not including votes getting lost at sea, or random thugs smashing up ballot boxes with golf clubs.
I’m guessing there’s more milage in allowing “security flaws” in voting machines.