Comments

Ken in NH May 6, 2016 2:51 PM

And yet no one has produced evidence that the machines are inaccurate or fraudulent. Is it for lack of looking? Maybe today there is little outside analysis, but it seemed that there was plenty of scrutiny in first few cycles (2002 and 2004) in which electronic ballots were first used.

As someone who served as an election judge in Texas during those cycles (as well as before and after); my perception is that the machines did not enable fraud any more than the previous method we used, the infamous punch card. In the end, the real trust is in the people running the elections. If they are corrupt, then no system is safe. As for whether the fraud is undetectable with electronic ballot, as an election judge, I had no insight into the results from my precinct until the ballots had been delivered and counted. With the Diebold machines, I was able and encouraged to print a report of the totals at the end of each voting day for my personal records. With the punch cards, someone at the county office could have swapped my sealed ballot container with another (making sure the fraudulent ballot count matched the number of people on my rolls who voted) and I would have no way of detecting that.

Of course, I think we could and can do better. I would prefer that the software on the ballot machines is open source and that I could compare a hash of the installed software with the known good hash.

Tim May 6, 2016 3:15 PM

@Ken – If I leave my house unlocked when I go to work, and I don’t notice anything missing when I get back, does that mean my house is secure and the locks unnecessary? Clearly not. Just because you (or anyone else) have not shown a particular election to be fraudulent, does not mean that the system is secure. It just means nobody’s tampered with it and been caught.

Andrew G. May 6, 2016 3:16 PM

@Ken, It’s good to know there are knowledgeable and responsible people overseeing election processes. I agree we can do better.

I think we, the voters, have a right to insist on solid evidence that a given policy or procedure does more good than harm. If Diebold and the election officials cannot prove that electronic voting machines are more fraud-resistant than punch cards, I will demand punch cards instead of new machines. If the NSA cannot prove that dragnet surveillance catches terrorists and does not harm innocent people, I will demand freedom instead of surveillance.

I’m not satisfied with a claim that a new rule or technology is “no worse than what we had.” Unless it is actually better, it’s a waste of time and money. When something is really a good idea and a step forward, it’s usually easy to prove that is the case.

JimFive May 6, 2016 3:30 PM

@Ken,
How did you determine that the report you printed actually represented to cast votes. As I understand it the Diebold machines don’t print an individual receipt so there is no way to validate the count the machine gives.

I don’t know about the punch cards, but here we use scantron and each ballot has a serial number so the serial numbers in the machine should match the serial numbers in the box.

Antinonymous May 6, 2016 3:45 PM

We can generate individual pseudorandom numbers for lottery contestants, what’s stopping a separate, unconnected system in curtained booth #1 from generating a random number, printing it on a punchcard, and providing it to the individual … who then proceeds to the separate voting machine booth, punches some electronically-recorded holes onto the card, which is then scanned (printing a second hardcopy for record-keeping) … who then goes back home with their original card and later verifies it when all those individually-assigned pseudorandom numbers are posted online/in the newspaper for the voting district/et cetera with vote counts..?

I mean, seriously, this is not a hard problem to solve with individual and government oversight … right?

MrC May 6, 2016 3:47 PM

I think I recall hearing about a demonstration of a Diebold machine in which the demo machine somehow output a negative number of Gore votes.

I think I also recall a hack-and-dump of Diebold’s e-mails, which lent strong (but not quite “smoking gun” strong) support to the theory that their machines were rigged.

ianf May 6, 2016 4:11 PM

@ Tim, IF you “leave your house unlocked when you go to work, and do not notice anything missing when you get back,” THEN you need to check the garage, as per this detailed previous case-study.

No garage? Well, then you just confirmed that nothing went walkabout while you were gone..

Clive Robinson May 6, 2016 5:58 PM

There is one way of checking the machines to see if there is a risk they have been tamperd with or are at fault.

Have equal numbers of electronic machines and traditional system (paper ballot / punch card etc). As voters come in alternatly send them to the electronic or traditiona vote system.

When voting is finished, within a very small margin the votes cast for each candidate should be the same on both systems (unless law of small numbers applies to some candidates). If not then there is something odd about the vote.

Evan Þ May 6, 2016 6:53 PM

@Antinonymous, that enables a different sort of vote fraud. If we let you provably verify after the fact what your vote was counted as, then bosses, abusive relatives, or mass-market vote purchasers can verify that you voted in accordance with their instructions. We need a verification method that doesn’t link any ID number to votes after the fact.

albert May 6, 2016 7:05 PM

Exit polls have been shown to be very accurate. When they deviate from the elections results, then it’s time to investigate.

Didn’t Diebold divest its voting machine division in ’07, because it “was giving them trouble”? Didn’t researchers from several universities look at the code in Diebold machines, and found swiss cheese instead.

@Clive,
Why use 2 systems? Paper ballots have worked fine for years. Computerized systems are -never- going to be secure. Besides, elections can be fixed by many other means that don’t even involve the process itself.

The promoters of computerized voting are the oligarchs who want simpler control of the process; making money from the voting machine business is a perk. It’s a win-win. Remember Dubya, Jeb and the Diebold CEO, Dell? Cash-strapped states shouldn’t have to spend millions on things they don’t need, like voting machines.

@Ken,
I believe most election judges and workers are basically honest folks. In the past, with paper ballots, election tallies matched the exit polls quite closely. With the machines, you just don’t know what’s going on inside, and they are so easy to game.

@Antinonymous,
You’re suggesting putting the onus on the -voter- to check the system? Folks are disgusted with the way things are already. How ironic. The gov’t is going to tell folks to double check their votes, because it can’t control itself enough to have fair elections.

@MrC,
See http://freepress.org/columns/display/3/2004/834

@Anyone,
Finally, inasmuch as we only have a choice between Tweedledum and Tweededim, it’s all kinda pointless anyway. We’ll elect 535 Congress-critters and countless state and local officials who will sit on their hands and try to get rich.

wumpus May 6, 2016 7:22 PM

The day after the 2000 election, a handful of engineers wound up discussing the problem (before it was called and of different parties, so the idea was to get an accurate count and not make sure Dubya lost).

It didn’t take long to conclude that the ideal voting machine printed a ballot that was both machine and human readable.

By 2004 (or maybe 2008) Maryland was using Diebold voting systems. I can’t say that any of the elections were terribly unexpected (although it is possible that the Democratic establishment lost the Governor’s mansion by fixing the primary for Brown). In 2016, we finally appear to be using a system based on such obvious principles of requiring both machine and human readability.

Nick P May 6, 2016 8:17 PM

@ albert

Bruce Schneier has an excellent, short article on voting security that you should read. Shows clearly why a system with digital and paper aspects is advantageous for [especially U.S.] elections.

Earl Killian May 6, 2016 10:32 PM

I personally do not trust electronic voting machines. This is what it would take for me to feel comfortable with the technology.

  • Ballots should be readable and writable by both people and machines. Voting machines that create ballots for people are acceptable, so long as the the result is readable by the voter. Making ballots directly writable by people (e.g. with a pen or stamp) ensures that voting does not stop in the event of machine failures (including power failures).
  • Ballots must be tallied securely. The ballots should be read immediately at the polling place by a machine by a first manufacturer (and not the machine that printed the ballot, if any), and the result transmitted to the central tally site. Any error reading the ballot at this stage would allow the voter to recast her ballot (this would catch both voter mistakes and ballot readability issues).
  • The ballot should then be physically transported to a secure repository and read by a machine by a second manufacturer. This tally should be compared to the first. The agreement of these tallies would certify the election.
  • No modification of the tallying machines would be allowed after the ballot choices are specified.
  • All equipment used in the process would have to be completely transparent (circuit diagrams and software listings publicly posted), and the testing and certification of the machines involved should be both performed and funded independently from the manufacturers of the machines.

Lazarus May 6, 2016 11:01 PM

@Ken “And yet no one has produced evidence that the machines are inaccurate or fraudulent.”. Well, errr, yet many sources have proven that the machines can be easily tampered with. Try googling “diebold hacking”. Of course with an actual vote we are not supposed to know what the result is supposed to be. So anything that these infallible machines tell us must be the correct answer, right? With no way to verify.. Just read the Dilbert strip again. It describes the situation accurately.

Wael May 6, 2016 11:02 PM

@Earl Killian,

This is what it would take for me to feel comfortable with the technology.

In addition to what you listed, the only way I would trust voting machines is if the machine displayed the vote results real time, one at a time. I don’t care if others know who I vote for. What’s the big deal? Some will vote for the lesser of two evils and others will vote for the other idiot.

I also want to be able to verify the initial state. Who knows, maybe the idiot was given a head vote start…

Wael May 6, 2016 11:24 PM

But if I were Dilbert, I would respond as follows:

Voting? Why vote? People are random with different motives and intelligence levels… Might as well have the machine generate a random winner! Better yet, let the candidates play Rock, Paper, Scissors. I mean, I heard the guy and read his lips, but lo and behold, he still increased taxes! What gives? At the end of the day it’s all random anyways. The only constant is the face!

Anura May 7, 2016 1:24 AM

@Wael

There’s a very good argument for using sortition to elect your representatives. Or, at the very least, your lower house. They would be a lot more representative of the population, would not have to care about things like reelection, and they would not be beholden to any campaign donors. Of course, then you have the question of who gives these randomly chosen people the bills to introduce.

Drone May 7, 2016 2:43 AM

@Evan Þ, Your concern is invalid. There is no way for a voter to prove a verification ID is in-fact associated with that voter. This renders the verification ID useless as proof to a vote buyer how a particular voter voted.

Wael May 7, 2016 3:20 AM

@Anura,

There’s a very good argument for using sortition to elect your representatives.

Definitely! I’m saying practice isn’t aligned with the theory.

Of course, then you have the question of who gives these randomly chosen people the bills to introduce.

True! Do we get to vote that banning encryption or adding backdoors and eroding privacy (that we used to have, RIP) isn’t a good idea?

albert May 7, 2016 10:49 AM

@Nick P,
Thanks. It -is- a good article, but I wasn’t reading Bruces blog back then!

@All,
I will restate my point in a different manner:

You can’t fix technology with more technology!</b)

How many examples does anyone need?
How many examples have been discussed here?

Computerized devices are insecure by design. So any system that relies on computers is going to be hackable. Printed receipts will -always- parrot your input. It’s the -output- that gets hacked. Of course, they’ll be networked (with Windows systems).

Do a little research on exit polls. Of course paper ballot systems are subject to fraud, but the referees are spread over thousands of people across the country, as opposed to a few in central locations.

As long as computers are in control, -no- election can be certified.
. .. . .. — ….

albert May 7, 2016 11:15 AM

Sorry, I mistyped the /b

Only the first line should be bold type.

Honest!

It’s 2016, and we’re still typing raw html….

. .. . .. — ….

Tatütata May 7, 2016 12:03 PM

I don’t understand why some want voting machines in the first place.

Technological fad?

The resources summoned for an election in a large country may look large, but they should scale well in a hierarchical system, something like N log N personnel, where N is the number of voters. A basic poll unit will require so many staff to handle a few hundred citizens, but tallying the results requires less and less people as you go up the pyramid leading to the national returning officer.

The exception might be for US style elections where a great number of public offices ranging from the county’s deputy dog catcher to POTUS are often decided decided during the same ballot, together with some propositions.

This problem isn’t technical, but rather political. How can you decently debate of the orientation the country should take in that cacophony? How can the voter not feel alienated, or feel that his choices are limited to the candidate’s hairdo, or throw-the-rascal-out, or anybody-but-X?

Anura May 7, 2016 12:34 PM

@Tatütata

I can think of three good reasons.

1) Accessibility for the blind
2) Fewer spoiled ballots
3) Faster Counting

FWIW, most ballots are machine counted anyway.

Bill W. May 7, 2016 1:46 PM

Yes, having a dual paper and computerized voting method would be safer. My state uses mark-sense paper ballots that are read into a scanner; the voter takes their ballot, goes to a booth and bubbles in their votes with a black ink pen, then gets to “verify” their vote was properly taken by watching the scanner’s number increment. Then they have to trust that some hidden algorithm didn’t filter their votes afterwards.

However, the voter doesn’t get a back-up copy of their paper voting ballot. Which I think would go a long way toward ensuring no after-the-fact shenanigans. Masses of voters could assemble and conduct their own, ad hoc, vote recounts, to at least statistically verify their results jive with the official results. For example, if the official results from some precinct were for some candidate who would otherwise have little hope to win, a statistical sampling of voter’s ballots from that district could serve to verify whether further investigation was needed. Yes, the local counties do hold the paper ballots as a back-up counting method, in case of a required recount; but there’s little verification method in place to ensure the county officials aren’t in on some scheme to bias the vote.

I also like the way some countries do voting with paper ballots and physical, locked ballot boxes, with ink marks on voter’s fingers to preclude double-voting. However, it’s during the post-vote counting process where things can get squirrelly with these kinds of systems. Physical security of the ballot boxes becomes tantamount to ensuring the security of a one-time-pad key.

albert May 7, 2016 3:26 PM

@Wael,

🙂

That Bridges dude is funny, and dead on. Too bad he identified himself. Judging from some of the comments, the neural-connection impaired might have thought he was Dubya himself.

And it’s EIEIO. No lower case in Morse. This is my last warning!

anon May 7, 2016 4:02 PM

And some election official in the Carolina’s ? or Virgina just ran the data from the voting machines thru his home server.

Never prosecuted as i recall…

There is a VERY detailed site on voting machine mayhem out there.

http://bradblog.com/

albert May 8, 2016 12:32 PM

@Wael,
So young, too. I like the Clinton/Bush bit at the end 🙂

I wish I had the time to concoct a conspiracy theory about Bridges death, as an exercise, of course. I’d call it a ‘study’, and clothe it in academic accoutrements.

. .. . .. — ….

Wael May 8, 2016 12:57 PM

@albert,

I wish I had the time to concoct a conspiracy theory about Bridges death,

No need to concoct anything. They already exist. His Obama impersonations are amazing, too!

Wesley Parish May 9, 2016 3:25 AM

This is one situation where access to the source code does go a reasonable way to reassuring the voter.
h ttp://www.wired.com/2003/11/aussies-do-it-right-e-voting/
htt p://www.elections.act.gov.au/elections_and_voting/electronic_voting_and_counting

It’s also a situation where one expects the experts who verify the source code to be honest:

In addition to the public review, the commission hired an independent verification and validation company to audit the code, “specifically to prevent us, as a developer, from having any election-subverting code in there,” Quinn said.

This FWIW could also be a valid constitutional point against allowing governments to put backdoors in system software – if the system used in the voting machine has a backdoor and anyone can get in if they try hard enough, sooner or later someone will try hard enough, and Eddie the Eagle will win Gold.

fajensen May 11, 2016 5:16 AM

It’s also a situation where one expects the experts who verify the source code to be honest:

Hmm, I am with Dilbert on this. As a developer, I would make sure to back-door that thing just for the shit & giggles to be had later. If the auditor found the hack(s), one can always claim: a bug, pre-processor screw-up, typo or even that we “salted” the code to verify the audit process, like we always do with the testers.

The auditors have better check every single bit installed on that voting device too – there is inspiration on http://underhanded-c.org/ – “The Underhanded C Contest” and a really good piece on hacking the CPU of a hard-disk to “fix” “/etc/password” to craft a login only when a magick IP-address is logged. Really neat stuff that, something the TLA’s would do, http://spritesmods.com/?art=hddhack

Besides the obvious problems, I think it is a problem to make the voting process so needlessly complicated that it cannot be understood by people like my mother. One kind of gets the suspicion that complexity is the cloaking device for later abuse – like Insurance Policies or Mobile Phone contracts.

After all, elections are only held once every 4 years or so.

Hardly worth automating. Even Switzerland, which have far more elections, need automation to manage the workload.

TJ August 15, 2016 3:32 PM

But there IS EVIDENCE! Exit polls are amazingly accurate and there are numerous cases where the final votes dont match the exit polls. There are also plenty of examples showing how fast and easy it is to “flip votes”. These examples have been done live on respectable News Shows and are available on line, of course. – Not to mention the “Stealing of Ohio” – Walden W. O’Dell, the chief executive of Diebold Inc. (VOTING MACHINES), composed a letter inviting 100 wealthy and politically inclined friends to a Republican Party fund-raiser, to be held at his home in a suburb of Columbus, Ohio. ”I am committed to helping Ohio deliver its electoral votes to the president next year,”— and so he did!

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.