[EM] Why We Shouldn't Count Votes with Machines
rob brown
rob at karmatics.com
Wed Aug 13 22:00:06 PDT 2008
On Wed, Aug 13, 2008 at 9:16 AM, Kathy Dopp <kathy.dopp at gmail.com> wrote:
> On Tue, Aug 12, 2008 at 11:28 PM, rob brown <rob at karmatics.com> wrote:
>
> >> How? Do we want an infinite loop of a voter running paper through a
> >> cheap printer trying to obtain an accurate ballot record and the
> >> machine refusing to print one while it switches a vote wrongly? Or do
> >> we want the voter to be able to cancel the ballot and let the poll
> >> workers know that he needs a paper ballot instead that he can mark
> >> himself?
> >
> > I'm fine with the latter. Actually that seems like a reasonable thing to
> > do.
>
> I agree, but that is not happening on all of todays' voting systems.
> Election officials seem to be hopelessly slow to grasp the problem or
> the solution.
>
> >
> >>
> >> If so, why not let the voters vote on a paper ballot to
> >> begin with?
> >>
> >> Any ideas?
> >
> > Cost?
>
> Wrong answer. Paper ballot optical scan systems are so much more
> economical than e-ballot systems that if you purchase all-new optical
> scan systems, the on-going cost savings totally pay for the initial
> purchase within four years and then begin saving taxpayers lots of
> monies. See http://electionmathematics.org and click on Voting
> Systems for links to cost comparison studies.
>
> >
> > But honestly, the big problem I have with paper ballots filled out by
> hand
> > is that they make the transition to a ranked system a lot harder, both in
> > terms of difficulty filling in the ballot and difficulty counting them.
> As
>
> That is a good argument against using any ranked ballot systems then
> since the integrity of e-ballot systems cannot be adequately ensured,
> given the secret ballot and the difficulty of implementing systems to
> detect and correct errors with a secret ballot.
Well here is where you and I differ. I think if electoral fraud in the US
were eliminated, it would be a good thing, but not dramatically change
things, any more than eliminating shoplifting would dramatically change our
economy. I do not believe that such fraud changes the outcome of a large
percentage of elections, and in those it does, it was pretty close anyway.
If plurality voting were replaced with a ranked system such as a condorcet
method, I beleive it WOULD dramatically change the entire dynamic of
politics, in a very, very good way, by nearly eliminating the polarized
nature of government due to partisanship. That is huge, comparitively.
So my priorities are different.
Giving up on fixing a huge problem because it makes it more difficult to fix
a much smaller problem is not something I can support.
(and btw, I believe this list is about reforming the voting methods, not so
much about fixing security problems.....so if you are willing to abandon all
attempts at reform because you don't think you can solve your particular
problem as easily on a reformed system, it seems unlikely to fly here)
Making the source code for the voting programs open source does not
> make all the myriad of other programs, drivers, OS, etc on the voting
> system open source - that could be used to rig the vote. Also of
> course election officials do not have the resources to verify software
> and it would take years to set up systems to verify the software on
> voting systems *and* require trusted technicians to do so.
>
The whole system top to bottom should be open source. This is not
particularly hard....plenty of people run "pure" boxes, on commodity
hardware. The obvious choice for OS would probably be Linux, with freeBSD
being another option.
The whole point of open source is that if the "officials" don't verify it
satisfactorily, someone will. A security researcher could make themselves
famous for discovering something malicious in voting software.
The only thing that is immune to checking would be the compiler itself,
since the compiler needs a compiler to compile itself....but someone would
have had to have done something evil (and very, very brilliant) a long time
ago to pull that off....good for a sci fi novel anyway, but not so much in
the real world.
Well, perhaps 5% of voters would *see* the error (because no fraudster
> is stupid enough to switch *all* target votes available), but most
> might think they made a mistake on the first try.
>
Then it is a UI problem.
> > especially if you simply leave it on screen when you print the paper
> copy.
>
> Huh? Try doing that yourself. I do not know if the summary *screen*
> version of the ballot appears at the same time as you get a chance to
> check the paper version of the ballot. I don't think that is
> necessarily an option you would have.
>
What is so hard about that? The point is, if the UI is designed reasonably
well, a large percentage of voters will *know* if the machine is cheating.
> > And they are going to talk about it. And the next year, people will be a
> > lot more likely to notice.
>
> If you followed the voting news nationwide like I do, you would know
> that people have been talking about it a lot since the November 2004
> presidential election, in particular there was lots of vote switching
> reported in Ohio.
Yes but this is different. This is like going to the store, and having one
thing on the cash register and another on the credit card receipt. A store
might get away with that for a day or two, but people will catch on quickly,
and suddenly word will get out that the store is cheating people, and a
larger percentage of people will check, etc. Most likely though, the store
will know they will be out of business soon if they try this on anything
more than the tiniest of scales, and just not try it.
Completely different from what may have happend in florida or ohio, where
people might suspect something is up, but it isn't blatant and it is hard to
know.
Anyone could easily switch out any open source or not program that is
> compiled into machine language during some routine maintenance and no
> one would know the difference. Do you really think that election
> administrators are going to have the funds and that VVV's are going to
> cooperate to put together a list of all compilers, switches, hardware
> and firmware versions for every piece of software on their machines so
> that the versions can be checked after the elections?
It isn't that hard, if designed to be done this way.
In Utah, the
> VVV shipped us atleast three different versions of the voting system
> software alone, and who knows how many unique versions of hardware,
> firmware, drivers, and hardware. If you believe that these VVs are
> standardized, you are quite mistaken.
>
Then it is a design problem.
> And which technicians and programmers do you want the public to
> *trust* to ensure that all the software on the VV is doing what it
> should?
>
Fact is, you've gotta trust someone, whether it is hand counted, optical
read, or whatever. This is not a new problem.
> > Most likely though, no one is able to hide such devious stuff in code
> > visible to security researchers.
>
> Yes. Of course with all of today's VV's you can simply take 30 secs to
> 1 min to use any of the easily accessible back doors to simply change
> the vote counts on the central tabulators, without even installing any
> malicious software on them at all.
Then that is a design problem.
> OK. You don't believe the research. Any particular reason you are so
> certain that more than 30% of voters bother to check their paper
> ballot record? Any particular reason you think that all the research
> that shows that deliberately introduced errors in the ballots during
> tests are only discovered by 30% of those who *try* to find the
> errors?
>
> I.e. I think you had better come up with some facts to show why you
> believe that all the research is wrong that shows that fewer than 10%
> of voters are accurately proofing their machine printed ballot
> records, not just say you don't believe the research which sounds very
> plausible to me and no one has claimed is wrong up until yourself now.
> Not even the VVV's or the DRE supporters have attacked this research
> to my knowledge.
>
I don't discount that most people don't check the results. I do think its
absurd that someone could change a significant number of votes this way
without drawing intense attention from the few that notice, and after than a
lot more people will notice. This is emergent phenomena, that is hard for a
simple study to directly measure.
It is like any other security issue, that if people don't think it is a
problem they are less likely to be vigilant. If you live in a town with
little burglary, you may not lock your doors. If burglary starts to be a
problem, people lock their doors, install alarms, buy firearms, etc.
Is it possible that most people today don't check this stuff carefully
because they think it is not a huge problem, and that enough other people
will be monitoring the system.....and they just might be right? I'm sure
you are the type that carefully balances your checkbook to make sure the
bank isn't cheating you. I don't. I assume there are lots of other people
making sure that banks don't regularly steal people's money, and
statistically, it's not worth my time to monitor it so closely.
Same thing here. By your logic, banks could steal 60% of peoples money
because only 40% of people balance their checkbooks. But that is crazy.
>> The voter would either think that he must have made a mistake on the
> >> first try, or complain about his vote being switched.
> >
> > Yes, and a lot of people complaining would draw more attention to it, and
> > more people would start checking. If it happened on a large scale, the
> > problem would be tracked down, and the programmer would be put away for
> a
> > long time.
>
> And *how* pray tell, would that programmer be *tracked down*? Magic?
> Voodoo?
>
Or....a basic source code control system?
> So what are YOU suggesting be done if many voters notice that their
> votes have been switched by DREs during an election? REDO THE ELECTION
> and hope it doesn't happen again during the second election since no
> manual audit can recover the accurate vote counts?
>
I don't think it would get to that point, at least not on a large scale, for
reasons I have pointed out.
I'm sorry but I don't have any time to continue this today. Maybe tomorrow.
>
Likewise, I'm out of time for this. I think I've said my piece.
-rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.electorama.com/pipermail/election-methods-electorama.com/attachments/20080813/43947ff2/attachment.htm>
More information about the Election-Methods
mailing list