Centerfield

Ryan, I absolutely agree with your general conclusion. Diebold shouldn't be trusted, and should comply with the disclosure requirements or pull out of the market. As you say, voting systems must be transparent. Paper records must be maintained and independent review of the source code is imperative--and if they don't wanna comply with the regs, then they shouldn't be allowed to play. Period. I'm happy to hear that the EFF is suing the NC Board of Elections to force compliance. I hope they at least manage an injunction to keep Diebold out of the state.

But by offering a false dichotomy and "forced choice" scenario you lost me at the first turn after that. Nice description of the Ohio conspiracy theory, though. And Diebold's argument for not complying in NC is laughably feeble--if I were on their contract review board their odds of winning the contract without complete compliance would be somewhat less than my odds of winning the lottery without buying a ticket. With full compliance their odds would improve to about PowerBall odds for a $1 ticket.

I concur. Transparent voting with a verifiable paper trail is an issue that we can all agree on. Great post, Ryan.

But the paper trail must absolutely not be in a form which can leave the polling place. Allowing removal of a paper proving how the voter voted would enable verifiable vote buying by candidates and interested parties. It's one thing to slip a guy $5 in the hopes he will vote the way you want, it's another to pay him only after the fact and he proves to you he voted the way you wanted.

I'm very strongly against internet and telephone voting, too. Imagine the group voting opportunities which will be offered by your friendly neighborhood church or union hall. All with helpful computer volunteers to "help" you by looking over your shoulder as you figure out the complicated computer ballot. For that matter, imagine your spouse being able to see whether you voted the way he wanted or not. For the long-term protection of our democracy, voting must be by mandated, enforced absolutely secret ballot.

Which is why there should be a black box (no pun intended) for the paper ballots. You vote onscreen, the machine gives you a receipt, you check the receipt to make sure everything's in order, you slide the receipt into the black box, and you're done. If there's some question about the machine, then the poll workers can count the receipts. Trust in computers, but keep your paper trail.

I am 100% behind a low tech verifiable system. In fact, for presidential elections I think we should have separate "kindergarten easy" paper ballots that are printed on site and in demand with verifiable time/date/location stamps. You check in, and a ballot is only made then. There's no such thing as an extra ballot.

Deibold would have a better position (albeit still a poor one) if its boss had not said, before the 2004 election, that he would "do anything necessary to assure a Republican victory." Talk about pouring gasoline on the fire of conspiracy theories.

I write this as a life-long Republican myself. After that kind of dumb (or excessively frank?) remark, Deibold must be held to the highest possible standard of openness on how it counts votes, and required to provide some kind of paper trail which allows for recounts.

I think the source code stuff is a bit of a waste of effort. All efforts should be on paper reciept that is deposited in a ballot box for backup. With that, Source code becomes irrelevant.

I am not a fan of mail or internet voting. Too much fraud possibilities. I really would rather see extension of voting over a week long period at polling places. Only the infirmed, or those who are really out of town should be allowed absentee voting. I would even add paid poll workers. It would have to be better then the 75 year old volunteer poll workers at my precient who take 5-10 minutes to find a name in the poll book because their vision is not good.

Could we expand the requirement of a paper trail to any form of audit trail. About a year or two ago, Scientific American ran an article about voting technology, and the preferred form of audit trail in that article was an audio recording.

You vote onscreen, the machine gives you a receipt, you check the receipt to make sure everything's in order, you slide the receipt into the black box, and you're done.

Assuming paper audit trail, why even have the ballot come out of the machine? Why not just have it roll up behind a glass screen for the voter to approve or reject and have the machine file it appropriately based on the voter's response?

I don't like dibold, however I'm not a big fan of paper either. Too much overhead cost and too much controversy. I don't think dibolds problems are nearly as bad as florida in 2000. Computer printers can mangle recipts, run out of ink, clogged nozzles and a number of other problems that are rare but significant when looking at printing a large number of ballots.

I would rather see another independant electronic verification system. The recorded vote gets stored locally in the system and also transmited to a remote server. The totals would be checked against each other to verify accuracy.

ATM machines and Debit card readers are everywhere and have an insignificant error rate compared to voting booths. I think something similar using a key card and pin given by the poll workers used to enable the machine, then collected and reused would work.

The machine source code should definatly be reviewed and approved prior to election day.

Bernie, that was my feeling about paper for a long time. Search for some of my postings over at Slashdot and you can see me make the same arguments, especially about the reliability of the printer and the possiblities for trouble if the paper jams, etc., etc. But I have become convinced that the most cynical on both sides will not have any faith in a system which does not have a paper trail component to it. So, I changed my mind.

A Source Code review is usefull if you question the compentacy of the product deployed and whether it has features that can be exploited. It doesn't neccesarly do squat for you, if you are worried about the company putting out the product intentionaly spiking the punch.

That's because it's not the source which will run on the actual machines tallying the vote.... it's the compiled binaries....and those don't even have to remotely resemble whatever the company submits for review as it source. Now, depending upon what the binaries are written in you may be able to find a decompiler to take those binaries and turn them into something that, with difficulty, you can read and compare against the source.... but that would take alot of man hours... and every single machine deployed would have to be checked.... at the very least with some sort of CRC check to make sure the binaries on it match what is supposed to be installed.

Furthermore, that only deals with exploits in the code used to record the votes. It doesn't address the data (i.e. the votes) collected by that code.... which has to be stored somewhere....and in theory, at least, is vulnerable to tampering with by other applications outside of the source code legitimately deployed on the machine.

In the real world you do this by controling access to the data..... usualy you are worried about Logical Access.... since the computers holding the data are sitting in a locked data center somewhere, with 24 hour security guards and video cameras all over the place. However, if you can't secure physical access to the machines holding the data...either because they are actualy at the polling places or because you don't trust the staff at the data center (i.e. Diebold) then you might as well take your ball and go home..... because anyone in the IT security field will tell you that anyone that has physical access to the hardware OWNS the hardware and anything stored on it.

As some-one that's worked in the IT field for over 15 years and deals with security issues on a daily basis, take it from me....there is still no substitute for paper if your worried about tampering.

I love your idea, BJ! That puts the responsiblity squarely on the voter to ensure that their vote was recorded correctly. Of course, I can just hear it: "My vote didn't match what I had actually pushed and when I told the attendent that was wearing the 'Jerry Falwell rocks!' t-shirt, she told me to go to hell!"

All jokes aside, it's new technology and needs to be watched closely. I don't buy the conspiracy theories simply because exit polling is not fool proof itself. I can tell you I voted anyway I want to tell you--perhaps even to mess your data up. And, yes, I'm sure I'm not the only evil person out there who would do something like that.

I do have to rise to the defense of poor old Florida again. There are many other states that had problems equal to, if not greater than, Florida. It just didn't matter because the vote wasn't close. Wasn't it Cook County, Illinois that tossed thousands and thousands of ballots? But, nobody cared because Illinois was a forgone conclusion. But, when you strip it down to the principle--those voters had every right to be as angry as any Florida voter who felt that their vote was discarded.

And, by the way, I was one of those Florida voters whose ballot was thrown out. I received a friendly letter from my local Supervisor of Elections a couple of months after the election that informed me that my absentee ballot had been tossed because the signature did not match the one on file for me. I haven't voted absentee since.

Very funny, Abel. :-p I like Scott's idea, but if we did that, we wouldn't be able to thwart the weird voter/odd pollster by showing the voter's fingerprints on the ballot. (No, the tech isn't there yet, but someday....*sigh*...)

Of course, there's nothing to stop people from telling exit pollsters that they voted for somebody when they didn't, though it seems rather pointless to me. ("Heh. I told that pollster lady that I voted for Kerry when I totally voted for Bush. Whatta burn!")

Glad you posted on this subject. I find it pretty scary how open to corruption evote is. It's the ultimate in the Bubble. Computer scientists and engineers simply weren't consulted in this. I'd much rather use a chad system, because I know 5% is the worst distortion my vote can see; there is no limit to fakery with evote without paper trails.

I did three posts on the subject: href=http://www.centristcoalition.com/blog/archives/000357.html:E-Vote Reform Proposals So Far Too Weak, http://www.centristcoalition.com/blog/archives/001122.html:More on E-vote - President chosen by a software bug? - or - May the Best Hacker Win!, and http://www.centristcoalition.com/blog/archives/001200.html>Don't Panic! When E-Vote Fails, Don't Blame, Think.

I think we absolutely need paper ballots, printed and verified by the voter, and put in a traditional ballot box. You can still do most of the counting by computer; just randomly choose 1% of the precincts (with DIFFERENT software), and hand-check them. Otherwise, you can't even keep the bug count down, much less the malicious hacking. That's ultimately the ONLY way to run a system with integrity.

Note that printing out a copy and giving it to the voter to verify isn't enough, because the voter will verify it, the computer can send out something completely different to the election server.

Open Source, CRC binary verification that a binary really comes from that source would also be big helps, and requirements/plans to run any election with corrupt software with good ol' paper.

I like the robot idea. Don't forget the zapper for people not tasteful enough to vote straight Democrat. Bwahahaha! :-)

Now, now, Jon; a rubber hose is just as effective and doesn't leave any marks. ;-)

Rubber hoses DO leave marks, if you don't use them right.

I'd ask how you know this, but I'm not sure I want to know the answer...

Thanks for the comments everyone. Tully, would you mind clarifying the false dichotomy I put in this post? I hate to being guilty of logical fallacies... although, I don't occassionally have a problem with being emotionally irrational. : )

Ryan, I can't speak for Tully, but I spot several options other than the 2 you list. The electronic voting system could simply be broken, rather than corrupt. As for the conspiracy theory (which I lean toward after having read the story), it assumes that the writers are rational and will not give in to conspiracy theories if there is a proper system in place. But there are hundreds of ways to rig elections, most far, far easier to do then tinkering with the voting machines. If we had perfect voting machines with print outs and everything, I think those authors would just find something elso to conspiracy-think about.

I'm no fan of Diebold, but the litany of "stolen election" is getting really tiring and is terribly counterproductive at this late date. I agree that we need more transparent, "provable" systems, for the reasons I've stated above, but that's not because I think even for a millisecond that there has been intentional manipulation of election returns by Diebold or anybody else.

I live in Oregon and we have mail-in on paper ballots that are scanned. We don't have a cazillion precincts which increases the opportunity for fraud and I think that's a big part of the problem. Ballots are mailed in or dropped off at box locations. They all go to one county location, a preliminary count test is done, then the count, then the results are sent to Salem. That's all. It works great, we had no reports of voting errors that I'm aware of and I've checked several times.

Registration fraud, we had some of that by Republicans. Easily resolved with numbered registrations and a registration receipt. If the numbered registrations were recorded to specific groups, then you'd know exactly who was responsible when problems came up. And a voter with a receipt could be given a provisional ballot.

We also do need the source code on any machines put into escrow, at the very least. You just can't have honest voting without it.

I'm okay with DRE voting as long as the paper is the ballot and the code goes into escrow. Otherwise we'll never know what is going on with these machines.