Ornery.org
  Front Page   |   About Ornery.org   |   World Watch   |   Guest Essays   |   Contact Us

The Ornery American Forum Post New Topic  Post A Reply
my profile login | register | search | faq | forum home

  next oldest topic   next newest topic
» The Ornery American Forum » General Comments » So, what do we think is happening here? (Page 1)

 - UBBFriend: Email this page to someone!   This topic comprises 2 pages: 1  2   
Author Topic: So, what do we think is happening here?
TomDavidson
Member
Member # 99

 - posted      Profile for TomDavidson   Email TomDavidson   Send New Private Message       Edit/Delete Post   Reply With Quote 
http://www.salon.com/tech/feature/2003/09/23/bev_harris/index.html
Posts: 22935 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
Justin Johnson
Member
Member # 1259

 - posted      Profile for Justin Johnson   Email Justin Johnson   Send New Private Message       Edit/Delete Post   Reply With Quote 
There's no shortage of companies offering weak or insecure software, knowing of its flaws, and pushing them anyway. I don't think there's anything sinister here, though the article (or at least, the summary I could read without subscribing) implies very lightly that the maker of the system wants an insecure system to allow his candidate of choice to win by fraud.

What I think is that Diebold's owner has friends in politics who pushed the adoption of electronic voting systems, and he has an 'in' to the process, so his software was selected despite being a poor candidate. Standard back-scratching in politics, and not something I'd limit to the GOP (like the article does).

Posts: 90 | Registered: Sep 2003  |  IP: Logged | Report this post to a Moderator
Gaoics79
Member
Member # 969

 - posted      Profile for Gaoics79   Email Gaoics79   Send New Private Message       Edit/Delete Post   Reply With Quote 
What a delightfully vague and utterly useless article.
Posts: 7629 | Registered: Mar 2003  |  IP: Logged | Report this post to a Moderator
Justin Johnson
Member
Member # 1259

 - posted      Profile for Justin Johnson   Email Justin Johnson   Send New Private Message       Edit/Delete Post   Reply With Quote 
Delightfully vague? I know exactly what's wrong with those Diebold systems now: they use .mdb files to store elections results, which have miserable security to start with; they don't make use of the security features it does have, like passwords; they're collating results on a machine connected to the Internet that is insecure (though they weren't clear on whether or not it's too open by design or by lack of attention).

There's more than enough detail in that article to make me stay away from Diebold systems, starting with the choice of Microsoft Access for a db. This is a case of company cobbling together any old thing that will work in the demo to get lucrative government contracts. And they know about it, and they're spending money to spin the problem rather than fix it.

Or do you feel comfortable voting on a system where anyone, from any computer in the office, or on the Internet, can untraceably rig the election?

[ September 23, 2003, 10:05 AM: Message edited by: Justin Johnson ]

Posts: 90 | Registered: Sep 2003  |  IP: Logged | Report this post to a Moderator
WmLambert
Member
Member # 604

 - posted      Profile for WmLambert   Email WmLambert   Send New Private Message       Edit/Delete Post   Reply With Quote 
The bible on Voter fraud is Votescam the 1992 book written by Kenneth Collier who died in 1996. In this web site, click on "Chapters" for the text of at least the first five chapters of the book. Amazing stuff. (Instances of 220 votes being cast in a precinct with only 190 registered voters, etc.)

Another topic is VNS (Voter News Service). They claim to adhere to the NCPP's standards. (National Council of Public Polls), The NCPP is run by another consortium of polling and news outlets (including the member media outlets in the VNS) There is no physical address for the NCPP. but it is run by Andrew Kohut, who also runs the Pew Trust.

There are several mentions in the Autobiography, Spycatcher, by Peter Wright who mentioned how the Soviet Union had infiltrated the voting system in Great Britain, and managed to elect their own mole as Prime Minister. If I remember right, he mentioned the control of votes in the U.S., as well.

Posts: 1372 | Registered: Dec 2001  |  IP: Logged | Report this post to a Moderator
TomDavidson
Member
Member # 99

 - posted      Profile for TomDavidson   Email TomDavidson   Send New Private Message       Edit/Delete Post   Reply With Quote 
How is the article vague? It not only gives a decent overview of one of the program's critical flaws -- its server is accessible over the Internet, and that server is stored in an completely insecure Access database -- but it provides links to more detailed summaries of other technical flaws, AND links to the official memos released in response to publication of these errors.

There's actually not much in the article that's vague or unsubstantiated at all.

I'm not much of a security guy, but even I know better than to store voting results in an Access database with the default (i.e. blank) admin password.

Posts: 22935 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
raingirl
Member
Member # 1160

 - posted      Profile for raingirl   Email raingirl   Send New Private Message       Edit/Delete Post   Reply With Quote 
For those who are debating the articles informative lack-
these articles are in their entirety

http://www.theregister.co.uk/content/6/31986.html

http://libertyandjusticeforall.ws/VoterFraud-TimesStory.htm

http://www.verifiedvoting.org/index.asp

[Roll Eyes]

[ September 23, 2003, 12:48 PM: Message edited by: raingirl ]

Posts: 263 | Registered: Jul 2003  |  IP: Logged | Report this post to a Moderator
Gaoics79
Member
Member # 969

 - posted      Profile for Gaoics79   Email Gaoics79   Send New Private Message       Edit/Delete Post   Reply With Quote 
I am not a member of the service, thus I am forced to rely on the summary you linked us to. For all I know, the full article is much more informative, but since I don't have access to it, I have to take the work as is and evaluate it appropriately.

I have a problem with an article that makes the highly inflammatory and controversial implication that the GOP is out to commit electoral fraud (or that someone is out to commit it on their behalf) but fails to provide solid evidence to support this claim. The article says that "its manufacturer is run by a die-hard GOP donor who vowed to deliver his state for Bush next year." When did he vow to do this? In what context did he make this vow? What were his exact words? When such basic and elementary information is missing from the article, my warning lights go off. I can tell when I am being manipulated, and I do NOT appreciate it. As for the rest of the article's points, they really don't go into any detail about the way in which the system is insecure, or even present any scenarios about how someone would go about penetrating such a system. As for the supposedly damning "internal memos in which employees seem to suggest that the vulnerabilities are no big deal", this is more editorial trickery; clearly the existence of these memos is only relevant if the thesis of the article is correct. But like I said, the article didn't really back up anything it said with specifics, so why should I believe Manjoo's words over those of the employees in the company? The article would have me believe that these memos somehow damn the company, but all they really do is expose the inadequecy of the author's work. Frankly, I'm more inclined to believe the internal memos than I am this article; at least the people who wrote them can claim to be experts on their own software, while Bev Harris is just some "writer" who claims to have been reasearching it. Where are her credentials, and why should I believe her?

Even if the article in its entirety is much more informative and well presented, I still have a problem with this summary. It looks like a full article and many, if not most people will not even realize that they are looking at an abbreviated text. My feeling is if you can't summarize something correctly in an abbreviated form, then you shouldn't have the abbreviated article in the first place. Or, at the very least, make it clear that the article is incomplete and have references within the text to additional information. (In footnote form, perhaps)

Posts: 7629 | Registered: Mar 2003  |  IP: Logged | Report this post to a Moderator
Justin Johnson
Member
Member # 1259

 - posted      Profile for Justin Johnson   Email Justin Johnson   Send New Private Message       Edit/Delete Post   Reply With Quote 
There is no support in the full article for the claim that the owner of Diebold, who pledged to deliver his state to the GOP, intends to commit electoral fraud on behalf of the GOP. That implication should have been left out; it undercuts the very serious charge in the interview (that's well-supported) that Diebold's system is fundamentally insecure and not at all tamper-proof, which is cause for concern as is.
Posts: 90 | Registered: Sep 2003  |  IP: Logged | Report this post to a Moderator
TomDavidson
Member
Member # 99

 - posted      Profile for TomDavidson   Email TomDavidson   Send New Private Message       Edit/Delete Post   Reply With Quote 
"I am not a member of the service, thus I am forced to rely on the summary you linked us to."

Well, no. There's also a "Day Pass" thing that subjects you to an annoying but harmless ad if you want to read the rest of the article. Consider doing that before calling the SUMMARY "vague" and "uninformative." [Smile]

And yes, I think the allegations of deliberate wrongdoing are a misstep. That said, I think we SHOULD pause to wonder why the company is deliberately and willfully refusing to correct their security flaws, and choosing instead to hide them. When they say a county is "famous" for using their bug as a backdoor to fix problems, what problems exactly can they mean?

Posts: 22935 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
Colin JM0397
Member
Member # 916

 - posted      Profile for Colin JM0397   Email Colin JM0397   Send New Private Message       Edit/Delete Post   Reply With Quote 
Admitting that I'm mostly ignorant to all the intricacies of all the voting equipment and such, why are so many people in love with the electronic thing-a-ma-bobs?

Yes, we're all moving to more automated and digital everything, but we know punch cards work - at least work as well as can be expected. We know they leave a trail of evidence to look at if the vote is in question, and we know that no electronic system is full proof.

I use the electronic machines in my precinct and hate them. I push a few buttons, push a big button to confirm, and then get a nice little "I voted today" sticker - YEA!

Where's my vote go? Where's the accountability? Where's the print out showing me what my choices were? In other words, I don't trust it one bit regardless of how secure/insecure the software package claims to be.
I have visions of a Simpson’s episode with the vote going to Moe’s tavern and a room full of monkeys banging on calculators to compute the results.

As for the article - I think JasonR filleted it nicely - 'nuff said.

Posts: 4738 | Registered: Mar 2003  |  IP: Logged | Report this post to a Moderator
TomDavidson
Member
Member # 99

 - posted      Profile for TomDavidson   Email TomDavidson   Send New Private Message       Edit/Delete Post   Reply With Quote 
JasonR didn't fillet the article.

JasonR didn't READ the article, which actually addresses each and every one of his points. Instead, he fillets the SUMMARY, which doesn't go into enough detail for him. [Smile]

There is a very prominent link to the actual article, which anyone here is capable of following if they're willing to put up with the ad. If you don't want to read the ad, don't feel as if you have to critique the teaser synopsis; we can live without your uninformed input. *grin*

Posts: 22935 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
raingirl
Member
Member # 1160

 - posted      Profile for raingirl   Email raingirl   Send New Private Message       Edit/Delete Post   Reply With Quote 
For those who are debating the articles informative lack-
these articles are in their entirety

http://www.theregister.co.uk/content/6/31986.html

http://libertyandjusticeforall.ws/VoterFraud-TimesStory.htm

http://www.verifiedvoting.org/index.asp

[Razz]

Posts: 263 | Registered: Jul 2003  |  IP: Logged | Report this post to a Moderator
Colin JM0397
Member
Member # 916

 - posted      Profile for Colin JM0397   Email Colin JM0397   Send New Private Message       Edit/Delete Post   Reply With Quote 
Yes, yes, but I refuse to join any of these damn sites that want to collect all my info, so all I read was the open source bit.

*rocking back & forth, stroking his AK-47* "they won't get it, they won't get it, they won't get it, Kmart sucks"

How's about a cut & paste for the full content, if you please?

Thanks

Posts: 4738 | Registered: Mar 2003  |  IP: Logged | Report this post to a Moderator
raingirl
Member
Member # 1160

 - posted      Profile for raingirl   Email raingirl   Send New Private Message       Edit/Delete Post   Reply With Quote 
MEOOOOOWWWWWWWWWWWWWWWW

*phist phist* [Eek!]

These three sites were posted for the simple reason they are related articles, fully readable without payment, and are based more on the scientific issues of the voting machines and the issues of software and security, and not the conspirist theory present before.....

I'm thinking we need some good prenatal vit's in here to help with those stress levels...

Posts: 263 | Registered: Jul 2003  |  IP: Logged | Report this post to a Moderator
Enumclaw
Member
Member # 876

 - posted      Profile for Enumclaw   Email Enumclaw   Send New Private Message       Edit/Delete Post   Reply With Quote 
Okay, a couple of things. On Usenet there's a pretty good newsgroup called comp.risks, and they've talked about voting machines off and on for some time.

The basics of it (if you ignore the hyperbolic, "this company is for Bush" kinds of statements) is that essentially anything that does not provide a nice, verifiable, physical piece of paper with a record of the vote case sucks.

And the best way to get that physical piece of paper is to have the VOTER mark it. Period. Whether you use a punch card, an optical scanner kind of deal, or actually have the voter write the name of the person they're voting for... SOMEHOW you need something that you can save and physically count.

What kills me about this whole thing is that the problem is simple- we don't want to spend the money that'd be required to deal with the physical paper votes.

This is, of course, utterly ridiculous. The ability to cast a vote, and the RIGHT to cast a vote, are important enough that we (the richest national economy on Earth) certainly ought to be willing to spend the money on it.

What should happen is very, very simple. The national standard for voting should be a ballot that the voter physically marks with a big black marker.

If you dork up the ballot, you can get another one. You can vote absentee. There should be a standard for how big the type is, the absentees shouldn't be opened or counted or dealt with until election day, and the ballots should be held for some time after the election.

Laws for recounts, challenges, and so forth should be simple and clear.

It's not tough. What amazes me is that there's any debate or discussion about the issue at all- this is the most basic building block of democratic, representative forms of government.

Paul

Posts: 1656 | Registered: Feb 2003  |  IP: Logged | Report this post to a Moderator
drewmie
Member
Member # 1179

 - posted      Profile for drewmie   Email drewmie   Send New Private Message       Edit/Delete Post   Reply With Quote 
In defense of computerized voting:
(1) The "we're used to it" and "we know what to expect" and "we don't trust the machine" arguments have little basis except ignorance. I'm not talking about any specific system (e.g. Diebold's piece of garbage). I'm talking about the idea of a secure, accurate, verifiable system of computerized voting. Such a system would be the ideal solution as long as the programming is independently auditable, and each voter can electronically verify their vote (at any ATM or driver's license office). No piece of paper offers any more real security (besides emotional) than electronically verification methods. Not only is this system more efficient, it promises NO miscounts, and NO corrupt practices that can be hidden. Las Vegas already has highly regulated computer hardware and software that accurately enforces very specific rules in gambling.

(2) Paper and punchcard voting has been, and always will be, HUGELY prone to error and corruption. JFK would never have won the presidency if Lindon Johnson hadn't delivered the South through voter fraud. And one need only look at Florida in 2000 for an example of how pathetically inaccurate punchcard voting can be. Voting fraud and disenfranchisement has been a constant blight on our democracy, and until voting is automated through COMPLETELY electronic methods, it will continue. And we can do it through existing good, tested, verifiable, secure technologies.

Posts: 3702 | Registered: Aug 2003  |  IP: Logged | Report this post to a Moderator
Justin Johnson
Member
Member # 1259

 - posted      Profile for Justin Johnson   Email Justin Johnson   Send New Private Message       Edit/Delete Post   Reply With Quote 
Drewmie has it right: safe, secure, reliable computer voting is possible and superior. The problem is that what we're getting is black-box voting systems, where companies develop software who's security they guarantee, for what that's worth. What we need is white-box voting, where the code is publically available for inspection by anyone to verify the security. When it comes time to vote, each party's scrutineers compile the code on identical platforms; all party's binary versions are compared digitally to ensure that they're identical (and thus, not tampered with by anyone), then one binary is randomly selected, installed, and deployed, all publicly. Afterwords, the vote database (which ties votes only to polling stations and not voters) is downloadable so that anyone can check the voting data vs. demographic data available in the region (hmm... this county has 10,000 people, and yet 12,000 votes were cast. What's going on?)

Done right, it can be more transparent than the best paper balloting system.

Posts: 90 | Registered: Sep 2003  |  IP: Logged | Report this post to a Moderator
Enumclaw
Member
Member # 876

 - posted      Profile for Enumclaw   Email Enumclaw   Send New Private Message       Edit/Delete Post   Reply With Quote 
I don't have any problem with electronic voting, as long as there IS a paper backup that is printed out and verified at the time of the vote being cast.

Anything else is asking for trouble, and it's ridiculous to suggest we can't afford paper ballots in this nation.

There's just too much potential for mischief and error with everything being all-electronic. With paper, at least, you make it a lot harder because someone has to physically mess with things.

Paul

Posts: 1656 | Registered: Feb 2003  |  IP: Logged | Report this post to a Moderator
drewmie
Member
Member # 1179

 - posted      Profile for drewmie   Email drewmie   Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Enumclaw wrote: ...as long as there IS a paper backup that is printed out and verified at the time of the vote being cast. Anything else is asking for trouble...
You want trouble? Try living in a Chicago neighborhood where Daley Jr's cronies check your "receipt" outside the voting station and make sure you voted for the right person and, in so doing, earned the right to keep your union job, your pension, or (with Daley Sr.) your kneecaps. And don't even try coming out without a receipt when they know it's available. That's even worse.

Receipts have been, and still are, prone to too much corruption. Electronic verification is a lot more secure.

[ September 23, 2003, 11:37 PM: Message edited by: drewmie ]

Posts: 3702 | Registered: Aug 2003  |  IP: Logged | Report this post to a Moderator
LetterRip
Member
Member # 310

 - posted      Profile for LetterRip   Email LetterRip   Send New Private Message       Edit/Delete Post   Reply With Quote 
See this whitepaper on vreciept,

http://www.vreceipt.com/article.pdf

or more accessibly this press release,

http://www.vreceipt.com/

LetterRip

Posts: 8287 | Registered: Jan 2001  |  IP: Logged | Report this post to a Moderator
Cousin Hobbes
Member
Member # 920

 - posted      Profile for Cousin Hobbes   Email Cousin Hobbes   Send New Private Message       Edit/Delete Post   Reply With Quote 
First off, I’m sorry about my original responses to this on Hatrack Tom. I shouldn’t have lambasted the article when I knew I only had access to a portion of it. Forgive me?

I’m all for electronic voting, it’s faster, cheaper (once it’s installed), and less prone to errors (outside of hacking). Really, my vote is the most important thing that the government gets from me, because everything else it does to me/for me depends on that vote. I wouldn’t mind spending a goodly amount to get a decent system set up that will make sure my vote is accounted for. I fail to see why our government keeps choosing the worst options out there whenever it gets contractors, many solutions to the e-security problem have been proposed on this thread; it seems like it’s more than possible to get a safe and secure system up and running.

Not only is e-voting easier to keep track of, it could really simplify the ballot itself. Creating help files to go with it for instance, or getting a general outline for a ballot that is easily distributed, modified, and just plain makes more sense. The Floridian mess up was one of the more embarrassing moments for this country in the past decade (in my opinion); if we can spend 10 billion on Afghanistan, we should be able to set up a reliable system for deciding whose paying.

Hobbes [Smile]

Posts: 38 | Registered: Mar 2003  |  IP: Logged | Report this post to a Moderator
msquared
Member
Member # 113

 - posted      Profile for msquared   Email msquared   Send New Private Message       Edit/Delete Post   Reply With Quote 
Paul

You keep asking for an audit trail? Do you mean something that the voter has to verify his vote? I don't have that now, with the punchcard votes. I mean when I pull the card out of the punch machine, all I see is a bunch of holes, nothing that would let me verify that the correct holes were punched. My parents used to take me to the voting station when I was very young and I remember them using the old lever machines with the curtain. They never got anything to confirm that the machine counted their votes the way they wanted them.

msquared

Posts: 4002 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
drewmie
Member
Member # 1179

 - posted      Profile for drewmie   Email drewmie   Send New Private Message       Edit/Delete Post   Reply With Quote 
Just as an example of how a good electronic system would work from a voter standpoint:

After verifying who you are, the verifying civil servant uses their PC to send your individual info to Cubicle 12. You go into Cubicle 12 and close the curtain. You verify your identity with the touch-screen, and start voting.

You can choose how to sort the nominees (by party, by last name, by first name, etc. in ascending or descending order) and how to filter the nominees (by party, by first name letter, by last name letter, etc.). When you select "Al Sharpton," the screen displays, "You are voting for AL SHARPTON as PRESIDENT OF THE UNITED STATES. Is that correct?" You then press "Yes" or "No."

After voting is complete, you see a complete list of the people for whom you voted, and the position for which they are running. The screen displays "Press any nominee to change your vote, or Press 'THIS LIST IS CORRECT' to complete these votes."

Nothing is "printed out." If you ever wanted to review your votes, you could do so privately at any driver's license office or other secure area. That way you can't be pressured to show somebody else your voting record.

Nobody, not even the Floridians who voted Buchanan, could reasonably screw up this kind of system. The only prerequisite is those we've mentioned before, regarding accuracy and security in the initial programming and setup.

Frankly, I think voter registration would skyrocket, just because everybody would want to see the cool new system (a pathetic reason to vote, but hey, whatever brings in the voters).

[ September 24, 2003, 01:00 PM: Message edited by: drewmie ]

Posts: 3702 | Registered: Aug 2003  |  IP: Logged | Report this post to a Moderator
msquared
Member
Member # 113

 - posted      Profile for msquared   Email msquared   Send New Private Message       Edit/Delete Post   Reply With Quote 
I like that system.

msquared

Posts: 4002 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
TomDavidson
Member
Member # 99

 - posted      Profile for TomDavidson   Email TomDavidson   Send New Private Message       Edit/Delete Post   Reply With Quote 
Only one problem: there's still no hard audit. This means that even when someone goes to a DMV a week later to check his or her votes, he's relying on memory to verify that the votes recorded there are the votes he actually meant to make.

Personally, I think we need an encoded receipt (encrypted with relational object IDs AND the names of each candidate selected) that can be taken to a DMV or similar agency, and then scanned to compare the encoded record on the receipt with the stored record in the database. This would verify that the receipt printed at the moment of departure matches the information stored later in the database, leaving the only potential vulnerability to be a relational one (if the name displayed for a candidate is associated with the ID of a different candidate in the database) -- but, in theory, this can be caught easily using the final verification screen, which should not store votes in sessions but should directly query the database to retrieve the completed vote.

Of course, you'd still be vulnerable to direct data tampering, but a decent audit table with appropriate security can narrow the list of people capable of this down to a mere handful -- and, again, the encoded receipt after the fact should still be able to catch post-election skullduggery.

Posts: 22935 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
Colin JM0397
Member
Member # 916

 - posted      Profile for Colin JM0397   Email Colin JM0397   Send New Private Message       Edit/Delete Post   Reply With Quote 
Me too - winning me over as long as it's verifiable and secure.

Of course, that's assuming that we don't have 2 alien clones agreed upon by the illuminati, CFR, and trilateral commission who will do what they are told by "the man" regardless of which party wins. [Cool]

Side note:
quote:
After verifying who you are
Going off memory here, so excuse any inaccuracies. There was a bill up before congress - I think it was last year - to make it a law that you have to present a photo ID - ie driver's license - to prove who you are when voting. (I have to in OH, but not all places require a photo ID to vote).
I believe it died on the floor - care to guess which party killed it and why?

Posts: 4738 | Registered: Mar 2003  |  IP: Logged | Report this post to a Moderator
msquared
Member
Member # 113

 - posted      Profile for msquared   Email msquared   Send New Private Message       Edit/Delete Post   Reply With Quote 
Tom

We don't have a hard audit now do we? I never get a reciept when I vote? Is there any system out there with that? Do we want it?

msquared

Posts: 4002 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
TomDavidson
Member
Member # 99

 - posted      Profile for TomDavidson   Email TomDavidson   Send New Private Message       Edit/Delete Post   Reply With Quote 
The reason we don't currently have a hard audit is that people used to demand receipts in order to verify that someone had voted for the "correct" candidate. This is a major concern, even in an encrypted system, since a party machine could after all control the DMVs or simply send flacks to escort voters to DMVs after the polls in order to decrypt the receipt.

However, the absence of an independently verifiable hard copy is, to me, unacceptable. If we're going to move to a purely electronic vote tally, I believe a form of receipt is NECESSARY to discourage tampering with the database -- which, IMO, would otherwise be inevitable.

Posts: 22935 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
LetterRip
Member
Member # 310

 - posted      Profile for LetterRip   Email LetterRip   Send New Private Message       Edit/Delete Post   Reply With Quote 
Apparently noone read the vreciept article...

Hard audit, the vote can't be coerced, cryptographically verifiable for both your vote and that votes have been properly. As long as accurate counts are made of those who enter the booths, then it makes cheating by extra votes nearly impossible as well.

Just take a standard receipt printer, and interface it with the touchscreen software and hardware, and your pretty much done.

LetterRip

Posts: 8287 | Registered: Jan 2001  |  IP: Logged | Report this post to a Moderator
drewmie
Member
Member # 1179

 - posted      Profile for drewmie   Email drewmie   Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
TomDavidson wrote: Personally, I think we need an encoded receipt...
If we're going to move to a purely electronic vote tally, I believe a form of receipt is NECESSARY to discourage tampering with the database -- which, IMO, would otherwise be inevitable.

I'm not sure I see how this would be helpful. Can you give a hypothetical situation showing how paper receipts to voters could offer more than electronic verification solutions? Sorry if I'm missing something that's obvious.

I can see how a hard copy for auditors would be an extra safeguard. I just don't understand how it helps for the voter to have one.

P.S. - I'm for complete fingerprinting, retina scanning, and genetic fingerprinting of the population at birth so we can use fingerprints in voter verification, public services, and law enforcement, as well as for private use (where the individual wants to take advantage of the technology). I'm sure I'll get some major crap for that position. Be gentle with me! [Big Grin]

[ September 24, 2003, 06:05 PM: Message edited by: drewmie ]

Posts: 3702 | Registered: Aug 2003  |  IP: Logged | Report this post to a Moderator
TomDavidson
Member
Member # 99

 - posted      Profile for TomDavidson   Email TomDavidson   Send New Private Message       Edit/Delete Post   Reply With Quote 
"Can you give a hypothetical situation showing how paper receipts to voters could offer more than electronic verification solutions?"

A paper copy, encrypted with both the candidate's database ID and given name and generated at the time of voting from the master query, can demonstrate that, at the time of voting, a given database ID was selected that was identified to the voter as having the following given name.

Since the voter would be able to cross-check this against the information later displayed at the DMV, he would be able to see if his vote had been changed or if the ID for which he had voted had been subsequently associated with another candidate. It also makes it harder for someone to "spoof" the system by providing false feedback to a voter at the data entry screen, since the final printout (and, ideally, final verification display) would use as its sole source the master query. (Combined with a decent auditing mechanism for the creation and modification of queries, this would limit the possibility of tampering to those with full administrative rights to the database and the ability to generate fake but valid audit hashes.)

[ September 24, 2003, 09:16 PM: Message edited by: TomDavidson ]

Posts: 22935 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
Cepper
New Member
Member # 1288

 - posted      Profile for Cepper   Email Cepper   Send New Private Message       Edit/Delete Post   Reply With Quote 
The thing I do not like is that with a receipt there is an actual name to vote record. I like an anonymous voting record so I do not like this idea. That information could be used by unscrupulous people to my detriment.

Why does everything have to be electronic? Paper voting is no more prone to fraud than electronic. Good hackers can be gotten for a good price and people will pay LOTS of money for power no matter how we vote.

The only safeguard for fraud is vigilance and so far I cannot see how to be vigilant with the electronic voting as used or as proposed.

Posts: 3 | Registered: Sep 2003  |  IP: Logged | Report this post to a Moderator
Justin Johnson
Member
Member # 1259

 - posted      Profile for Justin Johnson   Email Justin Johnson   Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
A paper copy, encrypted with both the candidate's database ID and given name and generated at the time of voting from the master query, can demonstrate that, at the time of voting, a given database ID was selected that was identified to the voter as having the following given name.
Any connection between the voter and her vote opens us up to voter intimidation. Anonymous voting (meaning that you can be registered, and the fact that you voted recorded, but not how you voted) is an absolute requirement for free elections.
Posts: 90 | Registered: Sep 2003  |  IP: Logged | Report this post to a Moderator
TomDavidson
Member
Member # 99

 - posted      Profile for TomDavidson   Email TomDavidson   Send New Private Message       Edit/Delete Post   Reply With Quote 
The problem is that it's absolutely impossible to secure an electronic election process WITHOUT some form of voter-to-vote record. In an anonymous process, there's no verifiable way to link any vote session to a cast vote without using, say, write-once memory or media (which is, I suppose, an option.)
Posts: 22935 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
Everard
unregistered


 - posted            Edit/Delete Post   Reply With Quote 
How about numerical logging?
IP: Logged | Report this post to a Moderator
WarrsawPact
Member
Member # 1275

 - posted      Profile for WarrsawPact   Email WarrsawPact   Send New Private Message       Edit/Delete Post   Reply With Quote 
I think we should all tattoo barcodes onto our hands and every election they take down our name, UPC code and exactly how we voted, and everyone gets a copy of how everyone else voted.

I can't imagine anyone having a problem with this, except I have had work experience at a grocery store and I tell you they have a hard time with some of those barcodes.

Isn't that the only way we can be absolutely positive that everyone's vote was cast?
I imagine the error rate would be spectacularly low.

Posts: 7500 | Registered: Sep 2003  |  IP: Logged | Report this post to a Moderator
Justin Johnson
Member
Member # 1259

 - posted      Profile for Justin Johnson   Email Justin Johnson   Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
The problem is that it's absolutely impossible to secure an electronic election process WITHOUT some form of voter-to-vote record. In an anonymous process, there's no verifiable way to link any vote session to a cast vote without using, say, write-once memory or media (which is, I suppose, an option.)
There are electronic ways to replicate databases in parallel, similar to a raid array; when the vote is electronically recorded, it's done so in several distinct physical locations; all electronic copies have to agree for it to be valid. The number of votes cast can be compared to the number of votes who showed up to vote.

In other words, rather than provide an audit trail of paper, use the technology to make it far too difficult to tamper with--how do you mess with the vote database when it exists in ten different locations, some in other cities? Further, you could use the same system to constantly verify that there's no discrepancies between them, so changing one database without changing all of them automatically sets off an alarm.

The problem with the Diebold system is that the database itself is a single unsecured digital entity on a single unsecured computer.

Posts: 90 | Registered: Sep 2003  |  IP: Logged | Report this post to a Moderator
drewmie
Member
Member # 1179

 - posted      Profile for drewmie   Email drewmie   Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Cepper wrote: Why does everything have to be electronic? Paper voting is no more prone to fraud than electronic. Good hackers can be gotten for a good price and people will pay LOTS of money for power no matter how we vote.

This simply has no basis in reality, and there is plenty of evidence to the contrary:
(1) Ask banks, businesses, military, and polling/survey companies why they do sensitive things electronically. These are not stupid people who would be better off using ledger paper.
(2) The rampant, unrestrained fraud with ballot voting in the U.S. is not only well-documented, its practically impossible to stop. There are just too many places where it can be compromised without leaving any trace of the illegal activity.
(3) Good hackers? How many knee-breakers could I get to influence a paper system in my favor? And how many hackers could I get FOR THE SAME AMOUNT OF MONEY who had the expertise to alter an electronic system? Besides, the super-criminal myth is beyond reasonable possibility compared to the reality of mindless cronies used to "assist" voting through our history.
(4) There is no way to make sure paper voting fraud of every kind will be able to be caught. But with a well-programmed, audited system, there is NO chance of error or fraud that will not leave its mark.
quote:
TomDavidson wrote: The problem is that it's absolutely impossible to secure an electronic election process WITHOUT some form of voter-to-vote record.
(BTW, I really liked your example. Very well written.) Can you explain what a voter checking their record at the DMV against their memory lacks? The "people won't remember" aspect seems to be more of a personal problem than a systemic one. The paper receipt sounds more like a security blanket for the voter, rather than a security measure for the system. And that "sense" of security it gives a voter pales in comparison to the potential fraud it introduces into an election. And if, to compensate, we personally encrypt the receipt with a unique algorithm, what use can it be to the voter, since the voter's memory will then be the yardstick at the DMV?

[ September 25, 2003, 02:00 AM: Message edited by: drewmie ]

Posts: 3702 | Registered: Aug 2003  |  IP: Logged | Report this post to a Moderator
TomDavidson
Member
Member # 99

 - posted      Profile for TomDavidson   Email TomDavidson   Send New Private Message       Edit/Delete Post   Reply With Quote 
The key to my proposed encrypted receipt is NOT that the voter's memory is the yardstick at the DMV, but rather that the receipt ITSELF is the yardstick. The easiest way to engage in this kind of fraud in a relational detabase would be to swap the relationships; having a hard copy that verifies what the relationships were at the moment of voting ensures that this wouldn't happen.

But something else has occurred to me that makes even MORE sense, and wouldn't require a written copy:

In addition to multiple replicating databases, have a SINGLE database on write-once media (either a secured drive or flashable ROM) that stores the relationship between the candidate, candidate's information (like party affiliation), and the candidate's ID. This information can be accessed as part of a cross-database query, and could NOT be changed without actual physical replacement or editing of the media. (In theory, it's relatively easy to audit against this, as well.)

If we really wanted, each vote could also be written to the same non-rewritable media; it would just need to be a single line of text, containing the voter's ID number and the ID numbers of the candidates selected. In the event of a physical audit, these multiple text files can compared by script to a query against the rewritable database.

As far as I can tell, this basically limits the possibility of actual tampering to the administrators of the system itself -- which is about the situation we have today, too.

Of course, other avenues for fraud exist, the same avenues so common today: voting multiple times, impersonation of another voter, etc. There's no way to remove these problems by improving ballot technology, though. [Frown]

Posts: 22935 | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
  This topic comprises 2 pages: 1  2   

Quick Reply
Message:

HTML is not enabled.
UBB Code™ is enabled.
UBB Code™ Images not permitted.
Instant Graemlins
   


Post New Topic  Post A Reply Close Topic   Feature Topic   Move Topic   Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:


Contact Us | Ornery.org Front Page

Powered by Infopop Corporation
UBB.classic™ 6.7.1