Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

E-Voting: No Chads, But ...
CBSNews ^ | 3/9/04

Posted on 03/09/2004 4:49:08 PM PST by Tumbleweed_Connection

(CBS) Today's presidential primaries in the South are not only a dry run for the issues in November -- but also for new high-tech voting machines.

Judging from their use in other states so far, touch-screen voting may not be foolproof -- or tamperproof.

Ads promoting computerized voting make fun of the 2000 electoral mess in Florida.

"This chad. I can't tell if it's hanging. That's no way to vote,'' says one commercial.

But as CBS News Correspondent Vince Gonzales reports, experts nationwide have found serious security problems with the new touch-screen voting systems.

"If there's another close election, we might not be able to do any kind of meaningful recount," says Rice University computer scientist Dan Wallach. "We might not be able to really figure out who won the election."

Wallach, who is affiliated with a group called verifiedvoting.org, obtained the secret programs that run the most widely used technology, made by Diebold Elections Systems.

"We found a number of interesting flaws with the Diebold system, any one of which could allow somebody to corrupt an election," says Wallach.

During a test, it took only seconds for Michael Wertheimer and his team of former National Security Agency experts to break into Diebold voting machines in Maryland.

"It is definitely within the realm of possibility, strong possibility, that an election could be thrown and nobody would know," says Wertheimer, a computer security expert for RABA Technologies.

They picked locks, reprogrammed machines -- and the so-called smart cards given to voters -- allowing them to change votes or to vote as often as they liked. It's a flaw Diebold knew about three years ago according to this internal e-mail: "Our smart card format has absolutely no security …. They could stand at the ballot station and quietly burn new cards all day."

The company says it has corrected any security problems as they've been discovered. We tried to ask Diebold's president Bob Urosevich about that, but he declined to talk to CBS News, referring us to a spokesman.

"When people have a chance to use these systems they see they're secure, they're accurate," says Bear. "There's many, many levels of checks and balances to insure the safety and security of the vote."

For a system they can believe in, a handful of states are now requiring a paper backup be printed with every vote.

"Maybe it will cost $100 a machine, maybe it will cost $500 a machine," says Wallach. "What's the price of democracy?"

But it's unlikely the changes will be ready in time for this year's presidential election, in which nearly one-third of voters may cast their ballots electronically.



TOPICS: Politics/Elections
KEYWORDS: dnc; electronicvoting
Navigation: use the links below to view more comments.
first 1-2021 next last
What would this be like if the left had won their "chads" case?
1 posted on 03/09/2004 4:49:09 PM PST by Tumbleweed_Connection
[ Post Reply | Private Reply | View Replies]

To: Tumbleweed_Connection
Cross-link:

-The Vote Fraud Archives--

2 posted on 03/09/2004 5:09:38 PM PST by backhoe ("It's so easy to spend somebody else's money." [ My Dad, circa 1958 ])
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tumbleweed_Connection
For a system they can believe in, a handful of states are now requiring a paper backup be printed with every vote.

Is there any way to do anything meanngful with those paper ballots? Having paper ballots as a backup to the electronic ones is important, but it's also important to have a means of doing something useful with them.

3 posted on 03/09/2004 5:11:35 PM PST by supercat (Why is it that the more "gun safety" laws are passed, the less safe my guns seem?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: supercat
You can do a recount with them!
4 posted on 03/09/2004 5:13:34 PM PST by expatpat
[ Post Reply | Private Reply | To 3 | View Replies]

To: Tumbleweed_Connection
An un-punched, or partially punched, chad is the same as leaving a political list of candidates for an office unmarked.

Both the un-punched chad and the unmarked ballot are legally cast ABSTAIN votes.

When a candidate attempts to count these ABSTAIN votes as votes for himself, he is said to be guilty of trying to "Gore" the election.
5 posted on 03/09/2004 5:28:30 PM PST by Graewoulf
[ Post Reply | Private Reply | To 1 | View Replies]

To: expatpat
You can do a recount with them!

How? Are they printed in machine-readable form, and are the records suitable for automatic handling? I've been sketching up what IMHO would be a much better approach to handling elections; to be posted following.

6 posted on 03/09/2004 6:39:43 PM PST by supercat (Why is it that the more "gun safety" laws are passed, the less safe my guns seem?)
[ Post Reply | Private Reply | To 4 | View Replies]

To: expatpat

Proposal for enhanced verifiable paper ballots

A number of municipalities have been installing electronic voting systems in the interest of preventing election problems like those which occurred in Florida. In response to widespread concerns that the machines might not record votes legitimately, printers have been added to maintain a "paper trail". Unfortunately, it's not clear how this paper trail can be used to verify election results, other than by hand-counting all the ballots; if ballots are to be hand-counted, it's not clear what benefit the machines provide.

I would propose a system whose deployment cost would be between that of DRE and optical-scan systems, but which would be more resistant to insider and outisder tampering.

Election procedure

I would use optical-scan ballots as the "official" vote recording medium. All other records would be subservient to the paper ballots unless evidence suggests that the ballots were tampered with after they were initially scanned in which case forensics should be used to determine how they should be counted. For voters who are unable to directly cast optical-scan ballots, I would have available electronic machines which would, after the voter made all appropriate selections, print out a pre-completed paper ballot for the person to submit in the usual way.

To protect paper ballots against alteration, there would be a 'check field' which indicated how many other marks there were on the ballot. Voters would have the option of filling this out themselves, or of letting the "electronic ballot box" do it. Although the "electronic ballot box" would accept ballots whose check field was blank, it would reject as spoiled any ballot whose check field was improperly completed.

As each ballot is inserted into the electronic ballot box, it would record some information in printed machine-readable form on the ballot itself and also in internal electronic storage; the details of this information are described below. Additionally, it would check that all votes were cast properly (no overvotes), the check field was either blank or correct (and if blank it would fill it in and then scan to confirm that it had done so correctly), and it would confirm that all marking areas were either completely blank or thoroughly filled. Ballots with excessive marks would be rejected as spoiled; those with ambiguous marks would be rejected for correction.

Ballot information

Each machine would be designed to record a maximum of 50,000 ballots per election (this should not be a limitation, since other factors would limit capacity to a much lower number). These would be subdivided into 1,000 sets of 1-100 ballots, though the actual subdivision would be transparent to voters.

At the start of each election, each machine would be assigned an identifier which would uniquely define the machine and the election; this number is called the "election-machine id". This would be the same for all ballots cast by the machine in the election.

At the start of each "set" of ballots (including at the start of the election) the machine would select a number randomly but uniquely from "00" to "99" as a "set-id"; no number would be reused on a particular machine in a particular election.

As each ballot was cast, the machine would mark it with the election-machine id and the set-id. It would also randomly select and mark for each race a three-digit number called a "ballot-race id" which was unique within that race, within that set of ballots. The machine would then randomly decide whether or not to begin a new set (with a weighted function so that after the first ballot the answer would more likely be 'no' but after the 990th it would more likely be 'yes'). Starting a new set would cause a new set-id to be selected, and would make all ballot-race id's eligible for re-use.

Within each race, any ballot may be globally uniquely identified by the combination of the election-machine id, the set-id, and that ballot-id marked on that ballot for that race. This combined number will referred to as the "race-unique id". As a simple example, suppose there are three races and a ballot is marked 39921-49-501-392-948. The 39921 is the election-machine id, the 49 is the set-id, and the remaining numbers are the ballot-race id's. The "race-unique id's" for this ballot would be 39921-49-501, 39921-49-392, and 39921-49-948.

Post-election reporting

Following the election, a list would be published for each race showing all ballots cast; the list would contain for each ballot the race-unique id and the candidate selection. Anyone wishing to could easily run the list through a perl script or other program to confirm that reported vote totals in fact match the votes on the list, and could easily confirm that the number of ballots in the list matches the number of recorded voters. Note that the lists would not contain any information that would allow any individual person's vote to be ascertained, as the id's would be randomly assigned. Identifying the last people to vote by their membership in a "short" set would not be possible since the sets would be of random length.

If an automated recount is necessary, the ballots could be run through a counting machine, producing a second data file similar in form to the first. Any ballot which reads unclearly would be rejected for hand inspection, but all others would be processed automatically. Doing a cross-check between the two lists would help to catch mechanical problems, and could be useful for that purpose, but would not necessarily catch fraudulent programming. For that, the third step comes in.

To verify accuracy and legitimacy of the actual vote recording, interested parties would be allowed to randomly select ballots from the list to be examined. Any of a number of means could then be used to physically retrieve the paper ballot and inspect it (e.g. even if the ballots were physically shuffled after the original election, during a recount the machine could record the physical order in which they appear). If there is any significant malfeasance or fraud, even a fairly small sampling will likely be enough to catch it. For example, if 1% of the ballots are miscounted, there's a better-than-50% chance of catching one within 100 samples and a better-than-98% chance of catching one within 400 samples. If 0.1% are miscounted, then 1,000 samples will catch one more than 50% of the time, and 4,000 will catch one more than 98% of the time.

While recounts are statistically useless because, in case of discrepancy, there isn't any way to know what's "right", sampling as described will be much more useful and informative. Since ambiguous ballots should be rejected by the electronic ballot box, there shouldn't be even a single ballot that doesn't match the electronic record. If one is found, then something is probably wrong; to allow for the possibility of a statistical fluke, a sample larger than the original one (say twice as large) should be taken. If it comes up clean, then the original anomoly was probably a fluke. Otherwise, machines should be inspected and adjusted as needed; ballots should then be rescanned to determine if any of them read differently after adjusting the machines. If so, particular ballots that read differently should be inspected to determine why. Otherwise another, larger random sample of ballots should be examined to determine whether the previous failures were a statistical fluke.

Key features

Although the vast majority of the tabulating work under my system could be done by machine, saving considerable labor versus a hand-counted election, there would be no need for anybody to 'trust' the machines. If anyone tried to rig machines to produce false results, a random statistical sample of a size appropriate to the election margin would most likely find it. For a 4% race, a sample size of 100 would suffice. And that's not 100 ballots per ward--that's 100 ballots total throughout the entire region where the race is conducted. If the margin were only 0.4%, then 1,000 ballots should probably be sampled. But even that would be a considerable improvement over hand-counting hundreds of thousands or millions.

Perhaps more important than the improved statistcal certainty provided by the use of random statistical sampling is another feature of this system: ballots can be identified for additional scrutiny. With conventional systems, if one recount yields a one result and another recount yields a different result, that may suggest a problem, but it would provide zero guidance toward solving it. By contrast, tracking ballots via random id's would allow particular ballots which read differently on different passes to be identified. If a smudge was causing misreads, the problem could be noted and the counts adjusted appropriately.

7 posted on 03/09/2004 6:40:32 PM PST by supercat (Why is it that the more "gun safety" laws are passed, the less safe my guns seem?)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Graewoulf
When a candidate attempts to count these ABSTAIN votes as votes for himself, he is said to be guilty of trying to "Gore" the election.

Two things I'd like to see with optical-scan paper ballots (which are IMHO the only way to go): (1) for each race, an explicit "ABSTAIN" choice; and (2) a 'check field' a voter could fill in which indicated how many abstentions there were that the voter hadn't marked. If this field not completed by the voter before a ballot was submitted, the electronic ballot box would either use a printer to mark the ballot with the correct value or else reject the ballot and instruct the voter what to mark. While a ballot with no 'check-field' marks would be either fixed by the box or returned to the voter for correction, and a ballot whose check-field indicated fewer unmarked abstentions than actually existed would returned to the voter for correction (a voter could at that point just mark more explicit abstentions), a ballot whose check-field indicated more unmarked abstentions than existed should be rejected outright. Such a procedure would ensure that no validly-cast ballot--even if it included abstentions--could be altered to reflect any additional candidate selections without becoming invalid.

8 posted on 03/09/2004 6:46:54 PM PST by supercat (Why is it that the more "gun safety" laws are passed, the less safe my guns seem?)
[ Post Reply | Private Reply | To 5 | View Replies]

To: supercat
Until this last primary election, we used the optically-read ballots here -- with the ovals on them that you filled in with pencil. They were very convenient, and fully suitable for recounts, as you point out, and the voter got a receipt, with the ballot number on it.(The new machines are slightly easier to use but lack the paper trail, of course).

OTOH, it's not such a big deal to count paper-trail 'coupons' by hand since recounts aren't that frequent, and very-rarely statewide.

9 posted on 03/09/2004 6:48:20 PM PST by expatpat
[ Post Reply | Private Reply | To 7 | View Replies]

To: expatpat
OTOH, it's not such a big deal to count paper-trail 'coupons' by hand since recounts aren't that frequent, and very-rarely statewide.

Consider a simple hypothetical: a number of voting machines has been altered to count 10% of Bush votes and 50% of Nader votes as Kerry votes. How would such a thing be detected? Unless one happens to do a recount in an area served by such a machine, I would think such cheating would completely escape notice.

10 posted on 03/09/2004 6:56:26 PM PST by supercat (Why is it that the more "gun safety" laws are passed, the less safe my guns seem?)
[ Post Reply | Private Reply | To 9 | View Replies]

To: supercat
I think you are underestimating the security built into the systems. I would suspect that that would be extremely difficult. More worrying is the possibility of misuse of the card which is inserted to allow the vote to be cast.
11 posted on 03/09/2004 7:04:45 PM PST by expatpat
[ Post Reply | Private Reply | To 10 | View Replies]

To: supercat
GET RID OF THE SECRET BALLOT
12 posted on 03/09/2004 7:08:02 PM PST by SirTaurus
[ Post Reply | Private Reply | To 10 | View Replies]

To: expatpat
I think you are underestimating the security built into the systems. I would suspect that that would be extremely difficult. More worrying is the possibility of misuse of the card which is inserted to allow the vote to be cast.

From what I've read, Diebold et al. have allowed some independent "code inspectors" to examine alleged what is allegedly the source code for their products, but not allowed them to compile the code and take with them a copy of the code image, or even a cryptographic hash thereof, to confirm that the code they examined is the code that's being deployed. Indeed, in many cases the code has been clearly different as evidenced by things like version numbers.

You may trust Diebold, but I see no reason why I should have to, especially when a properly-designed election protol wouldn't require anybody to trust any piece of equipment except for some pens and sheets of paper.

13 posted on 03/09/2004 7:10:50 PM PST by supercat (Why is it that the more "gun safety" laws are passed, the less safe my guns seem?)
[ Post Reply | Private Reply | To 11 | View Replies]

To: SirTaurus
GET RID OF THE SECRET BALLOT

Why do you object to free elections?

14 posted on 03/09/2004 7:11:35 PM PST by supercat (Why is it that the more "gun safety" laws are passed, the less safe my guns seem?)
[ Post Reply | Private Reply | To 12 | View Replies]

To: supercat
Of course there have been several versions, as Diebold have improved the security to address concerns of some of those who have reviewed their system. That doesn't mean a thing. It would be very easy to test for the kind of thing you described in your previous post, which would be caught immediately by the current start-up testing.

However, I agree with you that the optically-read paper ballots are an effective way to run elections. But most of the vote-fraud is done outside of any machines, and is just as easy with your system as with the Diebold system.

15 posted on 03/09/2004 7:26:12 PM PST by expatpat
[ Post Reply | Private Reply | To 13 | View Replies]

To: expatpat
Of course there have been several versions, as Diebold have improved the security to address concerns of some of those who have reviewed their system. That doesn't mean a thing.

It means it's impossible for anyone to be sure there aren't any 'back doors' in the system.

It would be very easy to test for the kind of thing you described in your previous post, which would be caught immediately by the current start-up testing.

Suppose the machine were set up so that it would count all Bush and Nader votes as Kerry votes between the time it saw one particular odd combination of candidate selections and another particular odd combination. One operative of fraud goes in shortly after the election starts and cast his "special" vote. Another goes in shortly before polls close. Testing the machine before and after the election will show nothing amiss, unless the testers happen to try the magic candidate combination which triggers the fraud.

16 posted on 03/09/2004 7:33:33 PM PST by supercat (Why is it that the more "gun safety" laws are passed, the less safe my guns seem?)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Tumbleweed_Connection
For a system they can believe in, a handful of states are now requiring a paper backup be printed with every vote.

These assholes are beyond belief. Can anyone - ANYONE - guarantee that the results on a paper ballot from a touch-screen system can be guaranteed to be the same result that is transmitted from the system? It's ludicrous.

17 posted on 03/09/2004 7:36:44 PM PST by jackbill
[ Post Reply | Private Reply | To 1 | View Replies]

To: supercat
All good points. The problem that we currently face is that votes to ABSTAIN are never counted when the public votes. The only times ABSTAIN votes are counted is in the United Nations and the U. S. Senate.
18 posted on 03/10/2004 1:11:25 PM PST by Graewoulf
[ Post Reply | Private Reply | To 8 | View Replies]

To: Tumbleweed_Connection
In the 2000 election, thirty Florida counties used cheap, recountable, optically scanned ballots. During the recounts the machine scanning was proven to be perfect. None of these counties had to revise their totals.

Because of this record of perfection and autibility, all but three Florida counties switched to them. They were proven again in 2003.

Oh yes, those other theree counties that chose touch screen machines? Miami, Broward, Palm Beach.

Miriam Oliphant, one of those three election supervisors, is current being investigated for criminal negligence for causing a fiasco in 2002.
19 posted on 03/10/2004 1:19:25 PM PST by js1138
[ Post Reply | Private Reply | To 1 | View Replies]

To: Graewoulf
All good points. The problem that we currently face is that votes to ABSTAIN are never counted when the public votes. The only times ABSTAIN votes are counted is in the United Nations and the U. S. Senate.

Actually, one very useful improvement to current elections would be to include in all vote tallies including early returns abstain votes, uncounted ballots, and spoiled ballots. From the very first election returns, the total of votes for all candidates in a race plus the above ballot candidates should equal the number of people that voted. Any change to that total should be cause for suspicion. If this reporting had been in place, one of the problems in a Florida recount, were the ballot-handler failed to run all the ballots through the machine, would have been detected.

20 posted on 03/10/2004 4:03:25 PM PST by supercat (Why is it that the more "gun safety" laws are passed, the less safe my guns seem?)
[ Post Reply | Private Reply | To 18 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson