taint.org: Justin Mason’s Weblog

EVoting: I didn’t realise it, but the Open Voting Consortium’s ‘EVM2003′ e-voting system looks excellent. Here’s the key point: it produces printed ballots, unlike the DRE (Direct Recording Electronic) systems. Those are what’s counted, and those are what the voter verifies. And it’s open-source, too, so the source is available.

Here’s a good intro from the Baltimore Sun:

Although it’s far from a finished product, the system retains what’s good about current electronic voting systems. It’s voter-friendly, easier than older systems to administer, and accessible to blind voters without assistance.

It also addresses the concerns of today’s critics. First, it uses open-source software that’s available for public inspection - eliminating the secrecy that outrages critics of today’s proprietary “black box” systems.

Second, the software is free and can run on a variety of computer platforms, which makes the system cheaper to acquire and maintain. Third, it creates a paper trail of printed ballots that can be counted by hand or machine in case of disputed elections - without compromising privacy for the blind.

Instead of printing a “receipt” that confirms a ballot cast electronically, it’s based on the quaint notion that the best ballot is still a paper ballot. “We didn’t see any reason to reinvent the wheel,” said Fred McLain, the project’s lead software developer.

Tags: ballot, consortium, evm, evoting, open, paper, realise, software, system, today, voting

EVoting: No ducking the f*ing question . . . did he say it? (Irish Independent) (reg req’d, see bugmenot):

A direct transcription of Mr (Michael) Smith’s comments reads: “Let them, f* it, we’ll say no more - we’ll say no more.”

Given the barrage of taunts he was facing in the Dail at the time, it is quite plausible - and in context - if the ‘eff it’ is replaced in the sentence by ‘duck it’.

The Opposition was continually interrupting Mr Smith when he was trying to put a brave face on the Government’s squandering of EUR 52m on e-voting. Ill at ease and clearly keen to avoid the onslaught from the Opposition, the minister seemed to know he was on a hiding to nothing.

Labour leader Pat Rabbitte, who has made baiting Michael Smith a career work-in-progress, was pursuing his quarry with noticeable effect. Mr Smith’s eyes narrowed as his mouth tightened in frustration, he turned to address his frontbench colleagues, and uttered the sentence that has turned him from Tipperary choirboy to bad-boy rapper.

It seems that the F-word isn’t specifically prohibited in the Dail – “the ‘Salient Rulings of the Chair, Second Edition’, the book which governs behaviour in the Dail, doesn’t specifically forbid the use” of the word. It does, however, apparently prohibit the words “brat, buffoon, chancer, communist, corner boy, fascist, gurrier, guttersnipe, hypocrite, rat, (and) scumbag.” (’corner boy’?)

Tags: boy, corner, dail, evoting, independent, irish, opposition, question, sentence, the, word

eVoting: Success! The use of e-voting systems for the June elections in Ireland has been abandoned, after a severely critical report from the Commission on Electronic Voting. Take a look at the report here. Some bits:

• They particularly do not like the continual revision of the software, noting the ‘large number of new versions of the software since the original … review’ and ‘the fact that new versions of the software continue to be issued in the run-up to the June elections’.
• ‘as the software version proposed for use at the forthcoming elections is not as yet finalised, it is impossible for anyone to certify its accuracy’. (my emphasis)
• They were not given access to ‘the full source code’.
• They found a bug! ‘certain of the tests performed at the request of the Commission identified an error in the count software which could lead to incorrect distributions of surpluses’.
• ‘experts retained by the Commission found it very easy to bypass electronic security measures and gain complete control of the hardened PC, overwrite the software, and thereby in theory to gain complete control over the count in a given constituency’.
• And they raised the pre-arranged-transfer-pattern hack: ‘publication of ballot results in full is a valuable aid in checking the accuracy of the results but this can in theory reveal deliberate voter signatures of low-preference votes which could allow voters to identify themselves in a context of corruption or intimidation’.

The use of VVAT, and changes to the counting procedures to remove randomisation, was outside the terms of reference, unfortunately, so it’s not totally over yet. But I can’t see the government getting away with re-introducing e-voting without VVAT now.

Finally, the opposition political parties are calling on the Minister to resign.

I’ve got to say — nice work to all the concerned citizens who’ve achieved this, despite the government’s continual stonewalling and secrecy.

Tags: accuracy, commission, control, count, evoting, june, report, software, theory, use, vvat

eVoting: Craig passes on this link: apparently thousands of Orange County voters were given the wrong ballots in last week’s election. The result is that in 21 precincts, there were more ballots cast than registered voters. It gets better — apparently the voting machine vendor has said it will be impossible to figure out how many ballots are invalid as a result. It’d be funny if it wasn’t such a big deal…

Tags: cast, deal, election, evoting, link, machine, result, vendor, voting, week

eVoting: Are you an academic, or do you know any academics, working in the field of computer science in Ireland? If so, you should consider signing, or collecting signatures, on
this ICTE statement. It’s eminently reasonable — ’since computers are inherently subject to programming and design error, equipment malfunction, and malicious tampering, we join with (the ACM) in recommending that a voter-verified audit trail be one of the essential requirements for deployment of new voting systems.’ (thx for the pointer, Simon!)

Tags: academic, computer, design, equipment, error, evoting, field, icte, programming, science, statement

eVoting: Highly recommended — Adrian Colley’s Lies, Damn Lies, and Six Independent Consultancies. Adrian debunks in a very clear, step-by-step fashion, the spin being produced by Ireland’s government on the e-voting furore. If you’re following the issue, don’t miss this page.

Tags: consultancies, damn, evoting, fashion, furore, government, highly, independent, issue, lies, spin

eVoting: One of the desired features for new voting mechanisms is that they will increase voter ‘turnout’, encouraging people to vote who are too busy (or too unmotivated) to visit a polling station.

This has been used to suggest internet voting (see the fiasco that was the now-scrapped SERVE project) and voting-by-phone. Both offer a scary number of vote-fixing opportunities and possible failure modes, and are fundamentally a bad idea.

However, it turns out there is a great system to implement absentee voting securely, reliably, conveniently (for the voter) and even cheaply! A comment on Bruce Schneier’s Crypto-Gram newsletter (scroll down to comment number 3) details this.

I’ve copied the entire mail here, since it’s hard to link to in the other location, and is well worth a page to itself:

From: Fred Heutte

Thanks for your cogent thoughts on ballot security. I almost completely agree and was one of the first signers of David Dill’s petition. I am also involved professionally in voter data — from the campaign side, with voter files, not directly with voting equipment – but we’re close enough to the vote counting process to see how it actually works.

I would only disagree slightly in one area. Absentee voting is quite secure when looking at the overall approach and assessing the risks in every part of the process. As long as reasonable precautions like signature checking are done, it would be difficult and expensive to change the results of mail voting significantly.

For example, in Oregon, ballots are returned in an inside security envelope which is sealed by the voter. The outside envelope has a signature area on the back side. This is compared to the voter’s signature on file at the elections office. The larger counties actually do a digitized comparison, and back that up with a manual comparison with a stratified random sample (to validate machine results on an ongoing basis), as well as a final determination for any questionable matches.

Certainly it is possible to forge a signature. However, this authentication process would greatly raise the cost of forged mail ballots, absent consent of the voter. In turn, interference or coercion with absentee voting would require much higher travel costs (at least) than doing so at a polling place, for a given change in the outcome.

It is true that precincts have poll watchers, and absentee voters do not. But consider this. Ballot boxes, which are often delivered by temporary poll workers from the precinct to the elections office, are occasionally stolen, but mail ballots are handled within a vast stream of other mail by employees with paychecks and pensions at stake. The relatively low level of mail fraud inside the postal system is a testament to its relative security, and the points where ballots are aggregated for delivery to the elections office are usually on public property and can also be watched by outside observers if need be.

Oregon has had some elections with 100% ‘vote by mail’ since 1996, and all elections since 1999. So far, no verifiable evidence of voter fraud has emerged, despite many checks and some predictions by those with a political axe to grind that we would be engulfed in a wave of election fixing.

The reality is that Oregon’s system, which is based on some common-sense security principles, has proven to be robust. The one lingering problem has been the need of some counties to make their voters use punch cards at home because of their antiquated vote counting equipment. But while this is a vote integrity issue – since state statistics show a much higher undervote and spoiled ballot total for punch cards as compared to mark-sense ballots – it is not a security issue per se. And with Help America Vote Act (HAVA) funding to convert to more modern vote counting systems, the Oregon chad remains in only one county and will go extinct after 2004.

The mark-sense (’fill in the ovals’) ballots we have work well, and have low rates of over-votes and under-votes, despite the lack of automated machine checking that is possible in well-designed precinct voting systems. This suggests that reasonable visual design and human-friendly paper and pencil/pen home voting is a very reliable and secure system. When aided by automated counting equipment, we even have the additional benefit of very fast initial counts.

The increase in voter participation in Oregon since the advent of vote-by-mail — 10 to 30 percentage points above national averages, depending on the kind of election — leads to the only other issue, which is slow machine counts on election night after the polls close due to the surge of late ballots received at drop-off locations around the state. Oregon in fact isn’t really ‘vote by mail,’ it’s vote-at-home, with a paper ballot that can be mailed or left at any official drop-off point in the state, including county election offices, many schools and libraries, malls, town squares, etc.

The great advantage of the Oregon system is that it relies on the principle that if you appeal to the best instincts of the citizen, the overwhelming majority will ‘do our part’ to ensure the integrity of the democratic voting process, whether it is full consideration of the candidates and issues before voting, watching to make sure all ballots are securely transferred and counted, or favoring those laws and policies that insure that everyone eligible can vote, that their votes are counted, and that the candidates and measures with the most votes win.

The system is also cheaper than running traditional precinct elections. What’s not to like?

It’s so simple, and so sensible. Next time someone suggests ‘i-voting’ or ‘m-voting’ or whatever, you know what to point to…

Tags: absentee, envelope, evoting, mail, number, process, security, side, signature, voter, voting

eVoting: ‘Spoiling your vote’, e.g. writing in ‘none of the above’ on a ballot paper, is a legally-permitted response to a ballot in Ireland and many other countries. Secrecy in how you vote is constitutionally required.

Aengus Lawlor on the ICTE list points out that it appears the new e-voting system in Ireland will no longer permit spoiling to take place in secrecy.

Indeed, in the 7 constituencies where e-voting machines were trialed in the 2002 Nice Referendum, no spoiled votes were cast. Compare:

• Carlow-Kilkenny: turnout 47,192, Spoiled Votes 244 (that’s 0.51%)
• Cork North-West: 29,056, 144 (0.49%)
• Dublin Central: 28,880, 115 (0.39%)
• Dublin North-Central: 36,532, 93 (0.25%)

with the e-voting constituencies:

• Dublin South: 51,229, 0
• Dublin South-West: 31,336, 0
• Dublin West: 25,659, 0
• Dun Laoghaire: 50,070, 0

A pretty notable anomaly there, ignoring the wishes of 0.5% of the electorate.

On a separate issue — let’s hope the Powervote systems aren’t as bad as the Diebold ones. Here’s the RABA Technologies’ assessment of Diebold AccuVote-TS Voting System security (PDF, 167KB), noting locks picked in 10 seconds, default passwords used to re-encode a voter card as a supervisor card, etc etc.

Tags: ballot, card, central, diebold, evoting, none, secrecy, spoiling, system, vote, west