On Wed, 13 Aug 2008 22:00:06 -0700 rob brown wrote:
On Wed, Aug 13, 2008 at 9:16 AM, Kathy Dopp <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
On Tue, Aug 12, 2008 at 11:28 PM, rob brown <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
>> How? Do we want an infinite loop of a voter running paper through a
>> cheap printer trying to obtain an accurate ballot record and the
>> machine refusing to print one while it switches a vote wrongly?
Or do
>> we want the voter to be able to cancel the ballot and let the poll
>> workers know that he needs a paper ballot instead that he can mark
>> himself?
>
> I'm fine with the latter. Actually that seems like a reasonable
thing to
> do.
I agree, but that is not happening on all of todays' voting systems.
Election officials seem to be hopelessly slow to grasp the problem or
the solution.
This is a possible place for some new, clear, thinking - the Election
officials likely couldn't fix this by themselves.
We are in trouble - failures have been proved too often, and there is
good reason to believe most failures do not even get proved.
Even working correctly, Plurality voting is not adequate. While there
are many competing methods, Condorcet is discussed here:
Ballot is ranked, as is IRV's.
Plurality voting is permitted, and can satisfy most voters most
of the time - letting them satisfy their desires with no extra pain
while getting their votes fully credited.
Approval voting is likewise accepted, satisfying a few extra voters.
Fully ranked voting is Condorcet's promise, giving full response
to those desiring such when desired.
Open source is ESSENTIAL:
While it encourages quality programming by those who do not want
to get caught doing otherwise, it also encourages thorough testing by
the community.
But, there is a temptation for copying such without paying:
Perhaps the law should provide a punishment for such.
Perhaps customers should pay for such code before it
becomes open - and get refunds of such payments if the code, once open,
proves to be unreasonably defective.
The community should be demanding of Congress such support as may help.
While "open source" could be thought of as just the voting program,
proper thinking includes the hardware, protecting the program against
whatever destructive forces may exist, and verifying what happens.
Secret ballot is essential. While voter should be able to verify the
vote before submitting such, this is only to verify - goal above is
election programs that REALLY DO what they promise.
>
>>
>> If so, why not let the voters vote on a paper ballot to
>> begin with?
>>
>> Any ideas?
>
> Cost?
Wrong answer. Paper ballot optical scan systems are so much more
economical than e-ballot systems that if you purchase all-new optical
scan systems, the on-going cost savings totally pay for the initial
purchase within four years and then begin saving taxpayers lots of
monies. See http://electionmathematics.org and click on Voting
Systems for links to cost comparison studies.
>
> But honestly, the big problem I have with paper ballots filled
out by hand
> is that they make the transition to a ranked system a lot harder,
both in
> terms of difficulty filling in the ballot and difficulty counting
them. As
That is a good argument against using any ranked ballot systems then
since the integrity of e-ballot systems cannot be adequately ensured,
given the secret ballot and the difficulty of implementing systems to
detect and correct errors with a secret ballot.
Well here is where you and I differ. I think if electoral fraud in the
US were eliminated, it would be a good thing, but not dramatically
change things, any more than eliminating shoplifting would dramatically
change our economy. I do not believe that such fraud changes the
outcome of a large percentage of elections, and in those it does, it was
pretty close anyway.
Most elections do not inspire the fraudsters. The few they care about
may be near ties, responding to minimum fraudulent effort.
Thus, a few false wins can be big trouble.
If plurality voting were replaced with a ranked system such as a
condorcet method, I beleive it WOULD dramatically change the entire
dynamic of politics, in a very, very good way, by nearly eliminating the
polarized nature of government due to partisanship. That is huge,
comparitively.
Could be BIG - Plurality NEEDS primaries. Condorcet does not need
such, but could not object if parties chose to do them anyway for
other reasons.
So my priorities are different.
Giving up on fixing a huge problem because it makes it more difficult to
fix a much smaller problem is not something I can support.
(and btw, I believe this list is about reforming the voting methods, not
so much about fixing security problems.....so if you are willing to
abandon all attempts at reform because you don't think you can solve
your particular problem as easily on a reformed system, it seems
unlikely to fly here)
Making the source code for the voting programs open source does not
make all the myriad of other programs, drivers, OS, etc on the voting
system open source - that could be used to rig the vote. Also of
course election officials do not have the resources to verify software
and it would take years to set up systems to verify the software on
voting systems *and* require trusted technicians to do so.
The whole system top to bottom should be open source. This is not
particularly hard....plenty of people run "pure" boxes, on commodity
hardware. The obvious choice for OS would probably be Linux, with
freeBSD being another option.
The whole point of open source is that if the "officials" don't verify
it satisfactorily, someone will. A security researcher could make
themselves famous for discovering something malicious in voting software.
The only thing that is immune to checking would be the compiler itself,
since the compiler needs a compiler to compile itself....but someone
would have had to have done something evil (and very, very brilliant) a
long time ago to pull that off....good for a sci fi novel anyway, but
not so much in the real world.
Compilers do not have to be that complex - since voting programs need
not be that complex, such as would need a high powered compiler.
Well, perhaps 5% of voters would *see* the error (because no fraudster
is stupid enough to switch *all* target votes available), but most
might think they made a mistake on the first try.
Then it is a UI problem.
> especially if you simply leave it on screen when you print the
paper copy.
Huh? Try doing that yourself. I do not know if the summary *screen*
version of the ballot appears at the same time as you get a chance to
check the paper version of the ballot. I don't think that is
necessarily an option you would have.
What is so hard about that? The point is, if the UI is designed
reasonably well, a large percentage of voters will *know* if the machine
is cheating.
> And they are going to talk about it. And the next year, people
will be a
> lot more likely to notice.
If you followed the voting news nationwide like I do, you would know
that people have been talking about it a lot since the November 2004
presidential election, in particular there was lots of vote switching
reported in Ohio.
Yes but this is different. This is like going to the store, and having
one thing on the cash register and another on the credit card receipt.
A store might get away with that for a day or two, but people will catch
on quickly, and suddenly word will get out that the store is cheating
people, and a larger percentage of people will check, etc. Most likely
though, the store will know they will be out of business soon if they
try this on anything more than the tiniest of scales, and just not try it.
Completely different from what may have happend in florida or ohio,
where people might suspect something is up, but it isn't blatant and it
is hard to know.
Anyone could easily switch out any open source or not program that is
compiled into machine language during some routine maintenance and no
one would know the difference. Do you really think that election
administrators are going to have the funds and that VVV's are going to
cooperate to put together a list of all compilers, switches, hardware
and firmware versions for every piece of software on their machines so
that the versions can be checked after the elections?
It isn't that hard, if designed to be done this way.
In Utah, the
VVV shipped us atleast three different versions of the voting system
software alone, and who knows how many unique versions of hardware,
firmware, drivers, and hardware. If you believe that these VVs are
standardized, you are quite mistaken.
Then it is a design problem.
And which technicians and programmers do you want the public to
*trust* to ensure that all the software on the VV is doing what it
should?
Fact is, you've gotta trust someone, whether it is hand counted, optical
read, or whatever. This is not a new problem.
> Most likely though, no one is able to hide such devious stuff in code
> visible to security researchers.
Yes. Of course with all of today's VV's you can simply take 30 secs to
1 min to use any of the easily accessible back doors to simply change
the vote counts on the central tabulators, without even installing any
malicious software on them at all.
Then that is a design problem.
OK. You don't believe the research. Any particular reason you are so
certain that more than 30% of voters bother to check their paper
ballot record? Any particular reason you think that all the research
that shows that deliberately introduced errors in the ballots during
tests are only discovered by 30% of those who *try* to find the
errors?
I.e. I think you had better come up with some facts to show why you
believe that all the research is wrong that shows that fewer than 10%
of voters are accurately proofing their machine printed ballot
records, not just say you don't believe the research which sounds very
plausible to me and no one has claimed is wrong up until yourself now.
Not even the VVV's or the DRE supporters have attacked this research
to my knowledge.
I don't discount that most people don't check the results. I do think
its absurd that someone could change a significant number of votes this
way without drawing intense attention from the few that notice, and
after than a lot more people will notice. This is emergent phenomena,
that is hard for a simple study to directly measure.
It is like any other security issue, that if people don't think it is a
problem they are less likely to be vigilant. If you live in a town with
little burglary, you may not lock your doors. If burglary starts to be
a problem, people lock their doors, install alarms, buy firearms, etc.
Is it possible that most people today don't check this stuff carefully
because they think it is not a huge problem, and that enough other
people will be monitoring the system.....and they just might be right?
I'm sure you are the type that carefully balances your checkbook to make
sure the bank isn't cheating you. I don't. I assume there are lots of
other people making sure that banks don't regularly steal people's
money, and statistically, it's not worth my time to monitor it so closely.
Same thing here. By your logic, banks could steal 60% of peoples money
because only 40% of people balance their checkbooks. But that is crazy.
>> The voter would either think that he must have made a mistake on the
>> first try, or complain about his vote being switched.
>
> Yes, and a lot of people complaining would draw more attention to
it, and
> more people would start checking. If it happened on a large
scale, the
> problem would be tracked down, and the programmer would be put
away for a
> long time.
And *how* pray tell, would that programmer be *tracked down*?
Magic? Voodoo?
Or....a basic source code control system?
So what are YOU suggesting be done if many voters notice that their
votes have been switched by DREs during an election? REDO THE ELECTION
and hope it doesn't happen again during the second election since no
manual audit can recover the accurate vote counts?
I don't think it would get to that point, at least not on a large scale,
for reasons I have pointed out.
I'm sorry but I don't have any time to continue this today. Maybe
tomorrow.
Likewise, I'm out of time for this. I think I've said my piece.
Perhaps my 2-cents will inspire a response. I agree, in general, with
Rob that we have a fixable problem that NEEDS fixing.
-rob
--
[EMAIL PROTECTED] people.clarityconnect.com/webpages3/davek
Dave Ketchum 108 Halstead Ave, Owego, NY 13827-1708 607-687-5026
Do to no one what you would not want done to you.
If you want peace, work for justice.
----
Election-Methods mailing list - see http://electorama.com/em for list info
