A Modest Proposal - Design And Produce Our Own Voting Machines

Hi All,

Like most here, I have anguished over the election and the possibility of election fraud. This is made more real, personally, since I observed the ES&S touchscreen machines err in Dallas, TX.

So, instead of using much of our valuable energy fighting for existing election machine changes, I suggest that we short circuit the problem by leading an effort to design and produce an Open Source voting system. This is easier than it sounds and can leverage the vast technical resources at DU and elsewhere. One has only to look at all the successful software developed for LINUX.

Using an Open Source model we can build an election system that is open and transparent to all scrutiny. The end-game would be the gift or sale of the technology to all counties, cities, and sates at no more than cost. If managed properly, we could undermine the existing corrupt e-voting companies and enable fairer voting by cash strapped governments. Eventually voters would demand their votes be counted on trustworthy equipment.

Since I have not the resources of a Soros, I can volunteer only time and skill. To that end, I now volunteer to coordinate this effort and look forward to hearing from all similarly motivated individuals. I also suggest that Skinner and company consider setting up some forum space which will enable the initial and continuing dialog on this effort.

Working together we can lick this problem and lick the Repubs at their own game.

Sincerely,

MHR

I think my BIL volunteered for it. But I haven't heard since.

that give a voter verifiable receipt, that you then put in a box for future recounts.

They just are not used as much as the paperless ones...I don't know the name of those machines though...

we could buy stock then get our local governments to buy them.

Pen

Piece of Paper

If it takes 6 weeks to count the votes, so be it.

I had a similar thought back with the voting machine problems were being reported on /. However, the thing that bothers me about the design paradigm currently being used by these vendors is that they are stand-alone machines.

Personally, I would like to see a central national site for recording votes placed by thin-terminals at the polling locations. The provider of this service would charge a fee for each state to "subscribe' . The business model might resemble the cell phone industry - charge for the service and provide the terminals as part of the service.
The service could provide a range of methods for casting a secure votes with all the audit trails and verification any voter/state/group could possibly want to see.

I am in complete disagreement that such a system can not be "secured" on the net. There are plenty of "open source" technologies from hardened Linux distros, to encryption, to commercial application servers, to advanced networking gear that could be leveraged thus providing a high degree of security for the total system.

So, think about it from that perspective for a while and I think the idea might grow on you as it has on me.

MZr7

Transactions each and every day!

First question - why run a risk of doing it over the net?
Going over the internet (besides of all the securities out there) does enlarge risk of information being compromised.
There are so many solutions besides the net that can be used.

My thoughts in regard to thin clients sending information to a main computer with every vote does sound a bit bandwith intense. Especially thinking about the fact that a vote will have to be verified something like 2 or 3 times to see if it's correct (under normal situations). Going back and forth 2 /3 times especially with bad data could stop data flow.
Spreading the risks over multiple computers sounds like a better plan.

Perhaps the idea of a thin client.....but then using a regular computer sending every vote over to a main computer AND storing it on itself, after that a verification can be done with the amount of votes recorded by the main computer and on the local computer.
(still using the idea of the main computer again ;), dunno.....still thinking)

Spreading the risk a little

Thanks for your post, got me thinking a bit :)

Again I assert that given the right crypto technology, there is no risk of information comprise when transmitting it over the net. There is however a risk if there is a requirement to secure the local systems at the polling place

That being said, I do agree that as an extra measure of redundancy AND load reduction, a "thicker" client at the local polling place has some distinct advantages. One obvious point being that "verification" and "changes" could be handled locally and only the final results transmitted back to the central servers. Also, there would be an additional "local" audit trail for election officials of everything that system did during the hours of voting.

All in all, I dont see why this is so hard. Why can't we learn from the lessons of past failed "technology" experiments. Bottom line, multiple vendors with multiple proprietary standards have been pr oven to be a flawed architectural approach. We need to get these wonks to listen to those of us who design commercial grade systems every day AND have experienced these failed experiments of the past first hand

Oh ... but I rant and I am sure they will not listen....

Thanks,.

MZr7

your average mid-sized business network.

Quit frankly, it doesn't matter whether or not it's running on a MS or Linux OS.

The setup for an e-voting machine is / could be:
- Computer (no external connectors etc. etc., sealed box).
- Database Software.
- GUI + Software for entering your vote information.
- Database backup software + recovery.
- Secure network connection to Main computer.
- Security protocols.

+ Secondary backup computer - in case that one is trashed by a Republican.

So where are the problems when it's that simple? - I mean all it has to do is store a few bits (y/n) or selections and that's it.

There are talks about computer 'gLiTcHeS' and such....it's all bull.

E-voting IS the one way for secure / fast and reliable voting WITHOUT ANY MISTAKES! -
Computers DON'T EVER MAKE MISTAKES! - it are the humans that code things wrong (on purpose?) that make computers software to make a mistake. Or the software is NOT user friendly (usability etc.)

IF the people building the machines are 'trust-worthy' - are checked by other software engineers / security specialists (independents) THERE ARE NO PROBLEMS and e-voting would be THE solution to voter fraud / missing ballots etc. etc.

Problem is, that is NOT done - manufacturers of these systems are NOT checked to see if they are creating and building a secure and solid system.

Any application developer can create a beta version for you in 2 hours, a bit more bug testing, some talks with security specialists, some more building, wrap around it a nice computer and you're done.

IT'S NO ROCKET SCIENCE!

How many other "approaches" could we come up with in the next hour ?

What I want to know about the current breed of systems is this:

Was the Architect smoking crack ?

I mean really. Using an access database for vote storage. Writing an algorithm that starts "subtracting" votes when a max value is reached. Continuing to "accept" votes when your storage device was full.....Chirst these are like junior engineer mistakes...


Go figure !

MXr7

The best, most cost effective and simple ballot, imo.

Being subscribed to Bruce Schneier's newsletter. http://www.schneier.com/

I got this one in my mail some time ago, it gives a nice insight. / thought I'd share this here.



Here's a nice article for you.....
from:
http://www.schneier.com/crypto-gram-0410.html


Keeping Network Outages Secret
<http://www.schneier.com/blog/archives/2004/10/... >

There's considerable confusion between the concept of secrecy and the concept of security, and it is causing a lot of bad security and some surprising political arguments. Secrecy is not the same as security, and most of the time secrecy contributes to a false feeling of security instead of to real security.

In June, the U.S. Department of Homeland Security urged regulators to keep network outage information secret. The Federal Communications Commission already requires telephone companies to report large disruptions of telephone service, and wants to extend that requirement to high-speed data lines and wireless networks. But the DHS fears that such information would give cyberterrorists a "virtual road map" to target critical infrastructures.

This sounds like the "full disclosure" debate all over again. Is publishing computer and network vulnerability information a good idea, or does it just help the hackers? It arises again and again, as malware takes advantage of software vulnerabilities after they've been made public.

The argument that secrecy is good for security is naive, and always worth rebutting. Secrecy is only beneficial to security in limited circumstances, and certainly not with respect to vulnerability or reliability information. Secrets are fragile; once they're lost they're lost forever. Security that relies on secrecy is also fragile; once secrecy is lost there's no way to recover security. Trying to base security on secrecy is just plain bad design.

Cryptography is based on secrets -- keys -- but look at all the work that goes into making them effective. Keys are short and easy to transfer. They're easy to update and change. And the key is the only secret component of a cryptographic system. Cryptographic algorithms make terrible secrets, which is why one of cryptography's most basic principles is to assume that the algorithm is public.

That's the other fallacy with the secrecy argument: the assumption that secrecy works. Do we really think that the physical weak points of networks are such a mystery to the bad guys? Do we really think that the hacker underground never discovers vulnerabilities?

Proponents of secrecy ignore the security value of openness: public scrutiny is the only reliable way to improve security. Before software bugs were routinely published, software companies routinely denied their existence and wouldn't bother fixing them, believing in the security of secrecy. And because customers didn't know any better, they bought these systems, believing them to be secure. If we return to a practice of keeping software bugs secret, we'll have vulnerabilities known to a few in the security community and to much of the hacker underground.

Secrecy prevents people from assessing their own risks.

Public reporting of network outages forces telephone companies to improve their service. It allows consumers to compare the reliability of different companies, and to choose one that best serves their needs. Without public disclosure, companies could hide their reliability performance from the public.

Just look at who supports secrecy. Software vendors such as Microsoft want very much to keep vulnerability information secret. The Department of Homeland Security's recommendations were loudly echoed by the phone companies. It's the interests of these companies that are served by secrecy, not the interests of consumers, citizens, or society.

In the post-9/11 world, we're seeing this clash of secrecy versus openness everywhere. The U.S. government is trying to keep details of many anti-terrorism countermeasures -- and even routine government operations -- secret. Information about the infrastructure of plants and government buildings is secret. Profiling information used to flag certain airline passengers is secret. The standards for the Department of Homeland Security's color-coded terrorism threat levels are secret. Even information about government operations without any terrorism connections is being kept secret.

This keeps terrorists in the dark, especially "dumb" terrorists who might not be able to figure out these vulnerabilities on their own. But at the same time, the citizenry -- to whom the government is ultimately accountable -- is not allowed to evaluate the countermeasures, or comment on their efficacy. Security can't improve because there's no public debate or public education.

Recent studies have shown that most water, power, gas, telephone, data, transportation, and distribution systems are scale-free networks. This means they always have highly connected hubs. Attackers know this intuitively and go after the hubs. Defenders are beginning to learn how to harden the hubs and provide redundancy among them. Trying to keep it a secret that a network has hubs is futile. Better to identify and protect them.

We're all safer when we have the information we need to exert market pressure on vendors to improve security. We would all be less secure if software vendors didn't make their security vulnerabilities public, and if telephone companies didn't have to report network outages. And when government operates without accountability, that serves the security interests of the government, not of the people.

<http://www.securityfocus.com/news/8966 >
<http://www.cnn.com/2004/TECH/07/14/... >

Another version of this essay appeared in the October Communications of the ACM.
<http://www.csl.sri.com/neumann/insiderisks04.html >

eom

Oregon is entirely mail in ballot, read by optical scanners (not Diebold).

Solves numerous problems...problems at the polls, time to go to the polls, you have 2 weeks to think about your votes, research, read,
there is a paper trail and so forth.