Computer voting - Even open source - is bad.

Let's say we win this BBV war. We expose everything in a massive... uh... exposé. Open source voting machines are installed.

50 years pass. Someone in power installs new machines. Every geek on the web says the new routines are insecure. John Q Public says "ah, they know what they're doing. Remember that Bush scandal? Yeah, we fixed that. Besides, the internets are always full of conspiracy theories."

Sorry geeks, but I don't like it.

No reason whatsoever why we couldn't use human-tallied re-countable paper ballots.

you automate routine daily tasks, and massive repetitive tasks.

every election has a different slate/configuration, every county has different offices and initiative, and it only happens once every year or two. plus you need trackable evidence.

automation is a solution to a problem that doesn't exist when it comes to elections.

n/t

Computer errors can be made up for in the business world, but elections are too important.

20 year geek, here. ;)

Stopping computer voting is like trying to stop electricity. What we need is a fail safe check and balance computer system. For you non geeks here is a pop quiz:

Why does Microsoft have so many security exposures while Linux does not?

MS runs 'partly' on the idea that *Secrecy is the key to security* - Linux is OpenSource, but has also flaws in security.


Here's a nice article for you.....
from:
http://www.schneier.com/crypto-gram-0410.html


Keeping Network Outages Secret
<http://www.schneier.com/blog/archives/2004/10/...>

There's considerable confusion between the concept of secrecy and the concept of security, and it is causing a lot of bad security and some surprising political arguments. Secrecy is not the same as security, and most of the time secrecy contributes to a false feeling of security instead of to real security.

In June, the U.S. Department of Homeland Security urged regulators to keep network outage information secret. The Federal Communications Commission already requires telephone companies to report large disruptions of telephone service, and wants to extend that requirement to high-speed data lines and wireless networks. But the DHS fears that such information would give cyberterrorists a "virtual road map" to target critical infrastructures.

This sounds like the "full disclosure" debate all over again. Is publishing computer and network vulnerability information a good idea, or does it just help the hackers? It arises again and again, as malware takes advantage of software vulnerabilities after they've been made public.

The argument that secrecy is good for security is naive, and always worth rebutting. Secrecy is only beneficial to security in limited circumstances, and certainly not with respect to vulnerability or reliability information. Secrets are fragile; once they're lost they're lost forever. Security that relies on secrecy is also fragile; once secrecy is lost there's no way to recover security. Trying to base security on secrecy is just plain bad design.

Cryptography is based on secrets -- keys -- but look at all the work that goes into making them effective. Keys are short and easy to transfer. They're easy to update and change. And the key is the only secret component of a cryptographic system. Cryptographic algorithms make terrible secrets, which is why one of cryptography's most basic principles is to assume that the algorithm is public.

That's the other fallacy with the secrecy argument: the assumption that secrecy works. Do we really think that the physical weak points of networks are such a mystery to the bad guys? Do we really think that the hacker underground never discovers vulnerabilities?

Proponents of secrecy ignore the security value of openness: public scrutiny is the only reliable way to improve security. Before software bugs were routinely published, software companies routinely denied their existence and wouldn't bother fixing them, believing in the security of secrecy. And because customers didn't know any better, they bought these systems, believing them to be secure. If we return to a practice of keeping software bugs secret, we'll have vulnerabilities known to a few in the security community and to much of the hacker underground.

Secrecy prevents people from assessing their own risks.

Public reporting of network outages forces telephone companies to improve their service. It allows consumers to compare the reliability of different companies, and to choose one that best serves their needs. Without public disclosure, companies could hide their reliability performance from the public.

Just look at who supports secrecy. Software vendors such as Microsoft want very much to keep vulnerability information secret. The Department of Homeland Security's recommendations were loudly echoed by the phone companies. It's the interests of these companies that are served by secrecy, not the interests of consumers, citizens, or society.

In the post-9/11 world, we're seeing this clash of secrecy versus openness everywhere. The U.S. government is trying to keep details of many anti-terrorism countermeasures -- and even routine government operations -- secret. Information about the infrastructure of plants and government buildings is secret. Profiling information used to flag certain airline passengers is secret. The standards for the Department of Homeland Security's color-coded terrorism threat levels are secret. Even information about government operations without any terrorism connections is being kept secret.

This keeps terrorists in the dark, especially "dumb" terrorists who might not be able to figure out these vulnerabilities on their own. But at the same time, the citizenry -- to whom the government is ultimately accountable -- is not allowed to evaluate the countermeasures, or comment on their efficacy. Security can't improve because there's no public debate or public education.

Recent studies have shown that most water, power, gas, telephone, data, transportation, and distribution systems are scale-free networks. This means they always have highly connected hubs. Attackers know this intuitively and go after the hubs. Defenders are beginning to learn how to harden the hubs and provide redundancy among them. Trying to keep it a secret that a network has hubs is futile. Better to identify and protect them.

We're all safer when we have the information we need to exert market pressure on vendors to improve security. We would all be less secure if software vendors didn't make their security vulnerabilities public, and if telephone companies didn't have to report network outages. And when government operates without accountability, that serves the security interests of the government, not of the people.

<http://www.securityfocus.com/news/8966>
<http://www.cnn.com/2004/TECH/07/14/...>

Another version of this essay appeared in the October Communications of the ACM.
<http://www.csl.sri.com/neumann/insiderisks04.html>

Use paper ballots and hand count!

These are the ones who have to fix the the infinite computer glitches and the programmers (software Engineers & hardware Engineers) know that programs can be used for good and for evil or neutral whatever!

One paper copy that you take home w/you

One paper copy that is initialed by the voter - either 'scrolling' that mimicks a grocery store, or a tear-off that goes into a 'ballot box' for potential recount.

paper trail ballot that the voter can verify and put into the ballot box if you need a recount isn't the way to go?

Stalin seemed to steal electins with paper ballots, so those are out too.

So what then do you suggest?

A Modest Proposal - Design And Produce Our Own Voting Machines

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=2611969

It's a good idea but it would take an awful lot of time and capital investment so that we could be in the voting machine business.

Especially this being such a hot topic, you are able to find plenty of people who are willing to work on a project like this on the side.....

integrity in an election. Trust is the keystone of a fair election. Elections without trust breeds cynicism which breeds unrest which encourages people to take action.

I can handle Bush winning if I believed the election was fair. But, I feel the conservative overthrow of the United States government in 2000 was perpetuated and power consolidated this year. We do not live in a free democracy any longer. Perhaps if the election process was transparent I would think otherwise. But, it is not.

The soooner people realize that, the sooner people will decide how to change it.

Banana States of America

we have to have the original source document (the ballot) to refer back to if required. One representative from each party on the ballot should have access to the information if it can be reasonably argued that votes may have been miscounted. I don't have to know the winner before midnight, if it's close I prefer to wait, even several weeks, for the correct tally.

knows what spam and computer viruses are and can do.

so the public will take this up quick I think