Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

Discussion in 'Perl Misc' started by Dave Roberts, Jan 6, 2004.

  1. Dave Roberts

    Dave Roberts Guest

    Please forgive me if this isn't entirely a Perl problem. But it could
    definitely have an almost immediate Perl solution.

    Anyone researching the facts concerning electronic voting will
    immediately discover the importance of a paper record of all
    transactions.

    The fact that Diebold has been building its voting machines (used in
    at least 37 states) for years, refuses to include this crucial feature
    or publish their computer code, only adds insult to the injury already
    created with the numerous reports of their system's verifiable voting
    irregularities.

    This type of software is easy and fast to develop using proven, secure
    techniques with Open Source software, using reliable equipment costing
    a fraction of the outrageous fees charged by Diebold, and could easily
    employ all the safety features demanded by security experts with
    software available for public inspection by anyone concerned.
    Diebold's policy insults the intelligence of respectable software and
    hardware vendors.

    Diebold must be forced to return all the money they have bilked the
    public out of and their equipment must not be used.

    An acceptable alternative could easily be rapidly created by any one
    of thousands of high school students who have all the skills
    necessary, as well as no obvious incentive to profit from election
    fraud.

    The fact that the government sits idly by as this travesty unfolds
    speaks for itself.

    When you go to the polls to cast your vote, if there is any Diebold
    equipment there, the only vote is one of no confidence.

    That said (and published) I received replies stating that this was
    being handled by programmers in association with SourceForge, but it
    turns out that their version won't be done 'till 2005, won't be
    entirely open source and uses Python (of all things). A trip to their
    site reveals a broken link to the home page of the project manager, a
    virtually unused forum, and information available from an AOL address.
    Does anything seem wrong here? Visit this link and see for
    yourselves. http://sourceforge.net/projects/evm2003/
    Then you might want to visit http://www.blackboxvoting.org and
    explain to these people that a simple database program isn't exactly
    rocket science.

    I don't consider myself nearly as skilled as most of you and I think I
    could do it with Perl and MySQL in a few days.

    The future of America is in your hands!
    Dave Roberts, Jan 6, 2004
    #1
    1. Advertising

  2. Re: Perl Programmers, America Needs Your Help! We Need Secure VotingMachines

    Dave Roberts wrote:
    >
    > Please forgive me if this isn't entirely a Perl problem. But it could
    > definitely have an almost immediate Perl solution.
    >


    ...........


    >
    > I don't consider myself nearly as skilled as most of you and I think I
    > could do it with Perl and MySQL in a few days.
    >
    > The future of America is in your hands!



    You're a clown? Why didn't you say so.
    try: http://www.disney.com/
    Robert Wallace, Jan 6, 2004
    #2
    1. Advertising

  3. Dave Roberts

    Andy Baxter Guest

    At earth time Tue, 06 Jan 2004 06:34:30 -0800, the following transmission
    was received from the entity known as Dave Roberts:

    > Please forgive me if this isn't entirely a Perl problem. But it could
    > definitely have an almost immediate Perl solution.
    >
    > Anyone researching the facts concerning electronic voting will
    > immediately discover the importance of a paper record of all
    > transactions.
    >
    > The fact that Diebold has been building its voting machines (used in
    > at least 37 states) for years, refuses to include this crucial feature
    > or publish their computer code, only adds insult to the injury already
    > created with the numerous reports of their system's verifiable voting
    > irregularities.
    >
    > This type of software is easy and fast to develop using proven, secure
    > techniques with Open Source software, using reliable equipment costing
    > a fraction of the outrageous fees charged by Diebold, and could easily
    > employ all the safety features demanded by security experts with
    > software available for public inspection by anyone concerned.
    > Diebold's policy insults the intelligence of respectable software and
    > hardware vendors.
    >
    > Diebold must be forced to return all the money they have bilked the
    > public out of and their equipment must not be used.
    >
    > An acceptable alternative could easily be rapidly created by any one
    > of thousands of high school students who have all the skills
    > necessary, as well as no obvious incentive to profit from election
    > fraud.
    >
    > The fact that the government sits idly by as this travesty unfolds
    > speaks for itself.
    >
    > When you go to the polls to cast your vote, if there is any Diebold
    > equipment there, the only vote is one of no confidence.
    >
    > That said (and published) I received replies stating that this was
    > being handled by programmers in association with SourceForge, but it
    > turns out that their version won't be done 'till 2005, won't be
    > entirely open source and uses Python (of all things). A trip to their
    > site reveals a broken link to the home page of the project manager, a
    > virtually unused forum, and information available from an AOL address.
    > Does anything seem wrong here? Visit this link and see for
    > yourselves. http://sourceforge.net/projects/evm2003/
    > Then you might want to visit http://www.blackboxvoting.org and
    > explain to these people that a simple database program isn't exactly
    > rocket science.
    >
    > I don't consider myself nearly as skilled as most of you and I think I
    > could do it with Perl and MySQL in a few days.
    >
    > The future of America is in your hands!


    I don't live there, so it's not something I want to take on, but I do
    think you're talking about something that matters. In the UK we still have
    a paper based system where all the boxes are brought back to the town
    hall, opened in public, and then counted on rows of tables where anyone
    with an interest in the result can watch to make sure it's being done
    right. It takes most of the night to do it, but it only happens every four
    years or so, so that isn't really a problem, and personally I don't see
    the need for electronic voting, when it takes away the kind of
    public accountability that you get with a paper system. I.e. you don't
    need to be a tecchy to sit at a table a watch ballots being counted, or
    sit in the van that's taking them back to the hall to be counted.

    So if you are going to have electronic voting, I think it's important that
    this accountability is kept somehow, and open source and open hardware
    designs would help with that.

    All I'm saying really is sorry I can't help, but good on you for thinking
    of taking this on, even if it's beyond what you're able to do.

    andy.

    --
    http://www.niftybits.ukfsn.org/

    remove 'n-u-l-l' to email me. html mail or attachments will go in the spam
    bin unless notified with
    HTML:
     or [attachment] in the subject line.
    Andy Baxter, Jan 6, 2004
    #3
  4. In article <>,
    Dave Roberts <> wrote:
    :Anyone researching the facts concerning electronic voting will
    :immediately discover the importance of a paper record of all
    :transactions.

    For good discussions on this issue, please see RISKS Digest,
    available on usenet as comp.risks . Dave's posting might look
    like a rant, but at the core the issues he is talking about
    are substantial.


    :Diebold must be forced to return all the money they have bilked the
    :public out of and their equipment must not be used.

    But that approach is very bad strategy. 'bilked' is an implication
    of criminal activity, and *any* firm is going to defend itself
    very robustly against accusations of criminal activity, and that
    defence would likely draw upon the strong political connections
    the firm has. If you don't think that Diebold is doing a good
    job, then out-compete them.


    :An acceptable alternative could easily be rapidly created by any one
    :eek:f thousands of high school students who have all the skills
    :necessary,

    Very few high-school students have ISO9001 experience. For
    a project this important, you are going to need transparency
    and rigerous quality controls -- there is no way that you are
    going to displace a well-established firm on allegations of
    "potential" fraud, unless your own QA is beyond reproach.
    ISO9001 is not for the faint of heart, though, and not for the
    slim of pocketbook.


    I would also point out that the technologies required are *not* easy.
    It is not enough to produce a paper trail: one must produce the paper
    trail in such a way that the paper trail is verifiably the same as the
    electronic records, and in which the paper trail itself can be
    *reliably* counted quickly (think "hanging chad"), with there being no
    way to trace the exact votes of any individual (to prevent
    vote-buying); and it all has to work with "Internet voting" [as there
    is the perception that low vote turnouts are 'caused' by inconvenience
    in reaching a polling station.] And the data collection mechanisms to
    report the results has to be secure [doesn't matter about your paper
    trail if someone can subvert the tally in transit]], has to scale well
    (*lots* of polls close at the same time), and the data results should
    be easily segregated from each other at the central counting station so
    you can analyze voting patterns and for easy totaling reasons and for
    easy submission of results from recounts.

    That's a LOT to expect from a "high-school student": even seasoned
    professionals often get some of these things wrong. (Look at the
    history of air traffic control systems: handling a lot of
    data simultaneously is *hard*!)
    --
    I've been working on a kernel
    All the livelong night.
    I've been working on a kernel
    And it still won't work quite right. -- J. Benson & J. Doll
    Walter Roberson, Jan 6, 2004
    #4
  5. Dave Roberts

    Dave Roberts Guest

    Re: Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

    Robert Wallace <> wrote in message news:<>...
    > Dave Roberts wrote:
    > >
    > > Please forgive me if this isn't entirely a Perl problem. But it could
    > > definitely have an almost immediate Perl solution.
    > >

    >
    > ..........
    >
    >
    > >
    > > I don't consider myself nearly as skilled as most of you and I think I
    > > could do it with Perl and MySQL in a few days.
    > >
    > > The future of America is in your hands!

    >
    >
    > You're a clown? Why didn't you say so.
    > try: http://www.disney.com/


    You're a newbie, Robert. Nobody expects you to grasp the gravity of
    the situation. As for my humility, I wasn't referring to the likes of
    you with my comment about the immense talent of this group.
    Dave Roberts, Jan 7, 2004
    #5
  6. Dave Roberts

    Matt Garrish Guest

    Re: Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

    "Eric Schwartz" <> wrote in message
    news:...
    > (Dave Roberts) writes:
    > > You're a newbie, Robert. Nobody expects you to grasp the gravity of
    > > the situation. As for my humility, I wasn't referring to the likes of
    > > you with my comment about the immense talent of this group.

    >
    > If you seriously think that any group of people-- however talente--
    > can, using Perl and MySQL, develop a secure, reliable, anonymous &
    > verifiable electronic voting system in only a few days, then I have a
    > very inexpensive bridge you might want to take a look at, next time
    > you're in Brooklyn. I bet you could make millions just by charging
    > tolls!
    >


    Would that make him the troll under the bridge? : )

    Matt
    Matt Garrish, Jan 7, 2004
    #6
  7. Dave Roberts

    Uri Guttman Guest

    Re: Perl Programmers, America Needs Your Help! We Need SecureVoting Machines

    >>>>> "ES" == Eric Schwartz <> writes:

    ES> (Dave Roberts) writes:
    >> You're a newbie, Robert. Nobody expects you to grasp the gravity of
    >> the situation. As for my humility, I wasn't referring to the likes of
    >> you with my comment about the immense talent of this group.


    ES> If you seriously think that any group of people-- however talente--
    ES> can, using Perl and MySQL, develop a secure, reliable, anonymous &
    ES> verifiable electronic voting system in only a few days, then I have a
    ES> very inexpensive bridge you might want to take a look at, next time
    ES> you're in Brooklyn. I bet you could make millions just by charging
    ES> tolls!

    how dare you try to sell my bridge!! i have the deed and a legal bill of
    sale. if you put one foot on the bridge, i will push you off into the
    east river so you can sleep with the fishes.

    uri

    --
    Uri Guttman ------ -------- http://www.stemsystems.com
    --Perl Consulting, Stem Development, Systems Architecture, Design and Coding-
    Search or Offer Perl Jobs ---------------------------- http://jobs.perl.org
    Uri Guttman, Jan 7, 2004
    #7
  8. Dave Roberts

    Keith Keller Guest

    Re: Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On 2004-01-07, Uri Guttman <> wrote:
    >
    > how dare you try to sell my bridge!! i have the deed and a legal bill of
    > sale. if you put one foot on the bridge, i will push you off into the
    > east river so you can sleep with the fishes.


    I'm not sure fishes can survive in the East River. ;-)

    - --keith

    - --
    -francisco.ca.us
    (try just my userid to email me)
    AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQE/+4NmhVcNCxZ5ID8RAklDAKCToKqoWDINHvVOUTmt3cUpsv0iAACeK+69
    wSg2Ded6KhfAcCAoP2Ag97g=
    =YLfz
    -----END PGP SIGNATURE-----
    Keith Keller, Jan 7, 2004
    #8
  9. Dave Roberts

    Dave Roberts Guest

    Re: Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

    Eric Schwartz <> wrote in message news:<>...
    > (Dave Roberts) writes:
    > > You're a newbie, Robert. Nobody expects you to grasp the gravity of
    > > the situation. As for my humility, I wasn't referring to the likes of
    > > you with my comment about the immense talent of this group.

    >
    > If you seriously think that any group of people-- however talente--
    > can, using Perl and MySQL, develop a secure, reliable, anonymous &
    > verifiable electronic voting system in only a few days, then I have a
    > very inexpensive bridge you might want to take a look at, next time
    > you're in Brooklyn. I bet you could make millions just by charging
    > tolls!
    >
    > -=Eric


    I already have quite a large collection of database applications that
    I consider to be much more complicated than a voting system. Most of
    the routines are already done and only need slight reconfiguration.

    In fact, when I think of all the banking and business applications
    that are written in Perl and MySQL, again, there is no comparison
    between simply counting votes and to what these elaborate systems are
    doing. And again, a simple modification, and your work is done.

    Considering that these voting machines won't be on the internet, then
    using software from secure applications that are would result in an
    application that is more secure than the ones we use every day
    transferring millions of dollars. Most people are more concerned with
    their banking software than their voting software.

    The touch screen terminals could connect to an Apache web server.
    Again most everyone already has all the code done for this. The only
    other thing is configuring the touch screens through a serial device
    (or maybe USB), connecting up printers and figuring out how to hook up
    a redundant server.

    It might not be ready for prime time in a few days, but it would at
    least work and be such that the code could be distributed and anyone
    could test it and work on improving various modules.

    The sad fact is the people who do have a huge organization consisting
    of Python programmers working on this project have at it for months
    and still don't expect it to be done before the election.

    I just don't see any issues that aren't considerably less complicated
    than what I see discussed here every day.
    Dave Roberts, Jan 7, 2004
    #9
  10. Dave Roberts

    Sam Holden Guest

    Re: Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

    On 6 Jan 2004 22:46:21 -0800, Dave Roberts <> wrote:
    > Eric Schwartz <> wrote in message news:<>...
    >> (Dave Roberts) writes:
    >> > You're a newbie, Robert. Nobody expects you to grasp the gravity of
    >> > the situation. As for my humility, I wasn't referring to the likes of
    >> > you with my comment about the immense talent of this group.

    >>
    >> If you seriously think that any group of people-- however talente--
    >> can, using Perl and MySQL, develop a secure, reliable, anonymous &
    >> verifiable electronic voting system in only a few days, then I have a
    >> very inexpensive bridge you might want to take a look at, next time
    >> you're in Brooklyn. I bet you could make millions just by charging
    >> tolls!
    >>
    >> -=Eric

    >
    > I already have quite a large collection of database applications that
    > I consider to be much more complicated than a voting system. Most of
    > the routines are already done and only need slight reconfiguration.


    So those routines already deal with the hard stuff do they?

    You know, somehow making sure that votes are both anonymous and
    also that people can only vote once.

    You know, making rigging the election at least as difficult as rigging
    a pencil and paper system.

    You know, making sure the voter can verify that the vote recorded for
    them was in fact the vote they wanted to make.

    > In fact, when I think of all the banking and business applications
    > that are written in Perl and MySQL, again, there is no comparison
    > between simply counting votes and to what these elaborate systems are
    > doing. And again, a simple modification, and your work is done.
    >
    > Considering that these voting machines won't be on the internet, then
    > using software from secure applications that are would result in an
    > application that is more secure than the ones we use every day
    > transferring millions of dollars. Most people are more concerned with
    > their banking software than their voting software.


    Except that anonymity isn't an issue in banking software, but is
    essential to voting. And it just happens to make doing everything
    a few orders of magnitude more difficult.

    Audit trails are easy until you aren't allowed to store who made which
    vote.

    People have successfully defended PhD dissertations solely about the
    very thing you dismiss as a trivial weekend hack, for example:

    http://www.notablesoftware.com/Papers/thesdefabs.html

    --
    Sam Holden
    Sam Holden, Jan 7, 2004
    #10
  11. Dave Roberts

    Guest

    Dave Roberts <> wrote:
    > The fact that Diebold has been building its voting machines (used in
    > at least 37 states) for years, refuses to include this crucial feature
    > or publish their computer code, only adds insult to the injury already
    > created with the numerous reports of their system's verifiable voting
    > irregularities.


    That's your country's problem.

    > The future of America is in your hands!


    No thanks. I rather think it's in /your/ hands.
    Chris
    , Jan 7, 2004
    #11
  12. Dave Roberts

    Thomas Kratz Guest

    Re: Perl Programmers, America Needs Your Help! We Need Secure VotingMachines

    Dave Roberts wrote:

    > I already have quite a large collection of database applications that
    > I consider to be much more complicated than a voting system. Most of
    > the routines are already done and only need slight reconfiguration.
    >
    > In fact, when I think of all the banking and business applications
    > that are written in Perl and MySQL, again, there is no comparison
    > between simply counting votes and to what these elaborate systems are
    > doing. And again, a simple modification, and your work is done.


    I actually work in an IT department of a bank and if you'd really have an
    idea about the software quality in terms of security and reliability that
    is used there, you wouldn't use it as an example. The system only works
    because the customer gets a printout of the transactions and can intervene
    if neccessary and a horde of system managers and programmers are nursing
    the software day by day.

    Like others have pointed out: the problem is not security alone but also
    anonymity *and* auditing. The last two are hard to combine, without being
    able to show the voter something substantial that he can count himself if
    he'll doubt the result.

    Here in Germany we vote with pen on paper, and I am glad for it.

    Thomas
    Thomas Kratz, Jan 7, 2004
    #12
  13. Re: Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

    In article <>,
    Dave Roberts <> wrote:
    :I already have quite a large collection of database applications that
    :I consider to be much more complicated than a voting system. Most of
    :the routines are already done and only need slight reconfiguration.

    And any one of those thousands of high-school students are going
    to have access to that code?


    :In fact, when I think of all the banking and business applications
    :that are written in Perl and MySQL, again, there is no comparison
    :between simply counting votes and to what these elaborate systems are
    :doing. And again, a simple modification, and your work is done.

    What happened when the FTC "Do Not Call" registry opened last
    year? Answer: it was swamped for days, and could not keep up
    with the volume. And that was just for 1/3 of the US registrering
    within the first month. Voting involves data from about 1/2
    of the US within a few *hours*.


    :Considering that these voting machines won't be on the internet,

    Bad assumption. They -will- get put on the Internet, and
    there will be demands to be be able to vote from home. Several
    states have remote-voting legislation already in place; if your
    design does not allow for it, you will not be able to "sell" to
    those states, and you risk the existing market leader coming
    back the next month and saying "Don't buy from them, -our- new
    software supports home voting!"


    :then
    :using software from secure applications that are would result in an
    :application that is more secure than the ones we use every day
    :transferring millions of dollars. Most people are more concerned with
    :their banking software than their voting software.

    You have, I believe, forgotten about cost/benefit analysis. It's not
    so easy to break a decent SSL session, and the average transaction
    value to capture is only a few hundred dollars; you might get a couple
    of thousand by cleaning out an average bank account. Fix an
    election, though, and you can draw upon *billions* of dollars in
    tax cuts and grants and contracts and tax incentives. The "value"
    of a favourable election can be quite high. Even if the value
    comes only out of (say) ensuring that the person elected is the
    candidate willing to weaken ship inspections in the name of
    "reducing bureaucracy" or "reducing the economic burden on
    those responsible for making sure little Johnny gets his milk
    and little Suzie gets her dolls" -- it's amazing what can slip by
    overworked inspectors.



    :The touch screen terminals could connect to an Apache web server.
    :Again most everyone already has all the code done for this. The only
    :eek:ther thing is configuring the touch screens through a serial device
    :(or maybe USB), connecting up printers and figuring out how to hook up
    :a redundant server.

    No, that's not the only other thing. What do you *do* with the
    printouts? What do you do when the printer jams, or the ink starts
    running out making the printouts less readible? "Just hit print"
    and have the last few ballots reprinted, thus allowing one to see
    who the previous person voted for? If the ballot printout is just to be
    given to the person to read and then throw away, then how does
    the person know that the ballot represents what was stored in memory?
    What if the recording program is biased (or can be induced
    to be biased): what cross-check is in place to ensure that
    this would be caught? Suppose someone "stuffs" the physical ballot
    box: how does one detect the fake ballots from the real ones?


    :It might not be ready for prime time in a few days, but it would at
    :least work and be such that the code could be distributed and anyone
    :could test it and work on improving various modules.

    And the operating system for these machines would be what, exactly?
    Think of the number of ways that have been come up with to subvert
    Linux.


    :The sad fact is the people who do have a huge organization consisting
    :eek:f Python programmers working on this project have at it for months
    :and still don't expect it to be done before the election.

    And you believe that ~200,000 of these new devices can be
    in place before November, including the time needed to get through
    the politics of revoking the near monopoly the existing companies
    have? How long were you expecting the code review to take -- should
    I bother bringing along a second donut?


    :I just don't see any issues that aren't considerably less complicated
    :than what I see discussed here every day.

    In the time frame you are suggesting the work could be completed
    in, we would not even be able to decide which CPAN module to
    use for the networking component.
    --
    Feep if you love VT-52's.
    Walter Roberson, Jan 7, 2004
    #13
  14. Dave Roberts

    Henry Law Guest

    Re: Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

    On 7 Jan 2004 07:09:13 GMT, (Sam Holden)
    wrote:

    >Except that anonymity isn't an issue in banking software, but is
    >essential to voting.


    In the UK there is no anonymity in our parliamentary and local voting
    systems. When you pitch up to the polling booth the attendant takes
    your name and writes your voter number on the counterfoil from which
    she tears the voting slip; they are both numbered. So when you've
    made your cross there is a direct tie-up between your voting paper and
    your voter number, and therefore to you. Is "appalling" the word I
    want?

    Not many people in the UK seem to know that.

    Henry Law <>< Manchester, England
    Henry Law, Jan 7, 2004
    #14
  15. Dave Roberts

    pkent Guest

    Re: Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

    In article <>,
    Henry Law <> wrote:

    > systems. When you pitch up to the polling booth the attendant takes
    > your name and writes your voter number on the counterfoil from which
    > she tears the voting slip; they are both numbered. So when you've
    > made your cross there is a direct tie-up between your voting paper and
    > your voter number, and therefore to you. Is "appalling" the word I
    > want?
    >
    > Not many people in the UK seem to know that.


    How can people not notice that? I've never examined (never had chance)
    those sequences of numbers so I have no idea how often the same number
    comes up or if it's a unique identifier, but there's certainly something
    there, and some writing down, and some crossing off of name off The
    Sheet Of All Names - which of course makes me think "ballot paper number
    relates to name on sheet relates to me" which means "given access to all
    the relevant bits of paper you can find out how someone voted".

    The algorithm for doing so goes something like:
    find voter in the Sheet Of Names
    find the number of their counterfoil
    search through all ballot papers to find the relevant one
    Which might take some time.

    OTOH maybe the number they write down is only a portion of the whole
    counterfoil number, or maybe the number on the counterfoil and on the
    ballot paper differ in some way, or... it's been a while.

    P

    --
    pkent 77 at yahoo dot, er... what's the last bit, oh yes, com
    Remove the tea to reply
    pkent, Jan 7, 2004
    #15
  16. Dave Roberts

    Sam Holden Guest

    [OT] Re: Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

    On Wed, 07 Jan 2004 20:47:51 +0000,
    Henry Law <> wrote:
    > On 7 Jan 2004 07:09:13 GMT, (Sam Holden)
    > wrote:
    >
    >>Except that anonymity isn't an issue in banking software, but is
    >>essential to voting.

    >
    > In the UK there is no anonymity in our parliamentary and local voting
    > systems. When you pitch up to the polling booth the attendant takes
    > your name and writes your voter number on the counterfoil from which
    > she tears the voting slip; they are both numbered. So when you've
    > made your cross there is a direct tie-up between your voting paper and
    > your voter number, and therefore to you. Is "appalling" the word I
    > want?


    Appalling sounds right to me. I'm assumming its a mechanism to deal with
    ballot box stuffing, and
    http://www.hart.gov.uk/elections/secretballot.htm seems to confirm that
    suspicion. The benefit doesn't outweigh the cost in my opinion.

    In Australia, there is no such identifying mark on ballot papers, and
    there is no place for it on the From describing the ballot paper in the
    Electroal Act (though of course it is simply legislation and can be
    modified relatively easily).

    >
    > Not many people in the UK seem to know that.


    And those that do probably wish they didn't.

    I can't think of any perl content I can sneak in to make this
    vaguely on topic, so this will be my last post in this thread
    until there is :)

    --
    Sam Holden
    Sam Holden, Jan 8, 2004
    #16
  17. Re: Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

    In article <>,
    Henry Law <> wrote:
    >In the UK there is no anonymity in our parliamentary and local voting
    >systems. When you pitch up to the polling booth the attendant takes
    >your name and writes your voter number on the counterfoil from which
    >she tears the voting slip; they are both numbered. So when you've
    >made your cross there is a direct tie-up between your voting paper and
    >your voter number, and therefore to you. Is "appalling" the word I
    >want?


    I'm startled, but I won't be appalled until I hear that the UK has
    problems of the type that the anonymity is there to avoid.

    If there is a way to match up a person with their votes, then it
    becomes possible, at least in principle to force the voter to vote a
    particular way through extortion, blackmail, or bribery. With
    anonymous voting, these schemes don't work, because there is no way to
    verify afterward that the coercion was successful.

    But if such coercion never occurs in the UK, then I suppose there's no
    problem to solve.

    In the better sorts of electronic voting systems in the U.S., the
    voting machine produces a receipt listing that candidates for whom the
    coter has voted; the voter can then verify that the machine has the
    correct ballot before leaving the polling station. But the receipt is
    confiscated and destroyed before the voter leaves, to avoid the
    possibility of vote selling.
    Mark Jason Dominus, Jan 19, 2004
    #17
  18. Re: Perl Programmers, America Needs Your Help! We Need SecureVoting Machines

    zentara <> writes:
    > I have thought about all the scams that are possible, and there is no
    > way of having honest electronic elections unless a permanent record
    > of each vote is kept.
    > Even the printed receipt method can be scammed, by printing out what
    > the voter wants to see, then registering something else.


    If the paper copy is the only legitimate record of the vote, then this
    problem can be solved.

    > The ONLY way to be totally verifiable, is to keep a record of each
    > voter's votes, associated with his/her social security number.


    Wrong. Google for the "Mercuri Method". The only way to be totally
    verifiable is to allow the voter to verify their vote visually, and
    record that as the legal vote, only generating an electronic tally as
    an advisory. Using the SSN is a very bad idea for a number of
    reasons, not the least of which is the ease of forgeability for older
    cards, and the total lack of any guarantee of uniqueness.

    See the addendum to CPSR's SSN FAQ, "Why SSNs Make Bad Keys in
    Databases", at:

    http://www.cpsr.org/cpsr/privacy/ssn/SSN-addendum.html#NewDBs

    > That way, if enough people feel that some shenanigans went on, they
    > could request a recount, and see if their registered votes actually
    > matched what they did. Then you also could do some random sampling
    > checking of each precinct, by asking random voters to verify their
    > votes.


    How about everyone verifies their vote all the time? That's much
    safer.

    > So now-a-days, the only people who benefit from secret ballots, are the
    > "election-fixers".


    Again, wrong.

    > I'm sure there are numerous variations on this theme, but a verifiable
    > record has to be kept,


    This much is true. And given that we know how to store, count and
    read paper votes already, why complicate things unnecessarily with a
    melange of USB keychains, PGP, and passwords? (I can't imagine my
    84-year-old grandmother even remembering hers unless it's written
    down, in which case it's useless as a measure of security.) Adding
    complexity solely for the sake of "computerizing" everything is always
    a bad idea.

    > and the social security number is probably a good number to use.


    It's an absolutely abominable number to use, not least of which is
    because it's not guaranteed to be unique, and also because of the
    sheer vast quantity of other information which is misguidedly indexed
    by SSN.

    -=Eric
    --
    Come to think of it, there are already a million monkeys on a million
    typewriters, and Usenet is NOTHING like Shakespeare.
    -- Blair Houghton.
    Eric Schwartz, Jan 20, 2004
    #18
  19. Dave Roberts

    Sam Holden Guest

    Re: Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

    On Tue, 20 Jan 2004 08:58:06 -0500, zentara <> wrote:
    > On Mon, 19 Jan 2004 22:13:27 +0000 (UTC), (Mark Jason
    > Dominus) wrote:
    >>
    >>In the better sorts of electronic voting systems in the U.S., the
    >>voting machine produces a receipt listing that candidates for whom the
    >>coter has voted; the voter can then verify that the machine has the
    >>correct ballot before leaving the polling station. But the receipt is
    >>confiscated and destroyed before the voter leaves, to avoid the
    >>possibility of vote selling.

    >
    ><2 cents>
    > I have thought about all the scams that are possible, and there is no
    > way of having honest electronic elections unless a permanent record
    > of each vote is kept.
    > Even the printed receipt method can be scammed, by printing out what
    > the voter wants to see, then registering something else.
    >
    > The ONLY way to be totally verifiable, is to keep a record of each
    > voter's votes, associated with his/her social security number. That way,
    > if enough people feel that some shenanigans went on, they could request
    > a recount, and see if their registered votes actually matched what they
    > did. Then you also could do some random sampling checking of each
    > precinct, by asking random voters to verify their votes.


    There is also something like:

    http://www.vreceipt.com/

    Which I haven't spent time looking at closely, but on the surface
    seems reasonable (of course since it is in the field of cryptography
    looking reasonable doesn't mean much...)


    Of course nothing can prevent a complete corruption of the system,
    if the people running the election, counting the votes, and doing
    the checking are corrupt then clearly there is nothing a voting
    "system" can do about it.

    Of once that happens the time until popular revolution probably isn't
    that large. And of course that revolution doesn't have to be violent,
    nation wide strikes and and such can have the same effect.

    All that is necessary is that the thing that is counted is actually
    the thing that the voter saw. Computer tallies with no audit trail are
    unacceptable, computer tallies with random counts of real votes (and
    hopefully complete counting of real votes - but that would take longer,
    and for reasons I don't understand those Americans don't seem willing to
    wait a few weeks for votes to be counted). You must assume the system
    is honest, with safe guards against corrupt elements - a rogue voting
    machine that reports incorrect tallies for example.


    > Voting secrecy could still be maintained by pgp encryption of the
    > records. Personally, I think the "secret ballot" no longer serves it's
    > original purpose, of protecting the voter from reprecussions, if they
    > "vote wrong". In this day and age of "homeland security surveillance",
    > the government can learn about your personal ideas by eavesdropping,
    > which is probably a more reliable indicator than how you vote.
    > So now-a-days, the only people who benefit from secret ballots, are the
    > "election-fixers".


    The secret ballot works as long as people think it is secret (or secret
    enough anyway). People vote differently in secret ballots than they
    do in "raise your hand" voting - humans are social animals and modify
    their behaviour for social gain. This is easily seen by the large errors
    in opinion polls and exit polls when their is a party that holds "popular"
    views which are not socially acceptable (of course once the party wins
    some votes the polls change as people feel safer being honest).


    [snip voting scheme]

    > Of course, all this should be written in Perl, :) Because it is
    > easier to check for validity. There also could be alot of post-election
    > checks that could be run on these records, which would be done
    > in a fast electronic manner.


    I congratulate your far superior ability than mine in managing to
    pretend to be on topic.

    --
    Sam Holden
    Sam Holden, Jan 20, 2004
    #19
  20. Re: Perl Programmers, America Needs Your Help! We Need Secure VotingMachines

    zentara wrote:
    > How about this. You go into vote, insert your usb memory key with your
    > public and private pgp keys on it.


    This is even worse! You are risking giving your private PGP key away.

    > ALSO, your private key is copied and
    > saved under the generated anonymous hash name, with a link to which
    > saved vote record it pertains to.


    No you are deliberately giving your private key away.

    You really haven't got a clue about the use of public and private keys
    and you have missed the point entirely. You are going to use a machine
    and give it access to your public and private keys - if anyone managed
    to put a backdoor into the voting machine they could syphon off both and
    now nothing you ever do will be safely encrypted.

    Whilst you are at it why not give it your bank details, mothers maiden
    name and pin number.

    Also remember that as the machine has your private key it can encrypt
    any vote it feels like with your own key.
    Peter Hickman, Jan 21, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alan Dechert
    Replies:
    29
    Views:
    1,012
  2. Alan Dechert

    Voting Project Needs Python People

    Alan Dechert, Jul 21, 2003, in forum: Python
    Replies:
    23
    Views:
    680
    Andrew Dalke
    Aug 2, 2003
  3. PiedmontBiz

    Secure Voting software

    PiedmontBiz, Jan 21, 2004, in forum: Python
    Replies:
    9
    Views:
    397
    Cameron Laird
    Jan 22, 2004
  4. Replies:
    8
    Views:
    619
  5. rusi
    Replies:
    0
    Views:
    418
Loading...

Share This Page