I hope open source does not become a feel good buzzword for vote tallying security efforts. Nothing precludes open source based voting firmware from being modified before deployment on the machines (and perhaps with less effort as the source code is easily studied). Without end-to-end documentation of the entire build process for the final image, and secure hashing of the binary, open source means nothing. And even then...
> The ballot-counting equipment is part of a broader redesign of Los Angeles County’s voting system, which will include new equipment while relying on a traditional paper ballot
Article is light on details, and it's difficult to tell exactly what this sentence means, but if it means the new software will produce paper ballots that can be verified and observed by humans, that's a good thing at least.
In Minnesota we have a hybrid system where you fill out a paper ballot. The then you feed it through a scanner that indicates that it counted your vote, counts it, and it rolls into a locked box.
The machine and ballots are tied together right there. I really like the system as if all else fails you can get a paper trail and I belive even ID machines.
> Without end-to-end documentation of the entire build process for the final image, and secure hashing of the binary, open source means nothing. And even then...
And even then, you need to trust the machine. In many cases, these machines are using terribly old processors (sometimes even using the venerable 68000), and building a corrupted clone could probably be something doable.
The corrupted processor may have a different behavior, depending on the situation, such as the exact time of operation (ie. it would not be detected by random tests before or after an actual vote), or the analysis of people voting (ballot might be modified only during peak hours, to limit detection)
I'm baffled to see that democracies still engage in electronic voting systems.
Agreed, and when it does inevitably happen, we should remember that it worked.
Because it's open sourced, we can be virtually certain that it's not built into the software, and if it is you need to prove it. Which would fix it, or obsolete it.
Someone will have to ask the security detail handling custody, or one of the other thousands of people who could potentially be involved in trying to rig an election.
It's finally cheap enough to have the transformation of it, from raw compounds into an engineered SoC for tallying votes, livestreamed 24/7 and operated by openly auditable robots.
Convince me that would cost more than one fighter jet.
>"Separately, Logan signed a contract on June 13 with Smartmatic USA, making it the VSAP prime contractor and systems integrator. Smartmatic USA will help Logan's office in managing the manufacture and implemention of components scheduled for introduction in the March 2020 California presidential primary election."https://www.techwire.net/news/la-county-oks-open-source-elec...
Why are all these "voting machine" companies so shady?
>"The Venezuelan-owned Smartmatic Corporation is a riddle both in ownership and operation, complicated by the fact that its machines have overseen several landslide (and contested) victories by President Hugo Chavez and his supporters. The electronic voting company went from a small technology startup to a market player in just a few years, catapulted by its participation in the August 2004 recall referendum. Smartmatic has claimed to be of U.S. origin, but its true owners -- probably elite Venezuelans of several political strains -- remain hidden behind a web of holding companies in the Netherlands and Barbados. The Smartmatic machines used in Venezuela are widely suspected of, though never proven conclusively to be, susceptible to fraud. The company is thought to be backing out of Venezuelan electoral events, focusing now on other parts of world, including the United States via its subsidiary, Sequoia."https://wikileaks.org/plusd/cables/06CARACAS2063_a.html
The ballot-counting
equipment is part of a
broader redesign of Los
Angeles County’s voting
system, which will include
new equipment while relying
on a traditional paper ballot.
So they’re paper ballots but the machine to count them is open source?
It seems the larger plan will be to have tablet kiosks where you can either select your choices, or scan a QR code from your phone (with your pre-selected choices) and then your ballot selections are printed to the paper ballot.
They have been asking for suggested areas for "Voting Centers" recently where LA County citizens can vote at the location of their choosing. Many people here have long commutes from traffic or public transport. For this reason (and maybe others) the County wants to make it so people can vote at any of the available "vote centers", rather than one assigned polling location by their home.
Electronic voting conflates authenticity with legitimacy. Same problem in digital identity.
To me it seemed actually stupid to believe that the only thing preventing algorithms from yielding the sympathetic magic required for a peaceful transfer of sovereign power, was their lack of complexity. Arguably, without the ritual element, democracy reduces to a lottery with a biased mechanism, and for it to work, it must necessarily be more than that.
It's a larger philosophical question, to be sure, but it's like comparing a Turing test to an Indifference curve. The first is to determine whether something can convince people it is another person, the second is to predict the point at which you will cease to care enough to choose something else. These are analogous in that, like an AI, we can design an e-voting system that can act convincingly as though it facilitates democracy, but mainly it is just an acceptable substitute for people who no longer care whether the democracy they are dealing with is real or not.
In the case of voting, it's not just a thought experiment, or a product dev question, as by real, I mean sufficiently legitimate for people not to reject the results and cause civil disturbances.
It might sound a bit extreme, but we should really be asking when we institute electronic voting (or counting) whether we are willing to accept a simulation of the ritual we use to grant sovereign powers to people.
Voting is an area where we don't need automation or fast results. Typically a newly elected person doesn't take office for days or months after an election, right?
Paper ballots cannot be hacked at scale.
Properly designed paper ballots and a national design and education rolled out about them would propel us forwards as a nation.
The first argument does not hold for traditional paper ballots. Paper ballots are all already counted for the critical evening news at 8pm, and are all seen by multiple eyes.
Looks pretty good. I think it's too bad that the filled out ballot just goes into the place where the unfilled ballot is printed. Makes it feel like it could be over-printed or something. Taking the filled out ballot over to a box is not that much of an inconvenience. If they're worried about observation during that transfer, put the box by the voting system, but more obviously separate.
What we should have instead is a cryptographically secure voting system where no one can prove how they voted but can verify that their vote was counted properly.
The trick is just to have people scan a QR code when they register, to make sure it’s one vote one person.
I wonder if you are being downvoted because you said "cryptographically" and people think you are suggesting something with a blockchain?
Anyway, such a system as you want has been designed, and is inexpensive and works well with existing systems, and makes it easy for third parties to audit the results: https://en.wikipedia.org/wiki/Scantegrity
If I'm reading the contract correctly[1], the source won't be available until 2020. There's also some limitations put on the licensing that are IMO stretching (or maybe abusing) the definition of open source.
As far as I know, it’s not actually open source, but they may or may not make it open source at some point in the future. It has been frustrating because the media has been portraying it to be open source when there has never been such a commitment.
I hope that as part of the design, it will also [optionally] enforce some form of voter identification (passport, drivers license, passport card, or even a credit card with a chip or apple pay for all I care).
I suspect above might be unpopular idea. Especially since obvious downside is that if poorly implemented (or exploited) it could allow establishing who voted what and in any case allow establishing who did and didn't vote. And no, I don't think voter fraud is widespread, or has had any impact of consequence to overall results. But in this age and day, I think we should have a system where a registered voter is first identified by the system before presenting them with the ballot. This way, assuming systems were interlinked, one could vote anywhere in the country, and be given the right ballot for where you live.
And then the obvious next step would be allowing voting via browser. One vote for one registered ID. If system thinks your ID has already voted, have an escalation mechanism to re-cast the vote and investigate.
The problem with enforcing voter ID laws is that it's a solution to a non-existent problem.
If you want to increase the bar for people to vote, you HAVE to demonstrate that the current system is problematic.
There have been multiple attempts to find ANY significant voter fraud that would have been at all affected by forcing voter-ID requirements. They have universally found nothing.
As such, there's no real reason to support voter-ID laws, aside from deliberately trying to disenfranchise low-income voters.
what's that supposed to mean? it's either mandatory or it isn't. also, all of the options you listed are disproportionately less used by the poor, so it doesn't really address the main issues with mandatory voter id
>And then the obvious next step would be allowing voting via browser.
electronic voting brings up a bunch of other issues. how do you prevent vote selling? how do you secure a (poorly secured) personal computer from being hacked?
TL;DR: Voting in the US is surprisingly complicated. All the facets you mentioned have already been thoroughly ironed out.
Most every US voter registration system I'm aware of requires eligible voters to present some kind of identification. Errors do occur, because we're stubborn and won't implement Real ID. The one exception I know of is (was?) North Dakota.
Further, voters must present some kind of identification and sign-in to receive a ballot at a poll site. For postal ballots, your receiving address is assumed to be proxy for your identity.
Voters can only cast ballots where they're registered.
Voting electronically, by any medium, can neither ensure voter privacy or the public vote count. The gold standard is the Australian Ballot, if you'd like to learn more.
All voting systems I'm aware of tracks ballots. Rules vary by jurisdiction. But generally this prevents double voting. Some places allow newer ballots to replace a prior ballot (IIRC).
> I hope that as part of the design, it will also [optionally] enforce some form of voter identification
How would a counting system for traditional paper ballots enforce that? It's not even a component used in the part of the process where that makes sense
[+] [-] furgooswft13|7 years ago|reply
> The ballot-counting equipment is part of a broader redesign of Los Angeles County’s voting system, which will include new equipment while relying on a traditional paper ballot
Article is light on details, and it's difficult to tell exactly what this sentence means, but if it means the new software will produce paper ballots that can be verified and observed by humans, that's a good thing at least.
[+] [-] duxup|7 years ago|reply
The machine and ballots are tied together right there. I really like the system as if all else fails you can get a paper trail and I belive even ID machines.
[+] [-] xroche|7 years ago|reply
And even then, you need to trust the machine. In many cases, these machines are using terribly old processors (sometimes even using the venerable 68000), and building a corrupted clone could probably be something doable.
The corrupted processor may have a different behavior, depending on the situation, such as the exact time of operation (ie. it would not be detected by random tests before or after an actual vote), or the analysis of people voting (ballot might be modified only during peak hours, to limit detection)
I'm baffled to see that democracies still engage in electronic voting systems.
[+] [-] LMYahooTFY|7 years ago|reply
Because it's open sourced, we can be virtually certain that it's not built into the software, and if it is you need to prove it. Which would fix it, or obsolete it.
Someone will have to ask the security detail handling custody, or one of the other thousands of people who could potentially be involved in trying to rig an election.
It's finally cheap enough to have the transformation of it, from raw compounds into an engineered SoC for tallying votes, livestreamed 24/7 and operated by openly auditable robots.
Convince me that would cost more than one fighter jet.
[+] [-] nonbel|7 years ago|reply
https://abc7.com/politics/new-voting-system-approved-by-la-c...
That seems to be the case:
>"Separately, Logan signed a contract on June 13 with Smartmatic USA, making it the VSAP prime contractor and systems integrator. Smartmatic USA will help Logan's office in managing the manufacture and implemention of components scheduled for introduction in the March 2020 California presidential primary election." https://www.techwire.net/news/la-county-oks-open-source-elec...
Why are all these "voting machine" companies so shady?
>"The Venezuelan-owned Smartmatic Corporation is a riddle both in ownership and operation, complicated by the fact that its machines have overseen several landslide (and contested) victories by President Hugo Chavez and his supporters. The electronic voting company went from a small technology startup to a market player in just a few years, catapulted by its participation in the August 2004 recall referendum. Smartmatic has claimed to be of U.S. origin, but its true owners -- probably elite Venezuelans of several political strains -- remain hidden behind a web of holding companies in the Netherlands and Barbados. The Smartmatic machines used in Venezuela are widely suspected of, though never proven conclusively to be, susceptible to fraud. The company is thought to be backing out of Venezuelan electoral events, focusing now on other parts of world, including the United States via its subsidiary, Sequoia." https://wikileaks.org/plusd/cables/06CARACAS2063_a.html
[+] [-] vuln|7 years ago|reply
[+] [-] haney|7 years ago|reply
[+] [-] sprokolopolis|7 years ago|reply
They have been asking for suggested areas for "Voting Centers" recently where LA County citizens can vote at the location of their choosing. Many people here have long commutes from traffic or public transport. For this reason (and maybe others) the County wants to make it so people can vote at any of the available "vote centers", rather than one assigned polling location by their home.
You can watch the video that they were sending around here: https://www.youtube.com/watch?v=fC_-8Nl-O3U
[+] [-] sneak|7 years ago|reply
[+] [-] motohagiography|7 years ago|reply
To me it seemed actually stupid to believe that the only thing preventing algorithms from yielding the sympathetic magic required for a peaceful transfer of sovereign power, was their lack of complexity. Arguably, without the ritual element, democracy reduces to a lottery with a biased mechanism, and for it to work, it must necessarily be more than that.
It's a larger philosophical question, to be sure, but it's like comparing a Turing test to an Indifference curve. The first is to determine whether something can convince people it is another person, the second is to predict the point at which you will cease to care enough to choose something else. These are analogous in that, like an AI, we can design an e-voting system that can act convincingly as though it facilitates democracy, but mainly it is just an acceptable substitute for people who no longer care whether the democracy they are dealing with is real or not.
In the case of voting, it's not just a thought experiment, or a product dev question, as by real, I mean sufficiently legitimate for people not to reject the results and cause civil disturbances.
It might sound a bit extreme, but we should really be asking when we institute electronic voting (or counting) whether we are willing to accept a simulation of the ritual we use to grant sovereign powers to people.
[+] [-] matt_s|7 years ago|reply
Paper ballots cannot be hacked at scale.
Properly designed paper ballots and a national design and education rolled out about them would propel us forwards as a nation.
[+] [-] rurban|7 years ago|reply
[+] [-] mdrzn|7 years ago|reply
https://www.techwire.net/news/la-county-oks-open-source-elec...
[+] [-] secabeen|7 years ago|reply
[+] [-] Someone1234|7 years ago|reply
[+] [-] EGreg|7 years ago|reply
The trick is just to have people scan a QR code when they register, to make sure it’s one vote one person.
[+] [-] thatfrenchguy|7 years ago|reply
[+] [-] ch4s3|7 years ago|reply
[+] [-] tzs|7 years ago|reply
Anyway, such a system as you want has been designed, and is inexpensive and works well with existing systems, and makes it easy for third parties to audit the results: https://en.wikipedia.org/wiki/Scantegrity
[+] [-] maccam94|7 years ago|reply
[+] [-] cbsmith|7 years ago|reply
[+] [-] kodablah|7 years ago|reply
[+] [-] Rebelgecko|7 years ago|reply
[1] http://file.lacounty.gov/SDSInter/bos/supdocs/123460.pdf
[+] [-] stonesixone|7 years ago|reply
[+] [-] ourmandave|7 years ago|reply
[deleted]
[+] [-] Dowwie|7 years ago|reply
How do you safely pass votes from the machine to the counter?
[+] [-] eludwig|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] Snd_|7 years ago|reply
[deleted]
[+] [-] rixrax|7 years ago|reply
I suspect above might be unpopular idea. Especially since obvious downside is that if poorly implemented (or exploited) it could allow establishing who voted what and in any case allow establishing who did and didn't vote. And no, I don't think voter fraud is widespread, or has had any impact of consequence to overall results. But in this age and day, I think we should have a system where a registered voter is first identified by the system before presenting them with the ballot. This way, assuming systems were interlinked, one could vote anywhere in the country, and be given the right ballot for where you live.
And then the obvious next step would be allowing voting via browser. One vote for one registered ID. If system thinks your ID has already voted, have an escalation mechanism to re-cast the vote and investigate.
[+] [-] fake-name|7 years ago|reply
If you want to increase the bar for people to vote, you HAVE to demonstrate that the current system is problematic.
There have been multiple attempts to find ANY significant voter fraud that would have been at all affected by forcing voter-ID requirements. They have universally found nothing.
As such, there's no real reason to support voter-ID laws, aside from deliberately trying to disenfranchise low-income voters.
[+] [-] gruez|7 years ago|reply
what's that supposed to mean? it's either mandatory or it isn't. also, all of the options you listed are disproportionately less used by the poor, so it doesn't really address the main issues with mandatory voter id
>And then the obvious next step would be allowing voting via browser.
electronic voting brings up a bunch of other issues. how do you prevent vote selling? how do you secure a (poorly secured) personal computer from being hacked?
[+] [-] timdev2|7 years ago|reply
Voting via the browser is such a terrible idea for manifold reasons that ought to be obvious.
[+] [-] specialist|7 years ago|reply
Most every US voter registration system I'm aware of requires eligible voters to present some kind of identification. Errors do occur, because we're stubborn and won't implement Real ID. The one exception I know of is (was?) North Dakota.
Further, voters must present some kind of identification and sign-in to receive a ballot at a poll site. For postal ballots, your receiving address is assumed to be proxy for your identity.
Voters can only cast ballots where they're registered.
Voting electronically, by any medium, can neither ensure voter privacy or the public vote count. The gold standard is the Australian Ballot, if you'd like to learn more.
All voting systems I'm aware of tracks ballots. Rules vary by jurisdiction. But generally this prevents double voting. Some places allow newer ballots to replace a prior ballot (IIRC).
[+] [-] dragonwriter|7 years ago|reply
How would a counting system for traditional paper ballots enforce that? It's not even a component used in the part of the process where that makes sense
[+] [-] unknown|7 years ago|reply
[deleted]