I really can't imagine how we can use a closed-source voting system; I remember in March when Sequoia flipped out that a CS student was going to examine their machines and stopped him. Like that isn't at all suspicious
It's really sad how corrupt the system is, yet I've learned to just dismiss it as an expression of existential angst because the corrupt system somehow seems to function anyways and I myself can't fix it. Yet.
At this point, how long before we'll be able to vote using the internet? Figure have people enter their social security number, date of birth, and the 20 digit randomly generated password that gets mailed a month before the election.
20 digit randomly generated password that gets mailed a month before the election
Shouldn't this help with that?
Also, internet-based voting doesn't have to mean you're using your own machines, just that you're using the internet to tally the vote. This could mean we have 100x the voting locations that we have now - one at every post office, public library, starbucks, what have you.
And then somebody could extort you to vote in certain way and remain at your side to make sure you comply... or steal your mail and vote for you.
How is this any different from voting using an absentee ballot? Those can be stolen, bought, etc. And I would imagine are less secure than your average secure website. The difference comes when an exploit is found. The worst case for internet voting is very very bad and could scale. The worst case with abseentee ballots - a mailman or election official steals some.
And then somebody could extort you to vote in certain way and remain at your side to make sure you comply...
Extortion and pressure can and is applied at voting locations all over today. My voting location is literally across the street from the Democratic local offices. It makes me very uncomfortable. They always have pollsters doing exit polls and the people in line are almost all Democrats. They are loud, argumentative... It's an all around bad experience. I think voting online would be great assuming someone solves the security problem (OTP through mail, etc, etc).
And for the record I'm currently libertarian. I disagree with this sort of thing happening in neighborhood churches just as much as the VA across the from democratic headquarters. Though personally I've had no problems at churches. Maybe a bit uncomfortable but people were not speaking out and attacking people taking a non-democrat ballot (primaries).
if someone wants to fix the election its really not that hard under the current system either. Dead people and pets vote all the time. Same with absentee ballots.
And if its 1 address, 1 SSN, 1 password at least the person will need a little bit more info to fix it. If they steal your mail they'll still need to know your date of birth and the social security #. And sure thats possible for 1-2 people, but do you realize how hard it would be to do it on the massive scale?
I mean lets face it, voting is a pain in the ass, you usually end up voting when its rush hour, and you have to wait a long time to cast your vote. Something like 40% of the eligible voters even bother to vote. Shouldn't it be a priority to make voting easier?
is Diebold open to the public? Hell in today's society I wouldn't even trust a human, because no matter who the person is, if they volunteered to run elections in their district, they are a political person. And right now the political climate is very charged "NEOCON WARMONGER!" "LIBERAL DIMOCRAT!". And given the opportunity they can easily make votes disappear, or state different results, which get confirmed by another political person.
I mean I could understand the point, if the current system was infallible. But its not, so why not make the whole process easier on your average voter?
More importantly, ME! I'm not going to go vote, because I don't feel like standing for an hour in line, just to cast a ballot in a state where the result is already pre-determined because of demographics. I mean if you think about it, your vote only matters if you live in the 4-5 swing states, all others will go Democrat/Republican no matter what you do.
So open it to the public. After the election, publicly associate each password to a vote; also make people register for passwords and keep track of the number of people who register. Then after the election ask people to check that their password is associated with the vote that they made. Even if only a fraction of voters do so, it would be hard for any potential vote rigger to tamper significantly with the process.
And on further thought, it would be better to use public-key cryptography than plain passwords -- get people to encrypt their vote with their private key -- because then the public keys could be released before the election and it could be verified that there are the same number of keys and registered voters.
This would be dramatically more secure than the current system.
Y'know, I hate to come to your country and tell you how to run your elections, but I really think the best way to do it is the way we do it in Australia.
You go to the ballot box, and you get a pencil, and a printed ballot sheet with a standardised design nationwide. You write little numbers (we have preferential voting) in little boxes, and stick it in a box. No hacking, no tampering, no confusion, no breakdowns, and no lining up for more than a couple of minutes.
From what I hear, American elections involve many more votes than most other nations. At my local polls, the semiannual elections contain ballots for 5 or six different districts (federal, state, county, town, school district, fire district, police district) as well as referendums on several tax proposals and even things like road improvement projects. There are votes to sustain the currently elected Judges in my court district, and votes for positions like tax assessors. I'm sure I'm missing a few. Seriously, it's a lot of votes.
My voting district uses Scantron ballots which are nice because you do fill out a paper form, which is tallied on the spot. You get the paper trail of a paper ballot, with the speed of an electronic system.
So you'd have to fill out eight ballot papers instead of our two or three. Or perhaps, you'd fill out a single perforated ballot paper and it would be ripped apart before counting.
I've seen Australian ballot papers which are about three feet by one foot, and list a few hundred candidates for the state upper house (later they changed the law to make it harder to get on the ballot sheet). Anyway, if we can cope with that, I'm sure you guys could cope with having multiple elections on one big perforated sheet.
The Scantron system actually sounds sensible enough though. If that were implemented nationwide it would be a good system. But I can't understand this district-by-district (or is it county-by-county?) disparity of voting schemes.
Oh, it does sound like you have a good number of entries on your ballots. Sorry for making assumptions.
To be honest I've never voted in an election which didn't use Scantron ballots. I believe the voting devices are selected and allocated on a state-by-state basis though. The federal law mandates certain requirements the states must meet but leaves the implementation up to each individual one. I've lived in North Carolina, Wisconsin, Missouri, and Utah, and used Scantrons in each location. Maybe the computerized systems are used in more urban or wealthy districts?
At my local polls, the semiannual elections contain ballots for 5 or six different districts (federal, state, county, town, school district, fire district, police district) as well as referendums on several tax proposals and even things like road improvement projects.
The reason that doesn't happen in Australia is because state and federal elections cannot be held on the same day.
Here's an analysis of machines used for the 2004 election. Some security experts were able to do a thorough review because the source code that Diebold wanted to keep secret from state governments was accidentally made available on a public server. Oops.
Why aren't high security requirements apps deployed on hardware that's completely incapable of modifying its own code? There's no reason why you have to have the dev environment on the target machine. It might be more convenient, but for high security, it just doesn't seem like a good idea.
One possible answer: general purpose architectures are cheaper due to economies of scale.
http://sysop073.blogspot.com/2008/03/this-post-is-trade-secr...