
Programmer under oath admits computers rig elections - ConceitedCode
https://www.youtube.com/watch?v=1thcO_olHas&feature=youtube_gdata_player
======
kaoD
Don't trust computers for voting. Bits are easy to tamper with, specially when
the populace doesn't know shit about computers (and rightfully so).

You can envision a system as complicated as you want, but it'll always have
some sort of flaw because, well, bits are bits. I've had this discussion with
many people and the same solutions arise again and again... but most are
useless.

You could get the source code for the voting program... what if your compiler
is backdoored? You could compile the compiler yourself, with which compiler?
The backdoored one?

And even﻿ if the compiler is trustworthy... who's guaranteeing that the real
binary is installed in the machine? You could download it in an USB drive and
check yourself or get a hash from the machine but... how can you be sure the
machine is reporting the binary that's actually running and not just a fake
reply? Could you trust the reported MD5/downloaded binary from the machine?

Easy! - you say - You could upload the binary yourself﻿ to the machine! But
how would you be sure you're running the uploaded binary and not a fake one?

And what if any of the machines inbetween are rigged?

Then cryptoguys come in: you could digitally sign your vote (forget secrecy)
with a state-issued certificate﻿ (we have those in Spain with our NID). Maybe
encrypt it so that only the far end could read it. You'd then check if your
vote's been cast fine online. But how'd you be sure you got the real result?

Once the data left the machine you have to trust that everything's fine on the
receiving end. What if the vote count just ignores votes and just does
whatever it wants?

And the worst of all... how's your granny supposed to check it herself?

There are some advanced cryptographic techniques relevant to e-vote (some are
quite clever) but even the best cryptographers will tell you: do not trust
electronic voting!

My advice is: keep with pen and paper! It's easy to tamper with too, but more
people know how it works and it's easy to see the inner workings compared to
bits over the wire.

~~~
eli
Mostly agree, but paper ballots are expensive to administer and count and we
currently don't like to spend very much on our elections. Also, you still need
a system for the disabled that ideally also preserves secrecy - not everyone
can hold a pen.

~~~
kaoD
I prefer trusted to cheap (and I certainly hope everyone else does). Of course
the government prefers cheap, but it probably prefers tamperable too :P

Good call about the disabled. What are the current systems doing for them?

~~~
eli
Secure, anonymous voting for the disabled is a big reason we have so many
electronic voting machines. It was a big part of the Help America Votes Act.
There are many vendors with solutions. The AutoMark is a popular one -- it can
enlarge type or even read you the choices and let you make a selection by
blowing in a tube.

There are many systems for the disabled -- it was a big priority of the Help
America Votes Act, which is what prompted this wave of computerized voting
machines. The Auto

------
specialist
I'm utterly opposed to electronic ballots. No touchcreens, no email voting, no
internet voting. Elections with electronic ballots (records) cannot be
audited. Nor can the voter's privacy be protected. [1]

That said, in my opinion, Clint Curtis is not a credible witness. What he
claims is certainly plausible. But he doesn't have the technical chops to pull
it off.

For something more reality-based, check out voteraction's lawsuit in New
Mexico. <http://voteraction.org/legalaction>

VoterAction proved that Kerry won NM in 2004. What happened in NM certainly
happened elsewhere. Especially Ohio, which had so much going on in so many
directions, there's no way to summarize other than to say "death by a thousand
cuts".

Briefly, in NM, spanish language touchscreens did not count votes cast for
Kerry. Further, "faulty" storage devices (memory cards) were sent to back
vendor HQ to be fixed, totally mooting the chain of custody, etc.

The whole election integrity thing is like a jumping down the rabbit hole.
Things are so ridiculous, it's hard to believe. And when you try to explain to
people what's happened, you're dismissed as a "sweaty paranoid kook" (that's a
quote).

Speaking for myself, I used to think that I mail my ballot and it gets
counted, what could be more simple? The more I learned, the more my confidence
was shaken.

I could go on and on and on about this topic...

[1] Yes, I've studied the crypto proposals. They're included. Briefly, crypto
schemes rely on a secure one-way hash to hide your ballot in the herd of
ballots. Alas, US elections are administered per precincts (1-1000 voters) and
typically have a dozen or more issues per ballots. Meaning combinatorially
there's no way to hide an individual's ballot. Crypto works for simple ballots
with thousands of voters.

~~~
eatitraw
In Russia, there are ballot boxes that automatically count ballots. No fancy
technology here - they just scan ballot, detect mark position, and after the
end of the election day these ballot boxes just print resulting report.

These ballot boxes are installed on some small percent of polling
stations(like 5% or 10% - I don't remember the exact number). But statistical
analysis shows that electoral fraud is commited considerably less often on
such polling stations. I don't know, whether it is actually more difficult to
cheat on such stations(at least there is a physical limitation - you can't put
more than one ballot at a time, because it is needed to be scanned, - as
opposed to normal ballot box where you can easily put 10-20 ballots at once),
or whether they decided to install such automated boxes on polling stations
where they had no intention to commit fraud. But my point is: 1) "Paper-
voting" is no guarantee of fair elections. 2) Sometimes "hi-tech" may even
help you, if you use it properly.

You make a fair point about electronic voting(and I wholeheartedly agree with
you), but it looks like you overestimate the reliability of old-fashioned
methods.

To summarize, I'm calling you "not-enough-paranoid kook". :)

~~~
specialist
I believe you're describing the mark sense style ballot scanners. Because you
still have a paper ballot, they are not electronic ballots. (Apologies for not
being more clear.)

<http://homepage.cs.uiowa.edu/~jones/voting/optical/>

I agree with your point, and only would add that the consensus among the
election integrity experts is that poll-based ballot scanners which tally
onsite immediately after the polls close are the most correct answer. This
system has the lowest error rate. It is the easiest to audit (eg conduct a
manual recount). Tampering with the results would be the most difficult
(largest attack surface area).

The crucial trait of paper ballots cast and tabulated at poll sites is that
such as system CAN be done correctly. Meaning enable the public vote count
while ensuring the secret ballot. No electronic ballot system can make those
guarantees, under any circumstances.

PS- I worked as a poll judge and poll inspector for a handful of elections.
The jurisdiction where I reside had the same system as you described. It
worked fabulously well. It was cheap. We've since moved to all postal ballots
(vote by mail). Central count is a sausage factory. I fought against the
transition, lost but was able to get some concessions, such as improved
accounting (ballot processing) procedures.

------
tzs
Neither the description nor the first few minutes of the video state what
Court or tribunal or committee or whatever this testimony is for, nor when it
is taking place, nor what other witnesses might have testified that
contradicted this witness.

Without that context, this is pretty meaningless.

Several comments so far have discussed ways to improve voting. Good
cryptographers have already solved this problem. See <http://scantegrity.org>

------
overgard
I am Jack's complete lack of surprise.

I think a startup to fix voting would actually be a really cool (anyone here
doing that already?), although I imagine it would be fraught with danger.

I think we need to step back to first principles here. In an ideal voting
system, we need two properties:

1.) The vote must be anonymous (to remove the possibility of persecution) 2.)
There has to be some way to detect if a vote has been tampered with.

Here's the thing... we can solve BOTH those problems with common cryptographic
algorithms. Problem #1 can be solved with a hashed identity, problem #2 can be
solved with a checksum.

Right now we try to solve that with a "paper trail". That's one solution, but
it's very problematic. First, you're putting a lot of trust in the people
doing the counting. Second, we can't trace those pieces of paper back to
people to ask them "is this really who you voted for?"

I'm not claiming these are /easy/ problems to solve. There are a lot of
considerations. But I will claim that we already have the required
cryptographic toolset to make it possible, and that simple counting machines
are entirely inadequate.

~~~
mprovost
Paper ballots satisfy both of those properties. What problem are computerised
ballots trying to solve? I've seen cost mentioned but haven't seen any
evidence that it's cheaper. I imagine that it's mostly about getting the
election results faster but is that really a goal of an election? Speed over
accuracy?

~~~
Joeri
You can get the speed of e-voting with paper ballots if you tally up the
totals twice: once with a scanner when the ballot is put in the box
(appropriate design of ballot and box required ofcourse), so you get immediate
digital results, and once with manual counting to give the vote legal
standing. The fact that only a manually counted result would have legal
standing ensures nobody will see the point in tampering with the digital
counter.

I would agree that there's no reason to have e-voting instead of paper
ballots. The only possible excuse I might imagine for e-voting is that it lets
people vote from home which enfranchises more voters, but that would just lead
to a wave of vote selling so...

------
lsiebert
What you need is memory that can't be rewritten that will show any tampering.
Paper does this cheaply and easily.

------
angstrom
This wasn't news then, why is it news now?

Less is demanded of our voting system than of our ATM system. The irony is
that it is the same system. People vote with their money every day. Western
democracy is realized through the market system on a national level. Locally
it is still in tact as a function of voting ballots and money.

Governance is largely about the use of limited resources and less about civil
liberties. Civil liberties are largely a function of popular majority and
politicians just reflect the popular opinion of the day.

~~~
eli
Voting has radically different requirements than withdrawing money because of
ballot secrecy.

------
chacham15
I've had the following idea for a while and was wondering if anyone can point
out the flaw:

Imagine a system where every individual has their own public/private key pair
(backed by tying it to their SSN). You then have two SQL tables:

    
    
        CREATE TABLE voterVote (
            id           INT,
            category     VARCHAR(255),
            vote         VARCHAR(255),
            PRIMARY KEY (id,category)
        );
        
        CREATE TABLE voterVoteId (
            voter_id     INT PRIMARY KEY,
            voter_city   VARCHAR(255),
            vote_id      INT FOREIGN KEY REFERENCES voterVote(id)
        );
    

Both tables are published. The one thing I forgot to mention though is that
the vote_id is encrypted with the users public key. This way any individual
voter can check that his vote is what is should be and people on the whole can
check that votes were tallied properly. Furthermore, we dont need to worry
about hacking compilers, etc. because this can be done on the internet. The
last thing we need to worry about is that the machine is lying to people when
they go to check their vote. The only solution to this is to have the code
which decrypts the persons row in the voterVoteId open source, but still since
the protocol is open source and the data is open source, we can bet that there
exists one honest person to build a tool to check. One more thing: how can we
tell that extra rows werent added to VoterVote? We can check that the number
of people in a city matches the number of keys issued to every person in that
city (which again is backed by SSN).

This will probably fail miserably at something simple I've overlooked, but it
was fun to dream up :)

~~~
qb45
Some people don't vote, you can't assume than if the number of votes is lower
than the number of citizens then there was no fraud.

Furthermore, voters shouldn't be able to prove how they voted - otherwise
somebody could pay people who can prove having voted for him or threaten
people who can't.

~~~
chacham15
> voters shouldn't be able to prove how they voted

hmm, thats interesting. I never thought about that.

------
senthilnayagam
That's a 2011 video. Did it change anything at all in last 2 years ?

~~~
the9to5
I actually believe this testimony is from the mid 2000s (Tom Feeney was in
congress from 2003-2009).

While in the video, Mr. Curtis has a point that voting code should be reviewed
by independent experts... even if the code has been vetted there could be code
injection through the operating system or compiler, however unlikely. And
that's not even considering anything malicious with the network or databases.
There's simply too many moving parts in electronic voting for it to ever
ensure 100% honesty. Possibly making it law to require a hand count of all
receipts/ballots to ensure a match would catch the fraud afterwards, when time
is no longer such a factor. Or better yet, running paper ballots through two
separate electronic voting systems by each voter and comparing counts.

But to answer your question, no I don't believe anything has been done.

------
scheff
For anybody who is interested in the concept of verifiable voting protocols,
and a real life election applying them, I am currently working on the front
end of such an application, with the election to be held in November 2014 for
our state election.

We are working with academics in Surrey, UK, and elsewhere on the cryptography
and verifiability of the election. So I can't answer any of the hard
questions, but can point you at some of the documentation that Surrey has
developed, shown below.

Using Pret a Voter in Victorian State elections
<http://epubs.surrey.ac.uk/726039/1/EVT.pdf>

Software Design for VEC vVote System
[http://www.computing.surrey.ac.uk/personal/st/S.Schneider/pa...](http://www.computing.surrey.ac.uk/personal/st/S.Schneider/papers/2013/SDSTechReport.pdf)

------
alexanderRohde
Very simple solution to the problem:

When you vote, you get a piece of paper saying your name, your vote, voter-id,
and the machine's salt.

Whenever a vote is counted, it is added to a public website of HASHES. Thus
anybody can verify the totals.

If anybody's recorded vote on the website (taken by hashing their info)
doesn't match their receipt, fraud is caught (thus removing votes or changing
votes isn't possible). Also, if I didn't vote or am dead, and my info is
entered, we can verify no tally appears for my hash.

If the hashes don't match up with all the registered voters via registration
forms, then votes have been added. Thus in order to add fake votes, fake voter
registration forms must be filled out manually [leaving a paper trail to catch
the perpetrator].

~~~
colanderman
"your name, your vote"

Then your boss threatens to fire you unless you give him/her a copy of this
paper such that he/she can verify that you voted how he/she told you to.

------
spikels
Check out the other videos posted by 91177info on YouTube. A huge variety of
paranoid fantasies mixed in with lots of half-truths. Their focus seems to be
pro-Iran and anti-US and Israel propoganda.

Also it would be nice to know what the forum was where these statements were
being made. Just because they are in a fancy looking room does not indicate it
is actually meaningful that the statements are "under oath".

That said you can definitely rig almost any large scale election. There are
just too many way to attack the process. In theory computers could help make
elections more reliable but in practice they just add new and powerful ways to
attack the process.

------
mschuster91
Doesn't surprise me the least. Where money is, there is fraud, and where there
is fraud, there is money. The US have plenty of both.

The problem is, how can we as programmers/IT field guys react when we are e.g.
coerced into rigging systems?

~~~
ams6110
_how can we as programmers/IT field guys react when we are e.g. coerced into
rigging systems_

Refuse?

~~~
thomasbk
Forward the request to the nearest newspaper too.

~~~
jtheory
I believe this is the kind of request that's usually delivered verbally only.

------
EFruit
As soon as you use something you did not make yourself, your project could
theoretically be compromised. This ranges from drivers, compilers, OSs,
hardware, to the text editor you wrote anything and everything with. In the
real world, we can protect things with a reasonable expectation of security.
We can't exactly have a CCTV camera watch an incredibly small count of bits
tamper with every other one in countless server closets and data centers, but
we can have CCTV cameras watch an unscrupulous public servant write some extra
ballots and put them in a box to be sent to DC (or wherever else).

------
randartie
I get the feeling that this guy isn't trustworthy. He starts by saying that he
was directly told to build software to fix the election. Then he says that he
'thought' he was told to see if it was possible to build software to fix the
election, then finding out that he was supposed to actually build it.

------
geekam
Can anyone tell me what are the precautions the election officers are taking
so that this does not happen again?

I also saw Hacking Democracy[1] recently that shows about the 2004 elections.

[1] <http://en.wikipedia.org/wiki/Hacking_Democracy>

------
drsim
Interesting individual. Wiki on Clint Curtis:
<http://en.wikipedia.org/wiki/Clint_Curtis>.

