
Votes could be counted as fractions instead of as whole numbers - Varcht
http://blackboxvoting.org/fraction-magic-1/
======
nxc182
This is why we absolutely do not need electronic voting (or electronic vote
counting) in any way.

Paper voting (with polling locations distributed to balance load) with hand
counting and verifiable addition operations to get the final vote counts is
what is needed.

Having voted in person at town hall, and then having helped count the votes, I
know that it is doable - just like any other laborious task is doable with
enough people involved. Electronic voting just doesn't buy you anything more
than risk - all at the cost of verifiability.

The other advantage to hand counting with a neighbor nearby is that there is a
strong penalty for manipulating the election - your neighbor will notice.
These machines make it _way_ too easy to manipulate elections at mass scale
without detection.

~~~
tedmiston
And yet we trust software to do things like run our credit card transactions
and withdraw money from our bank accounts.

The resistance [from several in the industry not just your comment] to making
voting happen via software really concerns me.

~~~
nothrabannosir
That's significantly less important than voting. And the incentives are
properly aligned: the bank is responsible for making its systems secure, and
if they lose your money they have to refund it. Voting? Not so much. Lost
ballots? "Woops :) sorry."

If the voting machine vendor executives faced actual personal serious jail
time for botched counts, I might be more inclined to trust it. Then again, I
bet you a tenner they'd suddenly have a lot more fail safes in place.

Aligned incentives is absolutely, 100% required for anything to work in our
society. It's what we're built on. Otherwise you will always be swimming
upstream.

~~~
csallen
_> Aligned incentives is absolutely, 100% required for anything to work in our
society. It's what we're built on._

I wish more people understood this simple fact of human psychology. It's
astonishing how often people will support some system that incentivizes bad
behavior, and then act surprised when people behave badly.

What's more, when faced with this situation, these same people will resort to
shaming the bad actors rather than fixing the broken system.

~~~
Ntrails
Aligning incentives properly is _hard_. I think a good example is about how to
best incentivise General Practice medical care centres (UK NHS system).
Patients seen? Patients in catchment area? Mortality/Morbidity rates? Patient
outcomes (how you measure these is a rabbit hole of perverse incentives)...

Each and every idea has a logical optimum strategy for the trust to maximise
income, and all of them aren't quite what you're trying to achieve. So you
really want to blend some of these (and others) together in just the right
mix, but without creating hundreds of hours of admin just to support the
metrics.

------
DamienSF
There have been many statistical analysis pointing out to potential election
fraud due to the electronic counting of the votes. For those who missed it,
here is a comprehensive report on potential election fraud during recent
Democratic primaries: [http://www.election-justice-
usa.org/Democracy_Lost_Update1_E...](http://www.election-justice-
usa.org/Democracy_Lost_Update1_EJUSA.pdf)

The last part is related to the electronic counting of the votes. Here what
Fritz Scheuren, the 100th President of the American Statistical Association,
had to say on the Democratic primaries “as a statistician, I find the results
of the 2016 primary voting unusual. In fact, I found the patterns unexpected
[and even] suspicious. There is a greater degree of smoothness in the outcomes
than the roughness that is typical in raw/real data […] the difference between
the reported totals, and our best estimate of the actual vote, varies
considerably from state to state. However these differences are
significant—sometimes more than 10%—and could change the outcome of the
election”

------
Animats
The CEO of Diebold Election Systems in 2004, where GEMS came from, was Walden
O'Dell, who was also a fund-raiser for the Bush campaign at the time.[1] "I am
committed to helping Ohio deliver its electoral votes to the president next
year" wrote Mr. O'Dell.[2] He resigned in 2005 after being indicted for
securities law violations.

That's probably when this feature went in.

[1]
[http://www.sourcewatch.org/index.php/Diebold_Election_System...](http://www.sourcewatch.org/index.php/Diebold_Election_Systems)
[2] [http://www.nytimes.com/2003/11/09/business/machine-
politics-...](http://www.nytimes.com/2003/11/09/business/machine-politics-in-
the-digital-age.html)

~~~
c22
In part two it's claimed the feature was added on 6/27 2001.

------
Keverw
It's sad that elections, one of the most important things we have here in
America are ran on closed sourced copyrighted systems owned by corporations.
They say it's rigged, I would hope it's not but really who knows if they don't
have access to the code?

~~~
grzm
I think it would be nice to have the source code open for review. However,
that doesn't solve the problem. It's very difficult (impossible?) to guarantee
the reviewed software is what's actually running on the machines, not to
mention how does one validate the compilation, the OS, the firmware, the
hardware—you get the picture. And the voting machine itself is only one part
of the whole voting system.

It sounds like this is something you're interested in. I encourage you to take
a look at what's being done. I've shared a couple of links elsewhere in this
thread, which if nothing else can provide a starting point.

~~~
Keverw
Yeah good point. Hashing the binary wouldn't really help because they could
modify the GUI to report the wrong hash and most people who aren't computer
people wouldn't really get what it means anyways.

I been thinking a blockchain based system would be interesting, but it'd have
to be really easy to use for everyone. People who have no computer or phone
all the way to the computer expert.

~~~
grzm
I think blockchain might have some application, but I'm unconvinced that
computer technology alone is going to solve it. Have a look at this slide deck
from Ron Rivest (of RSA fame).

[https://people.csail.mit.edu/rivest/pubs/Riv16x.pdf](https://people.csail.mit.edu/rivest/pubs/Riv16x.pdf)

I think he does a pretty good job of covering the history of modern voting and
how technology can be properly applied.

You might find this Google Tech Talk by Ben Adida "Verifying Elections with
Cryptography" interesting as well:

[https://www.youtube.com/watch?v=ZDnShu5V99s](https://www.youtube.com/watch?v=ZDnShu5V99s)

------
huac
The entire argument is DOUBLE instead of INT
[http://blackboxvoting.org/fraction-
magic-3/](http://blackboxvoting.org/fraction-magic-3/) within some Access
database.

~~~
throwanem
Access has a signed 32-bit long integer type, so it is odd to see a double
used here. Still a hell of a lot of stew from one oyster.

~~~
grzm
I've seen all kinds of data type mismatches in databases. Unfortunately, I
don't find this all that surprising.

~~~
int_19h
"Harris found the “DOUBLE” setting in all GEMS databases from all states for
version 1.18 forward. Looking at older GEMS databases, version 1.17 and
before, votes were instead configured as whole numbers (LONG INTEGER)."

On top of that, they claim that there's also specific functionality to deal
with rounding in the output results - why would anyone do it if they honestly
thought that votes are always integer. In fact, they even present an email
discussing the implementation of this, so it wasn't exactly under the radar.

------
stevetrewick
I'm deeply unconvinced by TFA (and the rest of the series). There are
insufficient technical details (and those that are there are taken way out of
context) to judge whether a) the author's conjecture is reasonable, and b) the
author actually has sufficient understanding of such details to make their
claims credible.

There's stuff like 'some code I found an FTP server one time' which add
considerable amounts of doubt and ambiguity.

That said, such objections merely highlight the root cause of the problem -
the software and process is not auditable. If it was I could just go and check
for myself. Without that access neither I nor anyone else can verify the
claims, nor the counter claims that everything is legit (though see also
Thompson hack, reproducible builds, etc)

I'm not a 'closed source = evil' kind of a person but here it seems like an
absolute no brainier.

------
nkassis
I read part 1,2,3,4 and found multiple issues with this article. In part 2
they show results for alaska with fractional numbers. What isn't clear is that
it's actually results from part 4 where they edited the access DB to change
the numbers to match set percentages they wanted.

Second reading those emails in part 2 it seems they are discussing that the
per candidate numbers in weighted elections (when the machines are used for
those) then adding them they show totals with one less digit. But that only
matters if they have fractional parts which they haven't shown to have
happened in a real election.

There doesn't seem to be any proof of actual fraud here. Just a bunch of
suppositions.

------
trendia
I'm not sure that storing ints would be more resistant to fraud than storing
as doubles. You could easily manipulate the vote by randomly switching X% of
votes like so:

    
    
        if wrongVote && rand() < X:
    
            FlipVote()
    
    

This would have the same effect as fractional voting, even if you store as
integers.

~~~
vilhelm_s
But that would be easily detected by looking at the source code or
disassembly. I think the concern here is that the "weighted" election mode
provides an easy way to manipulate election outcomes while providing
deniability ("oh, that code is just used for weighted elections in
California").

~~~
chipperyman573
Wait, are there actual states in the US that use weighted elections? I thought
the whole point of the US's system is that (ideally) every citizen has as much
say as anyone else.

~~~
vilhelm_s
Apparently California has a system (Proposition 218) where local government
can impose certain property taxes, but such taxes have to be approved by a 2/3
majority of property owners, and the vote is weighted by the amount of
property they own.

------
ahh
I gotta wonder: if this was really a way someone was trying to steal an
election...why would they bother?

Once you have thoroughly owned the voting machine system and can set weights
why not, I don't know, just ignore the counted ballots entirely and report the
totals as whatever you want?

~~~
imron
Because of the need to do it in a way that is both plausible and not readily
detectable.

------
labster
I don't see what the problem is. Fractional vote transfer is a basic feature
of Single Transferable Vote (STV) elections. Although there's no reason to do
any counting on the voting machines themselves in that case, just recording
the ballots.

~~~
imron
The problem is when it can be enabled in elections that do not use Single
Transferable Votes, and discovery can be plausibly denied as a configuration
error (oops, it's still set to weighted voting from a previous election and
wasn't reconfigured correctly).

------
wnevets
The paper ballots that caused the 2000 debacle really wasn't any better the
problems with e-voting we have today. The problem isn't the medium of voting
but who is in charge of creating and maintaining the ballots.

~~~
tomohawk
The paper ballots that were punch cards caused problems.

The paper ballots that were marked and optically scanned caused no problems
and were easy and fast to recount.

Some counties in FL had the old punch card ballots, some had the optically
scanned. All of the problems were with the punch card ballots. And with the
lawyers arguing over hanging chads and other nonsense.

~~~
wnevets
You're also forgetting about the butterfly ballots that confused voters
because of their design. A large number of voters claimed they voted for the
wrong person because of it.

> [http://andrys.com/flballot.html](http://andrys.com/flballot.html)

------
douche
Any sort of software for voting machines really _ought_ to be open-source.
Anything less than complete transparency is a non-starter.

~~~
Scirra_Tom
And how do you verify the machines are running that code?

And how do you know someone's just not adding to the total when it's collated?

~~~
acobster
You have redundant integrity checks involving cryptography and independent,
human professionals built into the compilation/deployment/testing process.

------
maerF0x0
there are cryptographic voting systems that would allow results to be
verifiable and for voters to verify their vote was counted. That and FOSS
voting software would probably help .

------
askvictor
On reading that headline I thought maybe someone had come up with a voting
system where you could assign a portion of your vote to one candidate and a
portion to the other. E.g. 60% to Clinton, 40% to Trump

~~~
DamienSF
If you read beyond the headline, you'll see that this is actually the
conclusion of the article.

------
mentos
What would be wrong with a voting machine assigning you a UUID that you can
print out and verify your vote on a website where everyone else's 100 million
votes are displayed?

~~~
s_q_b
When ballots are not secret, they can influenced by social, political, or
economic actors through punishment and reward. For example, voters in many
places used to face extreme peril if they voted against the candidate picked
by their social group, party, or union. This peril ranged from reduced social
standing, to loss of employment, and even physical violence. As such coercion
is contrary to the democratic objectives of an election, secret ballots were
introduced to ensure ballots represent the free will of the voters.

There are mechanisms by which one could both keep the ballot secret and allow
a public tally. But to avoid hacking, like the floating-point vote-value in
GEMS outlined in another story, the system does require bullet-proof crypto.

Regardless of how the ballots are counted, I do believe there should always be
paper backups, scanned, and filed so that citizens can examine them digitally
and in person if necessary. With that system one could spot-check any
suspected irregularity. Only with such physical redundancy would I trust
digital voting systems at this point.

Sometimes there's no substitute for good old dead trees.

[https://en.wikipedia.org/wiki/Secret_ballot](https://en.wikipedia.org/wiki/Secret_ballot)

 _Article 21.3 of the Universal Declaration of Human Rights states, "The will
of the people...shall be expressed in periodic and genuine elections
which...shall be held by secret vote or by equivalent free voting
procedures."[19]

Article 23 of the American Convention on Human Rights (the Pact of San Jose,
Costa Rica) grants to every citizen of member states of the Organization of
American States the right and opportunity "to vote and to be elected in
genuine periodic elections, which shall be by universal and equal suffrange
and by secret ballot that guarantees the free expression of the will of the
voters".[20]

Paragraph 7.4 of the Document of the Copenhagen Meeting of the Conference on
the Human Dimension of the CSCE, obligates the member states of the
Organization for Security and Cooperation in Europe to "ensure that votes are
cast by secret ballot or by equivalent free voting procedure, and that they
are counted and reported honestly with the official results made public."[21]

Article 5 of the Convention on the Standards of Democratic Elections,
Electoral Rights and Freedoms in the Member States of the Commonwealth of
Independent States obligates electoral bodies not to perform "any action
violating the principle of voter's secret will expression."[22] _

~~~
benchaney
What if the UUID is secret?

~~~
grzm
I'm not sure what that would mean. How do you keep the UUID secret in a way
that you can use for verification?

~~~
benchaney
You send it to the person who it belongs to. Then when the want to check if
their vote went through properly, they can look up the vote that corresponds
to their UUID.

~~~
grzm
Okay. What prevents someone else from accessing the UUID, either before or
after its sent to the person it belongs to? I could be missing something, but
I think this is still vulnerable to coercion or vote selling.

~~~
benchaney
How would they go about accessing it? Presumably people can protect
information they deem private. Like their social security number for instance.

~~~
grzm
Threats of physical violence? Bribes? There are ways to design the system that
guarantee that the voter can verify they voted but _can 't_ prove who they
voted for. No need to keep the UUID secret. It's very desirable to have a
system that we can trust even if conditions aren't necessarily antagonistic.

BTW, thanks for engaging in this discussion. It's important and it's helping
me rethink through all of this.

~~~
benchaney
Those are problems with all voting systems. In the current system someone
could Threaten/Bribe you to take a selfie with your ballet after it has been
filled out.

~~~
grzm
Okay. I'll grant that there are likely ways to potentially coerce or sell
votes in any system. If there are straightforward, inexpensive ways to make it
more difficult to do so, we should.

~~~
natch
The private, non-electronic ballot box makes it pretty hard. That's one of the
main beauties of the system.

------
natch
This is really disturbing. We need a DARPA-challenge level effort to get some
better solutions designed for this.

It can't be that hard. A git repo per machine, recording an audit trail
further verified by the block chain, could be the start of a solution, for
example.

~~~
benchaney
"A git repo per machine, recording an audit trail further verified by the
block chain"

This is just a list of technologies. It's not the start of a solution, and it
isn't even really clear what problem you are trying to solve.

~~~
natch
The problem of undetected vote tampering at scale > individual voter being
relatively easy -- this problem was pretty clear in the original article.

------
aaronhoffman
I'm pretty sure most voter fraud/electronic count type issues can be solved
with git (and/or blockchain). Anyone working on that?

~~~
VLM
Its hard to implement those without timestamps and anonymity is impossible
with timestamps plus ubiquitous cameras and modern image analysis software,
not to mention "the internet of things powned by foreign governments and
corporations".

I'm not implying anything, but an anonymous vote for Trump was registered into
the blockchain at 9:55:01 at XYZ elementary school, and at 9:55:23 a hacked
gas station security camera across the street shows a dude walking out the
door and into a car license plate WTF-123 that seems to be registered at the
same address as drivers license number 1234-XYZ which happens to be VLM and
his rather studly DL demographic data (height weight race gender) seems to
match the dude in the video... Meanwhile VLMs phone, which is powned by the
NSA, KGB, and god knows who else, records VLM's GPS coordinates as in the
voting booth at 9:55:01 and shows him driving the car back to the coordinates
of his house. And of course VLM's kids went to that elementary school when
they were little. So it could just all be a coincidence, but I think I might
know who VLM voted for ...

~~~
aaronhoffman
Very true, it would not make a perfectly anonymous voting system, but I think
it could prevent some fraud.

You could take steps to separate the name from the vote of course. e.g. After
the person confirms their identity somehow, give them a random number that
only they see/have access to, associate the vote with that number.

The "repos" could be made public and you could confirm your vote afterwards.
No vote could be "changed" if it was in a chain of hashes...

Your point about timestamp is true. And although I personally think we could
stand to be more open about how we vote (and also more accepting of others) I
agree anonymity is important.

Perhaps a system like this would be efficient enough to greatly reduce the
voting time window. Make it harder to determine who voted by timestamp due to
"noise". (or perhaps, can't vote unless there are 5 people present... not a
perfect solution, just throwing some ideas at the wall.)

------
serge2k
> PART 1: VOTES ARE BEING COUNTED AS FRACTIONS INSTEAD OF AS WHOLE NUMBERS

Should really be

> PART 1: VOTES COULD BE COUNTED AS FRACTIONS INSTEAD OF AS WHOLE NUMBERS

Existence of the feature doesn't indicate it's use, although it is obviously
worrying.

~~~
Bud
Definitely a sensationalized clickbait headline that's not backed up by the
article in any way.

------
ithipster
more fundamentals on the issue:
[http://ithipster.com/47.html](http://ithipster.com/47.html)

~~~
leggomylibro
That's not exactly 'more fundamentals'; it's a much shorter, less informative,
and more biased piece. The linked article goes far more in-depth, is far more
objective, and after reading through the first 5 articles I feel a little bit
more edified about the issue.

Now I understand the core beef: that a schema change to this voting software
caused all votes to be stored in their relational DB as doubles instead of
ints, and a good way for observers to verify that an ordinary election isn't
behaving as a weighted one behind the scenes was never added, which makes this
voting system insecure and not what a reasonable person would consider
"observable".

The article you linked, on the other hand, made me feel patronized, skeptical
of the author's central premise, and a little bit uncomfortable.

~~~
ithipster
biased which way?

------
DonHopkins
They implemented the fractional voting feature just in case the United States
reinstitutes the three-fifths compromise. [1]

[1] [https://en.wikipedia.org/wiki/Three-
Fifths_Compromise](https://en.wikipedia.org/wiki/Three-Fifths_Compromise)

------
legostormtroopr
> _What fractionalized votes can do:_

> _They allow “weighting” of races. Weighting a race removes the principle of
> “one person-one vote” to allow some votes to be counted as less than one or
> more than one._

This is extremely inflammatory language. What I think they mean is:

> _They allow “weighting” of electoral contests. Weighting an electoral
> contest removes the principle of “one person-one vote” to allow some votes
> to be counted as less than one or more than one._

However, what they wrote seems to heavily imply a _racial_ bias to electronic
elections. Why they would choose to use such racially charged language around
such a benign topic at this time seems only to drive links to their site over
such a non-controversial issue.

~~~
grzm
I think they're using "race" in the contest/competition sense, aren't they?
For other uses in the article:

 _" The “Summary” vote tally, which provides overall election totals for each
race on Election Night"_

and

 _" Presidential race in an entire state switched in four seconds"_

Granted, they could have chosen other language that's less likely to be
misconstrued. As for the choice of language, I don't think the article is all
that well written (for another example, mixing "fractional" and "decimal" to
mean the same thing). I don't think there was that much thought put into the
language.

