
In Georgia, a legal battle over electronic vs. paper voting - danso
https://www.washingtonpost.com/world/national-security/in-georgia-a-legal-battle-over-electronic-vs-paper-voting/2018/09/16/d655c070-b76f-11e8-94eb-3bd52dfe917b_story.html
======
CydeWeys
Here in NY (and I'm sure in many other places), you manually mark up a paper
ballot with your vote. You then insert it into a scanner which confirms the
ballot's validity and then drops it into a lockbox.

The votes can be tallied instantaneously through the electronic system, but if
there's any irregularities the lockboxes can be opened and manually counted as
verification. And you can open a small number of randomly selected lockboxes
every election anyway, even absent any suspected wrongdoing, just as a check
to verify that the electronic counts are working as expected.

How is this not the standard everywhere? Yes, there's more paper (and thus
expense) involved, but surely having a non-hackable paper trail is worth it to
protect our democracy?

I was at DEF CON the first time they did the voting machine hacking. Those did
not fill me with confidence.

~~~
mtgx
How do you tell if something goes wrong? I think what's often missing in these
discussions is a need for automatic audits, too, even if not full audits
initially but only for a small sample.

If there is anything wrong found in that first series of audits, then a full
audit should be requiered by law and there should be severe prison punishments
for those state officials failing to start and finish those audits in the
specified time after the election.

Corrupt state officials should not be able to create any sort of delays or use
them as an excuse.

~~~
gregmac
I'm not sure how it's handled now, but what I'd like to see is after the
election closes, a random method to select poll locations is used -- such as a
lottery ball machine -- and those locations are then required to do a manual
recount. No one has advance notice of which poll locations will do this, so
there's no opportunity for cheating (eg, turning off a defeat device at the
locations that will be audited).

If there are any differences in the count then additional locations are
required to also do a manual count, and if more than two locations have
differences, all electronic numbers are trashed and the whole election is
counted manually.

~~~
stonesixone
This is basically what San Francisco, CA does. They use 3 10-sided dice to
randomly choose 1% of ~600 precincts to manually audit. You can watch the
random selection for the June 2018 election here:
[https://www.youtube.com/watch?v=wLSLlBkFY-Y](https://www.youtube.com/watch?v=wLSLlBkFY-Y)

------
nathan_long
> “I don’t know any conceivable way you could change Georgia’s election system
> . . . in a matter of weeks,” said Cathy Cox, a former Georgia secretary of
> state who oversaw the 2001 study that led to the state’s adoption of DREs.
> “It would be chaotic beyond belief.”

Oh yes, it would be awfully hard to make this switch in a matter of weeks. But
this time crisis was created by negligence, since it's now been 2 years since
officials were made aware of the problem.

> The unsecured server that Lamb exposed in August 2016 is part of an election
> system — the only one in the country that is centrally run and relies upon
> computerized touch-screen machines for its voters — that is now at the heart
> of a legal and political battle with national security implications. > > “I
> was absolutely stunned,” Lamb said of his discovery of the exposed data. And
> he was angered when six months later, despite warning officials at Kennesaw
> State University’s Center for Election Systems (CES), which housed the
> server, the data was still publicly accessible online.

~~~
craftyguy
Unfortunately it seems at least one of the people (Cathy Cox) responsible for
this system is no longer in a place to be held accountable. She should be
tried for negligence, along with the other administrators/politicians that
drove deployment of this system.

------
danso
> _Barnes testified that the server that holds the data that Georgia’s 159
> counties use to build their ballots is “air-gapped,” or isolated from the
> Internet. But he acknowledged that he uses a thumb drive to transfer ballot
> proofs from the server to his desktop computer, which he uses for email.
> From there, he moves the data to a Dropbox-like site, where counties can
> retrieve the ballot data._

Anyone know what "ballot proofs" refers to? I hope that's not just a fancy
terminology for a tab-delimited text file that contains the voting totals. I
wonder what "Dropbox-like" site actually refers to -- a cloud site created in-
house by the state government? Or by a contractor that ostensibly specializes
and is authorized (i.e. fills out the paperwork and background checks) to sell
a file-transfer app that's basically a wrapper around a commercial cloud
service?

~~~
cmiles74
I understand that they need a way to transfer data to and from the machine
that builds the ballots but the method outlined above doesn't fill me with a
lot of confidence. Barnes freely admitted that their desktop computer handles
their email and that they use a thumb drive to transfer data from that desktop
computer to the "air gapped" ballot build server.

If his desktop becomes infected with a virus of some kind, isn't it
straightforward for that virus to infect the thumb drive and then to infect
this server that builds the ballots? My understanding is that most "air
gapped" machines lack USB ports or have those ports plugged so as to
discourage their use.

In terms of what they should be using to transfer data, that is outside of my
wheelhouse. But the current system seems ripe for exploitation by a third
party dedicated to gaining access to this machine that builds the ballots.

~~~
wool_gather
> isn't it straightforward for that virus to infect the thumb drive

Maybe not "straightforward", but, yes, absolutely, that would be a very likely
vector. As I understand it, this is how the Stuxnet worm was designed (the one
that sabotaged the Iranian centrifuges).

------
pjc50
> He said that, a decade ago, the threats came primarily from “dishonest
> insiders or dishonest candidates” or criminals but that “everything changed
> in 2016.” Russia’s efforts to penetrate states’ and counties’ voter
> registration systems and to hack manufacturers’ software “presented a
> substantially new and much more serious form of threat.”

In short, as long as the ballot could be reliably corrupted only by the locals
who'd been bribed the device manufacturer in the first place, the corruption
was stable. But now there's an outside player.

Electronic voting is bad, and Ireland gave up on it, but it's not the only
issue in election integrity. See also: gerrymandering/redistricting, voter
roll purges, etc.

~~~
maxxxxx
It seems to me that the problem in the US is that a lot of people think it's
more important for their party to win than for the election to have integrity.

~~~
pjc50
Well, yes; look at the decades of voter rights litigation. There's a long
history of trying to suppress Black voting. So long as that's still going on
there will be voting integrity problems coming from within state legislatures.

------
3pt14159
I feel like a broken record on this topic. It drives me crazy.

ON-SITE OBSERVERS.

If any person wants to check the vote they should be able to stand there and
watch the whole thing and then demand a manual count on-site immediately
afterwards. No bringing ballots somewhere else to be counted.

Democracy is how we stop violence from deciding resource allocation. It will
be undermined if it is at all possible.

Also, I really hate how electronic voting machines instant tally elections. We
had that here in Ontario[0] and completely aside from my security concerns
over e-voting, having the night end in a single minute ruined the normally fun
nail biting as the results came in on CBC.

[0] Which, by the way, did not allow me to be an on-site observer. Do I
distrust Elections Ontario staff? No, but I shouldn't have to trust people.
This is a fucking election. I ran the last federal one as a DRO. All paper
ballots are 100% secure. The fucking e-voting lobby is evil.

~~~
ergothus
> I really hate how electronic voting machines instant tally elections.

I understand the sentiment, but I dont think entertainment should be any kind
of factor in this decision.

> I shouldn't have to trust people.

Verification systems are great (I fully endorse the electronic-for-
convenience-backed-by-paper system), but ALL systems require that you trust
people. The key is to have sufficient verification, both instant and later, to
make fraud difficult, detectable, and provable.

~~~
sandworm101
>I understand the sentiment, but I dont think entertainment should be any kind
of factor in this decision.

Note that the above poster was talking about Ontario. Canada has a different
relationship with election results. It is illegal for Canadian results,
including entrance/exit polls, to be announced prior to closing. In the US
this would be seen as a radical freedom of speech issue. In Canada it is
normal. In the US it is normal for people to see initial results and perhaps
rush in to vote, or stay home if their candidate is leading. US politicians
also regularly concede defeat based on preliminary results. So someone
fiddling with the display of preliminary electronic results can, in the US,
directly impact the final tally.

That isn't a thing in Canada. We don't expect to know anything until after
polls close. So we have no need of "instant" tallies. Counting happens during
the day but results are not published. Electronic voting might speed it up a
little bit, but never would we get close to the instant feedback possible in
the US.

~~~
ergothus
> In the US it is normal for people to see initial results and perhaps rush in
> to vote, or stay home if their candidate is leading.

Is it? I was under the impression that most everyone had adopted a voluntary
policy of not reporting exit polls prior to closing, at least since 1980, so
that's just shy of 40 years of not doing as you describe. I've certainly been
ignorant of results until polls close. I recall estimations of "turnout by
party" and "what issues motivated you" prior to closing, but not how people
ended up voting.

> It certainly doesn't have anything to do with entertainment.

How do you think the OP meant about the "normally fun nail biting" experience
that is electronic voting "ruined" by ending "in a single minute"?

------
ynniv
In case you missed this finer point, the Secretary of State who has certified
these machines is also the candidate expected to win the election by a small
margin. He has refused to recuse himself from the responsibility of ensuring a
fair election.

~~~
guelo
Kris Kobach had the same arrangement in Kansas recently, he ran the election
and was a candidate. He won very narrowly and many people suspect he stole the
election.

~~~
wool_gather
And this is another angle to the problem. Even if everything _was_ on the
level, just the perception of corruption increases cynicism and decreases
political engagement.

------
lloda
Hand counting of paper ballots is a highly parallel process that can be done
quickly at any scale. The only reason to introduce counting machines is so
that someone can extract money from it.

~~~
specialist
FWIW, most proponets of hand counting advocate "sort & stack". For elections
in the USA, that means a count per race / issue. Some jurisdictions can have
over 30 per ballot.

Further, each precinct has to be tabulated separately. The poll site I ran for
years had 5 precincts, roughly average. We'd have 400-800 ballots per
election, depending.

One change that would make manual counting more feasible would be to split our
ballots into federal, state, local.

Every election administrator I've ever met opposed manual counting. Mostly
because it's a lot of work.

A group of intended to run experiments to determine the effort, cost, accuracy
of manual counts. Simulate a real election, eg print up marked ballots where
the totals are predetermined but not known to the counters. Alas, we never got
our act together before every one burned out.

PS- Any tabulation method has to accommodate marking errors, aka adjudicating
voter intent.

------
ulkesh
As a Georgia resident, this is highly disconcerting. I would be quite happy,
willing, and patient with polling precincts had to switch to all-paper ballots
if it meant guaranteeing that my vote was accurate and actually counted.

While I almost never vote for a winner, since I'm an outside middle-ground
voice in this extremely conservative state (on the whole), I at least want the
confidence that my vote wasn't tampered with. Right now, I have no such
confidence. Yet I will still vote because it is my right and not voting is not
the answer to this problem.

------
jguimont
I do not understand why paper ballot would be difficult to achieve, that is
the easiest to do!

I never voted in the US, but the system seems overly complex for such a simple
exercice. Here in Canada, we have a paper ballot
([http://www.elections.ca/vot/yth/stu/gui/images/dxsmp1-e.jpg](http://www.elections.ca/vot/yth/stu/gui/images/dxsmp1-e.jpg)),
which is pretty simple. The vote is done, the stub is tallied and 2 people
need to verify the vote before dropping it in a sealed box. When the polls
close, the votes are counted, by multiple persons, by hand. Nothing
electronic.

... and there is a single vote at a time, no votes on laws when electing
representative, etc. That is just non sense.

------
beat
I've said this before, but I'll say it again because it's always useful in
these threads...

I believe that a _well designed_ paper ballot system is superior to _any_
paper-free system. Furthermore, I think the concerns of the general public
about what is actually problematic in elections (and what solutions can work)
are generally wrong. I'm basing this on my experience as an election judge in
Minnesota. I'll describe the system, and you can decide for yourself.

Minnesota uses paper ballots read by Scantron machines - the sort of bubble-
marked sheets you used for tests as a kid. We have same-day registration and
provisional ballots available for unregistered or incorrectly registered
voters. We do not require ID for ordinary registered voters. There have been
two statewide recounts in recent years - the 2010 governor's race, and the
national-profile 2008 Franken/Coleman Senate race recount.

Now, the process. First and foremost, _all_ activities that require handling
ballots, whether marked or unmarked, sealed or open, must be done in the
presence of representatives of at least two political parties. It is flatly
illegal for one party to handle ballots alone. This prevents all sorts of
fraud - either adding fraudulent ballots, or removing marked ballots.

Second, a simple paper tally is kept of the number of ballots cast in each
precinct. At count time, the number of votes counted by the machines must
exactly match the number of ballots given to voters. A mismatch triggers a
hand recount of the precinct and a bunch of other validation bureaucracy. This
checksum also prevents the addition/subtraction of ballots at the precinct
level.

Voter machine tallies are spot-checked by hand counts of individual machines -
not enough to slow down the process, but enough to insure that there was no
large-scale alteration of machine behavior.

Registered voters are on paper rolls. When a registered voter arrives, their
name is marked off the list and they are given their ballot. If someone tries
to vote twice as the same person, it's caught (and triggers bureaucracy).
Their ID is not checked. Same-day registration requires ID and proof of
precinct residency; the valid documents are well specified (utility bills,
etc).

Political parties are invited to have poll monitors at any and all precincts,
to keep an eye on the process. The poll watchers do not touch ballots or
participate in the count, but are welcome to observe. They can also challenge
individual voters, which makes ballots provisional and may lead to ID
requirements. (I remember in 2004, the Democratic poll monitor was convinced
the Republican monitor would challenge every single brown-skinned person in
the precinct, and the Republican was convinced the Democrats would bring
busloads of fake voters in from Wisconsin or something. Needless to say, both
were wrong.)

The result of all of this is that highly accurate informal counts are
available on election night, thanks to machine voting, but manual recounts are
always available, thanks to the paper. And the integrity of paper ballots is
strongly protected by process.

The only even arguable gap is the idea of fraudulent voting by using other
people's registrations, or fake registrations. But actually doing this at a
scale large enough to matter is difficult and risky. Minnesota presidential
elections draw about 1.5M voters. To alter the results by 1% would require
15,000 fraudulent votes. If someone could vote once an hour, they could maybe
vote 15 times. You'd need a thousand people, with training, transportation,
and written data. It's hard to keep conspiracy at that scale secret.

So yeah. This is _trustworthy_. And it's simple. It doesn't require exotic
technology. It's mostly just good bureaucracy.

~~~
MrRadar
As a fellow Minnesotan I have high confidence in our election system due to
everything you described above. Given that, it's probably not surprising that
our state regularly has among the highest voter turnout in the nation.

~~~
beat
Every time I see in the news about how Georgia or Ohio or some other barbarian
backwater is having trouble doing something as straightforward as having a
reliable and trustworthy voting system, I want them to just adopt our model
wholesale.

I'm sure the Great State of Minnesota would be happy to host representatives
from other states, offer them our laws and process documentation as a model,
and advise them in joining the world of effective and trustworthy democracy.

------
uptown
This Medium post has another analysis of the Georgia voting issue:

[https://medium.com/@jennycohn1/georgia-6-and-the-voting-
mach...](https://medium.com/@jennycohn1/georgia-6-and-the-voting-machine-
vendors-87278fdb0cdf)

------
cwkoss
I found this medium article investigating fishiness in Georgia elections a
couple weeks ago. [https://medium.com/@jennycohn1/georgia-6-and-the-voting-
mach...](https://medium.com/@jennycohn1/georgia-6-and-the-voting-machine-
vendors-87278fdb0cdf)

Kathy Rogers was GA election director, now has a golden parachute at the
company who manufactures electronic voting machines for GA. She came to my
attention for writing a menacing-but-technically-incompetent letter to DEFCON
vote hacking village attendees.

Skeptical because only published on medium, but seems like Cohn might be onto
something.

------
dalbasal
This is very much an outsider with no skin in the game making suggestions...

Considering that the US is a federation, would it not make sense for the
federal government to run local elections as a service?

This is on the back of another idea that has been floated around for elections
in regions where "free and fair" is an aspirational goal. I stead of an
international body certifying elections, it might be better to have a 3rd
party run the elections, and make all the implementation decisions.

..just to keep a separation of powers between election system and candidates
running within that system. Similarly, as referendums are increasingly
important in many European locales... we need a more nonpolitical body
empowered to finalize the wording. A president perhaps, for "westminster-like"
systems.

~~~
wool_gather
The federal system here is fairly weak, by design -- and the ideology of that
weakness is still prevalent. Making this shift would probably require more
arm-twisting and political capital than the federal government can apply even
when federalists are in power. There's a latent suspicion of the federal
government in the electorate here that is usually pretty easily activated.

I'm also not sure I see the advantage to centralizing this. It's a case of
"many hands make light work". There's a _lot_ to do to conduct an election.
Breaking the task among lots of basically autonomous units, made up of local
individuals instead of some faceless Washington bureaucrats (see, there's that
latent suspicion ;) gives some resilience -- and helps voters feel connected
to the process.

Also worth noting that although the structures of the various intra-state
governments are _broadly_ similar, there's plenty of differences that would be
a pain in the neck for a federal administration.

------
RobertSmith
In India, there has been a debate going on for years that EVMs should be
replaced with the old paper voting method. People against EVMs say that they
can be tampered and results can be altered whereas the other side says it's
very safe to use EVMs.

~~~
beat
At this point, I'm automatically suspicious of any party that says it's
perfectly safe to use paperless voting machines.

------
AngryData
The only electronic voting machine I would ever trust wouldn't have any more
hardware capabilities than a TI-81 calculator. It doesn't need it, and every
bit of extra bullshit and hardware and layers of software is a security
vulnerability. The only other problem I see after doing that would be whether
or not to publicly release the hardware diagrams. Maybe have the gaming
commission verify the machines like they have very successfully done slot
machines and electronic gambling machines.

------
luckycharms810
I think the onset of election season has caused these types of articles to
become in-vogue. I have been surprised by the reactions of what is mostly a
tech savvy community. Full disclaimer, I work at a voting tech company as an
engineer, and just wanted to give my 2 cents.

\- Paper ballots and Risk limiting audits do not actually constitute a perfect
solution to this problem. They do not constitute what is considered an End to
End verifiable voting system. You cannot actually definitively know that your
vote was counted in the final tally, and cast as intended. The Risk limiting
audits as currently structured can only verify that a computer counted a small
sample size of votes as a human would. It cannot confirm all the votes were
counted, or that your vote was not tampered with.

\- Paper ballots also do not address the needs of folks voting over seas, or
those affected with disabilities.

\- When current election systems are often described as easy to hack, the
systems referenced are often hardware that is 10-20 years old. If you look at
the landscape of the Election's industry, there are only 3 vendors that
account for over 90% of the public election market share in America. These
system's were put through certification many years ago, and continue to
operate through those certifications. The result of an inability to innovate
in this space, is that we will continue to use those systems (that many
perceive as vulnerable) for the foreseeable future.

\- Smaller election vendors are encouraging the idea of recurring
certification, as well as more stringent certification requirements.

Most people who use these forums are very capable of understanding concepts
like Asymmetric encryption, checksums, and other tamper proof methodologies
for high value data. If you can trust the idea of an Encrypted e-mail server (
e.g. Lavabit ), or encrypted chat servers (Signal), it should not be hard to
imagine that there is a secure way to conduct elections electronically and
through the internet.

Finally, given how the past few decades have progressed, it seems that you
would be on the wrong side of history to say that electronic voting cannot be
done safely in a digital form. The process needs to be secure, but it also
needs to be convenient, safe, fast, and trustworthy. Observing a few votes
being cast in your polling station is nothing compared to observing every vote
being cast for a given election.

~~~
pedrocr
> it should not be hard to imagine that there is a secure way to conduct
> elections electronically and through the internet

It's hard to imagine because it's completely impossible. In most of the world
not being able to prove you voted for someone in particular is considered a
key characteristic of the vote. No internet based voting guarantees this.

> Finally, given how the past few decades have progressed, it seems that you
> would be on the wrong side of history to say that electronic voting cannot
> be done safely in a digital form. The process needs to be secure, but it
> also needs to be convenient, safe, fast, and trustworthy. Observing a few
> votes being cast in your polling station is nothing compared to observing
> every vote being cast for a given election.

Throwing around claims of wrong side of history would be just an insult it
wasn't so dangerous. Paper voting is not secure because you "observe some
votes being cast in your polling station". It's secure because each polling
station is staffed by political adversaries that do the count together of
every single ballot. This is _much_ better than the level of systematic
verification than you can ever even attempt to do to your huge stack of
software and hardware. It's also a kind of verification that everyone
understands and so it effectively convinces the losing candidates they
actually lost. Which is as much of an important characteristic of a voting
system as getting good counts.

So get off your high horse. Apparently you design these systems and don't
understand the actual safety characteristics of the paper count. The kinds of
attack surface electronic systems add is huge and yet they provide no actual
advantages to properly run elections. The thread is already full of examples
so I won't add more but it's telling that in most of the world this isn't an
issue at all because we just run our simple, cheap, reliable and fast process
like we've always done and forget about it.

------
wolfi1
old, but gold:
[https://m.youtube.com/watch?v=EV_c1-YTk8M#](https://m.youtube.com/watch?v=EV_c1-YTk8M#)

~~~
Someone1234
As an aside, the original source of this joke, which a lot of people
associated with election tampering, was cheap resistive touch screens that
were incorrectly calibrated.

You'd push a location on the screen, but due to normal wear the location that
the press was recorded was wrong, this would get worse the more wear the
screen had and the longer between re-calibration.

Eventually people got videos of you'd push one candidate and another candidate
to the left or right/up or down would receive the vote, often in different
races.

This was a scandal in the sense that the machines were not fit for purpose,
overly cheap, and poorly maintained/serviced. But it wasn't a good example of
election tampering (just one that fit what a lot of people expected to see
when tampering was occuring).

------
maxxxxx
It really worries me for US democracy that they don't seem capable of running
an election in a way that voters feel confident that their votes are counted
correctly. Bush v Gore in 2000 should have been a warning but nothing seems to
have improved and now we even have a president who does everything he can to
undermine trust in election results. Once people start losing trust in
elections and other public institutions the door is wide open for a strongman
who claims to clean up the mess by getting rid of the system. Trump is a start
("clean up the swamp") but things may get much worse.

~~~
beat
Bush vs Gore led directly to the idiotic touchscreen machines. Florida's paper
ballot mechanism sucked, sure. But touchscreens are far, far worse. People
fell for it.

~~~
creaghpatr
That particular system sucked (the 'hanging chads' come to mind), could have
been easily remedied without going electronic though.

------
kevingrahl
I can not access that article, can someone please submit it to archive or has
some other mirror of it?

~~~
dredmorbius
[https://outline.com/https://www.washingtonpost.com/world/nat...](https://outline.com/https://www.washingtonpost.com/world/national-
security/in-georgia-a-legal-battle-over-electronic-vs-paper-
voting/2018/09/16/d655c070-b76f-11e8-94eb-3bd52dfe917b_story.html)

~~~
kevingrahl
Thanks!

------
samirm
Thought this was gonna be about the country :/

------
Pxtl
Obligatory Xkcd link:

[https://xkcd.com/2030/](https://xkcd.com/2030/)

------
Y_Y
Let's rehash that old argument in the comments shall we?

~~~
dsfyu404ed
Pretty much everyone (i.e. by a margin that would be considered a landslide in
a normal election) who works near tech agrees that electronic voting is fine
as long as it produces a paper record (or a uses a paper ballot) per vote
which provides a mechanism to verify the integrity of the system after the
fact and makes tampering hard to scale.

There. Done.

Edit: changed wording, receipt vs record.

~~~
ninkendo
An electronic machine that only exists to print a paper ballot makes the most
sense IMO. You get the convenience and consistency of a touch screen (no
hanging chads), but you get to see the paper that gets printed out and see
that it matches what you put in, and the paper is the actual system of record
that matters.

~~~
chasingthewind
Do you see a role for the electronic machine to provide a count as well? My
sense is that the switch to electronic machines (and the switch to mechanical
booths prior) had to have been driven at least in part to make the preliminary
count easier to obtain.

~~~
Mbioguy
For those of us who want to switch to alternate electoral methods like RCV,
approval voting, multimember districting, etc, using machine counting is a big
deal. If you are paper only, the increased labor to do repeated tabulations
(as is done to an extent in RCV) is significant. It is the reason a bill to
implement RCV in a state I used to live failed, after passing the state house
and being discussed for some time in the state senate.

Whatever counting method you are using and whatever reporting method you are
using, it needs to be verifiable. I still can't believe we had ballots from
2016 that were destroyed after brin subpoenaed, without any consequence for
those who had charge of their possession and safety.

~~~
beat
I beg to differ. I live in Minneapolis, where we do RCV on paper. It has not
caused any of the problems you're talking about.

------
G4BB3R
Paper voting is a waste of resources. And can be frauded the same way as
electronic voting.

~~~
pjc50
Ah yes, it's famously easy to remotely change thousands of pieces of paper
that are locked in boxes.

