From: Vicky Davis
"It's not the votes that count,
it's who counts the votes." -- Josef Stalin -- The issue of
paperless, computerized voting systems is about to hit the airwaves again.
There is an incredible amount of disinformation regarding these systems.
There is also a lot of big money behind the disinformers. The reason is
obvious. All you have to do is consider the stakes - and there are no
stakes greater than elections for representatives for U.S. federal and state
offices.
The key questions to
consider are: What are the costs? What are the risks? What are
the benefits?
Simply stated, there
is not an honest, experienced computer professional in the world
who would advocate computerized, paperless voting because the risks are too
great. Computers can't be secured from hacking. That's
it. That's all.
Who doesn't know that
every single major corporation in the country has been hacked at some
time? Why do you buy virus software and firewalls? Are they
100% successful? OF COURSE NOT! Consider the population of people who
manage voting locations. How technically savvy are they likely to
be? (Think of your old Aunt Sally).
If these
computerized, paperless voting systems are installed in your precinct, you might
as well stay home and not bother to vote - because I guarantee you the results
of the election will be fixed - not on a precinct by precinct basis - because
that's not necessary to swing the election. All it takes is to find
statistically significant precincts in statistically significant
states.
That's not to say
that computers can't be used in elections. Computerized voting systems
have the potential to be the best thing that ever happened to voting - but only
if the systems are well designed with integrity of the ballot as the primary
consideration.
What does integrity of the ballot
mean?
It means that
the results of electronic voting must be verifiable to both the voter and the
candidates who are running for office. This is the crux of the issue with
electronic voting. A totally electronic system does not meet the
requirements of verifiability for either the voter or the
candidates.
Integrity of the
ballot also means that the results of the election can be audited and proved
with 100% certainty that the reported results are correct. Both
candidates should be able to perform the audit and arrive at the same results.
The only way to
ensure integrity of the ballot is to have a hard copy of it - meaning a paper
ballot.
To ensure
integrity of the ballot, a computerized voting system should be a TOOL to
produce a PAPER BALLOT that goes into a LOCKED BALLOT BOX.
That's the ONLY way that computers should be used in elections. It
makes voting easy and it is VERIFIABLE. Any
variations on that design should be considered a scam to steal your
vote.
Because
there is so much at stake with these computerized voting systems, the
disinformers have a list of possible 'solutions' to offer that they claim will
ensure the integrity of the ballot. It's important to understand why they
don't meet the requirements for integrity so that no matter who the scammers put
on TV to sell you on the idea of computerized paperless voting, you won't be
fooled.
Open SourceIn computer
systems, there are two forms of instructions that constitute a computer
program. There is the source code that is readable by the programmer and
there is executable code that is readable by the machine. The process of
producing machine executable code from source code is called a
compile. A compile produces a file of binary codes (1's and 0's
on/off) that the machine understands.
The proponents
of Open Source believe or pretend to believe that by being able to read the
source code, they can find flaws in the code that would make electronic voting
more secure and more accurate. They think they will be able to detect
cheating as well as bugs. While they might find problems in the source,
that secures nothing. The act of compiling the source code changes it
so that what is reviewed is not guaranteed to be what is executed on
Election Day.
Besides, a
knowledgeable person can modify the executable code so that it no longer matches
the source code anyway. The replacement of the executable code can be a
wholesale replacement or a patch. The point is that Open Source is not a
viable solution. All it would provide is a false sense of security and it
solves nothing in terms of integrity of the ballot.
Voter Receipt
This is another
one of those false sense of security alternatives presented by the
disinformers. They try to make people think that voting systems are the
same as bank ATM's. The difference obviously is that an ATM is a machine
transaction between two entities - both of which have a stake in the accuracy of
the transaction. The neighbors of the bank customer are not affected by
the transaction.
Think about this
- What good is an individual receipt? Are all the people in San
Francisco going to get together a week after the election so that their
'receipts' can be put together and counted to verify the electronic
totals? Because that's the only way that a computerized vote count
could be verified with a 'receipt'.
Testing and CertificationThis is a
necessary step to ensure that the election officials have setup the candidates
correctly, the machines are working properly and that the code appears to do
what it is supposed to do. It is perfunctory testing at best - rather like
the testing that a speaker does to ensure that his slide projector will
work for a presentation.
While nobody
would argue against doing this because it is necessary, it does not guarantee
that the code that is tested and certified is the same code that will be
executed on Election Day. There is also a control problem just in the sheer
number of precincts, polling places, machines and people involved in the
process.
As stated above,
a knowledgeable person can modify executable code. Another consideration
is, what if a last minute bug is found in the tested and certified code?
What is more important? Fixing the bug or running tested and certified
buggy code?
Internal Audit
Trail
An internal
audit trail, also known as logging can give only a gross statistic on the number
of voters who ostensibly cast ballots. While this number should match the
number of voters on the sign-in sheet, it does nothing to address the problem of
the accuracy of the recorded vote nor the verifiability requirements for the
voters and candidates.
Ballot Image on Write Once MemoryPresumably this
means writing the ballot to an optical disk. While this is an interesting
idea, it still does not meet the requirements for security and
verifiability. It depends on the integrity of the machine, the code and
the people running the election. There is still no guarantee that the
votes cast by the voter are what is written out to the disk. Devices can
be removed and installed in minutes. Copying files, changing elements and
writing new files can be done in minutes. There doesnt have to be
wholesale fraud to change election results, it only needs to be done in a few
key locations. For these reasons, this is not an acceptable
solution.
Paper Wheel as an audit
trail
There are
several problems with this method of audit. First, there would need to be
a window to display the printed audit trail. What if the ballot is bigger
than the window? Is the voter supposed to watch as it prints? And
what if they miss the important part? Paper wheels are bulky and heavy and
they are not easy to audit. The biggest argument against this method of
audit is that it would be very expensive because it would require special
hardware specifically designed for this purpose. Since there are better
and cheaper alternatives, this is not a good solution.
With two ballots electronic and
paper, which one is the ballot of record?
This issue is a
red herring. There are only a couple of ways they could be
different. Either there is a bug in the system or the machine was hacked
and the electronic vote was changed. As such, the paper ballot would have
to be considered the ballot of record because it was the ballot that the voter
reviewed and approved prior to putting it in the ballot box.
Chain of Custody of Paper
Ballots
This is another
red herring. What was the chain of custody before computers? The
chain of custody would be no different than it is for any other kind of paper
ballot. The only difference in a voting system with both electronic and
paper ballots is that there would be less incentive to attempt to modify them or
add/subtract ballots because of the electronic copy of it goes in a different
direction than the paper ballot.
If there is a
paper ballot to back up an electronic vote, electronic votes can be transmitted
to election central. The results would have to be considered preliminary
until a count of the paper ballots. If it was a good clean election and
everything worked properly, the electronic results will match the paper
results.
What happens if the voter looks at the paper ballot and decides
it is wrong?
In order to have
verifiable results between the electronic system and the paper ballots, a unique
identifier must be assigned to a ballot. The unique identifier ties the
paper to the electronic but does not defeat the secret ballot. If a voter
determines that they made a mistake and the printed ballot is incorrect, the
unique identifier can be recorded on a spoiled ballot list and the paper ballot
can be shredded. The voter can sign an affidavit saying that they produced
a spoiled ballot, that they witnessed the recording of the unique identifier on
the spoiled ballot list and that it was accurately recorded and that they
witnessed the shredding of the spoiled ballot. The unique identifiers on
the spoiled ballot list can then be entered into the system to cancel the
electronic ballots. The number of affidavits should match the number of
cancelled ballots keeping the counts in balance.
Wouldnt it still be possible to
stuff the ballot box if somebody is determined?
If internal
controls were built into the system, it would become extremely difficult - if
not impossible to modify the election outcome by generating false ballots.
For example, if the time that each selection is made is recorded on the ballot,
that time would become an audit feature in itself. Computer generated
ballots (produced en masse to swing the election) would have a consistent
timestamp between selections that would be unmistakable. To program
randomness on individual selections within a record would be virtually
impossible. A computer scientist with a statistics background could easily
identify the fraud. Just the possibility of analysis of the data by
a statistician would prevent all but the most foolhardy from attempting to
defeat a dual paper/electronic voting system with internal
controls.
Wont a paper ballot be unwieldy?During one of the congressional hearings, in her statement, a local
election official held up a long narrow strip of paper that looked like a
grocery store receipt for a family of 10. She announced that the strip of
paper would be the ballot from one of their elections.
This was a scare
tactic that was intended to make people think that producing a paper ballot
would be unworkable. It is understandable that an election official might
want to eliminate paper ballots. But, the convenience of an election
official is low priority compared to the bigger issues involved.
This election
officials argument assumes that there can be only one form of a paper
ballot. Since the paper ballot is being printed from a computer system
(i.e. not intended to be marked up by the voter), the only requirements for it
are that it be readable by the voter so that they can verify their
selections. It doesnt matter how many candidates or issues are being
considered in an election, at the point when the paper ballot is being produced,
the question of candidates and issues is a simple yes or no. Blanks by
default are no. From a design point of view, this means that a
standard 8x11 machine-readable (optical scan) form can be used for the paper
ballot. Since the counting of these ballots would occur in the next few
days after an election, the number of locations required for the optical scan
systems would be minimal so cost should not be a significant factor.
Voting by Mail.
If you are too lazy
to go vote on voting day when your ballot is secured and bundled with the rest
of the community, then you don't deserve to vote. It should be obvious
that ballots mailed in can be lost or replaced. There is no way to
guarantee that your ballot counts as you intended. This writer
doesn't even like the idea of absentee ballots - except for the military - for
the same reason as stated above.
Given that we know
for a fact that voting fraud has become institutionalized as evidenced by
computer systems designed for vote fraud, we should do everything possible to
secure the vote - and if that means that people who are out of town on voting
day - don't get to vote, too bad. Make better plans next time. The
personal problems of a few shouldn't affect the majority.
Voting by Internet.
I don't even want to
discuss it. It's out of the question for all the same reasons that apply
to paperless, computerized voting - plus more. Vicky Davis
"I am only one, but I am one. I cannot do
everything, but I can do something. And because I cannot do everything, I will not refuse to do the something that I can do. What I can do, I should do. And what I should do, by the grace of God, I will do." ~ Edward Everett Hale Complete archives at http://www.sitbot.net/ Please let us stay on topic and be civil. OM
SPONSORED LINKS
YAHOO! GROUPS LINKS
|