Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] The rigging of voting machines?

Joseph Lorenzo Hall joe at cdt.org
Thu Jul 19 04:58:49 PDT 2018


Even after a bit, I'm still not sure where to start, so I'm going to keep
it pithy and I'm sorry I'm not dropping links (they exist so if you have a
particular interest in any of this, please reply and I'll send a link or
two).

Thinking in this area goes back to before the disaster of the 2000
election; Rebecca Mercuri's PhD thesis (working with Peter Neumann) was the
first treatment of a concept we now refer to as "software indpendence" (the
proposition that no undetected error in the vote count could cause an
undetected error in the election outcome) which was formalized by Ron
Rivest and John Wack. (And, of course, Josh Benaloh and David Chaum did
very early work on cryptographically-secured elections, inventing the
mix-net and related concepts that we now use for things beyond voting).

There are a variety of other PhD theses that are a great comprehensive
treatment of some of this history and development, including those of Ping
Yee, Dan Sandler, and myself (all students funded by the NSF ACCURATE
project (A Center for Correct, Usable, Reliable, Accurate, and Transparent
Elections) in the last decade).

No, hand-counted paper ballots are not an answer. First, human-counting
protocols are hard -- humans just can't count well easily -- and they
require designs that may seem pretty crazy at first blush: a typical
counting protocol involves four people and requires sorting ballots into
stacks for each contest and choice and then having one person read each
ballot ("obama, obama, obama, ...." "mccain, mccain, mccain") with two
people making independent tally marks and then announcing each factor of
ten, and a final person looking over the shoulder of the ballot caller to
make sure they read it right.

Sure, that might be possible if the US had simple ballots and a
parliamentary system, but we do not. Our ballots typically are quite long
and contain races across all levels of government, from federal races like
president and vice-president to state races, to county races, to local
races to even things as obscure as "mosquito abatement district
commissioner" in places like California. This can result in (not uncommon)
three page ballots front to back with contests sometime split between
ballot cards.

Moreover, the manpower that it would require to hand-count paper ballots in
a jurisdiction like Los Angeles with 5 million voters is absolutely
untenable; they already have to hand-count 1% of ballots which can take all
30 days of the post-election canvass process with teams working 24/7. To
put it in perspective, Los Angeles has 12 languages it has to support (one
of which has no written form) and they literally pick up ballots using a
fleet of helicopters on county-wide election days (they run an election
every month, but not necessarily county-wide).

And there are very good reasons to use computerized interfaces to mediate
the voting process. Usability and accessibility being the primary ones, and
people make fewer mistakes that result in invalid ballots when they can use
a good interface (that being said, many of these interfaces are quite
horrific). I have been involved for the past 6 years in an effort in Los
Angeles county to build their own voting system that 1) keeps no state (no
computer adding votes); 2) has a amazingly usable user interface; and 3) is
planning on having as much of the system be open source licensed (we can't
open it all because it uses some things for which there are only
proprietary components, like trusted computing elements). We have every
intention to make this system part of a foundation that can hold the code
and allow other jurisdictions (or whomever, as I'd like it to be
modified-BSD) or even vendors to hack on it and produce downstream products.

San Francisco has also been working through how much of their voting system
they can open source, and have recently decided to focus first on a common
component (the election-night reporting software that people and
journalists reload constantly to get updated election results). I wrote
what I think was the first paper on the potential use of free and open
source software in voting applications in 2006 and it's part of my
thesis... the conclusion there still holds: voting is very different than
general purpose computing (these things are used infrequently and cannot be
easily updated legally as we don't want software that hasn't been reviewed
and tested running in live elections) and many of the goals we would like
to get from an open source licensing model or open source development model
(two different things) accrue from allowing and encouraging independent
expert security evaluation (as well as other properties), of which there
have been a number of such efforts including the 2007 California
Top-to-Bottom Review of Voting Systems and the 2007 Ohio EVEREST
(Evaluation and Validation of Election-Related Equipment, Standards and
Testing) Review.

And the best book out there on this whole mess I would argue is still the
wonderful tome by Doug Jones and Barbara Simons called "Broken Ballots"
that does a wonderful job of explaining why this is one of the hardest
problems in sociotechnical systems, and one that we could use good minds to
help out with... but very much ones that are ready to dig into the
complexity and understand how complex the context is:

https://www.amazon.com/Broken-Ballots-Center-Language-Information/dp/1575866366

Ok, I'll shut up now.

On Thu, Jul 19, 2018 at 6:04 AM Joseph Lorenzo Hall <joe at cdt.org> wrote:

> That is a great point and I'll send a short review with links later today.
> Take care, Joe
>
> On Thu, Jul 19, 2018 at 00:25 Yosem Companys <ycompanys at gmail.com> wrote:
>
>> Joe,
>>
>> No offense taken. But as an expert on this subject, you should suggest
>> some resources that list subscribers should read so they may be able to
>> sift through the media sensationalism.
>>
>> We're all experts at certain things and amateurs at others.
>> Unfortunately, we all don't have time to do extensive research on every
>> topic that affects our world. That's why we have intellectual communities
>> of experts to enlighten us.
>>
>> My understanding from having read a number of studies on voting machines
>> is that they're closed source, outdated, and riddled with vulnerabilities.
>> If that is true, then wouldn't a world that decided to use only voting
>> machines increase the likelihood of malicious hacking influencing voter
>> outcomes? I don't see how such a scenario doesn't jeopardize fair elections.
>>
>> I'm not saying that voting machines are better or worse than pen and
>> paper or punch ballots. God knows that there was a time in this country
>> when there were no secret ballots and political henchmen would beat you up
>> for not voting "appropriately." Such scenarios also jeopardized fair
>> elections and were outlawed thanks to the progressive movement.
>>
>> Thanks,
>> Yosem
>>
>> On Wed, Jul 18, 2018 at 8:58 PM, Joseph Lorenzo Hall <joe at cdt.org> wrote:
>>
>>> I'm quoted in the Zetter article, did my PhD at Berkeley hacking voting
>>> machines, have been working on this for fifteen years and this thread is
>>> already ridiculous after just two posts.
>>>
>>> Please take the opportunity to do your homework before thinking any of
>>> what you've written below is true.
>>>
>>> I know it sounds snarky for me to respond like I'm about to but Matt
>>> Blaze summed it up well today with this:
>>>
>>> https://twitter.com/mattblaze/status/1019671716119896064?s=21
>>>
>>> "I should have realized that our decades of focused experience working
>>> on this exact problem would be no match for your gut reaction after reading
>>> about it on the Internet. Why didn't you tell us sooner?"
>>>
>>> I'm usually not this pointy, so I'll apologize now. Best wishes, Joe
>>>
>>> On Wed, Jul 18, 2018 at 21:36 Douglas Lucas <dal at riseup.net> wrote:
>>>
>>>> A crucial topic, thanks for posting Yosem. There's no reason to expect
>>>> one's vote in the United States counts, given our corporate,
>>>> proprietary, closed-source computerized voting. The standard should be
>>>> paper ballots handcounted in public, as in Germany
>>>>
>>>> https://www.dw.com/en/german-election-volunteers-organize-the-voting-and-count-the-ballots/a-40562388
>>>> and Netherlands
>>>>
>>>> https://www.nytimes.com/2017/02/01/world/europe/netherlands-hacking-concerns-hand-count-ballots.html
>>>>
>>>> One would expect the transparency, free/open source software movement
>>>> nonprofits to be all over this topic, but it's typically crickets, I
>>>> guess because it's seen as loony bin third rail stuff. Good books to
>>>> read on the subject -- which include recommendations for action --
>>>> include Bev Harris' BlackBoxVoting.org and Jonathan D. Simon's
>>>> codered2014.com/ (the books basically have the same titles as the
>>>> websites).
>>>>
>>>> Douglas
>>>>
>>>> On 07/18/18 13:58, Yosem Companys wrote:
>>>> > Seems like an issue that goes to the heart of democracy and its
>>>> > survival in the 21st century:
>>>> >
>>>> >
>>>> https://motherboard.vice.com/en_us/article/mb4ezy/top-voting-machine-vendor-admits-it-installed-remote-access-software-on-systems-sold-to-states
>>>> >
>>>> --
>>>> Liberationtech is public & archives are searchable on Google.
>>>> Violations of list guidelines will get you moderated:
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>>>> Unsubscribe, change to digest, or change password by emailing the moderator
>>>> at zakwhitt at stanford.edu.
>>>>
>>> --
>>> Joseph Lorenzo Hall
>>> Chief Technologist, Center for Democracy & Technology [
>>> https://www.cdt.org]
>>> 1401 K ST NW STE 200, Washington DC 20005-3497
>>> e: joe at cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
>>> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>>>
>>> --
>>> Liberationtech is public & archives are searchable on Google. Violations
>>> of list guidelines will get you moderated:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>>> Unsubscribe, change to digest, or change password by emailing the moderator
>>> at zakwhitt at stanford.edu.
>>>
>>
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing the moderator
>> at zakwhitt at stanford.edu.
>
> --
> Joseph Lorenzo Hall
> Chief Technologist, Center for Democracy & Technology [https://www.cdt.org
> ]
> 1401 K ST NW STE 200, Washington DC 20005-3497
> e: joe at cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>


-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
1401 K ST NW STE 200, Washington DC 20005-3497
e: joe at cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20180719/039bb2ce/attachment.html>


More information about the liberationtech mailing list