[E-voting] Open Source voting system

Kommer Kleijn kommer at vooreva.be
Mon Apr 8 15:13:44 IST 2013

Dear Catherine,

I completely share your concerns. I do however also include imaging 
systems where all ballot images are immediately published and made 
available to everyone in the general public, as it is my feeling that 
a legal framework that would determine the outcome of an election 
after several citizen recounts provide different results is IMHO 
close to impossible to conceive and would not be followed in practice 
anyway. Experience shows that when people (including judges) do not 
understand the exact reason a rule, they will not follow that rule, 
even if written in law. I have personally been judged after 
challenging an election where the judge acknowledged that the rules 
had been severely broken but where he judged that he did not see how 
the breaking of those rules could have changed the election results. 
I have this judgement in writing, no kidding. The reason he did not 
see how the result could have been altered is without doubt his lack 
of electronic voting system knowledge or IT knowledge.... He would 
not know how to use or profit from the unruled situation I declared 
so he did not feel threatened by it. This is what I mean when I say 
that people will not follow rules if they do not understand the 
reason for the rule. This is also why any machine of which the 
workings are more complex than what absolutely everyone can 
understand can not be efficiently ruled by legal means. This is why 
voting systems need to be so simple that all citizens can fully 
understand their workings. If complex tools are used then the input 
and output of that very tool must be fully comprehensible for any 
citizen standing next to that tool.

What do you think of a sorting-only machine that would not count as 
per my description in my previous message of today?

Best regards!,


  On 00:22 06/04/2013, Catherine Ansbro wrote:
>Hi all,
>I have concerns regarding electronic-based election systems, 
>including those for counting optical scan ballots.
>(Possible exception: imaging systems where all ballot images are 
>immediately published and made available to everyone in the general 
>public--IF the local laws also enable physical inspection of the 
>ballots if necessary, without major impediments, with excellent 
>chain of custody.)
>I understand lots more about this issue now than I did when I first 
>became aware & involved in about 2002.
>Any voting system technology must be considered as part of an entire 
>election administration "environment", including local legal 
>framework for administration & contesting elections.
>Those coming from technology backgrounds are often unfamiliar with 
>the non-technical implications and vulnerabilities of the election 
>environment. This is equally true of the open source community 
>("security by transparency") as of the "security by secrecy" folks. 
>(see point 2 below in particular).
>The technology--with all its own vulnerabilities--represents only a 
>small part of the entire election environment.
>Below is a quick summary, off the top of my head, of some concerns, 
>gleaned from exposure to ongoing proven issues in elections in 
>Ireland, USA & elsewhere
>1) as per Jason Kitkat's email with link 
>there is no way--EVER--to ensure that the code that runs during an 
>election is the same as what was installed or tested previously. 
>Running in test mode is not the same as running in election mode. 
>"Patches" are often made. Election admins & technicians have access 
>--> notorious, well-documented issues (including convictions).
>2) Election fraud is almost always perpetrated by election 
>administration INSIDERS. There are many cases of this in USA. Local 
>convictions are not picked up by national media, and so this pattern 
>is not widely appreciated.  Media / activists tend to focus on 
>"voter fraud" when the real problem is insider fraud.  Any systems 
>involving technology (open source or otherwise) are even more 
>susceptible to insider fraud than "conventional" paper ballots.
>3) The whole election system and its legal framework--different in 
>every jurisdiction--is crucial.
>3.1) For example, with optical scan counting technologies in USA, 
>did you know that in many states, it is NOT ALLOWED that someone be 
>able to inspect the actual (paper) ballots?  Even when there are 
>many sources of prima facie evidence of election fraud, and where 
>inspecting the physical ballots could resolve this? (e.g., major 
>cases in Arizona, Colorado, California, Ohio & elsewhere--in all 
>cases the original ballots were never allowed to be inspected (!), 
>or in some cases where some (!) could be inspected, there had been 
>no chain of custody and obvious tampering had taken place 
>(e.g.,  "sorting" of the ballots by admin prior to recount, which 
>was expressly forbidden by law)
>3.2) In some cases, optical scan paper ballots are being deemed not 
>to be "election records" and have even been destroyed during the 
>period in which election materials were required to be retained, 
>since just the electronic version was deemed to be the formal 
>election record.
>3.3) In some states/counties, any inspection can only be made AFTER 
>the election results have been irrevocably determined. In some 
>states/counties, election laws put in place virtually impossible 
>barriers to recounts or inspection of the original ballots. For 
>example, only a candidate has "standing" to request such a recount..
>3.4) Even in the rare cases where there is standing, the person 
>requesting must pay all the costs (often exorbitant and prohitive).
>3.5) Some place require that before doing any kind of recount (even 
>of a sample precinct) one must prove that any discrepancy would have 
>changed the election result. (So small discrepancies must be 
>ignored--even if small discrepancies in many locations could add up 
>to a big discrepancy.)
>3.6) And/or, recounts are only possible when the margin of 
>difference is less than X%.  (And with software, it is easy to make 
>sure to avoid that little situation never arises.)
>3.7) (and what if it was a ballot initiative or policy proposition, 
>not an election--who has "standing" then?) (In USA, some major 
>zoning issues are voted on, or other issues with massive financial 
>implications so lots of incentive to get the "right" result)
>3.8) Several systems have been proposed which offer elaborate 
>methods (involving technology, encryption etc) by which an 
>INDIVIDUAL voter can validate their INDIVIDUAL vote--but offering no 
>way in which anyone can validate ALL the votes of an entire election 
>(Thus there's no way to uncover fraud that did not involve your 
>personal vote.)
>Some specific proven issues relating to optical scan technology (off 
>the top of my head, not a complete list)
>9) many technical issues have surfaced in USA, some / all of which 
>can be used as a mechanism to affect election integrity.  These include:
>9.a) the kind of pen / marking device, and the kind of sensor, and 
>ways these can be deliberately mismatched to skew results
>9.b) incorporating bar codes onto the ballot that link the ballot to 
>the voter (without the voter being aware of it; local government 
>having repeatedly denied this, but then it's publicly proven) (thus 
>lots of opportunities for collecting what should be private voting 
>information, whether by the local gov't / corrupt election officials 
>/ corrupt voting technology companies or consultants)
>9.c) not having proper auditing for ALL BALLOTS PRINTED, all ballots 
>used, and proper reconciliations of all of these (many documented 
>instances of this). This includes photocopied ballots (!) used in 
>situations when there were not enough regular ballots
>9.d) inadequate or (more commonly) nonexistent chain of custoy of 
>the original paper ballots.  (In a paper-only "non-electronic" 
>system, this is the main issue. But when other technologies are 
>added, the number of points of vulnerability--particularly to fraud 
>by insiders--increases exponentially.)
>***Re: optical scan, the versions that are designed to image all the 
>ballots & then make those images available to EVERYONE w/o 
>hassle--and if the original physical ballots possibly availalbe with 
>excellent chain of custody--could be useful. Anything other than 
>this, no thank you.***
>Don't forget other vulnerabilities of all election systems--IT'S NOT 
>--registration of who can vote, who controls this process, who keeps 
>the records, and who can alter these records (lots of documented 
>insider fraud in relation to this)
>--validation that the person who supposedly voted is truly the 
>person who voted
>--integrity of any ballot storage or transmission (chain of custody) 
>(e.g., in Ireland, chain of custody is with the Gardai! And AFAIK 
>this has never been questioned for its appropriateness--I've never 
>heard of candidates being able to assign representatives to ride / 
>stay with those ballot boxes, and Gardai like any election insider 
>are a major risk)
>--validation of the count
>Said better & more succinctly by Bev Harris: "The public must be 
>able to see and authenticate these four essential steps for an 
>election to be public, democratic, and valid: (1) Who can vote 
>(voter list); (2) Who did vote (3) The original count; (4) Chain of 
>See Also:
>A) article from TODAY with just a few shocking examples (!) of 
>convicted corruption involving local gov't officials, election 
>administrators, and election technology companies & contractors:
>B) post about process concealment:
>As for any consideration of voting using internet -- I won't even 
>start, as the vulnerabilities are so devastating and 
>well-documented. Even the US Dept. of Defence gave up trying to 
>develop a secure voting system.
>Best wishes,
>E-voting mailing list
>E-voting at lists.stdlib.net

More information about the E-voting mailing list