[E-voting] Open Source voting system

Catherine Ansbro cansbro at eircom.net
Mon Apr 8 15:25:48 IST 2013

Dear Kommer,

You are right about the vulnerabilities, and that even laws do not 
ensure they'll be followed. Your personal experience is a great example, 
isn't it?!

A sorting-only machine could be useful if its results are verified.

There would have to be a function to indicate unclear or invalid 
ballots, whether due to printing, marking, or writing that could 
identify the voter.

With Irish PR-STV with numerous candidates to be ranked, it might not be 
a good idea to sort by machine according to first preferences. Observing 
that step is a crucial part of the validation procedure, and is one of 
the impressive strengths of our voting system.


On 08/04/2013 15:13, Kommer Kleijn wrote:
> Dear Catherine,
> I completely share your concerns. I do however also include imaging 
> systems where all ballot images are immediately published and made 
> available to everyone in the general public, as it is my feeling that 
> a legal framework that would determine the outcome of an election 
> after several citizen recounts provide different results is IMHO close 
> to impossible to conceive and would not be followed in practice 
> anyway. Experience shows that when people (including judges) do not 
> understand the exact reason a rule, they will not follow that rule, 
> even if written in law. I have personally been judged after 
> challenging an election where the judge acknowledged that the rules 
> had been severely broken but where he judged that he did not see how 
> the breaking of those rules could have changed the election results. I 
> have this judgement in writing, no kidding. The reason he did not see 
> how the result could have been altered is without doubt his lack of 
> electronic voting system knowledge or IT knowledge.... He would not 
> know how to use or profit from the unruled situation I declared so he 
> did not feel threatened by it. This is what I mean when I say that 
> people will not follow rules if they do not understand the reason for 
> the rule. This is also why any machine of which the workings are more 
> complex than what absolutely everyone can understand can not be 
> efficiently ruled by legal means. This is why voting systems need to 
> be so simple that all citizens can fully understand their workings. If 
> complex tools are used then the input and output of that very tool 
> must be fully comprehensible for any citizen standing next to that tool.
> What do you think of a sorting-only machine that would not count as 
> per my description in my previous message of today?
> Best regards!,
> Kommer.
>  On 00:22 06/04/2013, Catherine Ansbro wrote:
> -
>> Hi all,
>> I have concerns regarding electronic-based election systems, 
>> including those for counting optical scan ballots.
>> (Possible exception: imaging systems where all ballot images are 
>> immediately published and made available to everyone in the general 
>> public--IF the local laws also enable physical inspection of the 
>> ballots if necessary, without major impediments, with excellent chain 
>> of custody.)
>> I understand lots more about this issue now than I did when I first 
>> became aware & involved in about 2002.
>> Any voting system technology must be considered as part of an entire 
>> election administration "environment", including local legal 
>> framework for administration & contesting elections.
>> Those coming from technology backgrounds are often unfamiliar with 
>> the non-technical implications and vulnerabilities of the election 
>> environment. This is equally true of the open source community 
>> ("security by transparency") as of the "security by secrecy" folks. 
>> (see point 2 below in particular).
>> The technology--with all its own vulnerabilities--represents only a 
>> small part of the entire election environment.
>> Below is a quick summary, off the top of my head, of some concerns, 
>> gleaned from exposure to ongoing proven issues in elections in 
>> Ireland, USA & elsewhere
>> 1) as per Jason Kitkat's email with link 
>> (<http://www.jasonkitcat.com/writings/e-voting/source-availability-e-voting/>http://www.jasonkitcat.com/writings/e-voting/source-availability-e-voting/), 
>> there is no way--EVER--to ensure that the code that runs during an 
>> election is the same as what was installed or tested previously. 
>> Running in test mode is not the same as running in election mode. 
>> "Patches" are often made. Election admins & technicians have access 
>> --> notorious, well-documented issues (including convictions).
>> 2) Election fraud is almost always perpetrated by election 
>> administration INSIDERS. There are many cases of this in USA. Local 
>> convictions are not picked up by national media, and so this pattern 
>> is not widely appreciated.  Media / activists tend to focus on "voter 
>> fraud" when the real problem is insider fraud.  Any systems involving 
>> technology (open source or otherwise) are even more susceptible to 
>> insider fraud than "conventional" paper ballots.
>> 3) The whole election system and its legal framework--different in 
>> every jurisdiction--is crucial.
>> 3.1) For example, with optical scan counting technologies in USA, did 
>> you know that in many states, it is NOT ALLOWED that someone be able 
>> to inspect the actual (paper) ballots?  Even when there are many 
>> sources of prima facie evidence of election fraud, and where 
>> inspecting the physical ballots could resolve this? (e.g., major 
>> cases in Arizona, Colorado, California, Ohio & elsewhere--in all 
>> cases the original ballots were never allowed to be inspected (!), or 
>> in some cases where some (!) could be inspected, there had been no 
>> chain of custody and obvious tampering had taken place (e.g.,  
>> "sorting" of the ballots by admin prior to recount, which was 
>> expressly forbidden by law)
>> 3.2) In some cases, optical scan paper ballots are being deemed not 
>> to be "election records" and have even been destroyed during the 
>> period in which election materials were required to be retained, 
>> since just the electronic version was deemed to be the formal 
>> election record.
>> 3.3) In some states/counties, any inspection can only be made AFTER 
>> the election results have been irrevocably determined. In some 
>> states/counties, election laws put in place virtually impossible 
>> barriers to recounts or inspection of the original ballots. For 
>> example, only a candidate has "standing" to request such a recount..
>> 3.4) Even in the rare cases where there is standing, the person 
>> requesting must pay all the costs (often exorbitant and prohitive).
>> 3.5) Some place require that before doing any kind of recount (even 
>> of a sample precinct) one must prove that any discrepancy would have 
>> changed the election result. (So small discrepancies must be 
>> ignored--even if small discrepancies in many locations could add up 
>> to a big discrepancy.)
>> 3.6) And/or, recounts are only possible when the margin of difference 
>> is less than X%.  (And with software, it is easy to make sure to 
>> avoid that little situation never arises.)
>> 3.7) (and what if it was a ballot initiative or policy proposition, 
>> not an election--who has "standing" then?) (In USA, some major zoning 
>> issues are voted on, or other issues with massive financial 
>> implications so lots of incentive to get the "right" result)
>> 3.8) Several systems have been proposed which offer elaborate methods 
>> (involving technology, encryption etc) by which an INDIVIDUAL voter 
>> can validate their INDIVIDUAL vote--but offering no way in which 
>> anyone can validate ALL the votes of an entire election (Thus there's 
>> no way to uncover fraud that did not involve your personal vote.)
>> Some specific proven issues relating to optical scan technology (off 
>> the top of my head, not a complete list)
>> 9) many technical issues have surfaced in USA, some / all of which 
>> can be used as a mechanism to affect election integrity. These include:
>> 9.a) the kind of pen / marking device, and the kind of sensor, and 
>> ways these can be deliberately mismatched to skew results
>> 9.b) incorporating bar codes onto the ballot that link the ballot to 
>> the voter (without the voter being aware of it; local government 
>> having repeatedly denied this, but then it's publicly proven) (thus 
>> lots of opportunities for collecting what should be private voting 
>> information, whether by the local gov't / corrupt election officials 
>> / corrupt voting technology companies or consultants)
>> 9.c) not having proper auditing for ALL BALLOTS PRINTED, all ballots 
>> used, and proper reconciliations of all of these (many documented 
>> instances of this). This includes photocopied ballots (!) used in 
>> situations when there were not enough regular ballots
>> 9.d) inadequate or (more commonly) nonexistent chain of custoy of the 
>> original paper ballots.  (In a paper-only "non-electronic" system, 
>> this is the main issue. But when other technologies are added, the 
>> number of points of vulnerability--particularly to fraud by 
>> insiders--increases exponentially.)
>> ***Re: optical scan, the versions that are designed to image all the 
>> ballots & then make those images available to EVERYONE w/o 
>> hassle--and if the original physical ballots possibly availalbe with 
>> excellent chain of custody--could be useful. Anything other than 
>> this, no thank you.***
>> Don't forget other vulnerabilities of all election systems--IT'S NOT 
>> --registration of who can vote, who controls this process, who keeps 
>> the records, and who can alter these records (lots of documented 
>> insider fraud in relation to this)
>> --validation that the person who supposedly voted is truly the person 
>> who voted
>> --integrity of any ballot storage or transmission (chain of custody) 
>> (e.g., in Ireland, chain of custody is with the Gardai! And AFAIK 
>> this has never been questioned for its appropriateness--I've never 
>> heard of candidates being able to assign representatives to ride / 
>> stay with those ballot boxes, and Gardai like any election insider 
>> are a major risk)
>> --validation of the count
>> Said better & more succinctly by Bev Harris: "The public must be able 
>> to see and authenticate these four essential steps for an election to 
>> be public, democratic, and valid: (1) Who can vote (voter list); (2) 
>> Who did vote (3) The original count; (4) Chain of custody."
>> See Also:
>> A) article from TODAY with just a few shocking examples (!) of 
>> convicted corruption involving local gov't officials, election 
>> administrators, and election technology companies & contractors:
>> <http://www.bbvforums.org/forums/messages/8/82415.html#POST59250>http://www.bbvforums.org/forums/messages/8/82415.html#POST59250 
>> B) post about process concealment:
>> <http://www.bbvforums.org/forums/messages/8/80594.html>http://www.bbvforums.org/forums/messages/8/80594.html 
>> As for any consideration of voting using internet -- I won't even 
>> start, as the vulnerabilities are so devastating and well-documented. 
>> Even the US Dept. of Defence gave up trying to develop a secure 
>> voting system.
>> Best wishes,
>> Catherine
>> _______________________________________________
>> E-voting mailing list
>> E-voting at lists.stdlib.net
>> http://lists.stdlib.net/mailman/listinfo/e-voting
>> http://evoting.cs.may.ie/
> ---
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2013.0.2904 / Virus Database: 2641/6224 - Release Date: 04/04/13

More information about the E-voting mailing list