[E-voting] Open Source voting system

Kommer Kleijn kommer at vooreva.be
Tue Apr 9 19:06:22 IST 2013


  On 16:25 08/04/2013, Catherine Ansbro wrote:
>A sorting-only machine could be useful if its results are verified.

Yes, the citizens polling workers would need to check the piles for 
sorting errors. This is so easy to do before or while counting that I 
have high hopes it will actually be done systematically. Also, this 
verification does not require any computer knowledge nor any 
crytography knowledge. Any polling worker can grab any pile and browse it.

>There would have to be a function to indicate unclear or invalid 
>ballots, whether due to printing, marking, or writing that could 
>identify the voter.

Yes, but that would not require additonal organs on the machine. In 
my imagination unclear ballots (whatever reason) would simply be 
sorted in tray two (the tray for the not selected ballots in that 
run). That way, after all parties have been recognised and formed 
into piles, a pile with only unrecognised ballots would simply 
remain. These ballots can then be examined by humans and sorted manually.

>With Irish PR-STV with numerous candidates to be ranked, it might 
>not be a good idea to sort by machine according to first 
>preferences. Observing that step is a crucial part of the validation 
>procedure, and is one of the impressive strengths of our voting system.

Yes, I know the Irish system is complex. I understand that in that 
situation a sorting machine may or may not be helpfull.

Best regards!,


>On 08/04/2013 15:13, Kommer Kleijn wrote:
>>Dear Catherine,
>>I completely share your concerns. I do however also include imaging 
>>systems where all ballot images are immediately published and made 
>>available to everyone in the general public, as it is my feeling 
>>that a legal framework that would determine the outcome of an 
>>election after several citizen recounts provide different results 
>>is IMHO close to impossible to conceive and would not be followed 
>>in practice anyway. Experience shows that when people (including 
>>judges) do not understand the exact reason a rule, they will not 
>>follow that rule, even if written in law. I have personally been 
>>judged after challenging an election where the judge acknowledged 
>>that the rules had been severely broken but where he judged that he 
>>did not see how the breaking of those rules could have changed the 
>>election results. I have this judgement in writing, no kidding. The 
>>reason he did not see how the result could have been altered is 
>>without doubt his lack of electronic voting system knowledge or IT 
>>knowledge.... He would not know how to use or profit from the 
>>unruled situation I declared so he did not feel threatened by it. 
>>This is what I mean when I say that people will not follow rules if 
>>they do not understand the reason for the rule. This is also why 
>>any machine of which the workings are more complex than what 
>>absolutely everyone can understand can not be efficiently ruled by 
>>legal means. This is why voting systems need to be so simple that 
>>all citizens can fully understand their workings. If complex tools 
>>are used then the input and output of that very tool must be fully 
>>comprehensible for any citizen standing next to that tool.
>>What do you think of a sorting-only machine that would not count as 
>>per my description in my previous message of today?
>>Best regards!,
>>  On 00:22 06/04/2013, Catherine Ansbro wrote:
>>>Hi all,
>>>I have concerns regarding electronic-based election systems, 
>>>including those for counting optical scan ballots.
>>>(Possible exception: imaging systems where all ballot images are 
>>>immediately published and made available to everyone in the 
>>>general public--IF the local laws also enable physical inspection 
>>>of the ballots if necessary, without major impediments, with 
>>>excellent chain of custody.)
>>>I understand lots more about this issue now than I did when I 
>>>first became aware & involved in about 2002.
>>>Any voting system technology must be considered as part of an 
>>>entire election administration "environment", including local 
>>>legal framework for administration & contesting elections.
>>>Those coming from technology backgrounds are often unfamiliar with 
>>>the non-technical implications and vulnerabilities of the election 
>>>environment. This is equally true of the open source community 
>>>("security by transparency") as of the "security by secrecy" 
>>>folks. (see point 2 below in particular).
>>>The technology--with all its own vulnerabilities--represents only 
>>>a small part of the entire election environment.
>>>Below is a quick summary, off the top of my head, of some 
>>>concerns, gleaned from exposure to ongoing proven issues in 
>>>elections in Ireland, USA & elsewhere
>>>1) as per Jason Kitkat's email with link 
>>>there is no way--EVER--to ensure that the code that runs during an 
>>>election is the same as what was installed or tested previously. 
>>>Running in test mode is not the same as running in election mode. 
>>>"Patches" are often made. Election admins & technicians have 
>>>access --> notorious, well-documented issues (including convictions).
>>>2) Election fraud is almost always perpetrated by election 
>>>administration INSIDERS. There are many cases of this in USA. 
>>>Local convictions are not picked up by national media, and so this 
>>>pattern is not widely appreciated.  Media / activists tend to 
>>>focus on "voter fraud" when the real problem is insider 
>>>fraud.  Any systems involving technology (open source or 
>>>otherwise) are even more susceptible to insider fraud than 
>>>"conventional" paper ballots.
>>>3) The whole election system and its legal framework--different in 
>>>every jurisdiction--is crucial.
>>>3.1) For example, with optical scan counting technologies in USA, 
>>>did you know that in many states, it is NOT ALLOWED that someone 
>>>be able to inspect the actual (paper) ballots?  Even when there 
>>>are many sources of prima facie evidence of election fraud, and 
>>>where inspecting the physical ballots could resolve this? (e.g., 
>>>major cases in Arizona, Colorado, California, Ohio & elsewhere--in 
>>>all cases the original ballots were never allowed to be inspected 
>>>(!), or in some cases where some (!) could be inspected, there had 
>>>been no chain of custody and obvious tampering had taken place (e.g.,
>>>"sorting" of the ballots by admin prior to recount, which was 
>>>expressly forbidden by law)
>>>3.2) In some cases, optical scan paper ballots are being deemed 
>>>not to be "election records" and have even been destroyed during 
>>>the period in which election materials were required to be 
>>>retained, since just the electronic version was deemed to be the 
>>>formal election record.
>>>3.3) In some states/counties, any inspection can only be made 
>>>AFTER the election results have been irrevocably determined. In 
>>>some states/counties, election laws put in place virtually 
>>>impossible barriers to recounts or inspection of the original 
>>>ballots. For example, only a candidate has "standing" to request 
>>>such a recount..
>>>3.4) Even in the rare cases where there is standing, the person 
>>>requesting must pay all the costs (often exorbitant and prohitive).
>>>3.5) Some place require that before doing any kind of recount 
>>>(even of a sample precinct) one must prove that any discrepancy 
>>>would have changed the election result. (So small discrepancies 
>>>must be ignored--even if small discrepancies in many locations 
>>>could add up to a big discrepancy.)
>>>3.6) And/or, recounts are only possible when the margin of 
>>>difference is less than X%.  (And with software, it is easy to 
>>>make sure to avoid that little situation never arises.)
>>>3.7) (and what if it was a ballot initiative or policy 
>>>proposition, not an election--who has "standing" then?) (In USA, 
>>>some major zoning issues are voted on, or other issues with 
>>>massive financial implications so lots of incentive to get the 
>>>"right" result)
>>>3.8) Several systems have been proposed which offer elaborate 
>>>methods (involving technology, encryption etc) by which an 
>>>INDIVIDUAL voter can validate their INDIVIDUAL vote--but offering 
>>>no way in which anyone can validate ALL the votes of an entire 
>>>election (Thus there's no way to uncover fraud that did not 
>>>involve your personal vote.)
>>>Some specific proven issues relating to optical scan technology 
>>>(off the top of my head, not a complete list)
>>>9) many technical issues have surfaced in USA, some / all of which 
>>>can be used as a mechanism to affect election integrity. These include:
>>>9.a) the kind of pen / marking device, and the kind of sensor, and 
>>>ways these can be deliberately mismatched to skew results
>>>9.b) incorporating bar codes onto the ballot that link the ballot 
>>>to the voter (without the voter being aware of it; local 
>>>government having repeatedly denied this, but then it's publicly 
>>>proven) (thus lots of opportunities for collecting what should be 
>>>private voting information, whether by the local gov't / corrupt 
>>>election officials / corrupt voting technology companies or consultants)
>>>9.c) not having proper auditing for ALL BALLOTS PRINTED, all 
>>>ballots used, and proper reconciliations of all of these (many 
>>>documented instances of this). This includes photocopied ballots 
>>>(!) used in situations when there were not enough regular ballots
>>>9.d) inadequate or (more commonly) nonexistent chain of custoy of 
>>>the original paper ballots.  (In a paper-only "non-electronic" 
>>>system, this is the main issue. But when other technologies are 
>>>added, the number of points of vulnerability--particularly to 
>>>fraud by insiders--increases exponentially.)
>>>***Re: optical scan, the versions that are designed to image all 
>>>the ballots & then make those images available to EVERYONE w/o 
>>>hassle--and if the original physical ballots possibly availalbe 
>>>with excellent chain of custody--could be useful. Anything other 
>>>than this, no thank you.***
>>>Don't forget other vulnerabilities of all election systems--IT'S 
>>>--registration of who can vote, who controls this process, who 
>>>keeps the records, and who can alter these records (lots of 
>>>documented insider fraud in relation to this)
>>>--validation that the person who supposedly voted is truly the 
>>>person who voted
>>>--integrity of any ballot storage or transmission (chain of 
>>>custody) (e.g., in Ireland, chain of custody is with the Gardai! 
>>>And AFAIK this has never been questioned for its 
>>>appropriateness--I've never heard of candidates being able to 
>>>assign representatives to ride / stay with those ballot boxes, and 
>>>Gardai like any election insider are a major risk)
>>>--validation of the count
>>>Said better & more succinctly by Bev Harris: "The public must be 
>>>able to see and authenticate these four essential steps for an 
>>>election to be public, democratic, and valid: (1) Who can vote 
>>>(voter list); (2) Who did vote (3) The original count; (4) Chain 
>>>of custody."
>>>See Also:
>>>A) article from TODAY with just a few shocking examples (!) of 
>>>convicted corruption involving local gov't officials, election 
>>>administrators, and election technology companies & contractors:
>>>B) post about process concealment:
>>>As for any consideration of voting using internet -- I won't even 
>>>start, as the vulnerabilities are so devastating and 
>>>well-documented. Even the US Dept. of Defence gave up trying to 
>>>develop a secure voting system.
>>>Best wishes,
>>>E-voting mailing list
>>>E-voting at lists.stdlib.net
>>No virus found in this message.
>>Checked by AVG - www.avg.com
>>Version: 2013.0.2904 / Virus Database: 2641/6224 - Release Date: 04/04/13

More information about the E-voting mailing list