Why is any e-voting necessary in the first place?
|
| Author | Content |
|---|---|
| mfioretti Sep 29, 2008 12:23 AM EDT |
Greetings, I keep finding article like this explaining how to make e-voting work, but can somebody please tell me WHY it is necessary to e-vote, if the thing is so darn complicated and risky? Does ONE report exist which is not written by some Diebold salesman and PROVES that it is absolutely necessary to give up paper voting because e-voting has such huge real advantages that we can't do without? I've never read one, please provide links if it exist. Oh, and no, "being able to know the results in 2/3 hours" is not a valid reason. If a country cannot wait 2/3 days every few years to make sure its next chiefs aren't the ones who got more votes, it has bigger problems than voting systems. Thanks M. |
| jdixon Sep 29, 2008 12:25 PM EDT |
> ...WHY it is necessary to e-vote... It isn't > Oh, and no, "being able to know the results in 2/3 hours" is not a valid reason. Even if it were, that's not an obstacle to pen and paper voting. You just need enough people to count the votes.. |
| hkwint Sep 29, 2008 6:11 PM EDT |
Or you can make an 'electronic scanning device' to make a diagnostic 'first count' to provide the non-official results ASAP for the sake of the TV-shows, and after that do the official counting by hand. Or just punch some holes. |
| mfioretti Sep 30, 2008 11:39 AM EDT |
>> ...WHY it is necessary to e-vote...
>It isn't I know. The sense of my question is "I want to be 100% sure that my feeling that concrete justifications for e-voting were never provided" is right. Recently I've had several independent discussions with people who said "e-voting is good and absolutely necessary" but utterly failed to give any reason for such an assertion which wasn't some mix of: a) I am so immature that I cannot wait more than two hours after voting ends to know the official result b) I'd rather die than be seen voting with pen and paper, they're so 19th century, what would my foreign friend say? c) the TV networks MUST make and comment real time exit polls to get more money for the ads they put in those talk shows. We the citizens are too dumb to ignore those shows or at least to not take them seriously, so if the official results three days later differed from the polls we'd freak out. So my request is always valid, please write here and/or to me directly at marco at digifreedom dot net any time if you can provide links to the kind of reports I asked for in my original question, thanks. Ciao, Marco |
| Sander_Marechal Sep 30, 2008 11:47 AM EDT |
Quoting:Recently I've had several independent discussions with people who said "e-voting is good and absolutely necessary" but utterly failed to give any reason for such an assertion Here's one: Having the ability to check that my vote was counted correctly myself. That's something pen & paper can't provide. It's also something that current e-voting systems don't provide. But it could be provided as discussed in http://lxer.com/module/forums/t/27856/ |
| mfioretti Sep 30, 2008 12:37 PM EDT |
"Here's one: Having the ability to check that my vote was counted correctly myself. That's something pen & paper can't provide. It's also something that current e-voting systems don't provide. But it could be provided as discussed in [HYPERLINK@lxer.com]" sorry, Sander, may I ask you to point exactly to which part of that thread you refer to? Is it the second post in that thread? If yes: please explain how do you make SURE that those codes aren't used by others to find out what you voted. Secrecy of vote is, at least in theory, one of the must-have of voting, to make sure that everybody can vote what he or she wants without pressure. For the record, the website http://www.electronic-voting.org/ (not from me) goes to much more detail to explain why anything that could be used to track a political vote to the person who cast it is bad. I don't endorse the system they propose, but I think they describe the basic problems pretty well. Do you think that they are wrong and/or that we should give up secrecy? |
| Sander_Marechal Sep 30, 2008 12:51 PM EDT |
Yes, it's the second post.Quoting:please explain how do you make SURE that those codes aren't used by others to find out what you voted. That's an implementation detail best left to security experts. The basic idea is sound. |
| mfioretti Sep 30, 2008 1:08 PM EDT |
I forgot to add one thing: "Here's one: Having the ability to check that my vote was counted correctly myself. That's something pen & paper can't provide As I said, I've had many discussions with several people on this very topic. I have noticed that this huge concern that one's vote was counted correctly, and the related need to check personally, almost always come from people who already vote in some more or less mechanic way, that is with non-electronic voting machines. People who vote with pen & paper, that is in a way that, intrinsically: is so simple that everybody who knows the 3 Rs can effectively count and check totals, that is be an effective booth staff member requires active engagement of MANY, MANY more people in many places to alter the general result in any meaningful way well, those people feel the need to "check by themselves" much less, just because a pen&paper-only system is immensely more robust (democracy-wise) than anything based on machines that only trained professionals with special tools could confirm they're working properly. Those voters instinctively know that bad guys may find not worth to mess with a manual count, so they're relaxed. May it be that the "check my own vote myself" anxiety simply comes from realizing, more or less unconsciously, that you've got yourself in a situation you can't control but can be abused? If so, isn't much better to get back to a more robust system? Anyway, let's go back to my original question and let's rephrase it as: does any study exists which proves that: 1) probability of tampering is much higher with paper-only voting than with e-voting 2) checking one's e-vote is absolutely necessary but can be done without introducing even greater risks of compromising secrecy? 3) A not-secret voting system (as e-voting with checking capabilities may be) would make more people vote, at least as freely as with paper voting? marco |
| mfioretti Sep 30, 2008 1:42 PM EDT |
That's an implementation detail actually, that's the central point. If vote isn't secret, many people wouldn't vote, and if isn't secret you don't need machines anyway. best left to security experts. of course, I am not asking you to implement this function. I am asking: 1) has any expert found a solution to guarantee 100% secrecy in e-voting? If yes, where's the link to that proposal and to opinions of other security experts? 2) (this was question 1 of my other post): is there any report proving that probability of tampering is much higher with paper-only voting than with e-voting? Because only in that case it makes sense to ask question 1 The basic idea is sound. with all respect, we could say the same of a proposal to make cars move with magic instead of fuel: zero cost, zero pollution, less political problems... If the basic idea is sound but not feasible in a secret way, we still are without any reasons to e-vote, aren't we? I am not looking for ways to patch e-vote, I'm looking for proofs that it is necessary, that is that it solves many real (not perceived) problems without creating more serious real problems. Marco |
| NoDough Sep 30, 2008 2:21 PM EDT |
Marco, I don't understand why you think the check code would invalidate the secrecy of the vote. 1) Voter walks in to polls and identity/registration is checked. 2) Voter walks from registration desk to voting booths, identity/registration info no longer needed. 3) Voting machine records vote, associates with code, displays code for voter. 4) Voter walks out of polls with code in memory or jotted down somewhere. Nowhere is there a link between the voter's identity and the code. A malicious person could take measures to link the code to the voter, but that's equally true with a paper ballot. I am neither advocating nor opposing check codes (or, for that matter, e-voting,) but I think your assumptions are faulty. |
| mfioretti Sep 30, 2008 2:32 PM EDT |
Quoting: I don't understand why you think the check code would invalidate the secrecy of the vote. Since, as you said, this is something security experts should solve and, as I said, started this thread to find reports and studies from experts on this and other e-voting problems to prove that a) e-voting is good and necessary, b) these problems can be solved, do such reports exist? This said: Quoting: 1) Voter walks in to polls and identity/registration is checked. 2) Voter walks from registration desk to voting booths, identity/registration info no longer needed. 3) Voting machine records vote, associates with code, displays code for voter. 4) Voter walks out of polls with code in memory or jotted down somewhere. Wrong. No, thanks. Doing as you say, if you mess with the machine to get a time-ordered list of the verification codes, all you have to do is to write down the order in which people entered the booth, print the code list,, put the two pieces of paper side by side and secrecy goes out of the window. Whereas with paper ballots, once you've shaken the box before opening it, there's no way to figure out in which order they were inserted. No, thanks. |
| jezuch Sep 30, 2008 3:26 PM EDT |
mfioretti, the function you're asking for has already been invented. It's called MD5. |
| theboomboomcars Sep 30, 2008 3:29 PM EDT |
Why do you need to record the time of the vote? If the number is assigned randomly the stored in the database numerically, there would be no way to tell in which order the votes were cast if the time of voting wasn't stored. |
| tuxchick Sep 30, 2008 3:37 PM EDT |
This whole discussion indicates a level of distrust that may be impossible to cure. Understandably, of course. So I propose returning to a more definitive, much simpler form of selecting leaders: cage fighting. Stick the whole lot in the cage, sic 'em on each other, and whoever is left standing after 30 minutes wins. |
| jezuch Sep 30, 2008 3:41 PM EDT |
Quoting:WHY it is necessary to e-vote Good question. It isn't. BUT That's only because we're still using a system developed for a world before railroads and telegraph. People, we no longer live in this world. The thing is, it is not necessary, but, if done right (and I mean: REALLY right, if that's at all possible), it could *enable* us to do better. You think our current system works good enough? That's because <stab-in-the-dark> you've never tried anything else </stab-in-the-dark>. That's the only thing we have so we stick to it. I say it's not good. Two things I hate about our current system is that it: - uses primitive either-or logic (you can imagine how many times I wanted really bad a "-1" vote instead of a "+1" one; and Condorcet method would be like Nirvana) - is discrete in time domain with insanely large quanta (I mean -- someone needs to be very popular for a single day every few years and after he/she gets elected doesn't give a ****) I'd like both of these changed (continuous elections with a possibility to change your preferences any time you want with immediate effect?). Electronic voting could change it IF done right. Of course, this is a really REALLY big IF. There, I've said it. You can bring out your stakes and pitchforks. |
| theboomboomcars Sep 30, 2008 4:31 PM EDT |
jezuch, are you suggesting we fix the bugs as we encounter them instead of hiding from them? That is just ridiculous. |
| Sander_Marechal Sep 30, 2008 5:30 PM EDT |
Quoting:Doing as you say, if you mess with the machine to get a time-ordered list of the verification codes, all you have to do is to write down the order in which people entered the booth, print the code list,, put the two pieces of paper side by side and secrecy goes out of the window. Your assumption is false. You assume a machine that can be tampered with. That means that the security experts who designed it fouled up. It remains an implementation detail. |
| tuxchick Sep 30, 2008 6:07 PM EDT |
Sander, the core of the problem is we can't trust anyone involved with these dratted machines. |
| tracyanne Sep 30, 2008 10:14 PM EDT |
Quoting:I propose returning to a more definitive, much simpler form of selecting leaders: cage fighting. Stick the whole lot in the cage, sic 'em on each other, and whoever is left standing after 30 minutes wins. Not only simpler, but more fun to watch, as well. |
| mfioretti Sep 30, 2008 11:53 PM EDT |
I'm glad to see so much interest in the issue. I'll answer to all
those who answered after my last contribute in one post:Quoting:theboomboomcars: Why do you need to record the time of the vote? Me? Me, I don't need it, of course. Please re-read the post where I mentioned that function. I simply said that all you'd need to do to violate secrecy is record that information separately, and then match it against the list of "codes+votes", therefore it is wrong to say that it's impossible to establish " a link between the voter's identity and the code Quoting:jezuch: Two things I hate about our current system is that it: Jezuch, what you'd like to change is much more and much deeper than the voting system itself, so it's offtopic wrt my original question and, personally, I'll simply ignore it, at least here and now. Quoting:Sander_Marechal: Your assumption is false. You assume a machine that can be tampered with. That means that the security experts who designed it fouled up. It remains an implementation detail. Sander, you keep eluding my original question. First of all, I already said that I don't want to know how to patch evoting after it has been imposed. I want to know, by reading some official report, study, whatever, WHY it is necessary to do it, BEFORE going into "implementation details". What I'm saying is that I'd like that nobody officially discussed implementation details before the first, right question has got a satisfactory answer. Secondly, I'm a bit baffled by your answer. Of course I "assume a machine that can be tampered with", because that is the very core of the question, it's far from being an implementation detail. And there should have been no e-voting whatever before such a really tamper-proof implementation had been 100% disclosed and discussed in the open. I'm no security professional, yet yesterday I could figure out in 30 seconds after reading your comment a way to try to tamper with it: I'm not going to dismiss such worries only on unproved assumption that "the experts are experts, they surely know how to prevent this and have done it" tuxchick already explained this to you: Quoting:Sander, the core of the problem is we can't trust anyone involved with these dratted machines. In any case, this discussion is fascinating but risks to become quite time consuming. Personally I'd really rather stick to the original question and ignore for the moment anything else, if possible: "Does ONE independent report exist which PROVES that it is absolutely necessary to give up paper voting because e-voting has such huge real advantages that we can't do without? I've never read one, please provide links if it exist." Thanks! |
| jdixon Oct 01, 2008 12:07 AM EDT |
> Does ONE independent report exist which PROVES that it is absolutely necessary to give up paper voting because e-voting has such huge real advantages that we can't do without? Well, since pen and paper voting can demonstrably do the job, I don't think such a study could be believed if it was found. Now, that doesn't mean that e-voting, if done correctly, might not be better than pen and paper. But there's now way it's absolutely necessary. And as I noted earlier in another comment, if you want e-voting open software is only part of the picture. You also need open, verified hardware and a fully auditable paper trail. The entire process must be open to peer review and public scrutiny. Given those, I think it could be made to work. I disagree with Sander about the problems with making the votes publicly accessible. I think voter data mining is not only possible, but inevitable in such a situation; up to and including identifying individual voters. Verifying the paper trail at the time you place your vote should be sufficient. |
| mfioretti Oct 01, 2008 4:18 AM EDT |
Quoting: Does ONE independent report exist which PROVES that it is absolutely necessary to give up paper voting because e-voting has such huge real advantages that we can't do without? precisely my point, and I also agree with you on the risks of voter data mining, thanks. However, I'm still interested in papers on that theme, so if something even just similar to them exists, please let me know by email at marco, at digifreedom; dot net, thanks Quoting:And as I noted earlier in another comment, if you want e-voting open software is only part of the picture. of course, but me, I don't want e-voting period (see again http://digifreedom.net/node/52). IF we really can't get rid of e-voting, then of course every part has to be as open as possible. But the reason why engaged in this and similar threads in other places is that I'm frankly baffled to see so many FOSS supporters advocate FOSS for e-voting without, at least apparently, stopping for a moment to ask themselves whether the basic thing makes any sense or not. It sounds like "I like FOSS for the sake of FOSS, and finding bugs in source code so much that I want e-voting just to have one more container of source code I could play with;even if the thing is flawed at its roots no matter what the source code (or HW design) license is" Marco |
| jdixon Oct 01, 2008 9:17 AM EDT |
> ...so if something even just similar to them exists... The closest I could find with a quick Google search was an article by Bruce Schneier. While somewhat negative, it does discuss some of the reasons electronic voting may be preferred. You can find it at http://www.schneier.com/blog/archives/2004/11/the_problem_wi... |
| theboomboomcars Oct 01, 2008 9:43 AM EDT |
Marco- E-voting isn't necessary.
But we live in a digital age and people seem to think everything needs to be computerized in some form or another. Having a quick look at your site I would say that all of your concerns would be addressed with an open system. Is it necessary, no, but we could enjoy the convenience without the security issues with an open system. I would agree that the current system is broken and shouldn't be used. |
| krisum Oct 01, 2008 10:37 AM EDT |
@mfioretti One advantage is that, theoretically, e-voting can reduce cases of double (or more) voting, and rigging in general. Another is, of course, reduced chance of mistakes. This is assuming that it has been verified by third-party that the e-voting machine works as advertised. Using FOSS for e-voting will allow verification of this (again assuming that this is what actually is going into the machines) in a much broader and transparent way. |
| Sander_Marechal Oct 01, 2008 10:39 AM EDT |
Quoting:I'm frankly baffled to see so many FOSS supporters advocate FOSS for e-voting without, at least apparently, stopping for a moment to ask themselves whether the basic thing makes any sense or not. You're preaching to the wrong choir. We're FOSS. We take proprietary system and build open systems that work better. Whether that's servers, mobile phones or e-voting machines. You should talk to the people who decide between e-voting and paper&pen voting, not to us. |
| azerthoth Oct 01, 2008 11:37 AM EDT |
Exactly Sander, we are the people who you talk to about how hard is it to add 1+1 (which the evoting folks seem to have problems with) and why it would be easier fix all the associated problems with Open Source. The idea and ideals surrounding e-voting itself ... thats not our gig. |
| tuxchick Oct 01, 2008 12:07 PM EDT |
Quoting: The idea and ideals surrounding e-voting itself ... thats not our gig. Why not? We're citizens who presumably have a say in these matters. Do you really think that should be left up to people who can't add 1+1? |
| gus3 Oct 01, 2008 12:16 PM EDT |
If they can't figure out 1+1, they shouldn't be using Intel hardware. /rimshot |
| azerthoth Oct 01, 2008 2:20 PM EDT |
TC, might as well expand it to world hunger, teenage pregnancy, global warming, etc etc. These things may interest one or another of the readership, but is pertinent in this venue only as OSS is relevant to the discussion. i.e. passing moral judgment on the voting practices and habits of the lemmings at large ... not our gig. |
| jdixon Oct 01, 2008 5:01 PM EDT |
> ...passing moral judgment on the voting practices and habits of the lemmings at large ... not our gig. More accurately, this is not the appropriate forum, though we often touch on such matters in passing. And occasionally linger longer than is appropriate. :) |
| mfioretti Oct 06, 2008 5:30 AM EDT |
Quoting:You're preaching to the wrong choir. We're FOSS. We take proprietary system and build open systems that work better. Whether that's servers, mobile phones or e-voting machines. You should talk to the people who decide between e-voting and paper&pen voting, not to us. this is just the attitude that makes me sad. In this forum I have only discussed technical problems and asked for technical, concrete, business-like justifications for e-voting. If something is, technically speaking, inherently insecure, is it an ethical issue offtopic for this forum to say let's avoid it? The way you say it, "We're FOSS" is equal to "we're citizens with enough technical skills to recognize a dumb idea, but we won't use those skills to stop the dumb idea, we'll just turn it into a FOSS dumb idea". Bah E-voting should have been treated by geeks as some Linux hackers treated winmodems when they first appeared: "I'm FOSS, I'm surely skilled enough to reverse engineer this proprietary winmodem sw into a FOSS one which would work better. But I won't waste my time on it, because a software modem is an idiot idea at the purely technical level, without ever going to bother about the morality of its license". Thanks for the link to Schneier's article, both it and its comments are worthwhile reading. Marco |
| jdixon Oct 06, 2008 6:07 AM EDT |
> Thanks for the link to Schneier's article, both it and its comments are worthwhile reading. De nada. Glad to be of assistance. |
| Bob_Robertson Oct 06, 2008 8:16 AM EDT |
One of the reasons that when "voting" finally makes it to a country where they haven't had that particular stage of evolution yet, they always demand paper ballots, is a matter of trust. Without a paper trail, there is no way to audit. If the machine says N votes were cast for X, that's it, and whoever has access to the machine wins. E-voting gains traction in the US because most people trust the system. Fewer every year, but still enough. I see no way to reconcile "secret ballots" and "e-voting". One or the other, ok, but both is just too easy to corrupt. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!