5 votes

Electronic voting CAN work beautifully, but it ISN'T

All other things being equal, electronic voting is better than paper voting. It's faster, easier, more precise, more flexible, and overall just more efficient. It takes less work to oversee and less time to get results. But today, due to flaws in the implementation, it also makes fraud easier to commit. This does not need to be the case.

Technology has a tendency to make things better over time as we create things that do more work with less effort. This is the way of human progress. New developments often have side effects, either intended or unintended, but these do not mean the developments are bad or even that any negative side effects are inherently to be avoided, but rather that markets and demand are shifting are may require new distributions of labor.

Sometimes, though, the side effects bring to light a different problem to solve, one that wasn't as big of a deal before, but through innovation has become a more important issue to address. Such is the case with election fraud and electronic voting. With e-voting as implemented today, it is easier for a single person (or multiple people independently) to have a substantial but virtually invisible impact on the outcome. With a pure paper vote, such a thing is harder to do because it usually requires collusion between multiple people.

The problem with e-voting is not the concept itself, but the implementation that allows for potentially untraceable fraud through a lack of transparency--a lack of verifiable results being made available both to the public and to the competing parties involved in the election. This problem is solvable.

How, exactly?

  1. Generate a random UUID for every registered voter allowed to participate in a given election the moment they cast their ballot. This UUID would not be stored along with their name, to ensure 100% anonymity. Only the person voting gets to know that UUID belongs to them specifically. However, the fact they they showed up and received a UUID would be recorded to prevent duplicate votes.
  2. Any vote cast will be stored with its own UUID in the voting machine used.
  3. At least TWO printed copies of each vote are printed on the spot whenever a vote is recorded. One goes to the voter, one to the poll workers. (A double receipt system, like what happens when you buy a pizza! What a thought!)
  4. Any 3rd party can request a copy of all vote receipts for their own counting and verification.
  5. If possible, recorded votes should be transmitted immediately to a central (public, mirrored) server AS WELL AS kept on the original machine. This can be done at a later time if no connection is available, but immediate results add transparency and efficiency.
  6. The vote receipts include the voter UUID, the vote UUID, a one-way hash generated by the vote(s) cast on the ballot, and a detailed breakdown of the actual vote(s) cast. The vote cast cannot be changed without altering the one-way hash, which is very easy to detect even manually. Also, since only the original voter knows their per-election voter UUID, your anonymity is guaranteed even if you lose your receipt.
  7. Anyone can enter a voter UUID and vote UUID combination (from the receipt) on the aforementioned public and mirrored server to VERIFY that the recorded vote matches their receipt. THIS IS THE KEY. It is unlikely that everyone will verify his or her vote. But it is also very likely that some people will, and if anyone discovers a legitimate discrepancy (which would be simple to detect if it exists), then legitimate evidence of tampering will become obvious.

This system is remarkably similar in many ways to the way credit card companies process transactions. It is maddening that a $25 purchase at a convenience store has more accountability attached to it than a vote for president.

Give me an Arduino, an ethernet shield, a touch screen (or TFT + some hardware buttons), a thermal printer, a Rackspace cloud instance, a month, and $10k and I'll build you exactly this system using entirely open-source hardware and software, completely documented at every level. The platform is so simple that any decent programmer could explain it top-to-bottom after 20 minutes of perusal, and the lack of complications reduces the chance of undetected tampering or manipulation. And, of course, the public verifiability of EVERY VOTE make tampering unlikely.

I'm sure such efforts have already been proposed and/or pitched to election boards and/or even implemented in some cases. But I'm a programmer and a Ron Paul supporter, and as such this post was cathartic for me. I'm still totally serious about that last paragraph. I am not well-versed in specific election regulations that may require some tweaks to this system, but in any case I'm confident something very similar to this at least could work very well.

I do not want elections to be unfair even if "my" choice doesn't win. I can't imagine that anyone would reject a proposal for such a transparent and efficient system unless they have something to gain by impeding or hiding the real process. Screw Diebold. E-voting machines should be open, simple, obvious, and 100% OSHW. This is not that hard, and there is NO good reason for any proprietary elements anywhere in the system.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

First off, this is a great idea. I've been pushing forever

I had a thread going which received no traction ( http://www.dailypaul.com/252505/support-the-rules-change-and... ) soon after the convention. It was loosely based on the concept of the OP but had some significant differences that I believe make it much more viable.

Instead of it being a new way to vote, this simply adds a federal requirement. The feds cannot mandate how states vote. They can't tell them when or how or who to put in charge, so why fight that. Let's simply implement a system that accurately tracks all votes back to the individual. Obviously, that's not gonna work because of privacy but it certainly can be done in reverse.

First off, many people are unaware of the applicable cryptic magic this would center around. It's actually pretty easy. Computers convert all letters into numbers anyway, so I'll explain with numbers so it's easy to understand.

If I multiplied 3 numbers together and gave you only the answer, the only way you could know which ones I began with is if you knew 2 of them. People voting will know all their personal info (represented as numbers) but that's easy to obtain. By adding another random piece of info (password, vote minute of the day or otherwise), the info now cannot be figured out. Using this code is what the OP refers to as his UUID.

However, instead of creating hardware and 'systems' to make this work, we can simply give the calculation out to the public (aka the algorithm). The anyone and everyone can offer the service of generating these codes for people. Since a one step process on the same machine could be tracked, two UUIDs should be used. One to secure the personal info and the other to facilitate the vote process.

So far, this is functionally just like the OP suggestion. The difference now becomes that the people only need to lobby one tiny federal department to make a simple rule change to get it all rolling. We push the FEC to require all national votes to be presented to them in this format. Done. The process will still be transparent and the precincts can opt to buy/make equipment to do the conversion or to simply instruct their people to visit some web site (owned by anyone). If the latter was the case, all county voting expenses would be instantly eliminated. What struggling county wouldn't consider that?

So the overall steps are:
1. Register at least a month early so mismatches and low turnout can be addressed.
2. Vote at home, library, voting booth or smart phone with the UUID from step 1.
3. Email resulting code to a nationally known email address.
4. Watch results update live.
5. Verify your vote reached the public forum unaltered.
6. Make a public notice if it has been changed.

Garan's picture

Some additional ideas/concerns.

It probably should be a center-less system.
Then people can check their votes at multiple sites to make sure a centralized site doesn't cheat.

Also, the entire system would need to be open-audited.
Each voting node could be queried for results, then entire node-network is known to all (no false nodes), node grouping could be peer verified (e.g. each state can verify it's nodes, each county, etc), ..and the U.N. have look-see as well. :)

Voter registration might still have to be paper based.

You should probably look at existing encrypted system so you don't have to re-invent the wheel. Bit-coin might be a good one to look at.

I don't know about the random hash though.
I would think you could combine social security number with with a user selected pass code, and maybe hash that, with the voting selections public.
However, you might have to accommodate advocates of id-less voting. I still don't know what to think of the idea of people who can vote without an id. That just seems like a big area of exploitation to me.

Also, something might be learned from studying anonymous vpn browsing schemes.

Those are some thoughts.

E-voting Artifacts from the Future

I first saw this photoshopped image in the Artifacts from the Future section of Wired Magazine in 2004:

http://www.wired.com/wired/archive/12.11/images/1211Found800...

I think that was the original inspiration for me and something that has been lodged in the back of my mind ever since. It really can be done--though technology has changed in the last eight years, so perhaps the "ivote.sourceforge.net" would be replaced by "ivote.github.com" instead. :-)

Maybe I should create a Kickstarter project for this effort.

Like you said, if Pizza shops and theme parks can do it...

That receipt looks similar to one you would get from a theme park in order to get a bounce back pass, photo and all.

So, we can have accountability buying pizza and going on carnival rides, but not in electing the President of our country?

Crazy motivated even at 2:30am

This whole prospect seems so simple and yet so valuable that I can't really help myself. I'm creating parts lists and outlining code structures when I really ought to be sleeping.

But I have to wonder--why hasn't this been done already? What are the hurdles to overcome, the red tape to cut through, the bureaucratic nightmares to fight off, and the procedures to follow? Does anyone know? Does Diebold (or somebody else) have a legislated or contractual monopoly that cannot be broken?

Is the right solution to build and implement this on a small scale and then basically let the results speak for themselves in a wider arena?

Garan's picture

Yes. Bottom Up. Grass Roots

It would be an easier argument if you could point to systems already in use.

So, make it, upload it to github, promote it, let it grow.

After it has some success, promote it for local elections, state elections, and then federal elections.

By then, it should be a phenomenon that catches on.

I only have one thing to add, but I'll make that a different comment.

motivation

Keep going you are on the right path. I need a basic system to campaign with to show its possible. I believe it is the solution to our corrupt lobbying problem and I am getting very good reviews from the people I talk to.

That's a deep rabbit hole

That's a deep rabbit hole you're staring down.

I imagine changing voting systems is difficult

Since changing the government is so difficult too. For the simple reason that people fear change.

I agree

This is exactly what needs to be done.
We use Pay-Pal (a Paul supporter) for transactions on the web with little problem
Our original intent was a government of the people who were directly represented in all transactions of legislation. Over the centuries it has been corrupted by power hungry people. Our founders knew the "balance of power" they created would become undone so in the declaration it says it is our duty to restore the republic.
I have been nominated by the Libertarian party to run for Congress this year. My platform will be to turn "the people's house" back to the people. I will do this using some social network internet platform. Tied into the community at the smallest level of electoral district, a few hundred people or so. We elect precincts captains/watchers and/or use the existing library system to provide hard receipts and internet hook up and assistance to whomever needs it.
" I have a lot of faith in the american people. if given the truth they can be called upon to solve any national crisis " A Lincoln
The last few decades Congress has voted in opposition to public opinion. This is not what we are about. I believe people are now paying attention. I will inform/educate my constituents and we will vote .
I will list all 900 bases with a like/unlike button
After full accounting I will list the alphabet agencies with like/unlike buttons
reinstate the 4th amendment with a like/ unlike button
Has technology made most of the bureaucracy obsolete?
Implement the same system with local, county, and state governments, The common thread between these small districts is that they are governed by the same people.
We The People must ask ourselves what should the role of government be?
How much revenue does the government actually take in and where does it go ?
Can we sustain a federal institution small enough to erase the IRS? a personal goal line

The bottom line question is "Do you have faith in your fellow Americans? Are we mostly a decent civilization just ruled by the corrupt minority?"
I have seen Americans come to the aid of others and give unselfishly. Unfortunately these people do not crave power and in this kakistocracy do not rule.
I have Faith in my neighbors.
Dr Ron Paul is the only politician who has faith in us.
He needs to be president

If the system collapses before we succeed, at least I will have accomplished another important quest, that is to bring communities together, and neighbors talking to neighbors.

http://www.youtube.com/watch?v=HAL-crUhDmQ&feature=related

I like the dual receipt idea

I often brainstorm this subject and one of the problems that frequently comes up is people fraudulently claiming their vote was wrong. With a dual receipt, if they claim their vote was wrong, but their ticket matches the duplicate, I think they would be out of luck.

The other subject I ponder, is do we even need representatives anymore? Since all of us could instantly connect to the Capitol at any moment in this age, what is the point of having representatives anymore?

I suppose the representative has to be one specifically sworn to follow the constitution (even though that doesn't seem to work very well).

Representatives are probably still required

...though certainly less so with technological advances, and even less in a more transparent and efficient governmental system. Most people clearly understand the concept of voting, but would (understandably) be entirely overwhelmed with the thought of some of the legislative processes.

In a better system, perhaps direct democracy (bounded, of course, by the underlying Constitutional Republic) could work thanks to the internet and our ubiquitous and global connectivity. But I think that is a risky concept, since the problem of ignorance and laziness is substantial, and that system could only work if people stopped being both lazy and ignorant. As it is, delegating to someone whose full-time job is understanding, implementing, and enforcing legislation on your behalf is probably better overall than the alternative. Right now, I don't think I'd want the people writing laws and running the country to be the same ones writing YouTube comments.

There is definitely room for improvement though, absolutely.

Sometimes the machines need "ajdustment".

I'm not too smart about that stuff, though.

http://www.youtube.com/watch?v=mZqGz9wJrIQ&t=26s

Haha, wow! That's some "adjustment" there

And the machine costs $3,000? Good lord! The hardware shouldn't cost more than a few hundred dollars, if that. Throw in a brand new $25 Raspberry Pi to power it (or just stick with an even simpler Arduino), and even with a nice touch screen, it shouldn't be anywhere near $3k. Yeesh.

Puppy

I understand the Raspberry has Puppy installed on it.

I tried Puppy the other day and it was only fun, fun, fun.

One thing I don't understand

how does this guarantee secret ballots if there is a UUID-person record?

Thanks, by the way

I updated the methodology to reflect the altered system, which ensures anonymity. That was a good point you brought up.

That part is optional, strictly speaking

a UUID-person relation makes it easy to guarantee votes cast only by legitimate voters (with records that can be verified after the fact). But if 100% secret ballots are required (I wasn't sure about the level of anonymity required by law here), that can be left out--sort of.

Instead, the UUID for any given voter would be generated for them on the spot right before they vote. The fact that they showed up and received a UUID would need to be recorded to prevent duplicate votes, but the UUID itself would not be recorded along with their name. It would be required to cast a vote, and still included on the receipt though.

Come to think of it, all of the votes I've cast (only 27 years old here) have used a system like this, it seems. I have to give my name, then they press a button on a little receipt machine and it gives me a piece of paper with a 4-digit code on it, which I have to enter on the machine. This is probably exactly what it's for.

A UUID is a 32-byte hex string, which is probably overkill and too much of a headache to type in by hand. Maybe a QR code representation would work instead--easily generated and easily scanned. It doesn't have to be 32 bytes either, as long as it's unique.