Tuesday, September 4, 2007

Malfunctioning Vote-Counting Machines Are ALWAYS A Sign Of Corruption

This is a message from programmers to normal people.

Dear Normal People,

You often hear about voting machine malfunctions, both here in the US and overseas. I think as a computer programmer it's pretty important to point out that voting is not a difficult problem from a technological standpoint. I think pretty much any one of the programmers who read my blog regularly could build an absolutely secure voting machine in a matter of hours, and their only challenge would be staying awake while doing something so incredibly unchallenging and therefore boring.

Every story you see on the news about voter fraud is an instance of corruption at work. There are no exceptions. The only way systems which handle such incredibly simple problems can malfunction so consistently and spectacularly is if they are designed to do so. It's like putting square wheels on a car. Fucking up something that simple is harder than getting it right. It takes effort. It can only happen deliberately.

Every single time a voting machine malfunctions, somebody has ripped you off. Manufacturing fradulently "malfunctioning" voting machines has become the new method of choice for undermining democracy. Every time it happens, you should put somebody in jail.

Computer Programmers


  1. i'll just point out that with modern cryptography and open-source auditing techniques, we could make voting systems that were secure and auditable (making sure your vote was counted, making sure that every vote corresponds to a real person, making sure a person doesn't vote more than once). this wouldn't be dead-easy like you describe, but would actually be an advancement of the field of verifiable voting.

    any other sort of electronic scheme is pure fraud, even if it doesn't appear to malfunction. bringing voting into the electronic domain (where the process can be easily subverted on a wide scale with little oversight) without such cryptographic techniques is negligence in and of itself. all such machines do is defraud the public out of money, and most likely out of democracy.

  2. Putting all the credibility of a system into the electronic data it claims to have stored and retrieved is a quick path to an easy workaround (corruption again). Without freely viewable data storage, there's really no way to guarantee that a vote tally is accurate unless you can match a vote to a part of a count.
    Some ways to do this include giving each vote a number ([state]-[district]-[vote tally], like CA-27-5672) and treat it like an inventory. Then you'd have to give each person who voted that number so they can check their vote. This might be one of the newer barcodes which fill an area, or just a web site to check for their vote (Long list, ctrl+F to confirm that they were counted). The only problem left is to make sure that votes are not changed or added: This would be a programming aspect; such as comparing attendance at the polling station to how many votes seem to have been cast, and having people check their own votes.
    While such a system would not be easy or quick to implement, it wouldn't be a challenge or a great expense. However, doing things differently is a strange and fearsome thing to bureaucracy. At some point though, you have to question the dwindling reasons not to enact a transparent system of votes.

  3. Dear sirs,

    While I confess I agree with your main thesis, I believe you are overstating matters. In particular, you seem ignorant of some of the requirements for such a system.

    - Votes must be anonymous : there mustn't be a way to determine, after the fact, how anyone cast their vote. If there were such a facility, then thuggish elements would have a means to ensure that you voted as you were told and break, or abstain from breaking, your legs as appropriate.

    - So long as the process is being modernized, due consideration should be given to the deaf, the blind, the dumb. Particularly the dumb: Universally usable interfaces are easy only in retrospect on the very rare occasion that they succeed, and damn near impossible otherwise.

    - End-to-end security is a hard problem no matter how you choose to slice it. One chink in your armor and the game is over. For example: suppose there is an unnoticed weakness in the section of code that reads the list of candidates and proposals before an election. Such information must be disseminated to all voting machines before the election; any weakness here and some wise-acre billy will write up a virus that carries itself from machine to machine.


    T. Reginald Gibbons, Esq.

  4. You have to divide control. Make one party responsible for counting total votes while another counts votes for each candidate, etc. Allow all people to view a hashed list of all votes so they can verify that theirs is in the list. Since a third party counted total votes no one could add votes to the list and Bob couldn't extract Alice's vote from the list without her key. Just one suggestion. Sure it has holes too.

  5. "I think pretty much any one of the programmers who read my blog regularly could build an absolutely secure voting machine in a matter of hours, and their only challenge would be staying awake while doing something so incredibly unchallenging and therefore boring."

    Are you kidding me? Please detail the design of your "absolutely secure voting machine" and how you can make sure it is 100% tamper proof. How will input from the user be made? How will you verify that each user votes once and only once? What sorts of mechanisms will you put into place to let the user know HOW they voted? Will you leave a paper trail or not? What are the inputs and outputs of your system? How do you update the code in your system? How are the machines polled for their final tallies? Do you use a network? Which one? How do you secure it?

    This post is incredibly naive.

  6. The solution is already used daily around the USA by millions of individuals, no need reinventing the wheel...

    Are you ready for it . . . ?

    When it comes time to vote, the voter can pull up to the gas station, put their credit card in the gas pump and the pump will validate the person, prompt them who they want to vote for while the tank is being filled, then the machine prints a human-readable receipt of the transaction back to the user. It couldn't be simpler. Even has nice big YES/NO buttons and old people know how to use these devices too!

    Could throw in a free soda to get young people to vote too! It is not only perfect for people on the go, it would increase voter turnout!

    You can be sure that corporations relying on those machines to bring in every fractional cent of income have put the machines through the rigors.

    Simple. But that is too easy, and it would prevent Bush winning a third term.

  7. The post might be naive, but not in that it's hard to create a secure and stable voting machine. The naivety is in thinking that the majority of programmers can write anything more complex than "hello world".

  8. In reponse to "Bush for 3rd Term" This is an interesting idea, but flawed. The anonymous vote factor is completly destroyed every time you use your credit card. You can't vote based on authentication at the gas pump. Not only does it directly link your vote to your identity it leaves the vote count directly in the hands of the oil companies. Also, as you have already mentioned, you can influence the vote by offering free sodas. So why not offer $5 off that tank of gas by voting for Candidate X?

  9. In Canada we have a great system. You fill out a paper ballot with an 'X' that has a detachable top with barcode.

    The vote part is separated from the inventory-controlled part and put in the ballot-box scanner.

    Since the votes are scanned the total is available instantly. Since the original paper votes are there you have a legitimate paper trail.

    Works great, much less potential for fraud.

  10. Why don't y'all programmers and engineers create an alternative and cheap voting machine to compete with these corrupt corporations? Is anyone doing this?

  11. to jonas: there is no point in making a secure one if the government wont buy it which they wont unless you have a contract from the beginning.

  12. A lot of folks here are missing the point. You don't have to create an absolutely secure voting system. You just have to create one that works.

    Your task: build a user interface and storage system so that every time someone presses the button labeled "Bush" a vote is tallied for Bush, and every time someone presses the button labeled "Kerry" a vote is tallied for Kerry.

    Do we think just about any programmer on the planet is capable of building such a system that will accurately report the number of votes for each candidate at the end of the day?

    If so, then when someone talks about a vote-counting machine that does NOT reliably report such, it must have been tampered with. It doesn't matter if the votes were encrypted with quantum-string algorithms with keys derived from moon rocks or if the developer used ROT13 - if the system didn't record 10,000 votes for Kerry as 10,000 votes for Kerry (or reports more votes than people actually voted), then SOMEONE FUCKED WITH THE RESULTS.

    You have two choices:
    1) Your software developer screwed up Vote=Vote + 1, or
    2) Someone changed the outcome

    If we can agree that (1) is borderline insane, then (2) is the logical conclusion, and voila - evidence of a federal felony.

    So when an election board checks its voting machines and says "say, that's funny" the FEC should show up with the FBI and take over. Oddly, this seems to have happened in 0% of the cases.

  13. The Kos article is about security flaws and vulnerabilities, not corruption.(As much as the Kos Kids would love to believe it).

    Would you like to be put in Jail for *your* software's security vulnerabilities?

    I thought not. Sounds more like BDS at work.

    If you can do so much better, go for it. I hate to break it to you but the CA state legislature is mostly Democrat so those crafty Republicans can't keep you out...

  14. Put your foot in it again, and on the front page of Reddit, no less.

  15. I do not for a second believe that writing the software for the voting machine can ever be anything than the simplest of problems [I was going to write: challenge, but it really isn't] for a coder.

    The only thing the machine has to do is to record the vote, add to the tally and produce the result. It's an addition.

    Why is this not a challenge? Because that's what Wall-Mart is doing every day a billion times over: adding up sales and producing a slip that says: 'you bought soandso for thisandthat price'. That's how they run their stock and they are -very- efficient at it.

    To say that you can't make software that runs a counter for every name entered and do this in a robust and safe way is tantamount to saying you're working for the people defrauding the public.

    The fact that we're talking about malfunctioning voting machines in America... wake the hell up, people.

  16. Here's a secure way of voting, like it has been done for decades in real democracies: take a large piece of paper, listing all the names people can vote for.

    Make it so that there is a totally non-ambiguous way to cast a vote: color a field next to the name to indicate a vote.

    Have people from the community come in and count the votes while being supervised by officials representing all parties so that every vote is actually counted.

    It takes a bit more time, but you simply can't miss.

    This is about democracy, about the vote of the people, it's important to get it right and to be absolutely sure that you get it right -every time-.

    And another thing: make the vote compulsory for every adult. Make sure -all the voices- in society are heard in stead of a small subset. That would change the political landscape in a real hell of a hurry.

  17. Diebold makes banking hardware like ATMs, and you know there is NO WAY the banking industry would let them get away with the faulty product they are trying to pass off as a voting machine.

    Diebold would not be in business if their banking hardware worked as well as their voting hardware.

  18. Makes me think of Man of the Year (2006 film), where the presidential candidate wins the electronically conducted election because the double letters in his name (doBBs) came first alphabetically when compares to the double letter patterns in other candidate names.

    Some things seriously take a _lot_ of effort to screw up.

  19. public class VotingMachine {

    public static var candiateNames:Array;
    public static var candiateVotes:Array;
    public static var candidateButtons:Array;

    public function VotingMachine():void {

    candiateNames = ["Bush", "Kerry", "Hilter", "Ghandi"]
    candiateButtons = []
    candiateVotes = []

    for (var a in candidateNames) {
    candidateButtons.push(new Button(candidateName[a]))
    candidateButtons[a].addEventListener(MouseEvent.CLICK, addVote)
    candiateVotes.push = new int()
    private function addVote(e:Event):void {
    var index:int = candiateNames.indexOf(e.target)
    if (index != -1) candidateVotes[index] += 1
    else throw new Error("You have made up a candidate")

    <-- it can't go wrong.

  20. <-- assuming you manage to spell 'candidate' correctly in your code.

    Perhaps *that* is what went wrong! Boo to the naysayers and up for Diebold!

  21. Congrats. You've just proven the opposite of what you are trying to argue.

    Clearly it's very possible for programmers to be so incompetent that they can't understand the real problem they are being asked to solve.

    No voting machine can ever be secure, reliable, transparent and publicly accountable. That's why we have these tried an proven systems with pieces of paper an ballot boxes. It ain't perfect, but if you think it can be reliably replaced by information technology, you don't understand information technology.

    The very existence of voting machines are a sign of corruption.

    (I am a programmer by the way)

  22. Three Ballot Voting


    Seriously, end of story. For a while at least. There are some variants worth exploring where voters can exchange ballots with each other even more frequently however lets take things step by step and adopt widespread use of three ballot first.

  23. There is some confusion here.

    * There are paper ballots and electronic ballots. E-voting with machines is typically a combination of a machine and paper ballot or paper receipt.

    * A voting system is NOT a simple counting machine for scalar numbers.

    * E-voting over the internet would be efficient, fast, flexible, and convenient. It would also be difficult to design: there is always the potential security risk the various processes regarding gathering votes, tallying them or verifying the results. For every system made, someone can break it at it's weakest point. An unfortunate truth.

    3. The key is designing a system that is 'good enough', but that does not necessarily mean 'simple'. I propose to have a standardized, open source, code-checking, anonymous system that provides end-to-end encryption and reciprocally, user-authentication using a public key exchange.

    Before even counting the vote, the voter would have a receipt in the same way the red cross has people place a sticker to confirm blood donation. For redundancy, and in the case of doubt or a potential compromise of validity, a peer-to-peer verification process could be used to resolve claims and report discrepancies (ie: fraud).

    With this type of system, even if everything were checked and correct, the fraud could happen at announcement time.

    Even if we had FRANCE hold all of the US registration/voting server clusters and tally our votes, they could still be bought off by some malfeasant political person, group or interest.

    There is no end to treachery. 'Locks keep the honest people out'. At a certain point, the voter base has to be satisfied with the answer.

    It's going to come down to a gut reaction.

    4. There are open source e-voting systems being designed already, but without encryption, anonymity, or peer-validation, what use are they except as a study for something better?


  24. For a given voting system, the key to providing both anonymity and authentication is to make temporary accounts and necessarily decouple the registration database user info (which will reveal a true identity) with the anonymous votes in the voting database. Put the registration database in one affiliate country and the voting one in another affiliate country. Having three countries involved provides the necessary balance of jurisdiction to create an imbalance of potential fraud.

    It's not perfect but it's a hell of a lot bette than diebold, which is imo one of the most irresponsible companies in the known universe.

  25. Your friendly grammar nazi says:

    Try "Malfunctioning".

  26. Basic design:
    Validation Application
    1. Voter is verified as valid voter (a registered voter that hasn't already voted)
    2. Voter is assigned a unique id
    3. Total of verified voters is kept

    Vote Application
    1. Voter enters unique id
    2. Voter votes
    3. Vote is associated with unique id
    4. Voter is given a printout of unique id
    5. Voter total is kept

    Vote Verification Application
    1. Compare totals from Validation Application and Vote Application
    2. Publish all of the results to the public

    None of these steps are difficult.
    Validation Application:
    Step 1 could be done the same way we do it now
    Step 2 we could just have a pile of randomized unique ids with bar codes stored in envelopes which are handed to each voter
    Step 3 what programmer hasn’t kept a running total?

    Voter Application:
    Step 1 just scan the bar code
    Step 2 make a simple easy to use user interface (there are already plenty of existing examples to borrow from)
    Step 3 Unique_Id table has unique_id collumn Vote table has a unique_id foreign key (one to many relationship one person votes for president, senator, house representatives, and dog catcher’s raise for example)
    Step 4 just like printing a receipt for a voter's personal records

    Vote Verification Application:
    Step 1 Get the totals from the other two applications
    Step 2 This can be done on a web page and in public places like libraries. People can see that their vote was counted correctly and they can compare voter totals from each application

  27. That's not grammar, it's spelling. But thanx. Corrected.

  28. E-voting over the Internet would be difficult to design.

    That's ridiculous. There's nothing difficult about it. "It's not voting, it's E-VOTING. And it involves the INTERNET. It's DIFFICULT. Ooooooh." What a load of crap. I bet Tic-Tac-Toe would be difficult too if it were "E3T over the Internet." Total fucking bullshit. A junior high student could code it.

    One person, one vote. Leave a paper trail. Those are your requirements. That's IT. If you submitted something that basic to Rails Rumble next weekend, you wouldn't stand a chance in the competition because you wouldn't be working hard enough.

  29. Dear Anonymous: You're on to something. You're analyzing both the problem AND the viable solutions. Instead of running out to grab the latest quick fix, we need to look at the big picture. We need tighter, better, wiser controls. And we need fix our election laws to protect us from machine and human error, and HUMAN INTERPRETION of election results. Computers, paper, people will fail…our laws must trigger automatic re-voting when they do.

    Lani Massey Brown, MARGIN OF ERROR: BALLOTS OF STRAW, political intrigue of a stolen election, Amazon com.

  30. What else can you expect when you give programmers dangerous tools open classes and dynamic typing?

  31. "I bet Tic-Tac-Toe would be difficult too if it were "E3T over the Internet.""

    That's not even a funny strawman argument. Only an ignoranus would simplify the requirements to "One person, one vote. Leave a paper trail. Those are your requirements. That's IT."

    I'm scared of any shiny, happy software you produce.


Note: Only a member of this blog may post a comment.