Log in

No account? Create an account

t3knomanser's Fustian Deposits

My Solution to the E-Voting Problem

How Random Babbling Becomes Corporate Policy

run the fuck away

Mad science gone horribly, horribly wrong(or right).

My Solution to the E-Voting Problem

Previous Entry Share Next Entry
run the fuck away
Wired runs an interesting piece of E-voting, which gets me thinking about the wealth of problems that it poses.

My solution is simple- if you're determined to do electronic voting (which I feel is unneccesary), let's approach the issue democratically. Turn to the Open Source community, and let them develop it. Suddenly, when there's a claim that there's a security problem, you're going to have an entire community of tech saavy people hunting it down, and fixing it. And seriously- tabulating votes _should_ be an easy task. This isn't a "big" application, and requires no ground breaking innovation.

My model would work like so-
Each machine will present a touch screen interface, and walk voters through each campaign in a wizard-style format. After each page of the wizard, the resulting vote is cached in memory, so that the last screen presents a summary, and offers to either "confirm" "discard" or "edit".

Once the results are confirmed, the machine stores the results in a _flat text file_. Mind you, the machines are locked boxes with no wired or wireless connections. They're stored in a locked cabinet, in plain view of the precinct administators. Access can only be achieved via the _back_ panel, so a voter behind a curtain could not get access to the system without physically damaging the cabinet.

So yes, I use a _flat text file_, no database. It could even be encrypted. In addition to storing the results, it prints out a set of reciepts, one for the voter, and several copies for different audit trails.

At the end of the election, the machine enters tabulation mode. It tabulates the results, and displays them on screen, prints a hard copy. After the results are printed (and checked to see that they match), a network connection is _then_ added to the machine, where it can report to a central server. All of this communication should be done on a network that has _no connection to the outside world_, even so, all communication should be strongly encrpyted, signed, and verified. Each submission of voting data should be able to be tracked back to a specific machine.

At each precinct, the administrators should manually tabulate the results of each machine. *gasp* Yes, people should double check things on the precinct level. It's not hard people, and not that much work. Use a fucking calculator. Someone at the central server should randomly spot check the precincts by phone (in person perhaps?) and compare the results.

Now, part of this process creates a multiple level audit trail. An election could be auditted on the precinct level (and this process could be abstracted to allow city-level, county-level, and state-level audits), down to a voter-level audit. Based on the contention over the election results and the closeness of the election, an audit will be conducted.

For example, in elections decided by 15% of the votes, an audit could be performed by county. For 10% of votes, it could be done by precinct, and for 5% a full voter-level audit should be performed.

So, in close elections, there _is an audit_. Period. This is in addition to any mandated random audits.

No, this isn't a fool proof election, But it's a start. And this is one person, talking off the top of their head, with only a vague understanding of security principles. I _hate_ security. But it's important, especially for something like elections.
  • Throw on an AT&T 1910 secure modem and dial up the SIPRNET. Thats a US Government intranet that is secured for classified information up to the Secret level. There was a book published a few years ago "Top Secret Intranet" that contained pretty much all the unclassified information that exists about that network. Interesting book. But my point is, you want a secure network for e-voting, use the existing siprnet. You might have to put a couple more servers online, but the bulk of the infrastructure is there.
  • I have so much to say abou this.

    First of all, check out Australia's system of electronic voting. It's open source and very simple. A voter checks into the polling place, and they get a barcode. They scan the barcode into the machine. Each interface is touch screen. Once voters are done, the machine says "you voted for candidate A, yes on measure C, no on proposition 23, is this correct?" If you say yes, the vote is finished and done. If you say no, you can go back in and change as many times as you like, until you finally confirm.

    From there, each machine has a tally of the number of votes it is supposed to have. All votes are stored on removable media, in this case tape drive tapes. At the end of the day, the tapes are taken to a central counting machine that both confirms the machine had the correct number of votes and tallies the votes. Australia has done very well with this so far.

    Australia does not have any printed reciept, and their voting machine page did a lot to convince me it was not necessary. I can see where it would be useful to have the machine print out a simple tally after each vote in a secure box behind the machine, but I don't think the voter needs anything. We don't have reciepts with non electronic voting and we somehow trust thecounting machines there, why shouldthe individual get a reciept with electronic voting? It kills more trees and wast4es more money, and doesn't make anything more securel. For that matter, it makes things less secure as voters suddenly have a record of what they voted that someone else can find and cause trouble with. The point shouldn't be to give reciepts because we don't trust technology, the point should be to create trustable technology.
Powered by LiveJournal.com