Attention Software, Web Designers.

I challenge you too work together to form a good, accurate, and secure voting system. My understanding is that the coding should not be too difficult. Of course since we cannot build a "machine" and we are all located across the country the system will have to be used over the net. I think even with that limitation it can at least show a theoretical model of a effective system. Below are the preferred guidelines for such a system.


1> Open Source, And the working group will be transparent in its methodology.

2> Functioning System Goals:

1. voter goes to electronic machine (in this test they will access a website.)
2. Voter votes for candidates, information gets sent to database with a unique identifier(s). machine prints out two copies of the persons votes (in this test you will be given, or e-mailed)
3. The voter takes one copy for themselves and puts the other copy into a locked box with a slit on the top.(N/A in the test, but should be designed into the software.)
4. results (nameless for those who don't want their names or e-mails on display) posted to a website where you can take your unique identifier and search to see your results and how it relates to your candidate.


3> Mock election. Use the site to run a mock election for a day or week. Have the vote be something other then political (soda, candy, something arbitrary)

4> Election results. Release the results, continue working on project and testing it.

So any other ideas? Anyone want to try and work something out. We can show the world that Diebold can do better, and be open about it.

bump

I call it... paper and pen.

great idea!

great idea!

....


I call it... paper and pen

a way better idea!!!

OK... here's my idea. Part of it comes from talking with some friends.

1) Start with a touch-screen voting machine with one screen per position.
2) The go to a summary screen with positions and votes. Buttons to edit a vote and continue.
3) Machine then prints out scantron-type ballot with choices filled in.
4) The ballot is fed back into machine to be read.
5) The screen displays votes according to what is read.
6) If correct, user presses a Confirm button and the machine prints out a receipt that includes a random but globally unique number, the timestamp, and a summary of the votes. The receipt will also have a bar code that matches the unique number for easy rescanning. The votes can be easily looked up online using the unique ID.

So, here is what a system like this would do. Paper and pencil are nice, but in this case you still have the same benefit. it is completely auditable in several ways. First the ballots can be rescanned. Second, the receipts can be looked up or rescanned.

I like the idea that the ballot can be filled out by the machine, which would do away with the problem of not properly filling out the ovals. It also gives you something to take with you that you can verify later.

Just an idea... thoughts? Yes it is a bit complicated, but if done right and if open-sourced and all machines made with clear plastic, I think it would be pretty secure.

I already looked into this after the 2004 elections. Its not the software that is the issue so much as it is a "certification" issue. The states require a certification process that costs so much money most people wont put out that much... at least not most open source developers... since the quality of these machines still seem to be very poor after certification it appears the certification process is simply to prevent a large free market community of programmers from doing this.

WHY would TPTB invest in such a thing?

I could easily put together a web based voting application. But it's not like the entire nation would stop using what they currently have because of it. So it seems like a waste of time. I'd rather canvass with my time - sorry!

Edit: Sorry acmegeek. Seems we had a similar if not the same idea!!! I noticed it only now...
----
My simple idea:

every voting machine (can be touch-screen) prints nothing but a random number as a receipt. After the votes are cast, a big list is published, associating numbers to votes. This way every voter can check on the list if the number on the receipt matches the vote he gave. The votes are anonymous but still the voter can find his distinct vote on the list.

This is simple and easy. Difficult to fake. The only possibility to tamper would be to add some votes to the list, but if the observers count the number of voters and compare it to the number of votes on the list, discrepancies come over.

A concrete example:

I vote by pressing "Ron Paul" on the Touchscreen machine. The apparatus prints a receipt with "Thank you for voting. Your voting id is 28942". The next day, the list of votes is published


21233 Biden
33311 Paul
09012 Dodd
28942 Paul
99432 Gravel


and I, as a voter, immediatly see that my vote was counted correctly. But no one else knows what I voted. Simple, no?

I'm a software developer, and last year some friends and I hashed out a lot of ideas about open-source voting, and we did come across the certification issue, but figured we'd shelve it for a while.

In principle, voting software is quite simple. The simplest thing for a machine to do is add and sort numbers, after all. The most difficult part is building and deploying a real-world system that is 100% tamper-proof.

We came up with some overall objectives:

100% open-source software; Linux and one of the open-source programming frameworks (I'm a fan of Ruby, but any other open-source language and framework would work)
cryptographically signed software on the voting device itself; this could be verified by anyone choosing to do so prior to casting a vote
cryptographically signed votes with printed receipts (very much like SList's idea)
distributed tabulation of results; multiple authoritative systems operated independently would tabulate the final results and publish their answers; any entity could sign up to contribute to the final tabulation, including private citizens using their home PCs
complete transparency at every step of the way


We spent many (barroom) nights hashing out details and ideas, and we usually took an extremely paranoid view of the matter. All software is hackable, and all human processes are hackable, but we were trying to cover every basis so that it was detectable and obvious when it had happened.

We, like the folks posting here, felt that voting was too fundamental to our freedom to trust anyone who mediates the process. So we were trying to design a process that was essentially mediated by everyone, if that makes sense.

We got so excited, we registered http://www.openthevote.org and then promptly never started the project.

If there were more groundswell, perhaps we could get something started. That domain name was pretty good, I think, and I still own it. Of course, we'd need some programmers and a web designer to get moving.

I'm a software developer, and last year some friends and I hashed out a lot of ideas about open-source voting, and we did come across the certification issue, but figured we'd shelve it for a while.

In principle, voting software is quite simple. The simplest thing for a machine to do is add and sort numbers, after all. The most difficult part is building and deploying a real-world system that is 100% tamper-proof.

We came up with some overall objectives:

100% open-source software; Linux and one of the open-source programming frameworks (I'm a fan of Ruby, but any other open-source language and framework would work)
cryptographically signed software on the voting device itself; this could be verified by anyone choosing to do so prior to casting a vote
cryptographically signed votes with printed receipts (very much like SList's idea)
distributed tabulation of results; multiple authoritative systems operated independently would tabulate the final results and publish their answers; any entity could sign up to contribute to the final tabulation, including private citizens using their home PCs
complete transparency at every step of the way


We spent many (barroom) nights hashing out details and ideas, and we usually took an extremely paranoid view of the matter. All software is hackable, and all human processes are hackable, but we were trying to cover every basis so that it was detectable and obvious when it had happened.

We, like the folks posting here, felt that voting was too fundamental to our freedom to trust anyone who mediates the process. So we were trying to design a process that was essentially mediated by everyone, if that makes sense.

We got so excited, we registered http://www.openthevote.org and then promptly never started the project.

If there were more groundswell, perhaps we could get something started. That domain name was pretty good, I think, and I still own it. Of course, we'd need some programmers and a web designer to get moving.

I think that now is a good time. Voting will be cast into the light again, and I think even if a system is made but not adopted, it can show the public how open and easily it can be done. Diebold cannot use the "it's complex" crap.

This topic has been discussed may imes in different forums. Pen and paper is the best, but if it has to be machine, it must be running open source system. Black box is unacceptable. If you search the slashdot, you should find some links to the websites working on it. I think EFF was involved too.

http://www.openvotingconsortium.org/

I think that now is a good time. Voting will be cast into the light again, and I think even if a system is made but not adopted, it can show the public how open and easily it can be done. Diebold cannot use the "it's complex" crap.

It is not complex at all. I have been making truelly complex software/hardware systems for about 15 years in the Microsoft based consulting world... I could easily design and/or build this entire system as could any single really experienced software engineer or group of somewhat less capable group of software engineers... however as I said earlier we would have to figure out how to fund the certification or fight the certification process in court as illegal or fraudulent in the fact it lets severly flawed systems through by large government contractors/subcontractors...

Anything that can be programmed and flashed can be hacked. It doesn't matter how slick you think you are.

Duh. Its not just about software, sorry.

I was invited to comment during a Senate investigation regarding voting machines.
After much research I concluded that they were too easy to hack.

Re: Diebold, that's way too easy to tamper with.

On-line real-time reporting, permanent write-only CD burning, paper trail via OCR - all of this can and must be done simultaneously to prevent fraud. These three items must tally for each machine - for it to be considered valid/not tampered with. Identities will be recorded so only those affected can be called on to vote again.

Believe me, the administration won't do this.
All that the powers that be care about is to make it easier to play with the numbers and make the elections go their way.

Edit: Sorry acmegeek. Seems we had a similar if not the same idea!!! I noticed it only now...
----
My simple idea:

every voting machine (can be touch-screen) prints nothing but a random number as a receipt. After the votes are cast, a big list is published, associating numbers to votes. This way every voter can check on the list if the number on the receipt matches the vote he gave. The votes are anonymous but still the voter can find his distinct vote on the list.

This is simple and easy. Difficult to fake. The only possibility to tamper would be to add some votes to the list, but if the observers count the number of voters and compare it to the number of votes on the list, discrepancies come over.

A concrete example:

I vote by pressing "Ron Paul" on the Touchscreen machine. The apparatus prints a receipt with "Thank you for voting. Your voting id is 28942". The next day, the list of votes is published


21233 Biden
33311 Paul
09012 Dodd
28942 Paul
99432 Gravel


and I, as a voter, immediatly see that my vote was counted correctly. But no one else knows what I voted. Simple, no?

+1

Except for the adding votes...
I say it prints out 2 receipts, one for you and one that is fed through a separate counter that only counts the number of receipts inserted and isn't connected to the first computer. It would also check the number on the receipt to make sure there's no duplicates, of course

you guys are missing the point. i'm a lifelong assembly/c/c++ coder and I'm telling you... any system that executes a program can be silently bypassed, altered, or intercepted given enough effort.

big big no-no's are any type of digital memory or cache, any type of digital display, and any type of digital scanning.

This really only leaves open mechanical devices. But yes you can program mechanical computers (e.g. http://en.wikipedia.org/wiki/Image:Zuse_Z1.jpg)

hacking a mechanical computer is still possible... but it would be impossibly difficult to do without being noticed and intractable on multiple machines.

Amen, ggibson1.

vodalian: I think that's why you don't obsess about making the system unhackable; you make the system transparent and distributed.

szczebrzeszyn: How is pen and paper superior? In my opinion, a pen and paper vote is more easy to corrupt and to hide from public scrutiny. First, the paper ballots would be single objects, easily destroyed. Second, because they are single objects, they can't be spread all over the world for counting, and must necessarily be counted only by (easily bribed) local officials.


There are a few crucial issues to the design of a voting system (both the software and people processes):

1. Knowing the total number of voters
2. Authenticating a voter
3. Ensuring that each voter's vote for each issue is counted without tampering

The first one is actually the most difficult technical challenge, and it is the most vulnerable to tampering at the voting machine. Some sort of peer-to-peer validation or cryptographic technique seems most likely here. In fact, the safest thing to do might be to allow people to vote over the internet from home or at the library.

Authenticating people is easy. There are lots of great techniques for authentication, including OpenID which could be a major factor here, since it is a distributed and open authentication platform.

Counting the votes should be distributed and redundant as well, so that no one party can co-opt an entire election by falsifying the data.

you guys are missing the point. i'm a lifelong assembly/c/c++ coder and I'm telling you... any system that executes a program can be silently bypassed, altered, or intercepted given enough effort.

big big no-no's are any type of digital memory or cache, any type of digital display, and any type of digital scanning.

I agree, but I disagree that the effort required to forge millions of cryptographic signatures during one election day would be possible for the foreseeable future. Let them hack the programs, but we'll still have our unforgeable cryptographic receipts.

If we could find an elegant way to bind the cryptography of the receipt to the rest of the tabulation process, the math would be in our favor here.

Ever since 2004 I have seen so many discussions about how easy such a system is to make. Yet, I still have never seen anyone do it. I don't care about "certification" at this point. I just want to see how simple it is. If it can be demonstrated that a open, distributed, with a voter verification process is buildable then the rest comes easier. So far the general public has been told that "It;s complex" Or "That's not possible." let's show them it is. The certification process is set up now, to favor he flawed methods. Change the people, they may decide to change that process. I know as anyone that there is never going to be a 100% secure system. If you add redundancy, ability for Voters to self-audit, and other features it make hacking a vote more difficult.

Again I ask, Is any Programmer up to the Challange?

The only way to make it 100% secure and accurate, is to allow 3rd parties (i.e. each individual campaign, or any other interested parties) to verify ALL of the votes.

The machine takes a persons vote. Prints 2 receipts. The person takes one of the printed receipts to independent watch station which is run independently of the voting place. The 3rd party could be made up of all representatives of all the campaigns with their scantron readers which scan in the persons vote and records it. In addition, half the scantron tears off and the person takes first half and 3rd party watch takes the second half. The 3rd party watch verifies the integrity of the receipt of both halfs of the receipt. In addition the 3rd party watch allows the person to verify that the receipt correctly states his/her's votes.

This way every 3rd party (including campaigns) can verify the integrity of the vote. The official votes are counted immediately by the computer system.

Since most polling places phone in results, the results should be phoned using an encrypted code that automatically does authentication. For example if 10,000 votes are being phone in, a 16 or 32 character encrypted text string would be phoned in (imagine a serial number.) That number would be completely unique and would contain information about the voting place, number of votes and who phone it in. If the person spelling out the complex string, makes a mistake, the system on the receiving end would immediately reject the code and force the person to try again. This would prevent anyone from verbally giving incorrect count, purposely or accidentally. Another words, the person gets the string right, or he'll have to spell it out again and again until he gets it right.

Also the code being phone in, might also be verifiable by the 3rd parties. Their machines should generate exactly the same code as the official one being phone in. If there is a discrepancy, in must be investigated right on the spot. The vote count tallies should match exactly between all 3rd parties and official counts. If they don't, the voter receipts must be rescanned and the votes again compared. In the end, the 3rd party vote count totals should win over the official machine ones if there are more than 2 parties participating, otherwise the official vote counts win.

The person has to surrender 1/2 of the receipt to 3rd party before leaving.

This kind of system, would also allow 3rd parties to come up with their own verification process since they have duplicate copies of every vote cast.

This would ensure 100% accuracy and accountability.

It would take approximately 2 lattes (coffee time) for 3 reasonably intelligent engineers to sketch out the design for a foolproof, electronic election system. The reason, we must conclude, why this has not been accomplished, is that the design sucks BY DESIGN.

Ever since 2004 I have seen so many discussions about how easy such a system is to make. Yet, I still have never seen anyone do it. I don't care about "certification" at this point. I just want to see how simple it is. If it can be demonstrated that a open, distributed, with a voter verification process is buildable then the rest comes easier. So far the general public has been told that "It;s complex" Or "That's not possible." let's show them it is. The certification process is set up now, to favor he flawed methods. Change the people, they may decide to change that process. I know as anyone that there is never going to be a 100% secure system. If you add redundancy, ability for Voters to self-audit, and other features it make hacking a vote more difficult.

Again I ask, Is any Programmer up to the Challange?

By simple programmers mean weeks or months... and who is going to do that when no one will use it as far as they know?

--- pin pin pin ---

Lets talk about this more.

I'm a Utah programmer meself :)

I think you guys will have to wait for quantum computers. There's just no concept of 'unique' to a databit.