Sure would be nice, but not secure.

and they decrypt it. We could build a system by which we log into encrypted servers and cast our votes, but can we trust the people (read, contractors) not to fuck with the data after it get there and is decrypted? I don't think so. And I don't see a good way to verify that our votes don't change and that they're counted correctly. Even if we could log in and check the values of our votes later, who says they did or didn't produce an appropriate increment in a corrosponding value somewhere?

On the other hand, we don't have that now. Even when one looks at the optical scan ballot or whatever, there's no guarentee that it gets counted correctly ("correctly" being the way we expect it to be counted).

...and poor people have to stand in line?

would be shut out of this disproportionately.

There is no reason, none, for anything less.

The problem with our current system is that our election equipment and software are designed by private corporations that get to hide their source code from the public, feeding data into other proprietary systems designed by private contractors who lack any accountability.

E-voting can happen in a trustworthy way if it is accompanied by transparency and openness. Our current e-voting schemes lack both.

Every line of every bit of software used on our vote counting and recording machines should be available to the public. The databases storing the vote data should be publicly readable in real-time. Our current system is corrupt only because we give the fraudsters so many dark corners to hide in.

Cheaper, more transparent, less doubt in the mind of voters.

What's the reason behind a push for e-voting? What's the justification even if it is secure?

That's the number of potentially eligible voters in the United States, and the number of ballots that could potentially need to be counted in any national election. "Camera's rolling" is only a useful safety check if someone is actually going to sit there and watch all 230 million ballots being hand counted.

Fraud is a human invention, perpetrated by humans on other humans. By going back to an all hand system, you are injecting the most fraud prone counting instrument ever invented into the middle of the election...the human mind. Statistically, half of your hand counters will be Republicans, 10% of whom are teagaggers. All of your counters are going to come in with their biases, their prejudices, and a preference for one outcome over another. It's a fantasy to believe that these biases can't impact the vote count, or that placing cameras in the counting rooms will somehow prevent fraud from happening.

A computer is neutral, impartial, less error prone, and far superior to human beings when it comes to tabulating an unbiased answer. The one and only problem with computers is that their code is written by the same biased, prejudiced, fraudulent human beings as we would have counting them by hand. The fix for that problem is to require that all election code be public, so that it can be examined by people with the opposite biases, revealing the fraud before it can impact anything. Computers don't lie, cheat, or steal. They do exactly what they are told, how they are told to do it. Those are the eyes we need to have counting our ballots.

... of the count. Remember the ballots are not all in one big pile, they're in many very small piles.

Inside of computers and networks there's a trillion ways to commit fraud, some virtually impossible to detect.

But there's too many ways to hide code, too many ways to surreptitiously insert code. And that's not even considering disrupting the entire election through something as simple as a denial of service attack. There's a trillion opportunities for somthing to go wrong, intentionally or otherwise.

Again I ask: what's wrong with paper?

It's the human involvement I don't like. Remove humans from the process, and the process improves.

But, for what it's worth, you're still hung up on the bad code argument. Well written, clearly documented code should have no corners for surreptitious subroutines to hide in. Demand clean code. Demand good documentation. Demand that it be written in a language that can be comprehended by most people (i.e., no C). Demand that the compilers be subject to the same requirements.

There's no such thing as a fraud proof election system. Voting boxes end up in the trash, ballots get not-so-accidentally miscounted, people get mysteriously dropped from the voting rolls. Dead people vote. Living people vote twice. Fraud happens. The process for creating and deploying computerized voting systems thus far has been horrendous and undemocratic, but that doesn't change the fact that computerized voting still represents our best hope for creating a fraud resistant, open voting system that is far more accessible to Americans than the systems we have in place today. Nobody should have to leave their house, or try to get off work early, or go stand in a line in the rain or under a blazing sun, just to participate in our democracy. The technology exists for us to make voting accessible to everyone, we just need to implement it in an open and trustworthy way.

Or Intel in chips? How you gonna find that? A tech solution offers far more opportunities for fraud and other mischief than do publicy counted paper ballots.

Cisco hiding code in their routers is only a danger if you're transmitting data that is not properly protected. No intelligently designed system would allow votes that weren't encrypted with verifiable CRC's. Intel hiding code in their chips is a more plausible (if not very realistic) danger, but even that can be solved using the relatively trivial verification process I outlined elsewhere in this discussion.

Most of the security problems we see today (both in election software and software in general) are the result of poorly architected systems that are rushed through development and written by programmers more concerned with meeting deadlines than developing elegant and maintainable data systems. Thoughtfully, elegantly designed software systems can be both resilient and resistant to tampering, attacks, and fraud. Sadly, this kind of software is so rare nowadays that poorly written (and insecure) software is considered "normal", and many people like yourself erroneously believe that real security isn't even possible. While there is an art to quality software development that is largely lost on the younger generations of developers, it's ENTIRELY possible to build a robust and reliable e-voting system that would not only protect us from fraud better than paper ballots, but would also completely change the landscape when it comes to eliminating voter disenfranchisement and while improving voter turnout.

Voting should be easy, fast, and available to everyone. You can't get that if you're standing in a line under a sweltering sun waiting to scribble a vote on a piece of paper. Sure, paper works, but paper balloting reinforces the greatest disenfranchising factor of all...lack of time. The overwhelming majority of people who don't vote WANT to vote, but don't have the time, ability, or knowledge to make it to their local polling place. That has disenfranchised more voters than all of the racist plots in American history. Secure remote e-voting has the potential to be the greatest leap forward in voting accessibility in American history, if we'll just devote the resources to do it right.

Hiding behind ancient technology because you fear fraud is NOT the answer. Building better, fraud resistant e-voting systems using ballot models that are publicly verifiable and an information architecture that is transparent to the public is a better solution.

... early and absentee voting. No reason ballots can't be mailed to voters in advance (see Oregon). The time problem is man-made, intentionally. It can be easily solved.

On the other hand, you'll never convince most Americans that an e-voting system can't be rigged.

We need more transparency in our election system, especially counting the ballots.

Pieces of paper and good old fashioned pencils - soft lead ones.

off topic - nice picture of Bob.

I specifically said all voters would have their own proof of voting and who they voted for. Not only that but there would be several other locations a person's vote would be stored. That's an absolute trail.

Online voting would also make it easier for the disabled and others who have no transportation. The numbers of people would skyrocket.

Even with paper, punchcard ballots could easily be manipulated. They also can be lost or stolen. Secure online voting would provide absolute, untamperable voting results AND a very thorough trail with the voter having a list of all the people they voted for.

Why not paper ballots, hand counted, in public, cameras rolling? Just what is wrong with that? Disabled and others can cast paper ballots by mail, as they do now.

You'll never convince me that Secure online voting would provide absolute, untamperable voting results, but then I only worked 40 years as a techie.

But just what is wrong with paper?

I was reading one interesting proposal last year that actually identified a way to securely vote online AND to verify later that your vote was actually counted. It proposed a two part encrypted ballot with one part being "public" and a second part being "private" using a key generated locally on your computer. Anyone in the world could compare the public hashes of your public and private encrypted votes to verify that they match (they wouldn't see the votes, just the hashes), and the government would have your original ballot key which would allow them to open and count your "public" vote, but only you would have access to actually re-open and view your "private" ballot.

If someone alters your "public" vote record and not the "private" record, the vote record would be immediately identifiable as being tampered with. If someone went further and completely replaced both of the ballots with a matching pair, your key would no longer open the file and you would know that it had been tampered with (they would have no way of knowing what your key was). Even if they found a way to crack and reuse your key, decrypting your private ballot would permit you to immediately see the recorded vote data.

You could even go further than that, if you really wanted. You could require that the vote counting system itself generate a third encrypted ballot, showing the actual vote data that it COUNTED when your ballot was tallied using the "public" ballot. That would allow you to not only verify that your ballot wasn't tampered with, but to see how your ballot data was actually applied within the counting system.

Couple that with something like you're discussing, where the ballots could be stored in multiple places and compared against each other to allow for comparisons, and you'd have a fairly tamper resistant system.

because that's what it opens us up to.

I like the universal mail in ballots. They're paper and can be cross checked if the results are outside the margin of error for the last polls taken.

We have OptiScan ballots here in NM, but they are all paper ballots. We're halfway there. These ballots can be checked if a candidate sues for a recount or if fraud is suspected. We got them in 2005 after the DREs were found to have erased 17,000 votes in the national election, but retained them for the local elections for judges. That's how Stupid won this state in 2004.

This is exactly what we need!

and you want to make it "e-secure." ???

You are a trusting soul.

I didn't say we had a secure inline voting system now. I described a scenario that would be more secure than online banking. The reason I proposed it was to eliminate tampering and so all votes will be counted. If you read my entire article you'd easily see that the system proposed was because I don't trust the current primitive system that is riddled with so many holes that can lead to corrupted vote totals.

It's amazing the skepticism of so many. Lets scrap all advances made in the last 500-5000 years. It can't be trusted. It can't do this it can't do that. Lets just scrap all innovative technologies and live in caves again. It's obvious there are too many people who lack the imagination and information to further the technology regarding voting. Frankly, it's alarming how fear is controlling so many people. No wonder the US is near last in ever category except war, military, violence, incarcerations, executions, etc. the US is near last for a reason. Now I see why.

i wonder about your elevator.

nobody's saying to "scrap all advances...all innovative technologies..." But you came here to to school us on your high tech wisdom.

Guess what--we do not have a trustworthy election system to begin with, unlike many other countries. And your theoretical models are no cure, for the foreseeable future. For so many reasons that should be obvious, online voting is not the answer for Murka at present. And maybe because we are as backward as you say. And on your last point I agree--we are mired in the past and are controlled by fear-mongers. But you knew that before you came here to discover "the reason why."

We've been round and round about this before--where ya been? Welcome to DU.

. . . as recently as 30-40 years ago. It isn't a question of "going back 5000 years."

Every computer security expert in the world thinks this is a shitty idea.

WHY TOUCH SCREEN VOTING MACHINES ARE NOT LIKE ATMS

ATM software is open, but voting software is proprietary

Banks insist that all code in ATMs be fully disclosed to them and they won't trust their money or their depositors’ money with anything less. Voting software by comparison is considered proprietary. Companies that make both ATMs and voting machines proudly boast of their open source software for ATMs in their advertising. This situation could conceivably be changed by demanding that voting software also be fully disclosed, but there are other reasons why open source code is not by itself sufficient to make voting machines like ATMs. For example, it would be necessary to match the code on all voting machines to verify its identity with the true open source master code immediately prior to each election. But even then, any diskette or other similar device could introduce a virus or other malware that deletes itself. Furthermore, human beings can not observe the vote counting even in open source environments.

In addition, there is the problem that open source code itself is not necessarily "knowable". One can think of the law as being open source "code", free of copyright and at least in theory available to all in free libraries. However, like the extensive areas of code in computer programs that often have unknown functions or utility, even a lawyer who spends his life studying the law doesn't understand how every bit of the "open source" law works, nor can we the people realistically understand even a fraction of exactly how the open source code for voting machines would work. Even with open source code, then, we would be required to accept election results on trust or faith, which is the opposite of checks and balances.

Were the code of the voting machine vendors suddenly opened up or disclosed, it would take a long time to understand it, we may in fact never understand it, and those who do understand will only be a handful of experts with a lot of time on their hands, probably paid by the government or a vendor and not loyal solely to the public.

Individual ATM transactions can be tracked, but individual secret ballots cannot be tracked

Every transaction in an ATM is completely tracked with redundant account numbers traceable to the account holder, and your transaction is photographed or videotaped for security purposes. In contrast, a secret ballot cannot possibly be associated with such an identifying number and still remain secret. The very secrecy of the ballot creates a virtually untraceable system that is wide open to both fraud and the cover-up of material irregularities. It is not feasible to provide a receipt in elections to prove a transaction because of concerns about using it to sell votes, though this concern might be addressed by making verification available only to the voter in secure locations like the elections offices.

To make ATM banking perfectly analogous to the process of voting, you'd have to have every account holder at a bank make a non-traceable (secret ballot) cash deposit on the same day (election day) by dropping this anonymous deposit (ballot) into a large bin (ballot box). Bank officers would then calculate the total amount of money deposited in secret with no public oversight, but not start counting until after the bank (polls) close. The account holders (the voting public) would then come back at the closing of the business day (election night) with the media in tow demanding instantly reliable bank balances and overall account results within minutes or hours of the closing of the bank (polls). Bankers (election officials) would insist along with some in the media that the convenience of speedy results was far more important than accuracy in one's bank account (election results).

The insane rush to count the bank deposits (ballots) within minutes or hours on election night would them be used as a primary argument for making the banking deposits invisible and unverifiable by converting them to electrons, so that they could be processed all the more quickly and conveniently. Hopefully it is obvious that in such elections we would be putting intense pressure on a very fragile and inherently unauditable system. In contrast, public and auditable systems can work only at deliberate, and visible, speed.

ATM errors typically have no consequence for users because they are correctable, but ballot tabulation errors have very serious consequences that are usually not correctable

With banks, you have at least 60 days after receiving your statement, if not much longer, to contest and challenge the transactions involving your account. With voting, there is no possibility at all of correcting your vote after you leave the polling place. In fact, voters are considered legally incompetent to contest their ballots with extrinsic evidence under stringent anti-challenge provisions. Election contest laws are subject to extremely short statutes of limitation such as ten days. At any rate, you couldn't locate your own specific ballot for purposes of challenging its tabulation, and some elections officials have preemptively cited academic research purporting to suggest that significant numbers of voters "don't accurately remember their own votes" after having voted, in order to cast doubt on members of the public who may wish to question the tabulation of their own votes. Thus, nothing is allowed to impeach or contest the rushed count, not even the voters themselves were they somehow able to show their own ballots counted incorrectly.

Broken touch screen voting machines have disenfranchised many, many people who have had to get back to work or school before a functioning one could be made available to them during limited voting hours. A broken ATM just means that you have to go to another bank branch or supermarket, at any hour of the day or night. In the case of voting, touch screen machines are expensive bottlenecks where you may be forced to stay in a long line at only one polling place. You usually cannot go elsewhere to cast your vote, though in some states a provisional ballot may be allowable.

In summary, you vote untraceably (assuming that you aren’t turned away unable to access a functioning machine, or by long lines), you're not allowed to challenge or change even your own vote, you're not trusted to remember it, and then the elections officials refuse to disclose their data (ballots) or their analysis methods (counting software) on the grounds of trade secrecy, only releasing their conclusions (election results).

Such a system has absolutely none of the safeguards built into ATMs, which have quadruple redundancy. If you take out $100, you can count the five crisp $20s, check the receipt, cross-reference it with your bank statement listing individual transactions tagged with unique numbers, and if necessary, request the photo of you making the transaction.

ATMs have extensive real world testing that vote counting systems can never have

Principles of elementary systems analysis dictate that any complex system, whether mechanical or electronic, is highly unlikely to ever be free of bugs. Such systems can, however, eventually be made robust and reliable by banging them against reality hard and often. ATMs are part of a complex system that has had most of the bugs worked out of it by being constantly tested in the real world, billions of times an hour, 24/7, 365 days a year. Even so, they still malfunction occasionally, though if you run into one that isn’t working it’s usually a minor hassle to find another one.

In contrast, voting is something we do a couple of times a year, and letting machines with complex hardware and software do it for us means that elections must inevitably always be a beta test. This is why you rarely hear of ATMs that don’t work because of heat or cold or humidity, but commonly hear of voting machine breakdowns for those reasons and many others. If we only drove our cars for a couple of hours once a year, they'd suck pretty badly too. Beta test mode is absolutely unacceptable for something as important as voting.

Moreover, even if billions were spent on ATMs, there is no conceivable way that we would all be able to use an ATM in the same 14 hour time period, even under completely optimal and bug-free conditions. Forcing voters to use electronic voting machines means forcing them to stand in long lines instead of the five minute service guarantees we are used to in stores. The "promised land" of electronic voting promises only convenience for election officials, inherent invisibility of mistakes (which appeals to both vendors and election officials), and replicates the situation we now have with school systems whereby rich districts get great service and poor districts get poor service. The ultimate effect of electronic voting is therefore structural disenfranchisement of the poor by the forced bottlenecks of expensive machines.

We can safely entrust others with tracking ATM transactions, but we can only trust ourselves to supervise vote tabulation

The current situation is this. We now have no basis for confidence in election results because the data and the method of its analysis are never disclosed—only conclusions (election results) are disclosed. Voters are considered legally incompetent to change or challenge their votes, or even to recall what those votes were. Voters are widely considered by elections officials to be the cause of machine malfunctions themselves, resulting in delayed responses to fix them. Furthermore, the poll workers are not supposed to observe the voters and therefore can't easily verify whether a given problem is a machine problem or a voter problem. (Would any self-respecting software engineers refuse to include an undo function in their word-processing program, and then blame users for not being smart enough to avoid mistakes 100% of the time? Most “user” error is really system design error—real world testing should result in errors being hard to make and easy to recover from.)

We need to fight for democracy here in our time, meaning that the government must serve the public, which is the ultimate source of political power, and not the other way around. Public "servants" should not seek their own convenience and insulation from accountability for mistakes, but should instead be rewarded for falling on their swords and reporting problems voluntarily and immediately.

We the People must insist on vote counting methods that are transparent and public, that have robust checks and balances, and that keep fully in mind the very unique features of elections that make them not analogous to much of anything else. Thomas Jefferson anticipated every generation would need a revolution in democratic values to remember the inalienable rights of We the People and assert them against government officials who (quite naturally and even understandably) believe that their full time specialist status entitles them to special rights, because that is the route to something other than democracy, something other than We the People being in charge.

From first hand experience, I can tell you that ATM software is, by and large, proprietary. It may include some open source components - in the same way that voting machine software also may include some open source components. But it is not disclosed to banks, and most license agreements prohibit reverse engineering.

(I'm not fact checking the rest - but I suspect it includes additional misconceptions.)

ETA...guess the third time's the charm. It was attached to the right post the first time.

Straight from the Diebold website. Promotional material for their ATM software.

Welcome to DU.

and have for a long time, it would save a lot of resources to conduct voting this way.

However, you're posting this in a place where people adore old lever machines, and paper ballots, preferrably marked with a quill pen. Good luck with that, and welcome!

We also like secure, verifiable elections with large turn outs. This is why we vote by mail. You like to line up like lemmings and wait and wait?

Voting by secured Internet ballot is at least as safe and cheat-proof as voting by mailed in ballots. Why some here like the latter and hate the former is beyond me.

Online voting? It was enough of a hassle teaching seniors to use optical scan.

i'm in California.

voting places are plentiful, there are no long lines.

one can vote by mail, easily.

in both cases there is a paper trail.

i don't wish to change our system in this way right now. i think in this state, we have a model to follow, not change.

She's also a strong advocate of government transparency.

http://en.wikipedia.org/wiki/Debra_Bowen

. . . a voting system that can be hacked to change a vote can also be hacked to produce a voting receipt that shows something different.

i'm just wondering.

you said you were "Anarmyveteran", which coincided with this account, now 9 years old, but your other account was tombstoned a couple years ago.

and then there is "Truthbeknown", is that you also?

i don't like to feel like i'm being toyed with, so it would be nice to know why someone feels they need multiple accounts to use DU effectively?

mostly in two threads.

and he has openly said he had another DU account during the time he's had this one (and used it!).

the other account was tombstoned, this account was created around the same time as the tombstoned one.

there is also another account called "truthbeknown" which also dates to 2004, and seems to dabble in UFO's and the as this one seems to have at times.

i don't understand why someone needs to pretend to be more than one person to make a political point.

Something we Americans (some of us anyway) simply refuse to acknowledge, that other countries just *might* have a better way to do things than the Best Country on Earth™.

The US is only number one in violence, executions, military, nukes, murders, wars, etc. The US is near last in all positive areas.

If the US was smart it would pick the best parts of what other countries are doing well and adopt the ideas here. Only fools mindlessly believe the US is #1 when it's really 30-50 in all areas except ones related to violence.

Thanks for your educated answer. It's refreshing on this site.

See how easy it is to respond?

How refreshing.

make a copy of your own ballot if you want. We vote where and when we want. All of this without doing that 'electronic invisible ballot free bullshit.
Your State could do this with no fuss and no muss. We get larger turn out each year. No Republicans in Sate wide office, only one in DC from here.

in the mail or drop them off at a ballot box; there's a physical record that can be re-counted; and there's a computer record that tells you when they received your ballot.

No way would I support switching to a "secure" online voting system.

Elections departments understandably do as little as they can get by with due to the expense. Random audits of races at all levels should be required. For instance, King County Elections audits only county-wide contests. I think they should be required to select at least a few state legislature and city council races to audit as well.

No, thanks. A nice paper trail works very well -- and when in doubt, ballots can be unboxed and recounted by hand in front of witnesses.

It's too easy to fuck with. You want to lose the secrecy of your ballot? Think buying and selling votes, retribution, like maybe you lose your job because you voted "wrong," etc... Do you want to lose the trustworthiness of the count? Maybe lose both?!

What we need is paper ballots and sharpie markers counted locally and then again at the county level with with plenty of witnesses and paper evidence for recounts or investigations of tampering.

Even a mail-in ballot is preferable to internet voting, so long as our postal system retains its integrity.

The U.S. doesn't even have a "first world" election standards as it is. You want to make it worse? You want corporate or "lone wolf" hackers changing your vote? You want the NSA or the CIA voting for you? Or the Chinese government? No thanks. Things are bad enough as they are. We don't want to make it worse.

There is enough voter fraud! All electronic machines needs to be shit canned and go back to regular paper ballots. Sometimes the old ways are the best ways.

Too many opportunities for stealing the vote, and no way to fix it.

I'm not leaving my vote up to NSA to mess with.

However much of a pain in the ass it is. Having your vote stolen is not a fixable problem.

you might as well go all the way to direct democracy.

where no one can tamper with the code and then have voters fire either a green or red laser at a sensor on the moon, depending on your choice. The voting machine then calculates the results and beams them back to earth.

go to check out for other possibilities at the online dating sites then it would be a hit and a go