Yet Another E-Voting Glitch; This One Adds 5,000 Phantom Votes
from the oops dept
Another election using e-voting machines… and another set of stories concerning massive problems. Slashdot points us to the news that a local election in Rapid City, South Dakota, was about to go to a runoff after no one hit the 50% mark, when someone finally noticed that the 10,488 vote total seemed a bit high. So, they went back and recounted the actual ballots, and discovered only 5,613 people voted, but the software added up the votes incorrectly. Once again, we’re left wondering why it’s so difficult to do simple arithmetic — and why e-voting companies like ES&S are so against allowing experts to look at their source code and maybe help catch some of these bugs before they totally screw up an election.
ES&S, of course, has been especially bad when it comes to transparency, despite numerous stories of glitches. It’s also the company that had an employee stop by here on Techdirt, call us all “idiots” while insisting that the machines were perfectly fine and that the machines are “extremely scrutinized and very reliable” and anyone questioning their reliability was simply relying on “conspiracy blogs.” Of course, his focus was on the idea that the machines were “hacked” — a charge we never made. Our concern — and the concern of many others — are that the machines are unreliable, prone to errors and have serious security and process flaws. Considering how many stories we’ve seen of problems with those machines in real elections, that seems to be proven fact — not “conspiracy.”
And yet, ES&S has always resisted any real scrutiny. When California looked to investigate e-voting machines more fully, ES&S was the one vendor who held out for months beyond the deadline, before finally submitting its source code along with a threatening letter about how it would personally sue the Secretary of State if any of its trade secrets got out. Of course, soon after this, we found out that even its certified code didn’t much matter, since it had given California machines with uncertified code for an election. In the end, not surprisingly, ES&S machines were found to have significant problems, and were decertified in California. Perhaps South Dakota should have taken note.
Filed Under: e-voting, extra votes, south dakota, transparency
Companies: es&s
Comments on “Yet Another E-Voting Glitch; This One Adds 5,000 Phantom Votes”
Sounds like you need to start a e-voting company if you think you can do it so easily. Seriously, you have so many things figured out. You should be a millionaire by now.
Re: "If it's so easy..."
I’d say somebody had to work pretty hard at it to produce a tabulating machine that was off by 100%.
Re: Re:
You don’t necessarily need to know how to do something better in order to recognize and point out when something is crap. I bet you do it all the time too, so STFU.
Re: Re:
This business is quite similar to that of security companies. It doesn’t matter how skilled the companies are. If the buyers are completely incompetent it makes more sense to spend money on marketing rather than technical R&D.
Re: Re:
Oh quit being a troll. Correctly tallying votes is, arguably, the ONLY thing an eVoting machine has to be able to do. It’s pathetic that they can’t get that right, and anyone and everyone has the right to call them out on their laziness/incompitence/both.
But really, sounds like you need to start a leading technology blog if you think you can do it so easily.
Re: Are you serious?
You are treating this like it is a minor issue when our republic relies on voting for the selection of its leadership. Unfortunately we’ve been brainwashed for so long that ‘for-profit’ is better than ‘public good’ that responses like yours are inevitable. Rather than starting an e-voting company, the U.S. government should develop an open source voting system that can be vetting in the public forum.
Re: Re: Are you serious?
The above comment is in reply to:
“by Anonymous Coward – Jun 9th, 2009 @ 11:41am
Sounds like you need to start a e-voting company if you think you can do it so easily. Seriously, you have so many things figured out. You should be a millionaire by now.”
Re: Re:
Sounds like you need to start a e-voting company if you think you can do it so easily. Seriously, you have so many things figured out. You should be a millionaire by now.
Sounds like you need to start a blog of your own if you don’t like Mike’s. Seriously, you have so many things figured out. You should be a millionaire by now.
“technical R&D”
For a glorified calculator? LOL
1,2,3,4,5,6,over9000,8,9,
ES&S are the programmers /b/tards i wonder
Re: Re:
congratulations, you caused me to spit Dr.Pepper all over my keyboard…
I wouldn’t call Techdirt a leading technology blog.
A patent blog, a copyright blog, a free blog yes. I don’t know of anywhere where these things are talked about more.
Is it that hard?
As a computer programmer, I routinely have to deal with things that end up being a lot harder or more complicated than you’d initially think; and trying to get a computer to do something that seems simple to explain isn’t always as straightforward as it seems.
But seriously… how exactly do you screw up counting? What am I missing here?
Re: Is it that hard?
You’re probably missing stubborn ignorance and lack of responsibility.
Re: Is it that hard?
Ditto
Re: Is it that hard?
uhm…. what comes after three?
(a more serious answer)
Well, for one thing, you would have to authenticate users to ensure that no one votes twice and to make sure that people that shouldn’t vote in a specific area don’t (ie: if I live in Florida and am not supposed to vote in Texas then I shouldn’t be able to vote in Texas. Some people may try to vote in two places at once, or have someone else vote for them in some other area. Who knows, lots of things can happen, I’m not claiming I know all the intricacies but a little bit of creative thinking might yield some way that things can go wrong).
You guys are misunderestimating the difficulty in typing programmification of the term TotalVoteCount++;
Re: Re:
“You guys are misunderestimating the difficulty in typing programmification of the term TotalVoteCount++;”
But you have to remember, there may be multiple candidates. So, TotalVoteCount might have to be a vector of integers! Trade secret is out!
Re: TotalVoteCount++
That’s easy…
class FunnyInt {
…
void operator++(int) { myint += (rand()%3); }
}
FunnyInt TotalVoteCount = 0;
while (peopleVoting) { TotalVoteCount++; }
Cheers,
athe.
It's all in the method
They are attempting to implement the historical ‘kings count’, where the king would divide out the loot/goods/etc highly in their own favor.
One (1 item) for you, Two (2 items) for me, two (the second item) for you, three (3 items) for me. So at this point you have 2 items, and I have 5, which is all fair and equitable (according to the one doing the distribution, not the one receiving it).
The problem is that when you implement this type of count with a virtual item like ‘votes’ it’s hard to make sure your loops are correct, if they aren’t then you end up dividing out more than you actually had in the first place.
WTF...
How do you fuck this up:
Button Candidate1() Click
intCandidate1Votes = intCandidateVotes + 1
End
Am I missing something here?
Re: WTF...
> How do you fuck this up:
> Button Candidate1() Click
> intCandidate1Votes = intCandidateVotes + 1
> End
You just did. Your second line should be:
intCandidate1Votes = intCandidate1Votes + 1
i.e. you missed the “1” in your variable name.
All voting software should be open source so we can catch errors like that.
How do you fuck this up:
Button Candidate1() Click
intCandidate1Votes = intCandidateVotes + 1
End
Am I missing something here?
Not at all.
Again; consider the same companies who make ATM machines with their ‘high rate of failure’ (joking) are making voting machines.
One would *think* a voting machine would require a lot less work than an ATM…
Re: Re:
One would *think* a voting machine would require a lot less work than an ATM…
Not if you understand the problem. The big difference is that votes are supposed to be anonymous whereas banking transactions are just the opposite of that. This one simple difference makes the problem much different.
Re: Re:
“””One would *think* a voting machine would require a lot less work than an ATM…”””
Actually, this is a really interesting comment. Would one think that? This one certainly does not: I think that a voting transaction -should- be handled with the same security and attention to detail provided for a currency transaction. However, I believe it is very likely that many would agree with you, that collecting votes should be “simpler than an ATM”. Maybe this is part of the problem. Completing a voting transaction should be every bit as carefully completed and monitored as getting 20 bucks out of the ATM.
How hard is it?
I’m not a programmer, so I could be totally off-base here. But, simply tallying votes for a set of candidates or issues should be simpler than creating an online shopping cart, where you get to select/vote for a wide variety of products and hit submit to have your order/ballot processed. I don’t think I have ever had the problem of receiving an extra 5,000 of the latest bestseller from Amazon when I ordered a single copy.
Re: How hard is it?
I am a programmer and you are correct, counting votes is an easy program. However, voting machines are custom configured for each vote so there are many chances for errors in the setup. Also, the basic system is a distributed database that keeps score. It’s quite common for the front end programmers to not know how the database works and that is what causes these errors to be made.
Personally, I think votes should be on paper and counted by hand. Anyone who thinks a programmed voting machine is a good idea must also love computerized slot machines and off shore online poker.
Another scary thought: Voting machines are designed to be field configurable at the hardware level, using the Internet. They can change behavior during the voting and from what I have seen/heard the security is not world class.
PEBCAK
It is a *little* harder than that. You have to show the voter the right set of contests and deal with over-votes, but based on all multitude of other elections that had no problems I would guess that it is quite doable. It seems like good old fashioned user error is a likely possibility.
What to worry about ...
“Our concern — and the concern of many others — are that the machines are unreliable, prone to errors and have serious security and process flaws.”
My concern as a firmware engineer is that there is an independent audit trail. Yes, let the machines count the votes but print a completed ballet which the voter can examine and put into the box. Then, after voting has closed, take a statistically valid sample of the paper ballets and compare that to the results. It’s called quality assurance.
Here in Texas we use a voting machine that provides no such audit trail. As a thirty year veteran of creating systems containing embedded computers, I know they are fallible because I’ve created systems with bugs that got past all our testing.
Re: What to worry about ...
“Here in Texas we use a voting machine that provides no such audit trail.”
Yeah, that sounds about right.
TW
Boy would your mailman be *PISSED* off at you! lols
total vote count???
Ok I’m not a programmer, so I’m just going to look at the part that I do know about: TOTAL vote count.
10488 / 5613 = 1.868 !!!!
Which means that according to the machine:
1 = 1.868
Computer: n. One who computes.
It is mathematically IMPOSSIBLE for 1 = 1.868 by accident. The ONLY POSSIBLE conclusion, therefore, is that someone programmed that into the software. Whether or not they did it intentionally is irrelevant; they did it.
Re: total vote count???
“It is mathematically IMPOSSIBLE for 1 = 1.868 by accident. The ONLY POSSIBLE conclusion, therefore, is that someone programmed that into the software. Whether or not they did it intentionally is irrelevant; they did it.”
Irrelevant? To me it’s the differnce between public embarrasment and all out revolution.
Re: Re: total vote count???
My agreement with your argument would depend on two things: 1)the outcome of the election; 2)the severity of the screw-up.
In other words a US president being elected by a faulty outcome is pretty damned severe; but a minor proposition is not so bad. Both are cause for public enmity, but an all out revolution over a minor prop? Not so much.
So, I’ll grant that whether or not a programming error is intentional is, in fact, NOT irrelevant in regards to public emotions. From a system designer’s point of view, however, it IS irrelevant; who cares WHY it was done, just fix it!
Conspiracy Theorist?
Am I a theorist if I think we should take a peek at any connections between a political candidate or party and the company that makes the voting machine? This happens way too often to just be bad code once or twice.
Not only that, but I think the FTC needs to crawl up ES&S’s ass with a microscope and find out what is going on. Why has this not been done?!?
Re: Conspiracy Theorist?
Simple: When you’ve got an entire nation by the short and curlies, and when you have an active interest in rigging elections through a state sanctioned voting machine manufacturer, you don’t go rocking the boat with insignificant trivialities like “truth” and “justice”.
So yeah, you’re a conspiracy theorist. The problem is that your theory is probably true.
Re: Conspiracy Theorist?
Back in the 60’s a former Louisiana governer won the election in Mexico. He wasn’t running in Mexico, but the ballot boxes had been sold to Mexico.
I’ve looked, and can’t find any news articles, nor can I remember the governer’s name for the life of me; but rest assured this DID happen.
Voting Machines Made Simple
A) One machine per polling location with multiple terminals for people to vote at (greater security)
B) Use a MOUSE and KEYBOARD – Everybody uses those already and don’t need to be calibrated (ease of use)
C) Paper trail – terminal prints vote receipts which are submitted by the voter as the official vote, electronic copy is mere convenience (auditing)
D) Voting program is open source and freely available to be run on any PC (debugging)
Then the program itself is broken into multiple pieces based on area the vote is relevant for. So all areas in the state have the exact same program for all the state level elections and same for local communities. This way the implementation is the same everywhere.
People can announce the results of the electronic election, but the results aren’t certified until all the paper ‘receipts’ have been counted
Re: Voting Machines Made Simple
C is the important one:
The voting machine should be JUST a machine to help people mark their ballots, not a counting system. The voters should hit the terminals, make their votes, and a printed and completed ballot should come out.
That ballot can then be checked by the voter, and any problems dealt with before the vote is submitted. Then it should then be hand carried and deposited in the vote box for later counting.
Then you take these votes, process them with another machine, and use that machine to actually count the paper ballots. Store the paper ballots under seal for any appeals. Otherwise, you are done. No way for the software to fuck up, and it is easy as heck to go back and check the paper ballots.
totally electronic voting (single machine / networked machines) is a very risky way to go.
Re: Re: Voting Machines Made Simple
which, of course, takes us back to the PEBCAK phenomenon….
We should get the people who make slot machines to make voting machines.
Don’t here about someone supposed to win 5 bucks and win 5,000 bucks.
Re: Re:
Don’t here about someone supposed to win 5 bucks and win 5,000 bucks.
Such things have happened. The casinos don’t like to publicize it and they make the people give the money back.
“It’s also the company that had an employee stop by here on Techdirt, call us all “idiots” while insisting that the machines were perfectly fine and that the machines are “extremely scrutinized and very reliable” and anyone questioning their reliability was simply relying on “conspiracy blogs.””
Because if you label someone that disagrees with you a crazy conspiracy theorist they must be wrong. I’m very disappointed in what passes for good logic these days.
Voting machines
I was a precinct inspector in the May 19 California elections.
The Secretary of State requires we have an electronic voting machine available, but “if one person uses it, you need to get a total of five to use it”.
So, a guy came in and insisted on using that machine. Most people who vote are VERY nice (cream of the crop) so we found four others who agreed to use the machine to help us out.
Wonder what the results were? We had five people – wonder if it was reported as 50, 500, 5000, ???
I came up with a system to reduce the potential for voter fraud but I accidentally posted it somewhere else ( http://www.techdirt.com/articles/20090612/0850165209.shtml ). It was late at night, I couldn’t really think straight I suppose. I will repost it here next (I will copy and paste it here). My mistake.
I am going to come up with a new (unpatentable) system that, if implemented, will go a long way in solving the potential voter fraud problems and strongly prevent voter fraud (though it’s not foolproof).
After someone votes on a computer he is given a unique voting number at the time he votes. Only the voter knows what the number is. He also types in some unique random comment in an input box in a computer. (The random comment is to prevent the system from giving two different people (who voted for the same person at about the same time) the same voter number. It helps ensure that each vote counts, makes it harder for the system to cheat the people). He is also given a page number, the page that his vote will appear on.
Online is posted a large text/html file and it categorizes votes by state. Say you click on a state, California. You are given a page with a thousand (or whatever) voter numbers and what each voter number voted for. At the bottom of the page are some standard navigation buttons (like the ones at the bottom of a google search) that lets you navigate pages (and perhaps an option that lets you type in the page you want to jump to). Every voter can jump to the page of his voter number and see that it shows, next to his voter number, who he voted for. So the list may look something like this.
voter number – date:time – vote – comment
001 – date:time – Ron Paul – Hello!
002 – date:time – Barack Obama – Hi!
etc…
(perhaps removing the date:time might be a good idea for privacy reasons, ie: someone might figure out when someone voted and based on that they could figure out who they voted for. Very unlikely though but it really depends on what we value more, transparency or privacy).
That way voters can ensure that their votes count but no one can know who I voted for because only I know my voter number.
Now, before I vote (and we already have a system in place to keep track of this where we have lists of registered voters and someone crosses off who voted) I go up to someone on a computer, show him my ID, and he types in my name on the computer. It shows that I’m registered to vote in that area and that I didn’t already vote. He gives me permission to go to another computer, in a booth, and vote. From his computer he authorizes the computer in the booth to allow a vote. I go in the booth and vote (it asks me, are you sure you want to vote for this person, I click yes. I can also type in a vote if the person I want to vote for is not on the list of course, this should ALWAYS be true for ANY state). A sheet prints out of a printer that tells who I voted for. At the outside of the booth, next to the top, a red light flashes indicating that I voted. I look at the sheet to make sure it’s correct and fold it up so no one else can see who I voted for. The vote registers in the computer system as well. A second sheet prints out with my voter number and my comment (though I can think of some reasons that this might be a bad idea). I keep that sheet. I go to another person on another computer (I like the idea of having different people working separately as much as possible to avoid one person coordinating everything because if one person coordinates everything this leaves a higher potential of voter fraud from that coordinator. Separating roles as much as possible is good at preventing corporate employees from cheating their employers and it’s good here too). There is a box. I drop in my vote (the first sheet that printed out, I keep the second), give him my name, show him my ID, and he registers on his computer that I voted. He also verifies that someone just voted on the booth number that I just voted on (and that this is the booth I was assigned to vote on by the first computer. He then clears the booth allowing the first computer to assign another voter to it. We can have multiple booths and multiple computers assigning voters to booths and verifying who voted after the vote). He also has a list of all registered voters (a stack of papers). He finds my name and crosses it out (we already do this. In the case of multiple computers, I have to figure out which computer contains my list. It’s alphabetical by last name, one computer from A – F, another from G – N or whatever). This way we also have a paper trail of who voted. He also has a printer and that printer prints my name. He drops that in another box. This way we can independently confirm that both boxes have the same amount of papers (ie: number of votes = number of people who voted). There are cameras everywhere and, depending on how much you value transparency over privacy, perhaps those cameras can be posted online so everyone can monitor everything to avoid voter fraud.
The other computer(s) keeps another list of everyone who voted but it doesn’t keep track of who voted for what. So each voting arena has two lists, one of everyone’s voter number and who that voter number voted for and another with the first and last names (and drivers license number perhaps) of everyone who voted. Both computers feed this data into a third computer that independently makes sure that the number of people who voted = number of votes. All the software involved is open source and code is available to the public.
Now there is the question, what about those who didn’t vote at all? How do we know that someone who works for a voting booth or whatever won’t vote on their behalf once the voting booth is closed? Say Joe Blow is registered to vote but he never votes. If I’m at the voting place and I conspire with others who work there, I might see that he didn’t vote and vote on his behalf.
The trick is when I register to vote I get an online account on some government website. The government associates this account with me and verifies who I am on a personal basis (ie: when I register to vote at some place, they look at my ID and then they hand me a keyboard to type in my password. I write down my password or, if I forget it, I can call a government official, give him enough info about me to validate who I am and he can reset my password. I can always change it online. Or maybe I have to go to some government building, like the DMV, to change it, who knows). I login to that account (type in my username and password) and a site shows up with my name and below it lists all the years that I was registered to vote and lists whether or not I voted and, if we value transparency over privacy, when I voted (having the time of vote can make it easier for government officials to track who voted for whom based on when people voted). For example it can say
2000 – voted – time of vote
2004 – did not vote
This information comes from the list of registered voters who voted. This ensures that no one voted on my behalf if I didn’t vote (of course my voter number is not associated with this account and each year that I vote I get a different voter number. No one but me can possibly associate my voter number with me since that’s not in the system anywhere, so I still have my privacy). I can then go to the other, independent public site (the one above), look for my voter number and ensure that that voter number voted for who I voted for (and verify the comment and time). Authorities can ensure the identity of everyone who voted (because they have their full names and all their information including where they are supposed to vote) to avoid dubious votes from dubious names. They can also ensure that the number of votes = number of people who voted both on paper and with the computers.
The beauty here is that all voters can ensure that the system registered whether or not they voted and, if they voted, who they voted for (and when they voted) without anyone else being able to associate them with who they voted for.
To make the system even more transparent, at the cost of privacy (if one values transparency over privacy), we can have another page that links to various states. You click on a state and it lists the full names of everyone who voted (but not when they voted since that can then be associated with the voter number since the voter numbers also list the time. Or maybe they should list both because that helps validate things more accurately, depending on what you value more, transparency or privacy). This way anyone can verify that, according to the system, they voted, they can verify that the system registers who they voted for, and they can validate that number of voters = number of votes. Also, if someone shows up on the list who is no longer alive, someone else may notice it. There can be search features built in to search for voter numbers or names as well.
This system isn’t foolproof. People/authorities still need to verify that dubious names don’t show up with dubious voter numbers. That problem exists now, so it’s not like my system creates this problem. But at least this system gives enough transparency to make the job easier (ie: by validating that independently produced numbers match and by allowing each voter to validate that the system properly registered whether or not they voted and who they voted for). Suspicious patters like
001 – 9:30 – Ron Paul – some comment
002 – 9:30 – Rron paul – some comment
….
1000 – 9:31 – Ron paul – some comment
would quickly raise public suspicions. So at least the public can scrutinize the data and look for suspicious patterns as well.
Re: Re:
No.
Except the Ron Paul part is OK.
Re: Re: Re:
Ron Paul is an awesome public servant!!!
“You click on a state and it lists the full names of everyone who voted”
and perhaps you can also list the year they were born on the public site (again, depending on what we, as a society, value more and to what degree. Privacy or transparency).
So it can look like this
2000 – voted – name of person – year of birth – time of vote
Say Joe Shmow is a common name and he appears on the Nevada list. Someone knew Joe Shmow and they know his age and when he died.
2000 – voted – Joe Shmow – 1890 – time of vote
Clearly Joe Shmow is probably not 100+ years old so that alone may raise a red flag with everyone (which is good). But this person may think, “oh, that could be another Joe” since this is a common name. However, when he sees the year of birth, he can more easily know that it’s the same Joe (how many Joe Shmows lived in Nevada that were born on this exact year? Or perhaps it can have the exact birthdate, making it easier to identify, depending on how much we value privacy vs transparency). and he’ll know that this person is no longer alive. It can spread through blogs and people can then investigate.
In addition to my above system perhaps drivers licenses can have a bar code that people running voter stations must swap through a bar code reader to allow someone to vote. This might help prevent someone working at a voting booth from voting on someone elses’ behalf? It might also help avoid fabricated votes by non existent people? It’s still not foolproof 🙁 . Any ideas?
To make it easier for others to solve this problem allow me to define the problem more narrowly.
We want to put enough necessary voting information (and only the necessary information) in the public to domain (ie: on the Internet) to allow the public to analyze the data and (if all of the available data is analyzed correctly) ensure, with close to 100 percent certainty, that voter fraud did not occur without compromising the privacy of voters.
The above system can allow the public to ensure that each vote counts without compromising the privacy of voters but it doesn’t ensure that ONLY registered voters vote only once and that votes by fictitious people aren’t fabricated in the system. It can help ensure that obvious problems don’t occur, Ie: if the number of votes is higher than the population then we know something is wrong. Ensuring that each vote counts would make it harder for someone to simply insert a bunch of fictitious votes because that would make the voter count go up (since you can’t delete votes from actual voters and replace them with new votes because each voter can independently confirm that their votes count) and if it goes suspiciously high then we can start questioning the integrity of the system.