Comments on: Shamos: Why e-voting paper trails are a bad idea

Michael Shamos, a computer scientist at Carnegie Mellon, says concerns over voter-verifiable paper trails are overblown and electronic systems are safer than paper ones.

[basraw]

How can voting machines tabulate NEGATIVE votes?

Ok MR COMP SCIENTIST

ANSWER THAT QUESTION "How can voting machines tabulate NEGATIVE votes?"

Watch that movie by that grandmother who went looking for answers.

As a computer scientist myself, I would know how to rig the computer to display different results.

ITS NOT SECURE!

[allen b--2008]

Yes, but you would have to be......

You would have to be left alone with the machine. You would also have to have a key to access the machine. You would have to carry specific security tape with you so that after you connected to the machine and changed the machine code, or chip etc you could mark it properly. I don't know the specific security measures on a voting machine, but as a former casino employee, It would be hard for me to believe that their security is lower than that of a slot machine. And these are the steps you need for rigging a slot machine.

But if you were left alone with a Ballot Box, all you would have to do is fill out some extra ballots and stuff them in. Which do you think is an easier way to rig an election?

[rapier1]

You aren't a computer scientist

Or you'd know the answer to that without even thinking - its a sign
error. Someone used a signed int when they meant to use an
unsigned one.

[mike_tyler]

"Hacking Democracy" - Voting Machine Documentary

The documentary movie referenced is "Hacking Democracy," which features Bev Harris of www.blackboxvoting.org, where she uncovered things such as unsecure voting machines, negative vote counts, etc.

Remember what Joseph Stalin said..."It doesn't matter who votes that counts. It's who counts the votes."

While you may want to trust the vote counters, you should watch them closely, and you should always have an audit trail!

[umbrae]

He makes some valid arguments...

However, as a voter I want a receipt to confirm my vote. There could be some sort of dual receipt system: one for the user and one machine readable. The voter can confirm their vote and drop off the machine readable for later use.

Things that happen in the machine are a mystery to voters and so many things can go wrong that are never made public. Until an e-vote system has been used for a long period and validated, I think the machine readables should ALWAYS been counted after the election and made public to confirm.

Sure there are problems with paper, but most of these things are later discovered. If a machine is altered or compromised we would never know for sure.

[skellener]

Amen

> Things that happen in the machine are a
> mystery to voters and so many things can
> go wrong that are never made public.

I say, count actual ballots by hand. I can wait a few days for the
results.

[BookShook]

The Readers Aren't Secure Either

"If a machine is altered or compromised we would never know for sure."

Why machine readable when you can't trust the computer in the ballot scanner/counter any more than the one in the machine that created the ballot? We need a paper trail that doesn't require insecure machines at any point in the vote.

[jas9990]

SO WE DON'T NEED RECEIPTS FOR ANYTHING???

AND HERE I AM SAVING RECEIPTS FOR EVERY TRANSACTION IN MY LIFE.

I GUESS WE CAN NOW TRUST OTHER PEOPLE TO NOT BE DISHONEST CRIMINALS!

BECAUSE THIS IDIOT SAID SO.

I DON'T KNOW ABOUT YOU PEOPLE, BUT I'M GOING TO RIP UP EVERY RECEIPT AND FINANCIAL RECORD I HAVE. BECAUSE NOBODY WILL EVER, EVER, THINK TO USE MY LACK OF PROOF AGAINST ME.

[Pixelslave]

Please don't use allcaps.

Please and please don't use allcaps.

[godofbiscuits--2008]

Disappointed

I'm a graduate of CMU and I'm kind of disappointed to see faculty
from here with responses like these.

If "paperless" is wrong, word and deed, then what *is* right? What's
his proposed solution?

[pegdashfab]

don't be

shamos has been a jerk for a long time. you should have seen him back in the pgp wars. he is basically a preening, egotistical, attention-seeking contrarian. you can count on him to be wrong on any matter of public policy.

(that said, he is a brilliant scientist when he sticks to his field.)

[Bernardo Ortiz]

He misses the point of independent verification

Let's look at what the US demands of other countries. We want to go in there and independently verify the vote. For any process, you need to be able to send in an independent auditor to be above suspicion. To do this, you must maintain a full paper trail, with who voted for whom such that the auditor can contact individuals at random to verify that the voter in fact exists and that this in fact represents their vote. You only avoid this when you have something to hide, such as cheating in the elections. Remember, Ohio had more votes than residents or registered voters in the last presidential elections, something like 110% turnout.

[Leria]

You got the reasons that the Republicans are against verification right

The United States should be leading the world on this issue with easily verifiable paper records that are given to the voters, and then voters are called at random to make sure the people who the cards say they voted for ARE the ones they voted for.

You are also right that Ohio had more votes than they had people registered to vote in the last election, but afterwards they found out a lot of that was because people were showing up to vote and register at the same time they were voting.

[adammasri]

bridge analogy sums it up

"When a bridge collapses, do we outlaw bridges or do we inspect
bridges of similar design?"

An interesting analogy. When a bridge collapses, everyone saw
it, everyone can comment on it, everyone can discuss what
happened & make sure it doesn't happen again because it is in
the public view. The bridge designer & builder don't claim that
trade secret laws are violated by independent review.

http://www.nj.com/news/index.ssf/2008/03/voting_machine_
maker_threatens.html

Voting machines in their current form are built by secretive
companies with possible political agendas of their own, with no
independent review of machine or code. The people have no way
to verify that the machine accurately counted their vote, and an
election wasn't stolen at any point in the process. I agree that
one day a verifiable paper trail may be unnecessary, but we're
not there yet.

If you haven't seen the movie, "Hacking Democracy," you need
to. The current election system is broken.

http://www.hackingdemocracy.com/

[MyRightEye]

wow... the nice govt men are trying real hard ha!

His main point are debunked through personal experience. The way
paper ballots are counted creates a very near 100% accuracy for
vote counts. The electronic machine have shown IN THE FIELD to be
highly inaccurate.

This is just propaganda. One of the longest and most detailed
reads I have ever seen on CNet. I WONDER WHY!!! NOT!

[ktmotox]

Say what?

Washington 2004 - First count for governor: Republican wins - Second count: count changes, Republican wins - Third count: count changes, Democrat wins, stop counting.

"very near 100% accuracy" ????

[emellaich]

Paper versus Paperless

I am not saying that we can't improve things, but I believe the 'paper trail' people are making a typical argument that I see from users all the time.

They are actually holding up the 'new' system to a standard higher than the old system.

Let's look at old fashioned paper ballets. As an example, we can use the pin punch paper ballets of hanging chad fame.

I vote on such a ballet. Then I pull the ballet out and look at it. I can't verify that my vote is correct. I have a piece of stiff paper with a bunch of holes in it. There is no way to know easily what each of those holes mean.

Now, I walk the ballot over to a box where I insert it. I have no way of knowing if my vote actually was counted. Its not just the infamous hanging chad. I've read stories about boxes of ballots that are found weeks after the election.

Furthermore, ballots are designed to be anonymous. That means that I can never find my ballot again after it is put into the system. If a random poll worker decides to substitute a bunch of ballots with votes for the green party I'll never know it. There is no 'audit trail'.

Let's say that a voting booth gets something stuck in the ballot slot so that the ballots don't align correctly, or the pages with the actual candidate names or issues are incorrectly printed or aligned on some number of machines. Once the machines are torn down all we have is a bunch of paper cards with holes. There is no way to know what the voter actually intended to mark on the ballet.

I am not saying we should accept shoddy programming filled with open back-doors. However, you should not believe that delaying the roll out of electronic alternatives means that the practice we use instead (paper) is any more secure or reliable.

Furthermore, I believe we have a lot of issues to cover before we are ready to go full bore into full electronic traceability. Today, the privacy of our vote is a fundamental factor in the voting process. Let's consider the abuses that can occur if we supply 'proof' of voting.

This proof could actually be used as coercion to force voters. Let me give several examples:
- A patriarchal culture, one where the father is the head of the household. Dad insists that everyone votes for XYZ candidate and votes against referendum ABC. Mom and the young adults must show their voting receipt.

- A religious cult. The head of the cult insists that everyone vote only his way.

- Union members pressured to vote the party line.

The point is that when votes become personally traceable and visible they also become subject to external pressures and manipulation. There is a reason that voting booths are designed with privacy.

Whether it is a paper receipt or the ability to verify your vote on the internet -- these paper trail suggestions threaten to fundamentally change the voting process.

Likewise, absentee ballots, cell phone voting, and internet voting may mean that our voters are casting their ballot with some authority figure watching over their shoulder.

I propose that the proper question is not whether electronic systems are vulnerable. Its which system that is available to us today is safest, most reliable, most efficient. And for tomorrow, we should consider which system can be improved to meet similar concerns. However, in our debate over the future we need to address the social issues and pressures of voting. First figure out if we really want to change the fundamental principle of a private ballot before we redesign the machines.

[The_Decider]

The current machines

Have no way to verify that the results are even close to accurate.

With a paper system, you can review them and get at least a close count.

With the closed electronic voting machines, the results can be anything with no way to verify.

Paper ballots are not perfect but they are hands down better then closed e-voting machines whose company CEO's give candidates assurances that they will be elected.

[ktmotox]

Excellent Comment

Very good comment emellaich. The question is which system gives us the most accurate elections, not which system is perfect. The existing paper systems have far more security problems than a fully tested electronic system. Besides, after you scan the optical cards or punch cards, the system is electronic from that point on. Who makes those counting machines? They could be just as easily rigged as any electronic machine.

Perhaps a voting machine that uses open source code would be more secure. There's nothing like a million eyes on the code to find the flaws.

We should also try to simplify our voting processes. After all, it's a very simple task we're trying to perform. Vote from a multiple choice list: add up the votes. If it's more complicated than that, we're doing something wrong. It's not like trying to do your tax returns (which by the way I do using software every year with great success).

The real problem with elections is guaranteeing that only those eligible to vote are voting and voting only once. We've got to find some way to stop those dead people from voting :-).

[pegdashfab]

you are right, but ...

the proposal being made by the voter-verified paper ballot crowd is not a punch card, it is a sheet of paper that on which the voter selection is printed. that is what is meant by voter verification. with the right choice of font and size,it can be read easily by the voter and accurately by the scanner.

[Harlan879]

why not fix the printers?

There's nothing wrong with end-to-end computerized systems, if they're done correctly, but this professor seems not to realize that *they don't currently exist*!! The current best technology involves recountable paper ballots, either printed by a computer or marked by hand. (The best solution is a computer interface to a readable paper ballot, which is the only thing that gets counted. Then handicapped people can vote privately, using the computer, but there's only one set of ballots to worry about.) Let's worry about the election of 2032 later, but make sure that the elections of 2008, 2010, and 2012 are fair.

[ckm5]

Simple solution: optical scanning

That's what I have used in every single election I've voted in. The ballots are easy to use (just draw a line), the votes are counted electronically, and you can always go back and look at the voter marked originals. Heck, you can even count them by hand if you want.

Seriously, why does this guy have to make things so complicated. I've been doing computer engineering for almost 20 years, and this is just typical. All of those touch screen systems are a result of an over-engineered solution to a simple problem. And those optical scanning systems? The first time I ever voted (in 1990), they were already in use....

[Leria]

Optical systems don't work for some people

Namely the blind and vision-impaired. That is the main reason why we have gone to touch-screen things now.

[ktmotox]

The Problem With Paper Is

The problem with paper of any form is that paper ballots can be lost, re-interpreted, or manufactured. This has happened. It happened in 2004 and changed the outcome of the Governor's race in the state of Washington. Look at the 2000 presidential election in the state of Florida with the hanging chad debacle. Optical ballots have similar problems.

I trust a secure computer system that can produce an instantaneous count far more than I trust a bunch of political government workers and observers to tabulate an election.

This still leaves us with the problem of verifying that only those who are eligible to vote are voting and voting only once.

[svk1069]

Did Rove Buy This Guy Off?

This guy is so full of *@#% that I don't even know where to begin.

How much did Karl Rove pay this guy, I wonder.

[suyts]

What does Rove have to do with this?

If anything, it would benefit Dems not to have a paper trail.

[swiggins]

for a scientist you make no sense.

Yeah, making sure that our precious vote is counted by being
able to have a HARD copy of my vote is a bad idea? Right. This
guy even looks like a Republican and smells like a Republican.
Why is it only the Republicans that are fighting the paper trail
voting, or paper ballet voting? I'll tell you why, . . because then
they can't hack an election and flip the numbers in 3 minutes
like they ca on the Dibold machines. Shame on this guy for
taking the American public for suckers, and SHAME on Cnet for
giving this guy face time.

[c|net Reader]

Astounding

I'm astounded at the number of partisan comments in discussions like this. Only the Republicans manipulate elections. Democrats have never done anything like that. Right.

Stick to facts and on-topic ideas, please.

[GIRv2.0]

More blown smoke from the Neo-cons

In what way is this clown NOT a paid shill for the GOP. Of course the Republicans don't want a paper trail. How can they steal more elections if there is true accountability?

Dammit people, how long until the rank and file realize that the Neo-con goal is to create The Fascist States of America (or the United States of Haliburton). Bush... Cheney... Rove... now Shamos. Lie upon lie upon lie upon lie.

Republican shenanigans usurped the true winner of the 2000 election and gave us 8 years of the worst stewardship this country has ever known. Any semi-intelligent mammal knows the the GOP rigged that election. Dibold is under the neo-cons control. but we are supposed to trust that they will "do the right thing"? Bah.

Shamos, where'd you get a degree from? Bob Jones University? Bah, I say!

And boo to C-net for giving this crudball any patina of legitimacy.

[declan00]

neo-con?

I think it makes more sense to engage Prof. Shamos on the merits of his arguments, rather than a conspiracy theory involving Cheney and Rove. If he's wrong, make the argument, but an _ad homenium_ attack associating him with Halliburton is ridiculous.

[c|net Reader]

Thank You

Thank you for sharing your well-documented, non-biased information.

[ktmotox]

Election Fraud

The current paper systems are subject to election fraud, especially in close elections. This needs to be fixed. Electronic voting is the right direction.

There are those who want to preserve the status quo. This is because they want to rig the elections as they have in the past.

In the 2004 election in the state of Washington there was massive election fraud, paricularly in King county. Measures were proposed in the state legislature to correct the problems, but the Democrats gutted the measures to preserve the status quo and kill any real reform.

My theory - Democrats want to preserve the current paper elections so that they can keep maniuplating them and getting themselves elected by fraud. They're so afraid someone may take away the right of illegal aliens to vote - one of their main constituencies.

[GIRv2.0]

Almost right

You are only correct if you substitute the word Republican for the word Democrat.

You want proof? Just look at our country today. The biggest voter fraud of all time occured in Florida in 2000.

The GOP! Gutting the Constitution daily!

[pegdashfab]

yeah, right

illegal aliens, who fear public schools, food stamp programs, and other risks of being identified are swarming the voting places and stealing elections. uh huh.

better straighten your aluminum foil hat -- illegal aliens are beaming stupid-waves at you.

[skellener]

Hacking Democracy

This is idiotic. Just watch this documentary. You'll see why we
need a paper trail.

Hacking Democracy
http://www.imdb.com/title/tt0808532

[johnsebes]

the computer security issue

Dr. Shamos mentions security a few times in the interview. I'd recast the "s-word" this way.

1. Security is not a fundamental problem with existing systems; reliability is a problem, rooted in poor engineering that Dr. Shamos refers to.

2. Security concerns are a fundamental problem. Once people see (or hear about in the press) that voting systems are flaky black boxes, people's personal experiences with PCs naturally lead to a concern that they could be hacked.

The real issue here is how to feasibly approach the ideal of a trustworthy election system, whether it is a pure paper system (known to be hard), a pure electronic system (plenty of controversy), or some mix.

More thoughts on the matter in a longer article in my blog:
http://osdv.org/blog/jsebes/security_problem

-- John Sebes, Open Source Digital Voting Project

[lynchdavid]

we need PAPER TRAILS. simple.

This hacks actually wants you to use the word paperless, which is not threatening to him, because it is much more convincing, to simply say, WE NEED PAPER TRAILS. Who does he think he is, seeking an elusive 'perfect' solution, Condi Rice, I couldn't stomach the whole interview.

[albertsoler]

Paper trails are not the answer to a bad idea

Computerized voting machines will *always* be vulnerable to compromise. It may be very difficult to hack these machines -- but, to claim that it is impossible would be naive. I wonder if any e-Voting machine company actually makes such a claim? If so, they are either lying, complacent, or somehow, started to believe their own marketing hype. Can you not imagine a foreign government making huge investments in secret R&D in order to infiltrate these machines and directly alter elections to their favor? Can you not imagine a foreign government planting an operative, (or several), into -- say -- the firmware division? I can. What scares me are those things they could be capable of doing that I, or others who have the responsibility for knowing these things, haven't yet imagined.

Regardless of whether these machine are super-secure, (which I refuse to believe), one cannot ignore the impact of a dubious public, who has vast experience in having their own computers and devices hacked or compromised in some way. Even government website servers have been hacked. Of course, the claim is that sensitive information was never at risk. But, we (the public) wouldn't hear of any high security compromises or infiltrations -- would we?

These e-Voting machines were a bad, impulsive response to a bad experience in 2000. My sense is that these machines put our democracy at too high a risk. A different, non-computerized approach must be taken.

[chash360]

Take the voting machine security out of the equation.

If the voting machine's are simply used to record your vote and you verify, after the fact using a reciept system, over the internet or phone, that your vote was recorded and counted correctly, you have removed the voting machine as the tamper point.

Then it does not matter how secure it is or if it can be hacked. Oversight needs to occur at the collection servers, that votes are being verified by the actual voters at unpredictable locations, at unpredictable times, and not by a script, or worm. Large numbers of invalidated votes or un-validated votes should be cause for alarm of tampering.

As long as only validated votes are counted, then vote tampering should be so difficult it would not be feasible to actually affect the outcome.

[volterwd]

Shill

paper votes are the only way to go. It is much harder to tamper in a systematic way.

People talk about hacking which is a real threat... but how about intentional reprogramming by the gov?

[jeffreylebowskijr]

Even paper trails are not enough

How hard would it be to program a machine to cast a vote the way it's programmed to record it and deliver a receipt saying you voted differently (as you thought you did) but bar coded to be read as a vote for the pre-programmed winner?

Now look, I'm not trying to be paranoid, but with what's at stake and with how easy it would be to game such a system (even within margins of error based on latest poll results), why on earth would we trust our democracy to electronic voting?

Criminy! Let me drop a red or blue marble in a box and count that way and I'll feel a ton safer.