Voting Machine Technical Specification Project
[NOTE: Please address non-technical issues on SecuringVotingMachines. Take arguments in favor of older counting methods to VotingMachineDiscussion or some other, more appropriate page. Some discussion moved there to reduce page clutter.]
The window for getting this spec submitted for the 2004 election has closed, but the quest for a secure voting machine spec continues. Now there are Congressional committees and independent research groups trying to address the very issued we have been thrashing out here. How about that?!
This is really, really needed in The Good Ol' US of A before we have our next major election. Otherwise, we may not need to hold any more elections, since the people who make -- and program -- the voting machines are all from one political party. Once a spec is in place maybe people from around the world will be interested. Maybe not.
So! Let's put our bright little minds together to come up with a fairly simple description for a layered voting machine design. It should have an open, formula architecture for the hardware, have software that is 100% Java (for transparency and testability), and have a bulletproof auditing and logging subsystem that is encrypted and protected by vicious dogs.
No discussion of electronic voting and voting machines is complete without reference to the work of Dr. Rebeca Mercuri: http://www.notablesoftware.com/evote.html. It would be wise for contributors to this page to do a little research first so as to make informed observations and contribute worthwhile suggestions to this discussion. Note also that most other online articles quote heavily from Dr. Mercuri's work, so this is the primary source for voting machine references. The other site of note is Black Box Voting [http://www.blackboxvoting.org], the source for ongoing news pertaining to electronic voting mechanisms. (Note: do not refer to www.blackboxvoting.com by mistake; you will be taken in a very different direction.)
We need to talk about a limited range of technical matters concerning voting machines and automated vote counting systems, since these boxes are here to stay and we have to make the best of them. There is a clutter of clatter to replace the former deafening silence in the Internet community about the technical solutions to the problems of voting machines. We need to bring some of these issues to a resolution.
Here is an article discussing security flaws in existing voting machine software that y'all might be interested in:
http://www.circleofsouls.net/modules.php?op=modload&name=News&file=article&sid=48
Yeah, this is a reference to Mercuri's work yet again. How many more article references are we going to get like this?
And you might be interested in this project:
http://www.fairvote.org/ChoicePlus/
Now, this is a Good Idea®. Choice Plus had talked about their stuff as being open source for the Aussie project, but it wasn't published on their site (I found it elsewhere). Maybe we'll get a chance to see something good through the Center for Voting and Democracy. However, keep in mind that this solution is still in C, so it doesn't really meet the Java transparency requirement.
General
Verification & Validation
Voter Operations
Logging and Audit Trail
Remote Operations
Under the heading Remote Operations the spec suggests that logs be pulled remotely, but tallies be excluded from this.
I suggest that it is a major mistake to allow any remote access other than the prescribed tally collection (a one-shot push).
Also, the logging and auditing description is terribly weak. The rest looks like a good start, and a good idea. But we haven't much time, if y'all are serious about this. Get after it with a vengeance, please.
-- JimSawyer?
Yeah, Jim, you're right -- there isn't much time. Officially the federal election organization (commission? committee?) window closes early in January 2004.
The idea of the remote pull for machine status logs was so that the machine could be tested while in operation without taking it out of service. A member of the Board of Election Commissioners, for example, could verify that the machine is operating without problems, but couldn't tell how many ballots had been cast or for whom.
This spec is very weak as yet. The logging and auditing are just one weak aspect. Feel free to contribute.
Some suggested specifications: