When I was picked to stand as a candidate in the local elections, one of the most sobering realisations was the law and procedures in place to ensure the integrity of the ballot. The rules and regulations, safeguards and cross checks are strict and rightly so. A question remains on how compatible this safety is with electronic voting. The camps are very divided on this, but what is agreed is the principles of openness, accountability and challenge of the process we use to elect our representatives.
A few months ago, news came out that serious security problems had been found in the machines used for electronic voting in India.
This research was lead by Hari K. Prasad who demonstrated the vulnerability of these machines showing how voting results and voting records could both be altered. They showed this using a machine that was supplied by an anonymous source, but identical to the ones used in recent national elections.
The harrowing part of this tale is not of the potential for wide scale fraud, but of what happened after this research was announced. Hari Prasad was arrested by the Indian police, and taken from his home to Mumbai, a 14 hour drive away. The police did not state a specific charge at the time of the arrest, and it appears to have a political motivation to uncover the anonymous source. The arresting officers told Hari that they were under “pressure [from] the top,” and that he would be left alone if he would reveal the source’s identity.
One of his fellow researchers was able to speak with him on his mobile phone during the trip to Mumbai (YouTube)
Twenty eight hours after arrest, he was charged under Section 454, 457 and 380 of the Indian Penal Code, lurking house-trespass or house-breaking in order to commit [an] offence punishable with imprisonment, lurking house trespass or house-breaking by night in order to commit an offence punishable with imprisonment and theft in [a] dwelling house.
It took a further 6 days for him to appear before a magistrate where he was released on bail. The magistrate said “no offence was disclosed with Hari Prasad’s arrest and even if it was assumed that EVM was stolen it appears that there was no dishonest intention on his part….he was trying to show how EVM machines can be tampered with.”
For the public to have confidence in electronic voting, it must be beyond question. It must be studied, and any and all flaws must be known. This stifling of legitimate research is something that we cannot tolerate if these technologies are ever to be accepted.
Neil McGovern is a Cambridge City Councillor
16 Comments
The problem with anything software based, as any programmer will tell you, is that it’s (virtually) impossible to eliminate every possible security issue it might have. While people counting ballots can be bribed, etc, to do so on any widescale basis would require extraordinary effort, while exploiting a security vulnerability in software could easily be applied to the entire system.
All the time we have no trouble finding volunteers for counting ballots on election night, it doesn’t even seem necessary to do so. Any re-counts would have to be by hand anyway, so those people would need to be available even if the first count was done electronically. I would imagine an automated count would be more regularly challenged for a recount, too.
Hi Nick,
That’s certainly one of the (many) problems with e-voting. When taken in combination with the secrecy and hidden nature of EVMs, it’s almost impossible to ensure the validity of the ballot.
Indeed, I remember when I was a councillor and this sort of thing was discussed in my council, the other councilors on the committee could not understand my opposition to it. They were all Labour, and it was a flagship “New Labour” council, so they were very much of the opinion that anything “modern” must be good. Therefore, my opposition to it must be old-fashioned, and so bad, I was dismissed as some fuddy-duddy old Luddite.
I am in fact a university lecturer in Computer Science, and I have never met a fellow lecturer in this subject who disagrees with me on this: that the paper-based system in which every ballot paper can be tracked from casting to counting by human beings with no particular technical skill is a very valuable safeguard against error or deliberate manipulation, and any replacement of that by automation is a danger because there are all sorts of ways that can go wrong and not be detected. Even if we had a full verification tool for the software, who verifies the verification tool?
The obvious compromise between the convenience, speed, and freedom from spoilage of electronic balloting, and the durability and trackability of paper ballots is just this: use electronic machines to print out a paper ballot which is then (after verification for accuracy) cast by the voter in the usual way. This way the incidence of damaged, spoiled, illegible (etc.) ballots is reduced; a number can be produced that can be instantly reported to the media; but the final numbers will always be based on a hand count of the printed paper ballots, not on a mechanical count. There would thus be no incentive for tampering with the electronics.
David: while not an awful idea, the problem is how do you stop that machine making it easy to print out 100s of ballots, making ballot stuffing easier? It would be hard to detect that because they would all look the same.
As a computer programmer by trade, I dislike the idea of electronic voting immensely. It is an absolutely moronically bad idea and somebody needs to slap politicians who never ask experts this question.
(Or, more worryingly, believe that the experts are people who work for voting machine companies rather than somebody like Bruce Schneier. Or hell, a stack of smart British computer scientists if they must be parochial.
The proposition of a voter-verifiable audit trail, explained by David (thanks to him), is not consistent :
1 – people don’t verifytheir ballot *
2 – even if they verifiy, they can not PROVE a discrepancy
3 – the system is verifable, not verified, and the possible verification could take place only after a few days…
4 – Even if the verification gives a result that is different from the one given by the voting machine, the results given by the other voting machines (that have not been verified) will be considered as true.
To be really modern, let’s involve the people to count the votes, and it will enhance their participation.
* see, for instance: Bryan A. Campbell and Michael D. Byrne, “Now Do Voters Notice Review Screen Anomalies? A Look at Voting System Usability”, EVT/WOTE’09, Electronic Voting Technology Workshop / Workshop on Trustworthy Elections, Montrel, Canada, August 10-11, 2009.
Best regards
I am a computer programmer too,and I agree that electronic voting is a bad idea – there is no verifiable paper trail in the last resort. E-voting would be particularly bad, with all the inherent weaknesses of postal voting – you don’t know if the person voting is actually the voter, or if there is some-one standing over their shoulder while they vote, and you don’t know if the vote actually makes it to the (e-) ballot box to be counted. There would also be the risk of less deliberative, ‘impulse’ voting, perhaps after a particularly emotive election broadcast. “If you want to save the cute little seals, text your vote for Party X now”.
I am in favour of electronic counting though. Its benefits have been shown in the counting of the STV elections for Scottish councils, and it can also provide ballot box breakdowns of votes cast, which would highlight any improbably high turnout or consistency of voting which might point to voting fraud that a manual count would miss.
The only electronic voting ideas I thing that are viable in our system would be where you have a ballot papers as now but use electronic counting to scan in and count the ballots, with humans counting those the computer struggles with. That kind of technology already exists and a form of it is already used for postal vote verification.
This could also be teamed with a version of electronic voting where you enter your choice on a touch screen then get a print out which you place by hand into a ballot box.
Any electronic voting that is wholly in the software (you vote and the info is stored and counted in the machine) is open to abuse as how do you verify what the computer said is the result of voter’s actual choices.
“how do you stop that machine making it easy to print out 100s of ballots?”
How do you stop people from stuffing ballot boxes in general? I’m not sure how it’s done in general, but there would seem to be obvious safeguards, e.g.:
*Each ballot has a unique identification number; each polling place is assigned a specific range of numbers.
*Numbers of voters are counted as they arrive at the polling place; number of participants is checked against the number of ballots cast.
Really, the only difference between this and hand ballot voting is that marks are placed on paper through the medium of a machine, making it harder to inadvertently spoil a ballot and allowing the machine to keep an (unofficial) tally.
Matif, what you describe doesn’t sound like what I was proposing.
The problem of voters failing to adequately proof their ballot papers is a real one, but an unavoidable one — the same problem exists with hand-marked ballot. At least the necessity of having to look at a printed ballot would provide a second step during which proofing could take place; and I think people find a printed page easier to scrutinize than a computer screen anyway.
Electronic or mechanical voting is such a stunningly bad idea. Ordinary ballot papers are simple, largely idiot proof, as secure against fraud as its possible to be and totally effective. It’s just re-inventing the wheel for no better purpose than just ‘new’ must be better.
If anyone had any doubts about any of this they need only look at the shambles of voting in America, where these days almost every election they have is accompanied by a raft-full of legal challenges due to failures or sheer error of electronic and mechanical voting equipment.
Sure, use electronic counting as a supplement to real world counting. But for goodness sake do not change a system that entirely works for one that is worse just to be ‘modern’.
Hi David
yes people (all different) can make error when hand marking their ballot, but one voting machine (duplicated many times) can make errors or cheats many ballots (let’s say 10% in favor of a candidate), that’s the difference.
People don’t adequately check a printed page : see Herrnson, P. S., Niemi, R. G., Hanmer, M. J., Bederson, B. B., Conrad, F. G., & Traugott, M. The Importance of Usability Testing of Voting Systems. Electronic Voting Technology Workshop, Vancouver B.C. Canada. August 1, 2006.
http://www.usenix.org/events/evt06/tech/full_papers/herrnson/herrnson.pdf
Imagine the situation : You vote, you check the paper (because you’re serieous) and it’swrong, so you cancel it and vote again, then it’s right. After, you say to the officials of the election: “something is wrong with this machine, I thing it’s cheating”. You have no proof. You’re alone and face people that think a computer can not make errors. Do you think you’ll be believed? Or do you thing you will hear “Sir, it was ok for (almost) everybody before you…” I can imagine organizers telling that some people are not capable to memorize what that ave chosen to check their vote…
cheers
I can imagine organizers telling that some people are not capable to memorize what they have chosen to check their vote…
The current method of going to a polling station, placing your x in a box on a pice of paper and then putting the paper into a sealed container may be old fashioned but it still has a lot to recommend it. The fact that the votor has to appear in person and place his cross in private protects against coercion by threat or bribe and voting with a piece of paper gives physical evidence that is available for later verification. Alternative methods may gain in efficiency and convenience, but they all lose in security
It’s not just in India that there have been problems; some of the systems used in the US are highly suspect.
To comment on a few of the threads here:
1) E-counting
The Open Rights Group (disclosure, I’m a Director of ORG) did a large observation of the e-voting trials, and particularly found with e-counting:
Scanner malfunctions and software errors slowed counts and the adjudication process. Scanner sensitivity to poor quality printing, incorrectly cut paper sizes, fold marks and tears from low quality perforations all contributed to high rates of ballots sent for adjudication. The result of these problems was that pilots in Breckland and Stratford abandoned e-counting in favour of a manual count. In Breckland, manual recounts—insisted upon by an election agent—revealed major discrepancies between the numbers counted manually and electronically. Breckland’s Dereham-Humbletoft ward, the one ward in England that was counted both electronically and manually, was found to have 56.1% more District Council votes than when e-counted. http://www.openrightsgroup.org/ourwork/successes/evoting
2) US evoting
Yes, it’s not just India. I believe Diebold have a similar record in not just security issues, but an aggressive stance to those who point this out.