Difference between revisions of "Talk:Lecture 3"
(→Was 'The Nation' article partisan) |
(→Was 'The Nation' article partisan) |
||
| Line 24: | Line 24: | ||
Hypothetical: Suppose come November 2, the Presidential election is very close, especially state X. Kerry is declare winner, but then it noticed that audit logs show that a relative large number Y of votes have been lost in state X (ie. Z+Y voted, but only Z ballots were counted) and Y is some multiple of the difference between Kerry and Bush. What would be the reaction from the Republicans? What if these lost ballots were from counties that are mostly Republican? | Hypothetical: Suppose come November 2, the Presidential election is very close, especially state X. Kerry is declare winner, but then it noticed that audit logs show that a relative large number Y of votes have been lost in state X (ie. Z+Y voted, but only Z ballots were counted) and Y is some multiple of the difference between Kerry and Bush. What would be the reaction from the Republicans? What if these lost ballots were from counties that are mostly Republican? | ||
| − | [Ed Lazowska] "Ahem..I didn't notice a thing" either. However, in retrospect, you're *absolutely* correct. Next time (should there be a next time ...), this article won't be part of it. | + | [Ed Lazowska] |
| + | |||
| + | "Ahem..I didn't notice a thing" either. However, in retrospect, you're *absolutely* correct. Next time (should there be a next time ...), this article won't be part of it. | ||
== Pre-class poll: would you trust a paperless e-voting system? == | == Pre-class poll: would you trust a paperless e-voting system? == | ||
Revision as of 13:30, 15 October 2004
Contents
Was 'The Nation' article partisan
It just so happened that I read the article from the Nation against e-voting (or at least e-voting in its present form) before I read the more reasoned papers against it.
Wow! Had the Nation bothered putting the facts about what was wrong with the system up front and cut out all the partisan Democrat stuff, they would've convinced me there was a problem. It's too bad they have an ax to grind with the Republicans - going off on on rants about evil corporations, Florida 2000, some wild speculation (with no proof of course) about how Max Cleland got cheated out of the US Senate election, etc... They've got their leftwing base even more riled up than it already is without adding that much insight.
Maybe Republicans are uniformly boneheads on this issue. Maybe they're not. Still, it would've been better had the Nation first convinced me that evoting systems as they are today are boneheaded. They made what I consider a feeble effort at this (at least compared to the balanced critiques) in the middle of their article (after bashing Bush&Co) and failed.
I'm not liberal bashing here either. Had a right-wing demagogue like Ann Coulter written against evoting, it would go something like: crooked 19th Dem party boss cheated in elections and Bill Clinton is a scumbag. Therefore, ALL Dems are scumbags and evoting is the latest liberal ploy to cheat elections. (OK, in the spirit of Ann I'm stretching a bit, but you get my drift.)
I'm pretty conservative, though I'm no Republican partisan. I'm wondering if other students were turned off - at least at an intellectual level - at how the Nation organized and presented their argument. In particular I wonder how it breaks down across idealogical affiliations. So maybe I'm just more partisan than I think :(. Or maybe you scum bag party boss liberals are the ones who are partisan :).
[John Spaith]
I completely agree. I think bringing partisanship into the discussion is dangerous on both sides. It appeals to peoples emotions and doesn't provide a logical argument. Just FUD.
[Jack Richins]
I perceive that e-voting, and e-voting activism, has already been branded as a liberal agenda -- liberals as skeptical of non-recountable votes and private control of an inherently public process, and conservatives as winking and trusting of closed, corporate e-voting systems. That aligns with other political stereotypes about conservatives and liberals, conservatives love big business (4 private e-voting corporations, for example) and liberals hating them and trying to block their access into the "free market" of electronic voting technology. That's a sad designation, I think, because voter-verified ballots them become part of the "wacky liberal" agenda. Branding an issue that way indicates it won't be taken seriously by a wide variety of Congressional voices. [Gail Frederick]
Avichal 22:54, 13 Oct 2004 (PDT) Ahem..I didn't notice a thing. But I think that's since I am mostly "party-blind", having been brought up in another country (India). But in my opinion even an accusation of impropriety (which cannot be cleared) is significant.
Santtu Voutlainen What are the stats on races where "issues" with these machines have occurred -- who has historically "benefitted" from these cases, mostly Republicans, Democrats, or 50-50?
Hypothetical: Suppose come November 2, the Presidential election is very close, especially state X. Kerry is declare winner, but then it noticed that audit logs show that a relative large number Y of votes have been lost in state X (ie. Z+Y voted, but only Z ballots were counted) and Y is some multiple of the difference between Kerry and Bush. What would be the reaction from the Republicans? What if these lost ballots were from counties that are mostly Republican?
[Ed Lazowska]
"Ahem..I didn't notice a thing" either. However, in retrospect, you're *absolutely* correct. Next time (should there be a next time ...), this article won't be part of it.
Pre-class poll: would you trust a paperless e-voting system?
TedZ: I'm curious about this. So before the class on Thursday, please chime in on "would you trust a paperless, non-verifiable, non-recountable e-voting system" as described in the reading material. I think everyone in the class has a pretty good computer science background, so this should be interesting. For the record: I wouldn't trust one as far as I could throw it (the machine itself). I guess that's what you get for being a Republican computer programmer. As a follow on question: given your knowledge and a bit of time, do you think that you could program a voting machine to undetectably alter vote counts?
John Naegle: I think I could trust an e-voting system - but not in their current forms. The foundations of our society and government rely on the voting process and the current systems have not proven themselves to be as good or better than the paper-based systems currently in use. Rushing to e-voting systems to combat corruption, human falicy, or social inequality isn't the answer. The move to e-voting needs to be calculated and done with a great deal of oversight.
Kiran: Well, in the US, with just two main parties ( the Greens and Libertarians don't really count,do they? ;-)) I would be very wary of using an e-voting system. The potential for fraud and skewed elections is enormous. That said, Florida 2000 didn't exactly put paper-voting in a kind light,either. Back home in India, for the national elections held this May, electronic voting machines were used almost throughout the country...while the results of the election WERE surprising, that was because of the way people voted and not any manipulation by the victors. I mean, in an election where there are 20+ parties with pre-poll alliances dictating where each party contests ( and post-poll alliances being significantly different from the pre-poll ones ;-) : for example, the Communists were staunch opponents of free economy before the elections but now, as they are supporting the party in power, they have turned pro-reform) , e-voting leading to possible fraud doesn't really make much of a dent in a single party/alliance's chances. In such cases, therefore, (especially as a repoll is ordered wherever there is sufficient doubt) , I would have no qualms about using an electronic voting system.
David Dorwin: I would not trust such a system because there are too many things that could go wrong, either intentional or accidentally. Some people will do anything to help their candidate, so I wouldn’t put it past some of them to change votes – either as part of a large conspiracy or just a single developer. It’s also possible that a mischievous developer could alter votes to stir up trouble or just see if he or she could get away with it. From the unintentional aspect, it’s unlikely that any significant piece of software with a limited budget is bug-free. The types of problems that could occur are endless.
I think the issues described during the last lecture about how congressman and staffers dole out money also applies here. Politicians heard loud and clear that the public wanted change, so they gave it to them. E-voting sounds good, so they decided to go with it. The politicians either didn’t have time or don’t care enough to look at the problems. Given the fact that there viable options for improving the verifiability of these machines, it’s appalling that they aren’t being instituted.
Regarding the follow on question, I think I could program a voting system that could undetectably alter vote counts, especially if I knew how the verification tests were to be executed. Whether I could alter them in my candidates’ favor is a different question and would depend on what information about the candidates is available to the software and how it is abstracted or encrypted. One way to go undetected would be to create an easter egg that could go undetected during verification and be enabled at the polling place.
All the same fraud and mistakes could be made in any computer-scanned ballot as well, but at least there would be a paper ballot to recount if there was any question.
Jack Richins:
Short answer, yes I would trust these electronic voting systems, but with strong reservations.
Before reading the papers, I would have agreed that we shouldn't trust electronic voting. But one of the papers mentioned how it boils down to trusting the machines to handle the casting, counting, and tallying of the votes without means of auditing. And it made me realize how much we already trust computers - our banks are sending money around electronically with only electronic means of auditing. We make deposits in ATMs with only a paper receipt, but basically we are trusting the bank and the receipt is only as good as the trust we place in the bank and its machine. Or transfering money between accounts using the phone or an internet web page with just a simple password and https. Should it suprise us that most citizens don't blink an eye when our elections are run electronically?
That said, there are definitely some differences between electronic banking and elections. For one, the matter of secrecy. There is no problem with us getting a receipt of our deposit and using that to verify things occurred correctly. This isn't possible in voting if we want to maintain a secret ballot.
But I would say we are closer to having trustworthy electronic voting (at least to the degree of the paper systems we're replacing) than I thought we were. And after understanding more of the issues, it surprises me less that election officials are so willing to trust these machines - they may not understand them, but they don't understand how banks do it and they trust bank systems. The real suprise to me was how bad all of the systems analyzed were and yet the elections basically works. My take away is we need more academic papers to point to so we can educate election officials on the issues and they have a chance of making a more educated decision. And perhaps work on resolving problems with electronic systems rather than trying to convince election officials to go back to paper or optical scanners. Perhaps convince some PhD student to develop a open and secure voting system as a research project:)?
EimanZ: There definetly needs to be a paper-trail of some sort for e-voting. And all the country's voting machines should be electronic, IMO. We should centralize the voting system, and not be afraid of the hurdles and obstacles that we have to jump through to make sure the system is secure and reliable. I imagine the voting machine of the future: you enter your information, the system makes sure you haven't already voted. Any discrepincies on duplicate votes can be solved immediatly by filing a 'duplicate voter' complaint which is looked at very seriously and very immediatly.
Then you vote, and when you're done voting, you get a receipt printed out that you take with you, that has your voting selections on it, as well as a secret key. When you're at home, you can go on the web and securely enter that secret key, and verify that the voting system has the votes you entered. This way, you'll feel comfortable that your vote was entered into the system correctly. If someone claims voter fraud, and if its substatial enough to need to do a recount, the voting office will ask everyone to re-enter their vote through a backup system that does not involve anyone in the previous system.
Avichal 20:05, 13 Oct 2004 (PDT) Well, I would comment on something Eimanz stated regarding users getting a recipet using which they can later verify that the vote has been recorded correctly. Well this seems a slightly different version of the VVPAT (Voter Verified Paper Audit Trail), where they see a printed rceipt of how their vote would be recorded under a glass window (so they cannot take it out), and once they confirm their vote is correct, this slip is deposited in a ballot (ofcourse your electronic vote is confirmed too), and this creates a paper trail.
This difference (voter cannot take the recipt home) is important to protect against the case of people buying votes. If a voter is given any means by which they can confirm that they voted for a particular candidate then potentially votes can (and I would say will) be bought.
Anyway, coming to the question, the way E-voting is being implemented (after reading the papers) I would not trust such a system. Several people have pointed correctly, and I would reiterate...after the fiasco in the last presidential poll it seems every polititian has jumped onto this bandwagon, without giving it time to mature. I think politicians rarely do understand the technicalities involved and I do not expect them to. However I think these technologies/standards around e-voting would take time to mature. Meanwhile, the VVPAT seems like a quick and 100% reliable solution to implement e-voting in it's existing form. I personally think people who are opposing it are "stupid". I fail to understand what good would it be for a machine to do it's own recount using the same processes it used to tally the original vote. And then ofcourse there are people who want to outlaw any recounting when machines are involved. I am incensed at the ignorance and thoughtlessness of the people involved.
Also, I think the integrity of our democracy hinges on the voting system, and it should be infallible.
--Jack Richins 21:41, 13 Oct 2004 (PDT) Another thought - some election officials may consider the inability to audit or recount when using electronic machines advantageous. It would save them all the time, money, and court trials involved in doing recounts or contested elections. Participants would be forced to either accept the results or have revote. As long as the machines maintain the image of being trustworthy enough to avoid recounts they would avoid the trouble of storing and protecting paper audit trail, dealing with audits, recounts, etc. I don't buy this argument, but it is a perspective that allows me understand what in the world some of these officials are thinking when purchasing these new machines with known flaws.
--Gail Frederick There's no way I would trust a paperless e-voting system! For every electronically-managed account that I have, I am constantly checking its accuracy against a paper record. I know from experience just how flawed software can be! When I've been the victim of occasional credit-card fraud, for example, it passed by even the vendor's fraud-detection scheme, if I hadn't noticed the error, it would have been attributed to me. Why should I TRUST a voting system more than other flawed electronic vendors?
--Santtu Voutilainen
Yes, I would trust a paperless e-voting system with the same reservations as I trust a paper based voting system. I loose control of my vote as soon as I place it in a ballot box -- I have to trust everyone who handles the ballot box from that point on. Note that I probably would not trust a system where every aspect is handled by a single machine, I expect that any paperless e-voting system that I'd trust would need to have at least two independent parts (similar to the system described in one of the papers). I'd be fine with these systems to be connected electronically (by serial/usb/network cable) directly to each other (but no other system) as long as the vote storing machine is heavily audited.
Regarding the issue of receipts: There are conditions under which I'd be fine with a receipt as long as your vote remains secret. An example of such a receipt (albeit not very scalable) would be one that can only be verified at a vote checking station -- i.e. you get a receipt when you voted; to check your vote you go to the same voting station (or some other location), prove your identity, verify your vote by comparing the audit logs to your receipt but don't get to keep anything that would show your actual vote. There are some holes in this system, but I expect that they could be solved with some work, possibly involving cryptography.
--Santtu Voutilainen A quick addition on the trust mentioned in an earlier comment: What really scares me about the DRE debate is the complete lack of technical knowledge and complete blind trust placed on these systems by some officials -- statements about DRE machines not being computers and thus being immune from computer security issues are just amazing (and not in a good way ;-) ).
--Damon May 14:51, 13 Oct 2004 (PDT) e-Voting machines are one of those things that are easy to accept if you don't think about them too hard. After this week's readings, though, the issues seem insurmountable for a system without a paper trail, at least in the short term. If voting privacy weren't paramount, voters could simply sign in somehow and cast their vote over a verifiably secure network protocol of some sort; the issues involved wouldn't be significantly different from those involved in online banking, and the stakes would be similar. With the privacy requirement, though, I haven't yet seen a system described that could possibly provide assurance that the vote hadn't been manipulated.
Considering that DRE is already a reality, though, I'd be happier if the opponents of DRE machines concentrated more of their efforts on mandating real, formal security audits of the systems, rather than decrying DRE on principles that the general public doesn't understand. Such audits could expose tangibly to the public the problems inherent in DRE machines (as well as the ones specific to the individual systems) and generate a popular, rather than solely academic, backlash. Failing such a backlash, I fear we're stuck with these things until they provably screw up a major election.
EimanZ: I have trouble understanding the problem with printing out a receipt that the voter can take with them. What is this worry about third-parties buying their vote about? The level of privacy needed for who the person voted for should be the same level as how much money the person has in the bank. And we print out ATM receipts all the time. If voters are gullible enough to sell their votes, wouldn't that be their problem? It seems to me that the voter has an absolute RIGHT to have a record of his/her vote.
TedZ: Oooh, that's a corker EimanZ. Its not a matter of gullibility, its a matter of buying an election. I don't think we want to go down that road.
e-voting Roundtable discussion
I found this via ars technica:
With the election only weeks away, John Paczkowski of Good Morning Silicon Valley fame has invited Ars readers to join in a roundtable discussion over e-voting issues. John has assembled a panel of e-voting experts, election officials, reporters and voting rights advocates for the roundtable. While readers will not be able to directly be able to participate in the discussion, they are encouraged to submit questions and opinions that will be reviewed for approval by the editor. The roundtable kicked off on Monday and will run until midday Friday. We have reported extensively on problems and concerns surrounding electronic voting and this is a chance for readers to pick the minds of the experts and join in on the discussion.
It should be interesting to watch this discussion.
Voting Systems highlighted in Oct 2004 Communications of the ACM
This month's Communications of the ACM highlights electronic voting systems. There are 8 papers, including one titled "Small Vote Manipulation Can Swing Elections", an analysis of the effects of changing a single vote per machine. I've just now started into the articles, but as always, they are meaty.
(ACM endorses voter-verified physical records, by the way.) --Gail Frederick
Link to an article of interest
Lecture Discussion
John Naegle I added a new section for lecture discussion, as it happens or after the fact.
John Naegle
Slide 12 states that: "Current computer technology isn’t up to the task." but I wonder if the technology the problem, or the application of the technology? It seems like the technology required to have a DRE system as good as the current paper-based systems is available, but we don't have a good implementation yet. If the technology is the problem, could there ever be technology that is good enough? What technology would be required to move to a paperless system?
David Dorwin I think that this is a general statement that will always be true unless someone makes significant strides in formal verification. Software is so complicated that it's impossible to verify there are new bugs. And even if you could guarantee that the software is bug-free, you're assuming that the hardware is bug-free. In general, this is true because hardware companies spend a lot of money on validation. However, they can't test every case, so it's possible that the bug-free software could be executed incorrectly. Also, it's possible that a marginal chip could get into the voting system and calculate incorrect results.
That said, I think most of the problems are related to not having a verifiable paper record. If some of the other issues that are within human control and capabilities were resolved, the public could have confidence in the electronic voting systems. Because of human nature, I don't see how we could move to a completely paperless technology and still have trust in the system. Perhaps Professor Dill will present some ideas later in the lecture.
John Naegle I guess it comes down to how you define technology. Is a bug part of the technology, or the application/implementation of the technology? Regardless, Professor Dill has a valid point, bugs will always exist. And even if you eliminate all the bugs, what happens when the power goes out? Suppose a category 5 hurricane was to knock out power to the state of Flordia on November 2nd. It seems there will always be an electronic point of failure without excessive cost.
David Dorwin In addition to your software and the hardware, you must also trust the compiler and OS. There are some papers on the Internet about root of trust and trusting the compiler. One of them can be found on the ACM website, and there are related slides.
Think about how many problems you or your family have with computers. Voting machines based on the PC (Windows or otherwise) are likely to have the same rate of problems. From what I've heard, governments do not have very good IT departments, so they're unlikely to be able to recover from issues quickly. In addition, it's unlikely that the election workers are going to be able to resovle basic issues on a PC.
Regarding the electornic point of failure, imagine the conspiracy theories if there's a blackout in Miami-Dade County.
David Dorwin The issue of trying to explain this to lay people was just raised. I don't think that the issues and potential problems should be that difficult to understand. I think it's more likely that people just don't want to hear it. (I'm a software engineer, so I may be biased, but the ease of problems and fraud seem pretty clear.) The vendor representatives obviously have an interest in covering there ears. So do politicians and voting officials who want to satisfy the public by making a change no matter what it is. Plus, e-voting is "sexy".
Gail Frederick Is there a product liability issue here? DRE manufacturers are selling a product that is obviously defective and containing circumventable security. If I sell a laptop that overheats and burns you, or a cigarette that kills you, then I am liable. But if I sell a DRE that miscounts an election, or provably allows tampering, is the manufacturer not at all on the hook for this product defect? Are municipalities signing agreements that prevent such litigation?
John Naegle I think David has a good point. Turning to technology, especially evolving technology, as a knee-jerk reaction to dealing with societial problems because it is new and "sexy" is a frightening proposition for those involved with the technology. There is no silver bullet, some things just take time and are hard - electronic voting seems to be one of them certainly.
David Dorwin Liability is a good question. I don't know if anyone in the class knows enough details to comment, but you could compare it to tobacco. The states had enough proof that the Tobacco companies knew that their product was unsafe but didn't tell anyone and continued to insist that it was that the tobacco companies settled. The companies knew long before it was general public knowledge, but eventually independent doctors also determined cigarrettes are unhealthy.
Obviously it is public knowledge, though perhaps limited to a few who care, that the evoting machines have significant flaws. Liability may come down to whether the companies knew this ahead of time. On the other hand, will government officials want to go after a company for selling the same officials those computers? Government officials are unlikely to admit that they bought a bad product. However, independent voter groups may file lawsuits.
Hong Qu
Productivity
From my undergrad as Econonmics major, I learned the formal definition of productivity is "typically measured as output per worker or output per labor-hour." Wikipedia
However, this model only implicitly incorporates technology (assuming that better technology tools enable workers to produce more output in less time.) Recently, economists have proposed a detailed measure of productivity: Multifactor Productivity=Output/(KLEMS) where
K is capital services
L is labor services
E, energy
M, materials
and S refers to purchased services Federal Reserver Bank of Boston article
The Diebold analysis and the DMCA
From: Edward W. Felten Sent: Friday, October 15, 2004 3:46 AM To: Ed Lazowska Subject: Re: DMCA and Diebold voting code
Ed Lazowska wrote:
> When Yoshi and everybody wrote the Diebold analysis paper, why didn't > they run afoul of the DMCA? (The "reverse engineering" aspects.)
The DMCA doesn't ban all reverse engineering. Since the researchers didn't circumvent a technology that controlled access to the code (or one that controlled copying of the code) the DMCA wouldn't really apply.
Diebold might have tried claiming that in the course of studying the code the researchers had copied it, in violation of good old fashioned copyright law. There are some cases that say it's okay to copy in the course of reverse engineering if the reverse engineering is otherwise legal and copying is necessary to do it. But the facts in those cases were different enough that there might have been some risk that they wouldn't apply.
> Also, how about "trade secrets"? Did that not apply since the code was > on the internet?
I think that once the code was on the net it would be much harder for Diebold to argue trade secret.
> In general what were the risks involved in doing the paper?
[adaptation of Felten's answer] The law in this area is really complicated and the precedents never match a new case perfectly. Thus, it's difficult to predict what a judge might decide.
