Yet Another E-Voting Glitch; This One Adds 5,000 Phantom Votes

from the oops dept

Another election using e-voting machines… and another set of stories concerning massive problems. Slashdot points us to the news that a local election in Rapid City, South Dakota, was about to go to a runoff after no one hit the 50% mark, when someone finally noticed that the 10,488 vote total seemed a bit high. So, they went back and recounted the actual ballots, and discovered only 5,613 people voted, but the software added up the votes incorrectly. Once again, we’re left wondering why it’s so difficult to do simple arithmetic — and why e-voting companies like ES&S are so against allowing experts to look at their source code and maybe help catch some of these bugs before they totally screw up an election.

ES&S, of course, has been especially bad when it comes to transparency, despite numerous stories of glitches. It’s also the company that had an employee stop by here on Techdirt, call us all “idiots” while insisting that the machines were perfectly fine and that the machines are “extremely scrutinized and very reliable” and anyone questioning their reliability was simply relying on “conspiracy blogs.” Of course, his focus was on the idea that the machines were “hacked” — a charge we never made. Our concern — and the concern of many others — are that the machines are unreliable, prone to errors and have serious security and process flaws. Considering how many stories we’ve seen of problems with those machines in real elections, that seems to be proven fact — not “conspiracy.”

And yet, ES&S has always resisted any real scrutiny. When California looked to investigate e-voting machines more fully, ES&S was the one vendor who held out for months beyond the deadline, before finally submitting its source code along with a threatening letter about how it would personally sue the Secretary of State if any of its trade secrets got out. Of course, soon after this, we found out that even its certified code didn’t much matter, since it had given California machines with uncertified code for an election. In the end, not surprisingly, ES&S machines were found to have significant problems, and were decertified in California. Perhaps South Dakota should have taken note.

Filed Under: , , ,
Companies: es&s

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Yet Another E-Voting Glitch; This One Adds 5,000 Phantom Votes”

Subscribe: RSS Leave a comment
Marcus Carab (profile) says:

Re: Re:

Oh quit being a troll. Correctly tallying votes is, arguably, the ONLY thing an eVoting machine has to be able to do. It’s pathetic that they can’t get that right, and anyone and everyone has the right to call them out on their laziness/incompitence/both.

But really, sounds like you need to start a leading technology blog if you think you can do it so easily.

Concerned Citizen says:

Re: Are you serious?

You are treating this like it is a minor issue when our republic relies on voting for the selection of its leadership. Unfortunately we’ve been brainwashed for so long that ‘for-profit’ is better than ‘public good’ that responses like yours are inevitable. Rather than starting an e-voting company, the U.S. government should develop an open source voting system that can be vetting in the public forum.

Anonymous Coward says:

Re: Re:

Sounds like you need to start a e-voting company if you think you can do it so easily. Seriously, you have so many things figured out. You should be a millionaire by now.

Sounds like you need to start a blog of your own if you don’t like Mike’s. Seriously, you have so many things figured out. You should be a millionaire by now.

Yakko Warner says:

Is it that hard?

As a computer programmer, I routinely have to deal with things that end up being a lot harder or more complicated than you’d initially think; and trying to get a computer to do something that seems simple to explain isn’t always as straightforward as it seems.

But seriously… how exactly do you screw up counting? What am I missing here?

Anonymous Coward says:

Re: Is it that hard?

uhm…. what comes after three?

(a more serious answer)
Well, for one thing, you would have to authenticate users to ensure that no one votes twice and to make sure that people that shouldn’t vote in a specific area don’t (ie: if I live in Florida and am not supposed to vote in Texas then I shouldn’t be able to vote in Texas. Some people may try to vote in two places at once, or have someone else vote for them in some other area. Who knows, lots of things can happen, I’m not claiming I know all the intricacies but a little bit of creative thinking might yield some way that things can go wrong).

anymouse (profile) says:

It's all in the method

They are attempting to implement the historical ‘kings count’, where the king would divide out the loot/goods/etc highly in their own favor.

One (1 item) for you, Two (2 items) for me, two (the second item) for you, three (3 items) for me. So at this point you have 2 items, and I have 5, which is all fair and equitable (according to the one doing the distribution, not the one receiving it).

The problem is that when you implement this type of count with a virtual item like ‘votes’ it’s hard to make sure your loops are correct, if they aren’t then you end up dividing out more than you actually had in the first place.

Overcast (profile) says:

How do you fuck this up:

Button Candidate1() Click
intCandidate1Votes = intCandidateVotes + 1

Am I missing something here?

Not at all.

Again; consider the same companies who make ATM machines with their ‘high rate of failure’ (joking) are making voting machines.

One would *think* a voting machine would require a lot less work than an ATM…

Anonymous Coward says:

Re: Re:

One would *think* a voting machine would require a lot less work than an ATM…

Not if you understand the problem. The big difference is that votes are supposed to be anonymous whereas banking transactions are just the opposite of that. This one simple difference makes the problem much different.

Almost Anonymous (profile) says:

Re: Re:

“””One would *think* a voting machine would require a lot less work than an ATM…”””

Actually, this is a really interesting comment. Would one think that? This one certainly does not: I think that a voting transaction -should- be handled with the same security and attention to detail provided for a currency transaction. However, I believe it is very likely that many would agree with you, that collecting votes should be “simpler than an ATM”. Maybe this is part of the problem. Completing a voting transaction should be every bit as carefully completed and monitored as getting 20 bucks out of the ATM.

TW says:

How hard is it?

I’m not a programmer, so I could be totally off-base here. But, simply tallying votes for a set of candidates or issues should be simpler than creating an online shopping cart, where you get to select/vote for a wide variety of products and hit submit to have your order/ballot processed. I don’t think I have ever had the problem of receiving an extra 5,000 of the latest bestseller from Amazon when I ordered a single copy.

TW Burger (profile) says:

Re: How hard is it?

I am a programmer and you are correct, counting votes is an easy program. However, voting machines are custom configured for each vote so there are many chances for errors in the setup. Also, the basic system is a distributed database that keeps score. It’s quite common for the front end programmers to not know how the database works and that is what causes these errors to be made.

Personally, I think votes should be on paper and counted by hand. Anyone who thinks a programmed voting machine is a good idea must also love computerized slot machines and off shore online poker.

Another scary thought: Voting machines are designed to be field configurable at the hardware level, using the Internet. They can change behavior during the voting and from what I have seen/heard the security is not world class.

Rob (profile) says:

What to worry about ...

“Our concern — and the concern of many others — are that the machines are unreliable, prone to errors and have serious security and process flaws.”

My concern as a firmware engineer is that there is an independent audit trail. Yes, let the machines count the votes but print a completed ballet which the voter can examine and put into the box. Then, after voting has closed, take a statistically valid sample of the paper ballets and compare that to the results. It’s called quality assurance.

Here in Texas we use a voting machine that provides no such audit trail. As a thirty year veteran of creating systems containing embedded computers, I know they are fallible because I’ve created systems with bugs that got past all our testing.

DJ (profile) says:

total vote count???

Ok I’m not a programmer, so I’m just going to look at the part that I do know about: TOTAL vote count.
10488 / 5613 = 1.868 !!!!

Which means that according to the machine:
1 = 1.868

Computer: n. One who computes.

It is mathematically IMPOSSIBLE for 1 = 1.868 by accident. The ONLY POSSIBLE conclusion, therefore, is that someone programmed that into the software. Whether or not they did it intentionally is irrelevant; they did it.

Dark Helmet (profile) says:

Re: total vote count???

“It is mathematically IMPOSSIBLE for 1 = 1.868 by accident. The ONLY POSSIBLE conclusion, therefore, is that someone programmed that into the software. Whether or not they did it intentionally is irrelevant; they did it.”

Irrelevant? To me it’s the differnce between public embarrasment and all out revolution.

DJ (profile) says:

Re: Re: total vote count???

My agreement with your argument would depend on two things: 1)the outcome of the election; 2)the severity of the screw-up.

In other words a US president being elected by a faulty outcome is pretty damned severe; but a minor proposition is not so bad. Both are cause for public enmity, but an all out revolution over a minor prop? Not so much.

So, I’ll grant that whether or not a programming error is intentional is, in fact, NOT irrelevant in regards to public emotions. From a system designer’s point of view, however, it IS irrelevant; who cares WHY it was done, just fix it!

Rob R. (profile) says:

Conspiracy Theorist?

Am I a theorist if I think we should take a peek at any connections between a political candidate or party and the company that makes the voting machine? This happens way too often to just be bad code once or twice.

Not only that, but I think the FTC needs to crawl up ES&S’s ass with a microscope and find out what is going on. Why has this not been done?!?

Dark Helmet (profile) says:

Re: Conspiracy Theorist?

Simple: When you’ve got an entire nation by the short and curlies, and when you have an active interest in rigging elections through a state sanctioned voting machine manufacturer, you don’t go rocking the boat with insignificant trivialities like “truth” and “justice”.

So yeah, you’re a conspiracy theorist. The problem is that your theory is probably true.

TheStupidOne says:

Voting Machines Made Simple

A) One machine per polling location with multiple terminals for people to vote at (greater security)
B) Use a MOUSE and KEYBOARD – Everybody uses those already and don’t need to be calibrated (ease of use)
C) Paper trail – terminal prints vote receipts which are submitted by the voter as the official vote, electronic copy is mere convenience (auditing)
D) Voting program is open source and freely available to be run on any PC (debugging)

Then the program itself is broken into multiple pieces based on area the vote is relevant for. So all areas in the state have the exact same program for all the state level elections and same for local communities. This way the implementation is the same everywhere.

People can announce the results of the electronic election, but the results aren’t certified until all the paper ‘receipts’ have been counted

Anonymous Coward says:

Re: Voting Machines Made Simple

C is the important one:

The voting machine should be JUST a machine to help people mark their ballots, not a counting system. The voters should hit the terminals, make their votes, and a printed and completed ballot should come out.

That ballot can then be checked by the voter, and any problems dealt with before the vote is submitted. Then it should then be hand carried and deposited in the vote box for later counting.

Then you take these votes, process them with another machine, and use that machine to actually count the paper ballots. Store the paper ballots under seal for any appeals. Otherwise, you are done. No way for the software to fuck up, and it is easy as heck to go back and check the paper ballots.

totally electronic voting (single machine / networked machines) is a very risky way to go.

Anonymous Coward says:

“It’s also the company that had an employee stop by here on Techdirt, call us all “idiots” while insisting that the machines were perfectly fine and that the machines are “extremely scrutinized and very reliable” and anyone questioning their reliability was simply relying on “conspiracy blogs.””

Because if you label someone that disagrees with you a crazy conspiracy theorist they must be wrong. I’m very disappointed in what passes for good logic these days.

Gene Cavanaugh (profile) says:

Voting machines

I was a precinct inspector in the May 19 California elections.
The Secretary of State requires we have an electronic voting machine available, but “if one person uses it, you need to get a total of five to use it”.
So, a guy came in and insisted on using that machine. Most people who vote are VERY nice (cream of the crop) so we found four others who agreed to use the machine to help us out.
Wonder what the results were? We had five people – wonder if it was reported as 50, 500, 5000, ???

Bettawrekonize says:

I am going to come up with a new (unpatentable) system that, if implemented, will go a long way in solving the potential voter fraud problems and strongly prevent voter fraud (though it’s not foolproof).

After someone votes on a computer he is given a unique voting number at the time he votes. Only the voter knows what the number is. He also types in some unique random comment in an input box in a computer. (The random comment is to prevent the system from giving two different people (who voted for the same person at about the same time) the same voter number. It helps ensure that each vote counts, makes it harder for the system to cheat the people). He is also given a page number, the page that his vote will appear on.

Online is posted a large text/html file and it categorizes votes by state. Say you click on a state, California. You are given a page with a thousand (or whatever) voter numbers and what each voter number voted for. At the bottom of the page are some standard navigation buttons (like the ones at the bottom of a google search) that lets you navigate pages (and perhaps an option that lets you type in the page you want to jump to). Every voter can jump to the page of his voter number and see that it shows, next to his voter number, who he voted for. So the list may look something like this.

voter number – date:time – vote – comment

001 – date:time – Ron Paul – Hello!
002 – date:time – Barack Obama – Hi!


(perhaps removing the date:time might be a good idea for privacy reasons, ie: someone might figure out when someone voted and based on that they could figure out who they voted for. Very unlikely though but it really depends on what we value more, transparency or privacy).

That way voters can ensure that their votes count but no one can know who I voted for because only I know my voter number.

Now, before I vote (and we already have a system in place to keep track of this where we have lists of registered voters and someone crosses off who voted) I go up to someone on a computer, show him my ID, and he types in my name on the computer. It shows that I’m registered to vote in that area and that I didn’t already vote. He gives me permission to go to another computer, in a booth, and vote. From his computer he authorizes the computer in the booth to allow a vote. I go in the booth and vote (it asks me, are you sure you want to vote for this person, I click yes. I can also type in a vote if the person I want to vote for is not on the list of course, this should ALWAYS be true for ANY state). A sheet prints out of a printer that tells who I voted for. At the outside of the booth, next to the top, a red light flashes indicating that I voted. I look at the sheet to make sure it’s correct and fold it up so no one else can see who I voted for. The vote registers in the computer system as well. A second sheet prints out with my voter number and my comment (though I can think of some reasons that this might be a bad idea). I keep that sheet. I go to another person on another computer (I like the idea of having different people working separately as much as possible to avoid one person coordinating everything because if one person coordinates everything this leaves a higher potential of voter fraud from that coordinator. Separating roles as much as possible is good at preventing corporate employees from cheating their employers and it’s good here too). There is a box. I drop in my vote (the first sheet that printed out, I keep the second), give him my name, show him my ID, and he registers on his computer that I voted. He also verifies that someone just voted on the booth number that I just voted on (and that this is the booth I was assigned to vote on by the first computer. He then clears the booth allowing the first computer to assign another voter to it. We can have multiple booths and multiple computers assigning voters to booths and verifying who voted after the vote). He also has a list of all registered voters (a stack of papers). He finds my name and crosses it out (we already do this. In the case of multiple computers, I have to figure out which computer contains my list. It’s alphabetical by last name, one computer from A – F, another from G – N or whatever). This way we also have a paper trail of who voted. He also has a printer and that printer prints my name. He drops that in another box. This way we can independently confirm that both boxes have the same amount of papers (ie: number of votes = number of people who voted). There are cameras everywhere and, depending on how much you value transparency over privacy, perhaps those cameras can be posted online so everyone can monitor everything to avoid voter fraud.

The other computer(s) keeps another list of everyone who voted but it doesn’t keep track of who voted for what. So each voting arena has two lists, one of everyone’s voter number and who that voter number voted for and another with the first and last names (and drivers license number perhaps) of everyone who voted. Both computers feed this data into a third computer that independently makes sure that the number of people who voted = number of votes. All the software involved is open source and code is available to the public.

Now there is the question, what about those who didn’t vote at all? How do we know that someone who works for a voting booth or whatever won’t vote on their behalf once the voting booth is closed? Say Joe Blow is registered to vote but he never votes. If I’m at the voting place and I conspire with others who work there, I might see that he didn’t vote and vote on his behalf.

The trick is when I register to vote I get an online account on some government website. The government associates this account with me and verifies who I am on a personal basis (ie: when I register to vote at some place, they look at my ID and then they hand me a keyboard to type in my password. I write down my password or, if I forget it, I can call a government official, give him enough info about me to validate who I am and he can reset my password. I can always change it online. Or maybe I have to go to some government building, like the DMV, to change it, who knows). I login to that account (type in my username and password) and a site shows up with my name and below it lists all the years that I was registered to vote and lists whether or not I voted and, if we value transparency over privacy, when I voted (having the time of vote can make it easier for government officials to track who voted for whom based on when people voted). For example it can say

2000 – voted – time of vote
2004 – did not vote

This information comes from the list of registered voters who voted. This ensures that no one voted on my behalf if I didn’t vote (of course my voter number is not associated with this account and each year that I vote I get a different voter number. No one but me can possibly associate my voter number with me since that’s not in the system anywhere, so I still have my privacy). I can then go to the other, independent public site (the one above), look for my voter number and ensure that that voter number voted for who I voted for (and verify the comment and time). Authorities can ensure the identity of everyone who voted (because they have their full names and all their information including where they are supposed to vote) to avoid dubious votes from dubious names. They can also ensure that the number of votes = number of people who voted both on paper and with the computers.

The beauty here is that all voters can ensure that the system registered whether or not they voted and, if they voted, who they voted for (and when they voted) without anyone else being able to associate them with who they voted for.

To make the system even more transparent, at the cost of privacy (if one values transparency over privacy), we can have another page that links to various states. You click on a state and it lists the full names of everyone who voted (but not when they voted since that can then be associated with the voter number since the voter numbers also list the time. Or maybe they should list both because that helps validate things more accurately, depending on what you value more, transparency or privacy). This way anyone can verify that, according to the system, they voted, they can verify that the system registers who they voted for, and they can validate that number of voters = number of votes. Also, if someone shows up on the list who is no longer alive, someone else may notice it. There can be search features built in to search for voter numbers or names as well.

This system isn’t foolproof. People/authorities still need to verify that dubious names don’t show up with dubious voter numbers. That problem exists now, so it’s not like my system creates this problem. But at least this system gives enough transparency to make the job easier (ie: by validating that independently produced numbers match and by allowing each voter to validate that the system properly registered whether or not they voted and who they voted for). Suspicious patters like

001 – 9:30 – Ron Paul – some comment
002 – 9:30 – Rron paul – some comment
1000 – 9:31 – Ron paul – some comment

would quickly raise public suspicions. So at least the public can scrutinize the data and look for suspicious patterns as well.

Bettawrekonize says:

“You click on a state and it lists the full names of everyone who voted”

and perhaps you can also list the year they were born on the public site (again, depending on what we, as a society, value more and to what degree. Privacy or transparency).

So it can look like this

2000 – voted – name of person – year of birth – time of vote

Say Joe Shmow is a common name and he appears on the Nevada list. Someone knew Joe Shmow and they know his age and when he died.

2000 – voted – Joe Shmow – 1890 – time of vote

Clearly Joe Shmow is probably not 100+ years old so that alone may raise a red flag with everyone (which is good). But this person may think, “oh, that could be another Joe” since this is a common name. However, when he sees the year of birth, he can more easily know that it’s the same Joe (how many Joe Shmows lived in Nevada that were born on this exact year? Or perhaps it can have the exact birthdate, making it easier to identify, depending on how much we value privacy vs transparency). and he’ll know that this person is no longer alive. It can spread through blogs and people can then investigate.

Bettawrekonize says:

In addition to my above system perhaps drivers licenses can have a bar code that people running voter stations must swap through a bar code reader to allow someone to vote. This might help prevent someone working at a voting booth from voting on someone elses’ behalf? It might also help avoid fabricated votes by non existent people? It’s still not foolproof 🙁 . Any ideas?

Bettawrekonize says:

To make it easier for others to solve this problem allow me to define the problem more narrowly.

We want to put enough necessary voting information (and only the necessary information) in the public to domain (ie: on the Internet) to allow the public to analyze the data and (if all of the available data is analyzed correctly) ensure, with close to 100 percent certainty, that voter fraud did not occur without compromising the privacy of voters.

The above system can allow the public to ensure that each vote counts without compromising the privacy of voters but it doesn’t ensure that ONLY registered voters vote only once and that votes by fictitious people aren’t fabricated in the system. It can help ensure that obvious problems don’t occur, Ie: if the number of votes is higher than the population then we know something is wrong. Ensuring that each vote counts would make it harder for someone to simply insert a bunch of fictitious votes because that would make the voter count go up (since you can’t delete votes from actual voters and replace them with new votes because each voter can independently confirm that their votes count) and if it goes suspiciously high then we can start questioning the integrity of the system.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...