Frankly, I don't who thought it was a good idea to make a first run on the presidential elections, but it was really a bad idea. Would have been better to wait for a lower-profile election, one that was not at risk of bringing in so many voters.

I despise those things anyway, what with the bad rep Diebold has given them. I don't trust them.

It's amazing that in these times of ever higher technology, there is still a place where a simple pencil and paper are the only tools which are secure, reliable, sustainable, environmentally sound and non-disputed. If it ain't broken, don't fix it; however ambitious the engineers are :-)

There were several highly publicised problems with the machines over here, one was that someone hooked up the machines to the wrong power supply and either blew the main or fried the system's power supply, the others seem to be due to dumb local councils who, after tests - FYI Pascal, tests were made and all machines must be tested and certified conformal by the ministry of the interior - installed 1 machine per voting centre instead of the usual 3-5 booths - imagine closing 3 lanes on a 4 way motorway at 9 A.M.... you get the drift...

In any case, most of the voters like the idea of sliding a piece of paper into a voting urn, and not trusting a series of microchips, even when those chips are set 3 in a row and all mutually examining each other for tampering - on this note, I go for Bruce Schneider's idea of using any semi-secured PC (and not a 6000 euro voting "device") to select your candidate, that then prints out your vote onto a slip which you can then check and place in the ballot box. At the end of the day, you count (by hand) and compare with the compter print out in number of votes and breakdown per candidate. If they match, the results are made public. If there is a discrepancy, the paper votes are to be taken as the legal base - and it also allows somthing physical to be presented in court in case of legal action - With electronics, a power cut, a magnet, hacking or hardware failure could all blow all meaning from results...

See http://www.schneier.com/crypto-gram-0611.html#1

There was also somewhere a very funny essay about a future US presidential election won by a very young, non-partisan candidate who ended up with 55-odd percent of the vote on an election executed on i-Voting Corporation voting hardware... The fictional press release went somthing like "The young president-elect will now resign from his job as junior programmer with i-Voting Corporation for a 4 year term in the Oval Office..."

Cheers,

Daniel

Indeed, with the failure of the e-voting machines, voters

went upset forcing some local councils to ask for a

withdrawal.

Those machines were sneakily introduced by local councils

(mostly from Sarkozy's party, pretty much like in the US

with some Bushists in fact), without conseil constitutionnel

(Supreme Court in charge of correct elections run)

seeing any problem in this complete re-engineering of the process !

But their members were all renewed by Chirac ...

There's been a funny interview in Canal +, of a local

right-wing council head (the one keeping Sarkozy's seat

warm in fact):

- jounalist: what is the added value of those machines ?

- head of council: well, we spare 3 hours for the results

communication.

- is that all ? 3 hours once per 5 years ?

- errr, yes.

- is not a bit expensive ?

- well, ... no.

LOL.

Hey, it's economical, the government said so. A vote machine is only a mere 6000 euros a pop (you also have to add a certified engineer callout if the machine breaks down too), as opposed to a 40 euro kings ransom for a sealed perspex fishtank, and another 20 euros for a big fsck-off padlock that will still work in 90 years time...

And people wonder why I don't get involved with politics...

Cheers,

Daniel

I agree with the previous posts. I'm also opposed to the use for voting of anything that can't be understood at a glance by every single voter.

I remember hearing on France Info, a few years ago for local elections, the mayor of La Rochelle (one of the first cities to use machines): he said that he did not understand how it worked, but he had a technician who did. So in that city, only one person actually had an idea of the way the system was rigged...

But there is also a real issue here: the lack of interest of voters in the actual counting. I've been volunteering to count the votes for every election in the last 5 years. In my place, for what, maybe 15000 registered voters, there are always enough, but not that many, about a dozen.

There are voting booths where there are not enough volunteers, and that is a real issue. If nobody's there, then the use of machines seems to be the only choice.

How about using standalone (with the ethernet port ripped off) windows/linux/unix machine, locked in a safe, and a simple HTML form linked to a database taking the votes? Multiple choice, you can only choose option, so no one can mess it up. Then when the votes are in, you get a brand new formatted pen drive, take the database to another standalone windows/linux/unix machine, merge the databases, and voila!

Or am I really missing something here?

The PC sounds ideal, cheap, commoditised hardware and OS. The problem is that despite the rather dubious reputation of a certain manufacturer of these dodgy pieces of bespoke hardware in a certain rather large 'democracy' the systems are at least 'certified' to a standard. Most of the cost isn't the hardware, after all it isn't exactly a VLSI 200m transistor processor at the centre - the security OS 'should' be sitting on a relatively simple, relatively cheap to fab chip.

The cost is in the certification of the hardware and software, and with the best will in the world none of the major OSes qualify, let alone the buffer overflow ridden hardware of cheap PCs, and removing the connectivity doesn't work - you still need to certify the USB drives, and then ensure no tampering with something specifically designed to be slipped into a pocket easily and conveniently. Not to mention the potential leaks or corruption from em radiation - deliberate or otherwise.

You might be able to make a case for something like qnx, or possibly secure BSD, but something mainstream - no hope. Can you really imagine security auditing windows source code, or even linux, with it's open source advantage. Let's face it even MS don't deliberately make their OS uselessly open to hackers, and they have the best view and huge resources to ensure it doesn't happen. But it does. Often for no good reason than 'because it's there'

I guess someone could build a truly secure linux by taking out huge gobs of unnecessary functionality - the open source nature would make the bug hunting fun. But it would take a while, and the closed source additions would still require auditing. All possible, BUT what do you reckon the end price would be. I'm guessing around 6k Euro.

Jason,

What you're missing is that a person who does not understand computers -- and that means the majority of the population -- has no hope of being able to check out fully the system you propose.

Laurent is correct; universal comprehensibility is vitally important. What you can't understand, you can't trust.

Even if the full schematic diagrams, firmware listings and mechanical blueprints for the voting machines are published -- and democracy demands no less -- most of the population will still be unable to understand them, let alone trust them.

For the sake of saving a few hours every few years (as Regadpellagru points out), it's just not worth it.