Voter Fraud

210 thoughts on “Voter Fraud”

1. You have to take into account the perception of fraud as well as the reality. This is a hard proposition to acknowledge, when there’s basically a propaganda campaign underway to create unjustified fears of voter fraud, but it’s true nonetheless.
   For example, is there a gigantic Republican conspiracy involving electronic voting machines? I’ve been reading Daily Kos for years and I still have no idea what’s true and what’s not. But widespread lack of confidence in electronic voting machines is a problem EVEN IF there’s no actual fraud going on. Our entire system rests on societal acceptance of the legitimacy of election results. If the losing side thinks there wasn’t a fair election, you’re going to have big problems at some point.
   That’s not to say that we should adopt radical anti-fraud measures, or that we can appease everyone. I mean, there are people in this country who believe there were no planes on 9/11. But when a fear becomes sufficiently widespread, it’s a threat to legitimacy even if it’s completely unjustified.
   I think it’s important to get the word out about the truth behind claims of voter fraud. And hilzoy’s arguments that there’s no real point to voter fraud are persuasive and well stated. But I think people should be open to ideas like an ID requirement coupled with liberal provisional ballot procedures, even if they believe there’s no voter fraud problem at all, simply because this is one of those rare areas where perception truly is more important than reality.

2. Steve: we have the luxury of dealing with perception rather than reality only if the perception of voter fraud is being advanced in ggod faith. The adminstration’s attempt to suppress the evidence that there is little actual voter fraud strongly indicates that the perception of voter fraud is not being advanced in good faith. The right ought not to be able to manufacture false claims of voter fraud, then insist that we take them seriously, even if not true, because perceptions are supposedly important to legitimacy.

3. But I’m not talking about assuaging Karl Rove’s made-up fears of voter fraud. I’m talking about the rank-and-file conservatives who, for better or for worse, buy into his bullshit. Among the older generation of Republicans, for example, there are many for whom every election is 1960 all over again, and the Democrats are supported by legions of dead voters. Their perception may be utter paranoia, but it’s still a good-faith belief.

4. This issue is an opportunity for a general cleanup. I’m sure that some voter fraud exists, but I also think, for the same reasons hilzoy cites, that it’s of little significance. I am also convinced that manipulation of voting machines is a significant factor; one need only study the Cuyahoga County, Ohio, 2004 results (for which there were convictions of election workers) to see that there really was something very suspicious about that election, and all the suspicious activity just happened to work in favor of Mr. Bush.
   So why not piggyback both issues together? Let’s build a grand bipartisan effort to get ALL forms of electoral fraud cleaned up. I’d be happy to have a national ID card with biometric security tied to a voting machine that’s as secure as an ATM. The combination is something that everybody can agree to. Yes, it will reduce voter turnout, but it will also reduce electoral fraud. If you want to be partisan about it, the Democrats will probably come out ahead in such a deal. But the important thing about it is that it guarantees that our elections are fair.

5. ““there is a great deal of debate on the pervasiveness of fraud.” (…)
   Replace “pervasiveness of fraud” with just about anything you want, such as “global warming”, “evolution”, etc, and you have the standard phrase of anything that there is little debate about but which acknowledgement of that fact would have ramifications counter to what this administration and its allies want to accomplish.
   ” You want to make it as hard as possible for people who aren’t eligible to vote to cast a ballot, while not making it unduly difficult for people who are eligible, and these two goals are opposed to one another.”
   I agree with this, but in reality, I would rather 5 people who were not eligible to vote voted than 1 person who was eligible was not allowed to vote.

6. “A lot of measures that would prevent people who are not eligible to vote from voting would also keep people who are eligible to vote from voting. Imagine, for instance, that we required (say) that registered voters produce five forms of identification before they could vote. This would make it a lot more difficult for someone who was not eligible to vote to commit vote fraud, but it would also result in a lot of people showing up with only three or four kinds of identification and being turned away.”
   Of course we could start with requiring just one form of ID, which would improve the current state of things without disenfranchsing very many (I suspect approaching zero) ACTUAL voters at all. The hypothetical “person with zero forms of ID and ALSO desperately wants to vote” who is always raised in these debates seems just at least as rare as polling place voter fraud.
   And looking at the reports about the reports, I have two serious methodological objections. First, many states have made polling place voter fraud almost impossible to detect. If you don’t require any ID and allow same day registration with mere vouching, it isn’t going to be easy to detect fraud, even if it is widespread. See for example the Washington State governor’s election. Finding new unsecured ballots on nine separate occassions over a few weeks leading to a 129 vote margin in millions of votes doesn’t inspire confidence.
   Second, what do they mean by “widespread”? We have a 50/50 political balance right now. Lots of elections are turning on very very few votes. If 1,000 votes are fraudulant out of 1,000,000 and it turns the election, does that count as widespread?

7. One question I’ve never heard addressed adequately by proponents of stricter voter ID requirements is how you balance the harm of a fraudulent vote against the harm of an eligible voter being unnecessarily turned away from the polls. In past discussions it’s been claimed that the harm is equal, since a fraudulent vote cancels out a legitimate vote.
   But this isn’t correct. A legitimate vote isn’t canceled by an opposing fraudulent vote; it and all like votes are diluted by the fraudulent vote in much the same way that legitimate votes for one side are strengthened by the disenfranchisement of an opposing voter.
   So, in one scenario (assuming a 2-way race) everyone’s rights on one side are weakened a tiny bit, and someone wrongly exercises rights he does not have. In the other scenario, everyone’s rights on one side are strengthened a tiny bit, and someone is wrongly stripped of rights he ought to have. Supposing we agree that the damage to the legitimacy of the outcome of the election is roughly equal in each case (i.e. the dilution and concentration of all the opposing votes more or less affects the outcome in the same way in each case), I would argue that the additional harm of stripping an individual of his rights as a citizen, of wrongly telling a voter that he cannot exercise his right to participate in the democratic process, far outweighs the harm of allowing an individual to exercise rights he does not have.
   This is not to say that we have to shoot for absolute perfection, that one disenfranchised vote represents more harm than, say, ten thousand fraudulent votes. I’m just saying that the relative harm is going to be represented by a ratio much, much greater than 1:1. How much greater, I’m not entirely sure, and we can certainly debate the actual numbers, but this ratio needs to be front and center in this debate: how many fraudulent voters will a policy deter, how many legitimate voters will it bar from the polls, and just what balance are we willing to strike? Without having some actual figures to consider, it’s stupid to even consider sweeping changes to our voting laws.

8. “Of course we could start with requiring just one form of ID, which would improve the current state of things without disenfranchsing very many (I suspect approaching zero) ACTUAL voters at all.”
   Actually, that’s not quite accurate. For instance, in Georgia, where a bill like the one you’re proposing was passed, there are < a href="http://www.pfaw.org/pfaw/general/default.aspx?oid=22223">700,000 adults without suitable ID (mainly drivers licenses), amounting to about 8% of the population. Sure, you could have the state provide them with IDs–but even this is unfair (and that’s assuming the state does a competent job at searching out the people who need IDs and providing them with the cards). Consider this: you have a large group of people who already have a driver’s license, and a smaller, mostly-African-American group that doesn’t have a license. You propose requiring all of the second group, and none of the first, to go through a long procedure solely for the purpose of voting. That makes it harder for them to vote than it is for the people who already have ID, and this is beaucoup unfair.

9. Sorry, here’s the link for that Georgia stat:
   http://www.pfaw.org/pfaw/general/default.aspx?oid=22223

10. The most important fact here is that the types of fraud that allegedly concern Republicans, and therefore serve as justification for onerous voting registration/qualification at the booth provisions, simply does not occur in any manner sufficient to affect elections. As detailed by hilzoy, registering enough improper voters and getting enough in numbers to the polls to make a difference is a gargantuan task. Plus there is no way to keep such a scheme secret.
    Republican voting concerns are not driven by any reasonable fear — they are pretextual and serve as window-dressing to disenfranchise the “wrong kind” of voters. That is the record to date.
    Using felon’s lists in such a manner so as to get rid of many proper black voters (in Florida). Caging voters (a practice subject to a consent decree by the GOP but goes on illegally anyway). Anything and everything done by Blackwell in Ohio in 2004 — my favorite being his attempt to strike voter registration done on the “wrong” paper stock (mostly voter registration forms printed in newspapers to help people get registered). Systematic, organized and blatantly bogus challenges to any voter on lists generated by the GOP, even though the challenger knew next to nothing about the person being challenged (this one got shut down because it put the phony challengers at personal legal risk for messing with people’s right to vote without sufficient justification). Phone-jamming in New Hampshire with clear backing by senior GOP personnel, and then spending millions to defend the fraudsters from criminal liability.
    There is no “perception” problem by the GOP with regard to voter fraud — there is a systematic voter suppression effort using alleged voter fraud concerns as a pretext.
    As for Democratic concerns about electronic voting machines, there is some nuttiness on the question (exit polling allegedly proves the manipulation of voting machines…….). But the concern is far more real, and also involves the type of misconduct that is much easier to perpetrate and could clearly swing elections. Also, there is simply no parallel in the Democratic Party to the scope and organization of electioneering misconduct such as that orchestrated by the GOP.
    My favorite anecdote on this is the long history of outrageous voting irregularities by the College Republican organization — it serves as a training ground for the Rove, Norquist, Abramoff types. “Republicans learn how to fight hard against Democrats by practicing on one another first. ‘There are no rules in a knife fight,’ Grover Norquist instructed the young conventioneers in a speech.”
    As if elections were knife fights — that says it all.

11. [I]t isn’t going to be easy to detect fraud, even if it is widespread. See for example the Washington State governor’s election
    You mean the one in which the Bush=-appointed US Attorney found no fraud, and was fired for his pains? That Washington State governor’s election?

12. Sebastian:
    The hypothetical “person with zero forms of ID and ALSO desperately wants to vote” who is always raised in these debates seems just at least as rare as polling place voter fraud.
    This is wrong and also makes me angry, and demonstrates a typical Republican indifference to messing with people’s voting rights.
    As shown by the recent problems with instituting ID requirements for various forms of state medical aid, a small but significant number of people who are desperate to get the benefit are running into trouble because of these paperwork rules. It is not something trivial. And see the link above about the problem in Georgia, as if 8% is trivial.
    It may only be a few percent of voters, but they are probably mostly Democratic, and hence Republicans are happy to mess with them. And for what corresponding benefit, other than suppressing the “wrong kind” of voters? There is no factual basis to the claim that the ID requirement is preventing a greater problem with fraud so as to justify knocking out a small percentage of voters. And Gromit makes a good point about the more troubling aspect of disenfranchising real voters as opposed to a few improper votes leaking in. (and as if only Democrats would abuse the system to vote improperly — why aren’t each just as likely to make use of the same improper voting techniques? Why this Republican assumption that only Democrats allegedly do this? More myth making at work).
    That is the point of the post — that efforts to document the factual numbers to demonstrate the lack of validity to the need for ID to “prevent fraud” is itself being suppressed by Republicans eager to keep the myth alive, and therefor preserve cover for blatant voter suppression plans.

13. “I’d be happy to have a national ID card with biometric security tied to a voting machine that’s as secure as an ATM. The combination is something that everybody can agree to.”
    We absolutely can’t. Few people with concerns about central databases, their vulnerability, and the uses they are inevitably put to, in combination with national ID cards, would ever agree that that’s other than an absolutely horrible, unworkable, dreadful, proposal.
    Take a look at the British national digital ID-and-database plan, and the insane problems so many people have pointed out with it. I’m afraid you have to be completely unaware of more than a decade of debate about these issues, particularly started in comp.risks back in the Nineties, to be so ignorant as to think that “The combination is something that everybody can agree to.”
    That’s without getting into why no Democrat in their right mind would agree to methods of voter suppression as part of some grand compromise, even if the other part were a good, or at least reasonable, idea.

14. dmbeaster: As for Democratic concerns about electronic voting machines, there is some nuttiness on the question (exit polling allegedly proves the manipulation of voting machines…….).
    It’s not nutty, Dmb.
    The touchscreen voting machines that have no paper trail can be rigged untraceably to deliver whatever result wanted. That doesn’t in and of itself prove such rigging occurred, but it’s worth pointing out that gambling machines with similiar levels of protection against fraud would be illegal to use in any licensed casino. You wouldn’t have to prove that fraud had occurred, only that it could, to have those machines removed and destroyed.
    Exit polls are a proven and reliable method of determining who won and by how much. They’re in frequent use in many countries as a first-stop check against electoral fraud.
    When the exit polls say one result, and the voting machines say another result, and the voting machines have been designed so that it is not possible to confirm whether the result they deliver is fraudulent or honest – then the exit polls are strong evidence that, in fact, the machines were rigged – and there is no evidence at all to prove that the machines weren’t rigged.
    Aside from the rather unconvincing claim put forward by one of the Republican officials responsible for the Ohio election in 2004: that it didn’t matter that the voting machines could be rigged, because who’d bother?

15. “Actually, that’s not quite accurate. For instance, in Georgia, where a bill like the one you’re proposing was passed, there are < a href="http://www.pfaw.org/pfaw/general/default.aspx?oid=22223">700,000 adults without suitable ID (mainly drivers licenses), amounting to about 8% of the population.”
    And how many voters? Voters rarely hit 50% of the population, and they aren’t evenly distributed among people without drivers licenses. And how many of those people would find it truly difficult to get an ID if it were required? The main problem with the Georgia statute was that it charged for the voter card, and that is rather easily remedied.
    And reading the Georgia report I have to sigh at stats like “found to be fraudulent”. Not to be rude, but if you have made it virtually impossible to prove fraud, it isn’t shocking you don’t ‘find it’. I don’t remember that the response to Bush’s move to make it more difficult to “find global warming” by interfering with the scientific investigation was met with many warm feeling here.
    And I’m completely unimpressed by stats like ‘8% of people don’t have a currently valid ID’. Currently lacking an ID does not mean that we can’t design a fairly easy system which provides such IDs–even at the state level. There is no reason in the world that has to be expensive and there is no reason why the state couldn’t pay to provide one for poor voters who wanted it. That just is not a difficult problem.

16. The hypothetical “person with zero forms of ID and ALSO desperately wants to vote” who is always raised in these debates seems just at least as rare as polling place voter fraud.
    This is wrong and also makes me angry, and demonstrates a typical Republican indifference to messing with people’s voting rights.

    Me, too, which is why I didn’t reply. I become incoherent with rage when people are so fricking ignorant of the reality of how millions of poor people live that they can honestly and blithely say things like this.
    And I think Sebastian is a good, well-meaning, basically honest, intelligent, thoughtful, person. Which just makes me that much more frustrated that so many people like him are so utterly damn clueless about what life is like for people on the bottom rungs of the ladder, for whatever reason.

17. “You mean the one in which the Bush=-appointed US Attorney found no fraud”
    Do you mean found no rigourously proveable fraud? Once again when you design a system to make fraud almost indetectable, it isn’t shocking that you can’t detect it. If I pluck your eyes out, it isn’t really fair of me to then ask you to describe what color I’m wearing the next day.

18. “And Gromit makes a good point about the more troubling aspect of disenfranchising real voters as opposed to a few improper votes leaking in. (and as if only Democrats would abuse the system to vote improperly — why aren’t each just as likely to make use of the same improper voting techniques? Why this Republican assumption that only Democrats allegedly do this? More myth making at work).”
    This is not a good point. If you believe that why worry about voting fraud ever? Why worry about the kind of fraud that hilzoy actually does worry about?
    “And I think Sebastian is a good, well-meaning, basically honest, intelligent, thoughtful, person. Which just makes me that much more frustrated that so many people like him are so utterly damn clueless about what life is like for people on the bottom rungs of the ladder, for whatever reason.”
    The problem is that I’m most certainly not clueless about it. I lived out of my car for two months for God’s sake. You can get an ID if you want to get an ID. It isn’t impossible, even for the hard cases like ‘the birth records were destroyed’. The fact that some 8% of people in America DO NOT CURRENTLY HAVE AN ID is not the same as saying that 8% of citizens who are allowed to vote CANNOT GET AN ID.
    That isn’t the same AT ALL.

19. In addition to Gary’s points, you’re not going to get “a voting machine that’s as secure as an ATM” that everyone will agree on. ATMs can be trusted because your bank and you both know about all your banking transactions, so you can check that the balance is correct. That’s not true of voting, in which no one but the voter is supposed to know the vote.
    There are theoretically ways to use cryptography to ensure that votes are being recorded properly, but the voting system needs to be transparent to the average person (and those who are far below average), not just to people with computer science degrees.
    No electronic black box is going to be trusted by enough of the population. There’s a reason we have election observers, and if the voting is completely electronic, there’s nothing to observe.

20. Sebastian, assuming you are correct, and the deck is stacked against anyone looking for voter fraud, wouldn’t the logical first step be to make detection easier, rather than tightening ID requirements based on a problem we don’t yet know exists?

21. “Sebastian, assuming you are correct, and the deck is stacked against anyone looking for voter fraud, wouldn’t the logical first step be to make detection easier, rather than tightening ID requirements based on a problem we don’t yet know exists?”
    If you can come up with a method of detecting fraudulant voters without identifying fraudulant voters, I’d love to hear about it.

22. Look, Sebastian, here’s the thing. There is, yes, a benefit to preventing people who shouldn’t be allowed to vote from voting. There’s also a cost, in the form of people who should be allowed to vote but do not. The question is, is the benefit larger than the cost? I’m saying no. As Hilzoy explains, and as the suppressed report lays out in detail, any benefit is extremely low. And as the Georgia example shows, the cost is substantial. It doesn’t matter whether legitimate voters CAN get IDs if they really want them–the point is that forcing this burden WILL prevent legitimate voters from exercising their franchise.

23. Mr. Farber writes in reference to my suggestion that we combine a national ID with a highly secure voting machine, calling my suggestion:
    “an absolutely horrible, unworkable, dreadful, proposal.”
    That’s a lot of adjectives, and they’d be much more useful if they were backed up with a few facts. Yes, there has been a lot of debate about various schemes, but the existence of bad schemes doesn’t preclude the possibility of good schemes. For example, some of the computer voting machines are ridiculously easy to hack — it really is appalling how badly they’re programmed. But that doesn’t mean that you can’t build a secure voting machine — we’ve already proven that you can build a secure ATM, and that’s a trickier problem.
    As to the national ID card, I’d like to remind you that we already have mountains of data on citizens: driver’s license data, social security data, IRS data, passport data, and of course the nefarious FBI files. Right now we have a mess of data with different rules, all of them weak. Wouldn’t it be a lot better to organize the whole mess with a clear set of rules as to who gets to access it under what conditions? We could insure that the restrictions are programmed right into the DBMS so that nobody can access data without the right authorization.
    Yes, yes, I’ve heard the many claims that “hackers can defeat anything” — those are based on ignorance. The fact is that the DoD and the banking system have maintained secure systems for decades now. Database systems can be made very secure. We can build it to match whatever requirements we wish to place on it. What’s wrong with that?

24. There seems to be a judgment getting made that if you don’t care enough to spend a half-day waiting in line at the DMV, if you don’t care enough to fight through all the bureaucratic red tape that arises when you try to get an ID without any birth records or other documentation, then you don’t deserve to vote because you don’t want it badly enough, and thus we shouldn’t care if you get disenfranchised. Needless to say, I’m not on board with that. An old lady who lives alone and gets Meals on Wheels because she never goes out still deserves to vote, even if she’s disinclined to jump through hoops to get there.

25. If you can come up with a method of detecting fraudulant voters without identifying fraudulant voters, I’d love to hear about it.
    I’ve never been able to vote without some form of ID. The new law here in Georgia would reduce the number of acceptable forms of ID, not institute a wholly novel policy of “identifying” voters. Sure, making it harder to vote makes it harder for folks to fraudulently vote (duh!). While we’re at it, we can cut down on speeding by scattering nails on the nation’s interstates.

26. Sebastian, forgive me, but I get so tired of people on the right claiming to be in possession of unprovable truth. “Unprovable truth” is simply an oxymoron. “Unprovable truth” is responsible for most of the trouble in which the country finds itself today.
    If there is no credible evidence of fraud in an election, then there was no fraud in the election.

27. If you can come up with a method of detecting fraudulant voters without identifying fraudulant voters, I’d love to hear about it.
    Let’s say, hypothetically, that either you need ID to vote, or you need to fill out a provisional voter application. Maybe they even take your picture at the voting place to go with the application.
    That seems to be a sufficient data trail to allow any interested partisan to determine, after the fact, whether there was voting fraud. After all, if the person listed on that provisional ballot doesn’t actually live at that address, or if they’re dead or whatnot, those aren’t facts which are impossible to prove. And there’s a lot of people who have a strong incentive to show that the other side is engaging in voting fraud, so it’s not like they’ll be unmotivated to go through this exercise.

28. i know plenty of people have already made this point, but really, the focus on individual voters voting multiple times (retail fraud) is insignificant compared to problems with the machines used to tally/record the votes (wholesale fraud). why bother organizing legions of loose-lipped criminals to gain a couple hundred votes when you can get one person to undetectably tweak a couple of electronic voting machine and move thousands?
    why spend billions to prevent the minor problem while ignoring the larger problem ?

29. KCinDC, you raise two very different points:
    1. The user friendliness of voting machines. Yes, it’s appalling. Does that mean that it’s impossible to design voting machines that are easy to use? No. It means that we need to get some competent software designers to tackle the problem. Years ago a commission of computer scientists made recommendations on how to build a proper voting machine. Congress ignored them.
    2. The security of voting machines. Let’s start with the realization that there is no secure voting system, even marking X’s on paper ballots. So the question is, can a computer voting system be more reliable than a paper ballot? The answer is unquestionably yes. You can’t lose computer votes in back corners of the office, as often happens with paper ballots. You can’t incorrectly add up the vote counts with computer systems, as often happens with paper ballots. You can’t have hanging chads or butterfly ballots with computer systems (well, you could design them to replicate these absurdities, but you’d have to be an idiot to do so.).
    The fact is, we could design an open source voting machine and get enormous security and better user interface design. The fact that voting machines have been incompetently designed by cronies of the Bush Administration doesn’t mean that the technology is flawed — it means that the politics behind the technology is corrupt.

30. You can’t lose computer votes in back corners of the office, as often happens with paper ballots.
    There’s all kinds of allegations in the electronic machines debate of partisans driving off with the vote count module, and the like. There’s allegations of mysterious patches being uploaded to the voting machines the day before the election. I can’t vouch for the truth of any of this, but obviously there’s all kinds of shenanigans possible with electronic machines that would be much harder to pull off with standard voting methods.
    The examples you listed have little to do with security; they’re simply instances of human error. Yes, it’s true, with an electronic machine you’ll never accidentally drop a ballot behind the radiator. But these sorts of human error are inconsequential. What you have to worry about most is large-scale, systematic fraud, which is much easier to pull off and conceal when you’re dealing solely with 1’s and 0’s.
    I could conceive of a secure voting machine scenario – for starters, the software must be open source, it must be available for testing by partisans from both sides, and there need to be adequate security measures to ensure the software doesn’t get changed between the testing and the election. It’s at least possible in theory. But until such a scheme is devised, it’s far better to stick with the machines people are comfortable with, since widespread public confidence in the legitimacy of an election is far more important than a miniscule increase in accuracy that comes at the expense of public confidence.

31. It isn’t impossible, even for the hard cases like ‘the birth records were destroyed’.
    That seems like a good standard to me – not impossible.

32. “I lived out of my car for two months for God’s sake.”
    The difference between two months and ten years (let alone more) is very large, Sebastian.
    The difference between having a variety of the tools that are useful or necessary for success in our society, but having a setback for a year or three, and simply not possessing, for some reason, some of those tools, resulting in a lifetime of problems, is a difference of kind, not of degree.
    I realize that generic accusations of the sort I implicitly made are difficult to defend against, and somewhat unfair. That’s why I said I wasn’t replying (other than to second the point about it making me angry), and said it made me incoherent. I’m afraid I don’t have the patience to address stuff like this at present, or much of the time. Sorry.
    “You can get an ID if you want to get an ID. It isn’t impossible,”
    No, it isn’t, in most cases. It mostly, most of the time, just ranges from inconvenient and consuming of some time, and perhaps a bit of money — that someone living in a one-step-from-disaster life might not be able to spare at a given time; and thus they can’t vote that year — to, in rarer cases, more difficult or problematic (problems getting a birth certificate, combined with language problems, and money problems, or health problems, or whatever).
    These are not problems worth worrying about, in the view of many. Statistically inconsistent; you can get it if you just care enough. Etc.
    Other views differ. Bleeding hearts, you know.

33. Consider this: you have a large group of people who already have a driver’s license, and a smaller, mostly-African-American group that doesn’t have a license. You propose requiring all of the second group, and none of the first, to go through a long procedure solely for the purpose of voting.
    I got non-driver ID in New York in the ’80s. It was easy & fairly quick, and other states’ DMVs I’ve seen all look less crowded & better organized than NY’s. So I doubt the procedure is all that “long.” Voting takes time out of your day too — are you going to say that having to stand in line unfairly disenfranchises busy people, or people who can’t afford nannies? Asking for a minimum of effort is not per se unreasonable.

34. “we’ve already proven that you can build a secure ATM,”
    No, we haven’t. ATM thefts are a significant problem, much as the industry tries to limit news coverage of them.
    “Right now we have a mess of data with different rules, all of them weak. Wouldn’t it be a lot better to organize the whole mess with a clear set of rules as to who gets to access it under what conditions?”
    No.
    “Yes, yes, I’ve heard the many claims that ‘hackers can defeat anything’ — those are based on ignorance.”
    Yes, yes, people like Bruce Schneier, those on comp.risks, and innumerable security experts are so ignorant of how security works: why should we listen to their impassioned warnings? Centralized databanks are good and safe and secure. Trust them, and trust corporations and government. You’ll always be safe that way.

35. Do you mean found no rigourously proveable fraud? Once again when you design a system to make fraud almost indetectable, it isn’t shocking that you can’t detect it.
    This statement isn’t making sense to me. Aren’t you presuming your conclusions before you make your case?
    What I do know is that the Republican Party made efforts to challenge fradulent votes, and 30-40% of their challenges were of legal voters. One would think if there was a major problem of voter fraud, there would be a much lower case of false negatives. As it is, we’re getting into what hilzoy was worried about, where efforts to combat voter fraud are actually deterring legitimate voters (and 30-40% is far too high a price to pay, in my book, to combat voter fraud).

36. Steve, you’re right that current voting machines are a farce — I’ve already stated that. And you’re right that the software should be open source — I’ve already stated that. You seem to think that securing computers is some sort of black magic that is extremely difficult to do and easily circumvented by clever people. That simply isn’t true. It really isn’t that difficult to design a secure voting machine. Game programs are much more difficult programs to write, and they’re done with budgets of a few million dollars. This is no big deal.

37. Erasmussimo, user-friendliness of voting machines is also important, but I don’t think I said anything about it. I’m talking about transparency. Regardless of how easy to use an all-electronic system is, it boils down to the user pressing something on a computer and then trusting that somewhere inside it the vote has been correctly recorded and will eventually be correctly counted. Any voter can understand the process by which paper ballots are handled and counted, and people from various parties can observe every stage of the process. That’s never going to be true of a process that takes place entirely inside computers. And I say that as a computer programmer, not some sort of luddite.
    Also, I don’t think people design voting machines to replicate the absurdities you mention, but they happen nevertheless. Votes have been lost, totals have been added up incorrectly, and I think the problems with the electronic ballot in Florida’s 13th district last year were pretty similar to the butterfly ballot problems in 2000.

38. Voting takes time out of your day too — are you going to say that having to stand in line unfairly disenfranchises busy people, or people who can’t afford nannies?
    Well, actually, when well-off precincts have enough voting machines that you’re in and out in 5 minutes, and inner-city precincts have so few machines that you have to wait in line for hours, yeah, I do think there’s a big problem! So your question isn’t as absurd as you imagine it to be.
    There is a certain degree of effort that can be demanded, sure, and I think it hinges on your definition of what is reasonable. For the most part, we’re talking about people who would encounter a great amount of difficulty in getting ID because they don’t have the necessary supporting documents. There’s a substantial number of people in this category and I don’t think we should act like it’s just a matter of standing in line for an hour no matter who you are.

39. Gary, your sarcasm isn’t contributing to the discussion. And please don’t assume that I am ignorant of technological issues — I don’t want to embarrass you. As to your specific points:
    1. That ATM theft is a real problem. Yes, I already wrote that ATM security is a more difficult problem than voting machine security. There are two reasons for this: handling cash is always a tricky mechanical problem, and, more important, ATMs are open to the public 24 hours a day and can be attacked mechanically. It would be rather difficult to take a sledge hammer to a voting machine in a polling place and get away with it.
    2. You prefer the current system, in which huge amounts of data on citizens are maintained by weak security, poor rules of access, and no safeguards against error? You have strange values.
    3. You cite computer experts, but have these experts declared that every computer system can be hacked? No, they haven’t. What they have done is point out the weaknesses in many systems — and they do this BECAUSE THEY KNOW IT CAN BE FIXED. Yes, there are a few guys out there who are pessimistic about security issues, but most security guys are pretty sure that a properly designed system can be made secure. And if we’re talking about the national database that would go with a national ID, then that system would be physically secure — inside big buildings with armed guards and using closed communications systems. That’s not the kind of system that the security guys worry about.

40. It really isn’t that difficult to design a secure voting machine.
    But you need to design a machine that is not only safe from outside hackers, but is safe from tampering by insiders as well. The challenge is not so much the security itself as providing transparency – as the poster above stated – such that voters can personally be confident in the security. Diebold, after all, stands ready to assure the world that their machines are very, very secure.

41. KCinDC, you assert that voters will never trust computers to count their votes correctly. Right now, millions of people carry out financial transactions on the Internet, a place far less secure than a voting machine — don’t you think they trust the system? How about all the people who use ATMs? If they’re afraid that the ATM will deduct too much money from their account, why do they use it?
    People are using computers all the time for all sorts of activities. This isn’t the 1960s when computers were Star Trek monsters bent upon destruction, easily foiled by Captain Kirk posing a logical dilemma to them. People use computers all the time, and they’re getting used to them. It’s funny how the computer has penetrated all of our activities: at work, at the supermarket, playing games or surfing the web or writing up homework at home, at the bank, paying the utility bill — voting is one of the few places where we have not applied the superior speed, convenience, and reliability of computers. I don’t understand why otherwise intelligent people draw a line here when they accept computers everywhere else in their lives.
    Steve, you’re right that election workers can’t be trusted either. That’s why you can use either encrypted transmission of the results to the main computer, or encrypted data on a data module that contains encrypted verification data. This is just not that difficult to do. You could use thumb drives, for Christ’ sake, and have a perfectly secure system.
    I have to go away for a few hours. I’ll check back in later.

42. “Sebastian, forgive me, but I get so tired of people on the right claiming to be in possession of unprovable truth. “Unprovable truth” is simply an oxymoron. “Unprovable truth” is responsible for most of the trouble in which the country finds itself today.”
    It isn’t unproveable at all. The proof has been systematically suppressed and collection of the evidence has been made purposefully difficult. That is what makes it so maddening.

43. Erasmussimo, if someone steals money out of my bank account I’ll know it, because I can keep track of how much I deposit and how much I withdraw. If someone steals my vote, I’ll never know. Voting is completely different from banking.

44. Somehow I missed this exchange above:
    dmbeaster: And Gromit makes a good point about the more troubling aspect of disenfranchising real voters as opposed to a few improper votes leaking in.
    Sebastian Holsclaw: This is not a good point. If you believe that why worry about voting fraud ever? Why worry about the kind of fraud that hilzoy actually does worry about?
    If I believe what, exactly? Because what I said is that a lot more value should be placed on protecting one legitimate voter’s rights from being stripped away than on barring one illegitimate voter from getting to vote. This is nothing like saying no value should be placed on the latter. And I was pretty careful to point this out, too.

45. If you can come up with a method of detecting fraudulant voters without identifying fraudulant voters, I’d love to hear about it.
    Why can’t we identify fraudulant voters? AFAIK, whether someone voted in an election is public knowledge, whereas who that person voted for is not – how hard is it to find out whether those who voted properly did so?

46. The proof has been systematically suppressed and collection of the evidence has been made purposefully difficult.
    friggin Illuminati !

47. Well, actually, when well-off precincts have enough voting machines that you’re in and out in 5 minutes, and inner-city precincts have so few machines that you have to wait in line for hours, yeah, I do think there’s a big problem!
    Oh, I’m well aware of that problem, and I agree that it is a problem. The difference I see between that and the ID issue is:
    With respect to ID, as I understand it we’re talking about people who don’t already have driver’s licenses because (I hope) they don’t have cars, in most cases because they can’t afford cars. Those people can get state ID by, basically, making the standard trade that poor people have to make for a lot of things: extra time & trouble because they don’t have the money to do things the standard way. That tradeoff sucks, but it’s not IMO unfair, any more than it’s unfair that they have to take the bus to shop instead of driving because they don’t have that same car.
    In contrast, the longer lines in poor neighborhoods are a gratuitous and quite likely racist swipe at the poor. They have fewer voting machines per capita, not as a direct consequence of lacking some resource like a car, but because they lack political power due to their poverty — and lack of political power should not determine who gets to vote. The problem here is akin to gerrymandering.
    For the most part, we’re talking about people who would encounter a great amount of difficulty in getting ID because they don’t have the necessary supporting documents. There’s a substantial number of people in this category and I don’t think we should act like it’s just a matter of standing in line for an hour no matter who you are.
    Fair enough, I see your point, but do you see that you’re ruling out any sort of proof of identity? They can’t get ID, they don’t have supporting documents, ok, why SHOULD I believe that they have a right to vote in this election? If they can’t prove that they live in the voting area and are citizens they shouldn’t even be on the voter rolls in the first place.
    Hilzoy’s point, that this problem can’t get very big, is well taken. But it bothers me a bit to just give up on checking identity because it might be difficult for people who are somehow getting through life entirely paperless to get ID. I have to wonder how many of those people even care about voting – if I had no ID and no way to get any, voting would not be my biggest worry.

48. Let’s start with the realization that there is no secure voting system, even marking X’s on paper ballots. So the question is, can a computer voting system be more reliable than a paper ballot? The answer is unquestionably yes.
    Actually, no.
    The most reliable form of tamper-proof election is one with paper ballots, which the voter fills in by hand, which the voter then places in a sealed ballot box that will not be opened until after the polls close and then in the presence of witnesses from all parties participating in the election who can confirm that the seal was unbroken, and then counted by hand, with mandated recounts for close results, and representatives from each party scrutinizing disputed ballots. You also need an independent electoral body that is not staffed or run by people who are members of any party.
    It’s timeconsuming. It requires training. It need dedicated people who are committed to free and honest elections.
    Is the US so lacking in time, money, and dedication that it can’t have the best elections and must settle for voting machines and automated counts?

49. trilobite: but do you see that you’re ruling out any sort of proof of identity? They can’t get ID, they don’t have supporting documents, ok, why SHOULD I believe that they have a right to vote in this election?
    Because the old lady has been a US citizen since before you were born and has voted in every election since before you were born, and can now only manage to leave her house with great difficulty, certainly not to stand in line and prove she is indeed the same voter she has been since before you were born?
    See, I can see requiring voter ID to vote if the people who require it are making an effort (and paying out the necessary money) to make sure that everyone entitled to vote has the necessary ID.

50. As for Democratic concerns about electronic voting machines, there is some nuttiness on the question (exit polling allegedly proves the manipulation of voting machines…….).
    Not so nutty.

    Computer programmer Clinton Eugene Curtis testifies under oath before the U.S. House Judiciary Members in Ohio (back in 2004)
    [cut]
    A partial transcript:
    Are there computer programs that can be used to secretly fix elections?
    Yes.
    How do you know that to be the case?
    Because in October of 2000, I wrote a prototype for Congressman Tom Feeney [R-FL]…
    It would rig an election?
    It would flip the vote, 51-49. Whoever you wanted it to go to and whichever race you wanted to win.

    I live in a simple country. Everybody with Dutch nationality who is above 18 can vote. They all get a card via snailmail and their names are on a list, but we are more administrated that the US is. How about voting rights for all, a list of names and — purple ink on the vinger for those who have voted?

51. trilobyte: I have to wonder how many of those people even care about voting – if I had no ID and no way to get any, voting would not be my biggest worry.
    At the bottom of this whole crusade against mythical voter fraud is the principle that if you just add enough friction then the folks at the margins — those who feel their votes don’t count for much, those who are distrustful of the government for historical reasons — will simply drop out of the democratic process.

52. Oops, sorry, make that “trilobite”. Not sure where that spelling came from.

53. In the UK, a system has been started so that homeless people can register to vote. I’m unsure how widespread it is, or how successful it’s been, but I’m all for it in principle: your legal right to vote does not depend on having enough money to pay the rent, so why should your ability to vote be dependent on having a fixed address where you reside?

54. “The proof has been systematically suppressed and collection of the evidence has been made purposefully difficult.
    friggin Illuminati”
    I’m not appealing to anyone mysterious. It is in fact Democrats who want to make it almost impossible to verify that someone has a right to vote.
    “Because the old lady has been a US citizen since before you were born and has voted in every election since before you were born, and can now only manage to leave her house with great difficulty, certainly not to stand in line and prove she is indeed the same voter she has been since before you were born?
    See, I can see requiring voter ID to vote if the people who require it are making an effort (and paying out the necessary money) to make sure that everyone entitled to vote has the necessary ID.”
    How do we know the voter is actually her?
    As for the second paragraph, well of course!?!? But I’m not arguing against that. If you want to make sure there is no charge, and want to try to make it fairly easy, I’m all for that. I was under the impression that I was arguing against people who didn’t even want that. Am I wrong? Gary? Cleek? Gromit? KCinDC?

55. Sebastian, there was no fraud in the Washington election. You state that there was no “rigouously provable ” fraud–exactly. Then you go on to say (paraphrasing here) that there must have been real slick operators out there who were succesful in perpetrating fraud and the proof of this is that it is unprovable.
    Honestly, think this one over. There is no evidence of fraud, only claims by the head of the Washingon Republcian party which were disproved by a Republican judge, a Republican Secreeatry of State annd a Republicann prosecutor. In fact the prosecutor said thhat hhe wouuld not drag innocenntpeople in from t of grannd juries. (Ulike thhe Wisconsin prosecutor!)
    It isn’t ok to believe things just because you want to.
    The big fault with the current Republican party is that it is infested from top to bottom withh dishonest, ruthless Norquist style people who will do anything, say anything to win. They are supported by people who will belive anything to maintain their loyalty. We are fortunate in Washington state to have some Republicans in key positions who are not ethically impaired, notably our Secretary of State and the prosecutor.
    So why are you buying the party line of thhe sleezeballs who have highhjacked the Republican party instead of accepting the analysis of some of the few remainning honorable people in the party?

56. “That tradeoff sucks, but it’s not IMO unfair, any more than it’s unfair that they have to take the bus to shop instead of driving because they don’t have that same car.”
    The distinction here is that I’m unaware of a Constitutional right to take the bus to shop.
    I am extremely aware of the Constitutional right to vote.
    In fact, the 14th Amendment includes this requirement (subsequently modified to also apply to female citizens, and those 18 and older, not just 21 and older):

    But when the right to vote at any election for the choice of electors for President and Vice-President of the United States, Representatives in Congress, the Executive and Judicial officers of a State, or the members of the Legislature thereof, is denied to any of the male inhabitants of such State, being twenty-one years of age, and citizens of the United States, or in any way abridged, except for participation in rebellion, or other crime, the basis of representation therein shall be reduced in the proportion which the number of such male citizens shall bear to the whole number of male citizens twenty-one years of age in such State.

    Nothing in the Constitution about buses, though. No more than there’s anything about the need to prevent voter fraud outweighing the right of citizens to vote.
    Similarly, the 24th Amendment says:

    Amendment 24 – Poll Tax Barred. Ratified 1/23/1964. History
    1. The right of citizens of the United States to vote in any primary or other election for President or Vice President, for electors for President or Vice President, or for Senator or Representative in Congress, shall not be denied or abridged by the United States or any State by reason of failure to pay any poll tax or other tax.
    2. The Congress shall have power to enforce this article by appropriate legislation.

    We’ve got a body of election rights laws, of course, but the sum of it is voting is a right.
    Not a convenience, and not a privilege. A right.
    So the “That tradeoff sucks, but it’s not IMO unfair” standard doesn’t apply.
    “They can’t get ID, they don’t have supporting documents, ok, why SHOULD I believe that they have a right to vote in this election?”
    Why should you believe anyone has any of the rights guaranteed in the Constitution?
    The default is that we assume people are entitled to their rights, unless they can be proven legally not to be.
    So the standard is that people have the right to vote unless you can prove they’re not entitled.
    Not vice versa. In this country, we don’t have to prove that we’re entitled to our rights.
    At least, that’s the theory.
    And that’s the point.

57. How do we know the voter is actually her?
    What proof are you willing to accept?

58. It isn’t unproveable at all. The proof has been systematically suppressed and collection of the evidence has been made purposefully difficult.
    Well, Sebastian, if it’s not unprovable, let’s see the proof. And if it’s provavle that the evidence has been wilfully destroyed, let’s see the proof of that.
    Recall that we’re talking about a specific election for the goverorship of Washington, where the US Attorney conducted an investigation, found no basis for indicting anyone, and was dismissed by the adminstration for his pains. If you can prove actual suppression of evidence of voter fraud in this instance, well, that’s big news.

59. Well, dutchmarbel, you still have voting machines that can be reprogrammed to play chess and a voting-machine manufacturer that’s blackmailing the government (holding elections hostage to get a better deal) and pressuring it not to investigate its machines properly.

60. It is in fact Democrats who want to make it almost impossible to verify that someone has a right to vote.
    amazingly, they ask me to verify my name and addr, and verify that i’m list on the list of voters for that voting place when i vote – in NC, a state that has had a Dem governor for 88 of the last 100 years.

61. Sebastian,
    And looking at the reports about the reports, I have two serious methodological objections. First, many states have made polling place voter fraud almost impossible to detect. If you don’t require any ID and allow same day registration with mere vouching, it isn’t going to be easy to detect fraud, even if it is widespread. See for example the Washington State governor’s election. Finding new unsecured ballots on nine separate occassions over a few weeks leading to a 129 vote margin in millions of votes doesn’t inspire confidence.
    Washington state has never to my knowledge had same day registration. This entire paragraph is a non sequitur. The real problems you note with ballots found were entirely back office problems and not voter registration problems.
    There were problems with some voters registrations, but they were not proven to have altered the outcome of the election. Not because they weren’t detectable, but because not enough were proven favoring Democrats and at least some of the proven errors broke in favor of the Republicans.

62. most security guys are pretty sure that a properly designed system can be made secure
    I simply don’t believe this. Link, please?

63. “Not a convenience, and not a privilege. A right.”
    Is that a right of citizens, or citizens and non-citizens alike? If the not the latter, how do you distinguish between citizens and non-citizens without identification?
    Is voting more than once in an election a right? If not, how do you stop that without identifying the voter?

64. Applying counting statistics to voting, on a million votes you expect an error in the thousands, forget a difference of 129 being significant.

65. I can see requiring voter ID to vote if the people who require it are making an effort (and paying out the necessary money) to make sure that everyone entitled to vote has the necessary ID.
    What documentation do I have to show in order to get an ID?
    What if I don’t have that documentation?
    Does everyone get one for free?
    If not what are the standards for getting one for free?
    How do I prove I meet those standards?
    Where do I have to go to get my ID?
    If so, what if I can’t?
    Do I have to prove that I can’t?
    How do I prove that?
    Will you deliver the ID to where I live?
    Will you collect from me the documentation I need to prove I qualify for an ID and/or a free ID?
    Will you come in the evenings and/or on weekends?
    Do I have to make an appointment?
    If so, how do I do that?
    What if I miss the appointment, will you come back?
    What if I miss that one?
    etc. etc. etc.

66. Erasmussimo:
    Every few days I look at my bank statement, I can track every debit and credit. I know how much i’ve taken out at ATMs. If there is a mistake I can challenge my bank. While its not certain that the mistake will be rectified I know it has happened.
    If I vote on electronic machine the only way I have of knowing of a mistake is if a candidate I voted for receives 0 votes from my polling place. I can’t easily find out if my machine was off, so my whole polling place needs to record 0 votes. Even then its just my word, and there is no historical record.
    Comparing voting to ATMs is non-sensical.

67. Sebastian Holsclaw: Is voting more than once in an election a right? If not, how do you stop that without identifying the voter?
    Again, no one is proposing that we stop identifying voters.

68. Gromit, I’m not sure what you mean about stopping identifying voters. In lots of places (most?), there is no identification of voters to stop (unless I misunderstand what you mean by “identify”). I see above that you say “I’ve never been able to vote without some form of ID”, but I don’t believe your experience is typical. I can’t remember being asked for ID when voting in DC, Virginia, or Connecticut.
    Maybe you’re arguing against the specific law in Georgia, but Sebastian seems to be making a broader argument, and if you have no problem with requiring ID to vote then you might be closer to his position than you think.

69. “Not a convenience, and not a privilege. A right.”
    Is that a right of citizens, or citizens and non-citizens alike?

    It’s kinda silly to take this as a serious question.

    If the not the latter, how do you distinguish between citizens and non-citizens without identification?

    I’m not going to define the boundaries of what the Best Possible System is; it’s not my field of expertise, and it’s not my job to put forth positive proposals.
    The point is that whatever the system for voter identification is, it should be the most minimally intrusive and troublesome system that’s practical.
    I’m 100% for election monitors and monitoring during an election, so long as they don’t interfere with, or discourage, legal voting.
    After the election, I’m 100% for investigation of any claims of voter fraud. I’m also completely fine with any and all parties, political or private, looking into, and investigating, for any evidence of voter fraud, so long as they stay within legal boundaries, and don’t cross over into illegal harassment of voters.
    If any credible evidence of vote fraud is found, it should certainly be brought to the attention of the proper, non-partisan, authorities, and investigated.
    “Is voting more than once in an election a right?”
    Another rhetorical question.
    “If not, how do you stop that without identifying the voter?”
    No one has ever claimed we should have anonymous voting, Sebastian. But we shouldn’t be presuming that prospective voters are guilty, and we shouldn’t remotely reverse that so that people have to prove their innocence of voter fraud before we allow them to vote. Allowing them to vote, and then investigating any suspicious cases should deal with most cases of real voter fraud.
    If there’s specific evidence of widespread fraud not being caught that way, why, then, I’m certainly open to dealing with any problems we become aware of.
    But, you know, why don’t we first find something like that?
    Otherwise I really think we should spend a few billion on Martian-defense: who knows, it could turn out to be a big problem — why not be safe?
    It’s somewhat difficult to take Erasmussimo’s claims that people who disagree with him are “ignorant” and that “most security guys are pretty sure that a properly designed [computer voting] system can be made secure,” when a) he brings up none of the actual problems that have been discussed in the past ten years by “most security guys,” and, in fact, “most security guys” have been warning of those problems for over a decade.
    There’s simply been such a huge body of work and wordage produced at comp.risks/Risk Digest, alone, in the past decade, that one would barely know where to begin to introduce someone unaware of the general consensus in the security field about electronic voting.
    That’s not even getting into the centralized all-data government database on all citizens genius idea, or the electronic ID problems, but let’s set those aside for now.
    But, hey, let’s start with this from Bruce in 2004, and the first part of this Crytogram from 2000.
    Then one can move on to here. When Erasmussimo is done, I suggest moving on to here.
    After that, we can all start on the same page.

70. OK, I have four challenges to respond to. First, KCinDC observes that a security failure in an ATM can be discovered, whereas a security failure in a voting machine is undetectable. (Crack makes the same observation later.) This is not true. A properly secured system includes audit trails that permit detection of alteration. Audit trails have been around for a long time and businesses trust trillions of dollars with them all the time.
    Jesurgislac asserts that a paper balloting system is more secure than a computer system. The trick here is that Jesurgislac assumes a perfectly executed paper ballot system. It is true that a perfectly executed paper balloting system is perfectly secure — and the same thing applies to computer systems. The problem here is how resistant the system is to attack. How easily could bad people manipulate the system? It has long been demonstrated that paper ballot systems are vulnerable to attack via a great many routes. So if we’re comparing real-world systems — a computer system built with ‘reasonable’ levels of security and a paper system built with similar levels of security, the computer system wins hands down. You want proof of that? Look at every other high-security system that once was executed with paper. How many are still using paper?
    Amos Newcombe asks for a link supporting my claim that most security guys are pretty sure that a properly designed system can be made secure. I’m sorry, Amos, but there has never been a Gallup poll of computer security experts, much less a standard definition of what credentials one needs to have one’s opinion count in any such poll. I therefore cannot satisfy your request. If you want to read up on this stuff, there’s plenty of material to explore. A good starting point would be the Wikipedia article on computer security, which provides plenty of links and references.
    However, I will again remind you and the other skeptics here that computer security is not a new problem, that it has been addressed for decades, and that there thousands (if not millions) of operations all over the globe operating under various levels of computer security, some of which are about as secure as anything created by the hand of humans. It is remarkable that, despite all the human activities and the many huge technological strides of the last few decades, voting continues to use technologies that are hundreds of years old. (I’d say thousands, but the Greeks used pebbles, not ballots).

71. “I can’t remember being asked for ID when voting in DC, Virginia, or Connecticut.”
    I’m not clear if you’re saying they have same-day registration, which is done without ID of any sort, but simply taking down where someone claims to live, or with no recording of name, let alone address, at all, or whether you can vote in these places with no registration at all, because it doesn’t exist, or what.
    Last I looked, everywhere in the U.S. had voter registration rolls, but I’m ignorant of registration-free voting (not counting provisional ballots, of course, which are, as constituted, yet to be reported as a source of significant voter fraud, so far as I’ve noticed) in some places. Anyone want to point to some states that have that?

72. “It is remarkable that, despite all the human activities and the many huge technological strides of the last few decades, voting continues to use technologies that are hundreds of years old.”
    I’m one of the most technophiliac, pro-technology, people there is, but it’s ludicrous to assume that just because a technology is new, it’s better. (But a brand new, 1.0, computer program is always better than one you’ve used for years! It’s newer!)
    I like to walk around my neighborhood, when my health doesn’t interfere. I really don’t need new technology, say, a Segway Human Transporter, to do it better. It’s really not at all remarkable that walking works well. And yet walking is at least some hundreds of years old! Crazy!
    The securest method of computer security is to not use a computer.
    If you can prove otherwise, this would be interesting.

73. Gary, maybe I’m misinterpreting Gromit’s reference to “some form of ID”. I would not describe being asked for my name and maybe my address as a “form of ID”. The process I’m familiar with, which I think is pretty widespread in the US, is walking up to a table where they have a list of registered voters, giving my name and perhaps my address to the poll worker, and signing next to my entry in the list so that I can be given a ballot.

74. The securest method of computer security is to not use a computer.
    so, the securest method of paper ballot security is… not to use paper ballots ?
    Erasmussimo at 4:50 is right; a paper ballot system is far more open to attack than a computer voting system. you don’t need a screwdriver, a flash card reader, a computer, a copy of Windows, a copy of Access, and the technical know-how to shred a stack of paper ballots, you only need the desire and the opportunity. assuming trustworthy software, given similar levels of human security infrastructure, a computer beats paper.
    i can’t think of a scenario where a computer voting system can be hacked but paper ballots are immune. if you can break into the computer, you have to be out of sight of anyone who cares. at that point, the paper ballots are 100% vulnerable. if you can throw away the flash card with the vote tallies, you can shred the paper ballots. if you can break into the computer beforehand, tamper with the software, you can tamper with the paper ballot counting mechanism.
    the only issue i can see is in the computer software that runs the machines and tallies the votes from multiple machines. that should be solvable.

75. Gary, you are attacking a trivial point. I am not insisting that we use computers simply because computers are sexy technology. I am insisting that computers are a proven technology that is demonstrably superior to the paper ballot, yet we cling to the ancient technology in the voting field even though we have made the jump to computers in almost every other field.

76. Jesurgislac asserts that a paper balloting system is more secure than a computer system. The trick here is that Jesurgislac assumes a perfectly executed paper ballot system.
    Oh, I wouldn’t say that. Just a paper ballot system as well-executed as a mature democracy can manage it.
    It has long been demonstrated that paper ballot systems are vulnerable to attack via a great many routes
    True: but although computer systems haven’t been around as long, it’s been overwhelmingly demonstrated that they’re far more vulnerable to attack than any paper ballot system.

77. i can’t think of a scenario where a computer voting system can be hacked but paper ballots are immune. if you can break into the computer, you have to be out of sight of anyone who cares. at that point, the paper ballots are 100% vulnerable. if you can throw away the flash card with the vote tallies, you can shred the paper ballots. if you can break into the computer beforehand, tamper with the software, you can tamper with the paper ballot counting mechanism.
    The difference is that computerized results can be altered more quickly and less visibly. If the computer is on a network, you don’t necessarily have to be in the same place as the computer to attack it. Paper ballots are bulky and heavy — how are you going to dispose of the shreds once you’ve shredded them? The amount of effort required to hide or change paper ballots is directly proportional to the number of votes affected, because they’re physical objects. Not so for votes that only exist in digital form.

78. Erasmussimo, what long-established audit trails are you talking about in which the original inputs are kept secret from the people who perform the audits? How do you propose that average voters who want to understand how their ballots are counted can observe such a system?
    One of the many problems with all-electronic voting is that it reduces greatly the pool of people who are competent to observe elections, by putting that function completely into the hands of people with extremely specialized knowledge. Most people are capable of understanding the process of counting paper ballots. Very, very few understand computer cryptography and the sorts of things you have to do to make sure that results match up while keeping votes secret.
    It also reduces the pool of people who are able to keep voting going when some unexpected problem occurs, as we saw in the disaster in last year’s primary in Montgomery County, Maryland, where polls were turning away voters for hours because of missing memory cards. And computers are great at allowing small glitches to cause large disruptions. When a computer-based system works, it can be very efficient, but when it doesn’t everything grinds to a halt. That’s not a good characteristic for a voting system, which deprives people of a basic right if it’s not functioning during a window of a few hours once every couple of years.

79. “I would not describe being asked for my name and maybe my address as a ‘form of ID'”
    “ID” means “identification.”
    I very much would describe being required to identify my name, and maybe my address, as requiring someone to identify themselves by name, and maybe address.
    What you’re referring to is being required to provide something commonly taken as proof of identification; that’s entirely a different concept than being required to identify yourself.
    And the first step in verifying whether you are entitled to vote is to see whether the person you are identifying yourself as is on the voter registration rolls.
    Obviously, if two people show up to vote, claiming to be the same people, there’s a problem that must be investigated.
    Also obviously, just claiming to be someone doesn’t prove you’re them, but, then, “proof” as it is commonly used in such situations isn’t really “proof,” but simply a way of heightening the odds that the claim is correct. Hell, DNA analysis can be wrong, and isn’t infallible “proof” of identity. There is no infallible “proof”; there’s only increasing or decreasing the odds that the claim is true.
    My point is that unless there’s a reason to suspect that there’s significant fraud going on that simply requiring identifying one’s self as the person on the voter rolls is insufficient to catch, then there’s no reason to suspect that such fraud is going on.
    Which is why we’ve gotten along reasonably well for the centuries we’ve been voting with this system, and not requiring retina tests, or fingerprinting, or paying a poll tax, or whatever.
    Just like walking works quite well to get around a few blocks, if your health, or something else, doesn’t interfere.
    If it ain’t broke, it don’t need fixin’.

80. KCinDC,
    Since when is a signature not considered a form of ID? It has been good enough for checks, charge slips and voting for quite a while. As long as there is a registration to verify the signature against, why shouldn’t your signature be good enough?

81. Let’s take a poll: anyone here ever shown up to vote and been told that someone else had already shown up and claimed they were them? And anyone ever shown up to vote and been told that they weren’t registered?

82. Sebastian:
    “And Gromit makes a good point about the more troubling aspect of disenfranchising real voters as opposed to a few improper votes leaking in. (and as if only Democrats would abuse the system to vote improperly — why aren’t each just as likely to make use of the same improper voting techniques? Why this Republican assumption that only Democrats allegedly do this? More myth making at work).”
    This is not a good point. If you believe that why worry about voting fraud ever? Why worry about the kind of fraud that hilzoy actually does worry about?
    Being hyperbolic in response misses the point.
    As hilzoy discussed, the goals of making it easy to vote and thereby increase participation vs. eliminating fraudulent voting are sometimes in conflict. You have to make a balance when fashioning rules and procedures, as they frequently are at cross purposes.
    In making that balance, which is more of a problem. Disenfranchising people who want to vote vs. keeping out fraudulent voters? Gromit’s point is that disenfranchising voters is, at least on a one for one basis, more of a problem than keeping the fraudulent away. And I think that is right — we have a much bigger problem with lack of citizen participation in voting than fraudulent voting. Fashioning rules that turn away people who want to vote is having a much uglier consequence than the small number of retail frauds that are allegedly happening (I think its largely a nonexistent phenomena — there is no evidence that it is a problem anywhere).
    Bottom line is that in recent years, there is little problem of the type of voting fraud that cleek accurately calls “retail fraud.” To do that requires control of large municipal “machines” in which you can practice your fraud openly with large groups of people without fear of prosecution. That situation simply does not exist anymore. Karl Rove can mumble darkly about jurisdictions in New Mexico or elsewhere that look like they are run by military junta types, but its just not a real phenomena anywhere.
    Part of the problem is the bogus arguments made by Republicans to suggest fraud. “There are more people registered to vote than in the County” — a common phenomena if the system does not purge voters every so often who are inactive. People move away or die whereas new voters keep registering. Surprise! There are soon more registered than residing in the County. “Dead people are on the voting rolls!” — a common phenomena everywhere since there is no method for purging the dead from the rolls (I doubt that any jurisdiction does this).
    In California, I know they will drop you from the rolls if you go so long without voting (can’t remember how long). This slowly cleans the rolls of defunct registrations, but there is no regular process to do so. And yet these simple facts repeatedly show up in Republican talking points of proof of fraud. It’s complete crap.
    And again, if this was such effective fraud, why aren’t Republicans doing it in Red States? Do they allegedly have some higher ethical standard about such matters? Please.

83. “In California, I know they will drop you from the rolls if you go so long without voting (can’t remember how long). This slowly cleans the rolls of defunct registrations, but there is no regular process to do so.”
    Now, if someone wants to propose a law that says that voters be automatically dropped from the rolls if they’ve not voted once in the past twenty years, or fifteen, or even ten, speaking only for myself, I’m fine with that.

84. And anyone ever shown up to vote and been told that they weren’t registered?
    I’ve heard of this happening in the UK, sometimes, when friends/acquaintances moved before an election and discovered they weren’t registered too late to get a postal vote. (I moved three weeks before an election once, but I didn’t want to break my record: I got a postal vote.)
    Let’s take a poll: anyone here ever shown up to vote and been told that someone else had already shown up and claimed they were them?
    Never in my own personal experience (unlike the former, where friends of mine have told me about not being registered) but I have read news reports of it happening in the UK – most recently, in an election where in some constituencies as an experiment the rules for getting a postal vote (absentee ballot) were relaxed to see if this would encourage more people to vote. If the news stories were accurate, it wasn’t a successful experiment, but I have no hard data or even anecdote one way or another.
    I was registered to vote at my parents’ address when I was 17: one or other of my parents would have filled in my name on the form when it came round, as a prospective voter who would be entitled to vote at the next election. There are penalties for providing false information, but no one has ever challenged my right to vote, though I’ve been registered at goodnessknowshowmany addresses since then.

85. Erasmussimo,
    Please, I beg of you: stop. Stop now.
    I cannot speak for all security experts, but I do computer security work for a living. I have computer science degrees from MIT. I’ve taken classes in computer security and cryptography. So I’m something of an expert. I certainly know a lot more than someone who’s sole expertise comes from reading a frakking wikipedia article.
    Given my expertise, I can say that your statements imply a level of ignorance that is beyond breathtaking. I simply cannot remember when I have seen so many lies and distortions packaged so tightly as I have seen in your writing today.
    Please, I beg of you, stop polluting the discourse with your misinformation.
    Gary, despite not being an engineer, has done an excellent job explaining the consensus in the technical community. Everyone would be well advised to read the materials he suggests.

86. erasmussino:
    It has long been demonstrated that paper ballot systems are vulnerable to attack via a great many routes. So if we’re comparing real-world systems — a computer system built with ‘reasonable’ levels of security and a paper system built with similar levels of security, the computer system wins hands down.
    This has never been shown to be true for computer voting technology. The paper system always wins hands down. There is a reason why the gold standard for recounts is the hand recount.
    The types of bad behavior to which paper systems are prone are equally likely in any computer system. The greatest risk to voting is the inside job — not outsiders. There is nothing unique about a computer system that makes it more secure from insider fraud. If the guys securing it a fraudulent, then its going down whether its paper or computers.
    Current computer voting technology is way less secure while costing a lot more to implement. This has to do with the shoddy level of security required and the odious trade secret practices for the software that runs the things. I imagine that a computer system can be designed that is on par with the security provided by hand and paper ballots monitored by thousands of volunteers as has been historical practice, but it has not been implemented yet anywhere. Nor will it since it is a lot more expensive than the old fashioned way.
    What has made the system work so well is the availability of thousands of citizen volunteers — why eliminate that for a less secure computer system?

87. “I’m 100% for election monitors and monitoring during an election, so long as they don’t interfere with, or discourage, legal voting.
    After the election, I’m 100% for investigation of any claims of voter fraud. I’m also completely fine with any and all parties, political or private, looking into, and investigating, for any evidence of voter fraud, so long as they stay within legal boundaries, and don’t cross over into illegal harassment of voters.
    If any credible evidence of vote fraud is found, it should certainly be brought to the attention of the proper, non-partisan, authorities, and investigated.”
    But what is the ‘credible evidence’ now that you have removed identification?

88. Gary and Jay, Gromit’s original statement was

    I’ve never been able to vote without some form of ID. The new law here in Georgia would reduce the number of acceptable forms of ID, not institute a wholly novel policy of “identifying” voters.

    To me, such language (“some form of ID”, “acceptable forms of ID”) is not something I’d use to refer to the process of being asked my name. But as I said, I may have misinterpreted Gromit.

89. Sebastian, what is the credible evidence if voters do have to show ID? It seems to me the evidence is pretty similar in either case. You know which registered voters (supposedly) voted. Are there people on that list who claim not to have voted or are dead or otherwise ineligible? Did people show up at the polls and find that someone had already voted in their names? What is the evidence that you keep saying the Democrats are destroying?

90. Wierd. I can’t recall that electronic balloting was much of a Republican crusade. Possibly it’s that not-paying-attention thing again, but I never thought it was a good idea.

91. In other words, if the bank says I need two forms of ID to open an account, I don’t assume that one of them is stating my name and address. YMMV.

92. But what is the ‘credible evidence’ now that you have removed identification?
    Grrr. Stop this. NOBODY said anything about removing identification. This is more about alloocating effort.

93. It’s a bit odd:
    Over in the ESCR thread, Sebastian states that we can’t possibly know how many women capricially abort their babies in the last trimester, because that information is “ruthlessly suppressed.”
    In this thread, Sebastian states that we can’t possibly know how much Democratic vote fraud there is because that information is “ruthlessly suppressed.”
    Are there anuy other issues, Seb, that we liberals/feminists/women have “ruthlessly suppressed” the truth about?

94. KCinDC,
    I wasn’t referring to Gromit, merely to your assertion that asking for your name address and signature was not a form of ID.

95. But what is the ‘credible evidence’ now that you have removed identification?
    Well, for example, maybe when I show up to vote with no ID, I have to fill out a provisional ballot application with my name and address. In the Kingdom of Steve where I make all the rules, they’d take your picture and include it with the application.
    And after the election, partisans would be free to review the provisional ballot applications and look for evidence of fraud. If “123 Parkside Lane” doesn’t exist, then we have fraud. If it does exist, but there’s no “Sebastian Holdsclaw” at that address, we have fraud. If “Sebastian Holdsclaw” has been dead for years, we have fraud.
    This surely wouldn’t be 100% foolproof, but if there’s really widespread fraud going on, surely it would be found out. And in a close election like in Washington State, the parties would be strongly incentivized to hunt down this fraud by any means necessary. My sense is that it’s not as impossible as you make it out to be, and all of this can happen without an absolute ID requirement.

96. Jesurgislac argues that a paper ballot system need only be “as well-executed as a mature democracy can manage it.” in order to provide security superior to a computer system’s. I will point to the 1960 Presidential election as a good example of what can happen with paper ballots in a mature democracy. Yes, problems can always arise with any system, paper or computer. But I suggest that, with the computer system, at least we can narrow down the number of attack vulnerabilities to a small set that is very difficult or expensive to pull off. Such is not the case with paper ballots; throwing ballot boxes into the river is an old trick.
    Jesurglisac next asserts that “it’s been overwhelmingly demonstrated that they’re far more vulnerable to attack than any paper ballot system.” I believe you misunderstand the nature of the problems with computer systems. It has been demonstrated that they are too difficult for election workers to operate properly, and it has also been demonstrated that voters can be confused by poorly designed software. But computer people have been screaming about these problems for years. The problem is not that it can’t be done properly; the problem is that the current crop of machines is being designed by people who couldn’t program their way out of a paper bag. Did you know that the Diebold machines were programmed in BASIC?!?!?! That’s a hobbyist language invented in 1965, that is so obsolete that very few people use it any more. It is hopelessly antiquated, easy to hack, and lousy to program in — and that’s the language that the Diebold people chose. We’re talking here about incompetence of monumental proportions. Hell, we could probably give this as an assignment to an undergraduate programmer class and get a more secure program. (Even WITH the U of Wash example!)
    Again, if you read some of the material on security of voting systems, you’ll see that most of the arguments are about HOW to secure the systems, not WHETHER they can be secured. And certainly when we compare the tenor of these discussions with the Mickey-Mouse programming we see in current voting machines, we can see why we have done so poorly.
    The fact that voting machines these days are built by incompetent fools does not mean that reliable computer voting systems can’t be built. We just need to put some talent to the problem.
    KCinDC asks, “Erasmussimo, what long-established audit trails are you talking about in which the original inputs are kept secret from the people who perform the audits?” Those are called recounts. You go back through the records to see if they match up. You can do it with paper trails (as you would have in the kind of voting machine that computer scientists have been urging for years) or you can do with encrypted audit trails. That is, the same data that includes the final results also includes all the original data so that it can be checked against the final results. This is not rocket science.
    KCinDC next observes that the use of computers would reduce the number of people capable of guarding the integrity of the process. That’s not true. Yes, the number of people who could actually crack open the disk drive and verify that the contents are correct is very low. But you guard against this not by examining the disk drive but by insuring that nobody else gets access to the disk drive. You put the disk drive in a locked box, and then you must guard only the key to the lock — and you don’t need a PhD in computer science to understand how to insure that the key doesn’t get into the wrong hands. You do the same thing with all the other potentially vulnerable parts of the process: translate the security requirement into something that can be executed at a simpler level. It’s not that hard to do.
    Next, KCinDC warns that a computer system can go haywire and ruin the election. Yep, it sure can. Did you know that the Space Shuttle is controlled by computer systems? The Space Shuttle doesn’t fly very often, either, but it works — and neither catastrophic failure was in any way connected to the computer system. Did you know that all new aircraft are controlled primarily by computer systems? The pilot just pushes buttons and turns dials; the computer actually makes things happen. And yet, airplanes aren’t falling out of the skies. Did you know that every car made in this country in the last 15 years has tons of computer control? Could you imagine what would happen if the ignition suddenly died, or the injectors got the wrong mixture, or any of a hundred other computer glitches arose? Why, the highways would be littered with dead! And, yes, sometimes those glitches do arise — but they’re rare enough that the body count is still pretty low.
    Yes, computers are fallible. Yes, computers go down. I can understand how people who use Microsoft software can be so skeptical of the reliability of computer systems. But Microsoft isn’t the best software maker in the world — just the biggest. If you want to see good software in action, try some of the other applications, such as cell phones — or even Macs! 😉

97. KCinDC: In other words, if the bank says I need two forms of ID to open an account, I don’t assume that one of them is stating my name and address.
    Voting is not opening and account, registration is.
    When you write a check and mail it in you don’t present additional id but the check is still good if your signature is valid.
    Registered voters have already established an account.

98. erasmussino:
    Let me put it to you this way: To steal an election using paper ballots, I have to either dispose of a VERY large number of paper ballots, or manufacture a very large number. (Or rig individual machines). I have to do this in precinct after precinct, in which partisan poll-watchers are eager to spot discrepencies — and because it ends in pieces of paper, they can easily do so — especially opti-scan ballots.
    Each machine I rig, each box I stuff, each ballot I steal increases my chance of being caught. To steal a state-wide election is so close to impossible as to be dismissable. There’s simply no way a party or conspiracy can get that sort of control over that many physical ballots and machines.
    With electronic voting, the process is entirely different. I don’t need access to countless machines. I just need access to one — the central server. I can hack the vote months before it occurs. I can hack it in real time. I can make it smart enough to hack itself in ways that are totally believable.
    And even if someone figures out the votes were tampered with — I can make sure there’s no way to tell what exactly happened. And there’s no way to catch me, if I’m even marginally clever.

99. “But what is the ‘credible evidence’ now that you have removed identification?”
    I’ve never said voters shouldn’t identify themselves, Sebastian, and have specifically said otherwise, as well as having discussed the non-obscure practice we have of having voting rolls and voter registration.
    In other words, we commonly require people to identify themselves. And we check it against the records, as a rule (with variant practices, such as provisional ballots for special situations, and so on, making complete descriptions a bit more complicated).
    So what’s your beef? Since when is requiring even a hint of a clue of evidence of a crime, before presuming a crime, been a problem in America? Has at least filing some affidavits claiming witnessing fraud been eliminated from our justice system?
    We’ve had lots of voting fraud in the past, in various cities and places, using these methods of voter registration rolls, and, you know, lotsa practice — but mostly the will to eliminate voter fraud — has taught us how to deal with it, and it’s been mostly eliminated in recent decades.
    I’m sorry, but “the fact that I have no evidence only proves how successful the conspiracy is!” isn’t acceptable reasoning.
    What sort of voter fraud do you specifically allege is going on, and where?
    Have people been showing up to vote, and told they already voted? Where?
    Have we had widespread cases of hundreds of people not entitled to vote being bused in somewhere to fraudulently vote?
    I mean, what’s even the allegation here?

100. “To me, such language (‘some form of ID’, ‘acceptable forms of ID’) is not something I’d use to refer to the process of being asked my name.”
     And signature. Is there anywhere in the country where (handicapped voters aside), one isn’t required to provide a signature before voting?

101. Some folks here are phrasing the debate in terms of computer vs. paper. That’s not the decision that happens in the real world though. The real issue is whether there is a paper trail that voters can inspect and that can be manually recounted.
     Electronic systems that produce a voter verified paper trail that can be manually recounted later are great! Everyone loves them. The problem is with electronic systems that don’t produce a paper trail: why should any voter believe that their vote is being correctly recorded? Even if voters do believe that, how on earth can officials perform spot checks if there are no paper artifacts?
     Jes asked earlier about why Americans don’t do paper balloting. I asked that same question to a political scientist who specialized in voting issues at a Technology and Culture forum a few years ago. He claimed that Americans vote on many many things in each election; he mentioned something like 30 individual decisions that needed to be made for some elections in CA. Given those numbers, the cost of pure manual counting becomes prohibitive. At least that’s what he claimed.

102. Erasmussimo: Jesurglisac next asserts that “it’s been overwhelmingly demonstrated that they’re far more vulnerable to attack than any paper ballot system.” I believe you misunderstand the nature of the problems with computer systems.
     A few years playing around with programs with hacker friends. Degree in computing. Technical writer for computer software, eight years experience. Casual connections maintained even now with hacking community. Current IT support work.
     No, Erasmussimo, I do not believe I “misunderstand” the problem with computer systems.

103. Are there anuy other issues, Seb, that we liberals/feminists/women have “ruthlessly suppressed” the truth about?
     I just want to know where the hell is Ruth in all this?

104. Did you know that the Diebold machines were programmed in BASIC?!?!?! That’s a hobbyist language invented in 1965, that is so obsolete that very few people use it any more. It is hopelessly antiquated, easy to hack, and lousy to program in — and that’s the language that the Diebold people chose.
     Erasmussimo,
     Again, I must point out: you do not know what you’re talking about. Diebold machines were coded in VisualBasic, which is quite different from the BASIC invented in the 1960s. While I think it is a crummy environment to write code in, it is used by many many people today and is hardly antiquated. In terms of security vulnerabilities, I’d call it middle of the road: worse than some languages, better than others. Keep in mind however that I hate it.
     Look, you really cannot tell much by how old a computer language is. My company is building an incredibly sophisticated airline reservation system in common lisp, which is certainly older than BASIC.
     I can explain at length what we can infer about particular language choices, but your uninformed speculation is genuinely harmful to the discussion. Please stop.

105. Gary, please see here
     Note:

     Investigators said Tuesday they found clear evidence of fraud in the Nov. 2 election in Milwaukee, including more than 200 cases of felons voting illegally and more than 100 people who voted twice, used fake names or false addresses or voted in the name of a dead person.

     What? People voted twice?

     Nonetheless, it is likely that many – perhaps most – of those who committed fraud won’t face prosecution because city records are so sloppy that it will be difficult to establish cases that will stand up in court.
     And even now, three months after the investigation, officials have not been able to close a gap of 7,000 votes, with more ballots cast than voters listed. Officials said the gap remains at 4,609.
     U.S. Attorney Steve Biskupic likened it to trying to prove “a bank embezzlement if the bank cannot tell how much money was there in the first place.”

     What? Local lack of accounting makes definitive proof difficult? I wish someone had mentioned that in the argument.

     The fraud investigation has focused on the more than 70,000 people who registered to vote on election day, not the other 200,000-plus voters. That is because registration cards provide a paper trail, which officials said would be stronger in court than computerized records.
     It is unclear what identification these 100-plus people provided at the polls to register. State law allows utility bills and leases to be used or for one voter to vouch for another.

     Oh good, lack of recordkeeping combined with letting people orally vouch for each other. That sounds like it isn’t easy to defraud.
     On the same issue from the Harvard Law Review:

     In Wisconsin, a voter turnout of nearly three million boosted John Kerry to an 11,000-vote victory — one of the nation’s closest contests — helped in no small part by the election results in Wisconsin’s major cities. Milwaukee, notably, boasted close to a 50% turnout, with over 277,000 votes cast. But a discrepancy emerged after election day, growing clearer in the days and months following: city records revealed fewer than 273,000 registered voters had actually participated in the election.3The ensuing allegations and investiga-tions in Milwaukee resemble others across the country with at least 16 states embroiled in voter fraud controversy.

     And to be clear, do I take it that you don’t agree with Jesurgislac’s idea to help provide people with identification?

106. dmbeaster rightly points out that current computer systems are not as good as paper systems. I agree entirely. But the current crop of computer voting machinery is horribly bad. Just read what computer scientists have been recommending for years, and compare it with what’s actually out there, and you’ll see why computer systems are so wretchedly bad. This doesn’t mean that it can’t be done — it means that it has been badly done, and the fixes aren’t difficult to make.
     dmbeaster next asserts that “There is nothing unique about a computer system that makes it more secure from insider fraud.” Not true. Here, imagine the following scenario: it’s the day before the election. A representative from each of the two major parties, as well as representatives of anybody else who is running for election, arrive at county headquarters. The supervisor of elections leads the group to each machine. There, each party secretly keys in a 6-digit keycode. The computer accepts the keycode and prints out a receipt with the keycode. The individual puts the receipt in an envelope. When all the machines have had their keycodes entered, everybody goes home. The next day, at elections, the machines record the votes. At the end of the day, each machine uses an encryption key derived from ALL of the keycodes to encrypt a file containing the results. It then puts that file onto a thumbdrive, and an election worker carries the thumbdrive to the county headquarters, where it’s inserted into the vote counting computer. Up til this point, no single person has any way to read or alter the data in the thumbdrive. At this point, the representatives of the candidates are required to re-enter the keycode from their receipts. The combination of keycodes is used to decrypt the file.
     I challenge anybody to show how an insider could break this system. Let me walk you through a few scenarios:
     1. The county supervisor sneaks back to the machines the night before the election and alters the keycodes that have been entered. This in itself can be obviated by making the computers refuse additional entries without a complete reset — which would destroy other data necessary to operate. However, even if the supervisor did succeed in replacing the keycodes, he still doesn’t know the original keycodes. So when the thumbdrives come back the next night, and the representatives of the candidates enter their keycodes, the system will fail and the thumbdrives will be invalidated.
     2. An election worker messes with the computers at the polling station. Of course, the computer is sealed, so it can’t be opened up. The county worker has only one means of inputting anything: the touch screen. And that touch screen is under the computer’s control, and the computer will record the voter data (and, while we’re at it, take a photo of the voter for auditing purposes). The county worker is easily exposed when the vote counts of the computer fail to match the vote counts at registration. And his face is revealed in the audit data. Off to jail!
     3. An election worker substitutes a tampered thumbdrive for the real one while transporting it to headquarters. Right. Without the encryption key, that election worker would never even get started. Any file he substituted for the real one would fail the decryption test, and when the thumbdrive he delivered is compared to the data on the voting computer, the culprit is identified. Off to jail!
     You see, this stuff isn’t so hard to do.

107. KCinDC: I don’t trust our votingcomputers either – and don’t think that is nutty. Advantage we have is that we don’t have a winner-takes-all situation, but I strive towards computers combined with a paper trail myself.

108. Gah!

109. Erasmussimo, I’m not just talking about guarding the integrity of the process. With paper ballots, every step of the process can be observed, without any specialized training. If everything’s taking place inside computers, there’s nothing to observe. Maybe most people will trust the high priests who assure them that the system records their votes correctly, but a lot won’t.
     Maybe some day we’ll have voting computers as auditable, usable, reliable, and transparent as you say, but we have precisely none like that in use today. We’re already spending far more on these systems than we did on the paper-based systems, so I find it hard to believe we’re going to be able to convince people to spend still more in the hope that this time we’ll get it right. And even if we got such a system, no computer is going to be as reliable as a pencil.
     And I run into plenty of glitches on my Mac and my Linux machine.

110. The county supervisor sneaks back to the machines the night before the election and alters the keycodes that have been entered.
     A far greater concern would be an insider altering the vote-counting software itself.

111. 2. An election worker messes with the computers at the polling station. Of course, the computer is sealed, so it can’t be opened up. The county worker has only one means of inputting anything: the touch screen.
     There’s no such thing as a sealed computer. They don’t exist, and they certainly don’t exist if you’re talking about a cheap system. You are living in a fantasy world.
     Besides, even if we could somehow magic up sealed computers (which we cannot do), who seals the computer? The manufacturer? The county elections board? How do you know the software was not tampered with at the source? Even if you use open source software, how do you know that the machine is actually running open source software?
     I know you think these are easy questions, but they are actually questions that have no answer.
     By the way, do you have any idea how finicky cameras on a polling machine would be? How do you ensure there is proper light at a polling place? What do you do if the camera breaks halfway through election day?

112. “He claimed that Americans vote on many many things in each election; he mentioned something like 30 individual decisions that needed to be made for some elections in CA.”
     Only 30? I wish we had ballots remotely that short around here (Boulder, Colorado).
     As I’ve written a bunch of times in a bunch of places, the advance ballot pamphlet we get, listing the text of all offices and propositions we vote on, is between 40-50 pages each election. The total number of possible choices is at least a couple of hundred. The number of offices and issues is many dozens.
     Of course, that’s for this particularly city and county; go one over, and the ballot is different, since all the city and county issues will be different, etc.
     I take it you don’t vote in American elections, given your repeated use of “claimed” for what almost anyone who did vote in America would know, which is that, generally, yeah, we have a whole lot of things to vote on (and every state is different, and within each state, every county is somewhat different, and within each county, many municipalities will be somewhat different, as regards their ballot).
     Sebastian: “Gary, please see here”
     Thanks.

     Investigators said Tuesday they found clear evidence of fraud in the Nov. 2 election in Milwaukee, including more than 200 cases of felons voting illegally and more than 100 people who voted twice, used fake names or false addresses or voted in the name of a dead person.

     Then obviously this should be/have been thoroughly further investigated and prosecuted.
     “Nonetheless, it is likely that many – perhaps most – of those who committed fraud won’t face prosecution because city records are so sloppy that it will be difficult to establish cases that will stand up in court.”
     Then obviously Milwaukee’s records procedures should be fixed. Were there indications of organized fraud, or just lousy records and some individual problems? Was this of a scale to sway the election, or just to reveal that there are problems there that need to be fixed?
     “A photo ID requirement might have caught some of the problems highlighted in Tuesday’s preliminary report. It notes cases of people voting in the name of a dead person or as someone else. Investigators located some people listed as voting who said they did not vote.”
     So this fraud and these cases were found without a photo ID requirement.

     The fraud investigation has focused on the more than 70,000 people who registered to vote on election day, not the other 200,000-plus voters. That is because registration cards provide a paper trail, which officials said would be stronger in court than computerized records.

     So the registration requirement and a paper trail help prevent voter fraud. As we know.

     […] said would do more to tackle specific problems.
     For instance, investigators found “deputy registrars” working for registration drives had submitted at least 65 fake names, though no one apparently voted from the addresses.

     In other words, this was a non-problem; the details are unclear here, but I thoroughly desire prosecution of any and all actual fraud. Of course.
     It’s, overall, a fairly thorough piece, and it seems to clearly indicate no evidence of significant, or widespread, fraud. Good news. Thanks for pointing to it.

113. Comments are piling up so fast that I can’t keep up.
     Morat20 asserts that it is possible to hack the central vote counting computer. This might be possible if the vote counting computer were on the Internet. It’s not.
     Jesurgislac takes umbrage at my statement “I believe you misunderstand the nature of the problems with computer systems.” I apologize, I should have written:
     “I believe you misunderstand the nature of the problems with VOTING computer systems.”
     The point here is that the specific problems that have been demonstrated have to do with people not understanding how to use the systems. There has been NO “overwhelming demonstration” that computer systems are intrinsically vulnerable to attack, as Jesurgislac suggests. Perhaps we’d do best to agree that, while current systems are horribly vulnerable, there’s no reason why we couldn’t make computer voting systems much more secure than paper balloting systems.
     Common Sense berates me for claiming that the Diebold machines were programmed in BASIC. He thinks that there’s an important distinction to be made between Microsoft Visual Basic and old time Basic. Sure, there are lots of differences — but my point here is that anybody using Basic for a supposedly secure system is out of his mind. Yes, there are plenty of companies that use Visual Basic — for insecure applications. I can’t recall the details, but I know that an arm of the US Govt (I think it was DoD) prepared a list of computer languages that must be used for secure applications. I know that Java was on that list, and I think that PL/1 was on the list. I know of a certainty that Basic wasn’t on that list, nor was any flavor of C. We both know why.
     Please don’t speculate on my expertise — I don’t want to embarrass you and I REALLY don’t want to get into a penis-waving, I’m-techier-than-thou argument.

114. Seb,
     You mentioned Steve Biskupic above. Is that Steve Biskupic a loyal bushie by an chance? Because it sounds like the same Steve Biskupic as the one who just got smacked down by a federal appeals court for convicting a democrat on evidence that was “beyond thin.” Are you arguing that this Steve Biskupic has any more integrity and competence than the one that was shot down by the appeals court?
     I mean, he’s probably smarter and more honest than the people who implemented the iraq war, and I’m sure you are too. I just want to know if Karl Rove would describe him as a “loyal bushie.”

115. Ack! The hits just keep comin’…
     KCinDC notes that the paper ballot process can be completely in the open where everybody can see it. Again, this is theoretically true. In practice, however, there are simply too many places where the system is not open to public inspection. One of the most vulnerable of these is the process of moving the ballots to the central counting station. If you have lots of volunteer workers and inspectors, you can count the ballots right at the polling place after the polls close, but all too often there aren’t enough observers to pull that off, so they transport the ballot boxes to the county headquarters — and while the ballot box is in transit, all your security goes out the window.
     Steve worries that an insider could alter the vote-counting software itself. Yes, if the insider could crack the machine open. But that’s an obvious problem and one easily fixed: seal the computer box. We don’t need it to be opened for any reason, so weld the thing shut. If it fails, send it back to the factory, where it can be repaired under scrutiny.
     Common Sense loudly asserts that a computer cannot be sealed. I’ll explain it to you: you put the computer in a metal box. You hook up power, video out, and USB ports from the computer to the exterior of the box. Then you use a wondrous device called a “welding torch” to weld the box up. It’s not magic.
     Common Sense goes on to wonder where the computer is sealed. Normally that would be the place where it’s manufactured — where you can have representatives of both political parties on hand to keep an eye on things. Again, this is not rocket science — this is plain old everyday security precautions that have been in use for decades.
     Common Sense also points out that cameras fail. Indeed they do. But the purpose of the cameras is to deter crime — and they’re only a second layer of protection. If a camera fails, the system doesn’t fail. And besides, how is the crook to know whether the camera has failed? The deterrence value is still there even with a 50% failure rate.

116. Please don’t speculate on my expertise — I don’t want to embarrass you and I REALLY don’t want to get into a penis-waving, I’m-techier-than-thou argument.
     Um, how on Earth could you embarrass me? Are you going to say something that would make MIT revoke my degrees? Are you going to say something to magically undo the years of experience I have?
     My thesis was on programming language optimization through type inference. What was yours on? Tell me about your degrees and experience. Let’s see a link to your thesis.
     I dislike visual basic, but it is certainly possible to write moderately secure software with it, and it is certainly possible to write secure C programs as well. Certainly, many programming language runtime libraries and compilers and operating systems are written in C.

117. “It’s, overall, a fairly thorough piece, and it seems to clearly indicate no evidence of significant, or widespread, fraud. Good news. Thanks for pointing to it.”
     Again you have a nicely elastic sense of the word significant (which has been illustrated across multiple threads today). This involved hundreds of votes with direct fraud, and thousands of votes tallied over the number of voters registered. It involved only the people stupid enough to use false paper records, not those who used the system of vouching for one another.
     “Then obviously Milwaukee’s records procedures should be fixed. Were there indications of organized fraud, or just lousy records and some individual problems? Was this of a scale to sway the election, or just to reveal that there are problems there that need to be fixed?”
     This was not some individual problem, the whole system is designed to avoid a good trail. You are a researcher, there is a huge debate about the stupid loopholes in Wisconsin. You claimed to be totally unaware. Now you aren’t. Have at it with your famous persistence.

118. If you have lots of volunteer workers and inspectors, you can count the ballots right at the polling place after the polls close, but all too often there aren’t enough observers to pull that off, so they transport the ballot boxes to the county headquarters — and while the ballot box is in transit, all your security goes out the window.
     Does it? Why?
     You load the sealed ballot boxes – publicly, with witnesses mandated from all parties plus an independent electoral observer – into the back of a secure van. The doors to the van are locked/sealed. The van is driven to county headquarters. Since most vans have room up front for two people besides the driver, the driver can be an independent electoral observer and two people from the two largest parties can be witnesses. At county headquarters, witnesses mandated from all parties plus an independent electoral observer confirm that the van doors are stil locked/sealed before the electoral observer unlocks them and the sealed boxes are unloaded, publicly, where everyone can witness that they are still sealed. You do this whenever you transfer sealed ballot boxes (empty or full).
     Exactly how is this “security going out the window”?
     Exactly how is any of this impossible in the US?

119. Sebastian left out this part, from the same election.

     Pratt is the son of former Acting Mayor Marvin Pratt, and Omokunde is the son of U.S. Rep. Gwen Moore (D-Wis.).

     Quite a bit of shenanigans went on in Milwaukee back in 2004!

120. I dislike visual basic, but it is certainly possible to write moderately secure software with it
     I’ll put in a plug for PowerBASIC.
     It still would have any security weakness that is in the Windows API.

121. Common Sense insists upon waving his penis at me. I’ll not reciprocate. Let me simply observe that, if you think a language like Basic can be made secure, well, I think you should demand a refund from MIT. And if you think that ANY language with pointers, such as C, can be made secure, then you should sue MIT for its entire endowment!
     I’ve done some security work. I’ve spent time with hackers talking about security problems. I’ve even hacked a few programs in my day. I’ll grant that it’s possible to make a program resistant to hackers by all manner of clever tricks — that’s what I did. But secure? No way.
     Jesurgislac wonders how it is that the US can’t get enough election monitors to insure that every step of the process is scrutinized. Partly it’s a matter of differentiating between volunteers and employees. For example, you can’t have volunteers driving the cars — if they had an accident, the county would get sued. Nor do that many counties have enough vehicles to insure a county vehicle at every polling station. Remember, the USA is not as densely populated as Europe, so there are lots of polling places scattered all over creation. There are lots of counties where the stuff is thrown in the back of an employee’s car, who drives it — almost always alone — to the county central facility. I’ve seen some horrific videos taken by election reform people showing some little old lady driving up to the headquarters in her Cadillac, opening the trunk, walking away for five minutes with the trunk wide open, coming back with somebody to help her, and then just driving off as soon as the helper has the stuff. There was some wonderful footage in 2004 of an election reform worker finding the audit trail documents in the dumpster outside the warehouse the day after the election — even though the results hadn’t been certified. The more people there are in the loop, the more holes there are.

122. A reminder of the posting rules, and their requirement that people try to keep office software filters from blocking this blog by watching their choice of language, might be in order.

123. Sorry, Gary. I allowed my fondness for punchy phrasing to exceed my considered judgment. I figured that Common Sense wouldn’t take offense, but I forgot about the software filters. I’ll be more restrained in future.

124. Eraserissimo: Jesurgislac wonders how it is that the US can’t get enough election monitors to insure that every step of the process is scrutinized.
     No, that’s not actually what I wondered. I wondered why you were claiming that when ballot boxes were loaded into a van for transport, it was inevitable and unavoidable that “security goes out the window” when I (no expert) could casually think of a means of ensuring that ballot boxes were securely transported from voting station to counting center.
     For example, you can’t have volunteers driving the cars — if they had an accident, the county would get sued.
     So in the US, the county can’t pay for insurance so that volunteers can drive the van with the sealed ballot boxes?
     Remember, the USA is not as densely populated as Europe, so there are lots of polling places scattered all over creation.
     And I recall also that in the US, you never developed any means of transporting valuable objects securely from one place to another. In Europe, we developed this concept called a car, which led to the development of a van, which can be constructed so that it’s what we call high security, with things called locks on what we call doors. And we drive these vans along things called roads from place to place. Are you with me, Er? Should I explain in more detail? Provide links?
     The more people there are in the loop, the more holes there are.
     Not if you have rules which have to be followed for each step of the process of sealing and transporting sealed and empty or full ballot boxes from counting place to polling station and back again, which have always to be witnessed by at least two volunteers.
     Your argument appears to be that because in the US you aren’t capable of running elections properly, it’s better to use computers…

125. which have always to be witnessed by at least two volunteers – one from each party, approved by the party, obviously. Or multiple volunteers if you have multiple parties. In this way in order to rig the election you have to persuade a Republican volunteer and a Democratic volunteer to spill the ballot boxes.
     Yes, I grant you, running an election this way is a lot of hard work. But who said democracy had to be easy?

126. Ah, Jesurgislac, now I take your meaning. No, there aren’t enough vans to go around in most counties. It depends, of course — there are thousands of counties in the US. Some can handle it, but many can’t. So they resort to using any means of transport ready to hand — sometimes the cars of county employees. And when you have one person driving a car loaded with ballot boxes, without anybody supervising the loading or unloading, well, as I said, security goes out the window. And since you AREN’T wondering how the US can’t get enough election workers to provide those services, that’s no longer a point at issue.
     You misunderstand my point about the widely scattered nature of polling places in the US. More polling places scattered over a wider area implies greater vehicle-miles to transport the ballot boxes to a central location. That’s what puts so much pressure on election supervisors to enlist employees’ vehicles, and why they sometimes have a single driver.
     You continue to argue that, with enough people, it’s easy to secure paper ballots. I agree entirely. The problem is that US counties seldom have enough people. Remember, elections here are carried out on Tuesdays. That means that only retired or unemployed people can volunteer to help. Employed people can’t take a day off to volunteer. So there are never enough people to do the work.

127. No, there aren’t enough vans to go around in most counties.
     Then clearly, part of election reform in the US has to include provision of secure transport of ballot boxes between polling station and counting house.
     That’s what puts so much pressure on election supervisors to enlist employees’ vehicles, and why they sometimes have a single driver.
     Then clearly, part of election reform in the US has to include an unbreakable rule that election supervisors are not allowed to do that.
     The problem is that US counties seldom have enough people. Remember, elections here are carried out on Tuesdays. That means that only retired or unemployed people can volunteer to help. Employed people can’t take a day off to volunteer.
     Then clearly, there has to be provision in federal law to require employers to let employees take a paid day off to volunteer for election supervision duty. It’s one day every two years, and not an unexpected day, either: if a business cannot cope with an employee having a planned and predictable day’s paid leave on public service no more than once every two years, it’s obviously not much of a business.
     The problem is, Er, that you seem to see all problems to do with computers as completely fixable – but take a completely defeatist attitude to the much simpler problems of setting up security around paper ballots. Why is that?

128. Wow, multiple trainwrecks in one thread. Keep it up, Sebastian and Erasmussino.
     With regard to Erasmussino’s nutty claims about security and properly designed systems: THERE IS NO PERFECTLY SECURE SYSTEM.
     Ken Thompson, the co-creator of the C programming language, wrote an article called “Reflections on Trusting Trust”. It’s very interesting, but the bottom line is the following:

     The moral is obvious. You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code.

     To build a trusted system, you must have total control over all levels of the computer system: chips, hardware, firmware, kernel, operating system, the entire compiler toolchain, as well as your voting application.
     Such control does not exist. And the stakes involved in a superpower election are so high that none of these levels can be trusted. Even the ones involving Intel and Microsoft. Especially those, as a matter of fact.
     (See the history of US corporations’ complicity in espionage against the Soviets — I’m thinking in particular of certain modifications made to early Xerox copiers, and backdoors in oil pipeline control programs).

129. No, I’m not taking a defeatist attitude towards paper ballots. Both paper ballots and computer voting systems have problems, but you are insisting that computer systems cannot be made secure (which is false), and that, with enough money, paper ballot systems can be made to work. Well, with enough money, ANYTHING can be made to work. The real question is, which approach can achieve greater security at an acceptable and equal level of expenditure? We don’t know the answer to this question with certainty yet, but all the indications are that the computer approach can attain a higher level of security for the same amount of spending as the paper system. Why do I believe that this is true?
     First, the cost of running an election is enormous. For example, the cost of carrying out a recount of votes in the State of Washington is 15 cents per vote for a machine recount and 25 cents per vote for a manual recount:
     http://www.secstate.wa.gov/office/osos_news.aspx?i=SPlmpeBt1xLxpksVqw%2Ft9w%3D%3D
     If these numbers are applicable to other states, then the cost of counting votes (not setting up polling places, hiring workers, and so forth — just counting votes) in a presidential election (100 million voters) is $25 million per election. (By the way, what they call a machine recount is not the same as the output of a computer voting system. A recount on such a system would cost next to nothing. They’re talking about rescanning all the ballots.) Now, these costs are the costs of the current shoddy system. If we wanted to take it up to the level of security you’re recommending, we’d be talking about much higher costs.
     By contrast, the expenditures for computer voting systems are primarily capital costs, which you pay just once. Now, voting machines these days cost about $5,000 apiece. That’s a huge rip-off. The basic computer technology can be had off the shelf for $500. The software could be done by an open-source effort and cost nothing. A small printer costs less than $100. The most expensive component is the touch-screen, but the POS market has been driving prices way down in the last few years. You can get a nice 15″ color touchscreen for $500 RETAIL. Thus, the component costs for such a system add up to maybe $1200 at retail. Do this as a commercial operation and you could make money selling it for $2000 at current prices. Wait a few years and the price will go down even further. That’s the nice thing about technology: the price goes down with time. With manual labor, the price always goes up with time.
     Oh, and don’t forget that we have an average of one election per year in America. Those savings really add up fast.
     Anyway, these estimates are all impossible to nail down, but my point is that computer voting systems need not be expensive. The companies making voting machines right now are making huge amounts of profit at the expense of the citizens.
     Oh, and just for fun, I happened onto this link for Web-based voting. You wanna do it REALLY cheap? 😉
     http://www.bigpulse.com/elections?gclid=CITGptr_u4sCFRtcUAodznfq0A

130. theo, it’s true that you can’t trust anything built by anybody else. But you can trust something done with everybody watching. That’s what open source software does. There is broad agreement that open source is the best way to obtain high levels of security.
     The same thing goes for the use of commodity hardware. If you buy off-the-shelf parts, then the vendor who wants to take over the world by swinging elections will have to make millions of chips to go into personal computers, all of which have this weird stuff in them that anticipates the design of the voting software so that it can twist it around. That can be done — but it would take millions of dollars of engineering to pull it off, and even then you can’t be sure you won’t be caught red-handed by one of those open-source hackers. You’d be surprised how good they are at digging out odd details.
     That’s the whole point of the whole open-source concept: do everything out in the open where everybody can see it. That’s the best way to security.
     Even then, you’re right that nothing is absolutely secure. Not even paper ballots. So we go for the approach that gives us the greatest degree of security for the amount of money we’re willing to spend. And it sure looks as if computer voting systems are the best way to do that.

131. Missed this one. A good thing, I think.

132. “Thus, the component costs for such a system add up to maybe $1200 at retail. Do this as a commercial operation and you could make money selling it for $2000 at current prices.”
     I’ll leave the rest alone — I’ve made my point, pointed to material, and I’m content to leave it there, and to you to continue to argue your POV so long as you like — but in response to this I’d like to make the very small point that voting equipment has to, in some reasonable fashion, take into account the various forms of handicapped voters, including the blind, the deaf, the paralyzed, and so on.
     There are legal requirements to be met that deal with those factors, as well as a variety of other legal requirements that voting equipment has to meet. You’ll need to figure those costs into any overall costs.
     “There is broad agreement that open source is the best way to obtain high levels of security.”
     When speaking of computers, there’s a point we can agree on.
     Care to comment on Bruce’s many writings that I’ve pointed to?

133. Erasmussimo, it seems like you’re continuing to assume all problems with computer-based systems can be magically fixed but no problems with other systems can be. Yes, we’ve had all these problems with badly written software and inferior hardware and poorly trained workers, but in the future somehow none of that will happen.
     And I don’t understand your cost comparison. How long are you expecting to continue to use these voting machines? If there are 175,000 precincts in the country, and each had only 3 machines (which would presumably cause huge lines, especially during the times when one is broken down), then at $2000 a piece that’s over $1 billion. What are you comparing that with?

134. Gary, I agree that handicapped people present special problems, but I don’t see these problems as in any way unique to computer systems. They’d be just as tough with paper ballots.
     I find myself in agreement with most of what Mr X has to say. For example, he writes:
     “Computer security experts are unanimous on what to do… And they have two recommendations:
     1. DRE machines must have a voter-verifiable paper audit trails…
     2. Software used on DRE machines must be open to public scrutiny…
     Computerized systems with these characteristics won’t be perfect — no piece of software is — but they’ll be much better than what we have now. We need to start treating voting software like we treat any other high-reliability system. The auditing that is conducted on slot machine software in the U.S. is significantly more meticulous than what is done to voting software. The development process for mission-critical airplane software makes voting software look like a slapdash affair. If we care about the integrity of our elections, this has to change.”
     All of which I am in perfect agreement with.
     KCinDC, you argue that the problems of computer voting systems are more difficult than I claim, and that the problems with paper ballot systems are easier to solve than I maintain. Let me point out two factors here:
     1. Computer voting systems as currently built are execrable. Just read any of the material that Gary has posted, and you’ll see the same basic points made over and over: computer voting systems are fraught with idiotic errors. They’re badly designed and poorly programmed. I’m saying that, since they’re so badly done now, it should be very easy to build something that works. The problems we face are not major technological hurdles, they’re just a matter of getting some halfway competent people working on them. Hell, I could probably build a better system using a team of game designers — and voting would be a lot more fun! 😉
     2. Paper ballot systems have already been maxed out. There’s no promising new technology on the horizon, no reason to think that the problems we know about can be fixed. Yes, with lots of cheap labor, we can make paper ballot systems work — but we don’t HAVE lots of cheap labor. The Pharoahs could build the pyramids — we can’t.
     I agree that the capital cost of equipping the country with computer voting systems would be at least $1 billion, and probably more like $3 billion to $5 billion (including training and deployment). However, the cost of running elections is nothing to sneeze at, either. I was not able to find good numbers on the total cost of running an election, especially because some of the costs will remain and some will go away, and I couldn’t get numbers that are broken down in a usable fashion. But I think that the best evidence here is the enthusiastic response that county elections officials have had to this technology. One of the big arguments in favor of the HAVA act was that the county people couldn’t scrape together the big capital expense of buying the voting machines, and so had to continue bleeding money for the high operating cost systems. The argument was that the country as a whole would save money by shifting over to the computer voting systems. That is my recollection; I’ll try to research the testimony for HAVA to see if I can find some numbers.

135. Oops, in the above posting, read “Mr. Schneier” for “Mr. X”. I forgot to go back and fill in the correct value.

136. I’m not arguing that the main hurdles are technological. There’s a huge gap between what’s technologically possible and what actually gets implemented, and I’m not so confident that that problem is easily soluble. Most software is execrable — maybe not as bad as the voting software we have now, but far below the standards that voting software should meet.
     My recollection is that the rush to electronic machines with HAVA was a reaction to the butterfly ballot and hanging chads. Not all paper ballot systems have those problems, and I’m not convinced that we need to spend vast amounts of money and effort to switch to something that’s far more complicated and less transparent. I don’t see the benefit.
     I’m reminded of a time when a mall I used to go to decided to switch to a computer-based system for its directory of stores. The old system was the standard non-electronic big map and listing of where all the shops were. On the new system you could type in a name to search for a business and then have it highlighted on a map on the 15-inch screen. The new system was of course easier to update. Unfortunately it could only be used by one person at a time, whereas several people at once could have used the old one if only they hadn’t removed it. But at least it was modern and used a computer.
     When I go to my polling place, there are 16 or 20 voting stations, because all that’s required for a station is a pencil (to fill in the arrows on the optical scan ballot) and a privacy screen. During a presidential election it’s useful to have that many. I seriously doubt we’d be able to afford anywhere near that many if there had to be a voting machine at each.

137. “Gary, I agree that handicapped people present special problems, but I don’t see these problems as in any way unique to computer systems. They’d be just as tough with paper ballots.”
     It’s not important, but you seem to have not read what I wrote, or somehow “I’ll leave the rest alone — I’ve made my point, pointed to material, and I’m content to leave it there, and to you to continue to argue your POV so long as you like” wasn’t clear.
     I didn’t say a word about the subjects you address above — not a word — so I have no idea what comments you are responding to. Please find someone who is arguing with you to argue with. Arguments work much better that way, when they’re not non-sequiturs, or in response to our imagination.
     (I actually made three other points, not a single one of which did you reply to. Whatever.)

138. “Oops, in the above posting, read ‘Mr. Schneier’ for ‘Mr. X’. I forgot to go back and fill in the correct value.”
     In that case, please go back to my last comment, and subtract one from where I said “not a single one of which did you reply to,” thus meaning that you did reply to a single one of which. Naturally, I’d not have said what I said at all, if I’d understood who “Mr. X” was; as a result I simply wrinkled my brow in puzzlement, and moved on, instead.

139. Common Sense: Again, I must point out: you do not know what you’re talking about. Diebold machines were coded in VisualBasic, which is quite different from the BASIC invented in the 1960s…
     Weren’t they technically coded in AccessBasic? I’m not sure what the difference is, frankly, but I think AccessBasic has even fewer cryptographic capacities.
     Look, you really cannot tell much by how old a computer language is. My company is building an incredibly sophisticated airline reservation system in common lisp, which is certainly older than BASIC.
     Interestingly, AFAICT lisp all but ceased to exist outside of academic circles until relatively recently. Nowadays, Scheme and CL are popping up all the damn hell over the place. Pity, really, because it’s been a PITA to learn a whole new programming paradigm.
     My thesis was on programming language optimization through type inference.
     Heh. I approve of any abstract techie paper whose opening section contains “The Coming Plague”. Mind you, I have an irrational fondness for tech papers with inappropriate language; I’m still proud of the fact that my senior thesis (on transcendental number theory, and a POS it was too) quoted Stalin.
     In re voter safety, can anyone comment on the electronic voting machines in the recent Indian elections?

140. Well, Gary, I don’t understand your recent references, so perhaps this is an ideal opportunity for us to call it a night.
     Anarch, I know nothing about the machines used in the Indian elections, but I’d love to learn about what they did and how it turned out.

141. Weren’t they technically coded in AccessBasic? I’m not sure what the difference is, frankly, but I think AccessBasic has even fewer cryptographic capacities.
     I think you may be right there Anarch. I don’t see much difference between them; I believe that access basic programs can still use external DLLs so crypto primitives should not be a problem.
     Now, having said that, using access for anything voting related at all was incredibly stupid. The problems are not in the language though.
     Interestingly, AFAICT lisp all but ceased to exist outside of academic circles until relatively recently. Nowadays, Scheme and CL are popping up all the damn hell over the place. Pity, really, because it’s been a PITA to learn a whole new programming paradigm.
     Yeah, there’s been something of a resurgence. Tools like SLIME make it a lot more pleasant. CL doesn’t really offer much in the way of new paradigms though. The object system is pretty standard (except for coolness of multimethods and eq specialization) and you can (and probably should) ignore macros for a good long while.
     Ironically, it seems that people who’ve spent time doing python/perl/ruby can adapt to CL pretty fast. Deep down, all dynamic languages are the same I guess.
     In any event, Peter Seibel’s book Practical Common Lisp is an excellent intro and is free on the web.

142. Here is a convenient piece in tomorrow’s paper.

     Five years after the Bush administration began a crackdown on voter fraud, the Justice Department has turned up virtually no evidence of any organized effort to skew federal elections, according to court records and interviews.
     Although Republican activists have repeatedly said fraud is so widespread that it has corrupted the political process and, possibly, cost the party election victories, about 120 people have been charged and 86 convicted as of last year.
     Most of those charged have been Democrats, voting records show. Many of those charged by the Justice Department appear to have mistakenly filled out registration forms or misunderstood eligibility rules, a review of court records and interviews with prosecutors and defense lawyers show.
     In Miami, an assistant United States attorney said many cases there involved what were apparently mistakes by immigrants, not fraud.
     In Wisconsin, where prosecutors have lost almost twice as many cases as they won, charges were brought against voters who filled out more than one registration form and felons seemingly unaware that they were barred from voting.
     One ex-convict so unfamiliar with the rules that he provided his prison-issued identification card, stamped “Offender,” when he registered just before voting.
     A handful of convictions involved people who voted twice. More than 30 were linked to small vote-buying schemes in which candidates generally in sheriff’s or judge’s races paid voters for their support.
     […]
     Mistakes and lapses in enforcing voting and registration rules routinely occur in elections, allowing thousands of ineligible voters to go to the polls. But the federal cases provide little evidence of widespread, organized fraud, prosecutors and election law experts said.

     And so on. Of course, it’s the famously liberal NY Times, so obviously their story is slanted and wrong.
     I probably should nonetheless note the specific examination of Wisconsin (home of Milwaukee!):

     “There was nothing that we uncovered that suggested some sort of concerted effort to tilt the election,” Richard G. Frohling, an assistant United States attorney in Milwaukee, said.
     Richard L. Hasen, an expert in election law at the Loyola Law School, agreed, saying: “If they found a single case of a conspiracy to affect the outcome of a Congressional election or a statewide election, that would be significant. But what we see is isolated, small-scale activities that often have not shown any kind of criminal intent.”
     For some convicted people, the consequences have been significant. Kimberly Prude, 43, has been jailed in Milwaukee for more than a year after being convicted of voting while on probation, an offense that she attributes to confusion over eligibility.

     Clearly a huge problem.

     […] Some of those cases have baffled federal judges.
     “I find this whole prosecution mysterious,” Judge Diane P. Wood of the United States Court of Appeals for the Seventh Circuit, in Chicago, said at a hearing in Ms. Prude’s case. “I don’t know whether the Eastern District of Wisconsin goes after every felon who accidentally votes. It is not like she voted five times. She cast one vote.”

     There’s a bunch more about Ms. Prude (thank goodness she’s off the streets, where she might vote again!) and Wisconsin’s lack of significant voter fraud, and Republicans’ attempts to gin claims up.

     […] Of the hundreds of people initially suspected of violations in Milwaukee, 14 — most black, poor, Democratic and first-time voters — ever faced federal charges. United States Attorney Steven M. Biskupic would say only that there was insufficient evidence to bring other cases.
     No residents of the house where Mr. Graber made his assertion were charged. Even the 14 proved frustrating for the Justice Department. It won five cases in court.
     The evidence that some felons knew they that could not vote consisted simply of a form outlining 20 or more rules that they were given when put on probation and signs at local government offices, testimony shows.
     The Wisconsin prosecutors lost every case on double voting.

     I think this makes clear just how serious the Democratic voting fraud conspiracy is: it’s so insidious, that it’s reached into the courts, and fixed the results. The lack of convictions only proves the problem is even larger than Republicans claim it is.

143. Rape prosecutions often lose, the evidence just doesn’t meet the hurdle. I suppose you think that proves….

144. I’d like to point out to those that missed it that that United States Attorney Steven M. Biskupic has been making the news recently and his credibility is currently… tarnished.

145. Oh, and Gary? Absence of evidence — or is that evidence of absence? I can never remember.

146. Seb,
     I believe someone raised this issue upthread, but I haven’t seen an answer yet.
     Can you explain what prevents states from conducting voter spot checks right now? Specifically, it seems that states could pick a precinct, go through the rolls of voters who voted in the most recent election, dispatch someone to their house and verify that that person exists, is alive, and is eligible for voting.
     When investigators show up at people’s houses, they can ask to see ID and they can also ask to see recent bills or other postal mail. They can ask people if they actually voted. They can cross reference the social security death index and the local death certificates for people they’re unable to locate.
     I can’t see any reason why this sort of investigation would be illegal right now. States that performed these investigations would get a rough bound on how bad voter fraud is.
     If a state did that and came up with actual numbers, I’d be much more amenable to arguments for increased voter identification.
     So, why hasn’t any state performed an investigation like this?

147. No, I’m not taking a defeatist attitude towards paper ballots.
     Yet every problem with paper ballots that you raise, you mention as if it were completely unfixable when, in fact, the solution is obvious – as, for example, your assertion that it’s impossible to get volunteers to work on elections because elections are held on a Tuesday…
     The real question is, which approach can achieve greater security at an acceptable and equal level of expenditure?
     Paper ballots, demonstrably.
     Cost of providing completely secure machines for electronic voting – considerable, and the machines to remain secure, will have to be frequently replaced/upgraded.
     Cost of buying secure vans to transport sealed ballot boxes from place to place – considerable, but once bought, the election fleet doesn’t have to be replaced or upgraded nearly as often, and can be used for other purposes between elections.
     Most of the other “costs” involved in staffing elections and ensuring multi-party witnesses are available to watch ballot boxes being sealed, transported, unsealed, and ballots counted, is the need to ensure that anyone who wants to (you could have limits on number per company depending on the company’s size) can take a paid day off for the purpose of volunteering to help secure the US elections. Once every two years: not actually a very high cost, and distributed effectively over large numbers of people.

148. I’m sorry, Amos, but there has never been a Gallup poll of computer security experts, much less a standard definition of what credentials one needs to have one’s opinion count in any such poll.
     I’ll take that as a retraction of your statement about what “most security guys” think. Thank you.
     I’d prefer to start with Schneier (and started with him long ago, in fact), but since you mention a particular Wikipedia article, let me give you a quote from it, prominently placed near the top:

     “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts.”
     Eugene H. Spafford, director of the Purdue Center for Education and Research in Information Assurance and Security.

149. Not enough poll workers/volunteers?
     Over here those are drafted. Usually public servants are chosen first and volunteers are given preference but anybody on the voter list can be drafted to do the job on election day. You need a good excuse to avoid doing it (more or less the same as for not showing up in court if called).
     The original reasons for not voting on Sunday don’t apply anymore and, even if they did, why not making election day an official holiday? And don’t come to me with the argument that the economy would go to hell in that case.
     I could easily imagine a modernized version of the Greek voting pebble system using “verifiable pebbles” btw

150. Well, Hartmut, in the UK polling clerks, presiding officers, and enumerators, are paid positions: you apply for the job via the local council, and you take a day’s leave from your usual job. (This would be awkward, I suppose, in the US where people don’t have nearly as much paid leave as we do.) It could be subject to abuse, but every step of the way has official party witnesses – every party taking part has a right to have an official witness at the polling station and the counting. It’s up to each party to arrange who these witnesses are, of course: party members usually volunteer, and of course candidates will.

151. Jesurgislac completely misunderstands my comparison of paper ballot systems versus computer voting systems when declaring, “Yet every problem with paper ballots that you raise, you mention as if it were completely unfixable when, in fact, the solution is obvious – as, for example, your assertion that it’s impossible to get volunteers to work on elections because elections are held on a Tuesday…”
     I have repeatedly characterized the problem as one of relative security for a given level of expenditure. I have agreed that, with enough money, anything can be accomplished. And I have also pointed out that, while the solutions Jesurgislac offers are certainly viable, they are also expensive. The real question, then, is the comparative cost of the two systems. Jesurgislac offers a speculative comment that the hardware would have to be replaced “frequently” in order to remain secure. This speculation is flatly contradicted by security experience in other fields. Once a system has been secured, there is no need to tamper with it. Some of the DoD secure systems are decades old, and they’re just as secure today as they were twenty years ago.
     Jesurgislac misses the most important recurrent cost with computer voting systems: the cost of replacing touch screens. These devices are fragile and people stab at them brutally, wearing them out rapidly. Fortunately, the wear and tear on a computer voting touch screen will be much less than that on POS systems, so they should last quite a while. Still, they will have to be replaced.
     Jesurgislac and Hartmut both suggest schemes whereby people get time off from work to serve as election assistants. Their assumption here is that, since the government need not pay the costs, there are none. This is incorrect; there are no free lunches. If you take a worker who earns $25 an hour away from his job and put them onto election work for eight hours, then you have cost somebody, somewhere, $200. You can play shell games with where the money comes from, but in the final analysis, $200 of wealth (actually, somewhat more due to idle capital) that would have been created is not created. Multiply this by the thousands upon thousands of election workers around the country and you get a sizeable sum. How sizeable? I can only guess here. A typical polling station will have 3 to 6 workers and serve several hundred voters, so let’s say — very roughly — one worker per hundred voters. With 100 million voters, that adds up to 1 million workers. At, say, $20 per hour per worker and 8 hours per day per worker, you end up with $160 million in labor costs. So let’s not sneeze at labor costs, OK?
     Unfortunately, at this point it gets difficult to make a comparison with computer voting systems, because we really don’t have cost figures broken out for the actual counting process. The best figures I have found are the recount charges from the State of Washington. At $0.25 per vote with paper ballots, that adds up to a mere $25 million to process 100 million votes — EXCEPT that this applies to a single race. A typical American ballot will have several dozen voting decisions on it. If we assume 20 decisions needing to be counted per ballot, then the cost of counting votes by hand comes to $500 million — assuming that there are no economies of scale at work.
     So if we apply my earlier estimate of $3 billion to $5 billion for the total cost of deploying a computer voting system, then we find that the system will pay for itself in savings in 6 to 10 elections. Since most Americans vote in about one election per year, that means 6 to 10 years of payback time — which is better than the cost of money.
     These are very rough calculations, of course, but they’re better than the hand-waving we’ve been doing at each other so far. If anybody wants to improve upon them, by all means please do so. I’d especially like to find the testimony on HAVA, as I suspect that it will have detailed economic analysis.

152. In Germany the vote counting is officially public, i.e. whoever wants can witness it without having to apply for something. Is it the same in the UK or the US?

153. In Germany the vote counting is officially public, i.e. whoever wants can witness it without having to apply for something. Is it the same in the UK or the US?
     I think it’s the same in the UK, though to be honest I’ve never been at a vote count to find out how easy it is to get in. I’d assume that just physically, places are limited, and official witnesses from the parties have to have priority.
     And I have also pointed out that, while the solutions Jesurgislac offers are certainly viable, they are also expensive.
     Not as expensive as your solutions, though.
     Their assumption here is that, since the government need not pay the costs, there are none.
     No. My assumption is that the costs are worth paying.
     If you take a worker who earns $25 an hour away from his job and put them onto election work for eight hours, then you have cost somebody, somewhere, $200.
     And your unexamined assumption is that this is too expensive?
     With 100 million voters, that adds up to 1 million workers. At, say, $20 per hour per worker and 8 hours per day per worker, you end up with $160 million in labor costs. So let’s not sneeze at labor costs, OK?
     There are elections coming up in Scotland in the UK in May, and I found a local council’s press release advertising for election workers (the total votes cast in the last general election in East Dunbartonshire were 46 724) :

     · 90 Polling Clerks to work in the Polling Places helping residents cast their vote. The wages are £164.55 (gross).
     · 65 Presiding Officer to manage the Polling Stations. The wages are £269.62 (gross) or £253.86 (gross) depending on number of Polling Stations.
     · 130 Enumerators to count the votes. Sixty-five staff are needed for Thursday night and another sixty-five for Friday morning. The wages are £80 (net) for Thursday and £40 (net) for Friday.

     So that’s 285 staff for about 47 000 votes, or 1 paid staffer for every 163 votes cast. If, just for the sake of argument, you assume about the same ratio for US elections, you need 750 107 paid staffers.
     This leaves out, though, what you might call the intangible value of making local people feel responsible for running elections honestly and fairly as a public service.

154. “If, just for the sake of argument, you assume about the same ratio for US elections, you need 750 107 paid staffers.”
     Setting aside what seems to be some sort of typo: Per what? We don’t have constituencies; we have, instead, a wide variety of offices and propositions, and bond issues, and so on, being voted on; each ballot, as I’ve mentioned, being different in every municipality. We need approximately 750, or 107, paid workers, per what?

155. Gary, it’s still morning for you, but I’m sure you’re familiar with the convention of using spaces (thin spaces when available) to separate groups of three digits in numbers. (As opposed to styles that use commas or periods or apostrophe-like ticks.)

156. “Gary, it’s still morning for you, but I’m sure you’re familiar with the convention of using spaces (thin spaces when available) to separate groups of three digits in numbers.”
     Huh. I don’t think I’ve ever seen that before, actually. Not that I can recall. Where is that used?

157. Jesurglisac, I think we’re getting down to trivial disagreements. I estimated 1 million workers; you came up with 750,107. C’mon, is this really worth arguing about? The important issue is the cost comparison, and although you strongly deny a few of my statements, you don’t seem to find my overall assessment worthy of challenge.
     At 8:22 AM Mr. Newcombe triumphantly pranced a victory dance because he misunderstood my earlier post about computer experts. I’ll have to clarify: there are no reliable polls that give us clear statistics about the opinions of security experts. However, a reading of the opinions of many separate experts clearly demonstrates that the opinion of most is that the security problems can readily be solved if only we put some competent effort into it. I provided a quote from Mr. Schneier to demonstrate this point.
     Mr. Newcombe provides his own quote to the effect that there is no such thing as security. I add two additional considerations: the quote describes ABSOLUTE security: the kind of security that even the Mission Impossible team could not break. Absolute security is a form of perfection: it is unattainable and Mr. Newcombe’s source is stating the obvious.
     Second, as Mr. Schneier points out, there are some security experts who are pessimistic, but most are optimistic that these problems have reasonably obtainable solutions. Anybody can dig up a few outlier quotes; the real question is what the majority of experts think, and that matter seems to be clear.

158. The important issue is the cost comparison, and although you strongly deny a few of my statements, you don’t seem to find my overall assessment worthy of challenge.
     Nope. I think democracy is worth paying for to get as reliable a system as possible, and the best possible system is hand-counted paper ballots. You think it’s better to aim to do it as cheaply as possible, and above all not include ordinary voters in running the elections fairly. You’re right that I don’t see this position as worthy of challenge: any more than I see your self-claimed credentials as an IT expert worthy of challenge.

159. I just got off the phone with an old friend who’s more knowledgeable than I about security, having done a lot of work with the DoD. He confirmed almost every point I’ve made here, but did contradict me on one point: it IS possible to write secure code in both Basic and C. However, he also points out that this requires the programmer to jump through a lot of hoops to maintain security. If you want a secure application, he agrees, it’s just stupid to use Basic or C.
     He also suggested an idea that impresses me as particularly useful: offer the voter a hardcopy of his ballot. This would be in addition to the paper trail hardcopy, and the voter’s copy would be given an identification number. All the voting results are then posted on the Internet, right down to the individual votes, although they would of course remain anonymous because each ballot would be identified only by a code number. Thus, any citizen can peruse the votes to determine that they were in fact counted properly. More important, any citizen can look up his own vote to insure that it was recorded properly. If he finds that his vote for Candidate X was converted into a vote for Candidate Y, he marches straight to the District Attorney and shows them the printed ballot, and somebody’s head will roll.

160. “He also suggested an idea that impresses me as particularly useful: offer the voter a hardcopy of his ballot.”
     Wonderful new idea: very insightful; I wonder why no one ever thought of this before?
     Paper trails for electronic voting! This introduces an entirely new concept into the debate for everyone familiar with the issues!
     Now we’re getting somewhere.

161. Gary, I clearly differentiated between the conventional paper trail that has been urged by computer scientists for years (in which the printed ballot is stored for archival purposes) from the new idea presented by my friend, in which a SECOND copy of the ballot is given to the voter, and can be checked against the results posted on the Internet.
     These are two very different ideas; don’t confuse them.

162. Jesurglisac, you’re starting to get hot under the collar; I suggest that you cool off. Perhaps I should depart this discussion in the interests of public amity, but I fear that your animus towards me would manifest itself in other discussions, and I don’t want that to cripple future discussions, so I suggest that you calm down and concentrate on the ideas rather than the personalities.
     Back to work:
     You suggest that effective democracy is worthy any price. I disagree. I’m not willing to spend a penny more than is necessary to obtain a reliable vote count. I’m pretty sure that my opinion is shared by most citizens. Wasted money, after all, is never popular with the taxpayers.
     I do believe that we can obtain a reliable vote count with computers, I have demonstrated how this is possible, and you seem to have no substantive challenges to my rough calculations. There’s still plenty of room for wiggle in my numbers, but they certainly demonstrate the plausibility of my case. They don’t prove anything — neither of us has proven anything — but they at least provide more detailed support than any of the opposing arguments I have seen.
     You write, “You think it’s better to aim to do it as cheaply as possible, and above all not include ordinary voters in running the elections fairly.”
     Come now, Jesurglisac, this is an expression of anger, not intellectual analysis. Let’s focus on productive discussion, please!
     Lastly, you refer disparagingly to what you call “your self-claimed credentials as an IT expert”. Actually, I’m not asking anybody to take anything on my word alone. I have offered lots of factoids, any of which can be checked out quite easily. For example, I did not provide a link proving that one can weld a box shut to make it secure, and I don’t ask anybody to take that claim on my authority, but should anyone wish to challenge it, go ahead.
     Please, let’s not get into a shouting match. Let’s just concentrate on the facts and ideas, OK?

163. Erasmussimo,
     Your brilliant idea is unworkable. If voters can produce records of their voting they can be coerced to provide those receipts and can easily sell their votes.
     Also, as much as I hate to do so, I need to defend VB a little. You cannot argue that VB is fundamentally insecure without explaining why. Certainly, versions of VB that run on virtual machines should be more secure than traditional C programs. Furthermore, VB generally doesn’t allow direct pointer manipulation. Again, you need to make an actual argument instead of blithely asserting things to be true.

164. Sorry, Erasmussimo, but I have a hard time taking you seriously when you’ve disregarded insights from computing professionals and matters that have already been discussed for years.
     Yes, paper trails. Brilliant. It’s only been discussed for the last decade or so…

165. Gary, I clearly differentiated between the conventional paper trail that has been urged by computer scientists for years (in which the printed ballot is stored for archival purposes) from the new idea presented by my friend, in which a SECOND copy of the ballot is given to the voter, and can be checked against the results posted on the Internet.
     These are two very different ideas; don’t confuse them.
     Ummm, this ideas HAS been proposed. Again, been there, done that.

166. Erasmussimo:

     However, a reading of the opinions of many separate experts clearly demonstrates that the opinion of most is that the security problems can readily be solved if only we put some competent effort into it. I provided a quote from Mr. Schneier to demonstrate this point.
     […]
     Second, as Mr. Schneier points out, there are some security experts who are pessimistic, but most are optimistic that these problems have reasonably obtainable solutions. Anybody can dig up a few outlier quotes; the real question is what the majority of experts think, and that matter seems to be clear.

     I’m a tad unclear on how long you’ve been following the issues of electronic voting, and “Mr. Schneier”‘s views.
     I came to the issue late, only around 1995 or so. I’ve only had mutual friends with Bruce since the mid-Seventies, and he didn’t start buying me dinner when he and Karen came to town until long after.
     I will assume that you’re actually entirely unfamiliar with Bruce’s writings, and views, and that of “most experts” on security, rather than deliberately misrepresenting those views, which Bruce has written about so many hundreds of times that one can find relevant summaries almost randomly in his archives.
     My second cite to him, above, which you either didn’t read, or chose to ignore in favor of what you want to believe:

     That’s my primary concern about computer voting: There is no paper ballot to fall back on. Computerized voting machines, whether they have keyboard and screen or a touch screen ATM-like interface, could easily make things worse. You have to trust the computer to record the votes properly, tabulate the votes properly, and keep accurate records. You can’t go back to the paper ballots and try to figure out what the voter wanted to do. And computers are fallible; some of the computer voting machines in this election failed mysteriously and irrecoverably.
     […]
     The ideal voting system would minimize the number of translation steps, and make those remaining as simple as possible. My suggestion is an ATM-style computer voting machine, but one that also prints out a paper ballot. The voter checks the paper ballot for accuracy, and then drops it into a sealed ballot box. The paper ballots are the “official” votes and can be used for recounts, and the computer provides a quick initial tally.
     Even this system is not as easy to design and implement as it sounds. The computer would need to be treated like safety- and mission-critical systems: fault tolerant, redundant, carefully analyzed code. Adding the printer adds problems; it’s yet another part to fail. And these machines will only be used once a year, making it even harder to get right.
     But in theory, this could work. It would rely on computer software, with all those associated risks, but the paper ballots would provide the ability to recount by hand if necessary.

     The only thing everyone has ever talked about since 2000 and earlier is that any voting system that uses ballots must make a paper copy available to the voter.
     That’s the basic, elementary, first grade, assumption, that everyone has been been talking about since the last century. This is the sort of thing I meant when I urged you to read what folks have been discussing since the mid-Nineties, and provided you links to do so.
     Bruce more recently, this from last November 13th:

     Electronic voting machines represent a grave threat to fair and accurate elections, a threat that every American — Republican, Democrat or independent — should be concerned about. Because they’re computer-based, the deliberate or accidental actions of a few can swing an entire election. The solution: Paper ballots, which can be verified by voters and recounted if necessary.
     […]
     Electronic voting is like an iceberg; the real threats are below the waterline where you can’t see them. Paperless electronic voting machines bypass that security process, allowing a small group of people — or even a single hacker — to affect an election. The problem is software — programs that are hidden from view and cannot be verified by a team of Republican and Democrat election judges, programs that can drastically change the final tallies. And because all that’s left at the end of the day are those electronic tallies, there’s no way to verify the results or to perform a recount. Recounts are important.
     This isn’t theoretical. In the U.S., there have been hundreds of documented cases of electronic voting machines distorting the vote to the detriment of candidates from both political parties: machines losing votes, machines swapping the votes for candidates, machines registering more votes for a candidate than there were voters, machines not registering votes at all. I would like to believe these are all mistakes and not deliberate fraud, but the truth is that we can’t tell the difference. And these are just the problems we’ve caught; it’s almost certain that many more problems have escaped detection because no one was paying attention.
     This is both new and terrifying. For the most part, and throughout most of history, election fraud on a massive scale has been hard; it requires very public actions or a highly corrupt government — or both. But electronic voting is different: a lone hacker can affect an election. He can do his work secretly before the machines are shipped to the polling stations. He can affect an entire area’s voting machines. And he can cover his tracks completely, writing code that deletes itself after the election.
     And that assumes well-designed voting machines. The actual machines being sold by companies like Diebold, Sequoia Voting Systems and Election Systems & Software are much worse. The software is badly designed. Machines are “protected” by hotel minibar keys. Vote tallies are stored in easily changeable files. Machines can be infected with viruses. Some voting software runs on Microsoft Windows, with all the bugs and crashes and security vulnerabilities that introduces. The list of inadequate security practices goes on and on.
     The voting machine companies counter that such attacks are impossible because the machines are never left unattended (they’re not), the memory cards that hold the votes are carefully controlled (they’re not), and everything is supervised (it isn’t). Yes, they’re lying, but they’re also missing the point.
     We shouldn’t — and don’t — have to accept voting machines that might someday be secure only if a long list of operational procedures are followed precisely. We need voting machines that are secure regardless of how they’re programmed, handled and used, and that can be trusted even if they’re sold by a partisan company, or a company with possible ties to Venezuela.
     Sounds like an impossible task, but in reality, the solution is surprisingly easy. The trick is to use electronic voting machines as ballot-generating machines. Vote by whatever automatic touch-screen system you want: a machine that keeps no records or tallies of how people voted, but only generates a paper ballot. The voter can check it for accuracy, then process it with an optical-scan machine. The second machine provides the quick initial tally, while the paper ballot provides for recounts when necessary. And absentee and backup ballots can be counted the same way.
     You can even do away with the electronic vote-generation machines entirely and hand-mark your ballots like we do in Minnesota. Or run a 100% mail-in election like Oregon does. Again, paper ballots are the key.
     Paper? Yes, paper. A stack of paper is harder to tamper with than a number in a computer’s memory. Voters can see their vote on paper, regardless of what goes on inside the computer. And most important, everyone understands paper. We get into hassles over our cellphone bills and credit card mischarges, but when was the last time you had a problem with a $20 bill? We know how to count paper. Banks count it all the time. Both Canada and the U.K. count paper ballots with no problems, as do the Swiss. We can do it, too. In today’s world of computer crashes, worms and hackers, a low-tech solution is the most secure.

     There were many many links I didn’t include.
     Here is another piece from the same day, with much much more, including:

     How many hundreds of these stories do we need before we conclude that electronic voting machines aren’t accurate enough for elections?

     That’s a random pluck of Bruce on the topic; here are more. (I’m sarcastic because I’m impatient with pointing out the basics again to someone who I’m reasonably sure wasn’t issuing his educated expert opinion on the topic in the Nineties, or 2000, and who has just minutes ago discovered the concept of “an idea that impresses me as particularly useful: offer the voter a hardcopy of his ballot”; I suspect that you’ll be a tad impatient, and perhaps sarcastic, in 2019 when someone tells you about this bright new idea, after first lecturing you about your “ignorance,” and his expertise.)
     Do you still want to maintain that you’ve been accurately representing Bruce’s views, with stuff like this? Do you really want to maintain that your quotes accurately represent Bruce’s views on electronic voting bettr than mine do?

     Second, as Mr. Schneier points out, there are some security experts who are pessimistic, but most are optimistic that these problems have reasonably obtainable solutions. Anybody can dig up a few outlier quotes; the real question is what the majority of experts think, and that matter seems to be clear.

     I hate to bug Bruce with trivia, and I wouldn’t unless it was worth it (wasting time on a blog comment thread isn’t remotely important), but it’s not a big deal for me to drop him an e-mail with your quotes and then provide his response, either, if it seems worth it.
     I dunno if you want to plead deliberate distortion (probably not), not knowing from Bruce’s very prominent writings as perhaps the foremost expert on the topic we’re discussing until I introduced him here yesterday, or simple willingness to imply you’re familiar with issues and writings you’re not, in the course of wishfully interpreting material to suit your opinions, which is almost certainly the main explanation, but I look forward to your explanation.

167. One more comment from Bruce:

     One of the dumber comments I hear about electronic voting goes something like this: “If we can secure multi-million-dollar financial transactions, we should be able to secure voting.” Most financial security comes through audit: names are attached to every transaction, and transactions can be unwound if there are problems. Voting requires an anonymous ballot, which means that most of our anti-fraud systems from the financial world don’t apply to voting. (I first explained this back in 2001M.)

     But there’s lots lots lots lots more where that came from.

168. Mr. Farber, you’re not reading Mr. Scheier’s statements. He is very clear that his opposition is to PAPERLESS computer voting systems. Here’s part of what you posted from him:
     “My suggestion is an ATM-style computer voting machine,”
     Do you see the phrase “computer voting machine” in that sentence? Mr. Scheier is suggesting the same thing I’m suggesting: a computer voting system with paper backup.
     I must confess to some exasperation at your posting long quotes whose purport strongly supports my proposition, and claiming the opposite. So let’s be absolutely clear here:
     I am championing a computer-based voting system with at least one (and possibly two) paper receipts to be used as backup. I find Mr. Scheier’s suggestion that the printed ballot be the primary data source — that’s fine with me, as it could be printed with a bar code for rapid machine reading. But the important point is to take the messy process that we now rely on, which is subject to all manner of human error, and replace it with a machine process that is more reliable.
     And no, I’m not saying that all machine processes are more reliable than all human processes. I’m saying that there exist some machine processes that are more reliable than the current system of voting, and that we should use those more reliable (and cheaper, to boot) systems.

169. Another minor item: Mr. Farber presents a quote from Mr. Scheier in which Mr. Scheier dismisses the comparison with financial computer systems on the grounds that financial systems are auditable because each transaction can be associated with a particular name. Mr. Scheier is apparently unaware of the proposal I cited earlier to provide each voter with an anonymously identified ballot for audit purposes. Yet Mr. Gwangung dismisses the originality of the idea with the statement “Ummm, this ideas HAS been proposed. Again, been there, done that.”
     Perhaps Mr. Scheier is not familiar with the field of computer security — I rather doubt it. Perhaps Mr. Scheier forgot about the idea when he wrote the above. Perhaps Mr. Gwangung is incorrect. I don’t know. But there is a discrepancy here.

170. Perhaps I should depart this discussion in the interests of public amity
     Or take it over to Taking It Outside?
     Either way, I’m done discussing it with you.

171. “Mr. Farber, you’re not reading Mr. Scheier’s statements.”
     I’ve been reading them for decades. We’re friends, as I tried to communicate.
     This even enables me to, you know, spell his name correctly. Assuming we’re talking about Bruce Schneier, not the “Scheier” you repeatedly refer to .
     “Perhaps Mr. Scheier is not familiar with the field of computer security — I rather doubt it.”
     I give up.

172. Mr. Farber, your friendship with Mr. Schneier (thanks for correcting my spelling) does not permit you to reverse the meaning of his writings. He is plainly supportive of exactly the kind of computer voting system I’ve been championing, yet you use his words to argue the opposite. I suspect that Mr. Schneier would be cross with you should he discover how seriously you have misused his writings. Don’t worry — I won’t tell. 😉

173. Gary, Chicago Manual, paragraphs 8.65 and 8.66 in the 13th edition. And of course various more technical style guides. I guess my copyediting has been more mathematical and scientific than yours.

174. We so need a TIO thread for this… 😉

175. “I guess my copyediting has been more mathematical and scientific than yours.”
     Yeah, I’ve never ever done any technical or academic copyediting; all my work has strictly been mass market, or at worst, small press.

176. Not to derail a productive thread or anything, but Amos, Common Sense or any other CS types out there: do you know a source — book, online journal, whatever — that would tell me how to formalize a definition by corecursion that doesn’t use category theory and coalgebras? I’m trying to help a friend make his thesis more precise and I can’t quite articulate what’s needed.

177. I guess my copyediting has been more mathematical and scientific than yours.
     IIRC, wasn’t that instituted in part because of the European/American split over whether to separate the digits by periods or commas? I get really weirded out whenever I read, say, a French report that “12.000 people were at the game” — what, you needed floating-point accuracy to measure a dozen people?

178. I find Mr. Scheier’s suggestion that the printed ballot be the primary data source — that’s fine with me, as it could be printed with a bar code for rapid machine reading.

     So you favor switching from voting machines to ballot-printing machines that produce optical-scan paper ballots? That’s fine with me, especially if the ballots are designed so that they can also be completed manually in cases when the machines break down or are overwhelmed. It’s a long way from the all-electronic system you we’re arguing for (and I was arguing against) at the beginning, though. I’m still not sure it’s worth all the expense or how possible it will be to get everyone to go for it, but it does have some advantages, particularly for people with some disabilities.
     I’m not sure where the cost savings would come in, though. Wasn’t eliminating the cost of handling all that paper supposed to be where we’d save all that money? Now the paper isn’t going away.

179. Watching this little thread has been awesome. It reminds me of the funner days on talk.origins.
     Erasmussimo: Let me give you some advice. Here, on the internet, you’re likely to run into actual experts. And you’re certain to, sooner or later, run into people who understand a subject much better than you. You might want to consider, just possibly, the fact that you could be in error.
     Now, I don’t know what sort of education or experience you have in software — your resume doesn’t matter (or so said the man who hired me by handing me a sheet of code and asking “What does this do?”).
     What matters is your level of understanding. So far, you’ve demonstrated the ability to:
     1) Wander into a conversation about electronic voting as if a decade or more of computer voting experience, discussion, studies, and security issues had never happened.
     2) Lecture people who quite obviously understand computers and computer security a LOT better than you on what they don’t understand about computers and computer security.
     3) Generally not make a positive impression for yourself.
     For example, your response to me (took a minute to dig it out) that “Central servers can’t be hacked because they’re not on the internet”…
     That shows your lack of domain knowledge right there. I had assumed — stupidily — that you had the level of competence you claimed. As such, I didn’t specify what I meant by hacking vote counting servers. There are, of course, three simple ways:
     1) Hack it at the software level — malacious code built into the product. This includes last minute ‘patches’ (the infamous case in Georgia, in which the code was patched at the last minute without undergoing scrutiny as an example).
     2) Hack it in person — an admin misusing tools (and Diebold’s auditing procedures are so poor that yes, indeed, anyone with proper access could modify records and remove the audit trail).
     3) Hack it remotely — using the connection between the voting machines and the servers.
     1 and 2 are most likely, but 3 isn’t impossible. I recall at least one paper outlining a way to do it.

180. Whoa, you’re making an assumption that’s new here: dual-function ballots. I don’t think that’s a good idea, because, as you note, they would increase the cost of the system. I don’t know by how much they would increase the cost, so I’m not ready to dismiss the idea out of hand. Let’s get some numbers on it first.
     But yes, I’ve been saying all along that computer voting systems with paper trails are the way to go. Mr. Schneier has been saying much the same thing all along. Most computer security experts have been saying the same thing all along. I was NOT arguing for a computer voting system without a paper trail.
     There is one fine distinction we have to be clear on. Mr. Shneier wants a computer voting system in which the printed ballots are not only the audit trail but the primary data source. I can live with that, although I’m not yet sure it’s necessary. And it suffers from the added problem of physical ballot security in transportation from polling station to central location. I suppose, however, that, if carried out in tandem with properly encrypted authentication data, it could work and not add too much cost.

181. Mr. Morat20, you seem more intent on personal attack than discussing the issues here, and I am averse to engaging in such childish issues, but I will respond to a few substantive issues you raise:
     You made some comments regarding hacking into the system, dismissing my ignorance for suggesting that the central server isn’t on the Internet. May I remind you that I was responding to your statement that “I just need access to one — the central server.” It goes without saying that the central server is pretty secure because it is the CENTRAL server, the obvious point of attack, and there will be lots of people hanging around it. Yes, some of the Diebold systems are grossly inadequate, and there were even some very suspicious activities in North Carolina, Georgia, and Ohio in 2004 that suggest manipulation of the data through the central server. But again, I remind you, I am talking about a computer system built by reasonably competent people, and that would include a secure central server unconnected to the Internet and with restricted physical access.
     All three of the hacks you describe are easily prevented by simple security procedures such as I have already outlined. So, yes, it’s not difficult to penetrate the security of computer voting systems now — but that says nothing about the difficulty of building secure computer voting systems. It just goes to show what a Mickey Mouse system we are using now.
     Lastly, it really doesn’t matter if I’m a blithering idiot — and if you think that important, I’ll happily stipulate as much. The important issue here is not Erasmussimo’s competence, wisdom, good looks, or sartorial taste. What’s important are the facts and issues. Where I’ve said something wrong, correct me. Don’t just assert that I’m wrong — give me some logic plus facts. So far, I’m reading a goodly number of feckless attacks on my competence and an insufficient supply of direct response to the points I am making.

182. The breakdown of machines was a factor in the last elections iirc. I would be not at all surprised, if those breakdowns were a larger problem in the less affluent (and usually Democratic leaning) districts (that had fewer machines in the first place) even without evil intent (that I assume also played a role). I hear the same was already the case in the era of the mechanical machines. The result were long lines of admission causing many to go home without voting “voluntarily”(I probably wouldn’t wait 8 hours in line to vote) or even being sent away because the precinct closed before they reached the head of the line.
     Don’t know how many votes were effectively suppressed by this. Paper ballots have no such natural bottleneck.
     Btw, “Drafted Election Helpers” in Germany are not actually payed but only receive catering or the money equivalent, if that is not possible. With elections on an officially work-free day (Sunday, could in theory be a national holiday too) there is no loss of income.

183. Erasmussimo, I interpreted Schneier’s quoted statement as endorsing the dual-function ballots: “You can even do away with the electronic vote-generation machines entirely and hand-mark your ballots like we do in Minnesota.” It’s true it might be interpreted otherwise. I don’t see why designing the computer-produced ballots to be compatible with hand-marked optical-scan ballots should be that big a deal.
     I think there’s a vast difference between a paper audit trail, which you’ve mentioned as one possibility, and computer-produced paper ballots. With the first system, the vote is something mostly unobservable that’s stored on a disk drive or a memory card. With the second, the vote is a physical marking on an object — something that anyone can see and something that’s more difficult to alter or destroy in significant numbers without leaving evidence and involving more people.

184. “I would be not at all surprised, if those breakdowns were a larger problem in the less affluent (and usually Democratic leaning) districts (that had fewer machines in the first place) even without evil intent (that I assume also played a role).”
     In my state it was the impulse to go to a brilliant new improved computer voting system. Worked wonders.

185. Yes, KCinDC, it’s possible that a dual-purpose ballot could be designed. I’d guess that it would use the conventional bubble-filling method, which is trivial for the computer to do and easy for the human to do. The optical scanning is certainly workable, but in terms of optimum reliability, I’d prefer the machine-generated results. Optical scanners can jam, mangle ballots, or misread human-marked ballots. But they’re a viable solution.
     You seem to place an enormous amount of weight on the tangibility of physical ballots. I can understand a healthy skepticism about the likelihood of political dirty tricks — I myself am one of the believers that the Diebold machines were manipulated to alter electoral results — but I’ll again remind you that we really can build machines that are secure. We make the design open and available to everyone so that everyone can convince themselves that the system is secure. If the procedure for voting is secure, then the results of that procedure are secure. I recognize your fear that the average person won’t understand the process, and so might be disenfranchised from the verification process, but I ask you, do you know how votes are counted in your district? Do you know where they go, who handles them, and who counts them? It’s possible, but certainly you’ll agree that there aren’t many Americans who do know. Instead, they take the word of their representatives — the Republican or Democratic observers — who monitor the process. What’s the difference between your party observer watching the votes being counted and your party observer watching the computers being built? You still end up trusting somebody.

186. You made some comments regarding hacking into the system, dismissing my ignorance for suggesting that the central server isn’t on the Internet. May I remind you that I was responding to your statement that “I just need access to one — the central server.” It goes without saying that the central server is pretty secure because it is the CENTRAL server, the obvious point of attack, and there will be lots of people hanging around it.
     And there’s your problem, in a nutshell. It “doesn’t go without saying”. It’s an assumption. You are assuming that the tabulating servers, their databases, their audit files, their log files, their source code, and their links with client machines are secure and well-written.
     It’s an unfounded assumption — one completely at odds with the reality of electronic voting (in which even simple client machines are incapable of running smoothly) and certainly at odds with the fact that these systems are proprietary and immune to the scrutiny of election officials — most of whom wouldn’t know C from Basic, even if they had source code access.
     You don’t seem to grasp the very basic problems here. First and foremost — analysis of leaked Diebold code (revealed through their own stupidity and failure to properly secure an FTP site) indicates that the entire system was so insecure a child of 10 could have broken it. An Access DB, general lack of security, auditing software that was vulnerable to anyone with DB administrative privaleges, insecure communication, and no form whatsoever of client vote verificiation.
     Given that, you want us to assume that electronic voting software will be magically ultra-secure and awesome and magical and invulnerable?
     How? Who is going to verify the work? Who is going to monitor the DB? Who is going to make sure the inspected source code is what is compiled and running — not just on the servers, but the client machines? Who is going to ensure that the system is invulnerable to client-side hacks (and every client machine on the market today can be hacked even easier than the old lever machines).
     And — god forbid — how to you verify the numbers you get are even remotely right?
     You don’t. Your entire argument here has been founded on assumptions. Assumptions that anyone with even the most basic knowledge of electronic voting in the US would consider laughable.

187. Why do we need electronic voting at all?
     Suppose we went to an entirely paper system. It would presumably cost more to run. It would take much more labor for human beings to do the work. It would get slower results. That’s all OK with me. Suppose it took a whole week to find out who won the elections. I don’t mind that either.
     If we’re going to go to electronic voting, let’s work out all the problems and spend about 50 years verifying that all the problems are worked out first, and then switch.
     That reminds me, whenever there’s talk about reliability or verification in government I like to bring up drug testing. We need regular drug and alcohol testing for legislators. Also for the President and high political appointees.
     We don’t let airline pilots fly drugged, it affects the public safety. How much more is the public safety threatened by drugged senators?!

188. “We make the design open and available to everyone so that everyone can convince themselves that the system is secure.”
     Because every voter has the technical knowledge to satisfactorily and accurately do that. No problem there.
     After all, all the facts on the engineering of the World Trade Center buildings being available to all has made it impossible for anyone to believe that the only logical explanation for their collapse was internal demolition.
     Yes, the facts being public and open is all that is needed to do away with public suspicion, misunderstanding, delusion, conspiracy theories, or even genuine reasons for concern.
     That always works.
     And, in general, when we discuss “security,” we’re referring to things like welding, and crytological code; “social engineering” and the ways people respond socially to issues of insecurity, or are manipulable, or illogical, are irrelevant, just as human error is.

189. Ah, I see your misunderstanding now, Mr. Morat. You believe that I am arguing in favor of the current computer voting systems. I’m not. I am arguing in favor of computer voting systems that have been secured as per the recommendations of many computer security experts. And, while I may be horrifically ignorant, perhaps you might be willing to trust those computer security experts.

190. Mr. Farber, once again in your flights of sarcastic eloquence you have escaped into a universe beyond the realm of my perception; perhaps you could bring it down to earth for my plodding intellect and explain your meaning?

191. If the voter himself inputs the printout into the optical scanner, as suggested above, I guess you save a little money on poll counters. But you lose votes, because some significant percentage of voters, especially the elderly, will find ingenious ways to screw up the task of putting paper (A) into scanner (B), especially since I have yet to see a fax or scanner that didn’t use cutesy little enigmatic icons to tell you which way up. You could make the machine buzz when it can’t read a page — but they won’t necessarily improve their performance the second time around, and anyway, the buzzer will probably go off at random about as often as a car alarm does, which won’t help create a calm voting experience.

192. Sorry, that was a response to KinDC at 2:42, I hadn’t realized how much traffic there was after that.

193. “When investigators show up at people’s houses, they can ask to see ID and they can also ask to see recent bills or other postal mail. They can ask people if they actually voted. They can cross reference the social security death index and the local death certificates for people they’re unable to locate.
     I can’t see any reason why this sort of investigation would be illegal right now. States that performed these investigations would get a rough bound on how bad voter fraud is.”
     It would almost certainly be seen as voter harrassment.

194. Trilobite, the same is true of those elderly voters attempting to manage the touch screen. (Hell, it’s nearly true of me at a touch-screen ATM on a day when my fingers are particularly cold, especially when it’s been miscalibrated.)
     Erasmussimo, I believe that a process will be observed less effectively if only 1 percent of the population is qualified to observe it than if most random people off the street are.

195. It would almost certainly be seen as voter harrassment.
     Seb,
     Well that depends doesn’t it. It certainly would if the operation were designed and run by republican party operatives who have a history of voter intimidation.
     Alternatively, if you publicize this ahead of time, and make it very clear that you’re doing this in a random sampling of precincts and outsource some of the work to a trusted neutral party like the league of women voters or high school students, then it would not be seen as harassment.
     For that matter, you could offer people a $20 gift certificate if they could demonstrate that they were the person voting that day.
     If you only do this in african american communities and you use uniformed white police officers as the investigators, then there will be problems. If you do it in a variety of areas and the work is being done by high school kids as part of their civics class, you will have far fewer problems.
     Seb, am I missing something or does that take care of your concern?

196. I’m not particularly concerned about any of that, you need to convince the liberals here.

197. For that matter, you could offer people a $20 gift certificate if they could demonstrate that they were the person voting that day.
     Maybe that plan could be checked out as a pilot project in Chicago, just to see how it works. So as not to show any favoritism to any particular store, cash will be handed out instead ;^)

198. I’m not particularly concerned about any of that, you need to convince the liberals here.
     Um, no. I asked you why no state has conducted an investigation along the lines I described. You suggested that the reason is concern over voter intimidation. I countered with a means of conducting the investigation that would greatly reduce the appearance of voter intimidation.
     So, now I’d like to hear either a good reason why a normal person would still suspect voter intimidation even with the safeguards I described in place OR a reason why no one has ever conducted this sort of investigation before.
     It could be that I am simply smarter than everyone who has ever worked in government so no one has ever thought of this idea before. However, I doubt that.
     Seb, I’m trying really hard to believe that you have real concerns about voter fraud, as opposed to a desire to reduce minority voting. However, it would be easier to do that if you showed a little interest in actual voter fraud investigations. Alternatively, you could continue to argue that we cannot ever measure voter fraud without imposing radical identification requirements.

199. I know of an industrialist who wanted to give a day off, paid to people who voted. No can do, said the authorities.

200. “I know of an industrialist who wanted to give a day off, paid to people who voted. No can do, said the authorities.”
     Who are the authorities who can order that a business not give employees a paid day off, and what authority did those authorities use?

201. “It could be that I am simply smarter than everyone who has ever worked in government so no one has ever thought of this idea before. However, I doubt that.”
     I wouldn’t doubt for a moment that you might be smarter than anyone assigned to such a project. But I strongly suspect that such a project would be strongly resisted, by liberals. Which is why I think you would have to convince them.
     “Seb, I’m trying really hard to believe that you have real concerns about voter fraud, as opposed to a desire to reduce minority voting. However, it would be easier to do that if you showed a little interest in actual voter fraud investigations. Alternatively, you could continue to argue that we cannot ever measure voter fraud without imposing radical identification requirements.”
     You may have confused me with someone who has actual power. I regret to admit that I don’t. As for radical identification requirements for voting, lots of other countries require some sort of actual identification. It isn’t unheard of. I’m not saying that is dispositive–just that it isn’t radical.

202. Who are the authorities who can order that a business not give employees a paid day off, and what authority did those authorities use?
     I assume it was based on a law saying you can’t offer someone anything of value as enticement to vote. A paid day off is something of value.
     You could give all your employees Election Day as a paid day off, naturally. But a law like that would prohibit you from conditioning it on actually voting. It’s a fine distinction, I grant you.

203. “I assume it was based on a law saying you can’t offer someone anything of value as enticement to vote.”
     Is it illegal in some places to do that, rather than it being illegal to offer someone anything of value as enticement to vote in a specific way?
     I’m not disagreeing: I just hadn’t realized or been aware of that, if so. Does anyone have a pointer on how widespread such laws are? (Yes, I can google, but I’m feeling lazy, and not to mention crappy, so I’m asking first.)

204. Sebastian… “I lived out of my car for two months for God’s sake.”
     Was it a Caddy or a Hummer?

205. Vote for your favorite song
     My kid’s choir
     instead of
     cleek doing moody stuff
     I’m a balding-headed link ho now, give me some love, or else you will never actually hear Thullen.

206. Gary: Is it illegal in some places to do that [offer someone anything of value as enticement to vote], rather than it being illegal to offer someone anything of value as enticement to vote in a specific way?
     Yes; in Virginia and Iowa at least, and I believe in many places.
     The rationale is, I think, that there are many precincts in which an overwhelming majority of the voters vote one way or the other, so that offering an enticement of value has the effect of an enticement to vote in a specific way.

207. Common Sense, the procedure you describe is cluster sampling. (As you doubtless know.)
     Which means I imagine Republicans would have two problems with it:
     One: if the objective is to find out if voter fraud is a widespread problem, it would be only sensible to make clear that the data in the survey can’t and won’t be used to prosecute or investigate any individiduals. (The UK Census has an unbreakable rule that it doesn’t share its raw data with anyone, for just that reason.) I can see Republican politicians calling it an “investigation into voter fraud” rather than “a survey of voting patterns” and then complaining that the people carrying it out were “shielding criminals”.
     Two: Many conservatives appear to have locked themselves into the belief that cluster sampling is not an effective scientific method of getting data, because if they did believe it, they’d have to believe that around 700 000 people in Iraq have been killed as a result of the US invasion/occupation, and they don’t want to. (For all I know, this will be a short-lived rejection, but where it exists, it seems to be absolute.)

208. “Sebastian… “I lived out of my car for two months for God’s sake.”
     Was it a Caddy or a Hummer?”
     It was a VW Rabbit, thanks for wondering.

209. Sebastian… “I lived out of my car for two months for God’s sake.”
     Was it a Caddy or a Hummer?
     
     Wow, was that spectacularly crass. Sorry about that, Sebastian.

210. Voter Fraud/EAC/US Attorneys/Indiana Voter I.D. Case Roundup

     A few additional commentaries and developments this weekend worth noting. Marty Lederman has written this must-read post on Balkanization trying to put the AG Gonzales controversy into the broader context of the voter fraud allegations. Marty writes: T…

Comments are closed.