After 19 years of work, Juan Gilbert says he has invented the most secure voting machine
In late 2020, a large box arrived at Juan Gilbert's office at the University of Florida. The computer science professor had been looking for this kind of product for months. Previous orders had yielded poor results. This time, though, he was optimistic.
Gilbert drove the package home. Inside was a transparent box, built by a French company and equipped with a 27-inch touchscreen. Almost immediately, Gilbert began modifying it. He put a printer inside and connected the device to Prime III, the voting system he has been building since the first term of the George W. Bush administration.
After 19 years of building, tinkering, and testing, he told Undark this spring, he had finally invented "the most secure voting technology ever created."
[...] By this point, Gilbert had published a video of his ballot-marking device, or BMD, in action, but he was unsure how the hacking community would respond. "There's a part of that community that's very confident in what they do," he said. "And if they hear how it works, they may run away from it."
[...] The latest version of the machine, which Gilbert and his students finalized this year, has all the parts of a normal voting machine: a touch screen for voters to make their selections and a printer to create a paper ballot that is then fed into a scanner.
The machine also has some more distinctive security features. The touchscreen is transparent, allowing voters to watch the machine print their ballot, in real-time, and notice any issues. The whole machine is also encased in fully transparent glass, making it difficult to insert, say, a malicious USB drive undetected. And the machine's operating system, software, printer connection, and ballot information are stored on a read-only Blu-ray Disc. Unlike a typical hard drive, which voting technology skeptics say could be manipulated to change a person's votes, the disc cannot be overwritten, modified, or changed in any way. "I have taken away that ability," said Gilbert. "You cannot change it."
To further ensure that the USB ports can't be used to upload mischievous code, Gilbert's machine reboots after every cast vote. "That caveat blows out a whole lot of their issues," he said. "No software can persist, right?"
Like most BMDs today, the machine also produces a paper ballot that can be audited. One longstanding concern about these paper trails is that voters don't actually verify whether what's printed on their ballot matches what they selected on the machine. If that's the case, then audits are no use.
This is why Gilbert's machine is so innovative, he said. The transparent touchscreen forces voters to look directly at the paper being printed, making it far more likely that voters will notice any tampering. And if that happens, he said, the voter can raise an alarm.
[...] Moving forward, Gilbert is planning to write a new paper detailing his design, and still hoping to find a hacker willing to test out the machine. The experience has left him sounding jaded about the world of election hacking — a world, he suggested, that often seems focused more on performatively tearing apart machines than actually working toward solutions.
"They only look at things they know they can break," Gilbert said.
"If you have something that you can't on the face of it figure out before you touch it," he continued, "they're not going to touch it."
(Score: 4, Interesting) by turgid on Sunday October 30 2022, @10:26AM (2 children)
You could put a different disk in? Unless the whole thing is glued shut and has alarms to say when something has been opened or otherwise tampered with, perhaps one of those dye marking things?
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 2) by JoeMerchant on Sunday October 30 2022, @01:48PM (1 child)
I think the disc gives the average Joe more confidence that they "know" what's in there, unlike a circuit board with WORM flash that the average Joe doesn't understand. Even the choice of BluRay vs DVD is probably about voter confidence in the security.
What would give me confidence in a voting system would be cryptographic signatures, starting with a root key maintained by the UN, passed down to national, state, county, voting district and voter keys. The biggest trust element in that system is the component that validated each voter only voting once without publishing how each individual voter voted.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 0) by Anonymous Coward on Sunday October 30 2022, @02:12PM
> ...starting with a root key maintained by the UN,
You must be the most idealistic, impractical person here on SN.
(Score: 0, Troll) by Runaway1956 on Sunday October 30 2022, @11:29AM (9 children)
After two years of researching, I've learned that my 2020 vote for West actually went to Ted Kennedy. And, he's been dead for 13 years (11 years in 2020)!!
Abortion is the number one killed of children in the United States.
(Score: 2) by janrinok on Sunday October 30 2022, @12:01PM (7 children)
This is not, IMO, a discussion about anyone's particular politics. That discussion belongs elsewhere.
This discussion is about how do we solve the practicalities of making a secure system for voting that enables everyone to vote in a democratic and verifiable way.
(Score: 3, Insightful) by ilPapa on Sunday October 30 2022, @12:45PM (5 children)
Maybe any such discussion could start from someone showing some evidence...any evidence... that the current system for voting is not secure.
You are still welcome on my lawn.
(Score: 2, Insightful) by Runaway1956 on Sunday October 30 2022, @01:18PM (1 child)
If you can sit up late-night, watching the votes being tallied, and you watch 2 million votes subtracted from one column, and being added to the other column, you KNOW the system ain't right. The system has be accurate, before anyone can claim it to be secure. The numbers were manipulated. You may be quite certain that they were manipulated honestly, but you have to admit that they were manipulated. That manipulation indicates that the system can be gamed by either side.
Call me a fool, but I have zero faith in a system that can be manipulated in the middle of voting.
Abortion is the number one killed of children in the United States.
(Score: 2) by JoeMerchant on Sunday October 30 2022, @02:00PM
>the system can be gamed by either side.
Not only can it be gamed by any side, it almost certainly is gamed by the two largest factions in every major election.
My faith lies in the assumption that the gamers are mostly small time and the checks and balances of the system keep such manipulations insignificantly small and mostly canceled out by opposing manipulations.
If you are watching vote tallies on election night you are seeing a lot of assumptions and predictions, which IMO should be illegal to publish, but that's how we do it. Those 'predictions' are legally manipulated in all sorts of ways, including intentionally undermining confidence in the system.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by janrinok on Sunday October 30 2022, @01:40PM
I thought that the last US election provided more than sufficient evidence - or at least almost half the country seemed to think so. If they cannot/will not trust the system then something needs to change so that the voting result is beyond doubt.
(Score: 2) by JoeMerchant on Sunday October 30 2022, @01:52PM (1 child)
>showing some evidence...any evidence... that the current system for voting is not secure.
It relies on human beings which have been proven unreliable in all endeavors.
And, if you look at the human beings who dominate poll worker staff, you would never challenge the unreliability assertion.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 0) by Anonymous Coward on Sunday October 30 2022, @02:19PM
> And, if you look at the human beings who dominate poll worker staff, you would never challenge the unreliability assertion.
As I interpret your double negative, it seems that you don't trust poll workers. Is this correct?
Why don't you volunteer to be one, I'm fairly certain that there are slots available right in your town! Then you could report back on how the process actually works in your area, instead of sniping from the sidelines. I know several people that have done this good work and they are ordinary honest folks.
(Score: 0) by Anonymous Coward on Sunday October 30 2022, @01:14PM
Well someone thought that was funny. Don't be boorish, Jan.
(Score: 0) by Anonymous Coward on Sunday October 30 2022, @01:35PM
From tfa it appears that it took two years to:
> ...has all the parts of a normal voting machine: a touch screen for voters to make their selections and a printer to create a paper ballot that is then fed into a scanner.
But that's not the voting process here in NY State. What useful functions do the touch screen and printer provide?
We have pre-printed ballots, we mark them with pencils, tables with privacy screens are provided. A simple manila folder is also provided so you can hide your ballot inside while you carry it over to the scanner. The scanner does its thing (including, iirc, rejecting improperly marked ballots) and the ballot drops into a locked box...which can be opened if a recount is necessary.
Early voting is open now, we'll be heading over shortly to miss the crowds on Election Day.
(Score: 2, Flamebait) by MIRV888 on Sunday October 30 2022, @12:00PM (2 children)
I realize there are lot of dim bulbs voting, but if you need to physically see your ballot be printed and stored as a hard copy, you aren't going to believe the election results anyway.
Confirmation bias & AM radio have destroyed all faith in election results. No amount of facts, auditing, or see through voting machines is going to change that.
(Score: 2, Funny) by turgid on Sunday October 30 2022, @12:30PM
We all know that progressives are Satanists and will invoke various demons to get whatever election result they desire at the cost of their own souls. Science and technology and evidence are irrelevant. They won't even keep their womenfolk at home in the kitchen. What else do you expect?
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 1) by BigJ on Sunday October 30 2022, @01:11PM
As ilPapa states above. Why change something that is not verifiably broken. This really applies for moving from paper ballots to computer voting. And as for not believing the "authorities* or "auditors", isn't that the whole argument about open source. Everybody can be their own auditor. Just make every aspect of voting transparent (including code, machine configs, memory state, and detailed code flow logging of each vote and chain of custody, etc.) and problems will out themselves.
The meer fact that so much effort is placed on investigating secure and unhakable balloting devices is proof in and of itself that cheating is a valuable outcome and that election cheating is guaranteed to happen if left without checks. Given the stakes involved, I don't believe ceding voting integrity "checking" to the same people who benefit from the outcomes of said "checking" is the right course of action.
(Score: -1, Troll) by Anonymous Coward on Sunday October 30 2022, @01:29PM (1 child)
Whereas where's the evidence that this machine isn't adding extra votes when/where nobody is watching? There are reasons why banks often have multiple people involved in a process - e.g. Maker and Checker. You need collusion from different individuals. Having multiple people involved in the vote counting and checking does not make the system less secure than having fewer people involved.
(Score: 1, Funny) by Anonymous Coward on Sunday October 30 2022, @01:48PM
^ This!
> There are reasons why banks often have multiple people involved in a process - e.g. Maker and Checker.
When my parents were aging, I decided to learn a little about accounting so I'd be at least somewhat prepared to take over the tiny family company (just a few people). Went to the library and checked out a couple of introductory textbooks and started reading. At first, it made no sense (to me, as an engineer), entries and calculations were not at all straightforward, things were put in more than one place, calculations seemed roundabout, etc.
Then one day it all hit me at once. Accounting is not just a fancy name for bookkeeping. Accounting was designed specifically to require more than one person, possibly even more than one department in a company--all for the purpose of minimizing employee theft by running parallel calculations in different ways.
At that point I returned the textbooks because all we needed was bookkeeping--basically just a good check register with a note for the purpose of every check & deposit. Reconciling the balance monthly was completely open and any of us family members could check if there was a mismatch. In case you were wondering, this was a functional family (not a dis-functional one where someone was taking from the others).
(Score: 4, Insightful) by owl on Sunday October 30 2022, @01:36PM (2 children)
While I fail to see how this is an improvement over:
for marking down my votes, but even if I watched, through the transparent screen, the printer accurately print all my selections in real time, I still have to trust "the scanner" to accurately detect the marks made by the printer in the secure machine.
That scanner is going to be another computer, with another pile of software, and not only some boot media (disk/dvd/USB stick/SD card) which could be swapped out by an attacker but if it is also 'internet connected' then its security boundary boundary increases to include the whole internet instead of just the poll workers at the local precinct.
Granted, the paper printout is way better than no hard copy record at all, in that it provides an audit trail if questions arise, but there are still potential security holes here, they just move to "attack one scanner per precinct" from "attack ten touch screen voting machines per precinct".
This seems like someone who desperately wants to "computerize" an aspect that need not be computerized (almost all people can understand "mark the box next to your choice") (i.e., paper and pen work just fine for this). The "attack the scanner", provided the hand marked paper is fed into a scanner, aspect remains even with pen&paper, but pen&paper for the actual vote taking is easy, and requires no technology.
(Score: 2) by janrinok on Sunday October 30 2022, @01:48PM (1 child)
I have to agree - technology might not be the best solution. Those that do not understand technology will never trust it, and there will always be a number of flat-earthers or moon landing disbelievers who simply will not believe their own eyes. But something in the current system has to change so that even they can have faith in the final tally.
(Score: 2) by SomeGuy on Sunday October 30 2022, @02:08PM
What they need is for Apple to produce a voting machine and then advertise the hell out of it. Then everyone will believe they are magically hip and cool and perfect.
Consumertards really believe this: "Derrrr, they should just make it law so everyone texts their vote to the cloud with their iPhone. After all, that is perfectly secure and everyone owns a smart phone."
(Score: 2) by maxwell demon on Saturday November 12 2022, @10:40AM
If it prints on a continuous paper strip, I see an issue with it: It gives a way to associate a vote with the voter, by simply recording the order of people entering the booth, and comparing with the order of printed votes on the strip.
Part of the function of the voting urn in manual voting is to disconnect the information on the ballot from the information of who put that ballot in.
The Tao of math: The numbers you can count are not the real numbers.