SwampGas
09-05-2003, 08:32 AM
I was visualizing a computer voting system....
Machine
<blockquote>Any type of x86. You can pickup some mid-speed (500mhz or so) machines DIRT cheap. Doesn't need more than 64 ram (probably less). It would need touch screen and preferably a LARGE monitor (to fit large text). It would need a basic sound card. Modem/NIC are discussed later.</blockquote>
Operating system
<blockquote>Linux with X Windows. It would make use of the encrypted file system.</blockquote>
Software language
<blockquote>To be honest, I'm not sure. It could be done in C, C++, Python, Perl, TCL...basically ANYTHING that supports QT or GTK.</blockquote>
Visualization
<blockquote>Text is large...1/2" actual size at the minimum. Since it's touch screen, you simply touch the screen in the boxes indicated. It works exactly like a real voting machine...hitting the same button will undo the selection. Hitting "straight ticket" will enable all the buttons.</blockquote>
Error correction
<blockquote>A dot matrix printer (cheap and uses the continuious green/white row paper) is connected and keeps a paper record of the system.</blockquote>
Security
<blockquote>Each machine is given a unique key at birth (which NEVER changes through its life). Other keys are created and distributed prior to the election. Data is encrypted using GnuPG at a very high bit rate. Certain data is encrypted for certain keys so that certain people may have access to certain data files.
Obviously they keep track of what machines are produced and used for each election. If a machine is found to be defective, stolen or otherwise malfunctioning it can be issued a revocation...in which case data packets containing its unique id will be invalid.</blockquote>
Accessibility
<blockquote>Blind - It would have to walk you through the voting process via headphones. To acknowledge the computer you just touch the screen anywhere. Example: "Welcome to such and such voting system. I will ask you questions to which you have 3 seconds to respond by touching the screen in any location. If you do not touch the screen, I will assume you mean no. You will have the ability to change your selections incase of error or personal preference. Here we go. To vote straight ticket democrat, touch the screen now. . ." It will acknowledge you touching the screen or not touching the screen.
Deaf - They can still see.
Otherwise handicapped - The voting assistants will help them as they normally do.</blockquote>
The actual voting process
<blockquote>The people responsible for monitoring and authenticating the votes are assigned their keys and said keys are encrypted using their password.
Ballots are loaded into the machines.
Supervisors test the machines.
Person comes in to vote. The machine defaults to demo mode, clearly defined by large "DEMO MODE - VOTE DOES NOT COUNT" at the top and bottom of the screen. The volunteer will demonstrate how to use the system. After he does his fake vote, it will go into live mode. The person will choose their selection and touch the "VERIFY VOTES" button. It will clearly say "YOU HAVE NOT VOTED YET" at the top and display your selections. You may go back or push the "VOTE" button.
Upon pushing vote, your vote is counted in the internal data file, it is logged in the internal log file, and a paper copy of both are sent to the dot matrix printer. The screen will say "THANK YOU FOR VOTING - HAVE A NICE DAY" and will remain there until the volunteer "resets" the machine by touching an invisible square on the screen.
Quick polls can be estimated by looking at the printer read out which will print a tally every X amount of votes.
Upon closing of the polls, the supervisor will obtain the data files from the machine and do a quick audit by comparing to the printer readout. If there are any discrepancies, an investigation will commence to find the problem (same with mechanical machine failure).
The data packet includes:
- voting data
- voting log
- MD5 sums of the various system files, including the ballot file
- the unique machine id and machine location, venue, etc
The supervisor then encrypts the data files using his/her key, along with the public keys of the other people who will see the data files (this is done automatically...all they enter is their password).
That data pack can now be emailed to the appropriate person and so on. They can decipher the packet because it was encrypted using that person's key.</blockquote>
Future considerations
<blockquote><u>Online estimating and such</u> - The machine is not to be connected to any external system. It ruins the integrity of the system.
<u>Post-election audit</u> - If, for any reason, someone in the election committee feels that an audit of a particular machine is in order, the machine may "phone home" to spill its guts. Other options include AUTOMATIC audit polling to a home system, however an online method is suggested because the amount of phone lines and equipment necessary to facilitate modem-based transmissions will exceed those of servers. Imagine every machine on the east coast attempting to phone home at the same time....a random delay between 0-30 mins will be calculated.</blockquote>
So who wants to help me get a grant and develop it? <img src=smilies/magbiggrin.gif>
<P ID="signature"><marquee direction=right scrollamount=10>http://www.zophar.net/personal/swampgas/hsrun.gif</marquee></P>
Machine
<blockquote>Any type of x86. You can pickup some mid-speed (500mhz or so) machines DIRT cheap. Doesn't need more than 64 ram (probably less). It would need touch screen and preferably a LARGE monitor (to fit large text). It would need a basic sound card. Modem/NIC are discussed later.</blockquote>
Operating system
<blockquote>Linux with X Windows. It would make use of the encrypted file system.</blockquote>
Software language
<blockquote>To be honest, I'm not sure. It could be done in C, C++, Python, Perl, TCL...basically ANYTHING that supports QT or GTK.</blockquote>
Visualization
<blockquote>Text is large...1/2" actual size at the minimum. Since it's touch screen, you simply touch the screen in the boxes indicated. It works exactly like a real voting machine...hitting the same button will undo the selection. Hitting "straight ticket" will enable all the buttons.</blockquote>
Error correction
<blockquote>A dot matrix printer (cheap and uses the continuious green/white row paper) is connected and keeps a paper record of the system.</blockquote>
Security
<blockquote>Each machine is given a unique key at birth (which NEVER changes through its life). Other keys are created and distributed prior to the election. Data is encrypted using GnuPG at a very high bit rate. Certain data is encrypted for certain keys so that certain people may have access to certain data files.
Obviously they keep track of what machines are produced and used for each election. If a machine is found to be defective, stolen or otherwise malfunctioning it can be issued a revocation...in which case data packets containing its unique id will be invalid.</blockquote>
Accessibility
<blockquote>Blind - It would have to walk you through the voting process via headphones. To acknowledge the computer you just touch the screen anywhere. Example: "Welcome to such and such voting system. I will ask you questions to which you have 3 seconds to respond by touching the screen in any location. If you do not touch the screen, I will assume you mean no. You will have the ability to change your selections incase of error or personal preference. Here we go. To vote straight ticket democrat, touch the screen now. . ." It will acknowledge you touching the screen or not touching the screen.
Deaf - They can still see.
Otherwise handicapped - The voting assistants will help them as they normally do.</blockquote>
The actual voting process
<blockquote>The people responsible for monitoring and authenticating the votes are assigned their keys and said keys are encrypted using their password.
Ballots are loaded into the machines.
Supervisors test the machines.
Person comes in to vote. The machine defaults to demo mode, clearly defined by large "DEMO MODE - VOTE DOES NOT COUNT" at the top and bottom of the screen. The volunteer will demonstrate how to use the system. After he does his fake vote, it will go into live mode. The person will choose their selection and touch the "VERIFY VOTES" button. It will clearly say "YOU HAVE NOT VOTED YET" at the top and display your selections. You may go back or push the "VOTE" button.
Upon pushing vote, your vote is counted in the internal data file, it is logged in the internal log file, and a paper copy of both are sent to the dot matrix printer. The screen will say "THANK YOU FOR VOTING - HAVE A NICE DAY" and will remain there until the volunteer "resets" the machine by touching an invisible square on the screen.
Quick polls can be estimated by looking at the printer read out which will print a tally every X amount of votes.
Upon closing of the polls, the supervisor will obtain the data files from the machine and do a quick audit by comparing to the printer readout. If there are any discrepancies, an investigation will commence to find the problem (same with mechanical machine failure).
The data packet includes:
- voting data
- voting log
- MD5 sums of the various system files, including the ballot file
- the unique machine id and machine location, venue, etc
The supervisor then encrypts the data files using his/her key, along with the public keys of the other people who will see the data files (this is done automatically...all they enter is their password).
That data pack can now be emailed to the appropriate person and so on. They can decipher the packet because it was encrypted using that person's key.</blockquote>
Future considerations
<blockquote><u>Online estimating and such</u> - The machine is not to be connected to any external system. It ruins the integrity of the system.
<u>Post-election audit</u> - If, for any reason, someone in the election committee feels that an audit of a particular machine is in order, the machine may "phone home" to spill its guts. Other options include AUTOMATIC audit polling to a home system, however an online method is suggested because the amount of phone lines and equipment necessary to facilitate modem-based transmissions will exceed those of servers. Imagine every machine on the east coast attempting to phone home at the same time....a random delay between 0-30 mins will be calculated.</blockquote>
So who wants to help me get a grant and develop it? <img src=smilies/magbiggrin.gif>
<P ID="signature"><marquee direction=right scrollamount=10>http://www.zophar.net/personal/swampgas/hsrun.gif</marquee></P>