×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Finnish Court Dismisses E-Voting Result

kdawson posted about 5 years ago | from the go-back-jack-do-it-again dept.

Government 114

wizzor writes in with a follow-up on the Finnish municipal election in which 2% of the votes were lost by a defective e-voting system, and which the Helsinki Administrative Court had found acceptable. Now the Supreme Administrative Court of Finland has rejected the election results (original in Finnish; bad Google translation here) and ordered the election to be re-run. The submitter adds, "Apparently 98% of the votes isn't enough to determine how the remaining 2% voted, after all."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

114 comments

2% were lost... (5, Insightful)

Mishotaki (957104) | about 5 years ago | (#27544517)

If 2% of the votes were lost, how many were incorrect or not registered properly? If the system can lose votes, it can very easily put them for the wrong person as well...

Re:2% were lost... (4, Funny)

gringofrijolero (1489395) | about 5 years ago | (#27544565)

Depends how well they were "calibrated"...

Re:2% were lost... (0)

Anonymous Coward | about 5 years ago | (#27547651)

In this case the votes were 'lost' because the user interface was poorly designed. Some voters didn't complete the voting process, because they didn't realize they had to press the final submit button.

Also, this trial with electronic voting, was done only in 3 municipalities through out the country.

Re:2% were lost... (2, Insightful)

Jurily (900488) | about 5 years ago | (#27544599)

If 2% of the votes were lost, how many were incorrect or not registered properly? If the system can lose votes, it can very easily put them for the wrong person as well...

All of them. The voting device had serious usability issues, enabling people to get out of the booth without registering the vote.

Re:Usability Glitch? (Score:5, Insightful)
by Antique Geekmeister (740220) on 2008-10-29 8:47 (#25552091)
The card should have been locked into the machine until the voter said 'OK' or cleared the screen, and locked it in with an alert and a deactivation warning if the person left the booth without doing either. Anyone can get confused about simple directions for an entirely new system. How many of us have tried to walk away from an ATM with our card still in it because we were distracted?

Re:2% were lost... (5, Insightful)

caliburngreywolf (1218464) | about 5 years ago | (#27544879)

In the USA, there is often a dramatic difference between early morning voters (usually elderly or thos who work in schools) Mid-day voters (usually unemployed or work non-standard hours) and evening voters (usually work a regular day job) if the 2% was spread out evenly over space and time, representing a random sample, inference is acceptable, but if it represents, let's say, the several thousand factory workers who voted right after work in a district that is abuzz with fervor for a new labor-friendly candidate...yeah, you can't base that 2% of the other 98%

Re:2% were lost... (1)

bioglaze (767105) | about 5 years ago | (#27546285)

In this case the error was evenly distributed, because it was caused by bad UI design. The voters could pull off the card before they finished their voting process.

Re:2% were lost... (2, Insightful)

Eunuchswear (210685) | about 5 years ago | (#27547637)

In this case the error was evenly distributed, because it was caused by bad UI design.

Uh, no

You don't think there may be differences in how people who are "elderly or those who work in schools", "usually unemployed or work non-standard hours" and "usually work a regular day job" might react to bad UI design?

(Using the categories proposed by GP).

2% creates doubt and mistrust (3, Insightful)

Anonymous Coward | about 5 years ago | (#27545009)

2% creates doubt and mistrust in the election results and that is unacceptable. What if the votes were lost in a non-random fashion? What if the same e-voting system gets reused later in a case where 2% could mean the difference between a seat going to one candidate or another? What if the root cause of the loss caused other problems as well? What does it say about the quality control and security of the system? People should be able to trust the outcome of an election.

Where do you draw the line? (1)

Joce640k (829181) | about 5 years ago | (#27546267)

If 2% is acceptable then what about 5%? 10%...? Where do you draw the line?

The running of an entire country is at stake here and 2% is certainly enough to show there's serious problems with the system.

Re:2% were lost... (1)

Fulkkari (603331) | about 5 years ago | (#27546561)

If 2% of the votes were lost, how many were incorrect or not registered properly? If the system can lose votes, it can very easily put them for the wrong person as well...

As far as I know, the reason why votes were lost was that the voting system had a very bad UI. For the vote to be registered, you had to push an OK-button more than once *) - something that wasn't that apparent, and which all users did not understand to do. Also, when then removing the voting card from the machine, no indication was given if the vote was registered or not. This caused votes to be lost simply by a bad UI design, which could be fixed later on.

*) Having a confirm button is good, but the system should in that case clearly indicate that the voting is still in progress.

Re:2% were lost... (0)

Anonymous Coward | about 5 years ago | (#27547301)

This guy is right, I'm Finnish too. That voting system had ridiculously bad user interface. I thought that anybody with some common sense or experience with UI design could fart a better system than that.

Whole thing would have been complete success without their completely stupid UI. This was supposed to be the future with jetpacks and stuff but we still fail to build a simple voting machine.

Re:2% were lost... (1)

wizzor (1321693) | about 5 years ago | (#27546745)

The system required the user to insert an electronic ID card, input the candidate number and select OK. After this the system would display candidate information again, and to confirm the vote, the user would have to hit OK again. Apparently what happened was, some users instead removed the ID card prematurely, thus causing their votes not to be cast. So I disagree on your point about the system potentially casting the vote to the wrong candidate, but of course we can't be quite sure, as the internal workings of the system were declared a "trade secret".

Re:2% were lost... (0)

Anonymous Coward | about 5 years ago | (#27547105)

> If the system can lose votes, it can very
> easily put them for the wrong person as well...

The lossage was mostly due to people not hitting a "confirm" button after entering the candidate's number. That does not cause votes to go to wrong candidates.

2% lossage is low compared to pen and paper voting. And I'd guess the lost votes were more evenly distributed than mis-votes with pen and paper -- e.g. unclear writing of 1 vs 7 will stack for or against candidates with those numbers, while I don't see such bias in failure to press "confirm".

Re:2% were lost... (1, Insightful)

Anonymous Coward | about 5 years ago | (#27547259)

In Finland, average vote loss with pen & paper was around 0.5%

What was the margin of victory? (0)

TechwoIf (1004763) | about 5 years ago | (#27544525)

If the margin of victory was greater then 2 percent, then it should be non-issue as far as who is in office. But it should be fixed for the next election.

Re:What was the margin of victory? (4, Informative)

Quothz (683368) | about 5 years ago | (#27544561)

If the margin of victory was greater then 2 percent,

It was not, as best as I can tell from the translation:

Kauniainen municipality electronically of the votes lost to two percent, and for missing votes in the number would have been enough change in the outcome of the elections.

Quick and dirty translation (3, Informative)

Card (30431) | about 5 years ago | (#27545375)

The Supreme Administrative Court ruled that the municipal elections will be renewed at Karkkila, Kauniainen and Vihti. Last autumn 232 votes were lost in the three municipalities that participated in the electronic voting pilot.

The court annulled the election results and ordered the election to be held again. In its summary, the court finds that the errors in the e-voting system, the insufficent instructions and the large amount of lost votes mean that the election wasn't properly held.

16 citizens appealed about the election results, some of whom were also candidates in the election. The previous appeal the Helsinki Administrative Court didn't result in the rejection of election results, as the Administrative Court did not consider the voting problems serious enough.

That verdict wasn't satisfactory to the appellants, who took the matter to the Supreme Court. Two percent of the votes were lost in the municipality of Kauniainen; the difference would have affected the outcome.

Minister Tuija Brax (Green party) - one of the main proponents of the highly controversial e-voting system - said that she was happy with the decision. Before the court's ruling came in, the minister refused to comment about the necessity of holding a new election, as such thing was impossible [without court order]. Before the election, minister Brax had said that all the [proposed] problem scenarios with the election system were pure "science fiction".

The story isn't that well written. The system allowed the user to remove his ID card before the vote was registered. The lack of a paper trail is a large problem, and the lack of openness in the design doesn't help to gain the users' trust. Further, the system was designed by Tieto Oy (formerly TietoEnator), also responsible for the new systems at Sampo Bank (with numerous login problems, XSS exploits and such). Vestigia terrent.

Re:Quick and dirty translation (0)

Anonymous Coward | about 5 years ago | (#27546599)

Further, the system was designed by Tieto Oy (formerly TietoEnator), also responsible for the new systems at Sampo Bank (with numerous login problems, XSS exploits and such). Vestigia terrent.

FWIW, Sampo Bank uses the systems of it's parent company - i.e. those of Danske Bank.
And those the responsible party for those is IBM.

Google it.

Re:What was the margin of victory? (4, Insightful)

blind biker (1066130) | about 5 years ago | (#27544569)

In theory, because of the voting system used, 2% of the votes could have dramatic consequences. Of course, we'll never know because the votes are anonymous and the recipients secret, but if you think that quite a lot of candidates got in with just a few dozen of votes, you can clearly see how 2% could have determined a lot.

Re:What was the margin of victory? (0)

Anonymous Coward | about 5 years ago | (#27544701)

In theory every winner who didn't have 2% margin of all votes WITHIN the party/list compared to first loser in the party/list could be replaced. The differences between the parties would theoretically be much more stable. See http://en.wikipedia.org/wiki/D%27Hondt_method

Re:What was the margin of victory? (2, Interesting)

99BottlesOfBeerInMyF (813746) | about 5 years ago | (#27544675)

If the margin of victory was greater then 2 percent, then it should be non-issue as far as who is in office. But it should be fixed for the next election.

There were several issues here. First, according to some sources, a few elections were close enough that 2% may have made a difference. Second, the machines put in place did not have adequate safeguards against fraud or adequate ability to do accurate recounts. The former is enough to have to do one or two elections over, but the latter was such that the people running the elections were declared to have been potentially acting in bad faith and the equivalent of a constitutional right to equal voting was violated, requiring the process to be redone. It's sort of like throwing out a criminal case and all evidence involved when there is wrongdoing on the part of police, since you can no longer trust the other evidence in the case and as a way to discourage others from trying to profit by such actions in future.

Re:What was the margin of victory? (1)

an unsound mind (1419599) | about 5 years ago | (#27545181)

According to Sanoma sources, which in general are sufficiently reliable, especially in matters like this.

In general, we can take it as a fact that the missing 2% could have changed the results of the election.

Re:What was the margin of victory? (3, Informative)

Anonymous Coward | about 5 years ago | (#27544791)

In municipal elections of Finland, each municipality chooses it's leaders. The amount of depends on the size of the municipality but in mine (Vantaa), there are 67 representatives for less than 200 000 people and not nearly everyone votes (it's closer to 100 000 people voting).

Add to that that we use different system than the USA. The person who gets most votes within any given party gets all the votes given for that party. The person who would have gotten second most votes gets half of the votes given to the whole party, the next person gets one third... And each politicians votes counted like that they are put against each other and the people with most votes at that point get the seats.

And we don't vote between two parties but a lot of them. In my municipality, there are representatives of 7 parties (and one chosen from outside party lists).

So a few votes can often completely change what parties get to be in power AND which representatives get in.

Re:What was the margin of victory? (2, Interesting)

weicco (645927) | about 5 years ago | (#27547083)

And besides that is not even the point in my opinion. I was candidate in our municipality (but not in those in question) and I couldn't care less if one or two votes were missing. The issue I think is that we can now point our fingers and say "There, there is the problem. Now fix it!" and because this was forced on us by our goverment it is the goverment's job to fix the problem. So it is no matter if 1, 2, 3 or 50 percent of votes were lost. Just fix the damn problem and be done with it!

Of course fixing the problem means re-election to those municipalities. This way we get back to the democratic way of voting which how law writers meant it to happen when they wrote our Vaalilaki (law about elections) minus those stupid e-voting changes that were made in 2006 by our former parliament (and promoted by Tuija Brax).

Re:What was the margin of victory? (1)

spire3661 (1038968) | about 5 years ago | (#27544853)

With an error so large in such a critical application, you cant be sure that 2% is the correct number. A flaw this large calls the entire result in question, as it rightfully should.

Re:What was the margin of victory? (1)

Chandon Seldon (43083) | about 5 years ago | (#27546023)

If the margin of victory was greater then 2 percent, then it should be non-issue as far as who is in office. But it should be fixed for the next election.

Unless you're actually serious about the importance of voting, in which case the response here is very simple: Throw out the invalid votes (all of them) and re-run the election.

Re:What was the margin of victory? (1)

tgv (254536) | about 5 years ago | (#27547003)

It is the Supreme Court's task, at least in other countries, to set the rules for once and for all, not to address incidents. Based on the available evidence, it has decided that such voting problems are unacceptable *in general*.

Voting systems matter (1)

ggeens (53767) | about 5 years ago | (#27547395)

Most of Europe uses a proportional voting system. (Each voting district elects several representatives at once.) As far as I can see, Finland has one too.

A difference of just a few percent can shift a seat from one party to another.

how many coffin nails will it take? (5, Insightful)

mtrachtenberg (67780) | about 5 years ago | (#27544531)

E-voting has had more lives than a cat. It should be over, done, kaput. An experiment that failed.

Re:how many coffin nails will it take? (2, Insightful)

Anonymous Coward | about 5 years ago | (#27544583)

It still amazes me that we put full trust (and R&D $$$) into electronic banking systems yet can't get the same technology to work for something as simple as counting votes.

Banking doesn't usually require anonymity (4, Insightful)

Chmcginn (201645) | about 5 years ago | (#27544601)

The problem with the electronic voting vs. banking comparison is that bank account have your personal information all over them. Votes, however, do not. If you gave up secret voting, you could likely make a 'secure enough' voting system, since anyone could check their own vote in the system.

Re:Banking doesn't usually require anonymity (2, Informative)

Morten Hustveit (722349) | about 5 years ago | (#27544851)

If you gave up secret voting, you could likely make a 'secure enough' voting system, since anyone could check their own vote in the system.

This is actually a solved problem. When you vote, you get a unique random sequence of characters. After the election is completed, a list of all votes is published. Next to each vote, the SHA1 sum of the voter's personal ID number concatenated with the random characters is listed. Example (truncated SHA1 sums):

64038c437f2c republicans

aea7fb41626d republicans

86895065f81f democrats

0ee79f4948b0 democrats

The random characters are never stored by the voting system, only the resulting hash. Any one person can verify that his vote has been counted, because he knows his own random characters and resulting hash. No one can find out what anyone else voted, because they don't have the random characters.

Re:Banking doesn't usually require anonymity (5, Insightful)

GvG (776789) | about 5 years ago | (#27544891)

You could be forced by a third party to reveal how you voted (they would force you to give them your random characters and then they would be able to verify that you voted as you were told to.)

Re:Banking doesn't usually require anonymity (1)

deraj123 (1225722) | about 5 years ago | (#27545403)

Hence the whole "If you gave up secret voting". So long as we agree that secret voting is necessary (and I would, in fact, agree to that), then this won't work as a solution for our voting problem. But your comment is largely irrelevant to the context in which this solution was presented.

Re:Banking doesn't usually require anonymity (1)

Naturalis Philosopho (1160697) | about 5 years ago | (#27544905)

Great solution. Now explain how that works to my sister or my mom.

Re:Banking doesn't usually require anonymity (1)

Morten Hustveit (722349) | about 5 years ago | (#27545003)

You don't need to. You just tell them to look up the hash in the local newspaper after the election (if they want to), and disregard the random numbers they got along with it. Other people will check that the hash matches the random number and social security number.

Re:Banking doesn't usually require anonymity (1)

Profane MuthaFucka (574406) | about 5 years ago | (#27545455)

You DO need to. The reason democracy works is because people believe in it, see it work, and can understand it.

Things you believe in that you can't understand and can't see work are called RELIGIONS.

Re:Banking doesn't usually require anonymity (0)

Anonymous Coward | about 5 years ago | (#27547557)

So how do you ever get your mother to use cryptography?

Re:Banking doesn't usually require anonymity (1)

Repossessed (1117929) | about 5 years ago | (#27547647)

So driving is a religion? Most people don't understand how their car works either. They definatley don't get how the voting machine works.

Re:Banking doesn't usually require anonymity (1)

FailedTheTuringTest (937776) | about 5 years ago | (#27544909)

Unfortunately this enables coercion and vote-selling, as does any system that gives the voter a receipt that can be linked to how they voted. An Evil Election Stealer can say, if you vote for candidate X, everything will be fine. But please tell us the code that the voting machine gave you, so we can be sure you did what we told you to do.

Re:Banking doesn't usually require anonymity (1)

spanky the monk (1499161) | about 5 years ago | (#27544951)

Just hash everyones voter ID and match it with the result set. This is easy to brute force because there is only a small set of IDs to be hashed.

Re:Banking doesn't usually require anonymity (1)

Razalhague (1497249) | about 5 years ago | (#27545231)

The appended random characters make that impossible. Consider if they used id + random = sum, all just plain integers, no hashing (which is approximately equivalent given large enough range for the random values, I think). You know every possible id and every resulting sum, but you still can't connect them because you don't know the random number added to the id.

Here's the that would be data published: (in "sum -- voted for" format)

  • 18273 -- Mr. X
  • 38475 -- Ms. Y
  • 83744 -- Mrs. Z
  • 23876 -- Dr. W

The voter IDs were 1, 2, 3, and 4. Please connect who voted who.

However, it's easy for voter ID 1 to check that her vote (for Dr. W) registered properly, since she remembers the random number added to her ID number was 23875.

Re:Banking doesn't usually require anonymity (1)

myspace-cn (1094627) | about 5 years ago | (#27546539)

Nothing Informative here. Just a complete lack of understanding how voting works.

But it's GREAT if you want to have a DICTATORSHIP!

Re:Banking doesn't usually require anonymity (1)

nedlohs (1335013) | about 5 years ago | (#27546707)

Do that and you don't have secret voting anymore. Sure a random person can't tell how another random person voted, but your union boss can see how you voted, or your boss, or your husband, or your pastor, etc.

Re:Banking doesn't usually require anonymity (5, Informative)

Sheafification (1205046) | about 5 years ago | (#27544871)

If you gave up secret voting, you could likely make a 'secure enough' voting system, since anyone could check their own vote in the system.

There's no need to give up on secret voting to get this. Thanks to advances in cryptography we can have secret *and* verifiable ballots. An example implementation can be found at Helios voting [heliosvoting.org]. Also, check out a description of a paper based system: Scratch and Vote [adida.net] [PDF]

Re:Banking doesn't usually require anonymity (0)

Anonymous Coward | about 5 years ago | (#27544899)

Also, check out a description of a paper based system: Scratch and Vote

So you scratch your ballot to find out who you voted for?

Re:Banking doesn't usually require anonymity (1)

rkit (538398) | about 5 years ago | (#27545059)

Even if this works in theory, there may be flaws in the implementation. And even if implemented correctly, there may be issues with key management.

But most importantly, for 99,9% of the voters, it is impossible to understand the system, let alone verify the actual vote. Therefore, it is just a matter of time (or money) before some manipulation by insiders takes place.

Re:Banking doesn't usually require anonymity (1)

xZgf6xHx2uhoAj9D (1160707) | about 5 years ago | (#27545317)

"Verifiable" means you don't have to trust the implementation.

Re:Banking doesn't usually require anonymity (1)

Chandon Seldon (43083) | about 5 years ago | (#27546017)

"Verifiable" means you don't have to trust the implementation.

But that raises the next question: Verifiable by who?

Saying that there are some experts who can verify the proper execution of an election simply isn't good enough, at least not if you want to call that election "democratic". With paper ballots marked with pens and placed in a ballot box, any voter of normal intelligence can observe an election, understand the security properties needed at each step, and see for themselves if those security properties are maintained. Any alternate system must maintain this property.

Re:Banking doesn't usually require anonymity (1)

jhol13 (1087781) | about 5 years ago | (#27546359)

Utter bull.

The mathematics do not address situations like results of temporary calculations being stored in hard disk and never overwritten.

Re:Banking doesn't usually require anonymity (2, Insightful)

Morten Hustveit (722349) | about 5 years ago | (#27545463)

But most importantly, for 99,9% of the voters, it is impossible to understand the system, let alone verify the actual vote.

To verify the system, only a small absolute number (not percentage) of people needs to verify it. Assume 1% of the votes are incorrect and 500 random (from the cheater's perspective) people verify their hashes. The probability that none of these are victims of a forged vote is 0.65%. If only 0.1% of the votes are tampered with, you need 5000 people to achieve a similar percentage.

Your made up number of 0.1% of the people checking the hashes will thus be very resilient for voting populations greater than 500,000.

As for preventing the insertion of fake votes, you need to publish a list of who voted, and compare the length of this list to the length of the vote list. This list can also be verified by random sampling.

Re:Banking doesn't usually require anonymity (1)

rkit (538398) | about 5 years ago | (#27546997)

Just some thouhgts: The paper ballot can be understood and verified by every voter. The technique used may be simple, but the protocol is quite sophisticated. To verify the system you propose, you would still need to repeat all calculations. Also, how do you verify that the random numbers are really random? Your argument for stochastic verification suffers from a lack of randomness. The 0.1% percent that actually check will be far from random. Electronic voting is supposed to make the voting process easier. Manual verification of hashes of several hundred bits is not my idea of simplicity.

Re:Banking doesn't usually require anonymity (0)

Anonymous Coward | about 5 years ago | (#27547587)

It only has to be random from the cheater's perspective, meaning the people modifying the votes must not be able to predict who will test them.

A hash verification takes about one minute to perform - someone could make a JavaScript-based application, put it up on a web site, and let people enter their ID number and and random number to see the correct hash.

Re:Banking doesn't usually require anonymity (1)

weicco (645927) | about 5 years ago | (#27546631)

But there's still room for tampering the votes. There's always the question about public trust to the system also. Let me clear this up a bit. Oh, and I'm a Finn...

Traditional pen & paper method is almost 100% fool proof system. It is almost impossible to tamper the votes and here's why: Every party sets their own observer to overlook the counting. Any foul play is quickly discovered by observers. In order to fool the system you would need to bribe a whole lot of people.

With computer based counting all you need to do is tamper the code that counts the votes. Allthought I don't know if the counting machines are checked against the tampering.

Currently we, the voters, count on our old style voting method a great deal. But when faced with e-voting some questions tend to arise. Is this as fool proof as the old system? Is the machine coded correctly? etc. etc. We know what kind of mess the-company-which-should-not-be-named produces where ever it operates in public projects and this brings a great deal of untrust to the picture. Add our almost-totally-incompetent Minister of Justice Tuija "science fiction" Brax to the mix and we can pretty much forget about demcratic elections as we know it.

Re:Banking doesn't usually require anonymity (2, Informative)

DMNT (754837) | about 5 years ago | (#27547333)

I'm also a Finn and I was counting the votes at the municipal elections in Helsinki late last year. The system is even more tamper proof than described previously. First of all, the ballot box is checked at the casting of the first vote that there's no extra votes within the box. The first vote is stamped (like the rest will be) and put in to the box. The parties have a right to set an observer for the whole time until the votes have been counted. The next day the votes are recounted (which is where I was part of):

All districts are dealt out randomly to counting groups. The groups then count the votes and if they agree on the number of votes with the first count - and don't disqualified any votes accepted previously due to certain criteria - then the result is accepted. The votes can be disqualified for multiple reasons: The vote paper might be completely unmarked and it is counted separately as an official form of protesting against every party. The other reasons are ambiguous number (usually trouble separating 1 from 7 and 6 from 0 or numbers that look different upside down, like 188 vs. 881 when a single vertical bar is used for number 1.), additional non-clarifying markings in the vote that could be used to link the person to the vote (to prevent vote buying & selling), lack of stamping (to prevent people slipping in multiple votes within the true vote) or using other than official voting paper in voting. Lot of votes disqualified contain all kinds of messages to the government, from a friendly "F U government!" to cryptic messages to God or Bavarian Illuminati.

If the result is in any way different from the previous count then it is dealt randomly to another counting group which will verify the result. All the disqualified votes go to the jurisdiction to give a final verdict on the votes and if possible decide the candidate the ambiguous vote is for.

All this counting is done in a group supervised by political parties, though in current stable political environment the supervision is only superficial. Being a member of this counting process has only increased my trust in paper voting and distrust in e-voting.

Re:Banking doesn't usually require anonymity (1)

weicco (645927) | about 5 years ago | (#27547451)

Thank you very much! I wasn't in the know how counting goes in action and that cleared things up a lot.

Btw. I was counting votes last year in Kokoomus Puoluepäivät and there we had to disqualify, if I remember correctly, only one vote. I guess our party's voters are more adept in writing numbers. Just kidding... :)

Re:Banking doesn't usually require anonymity (1)

jsiren (886858) | about 5 years ago | (#27547829)

weicco wrote:

But there's still room for tampering the votes. There's always the question about public trust to the system also. Let me clear this up a bit. Oh, and I'm a Finn...

Traditional pen & paper method is almost 100% fool proof system. It is almost impossible to tamper the votes and here's why: Every party sets their own observer to overlook the counting. Any foul play is quickly discovered by observers. In order to fool the system you would need to bribe a whole lot of people.

Another Finn here, and I agree with parent.

Electronic voting has been marketed as ultimately enabling voting by web, SMS, and whatever channels. The reasoning is to increase voting activity. The reason why it doesn't work is that it's not the process of voting that keeps activity down - voting cannot get much simpler and still stay reliable - but the substance of politics. They're seemingly after the votes of those who don't care who gets elected, or feel that there is any difference between candidates... wait, what?

I'm sorry if I'm being cynical, but I think the problem that this system really solves is a cashflow problem for the developer company. After all, their main product is billable hours, and their main customer is the public sector.

Re:Banking doesn't usually require anonymity (2, Informative)

weicco (645927) | about 5 years ago | (#27548131)

Electronic voting has been marketed as ultimately enabling voting by web, SMS, and whatever channels.

Internet-voting is absolute horror. It can be made technically sound but that's about it. Who can assure that it is my wife who gives the vote and not me who stole my wife's ID card or whatever (not that I would do so, just for example)? Who can assure that one isn't giving vote under physical threat? Rhetorical questions but current paper & pen method prevents these kinds of situations perfectly.

Re:Banking doesn't usually require anonymity (1)

517714 (762276) | about 5 years ago | (#27548331)

So they just keep "two sets of books". One that is used for anyone inquiring about their vote and one that is used to report to the election commission that the highest bidder has won. Fraud is easily perpetrated on any "anonymous" system. Anonymity and verifiability are incompatible in a sophisticated system.

Re:Banking doesn't usually require anonymity (1)

rkit (538398) | about 5 years ago | (#27545025)

The real problem with electronic voting vs banking comparison is that banking has a completetly different aim: earning money.

Electronic banking is not secure. Period. E.g. in 2008, in the U.K. online banking fraud caused losses in the order of 50 Million Pounds. However, the banks still make a profit. ("It's just the cost of doing business...")

This kind of thinking is a bit problematic with voting.

Re:how many coffin nails will it take? (3, Insightful)

Jurily (900488) | about 5 years ago | (#27544641)

It still amazes me that we put full trust (and R&D $$$) into electronic banking systems yet can't get the same technology to work for something as simple as counting votes.

"I consider it completely unimportant who in the party will vote, or how; but what is extraordinarily important is this--who will count the votes, and how." - J. Stalin

Electronic voting does not have an inherent paper trail.

Re:how many coffin nails will it take? (1)

Presto Vivace (882157) | about 5 years ago | (#27545279)

E-voting has had more lives than a cat. It should be over, done, kaput. An experiment that failed. Preach it brother, it amazes me that we put up with it. Verified Voting [verifiedvoting.org] is trying to do something about it, for those who are interested.

Re:how many coffin nails will it take? (1)

ctmurray (1475885) | about 5 years ago | (#27546181)

The alternative of paper ballots is not much more accurate. I am in Minnesota and we are still counting ballots 5 months later and have 312 votes separating the candidates out of 5 million cast. Devil in the details regarding absentee ballots. Sort of a MN version of hanging chads.

(potentially) overjoyed (1)

blind biker (1066130) | about 5 years ago | (#27544605)

A pro-cycling candidate didn't get in because he was short just a handful of votes. Well, now they're organizing the voting again (from the article in Finnish (yeah, I'm one of those who actually understand that crazy language)) and my candidate has another shot at it :o)

Don't you love second chances?

Of course, the real reason I'm happy is that this absurdity with 2% invalid voting has been overturned. Everybody knew that Helsinki Administrative Court's (Hallinto Oikeus) decision was shit - so, I celebrate this sudden and unexpected victory of common sense.

Re:(potentially) overjoyed (1)

noidentity (188756) | about 5 years ago | (#27544631)

How is it a second chance? There so far has been no first chance, since the votes made the first time around don't count.

Re:(potentially) overjoyed (1)

Savage-Rabbit (308260) | about 5 years ago | (#27544889)

How is it a second chance? There so far has been no first chance, since the votes made the first time around don't count.

Think of it as a chance for whoever is in charge of that election *NOT* to misplace 2% of the electorate.

A bold prediction (4, Funny)

hyades1 (1149581) | about 5 years ago | (#27544615)

I bet Diebold, or Premier, or whatever it is that pack of cheats and liars are calling themselves these days, won't be trying to place their voting machines in Finland any time soon. I doubt they could attain 98% accuracy even with only one candidate on the ballot.

Re:A bold prediction (1)

igny (716218) | about 5 years ago | (#27546031)

When we are talking about 2% loss, it is not about voting accuracy, it is about vote retention.

Re:A bold prediction (1)

ibbey (27873) | about 5 years ago | (#27546161)

When we are talking about 2% loss, it is not about voting accuracy, it is about vote retention.

Since the election used a blackbox system (ie. no voter verified paper trail), we have no way of knowing whether the votes were recorded as cast or not. It's relatively easy to discover if the total number of votes recorded is inaccurate. Finding out whether they were recorded as cast is an entirely different thing.

The problem in this case appears to be a usability issue, so there is no reason to be more suspicious of this election than any other blackbox election. However we can never really know the outcome of any election for certain without a paper trail.

Re:A bold prediction (1, Insightful)

Anonymous Coward | about 5 years ago | (#27546559)

When your company name is so sullied that you need to change it, you ought to realize that you have reached the end of the line...

Most still voted with traditional methods (4, Informative)

sakari (194257) | about 5 years ago | (#27544685)

Just to clarify on this, most still voted with the traditional pen & paper methods. I guess E-voting was tested in some places. The finnish E-voting system was programmed by TietoEnator, which has had some questionable results in the past too in delivering working software. Still they get a lot of the government related jobs .. gee, wonder why ?

Re:Most still voted with traditional methods (0)

Anonymous Coward | about 5 years ago | (#27544947)

Still they get a lot of the government related jobs .. gee, wonder why ?

Want to compile a list of companies with Finnish offices and a track record of solid, secure, verifiable e-voting systems with a tangible prototype to impress the decision-gorillas?

Or make that anywhere in the world.

I am glad. (1)

Landak (798221) | about 5 years ago | (#27544715)

That, for all else that is wrong with our system of democracy here in the UK, we have not forgotten how to use a pen and a piece of paper. When elections are being held, there's something rather reassuring to see a (usually rather dented) black box padlocked shut with a small hole at the top, and a large number of people queuing up to put their slip of paper in. It's worked quite well for the last 300 years. I really don't know what's wrong with it...

Re:I am glad. (2, Interesting)

John Hasler (414242) | about 5 years ago | (#27545021)

When elections are being held, there's something rather reassuring to see a (usually rather dented) black box padlocked shut with a small hole at the top, and a large number of people queuing up to put their slip of paper in. I It's worked quite well for the last 300 years.

"300 years"? Really. What, then, did the ballot act of 1872 [wikipedia.org] do?

And then there is the matter of numbered ballots...

The systems did not lose any information (0)

Anonymous Coward | about 5 years ago | (#27544771)

The story has been written incorrectly. The systems were not defective nor did they lose any voter data. The user interface was just badly designed and a bunch of voters didn't press OK or something and their votes were not registered. Do check your facts first.

Re:The systems did not lose any information (1)

Maxmin (921568) | about 5 years ago | (#27545121)

The systems were not defective nor did they lose any voter data. The user interface was just badly designed

Industrial Design 101: A system, such as a user interface, whether mechanical, software-based, or both, that allows a transaction to be left in an ambiguous state, is indeed a defective design.

At the very least, they could have designed it to warn the user, upon yanking out their ID card *mid-transaction*, with loud sounds and flashing screen messages. Or, to notify the voting administrators that a voter had inadvertently not completed their vote.

It could also have been designed to mechanically lock the voter's ID card in place, until the transaction was complete. Some ATMs are designed to perform in this way - your card is not returned until you have completed whatever function(s) you began.

Re:The systems did not lose any information (1)

Ethanol-fueled (1125189) | about 5 years ago | (#27546039)

Some ATMs are designed to perform in this way - your card is not returned until you have completed whatever function(s) you began.

So a person distracted with music or a cell phone takes their money from the ATM and for some reason runs off, leaving their card.

Around these parts it used to be that way, now it's the opposite: you make your transaction, and the machine spits out your card and prompts you to take it before it spits out the money and/or receipt. YMMV.

Re:The systems did not lose any information (2, Informative)

jaria (247603) | about 5 years ago | (#27546483)

Please check YOUR facts first. There were several problems:

- bad user interface design
- machines freezing up at the critical moment
- machines crashing when presented with the voting card
- instruction leaflet asking the voter to press "OK" once when twice was needed
- secret, closed source design
- no paper verification
- no public review possible of the algorithms etc

Of course, the publicity around this case centers on the first issue, because its the easiest to understand. But there were other problems, too, just read the witness statements from the actual appeals.

2% of the Vote? (1)

Caraig (186934) | about 5 years ago | (#27545321)

"Apparently 98% of the votes isn't enough to determine how the remaining 2% voted, after all."

And why should they be? Not every country has a 'winner take all' simple majority voting system. And even if Finland doesn't, every vote has to be understood to have been counted even if they didn't go to some arbitrary clear-cut winner.

Besides, that race might very well have been neck-and-neck. 2% of the vote either way might have decided it.

Re:2% of the Vote? (1)

jaria (247603) | about 5 years ago | (#27546511)

The loss of a single vote might have affected the results, given the Finnish system.

My city was one of the affected ones. In our city there were candidates A and B who got the same number of votes, both on the margin that you need to get in, and only one place was left. Only one made it to the city council, based on a toss of a coin by the voting board. If there had been one more on vote on either one, the random selection would not have been necessary.

Remember that we are talking about local elections and elections of individuals as opposed to parties. The number of votes lost in my city was greater than the number of votes needed to get into the city council.

How hard can it be to get this right? (1)

Narcocide (102829) | about 5 years ago | (#27545381)

Seriously?! More broken fucking e-voting machines? Who are these idiots and why can't they make a simple kiosk work? Why are they being paid to do this and why haven't I been hired instead? What am I missing out on here? Anyone? I *KNOW* that I could make a simple web app launched in firefox and attached to a locally-running apache instance on a linux box NOT MISS A SINGLE VOTE. I could even add touch-screen activation with the proper hardware. How hard can this be to get right?

Re:How hard can it be to get this right? (2, Interesting)

Morten Hustveit (722349) | about 5 years ago | (#27545579)

I *KNOW* that I could make a simple web app launched in firefox and attached to a locally-running apache instance on a linux box NOT MISS A SINGLE VOTE.

I guess the problem was that these people also "knew", and thus didn't see the need to actually test the interface on a sufficient number of people - There's a 95% change that at least 1 out of 150 random testers would fall victim to a 2% failure rate. If you allowed the testers to leave feedback, the mistakes could probably have been discovered a lot faster. I'm basing this on #27545121 [slashdot.org], which claims this was a user interface issue.

They could have put the machine up in a mall, and let people use it to leave customer feedback or something, with a chance to win a small prize.

Re:How hard can it be to get this right? (2, Insightful)

Chandon Seldon (43083) | about 5 years ago | (#27546033)

It sure seems like an easy problem, doesn't it.

As a programming problem, it seems like an easy problem because it is. Thing is - it's not a programming problem. It's a security problem. As a security problem, the programmer is the most significant potential attacker. Does it still seem easy?

Re:How hard can it be to get this right? (1)

jaria (247603) | about 5 years ago | (#27546643)

How does your system allow voting from multiple locations, prevent duplicate votes, prevent voters to be associated with their votes, etc?

It is funny, and perhaps lucky that they got the user interface work so badly botched. The user interface is the easy part. The hard part is getting the security right and the entire country-wide system reliable, and not allow any particular party (such as the vendor) steal the elections, or allow government to look at how you voted.

The system we used failed on all counts, but only the user interface problems were visible to the end-user. For instance, revealing votes: the government officials have keys to open the ballots and see who voted how. Luckily, they have promised not to look, so we can all sleep well now.

How hard is it? (1)

kaptink (699820) | about 5 years ago | (#27545543)

Really, how hard is it to put together a secure e-voting system? I mean seriously, it's the kind of thing you would do for an assignment as a 2nd or 3rd year computer science student. I fail to see how these private companies can botch up such a simple concept as much as they have unless they've done it intentionally. What is stopping the adoption of a transparent open source system. Developed and refined by the open source community, free to be scrutinised by the best and brightest? The point of it being open source is so that everyone can feel safe that the system isn't being manipulated and/or rigged.. *cough cough* Diebold .. A secret proprietary system is what you would expect to see in a country under a dictatorship, not in a supposed "land of the free" democracy.

Re:How hard is it? (2, Insightful)

jaria (247603) | about 5 years ago | (#27546527)

Its actually surprisingly hard, if you start to think about it. If you compare to the paper ballot system, there are checks and balances. The different party officials and citizens can oversee the counting (in fact, they volunteer to do it). One corrupt counter does not break the system, however, because the others will catch him. And its very hard to cause a country-wide discrepancy.

If you compare an e-voting system to, say, a banking application, there's one big difference: in the banking application you WANT a secure trail of events, stored for perpetuity. In voting you want anonymous results while at the same time secure results. Its very hard to do this, as almost every design makes you trust someone in some way.

Then if you add the issue of voters not being able to verify the system for various commercial reasons... my take on this is that an e-voting system does not make sense for simple and efficient elections like the ones we have in Finland. Counting is fast, there are no reliability problems (in fact, there is a 10x higher reliability in paper ballots). Its cheap, because its mostly run by volunteers who have an incentive to participate.

Obligatory Comment (0)

Anonymous Coward | about 5 years ago | (#27545583)

Finnish him!

News in English (4, Informative)

kaip (92449) | about 5 years ago | (#27546583)

Some news in English about the court decision:

Finnish e-voting results annulled, municipalities to hold new elections [effi.org] by Electronic Frontier Finland ry (Effi), the best summary in English, IMO;
Helsingin Sanomat [www.hs.fi];
Helsinki Times [helsinkitimes.fi];
The Brad Blog [bradblog.com];
NewsRoom Finland [finland.fi];
YLE [www.yle.fi]; and
Turre [turre.com] (the lawyers that won the case).

The voting system was provided by Tieto [tieto.com] and Scytl [scytl.com]. In their News Page [scytl.com], Scytl declares: "Scytl's Pnyx.core successfully used in local elections in Finland" Shouldn't they update this...? It is even possible that the 2% of the votes lost was due to the Pnyx.core, instead of usability issues with the voting terminals, as has been commonly assumed - who knows.

Interesting facts about the case (4, Interesting)

jaria (247603) | about 5 years ago | (#27546593)

It is of course a completely correct decision from the supreme court to re-run the elections, and we are very happy about it.

But it has been interesting to follow the developments and the various attempts to avoid this outcome.

Before the elections, the minister of justice, Tuija Brax claimed any possible problems were "science fiction". After the elections and when the problems were announced, she has not been a support of new elections, just stating that the courts need to decide. However, she was quick to launch an internal investigation and fire the Director of Elections. Not sure the director was really the true guilty person here, but at least a scapegoat had been found...

The city voting boards very resisting new elections for the last second. They came up with interesting claims to prevent this from happening. One claim that we've heard often -- even after the decision -- is that the new elections do not matter, because the party situations would not change. Well, they were missing the minor issue that in Finland the election system is based on voting on persons, not parties. Some of us do care about who we vote there. A more sinister claim was that the voters had conspired to misuse the voting system on purpose, to show that it was unreliable (!). Now, talk about science fiction, maybe these guys could be of some use in the JFK murder investigation? Not to mention the fact that a correctly implemented voting system should not be vulnerable to such misuse.

The three cities involved are now extremely unhappy with the ministry, as the law requires them to pay for the new elections. The ministry has promised an extra budget to help out... though in my mind, the architects and vendors of the system should get to pay.

Its also been extremely difficult to get any information from the government on the details of the system. The local EFF wanted to take a look before the elections, but was refused (or impossible NDAs were requested). I made an official request to get the cost information of the entire project, and the government claimed that they have no such information. One number that has been circulated in the press was 700 000 euros, but that seems low, given that a large number of design and specification work went in, even at the ministry level not to mention the vendors.

All in all, a happy outcome:

- director of elections fired
- minister is now pro-open source and paper trail
- general knowledge of possible problems in e-voting was increased in the country :-)
- elections are re-run

However, everyone is quite focused on the specific bugs we experienced, thinking that individual bugs can easily be fixed. I'm more worried about the process and the way that these things are done. I don't see a way to avoid bugs next time either, for instance. Lack of verifiability, openness, government not listening to citizens or outside experts, blind acceptance of vendor sales pitches, lack of sensible motivation for the entire effort are the worrisome aspects.

Re:Interesting facts about the case (0)

Anonymous Coward | about 5 years ago | (#27548481)

One claim that we've heard often -- even after the decision -- is that the new elections do not matter, because the party situations would not change.

I'd be amazed if that statement alone wouldn't case the situation to change after the next election. I know you realise the argument is silly but it's just so mind numbingly absurd that it could be extend towards arguing against holding an election all together after four years (assuming it's four year terms over there).

How do you verify a paper vote? (0)

Anonymous Coward | about 5 years ago | (#27546869)

Is there any need for a verification in the e-voting system? Why is it so important to know if someone's vote was actually registered? This kind of verification system does not exist in paper voting. There is no way you can be sure that your vote was counted right, or even counted at all in paper voting system.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...