Not your ordinary barcode

From: William B. Cushman, Ph.D. <cushman_at_cox_dot_net>
Date: Sun Apr 18 2004 - 12:54:17 CDT

Hi All,

    I have read with great interest, and some alarm, the emails you have
been sending and I want to thank you for including me in this
discussion. The point I find alarming comes from Jeff Almeida's post
entitled "Significantly more on topic" where he discusses ways to
prevent what I will refer to as "hacking."

    I think that there is a principle involved here that it may be
important to review. The principle may be stated as: The more complex
and sophisticated your efforts to prevent voter fraud, the more
opportunity you provide for hackers that are even more sophisticated.
The converse seems also to be true: The simpler and more transparent the
system, the more immune it is from voter fraud. Look at the Canadian
system, for example: ballots produced with a pencil, stuffed in a box,
and subsequently counted by groups of humans, in public. The Canadian
system is very difficult to hack (sophisticated microchip in the
pencils, perhaps?). In fact, I think that most of you would agree that
the US obsession for "sophisticated" voting systems has more than a
little to do with the convenience of Supervisors of Elections, the
media, and the desire of corrupt politicians to have a ready means of
assuring election outcomes. Most citizens would be more than willing to
wait the four hours it took to count the last Canadian Federal election
in order to obtain actual, honest, results. Alas, no one seems to have
remembered to ask me if I would be willing to wait, however.

    And another thing . . . I have to confess that I love the
technological toys as well.

    So, how do we keep the obvious advantages of the Canadian system but
actually add a few extra ones like handicapped access and logic to
prevent "over voting" and the like? Well, the first step would be to
directly emulate the Canadian technology, in principle at least. The
pencil is a venerable instrument with a very long history, and in the
Canadian case it does the job of producing a paper ballot quite well . .
. if not perfectly. You gentlemen have provided the means of producing
a paper ballot with a computer and software in a way far superior to any
mere pencil. And, of course, if you were to limit its use to merely
producing ballots then your equipment would be no more than a high-tech
pencil, /and just as secure!/ No matter how the software or hardware
involved was hacked it would either produce a ballot that was acceptable
to the voter, or not, and it would be glaringly obvious which it was to
all concerned.

    But that brings us to the tricky part, counting those beautiful
ballots. Tammany Hall Boss William Marcy Tweed is often quoted as
saying: "As long as I count the votes, what are you going to do about
it?" The implications of Tweed's wit are clear: election fraud takes
place when votes are counted.

    Even though we pay the "big bucks" to our Supervisor's of Elections
exactly so that they will undergo the "inconvenience" of counting
ballots honestly, they have proven in Florida (where I reside) to be
incredibly resistant to the notion of doing so. Moreover, our (actually
elected) Bush has gone to great lengths to place obstacles in the way of
any such counting, most of which boil down to the "impossibility" of
forcing our dear, overworked Supervisors of Elections to engage in any
such labor-intensive exercise. But in laying this groundwork Jeb has
effectively removed all objections to your system IF you develop a means
of "conveniently" counting that is as transparent as the Canadian
system. That means is at hand, and it is simple.

    As I understand it, your system includes the printing of encoded
ballot results in a barcode placed somewhere on the ballot. This
barcode can subsequently be used for machine counting the ballots . . .
but it is very difficult for the voter to verify that the barcode
actually encodes the votes he or she intends . . . and there lies the
problem! But it doesn't need to be such a problem. It is a problem
only because the voter can't read the normal encoding symbology used for
the various barcode systems. But consider this: must this symbology be
so opaque? The various barcode standards like UPC are designed to
encode an entire character set (well, OK, only 16 characters for UPC, if
I remember correctly) in as compact a means as possible. Election
results, on the other hand, are essentially binary: "Yup, he's the
least despicable" or "Throw the SOB OUT!" So, it becomes trivial to
design a barcode format that a voter can directly read, and a computer
can as well via a simple scanner!

    How about this: First throw out the "white" bar encoding entirely,
it is too difficult a concept for my 98-year-old friend Sissy. Replace
it with bars of different widths so that you have a "start" identifier
(what the hell, maybe three "fat" bars) followed by a "race" identifier
(two fat bars and an actual label printed vertically above (assuming a
horizontal bar code) like "Fascist in Chief") followed by bars depicting
the candidates, in order, such as "skinny bar, skinny bar, skinny bar,
fat bar, skinny bar, assuming 5 individuals in that particular race.
You could even print the "winner's" name above the fat bar, and so on.
As an elegant means of encoding, it isn't! As a "compact" means of
encoding, it isn't! As a means of encoding that can be verified by the
voter AND read by a scanner, it is!

    But wait, you say, many of these scanners come with encoded
symbology sets built in that follow one of the generally accepted
standards, which takes the decoding burden off of the computer . . . and
I agree, they do. But almost all can be bypassed one way or another to
get at the raw data stream as well. That data stream is merely the
output from a photodiode or similar detector that is "high" or "low" for
a specific duration as the light source scans from one end to the other
of the encoded area. Decoding then involves looking at the timing
signature, which corresponds directly to the bar width. I don't think I
need to tell you guys that it is not a big deal to decode this sort of
data input.

    So consider this scenario: you write and supply source and binaries
for a scanner driver and make them freely available to anyone who wants
them, GPL or whatever. These can be included with the voting machine
software. All interested parties go out and buy their own scanners
(Radio Shack was giving them away a few years ago) and load up this
software directly, or check it over and compile it themselves if they
are paranoid (like me!). If you use a readily available system (MinGW
would be good, with MinGW Developer Studio, for example) to compile for
a Windows system, then there will be a lot of people who can deal with
it and have their own trusted scanner system on their very own laptop.
Moreover, since an actual human can directly read a ballot result
barcode and then scan it to check it against this result, he can verify
the system integrity till his heart's content.

    When having an election, your software and a bunch of cheap PCs
print ballots with this Newan Improved barcode on them. Voters check
them over and either discard them or drop them in a ballot box. At the
close of business, all interested parties line up along a table and the
ballots are passed along to be counted. Everyone uses their own
scanners, and at the end of that the results are compared. Assuming no
discrepancies, these results are called in to the Supervisor of
elections office, the newspaper, and printed out to be nailed on the
precinct door! If there are discrepancies, go back and do it again! Do
it by hand if all else fails.

    I submit that merely by changing the nature of your barcode as
described above you would make any election very difficult to hack . . .
especially if the procedure described was followed as well . . . because
many eyes, or many scanners in this case, make the risks associated with
fraud prohibitive, and there is no point to modifying any of the
software because it would immediately be detected.

    Anyway, that's my $2 worth (sorry, I have to recoup the effect of
Dubja's "tax breaks" any way I can). I can hardly wait to start
spreading your software about in Florida. In fact, I am meeting with
some like-minded individuals this afternoon to see about setting up a
local organization to do just that. I think that you guys are great for
doing this!

                    Bill Cushman
                    Pensacola, Florida

   

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Apr 30 23:17:10 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT