Nobody, dear readers, knows the vulnerabilities of computer systems as well as you, the techno-illuminati of the age. The masses are screaming for these electronic voting machines but nothing could be more dangerous to our fragile democracy than wrong choices as we move down this path.
Last month, a study by Johns Hopkins University found the Diebold Election Systems used by Georgia to be vulnerable to tampering by unscrupulous voters, poll workers and software developers. (source: The Atlanta Journal-Constitution). Does this surprise us? In that very same article, a self professed "Cracker" named Roxanne Jekot is referenced as claiming that she and her friends could crack the system in "a matter of minutes". Their challenge was accepted, so let's stay tuned.
It seems to me, that no system which is purely electronic in nature can ever be totally trusted to be the sole storage and tabulator of results. There is, however, a way to make it much safer. Start with what's wrong with the current paper based systems. They're prone to error because the methods used by the machines that read them are inherently different from the natural methods humans use to share information. The promise of the new computer systems is to make an interface that is easy yet much more fool resistant. The problem now is, there is no assured paper trail. The computer says its marking your vote one way, but is it? Who can check?
I propose the following as a more comfortable method. First, start with the computer systems as proposed. Their multilingual touch screen interfaces communicating clearly with patrons -- even headphone based voice response systems for the vision impaired. Now, when the vote is cast, the machine creates a physical result card. The voter then walks to another machine, manufactured and maintained by a different company, and inserts the card. When inserted, the machine confirms for the voter which votes have been made, and the voter simply indicates a "YES" or "NO" to validate that the information is correct. If the information is not correct, the ballot is voided and the user can start again by inserting the voided ballot into the original machine. In this way, both sets of machines -- the stage one machines and the stage two machines -- have independent records of the voting totals. The ballot cards are then kept, as they are now, for any review should it ever become necessary. At the end of the polling, the site administrators get a printed report of the results from that station, while an electronic report is made to the central voting tabulation site. The electronic results and the paper results from all the polling places and the central site are then public documents.
"Cracking" a system such as this would require breaking into both systems and causing a complete change to them sufficient to mislead voters. Electronic foolery wouldn't work because the votes sent to the central system would have to match the results at each stage in the precinct. Voters still get an easy to understand system, and can be confident that they are voting they way they intend. No reading skills are required, as a voice prompt system can be used with headphones. Translators are not required for every language at every precinct.
By the way, a transitional system - one which could be quickly produced - might by to simply use the existing voting systems, but providing a validation step where the voter inserts the punched ballot and clearly sees on screen or by voice through headphones, which candidates they have selected. This step again would provide the assurance for the voter, that when the card is finally inserted into the final machine it will be correctly counted.
Lastly -- why not a receipt? When the ballot is finally placed in the counting machine, cannot a receipt be handed to the user which clearly and anonymously indicates the way the votes were tabulated? If the user is still in dispute at that point, a paper process can be completed and notorized, then stored to be hand counted at the end of the voting. There must never be any back-out method on the actual tabulation machines.
Just my thoughts on this problem.
Comment Entry |
Please wait while your document is saved.
------------------------------------------------------------------------------
in response to
------------------------------------------------------------------------------Nobody, dear readers, knows the vulnerabilities of computer systems as well as
you, the techno-illuminati of the age. The masses are screaming for these
electronic voting machines but nothing could be more dangerous to our fragile
democracy than wrong choices as we move down this path. Last month, a study by
Johns Hopkins University found the Diebold Election Systems used by Georgia to
be vulnerable to tampering by unscrupulous voters, poll workers and software
developers. (source: The Atlanta Journal-Constitution) . Does this surprise us?
In that very same article, a self professed "Cracker" named Roxanne Jekot is
referenced as claiming that she and her friends could crack the system in "a
matter of minutes". Their challenge was accepted, so let's stay tuned. It seems
to me, that no system which is purely electronic in nature can ever be totally
trusted to be the sole storage and tabulator of results. There is, however, a
way to make it much safer. Start with what's wrong with the current paper based
systems. They're prone to error because the methods used by the machines that
read them are inherently different from the natural methods humans use to share
information. The promise of the new computer systems is to make an interface
that is easy yet much more fool resistant. The problem now is, there is no
assured paper trail. The computer says its marking your vote one way, but is
it? Who can check? I propose the following as a more comfortable method. First,
start with the computer systems as proposed. Their multilingual touch screen
interfaces communicating clearly with patrons -- even headphone based voice
response systems for the vision impaired. Now, when the vote is cast, the
machine creates a physical result card. The voter then walks to another
machine, manufactured and maintained by a different company, and inserts the
card. When inserted, the machine confirms for the voter which votes have been
made, and the voter simply indicates a "YES" or "NO" to validate that the
information is correct. If the information is not correct, the ballot is voided
and the user can start again by inserting the voided ballot into the original
machine. In this way, both sets of machines -- the stage one machines and the
stage two machines -- have independent records of the voting totals. The ballot
cards are then kept, as they are now, for any review should it ever become
necessary. At the end of the polling, the site administrators get a printed
report of the results from that station, while an electronic report is made to
the central voting tabulation site. The electronic results and the paper
results from all the polling places and the central site are then public
documents. "Cracking" a system such as this would require breaking into both
systems and causing a complete change to them sufficient to mislead voters.
Electronic foolery wouldn't work because the votes sent to the central system
would have to match the results at each stage in the precinct. Voters still get
an easy to understand system, and can be confident that they are voting they
way they intend. No reading skills are required, as a voice prompt system can
be used with headphones. Translators are not required for every language at
every precinct. By the way, a transitional system - one which could be quickly
produced - might by to simply use the existing voting systems, but providing a
validation step where the voter inserts the punched ballot and clearly sees on
screen or by voice through headphones, which candidates they have selected.
This step again would provide the assurance for the voter, that when the card
is finally inserted into the final machine it will be correctly counted. Lastly
-- why not a receipt? When the ballot is finally placed in the counting
machine, cannot a receipt be handed to the user which clearly and anonymously
indicates the way the votes were tabulated? If the user is still in dispute at
that point, a paper process can be completed and notorized, then stored to be
hand counted at the end of the voting. There must never be any back-out method
on the actual tabulation machines. Just my thoughts on this problem.