[EM] Voting debate - missing the target

Alex Small asmall at physics.ucsb.edu
Sun Jul 27 15:38:03 PDT 2003

Dave Ketchum said:
> Computers have been around for decades and we have learned to build and
> program them such that they DEPENDABLY do what they are told.  If not,
> would banks dare use ATMs?  Would we dare enter a hospital, where much
> of  the more complex activities depend on computers fulfilling their
> responsibility?  There is MUCH around us for which we now depend on
> computers being DEPENDABLE.

You make a good point, and perhaps worries about electronic voting are to
some extent technophobia.  However, the integrity of a voting process
isn't just a technical matter.  It's also a security matter, and some
security concerns transcend any technological development.

A well-guarded and anonymous paper ballot is impossible to alter without
leaving behind some sort of physical mark (erasure, white-out, whatever). 
A voter can determine with absolute certainty that his paper ballot is an
accurate record of his vote, he doesn't have to trust anybody else's
expert analysis.  He still has to trust the integrity of the people
guarding his ballot, but the need for integrity is one aspect of a
democratic election that will never, ever change.

Now, the transparency afforded by a paper ballot may not be technically
necessary, but transparency is a virtue in its own right.  I'm agnostic on
whether the paper ballot is the original, or instead a backup generated
from the voter's input.  In any case, I still believe in the importance of
a paper ballot that the voter can verify.

>       We do recognize desire to protect trade secrets - fine, BUT let it
> be done in some way that does not interfere with validation.
> Note:
>       Some machines have been bought, with trade secret clauses
> attached,
> and I understand that judges have agreed that those who signed such
> clauses have made the sellers immune to checking as to quality of the
> equipment.  Seems like this should be a black mark against those who
> failed to protect their voters.
>       Some are still considering buying equipment.  We, the public,

Trade secrets concerns are simple:  We can purchase the rights to those
trade secrets as part of the contract for purchasing the equipment.  Once
the public purchases those secrets they will of course be available to
other companies, but we have a vested interest in making this information
public so that others can improve on previous designs.

Even though I'm a fan of less government spending, I'm willing to open up
the coffers to ensure the integrity of the voting machines, and to promote
further innovations in voting technology.  If we have to pay a ton of cash
to get people to divulge their trade secrets, so be it.  The health of our
democracy demands it.

> As to the internet:  Seems to me that a voting machine SHOULD NEVER be
> connected to the internet from the time preparation for opening the
> polls  starts until the polls close and the results are documented.
> Would not  bother me to have it connected later for convenient reporting
> results to  wherever, but this is simply reporting the already
> documented results.

I would go further than this:  Before the machine is connected to any
network for the purpose of reporting results, a copy of the results should
be placed on an external hard drive or some other recording device, and
the recording device should be physically disconnected from the voting

It may or may not be paranoid to worry that the machine could be corrupted
by a hacker when it's trying to report results, but having worked at the
polls I would say that the 2 essential methods for ensuring the integrity
of results are transparency and redundancy.  Obviously this precaution
ensures redundancy.  It also ensures transparency, because everybody can
see that the copy was secured before the machine was connected to the
outside world.  Transparent methods may be far more stringent than an
expert technical analysis would conclude, but the point of transparency is
that the integrity of the process should be clear to ANY observer beyond
any doubt.


More information about the Election-Methods mailing list