Electronic voting CAN work beautifully, but it ISN'TSubmitted by jrowberg on Sun, 03/04/2012 - 00:24
All other things being equal, electronic voting is better than paper voting. It's faster, easier, more precise, more flexible, and overall just more efficient. It takes less work to oversee and less time to get results. But today, due to flaws in the implementation, it also makes fraud easier to commit. This does not need to be the case.
Technology has a tendency to make things better over time as we create things that do more work with less effort. This is the way of human progress. New developments often have side effects, either intended or unintended, but these do not mean the developments are bad or even that any negative side effects are inherently to be avoided, but rather that markets and demand are shifting are may require new distributions of labor.
Sometimes, though, the side effects bring to light a different problem to solve, one that wasn't as big of a deal before, but through innovation has become a more important issue to address. Such is the case with election fraud and electronic voting. With e-voting as implemented today, it is easier for a single person (or multiple people independently) to have a substantial but virtually invisible impact on the outcome. With a pure paper vote, such a thing is harder to do because it usually requires collusion between multiple people.
The problem with e-voting is not the concept itself, but the implementation that allows for potentially untraceable fraud through a lack of transparency--a lack of verifiable results being made available both to the public and to the competing parties involved in the election. This problem is solvable.
- Generate a random UUID for every registered voter
allowed to participate in a given electionthe moment they cast their ballot. This UUID would not be stored along with their name, to ensure 100% anonymity. Only the person voting gets to know that UUID belongs to them specifically. However, the fact they they showed up and received a UUID would be recorded to prevent duplicate votes.
- Any vote cast will be stored with its own UUID in the voting machine used.
- At least TWO printed copies of each vote are printed on the spot whenever a vote is recorded. One goes to the voter, one to the poll workers. (A double receipt system, like what happens when you buy a pizza! What a thought!)
- Any 3rd party can request a copy of all vote receipts for their own counting and verification.
- If possible, recorded votes should be transmitted immediately to a central (public, mirrored) server AS WELL AS kept on the original machine. This can be done at a later time if no connection is available, but immediate results add transparency and efficiency.
- The vote receipts include the voter UUID, the vote UUID, a one-way hash generated by the vote(s) cast on the ballot, and a detailed breakdown of the actual vote(s) cast. The vote cast cannot be changed without altering the one-way hash, which is very easy to detect even manually. Also, since only the original voter knows their per-election voter UUID, your anonymity is guaranteed even if you lose your receipt.
- Anyone can enter a voter UUID and vote UUID combination (from the receipt) on the aforementioned public and mirrored server to VERIFY that the recorded vote matches their receipt. THIS IS THE KEY. It is unlikely that everyone will verify his or her vote. But it is also very likely that some people will, and if anyone discovers a legitimate discrepancy (which would be simple to detect if it exists), then legitimate evidence of tampering will become obvious.
This system is remarkably similar in many ways to the way credit card companies process transactions. It is maddening that a $25 purchase at a convenience store has more accountability attached to it than a vote for president.
Give me an Arduino, an ethernet shield, a touch screen (or TFT + some hardware buttons), a thermal printer, a Rackspace cloud instance, a month, and $10k and I'll build you exactly this system using entirely open-source hardware and software, completely documented at every level. The platform is so simple that any decent programmer could explain it top-to-bottom after 20 minutes of perusal, and the lack of complications reduces the chance of undetected tampering or manipulation. And, of course, the public verifiability of EVERY VOTE make tampering unlikely.
I'm sure such efforts have already been proposed and/or pitched to election boards and/or even implemented in some cases. But I'm a programmer and a Ron Paul supporter, and as such this post was cathartic for me. I'm still totally serious about that last paragraph. I am not well-versed in specific election regulations that may require some tweaks to this system, but in any case I'm confident something very similar to this at least could work very well.
I do not want elections to be unfair even if "my" choice doesn't win. I can't imagine that anyone would reject a proposal for such a transparent and efficient system unless they have something to gain by impeding or hiding the real process. Screw Diebold. E-voting machines should be open, simple, obvious, and 100% OSHW. This is not that hard, and there is NO good reason for any proprietary elements anywhere in the system.