Electronic Voting

John Ray, who writes Dissecting Leftism, an interesting blog decrying various inane comments from left-wing types, recently noted:

Statistical expert John Lott Jr. sets out why California’s virtual ban on electonic voting is just ignorant technophobia. Australia has paper voting only so I have no personal knowledge of alternatives but his claim that electronic voting is in fact more secure than paper voting seems reasonable to me. Voting security in Australia is a joke — leading to Al Capone’s famous saying “Vote early and vote often” being regarded as good election-day advice in some Australian Leftist circles. Rather like Pakistan.

Obviously, I’m going to bridle at being called a technophobe, as I’m not persuaded by the linked article that electronic voting is secure. The main problem with the article is it conflates two security issues. One is identification and ensuring that people only vote once. Australia doesn’t do a terribly good job of that — no ID is required, so you can just pick a name from the phonebook, walk up, claim you’re that person, and vote. They might find out later that “John Smith” voted twice, but that’s not going to help them catch you, so what do you care? Similar problems for people who die, but aren’t off the electoral role, or who are away, or whatever else. That’s an issue where electronic measures can help: taking digital photos of people who vote and associating that with the name they claim to vote under would give you a mechanism of better catching fraudsters, and requiring photo ID with a barcode that gets scanned and passed around the various polling places would be a pretty effective countermeasure too. But none of that is really about electronic voting — it all happens before you get into the booth.

The real problem for fraud in electronic voting is in incorrectly counting the results. It’s trivial to write a program that displays a vote for Bob on the screen or on a printer, and records a vote for Alice on a read-only CD ROM. It’s trivial to write a program that does this only one in a hundred times, or only after a thousand votes have been recorded. And it’s impossible to test for this situation. Worse: you don’t have to be acting deliberately to cause these sorts of problems; they can be caused by bugs, or out-of-spec usage. With paper it’s not an issue: you know exactly what you’ve written down, there’s no physical way for that to change between you’re writing it down and it being counted, and when it’s counted we have security measures in place to make sure it’s counted correctly.

There are ways to avoid this sort of problem — making the source code available for public inspection is one, and another is having controlled interfaces (eg, between making the vote (press a screen, get a certificate), recording it (put the certificate on a scanner) and counting it (remove the storage device from the recorder and put it in another machine) — but none of them are perfect, and none of them are really even that well understood. And that’s by experts — voting needs to be something that everyone can trust, not something that you need a PhD in computer science to be able to understand.

Based on the Australian experience — where we have fairly effective preferential voting, very simple procedures for voting (no butterfly ballots), and a whole bunch of folks who’re good at getting election results calculated very quickly — it seems to me that electronic voting is trying to solve the wrong problem (“We need computers in the voting booths! Because that’s cool!!!”), instead of the right ones (“We need some non-intrusive ways of stopping people from multi-voting”).

Leave a Reply