Wednesday, June 07, 2006

Random Thoughts on Voting Machines

No extra brain-cells to spare this evening, so here's some random ideas for improving both the security and the efficiency of voting. I have voted using punch cards, big lever machines, scantrons and touch screens. My favorite method is scantron as it is very easy to use and has a relatively low failure rate as well as leaving behind a physical paper ballot. My least favorite is touch screen because they are privately produced software with serious security questions, do not leave a good paper trail, and have some of the most horrifically unusable screens in the world of computers.

First and foremost, the software used in electronic machines needs to be owned by the US government, be in the public domain, and be absolutely trusted for its security and accuracy. This would include the machines that read scantron style ballots as well as pure touch-screens.

Now, what is the most cost effective and transparent way to do this? A national competition between the computer science departments (with a little helping hand from the political science departments) of the major research universities of the US. The job? Design the above-mentioned computer system, and then allow the other competitors do their damndest to hack into, bring down, and/or otherwise corrupt your system. Think about it - bragging rights forever for the CS program that prouduces the winning system.

You could toss in a few other restrictions, such as it must run on minimal, ultra-cheap hardware, it must pass accessibility standards, it must be open source, it must be easily configurable by non-technical types, etc. In short, spec out your dream election system.

I was also thinking about the scantron stuff. The ballot is scanned when it goes into the ballot box - is that to kick out incorrectly marked ballots? Does it do a total right then? Having some way to catch incorrectly marked ballots before they go into the box would be a very good idea, as it gives a chance for the ballot to be corrected by the voter, or destroyed and replaced (with correct documentation, like a photograph or fast digital video) with a fresh ballot. The goal here is to reduce spoiled ballots.

Now, what about the fear of ballot box stuffing? This is a long-standing tradition of corrupt regimes everywhere. The reason it can be done is because the ballot boxes have to be where the voters are, often in remote locations, and then have to be transported back to the election headquarters. Physical and electronic stuffing (or it equally nasty twin, vote destruction), is done when no one is watching. So, make it almost impossible to avoid being watched.

The problem here is how to maintain the anonimity of the voter? You can't track things too closely, lest you impinge on privacy. Well, a few things come to mind. One is that cellphone towers are ubiquitous, that cell-enabled modems are dirt cheap, and that barcodes are very powerful. You need to have ways of counting things that allows aggregate numbers to be tracked on a precinct by precinct basis. Thinking about my own voting experience, there are two ways to keep votes honest, and these are relatively simple to do, given current technology.
  1. Provide an up to the minute count of how many people are handed a ballot in a precinct in real time. After I have been checked off on the registered voter roll, if I have a scantron ballot, the barcode on my ballot that repeats the unique code on the ballot is passed under a barcode scanner. It beeps to indicate a recording. The ballot number is transmitted (encrypted, duh) to a central election location, and is instantly viewable by independent poll watchers, party hacks, members of the press not engaged in sniffing Hillary Clinton's panties, and the general public. The fact of a ballot number simply indicates the ballot has been handed out, and is date/time stamped for when it is recorded. It does not say to whom the ballot was given. The point is to have real-time data against which a final count may be compared, and to show how fast and furious the votes are coming in.

    In the case of an electronic vote, the barcode comes after the ballot is cast, and I'll get to that next.

  2. Provide the voter with a humanly readable copy of the vote just cast. This can be done with the scantron (if, as I believe, the vote is read at the time of submission) or the touch-screen styles. Laser printers are freakin' cheap! Tell printer companies they can deduct the wholesale value of machines and supplies donated to precincts from their tax bills or something like that if you're worried about costs. When the vote goes in, the printer spits out two sheets of paper. Print them out face down for privacy. One is watermarked "Voter Confirmation" and the other is stamped "Precinct Confirmation". They have matching ID numbers printed on them and are barcoded. If an electronic vote has been cast, the barcode is swiped under the counting scanner to provide the real-time voter voter count. The voter sheet goes home with the voter. The precinct paper goes in an unofficial but sealed box for the precinct.

    Now, here's the fun part. Every ballot has a unique ID number. This has been true since the punch-cards. But with these unique numbers, you can go home, go to the web site of the county election office, and type in the number of your ballot. There may some time delays, but the results in the official system had better match what is on the page printed in front of you. The precinct paper copy gets busted out if something goes wrong with the electronic vote - nice, easy to read, no question about what votes were cast. There should also be a way throughout the day to double check the voter turn-out in any given precinct - not the votes cast or the voter breakdown, but simply that 100 voters have cast their votes in precinct 57 as of 11:45 today. Update every quarter hour on the quarter hour.
Each of these measures is avaialbale right now for relatively cheap. Ask the computer wiz kids to wirte the software for this, too, and have it integrate into the actual vote recording software.

But what about absentee ballots? I think they need to be accounted for before the polls open, else they will become the means through which votes are faked. They, too, can come with ID numbers and barcodes, the barcodes requiring scanning to create a date/time stamp on when they were received. They may even record which election worker scanned the vote into the system to further discourage electoral hanky-panky. The barcode can be cross-checked against when the ballot was sent out, and whether it is valid - and none of theis connects a particular vote with a particular person. When the ballots are opened up and recorded, they are barcoded into the vote system so that the absentee vote meets the same condition as the in-person vote.

Databases are big, dumb systems really good at counting, sorting and cumulating things. Datetime stamping is your friend, as it decreases fraud attempts, not to mention delighting thousands of poli sci professors who now have a new data point to analyze.

Transparency and privacy can go together, and in much simpler and cheaper ways than you might think. I disagree with demands to return to paper and pencil for marking ballots. I expect the US to step up to this plate and fix the damn problem using common sense and ingenuity.


No comments: