The Opinionated Bastard

I've been thinking about this problem for awhile. After the debacle of 2000, Congress passed HAVA, the “Help America Vote Act”. Basically, this requires most of the polling places in the US to move away from the dreaded “chad”. They were supposed to do it by 2004, but voting is a tough and interesting problem; its actually more complicated then say, internet banking because it has to be secret.

So moving from punch cards (which pretty much all observers agree are the pits) causes other problems. All of the newer systems are computerized to some extent, which makes one worry about the following problems:

1. The computers could be hacked.
2. The computers could be corrupt, they could skew the election.
3. The computer could be buggy.
4. The computer could spy on the voter allowing votes to be correlated to the individual voter.

As one critic puts it: The computer can display one thing, print out a second, and record a vote for a third.

For this reason, many people have advocated a VVPT, a Voter Verified Paper Trail. That is, there should be some sort of paper a voter could print out and verify that their vote is recorded correctly. In the case of a recount, those paper trails could be counted instead to make sure the computers are working correctly.

Of course, this leads to its own set of problems, because if your precinct runs out of ink does that mean you can't vote? It also doesn't solve the traditional ways to cheat in elections:

1. Voting the dead (Nixon vs. Kennedy).
2. Stuffing the ballot box (Iran and Washington State).
3. Multiple voting by the same people (i.e. driving busses around like they did in Iran this time).
4. Outright lying (Iran again, fudging the count)

Paper is not a panacea. In some ways I think paper makes things worse because paper is a tangible thing, so people have more faith in it then they would some electrons in a computer. But it can be just as misleading, manually counted paper ballots are going to be off by about 2%.*. If you have the paper contain some sort of bar code or marking so a computer can count it easily you're back to having the computer again, plus you get errors from any human readable marking. Bar codes are easier for a computer to read then markings, but humans can't read bar codes, so you're back to trusting the computer again. Recently, it turns out that the optical scan method where voters fill out a form that is then scanned has been demonstrated to be insecure. So even with a paper trail, that won't help, and who are you going to trust to do the recounts anyways? The same mullahs who run the elections already?

I've always been of the opinion that the whole paper/electronic thing was obscuring the other issues. Washington State has proved me right, because the paper trail didn't help.

Now many others have looked at this problem, but I had a unique insight. I think thats because most of the people in this industry are looking at America, where each party has representatives involved in the electoral process. What I'm curious about is creating a system that would work if even the voters, the poll workers and the electoral commission were corrupt. Securing the voting computer isn't actually necessary. Which is good, because as many people have shown, its impossible. Instead, what we need is a way to allow others to replicate the function of the computer themselves on a system under their control.

Specifically, there's no reason why the computer couldn't be used as an interface terminal between the voter, the Election Commission, and the New York Times.

Let me explain how this would work. A Voter Verified Paper Trail would work as follows:

A Voter goes up to the computer and votes. The computer prints out a receipt, which the voter verifies is correct. The computer then records that vote on the master computer that tallys all the votes. The voter must then return the receipt to the poll workers. They are not allowed to take their receipt with them as the ballot would then no longer be secret. Recounts could be done using the paper receipts, though of course if voters have been allowed to look at them, its quite possible they might leave with them as well, creating discrepancies because a recount will show a vote in the computer with no corresponding receipt. There's also the problem that the receipt printer could run out of ink.

In the system I'm thinking about, the voting and verification steps would be decoupled. It would also remove the local electoral commission monopoly on the counting and verification of the ballots. Leaving aside secrecy for the moment, in this system, as you vote your vote is transmitted to any number of interested parties. Here I've used the UN and two newspapers, but there would presumably be a number of interested election observers.

The voter can then verify that there vote was recorded separately by independently confirming with one of the observers:

Now this solves the whole complicated problem of ensuring the integrity of the voting computer because in order to fake an election you would have to compromise the integrity of the New York Times and the UN simultaneously. If the vote transmission protocol was an open standard, presumably there would even be multiple implementations of the software running on all the different observers.

Of course, there's one problem. We no longer have a secret ballot. So what we need to do is take the above system, but make it secret. I won't bore you with the details, because frankly, they bore me as well. But basically, the guys at VoteHere have worked that out. They've had to bow to the paper madness, but really, what they're calling a receipt could just as easily be done over a cell phone, handheld, etc. under the users control. Basically, you would get a set of magic numbers back from the polling place for each candidate and a voter id. You can then go to a website later on and check that the magic numbers match. The only thing I would tweak in their system is to map the checksum numbers to words, I think it would be easier for people to confirm that “Daisy” was present instead of “Petunia” than confirming that 665 was present instead of 656.

So now that we have the voter-polling place system worked out we suddenly have a huge advantage. We have computers in the polling places! Given that, we can now look at the “classic” ways to fudge elections:

1. Voting the dead (VoteHere provides a method of removing votes from the final tallies if I remember correctly).
2. Stuffing the ballot box.
3. Multiple voting by the same people (i.e. driving busses around like they did in Iran the last view times).
4. Outright lying (fudging the count) This is no longer possible because there are now independent observers.

So now we're left with 2 classic methods of of stealing elections. These are interrelated, because basically you want to ensure that each person only votes once, and that there is a human being for every vote. This is especially important for computerized voting, given that a computer could generate votes automatically. For instance, every person who didn't show up at the polling place could automatically have a vote generated for him or her by a computer.

A rough idea for a solution to this I think would be webcams in the polling places. Not in the booths of course, but in the places themselves. These pictures would be transmitted to the independent observers (or to anyone on the internet really) to show the people that are voting. It would be tedious, but someone could audit the photos to ensure that the correct number of people entered. If a few people held up the morning paper to the camera, this could serve as verification that the pictures were current, and from this election. In fact, if the webcam could be moved around independently by independent observers (some webcams let you do this), the paper could merely be placed somewhere in the background, basically providing a timestamp for each frame in the video. The webcams would also help because if someone was seen in multiple places, there would be a visual record.

This would help prevent wholesale fraud like in Iran more then it would the light duty fraud like Kennedy vs. Nixon, however at this point in the state of the world, dictators are smart enough to claim they won by slender margins, its always 90% or worse.

So with computerized voting, perhaps perfect elections are possible.

Even in Iran.

Update: I noticed there was a double entry and accidentally deleted the wrong one, thereby eating two comments.

Basically, I'll summarize here. The VoteHere system does not let you "prove" who you voted for (so you could sell your vote) but it does ensure that your vote was counted. The receipt has numbers for all candidates, you basically can check that the numbers match. If the numbers match, then the only way they could match is if all the votes are correct for everyone but that's behind the scenes. Its just its a lot of math to explain, go to their website if you want the details.