An Electronic Voting Machine proposal

Please send any reasoned disagreements to me. If your facts and logic are convincing, I'll change my mind !       

Electronic voting machines are not evil ! It is quite possible to have an electronic voting machine system that is more open, auditable and reliable than the current non-electronic voting systems.

What a voting system should accomplish:

Today's voting systems don't accomplish most of these goals. For example, paper ballot systems have mechanical problems in counting, require trusting the machine (the paper is used only in one step), give bad access for visually impaired or elderly, don't provide multiple options for voters, don't allow voting from any location, aren't "green" (require travel to polling place), don't have redundancy and cross-checking. Absentee ballots don't prevent coercion, don't record votes reliably (can get lost in mail, no confirmation), and have most of the problems of paper ballots. Today's electronic machines require trusting or internal-auditing a very complex machine.

Disadvantages of a purely pen-and-paper system:
Paper is hard to transport and store and recount. It doesn't provide multiple UI's, such as for the blind. It can be manipulated (extra ballots added, valid ballots discarded). It can be damaged or lost accidentally (fire, physical collision, etc). You have to print and manage unique paper for each precinct. If there's an error or change, you have to throw away paper and print again. It generates waste.

Voting has two parts to it:

My proposal:
Voter gets an encrypted paper receipt after voting, and can use it then or later to verify vote was recorded accurately, and made it into central database. A single polling place can use a mix of machines from different manufacturers. Vote-recording and vote-verifying machines must be from different manufacturers. Only the internals of the central vote-counting machine need to be trusted or expert-verified; no need to look at internals of the individual vote-recording and vote-verifying machines, because they are used to check each other.

How the "front end" of electronic voting should work:

How the "back end" of electronic voting should work:

This kind of system seems to be known as an end-to-end auditable voting system.
Looks like someone else has had this idea: Vote and Verify.

See also:
Wikipedia's "Electronic Voting"
Cyrus Farivar's "How e-voting works around the globe"

Internet voting / online voting:
How it would work, as part of the receipt-based system described above:

About the "sanctity" of a vote:
I and a billion others have been doing financial transactions (banking, credit cards, retail purchases) over the internet for a decade or more. The money in my bank account is worth far more to me than my vote in an election. Yes, if thousands or millions of votes were stolen in an election, that would subvert democracy. But if my individual vote was lost, it wouldn't hurt me very much.

And I suspect my vote goes uncounted fairly often. A machine malfunctions and there's no paper trail, or it's a landslide so absentee ballots get discarded instead of counted, or the Post Office loses my absentee ballot.

I and a billion others have been buying lottery tickets and using ATMs for decades, relying on paper receipts, and legal recourse if something goes wrong.

This is not to say that we should do voting in a slipshod way, or that voting errors don't matter. I think it does show that voting with receipts, electronic voting machines, and internet voting can be done accurately and securely.

Things I don't understand about absentee ballots (AKA voting by mail):

From Lawrence Norden on NPR "Science Friday" 11/16/2012:
"[in USA] ... it's not just one election, it's not even 50 elections. ... We really have 4,600 separate jurisdictions running elections because elections are really run at the county and town level. ... we need to think more about at least having some minimal federal standards ..."

In response to a comment on reddit:
> ... i can't immediately see any advantages
> [this page's proposal] would have over simply
> voting online by logging into a government website.
> and, as far as protecting ballot secrecy goes, i
> think [this page's proposal] would actually be less
> secure than one centralized govt website because
> you'd have to be concerned with the administration of,
> and security of each polling place, rather than one
> ultra-secure server behind a massive federal firewall.
> since we are quite content to electronically submit
> our financial and tax information to the IRS each year,
> and that information is much more sensitive than our votes ...

I've been assuming that the STRUCTURE of the voting system would continue unchanged, that it would be very hard to change. In USA, voting is controlled at county level, generally. Every precinct has a different slate of candidates. That makes it hard to do in a central national site. I doubt the anti-federal-govt crowd would accept that centralization. Consider the resistance to a national driver's license; why would they accept the national ID needed for centralized voting ?

My system relies on receipts for security. A central system could do the same. I guess I don't care whether voting is done by precinct or in one national server, as long as the receipt-and-verification structure I outline is used.

Voting online, as opposed to voting at a polling station (electronically or otherwise), poses a challenge of vote-selling or coercion. You really need a controlled place to vote. We could allow online voting from booths in banks, libraries, govt offices. Anywhere that some trusted person could assure that the voter goes into the booth alone. Each booth would be just an internet-connected computer with a privacy screen around it, plus a printer.

/u/Bry6n on reddit suggested using the Bitcoin crypto-currency blockchain model. My thinking on that:
[I'm may be using some terms a bit wrongly; I don't know a lot about crypto-currency.]

I guess the crypto-currency model adds two things:
  1. Identification/authentication of user/voter via an encryption key.
  2. Distributed servers and ledger (blockchain) recording the votes and doing the counting.

The identification/authentication part does provide some end-to-end verification, which is good.

The "distributed ledger" part mainly solves the simplest part of the voting system, the central counting server.

But the bigger issues are separating things across multiple vendors, separating complex UI functionality from simpler functionalities, receipts, and avoiding coercion. None of which are addressed by the crypto-currency model.

You could use the blockchain in such a system, but the blockchain would be only a minor part of it, not the important part.

"The best argument against democracy is a five-minute conversation with the average voter."
-- Winston Churchill

Bookmark and Share

Home       Rants and Reasoning    Site Map

Privacy policy