http://homepage.cs.uiowa.edu/~dwjones/voting/

COMPUTERS AND VOTING

by
Douglas W. Jones

University of Iowa
Department of Computer Science

Jan. 25, 2001
4:30 PM, 107 EPB
Class presentation for 55:91, Professional Seminar: Electrical Engineering
University of Iowa Department of Electrical and Computer Engineering

We are in the midst of a revolution in the way we vote. This revolution started in the 1960's with the introduction of punched card voting, and not long after that, optical mark-sense voting. In the last 10 years, the rate of change has increased. This revolution offers wonderful opportunities, but the technology we use has left our laws and regulatory structures far behind, and this poses real perils for our democracy.

Fundamental Issues

• Who can you trust
  • Every participant is a partisan.
  • Forced cooperation of opponents.
  • Let the sun shine in.
  • Trust leads to corruption.
  • Trust nobody and honesty emerges.

• Without context, technology evaluation impossible
  • What are the rules?
  • How are the rules enforced?
  • How are votes counted?
  • How are vote counts transmitted?
  • How is canvass conducted?

• What is a ballot?
  • A piece of paper marked by a voter?
  • A piece of paper punched by a voter?
  • A piece of paper marked by a machine?
  • An electronic record of voter intent?

• Who regulates the system?
  • Federal civil rights law is binding.
  • Federal Election Commission (FEC).
  • Most FEC standards nonbinding.
  • State law traditionally dominates.
  • Some states mandate FEC standards.
  • Typically run by Secretary of State.
  • Typically run by County Auditor.

History and Survey

• 1858, Australian paper ballot introduced
  • Low tech, but not obvious.
  • Accepted very slowly.
  • Widespread use in United States by 1900.
  • Counting rules can be corrupted.
  • Open adversary systems are trustworthy.
  • Physical ballot security essential.

• 1892, Mechanical lever voting machines
  • Seen as solution to paper ballot fraud.
  • Expensive, but widely used by 1920's.
  • Recount not possible.
  • Tampering with mechanism possible.
  • System maintainers must be trusted.
  • Physical protection of machine essential.

• 1964, Punched card voting (Votomatic)
  • First wedding of machine to paper ballot.
  • Solves problems with lever machines.
  • Inexpensive, widely used by mid 1970's.
  • Recount possible.
  • Hanging chad!
  • Is the ballot evidence of voter intent?

• ~1970, Optical mark-sense ballots
  • Second wedding of machine to paper ballot.
  • Eliminates problems with chad.
  • Inexpensive, widely used by 1990.
  • Recount possible.
  • Marginal marks, erasures, smudges.
  • The ballot is evidence of voter intent!

• ~1985, Direct-recording electronic voting
  • Replace lever machines with computers.
  • Not yet widely used, but use growing.
  • Recount possibility may be illusion.
  • Proprietary software.
  • Which programmers do we trust?
  • Exactly what is a voting machine?

• ~2000, Internet voting
  • DRE absentee voting?
  • Voting machine supplied by voter?
  • Electronic transmission of ballot?
  • No control of software?
  • Which programmers are involved?

Options

• Precinct count
  • Vote totals computed at precinct.
  • Totals sent to county canvassing board.

  • Paper ballot (optional)
  • Lever machine
  • Punched card (expensive option)
  • Mark sense (common but expensive)
  • DRE (optional)

  • Prompt use eliminates overvotes.

• Central count
  • Ballots sent to county office.
  • Counting in central location.

  • Paper ballot (optional)
  • Punched card (common, inexpensive)
  • Mark sense (common, inexpensive)
  • DRE (optional)

  • Precinct mechanism eliminates overvotes.

The Role of Computers

• Ballot counting
  • Applies to punched-card, mark-sense, DRE.
  • Hand recount reduces need to trust code.
  • Hand recount impossible with DRE.

• Ballot image transmission
  • Applies to central count systems.
  • Applies to some precinct ballot readers.
  • No current standards!
  • Is a copy of a ballot valid evidence?

• Vote total transmission
  • Applies to precinct count systems.
  • No current standards!

• Audit requirements?
  • Who can inspect code?
  • What code subject to inspection?
  • FEC standards require third-party audit.
  • Standard components exempt from audit.
  • Example exemption: Windows
  • Suggestion: Open source!

• Escrow requirements?
  • Is software used same as that approved?
  • FEC standards call for software escrow.
  • Very hard to prove what version used.
  • Mechanism supporting proof absent!
  • Suggestion: Proof before certification.

• Data communication?
  • Standards ignore this issue!
  • Cryptography is not authentication!
  • Key management is essential!
  • Open standards completely absent!
  • Interoperability not currently possible.

  ---