Vote but Verify
Local Rochester-area political blogger Thomas Belknap recently railed about HR 811, interpreting its requirement of a voter-verified durable paper ballot as a small-minded banning of an attractive future of modern networked reliable electronic voting machines. I could not resist posting my disagreement into the comments on his blog, and perhaps I am going to convince him, as he edited out my most provocative snide political shots and left in some of my more reasoned comments.
As a security person, I must point out that if machines do not produce a reliable auditable record, then all you have is a fait accompli fraud-blessing device. That’s the short version of the security argument.
I’m willing to go along with NIST that, as of today, all-electronic systems are an important research topic, not a settled present alternative:
The approach to software-independence used in op scan is based on voter-verified paper records, but some all-electronic paperless approaches have been proposed. It is a research topic currently as to whether software independence may be able to be accomplished via systems that would produce an all-electronic voter-verified, independent audit trail (known as software IV systems).
A durable paper ballot requirement is not a retrograde goof, nor a rejection of e-voting. It’s a reflection of current reality, that all-electronic e-voting implementations are asking for trouble. Codifying an allowance for all-electronic systems today would just open the door to arguments about what’s good enough cryptographically, arguments that will be settled by folks even less competent than our representatives. Codifying the well-understood voter-verified paper audit trail as a requirement puts an immediate crimp in the shopping spree for fancy-looking machines that are rotten inside – a shopping spree that will continue if this law isn’t passed, creating an ever-larger lump of sunk investment in pretty bad technology.
A paper audit trail today isn’t a rejection of e-voting, it is progress toward a more robust implementation that in the future will, no doubt, also include other alternative durable auditable records.
For credible background on the security geek consensus, see the above-quoted NIST draft, the US ACM policy recommendation, or Bruce Schneier (University of Rochester physics alumnus!). Or anything by Ed Felten or Avi Rubin on this subject. In this case, our representatives seem to be listening to informed advisers.
Regarding politics: All parties’ oxes have been gored at one time or another by voting fraud or rumors of fraud, so this does seem like an issue on which a consensus could form.
