|
|
|
|
|
Touch-screen voting isn't the right answer |
By John Schneider
Originally published March 31, 2006
A debate over the use of electronic voting machines in Maryland
generally has focused on words such as "security," "interpretive code"
and "hacking."The arguments tend to pit the reliability and safety of one machine
against the other and compare the veracity and experience of expert vs.
expert. They are earnestly written, articulately defended and, in many
cases, factually accurate.
Advertisement
Unfortunately, they are also largely beside the point.
This isn't surprising: There are powerful commercial and political
interests vying for the upper hand, with much prestige and profit at
stake. Still, the debate has been incorrectly framed, and voters are
the poorer for it.
The problem is this: When discussing the integrity of any data storage,
processing and retrieval system, the term "secure" is a misnomer. In
the realm of computer science, there is no such standard, no such
definition. One can only describe the precautions taken and the
recovery plan if the system is breached.
More simply, all computer systems can be rigged or manipulated. It is
never a question of "if," only of time or money and the potential
payoff. That's why computer science regards security as a process, not
a feature. This process has several integral parts, which include
multiple layers of intrusion detection and prevention, alerting and,
most important, a means to recover from a security failure.
The last point has been lost in the debate and needs to be
reintroduced. As much as we would like to believe assurances that our
machines are infallible (because most of us don't have the experience
to determine this ourselves), we will have given up the right to know
whether our vote was true if our recovery plan consists solely of
trusting the technology masters.
So let's talk about a responsible recovery plan.
We first heard terms such as "dimpled ballots" and "hanging chads" in
the fateful presidential election of 2000 in Florida. A near-panic
ensued, leading the nation to an almost instant decision to radically
alter a voting method that had persisted since the Colonial era: the
elimination of a voter-prepared physical record - the paper ballot.
Instead, we decided to accept an electronic interpretation of the vote we cast, using machines we don't really understand.
Most everyone agrees that the simplest recovery plan consists of adding
a so-called paper trail, which allows voters to confirm their
electronic choices by referring to a physical, printed record. If
machine problems lead to a recount, paper allows one to take place.
But in this case of recording and verifying a vote, not all paper is
created equal. "Paper trail" has been used to describe everything from
a continuous-feed roll under glass to a hand-prepared ballot.
In unanimously passing a recent voting machine bill, the Maryland House
of Delegates accepted the idea of a paper record that captures
individual votes. The Senate has not adopted the same proposal and may
be heading toward a system that has serious limitations. For example,
some senators seem to favor using individual touch-screen machines with
paper-under-glass verification. After casting their votes, the voter
peers through the glass at the paper printout and confirms the list as
accurate.
It sounds easy, but "live" voters have difficulty reading small type,
comparing as many as a dozen or more votes, and too often find it
easier to just skip the verification effort. And even after that,
machine-printed records are still subject to security problems. In
short, this brand of paper trail provides little assurance that the
voter's intent has been captured and confirmed, and introduces an
administrative nightmare.
A House proposal requires a voter-prepared ballot, optically read by a
scanner in the voting precinct and backed by a second accessible
reader. After the ballot is read, the original paper record remains for
a later recount, prepared by the voter's own hand.
Optical-scan machines require the voter to darken spaces on a paper
ballot and then take the ballot to a scanner, where it is fed into the
machine and read for tabulation. These ballots are retained inside the
scanner, where they become a part of the permanent record of the
election. Only one scanner is required for each polling location, plus
a second unit that's accessible for people with disabilities.
The key difference between touch-screen voting and the optical scanner
is that only the scanned system leaves behind an actual record prepared
by the voter's hand and therefore is not "hackable" in the event a
recount is necessary.
An added bonus with an optical-screening system is that it relies on
far fewer machines and can be purchased with the residual value that
lies in our current inventory of touch-screen machines. Net cost: about
zero. Net gain: renewed confidence in our electoral process. A
priceless benefit, at a fair price.
John Schneider is a consultant on Internet and data security. His e-mail is aivset@yahoo.com. |
|
| |
| |
|
|
