I decided not to comment on the political aspects of the latest US Presidential election in my blog, but one thing that has been bugging me for the last few days is the poor quality of the technology that they use to collect and count the votes in what is their most important election.
Firstly, there were all the debates about the lack of a paper trail on the fully electronic machines. I don’t even know why this was a debate. It seems to me to be obvious that a paper receipt should be printed. It is odd that nobody debated this for ATMs or lottery ticket machines, but when it comes to something as important as voting there is a question about the need for a receipt.
Next, a couple of my colleagues voted using the optical scanner machines. They did get a paper receipt, but not one that verified that the machine had read their selections correctly! The California lottery terminals work on a similar scheme (you fill in the circles with a pen and machine ‘sees’ those marks), but the lottery folks felt the need to not only print your selected numbers on the receipt, but also to remind you to check them before leaving the store. Why was this basic step missed from the optical scan voting machines?
Then, today I read an article at Wired about machines in North Carolina losing votes because they could not hold as many votes as the manufacturer (UniLect) claimed. So, why did the machine not stop accepting votes when the limit was reached? My ATM manages to stop trying to hand out cash when it runs out; the same ATM will tell me that it is unable to issue a receipt when it runs out of paper too. How come this basic resource monitoring was not part of the machine’s design? That’s not the end of it though. Why was the machine not tested by the county officials before the election? Surely, testing the maximum number of votes it can hold is one of the acceptance tests?
Don’t get me wrong, I think that fully electronic voting machines are the way forward, but I also recognise that there needs to be a proper audit trail and proper controls over who has access to the machines and the software that they run. A number of web sites (e.g. http://www.thudfactor.com/voterfraud/) have shown how easy it is to rig an election using an electronic machine. What was not stated so clearly was that it is also possible to design one that with appropriate testing, and a proper audit trail, can do the job fairly. Here’s my simple list of requirements:
- A printed duplicate receipt with details of the selections made, and a transaction number. One copy goes to the voter, the other is kept in the machine, much like a cash register in a store.
- The software needs to be separate from the data that describes the choices that can be made. This means that the software company cannot know in advance what the choices will be, nor the order in which they will be displayed.
- The machines need to be thoroughly tested before every election, using the exact software that they will be running on the day, and the exact data set that they will be using. If they contain a real time clock, it should also be set to the same date and time as the start of the election (to avoid the possibility that the software will change its behaviour based on time & date information).
- The machines should have votes entered into them until they stop accepting votes. Also, they should stop accepting votes if the receipt paper runs out or anybody tries to tamper with the machine during the election.
- Finally, at the end of the testing the paper copies of all the votes should be counted to see whether they match the electronic count.
The advantages of electronic voting are obvious – touch screens that can display information in a number of languages as well as walk the voter through the election one choice at a time, rather than presenting them with a form to fill in, should make it much less likely that the voter will accidentally make the wrong choice. It is up to the software industry to make them demonstrably reliable so that the voters will trust them. Maybe this is one case where importing a machine might be a good idea too (that way the manufacturer will be less likely to have an interest in the result of the elections it will be used it, something that was clearly not the case with at least one US manufacturer).