The Florida version of the 2000 presidential election proved that punch cards are problematic. California’s adventures with touchscreen voting machines—including what amounts to a blanket decertification by the California secretary of state—demonstrated that this form of tally has some problems as well. Paper balloting seems a relic of the distant past. With the November general elections quickly approaching, many are wondering how they can ensure that their votes actually are counted.
Daniel Silverstein, a freelance computer consultant and recent Cal graduate, says he has a solution. When he looks at paper ballots and touchscreen machines he sees where they are flawed, but also looks at their advantages. Instead of looking to one or the other to ensure the vote, he says, we should be looking at both.
By both Silverstein doesn’t just mean a voter verified paper trail, where a touchscreen machine prints out a paper receipt. Instead, he thinks both the paper and electronic components should be used in conjunction, balancing each other out and aiding each other in facilitating the vote.
“Whatever can go wrong, will go wrong,” he said, explaining the need for redundancy and verification. “Expect machines to fail.”
Silverstein has put his ideas on paper and is currently trying to get his academic essay—“Improving the Security of Your Election by Fixing It,” co-written with two other students, Tobin Fricke and Damon McCormick—published in a peer-reviewed journal. The paper is currently being reviewed by Rebecca Mercuri, a computer science professor and one of the leading experts in the field.
Silverstein said he does not have plans to patent any voting machine product that might result from the publication of the paper, but is more interested in adding his ideas to the debate over the issue.
The goal of the proposed new system, Silverstein said, is to “leverage both computers and paper ballots to create a hybrid voting system which is more secure, auditable, and fault tolerant than either paper ballots or electronic voting alone.
What Silverstein proposes is one step further than the one recently demanded by Secretary of State Kevin Shelley. Instead an electronic system with a voter-verified paper audit trail that merely checks the electronic vote, Silverstein envisions using electronic signatures that are attached to both paper and electronic votes so that both systems can double check each other.
Silverstein said he originally came up with the idea after monitoring the touchscreen controversy and then participating in the recent UC Berkeley ASUC elections. The experience, he said, gave him and others the perfect opportunity to analyze an electronic voting system without the restrictions they might have faced in a regular municipal election.
As part of his proposal, Silverstein has broken the voting system into three categories; recording, storage and tabulation. In all three, both paper voting and electronic voting have their disadvantages. Combined, however, the two systems balance each other out.
In the recording phase, he calls punch card or scanned ballots “barely adequate.” Along with hanging chads, he says things like incomplete pencil marks and partially erased bubbles can tie up such systems. Electronic voting machines, on the other hand, are much easier to use. Large type and clear interfaces help ensure that voters record the vote they intended to make. Most importantly, voters can initially verify how the machine reads what you tell it on screen.
In the next phase the two systems switch. Storing paper ballots is “fairly clear cut.” Since they are paper, we can rest assured they won’t change themselves. One of the only vulnerabilities is ballot box stuffing, a problem that Silverstein said is fairly well-guarded against.
Once a vote is cast on a computer, however, Silverstein said even the most comprehensive checks sometimes can’t ensure the machine won’t make a switch.
“There is no way to know the insides of a computer,” he said. Even if the machine’s software code is open, its hardware and software have been tested and certified, there is no way to know that every time a vote is cast, the machine will do what is it told.
Storage on computers is also a problem because even if the vote is recorded correctly on the touchscreen, the data is transferred to another central tabulation machine that can also switch the vote.
The third and final phase—tabulation—has errors on both systems. Counting paper ballots is slow if done by hand and often inaccurate. Machine is quicker, but—in the case of punch card ballots—can vary widely from the original count to the recount. Counting on a computer is almost instantaneous, but there is no record to prove the votes were cast and counted the same.
What Silverstein and his co-authors have proposed is system that casts votes electronically and produces a paper trail and signs both using cryptography to produce a digital signature, setting up multiple ways to ensure the ballot has been recorded accurately while facilitating the counting process.
Silverstein says his cryptographic techniques are similar to the technology used to ensure an on-line purchase is secure. He says the technique ensures a vote can’t be switched because the cryptographic signature (which locks the ballot) is based on codes that he says would take the next 1,000 years to crack and, therefore, change. If the vote comes into a central tabulation site different than it was cast, that is an indication that something in the voting system has been tampered with.
At the same time, there is also a paper printout of the vote with the same digital signature, which Silverstein envisions as something similar to the magnetic ink numbers at the bottom of a check. With this digital signature at the bottom, voters can verify that the vote is theirs and make sure all the data is accurate.
The project, said Silverstein, comes one step closer to ensuring a quick and accurate vote.