Subscribe now

Letter: Low-tech voting

Published 22 November 2006

From Andrew Yake

Celeste Biever discusses safeguarding democratic elections (21 October, p 30). But this demands all three pillars of verified voting: transparency, auditability, and security.

Transparency means that just about everybody understands how their vote is recorded, counted, and secured. Auditability means that whenever tampering or other problems do occur, they can be reliably detected and therefore appropriately remediated. Security includes anonymity and means that both voters and their votes are safeguarded against manipulations. Ignoring transparency almost guarantees compromises to auditability and security.

Unfortunately, all software-based voting systems share the same problem over auditability. Even when they can prove that they have accurately recorded voter inputs, they are still capable of reporting fraudulent outputs. Thus, the only potentially reliable way to audit for such output fraud would be to test output data against samples of input data. But, contrary to implications in your article, valid statistical samples could never be obtained. Only volunteer samples would be recoverable, and these would be invalidated by the well known effects of volunteer bias. Software-based voting systems, especially cryptographic systems, make this auditing disaster less transparent and thereby threaten the security of our elections.

The solution is to return to low-tech voting systems that can and do provide transparency, auditability, and security. The voter simply marks a durable ballot next to their candidate’s name and drops that ballot in a secured ballot box. Ballots are then counted by any reasonable method to generate the output report. True auditability is assured, because the original input ballots can always be recounted. Furthermore, security for such low-tech voting systems reduces to securing the chain of custody of physical ballots.

While this is no small task, its distributed nature also means that it would take a vast conspiracy to steal an election. In contrast, security for software-based voting systems requires securing the chain of custody of ballots that are both invisible and vulnerable to attack all at once from a single networked location.

Pittsburgh, Pennsylvania, US

Issue no. 2579 published 25 November 2006

New Scientist issue 2579 cover

Sign up to our weekly newsletter

Receive a weekly dose of discovery in your inbox. We'll also keep you up to date with New Scientist events and special offers.

Sign up
Piano Exit Overlay Banner Mobile Piano Exit Overlay Banner Desktop