?

Log in

No account? Create an account

fanf

Transparently auditable automatic vote counting

« previous entry | next entry »
9th May 2012 | 12:36

Electronic voting is impossible to implement in a secure manner, by which I mean there must be a way to audit the result after the fact in a way that is independent of the electronics. If you cannot perform an independent audit then hidden or compromised mechanisms in the electronics can lie without detection.

This audit requirement essentially means you need to make a paper record of each vote that is verified by the voter. That is, you need ballot papers.

Given you need ballot papers, you might as well keep the traditional method of voting (no voting machines) and only use automation for counting. Ideally the process of counting should be transparent, so that observers can see it proceeding correctly. It is not good enough for the ballot papers to disappear into a black box and a result pop out the other end.

It is possible to do this with mechanical collaters and counters - the kind of device that was used for data processing on punched cards. That way you can see the papers being split into a stack for each candidate, just as happens in the manual process. Observers can riffle through the stacks to verify correctness.

To count votes, why not weigh the stacks with precision scales?

So I wonder if you could make a ballot collating machine cheap enough and reliable enough that it is more cost-effective than manual counting. Could you perhaps use off-the-shelf printer/scanner/copier equipment?

| Leave a comment |

Comments {19}

(Deleted comment)

Tony Finch

from: fanf
date: 9th May 2012 13:33 (UTC)

Yes, reading about Scotland's experience with Logica's STV counters was one of the things that prompted this post, as you might have seen from Twitter :-)

The publicity material about the Logica machines has said that a manual count would take several days, which seems like a massive exaggeration to me. The count will take a few rounds, and the later rounds will be smaller than the first one, so I would expect it to take about three times longer than FPTP. But you also need a psephologist to hand for calculating quotas and transfers :-)

Reply | Parent | Thread

Rob Kendrick

from: nunfetishist
date: 9th May 2012 12:09 (UTC)

In some countries, they punch holes in the papers, rather than marking with an X, which facilitates the counting more easily by mechanical means. I think I've even seen a machine to do the counting: it has no casework for precisely the black box reason you suggest.

Reply | Thread

Tony Finch

from: fanf
date: 9th May 2012 13:25 (UTC)

I'm not entirely sure that turning ballot papers into punched cards is a good idea - think hanging chads in Florida in 2000... The problem with mechanical kit is it needs to be mass-produced to be cost-effective; punched card equipment is much less common now than it was, and paper-handling equipment is much more common. So I doubt that punched cards are still cheaper to automate than paper.

Reply | Parent | Thread

Gerald the cuddly duck

from: gerald_duck
date: 9th May 2012 12:30 (UTC)

My favoured mechanism would be:
  • Turn up at the polling station
  • Establish your right to vote, be told to go into booth 3
  • In the booth is a machine that has been enabled for you. You use it to choose your vote or votes, then hit "OK" and it prints your ballot paper showing your votes. It also has a 3D barcode in the corner and a reference number that can be tied back to the electoral roll, as at present.
  • You confirm the ballot paper accurately represents your choice.
  • You put the paper in the ballot box.
  • The papers get mechanically counted using the 3D barcodes, but their fidelity can be challenged in which case the human-readable version prevails

The machines would help to avoid accidental spoiled votes, especially in complex multiple-vote systems. They could be used by people with visual impairments (large print, audio prompting, etc.) They would automate the process without creating the vulnerabilities inherent to current electronic voting mechanisms.
As a refinement of the scheme, people could also print their own ballot paper at home and save time in the polling station, or simplify the preparation of their postal vote.

Reply | Thread

(Deleted comment)

Tony Finch

Re: Visibility

from: fanf
date: 9th May 2012 13:35 (UTC)

That actually sounds pretty good to me.

Reply | Parent | Thread

Gerald the cuddly duck

from: gerald_duck
date: 9th May 2012 15:44 (UTC)

Well, any irregularities in either generation or interpretation of barcodes would be entirely detectable, which in itself makes fraud an unattractive proposition.

Parties would be entirely at liberty to run the votes through their own scanners if they doubted the system's interpretation and raise an objection if they came up with a different answer.

Similarly, anyone who thinks they have the technology to machine-read the human-readable part of the ballot paper reliably is entirely at liberty to throw some ballow papers through their machine and see what it says, again raising an objection if there's an apparent discrepancy. Or a human can just wave their iPhone at a barcode and check it says what the human-readable portion says.

The advantage of the barcode is that, what with the checksums and such, it's less error-prone when there isn't fraud afoot.

Reply | Parent | Thread

Pete

from: pjc50
date: 9th May 2012 12:45 (UTC)

This is very far from new; the US already has "optical scan" ballots in some places, and the same tech is used for multiple choice tests in schools.

Cost-effectiveness: scanning is easy. Automated paper handling is a pain. Automated paper handling at high speed is suprisingly expensive, compared to volunteer ballot counting.

Reply | Thread

Tony Finch

from: fanf
date: 9th May 2012 13:20 (UTC)

The problem with optical scan ballots is the counting process is a black box and has many vulnerabilities. For instance the usual setup is that ballots are counted at the polling station as they are fed into the ballot box (which just exists to store them in case of audit). The memory cards from the scanners are collected to produce the result.

This has the advantage of distributing the paper handling job, but it isn't transparent so it isn't secure.

Hence the speculation about off-the-shelf paper handling equipment.

Reply | Parent | Thread

Pete

from: pjc50
date: 9th May 2012 13:47 (UTC)

Ah, I see. I suppose there's one organisation which is already set up to use optical indicators to sort pieces of paper into a number of bins using a human-readable coding scheme: the Post Office.

Reply | Parent | Thread

Tony Finch

from: fanf
date: 9th May 2012 14:03 (UTC)

Ooh I like that suggestion :-)

Reply | Parent | Thread

Andrew

from: nonameyet
date: 9th May 2012 21:00 (UTC)

IIRC the Post Office had OCR to read the hand written post code twenty years ago. How fast was it ? Forty miles per hour !

However I believe that their current technology uses a bar-code -type thing based on the internal address code scheme, not post codes.

The sort code and account numbers on cheques were (are?) printed in a font which was designed to be easy for machine-reading (a different area covered by each digit) but still human readable. I guess there were machines which sorted cheques so that they went back to the right originating bank.

Reply | Parent | Thread

Dr Plokta

from: drplokta
date: 9th May 2012 15:27 (UTC)

If you're counting ballot papers by weight, I'm taking some Tipp-Ex into the polling booth with me and applying a liberal coating to double the weight of my ballot.

Reply | Thread

Tony Finch

from: fanf
date: 9th May 2012 15:34 (UTC)

And some scales to make sure you get the amount well within the permitted range of variation? :-)

Reply | Parent | Thread

The Bellinghman

from: bellinghman
date: 9th May 2012 20:55 (UTC)

A stack of papers might well vary by a couple of % in weight just due to varying humidity alone. So there'd have to be an allowance for that.

I'd just practise tippexing until I could reliably get within 10% of twice the ballot vote. Any variation from the 'correct' weight would disappear when even a small stack of ballots was weighed.

Reply | Parent | Thread

Andrew

from: nonameyet
date: 9th May 2012 21:25 (UTC)

But they know how many votes have been cast. If the weight says that there is an extra ballot paper they will have to find the "extra" one and will spot the tippex.

Reply | Parent | Thread

Andrew

from: nonameyet
date: 9th May 2012 21:20 (UTC)

I don't actually have a problem with it taking a day (or even two) to count the votes.
Whilst we can come up with schemes which count the ballots more quickly, the verification is limited by the speed at which a group of people can read them.

Think of the counters as checkers - you have people who are trusted* physically handling all the papers. To rig the ballot you have to either persuade these people to fiddle the system or pull the wool over their eyes. With a mechanical system you only have observers, who are outside of the machine. They don't have the same feel for what is going on as people who are part of the old "machine".

(*Yes you need a selection system which everyone is happy with for this bit...)

I wonder whether the real problem is that the supply of human counters (bank clerks I believe) who count bits of paper day in and day out and are trusted to do so, is failing as we use less and less physical money and more of it is handled by machine.

Reply | Thread

Tony Finch

from: fanf
date: 10th May 2012 09:40 (UTC)

I like that way of thinking about the process.

Reply | Parent | Thread

HairyEars

from: hairyears
date: 9th May 2012 22:08 (UTC)

You missed the other requirement: the secret ballot. Voters must be verified, and ballot papers myst be verified: but no voter can be identified from their ballot and face reprisals for their vote.

How do you verify that the data trail is broken in an electronic system?

Reply | Thread

Tony Finch

from: fanf
date: 10th May 2012 06:16 (UTC)

The secret ballot isn't secret from the state: ballot papers are numbered and there is a record of who used which paper. It's just very inconvenient for the state to do anything with this information. However you are right that it is risky to make this information more accessible, as would be the case with assistive ballot preparation machines.

The important part of the secret ballot is that you are not able to prove to other people how you voted, which prevents vote selling or coercion. Sadly we have given up on this requirement already by encouraging mass postal voting, and there is plenty of evidence that this has led to a lot of fraud.

Reply | Parent | Thread