This is a perfect real-world example of the parable of the two programmers. There are so many people (with vested interests) telling the politicians how hard this problem is that they would never believe someone telling them the simple truth you lay out above.

For a pop-culture reference, I feel like Mugatu in Zoolander when he asks, "Am I taking crazy pills here? Does nobody else notice this?"

Bob, isn't the technology needed for electronic voting basically a less complicated version of that needed for ATMs, which have been in widespread usage for a gazillion years at this point?

Perhaps we should present our own solution into the mix... :)

If it is so simple, how is it that the geniuses at CalTech and MIT backed out of their project to build the perfect voting system after the 2000 Presidential. Oh yeah, they said something like "the market" should decide features and performance.

Have you even looked at the requirements for voting systems adopted by the Elections Assistance Commission? What about analyzing each of the 50 states individual laws and regulations on voting systems? Doing that research alone would drive even the most tenacious analyst to some form of 12 step program.

What it boils down to is that there are a bunch of bright people that always forget the little old adage; "the devil is in the details"

Go ahead and build your simple system and spend months in Independent Testing and then get it certified in all 50 states before you even start marketing it. I hope you have some pretty deep pockets there pal!

ASB -- Diebold makes ATMs too... go figure...

Like many decisions made when purchasing an IT solution, much is spent on the capital outlay and not nearly enough on implementation services and training. That's the case in the new voting machines.

Just look at the examples of problems: in Cleveland, poll workers couldn't even get the machines started, in "Indiana’s Marion County, about 175 of 914 precincts turned to paper because poll workers didn’t know how to run the machines."

And just watch the TV news programs of the people who still write checks at grocery stores blankly staring at the touchscreen monitors.

It's not the technology. It's the people and undercommittment to the more important part of any IT solution, training and support.

How about an Open-Source Democracy project to create such a system? Make it available to the smaller polities with little money.

If simple systems were possible, then Goedel's Law would state the opposite...

Why in the heck do we need electronic machines in the polling places to begin with? Where I am we use the "completely fill in the circle" and then the ballots are scanned at a central location.

Fast, and accurate. Poll watchers have access to the main scanner so they can make sure nobody is "tweaking" it.

Again, what problem are we trying to solve?

It's true that it's a simple matter to design a vote-taking system. That's actually not the challenge. Rather, it's designing a fool- and tamper-proof system for both gathering the votes accurately and, just as important, getting them included in the overall tally accurately.

No small task considering there is a lot at stake if one can rig the results.

There's an eye-opening documentary showing on HBO called "Hacking Democracy" that shows that the Diebold system used in Ohio and Florida is susceptible to untraceable rigging of the vote totals.

Very disturbing.

The answer may be paper and felt tip pens along with people counting the votes and other people counting the vote counters.

I urge everyone to view HBO's documentary, "Hacking Democracy".

All that's needed are paper ballots with scanners, like we use in Michigan. Power out? Count them by hand. Recount? Count them by hand. Why are we wasting time and money on these touch-screen systems when paper-based systems provide security and a built-in audit trail that survives network problems, power problems, and hardware failures, and resists hackers? Easy to set up, too.

Good rant.
I suspect this isn't a technology problem, though. More like a people "problem"

I don't know if anyone else has named this phenominon, so I call it the "change limit" rule.

Essentially, it is that people who have knowledge and experience invested in the "old" system - whether the answer the old system gives is right or wrong - resist changing to a new system because it invalidates their knowledge and experience.

I've run in to this many times, but the most clear cut involve finance calculations. If you look at most bond ranking and valuation calculations, they are a very complex and loopy calculation to approximate a discounted cash flow. The advantage of the calculation is that it can be done by hand or with a 10 key very quickly. These formulas and results are deep in the training of bond traders. So when you present them with a discounted cash flow calculation -- a much more right (not totally right - see Chaos Theory) discounted cash flow calculation, they reject it because it negates their experience and training. As a result, when I wrote some trading programs for a securities trading company, I had to include the loopy and wrong calculation on the result page as well as the much more correct values. They may have been weaned off the bad calculation by now - I was only there a few years and this was some ten years ago.

So. Voting. The voting system is built around distributing, marking, securing and tabulating paper. A purely electronic system negates the knowledge and experience of the people that run the system, so they are going to squawk. And who knows, they may even have some valid issues. So, the way to GET to a pure electronic system is to work first within the boundries of the system's knowledge -- create voting machines that record results in (person) readable slips of paper that can be put in to a ballot box and tallied in the usual fashion... oh yeah, it also tallies the results to a disk for uploads, checking paper results and preliminary summaries. Then over some time frame - 5 years? allow the paper to become less and less significant until it is eliminated.

Well, that's my experience -your mileage may vary.

I think the modem part is the weak link in your message, but I do agree that there is nothing remotely complicated about building a voting machine system.

I'm agnostic on the Diebold/Republican conspiracy theory, but shouldn't there be a way to verify, to everyone's satisfaction, that the software is trustworthy? If the source code was open, all conspiracy theories could be tested.

It's all about the money. Why build a simple tool when you can fulfill a bloated government contract.

This is more of an example of how we trust (or mistrust) technology. Originally, electronic voting was marketed as a 'foolproof' solution. And then the 'fools' got smart and started thinking that there needed to be an audit trail. That's when it got complicated. The more ambitious the audit trail, the more difficult it was to prove that the vote counts were accurate.

If someone was to take that attitude with the old manual system, there would never be any election results, but somehow you can trust pieces of paper but some box in the corner? No way!

Nevada has been using electronic voting machines for several years that print a copy of your vote and that you can verify before hitting the cast button. Your vote is recorded on a card that is deposited with an election worker when you are done. So, to rig the election one would have to hack all the machines to write the wrong information to the cards and to somehow destroy all of the printed copies.
I think having a central database as the only record is too fragile for people to be assured. Having separate records lowers the chance of problems and people think if it is in black and white it is safe.

Ok, being a devil's advocate here... We know there are large systems out there like ATM's that work under these circumstances but will they really scale to handle the entire population? And keeping in mind how much security you'd like this system to have? ATMs are wired and in place permanently. Polling places are temporary setups. It doesn't seem as complicated as Diebold makes it seem but it's not that easy.

It sure sounds simple, until you get to the validation rules. A few examples: If a primary election, the person is only allowed to vote for the candidates in his or her party, unless it's a state with open primaries, in which case the voter may choose the party. You may only vote for one candidate, unless it's a school board or city council race, in which case you may choose up to five candidates. Vote for up to four candidates for school board, from either party's line-up, unless this is a state with non-partisan school boards, in which case the same candidate may have won in both primaries and appear on the ballot twice, in which case you can only vote for that person once.

And don't even get me started on the double-submission problem (you've seen the warning: "Only click the Submit button once so your credit card won't be double charged").

And, no, I don't work for a company that makes voting machines.

C'mon, Bob, you stated it yourself, this is a Government Contract.

For an interesting idea to secure the system, look at:
http://it.slashdot.org/article.pl?sid=06/11/05/2234252

This is, as Bob pointed out, a trivial project, I've secured bigger stuff (Gov't and private) with less ballyhoo.
feh.

My idea: Two terms per politician; one in office,
and one in jail.
davel

I would rather have the vote on paper with a hand count.
Pencil and paper don't generally break down or require maintenance on election day.
You can scale the number of "machines" by handing out more votes at a time, so there is no machine allocation issue and no waiting in lines for 6 hours to vote.
You could even vote by mail as they already do in some states with the same equipment and a postage account.
Non-hackable - serialized ballots remove the possibility of stuffing.
I'm not in a big hurry for an answer, the next day would be fine. If they start counting as the votes are cast, it would be that night.
Audit trail - the actual vote.... can't get much better than that.
They do it in Canada, and even though the population is smaller, the process scales quite nicely as long as the vote/counter ratio remains the same.
If we include instant runoff options ( will require a bit more ink on the paper ) we could also break the 2 party system we have now into a more realistic representation of 300,000,000 peoples views.
Add the ability to vote without prior registration with a valid proof of residency and you could actually make a very fair electoral system that actually reflects the will of the people - they do this in Minnesota currently, somehow without total anarchy breaking out.....
And maybe throw in an exit polling system to make sure that nobody is abusing the system, just as a check.
Who said computers were better for this ? I'm guessing it was somebody who already made equipment that could be easily converted to this use and wanted to make a big pile of money, and bear in mind that used to be OUR tax money.

Thank You. I just went on a rant yesterday to my Election Commission about this same thing. We don't have a paper trail, so there is no way good way to verify the voting machine is working or not. And if it does fail, then what?

I want a simple receipt printer, printing out a verifiable tally of my vote. I also want 3% of the precincts randomly selected and manually counted to verify the proprietary system used is in fact accurate. Especially if the vendor thinks this system is as complicated as they say it is.

"in the real world, there's simply no way to ensure that any program alleged to be written by Programmer Bob on June 24th bears any relationship whatsoever to what actually runs on computer "X" thousands of miles away on November 7th. Even if Programmer Bob's corporate public relations and sales reps swear up and down that it must be so. ... Yet the Behavior of Voting Software Is Allowed to Go Unaudited."

http://www.truthout.org/docs_2006/102606L.shtml

Please look at the discussion on this topic at the Full-Disclosure list.

Yea, the technology is here, it is pretty simple, pretty reliable and verrrry cheap. However, the problem is in the control over people that manage this technology. As a proof - some 8 years ago, the people of the United States elected as a President somebody that nobody voted for. It was b=not a bug - it was (and will be) a feature.

Yes it the newest way of making someone or some company vital to the government (trough) forever. Dead simple - but we are talking folks that sell $600 hammers. And they are sooo smooooth.

yeh, but we put more money into developing and deploying ATMs than into voting machines. Also, the Bank's agenda is clear and uncomplicated, unlike the multiple and secret agendas of the political hacks involved.

If you wonder how competent, hard working people become drones after a career in civil service, look at those you elected to lead them, who are now screwing up a simple application.

It doesn't have to be as hard as it is... but oversimplification isn't the answer either. In your example I couldn't decide whether, as an Evil Election Manipulator, I would prefer to compromise the polling server PC sitting unoberved 363 days a year, the telephone network box unobserved outside the polling station, the IP address of the central server or the central server itself.

The security issues to all this should not be trivialized. But neither should they depend upon the good intentions of the vendors or the obscurity of the implementations. Ideally the whole election system solution (code, any OS, hardware, BIOS) would be open to public scrutiny so that we could thrash through the security issues before using these systems to poll voters.

The process of switching to e-voting systems was rushed, and benefited nobody but a few contractors. I certainly haven't heard ANYONE say "Thank heavens those voting machines with levers are gone, this is so much easier." Which, as I understood it, was SUPPOSED to be the point...

The problems with developing a electronic voter registration process is in the details. While all the technology does exist to do it, that technology has to be integrated to achieve the goal. It is the integration that is problematic.

At each site you will have multiple stations accessing/modifying the same server data at the same time.

Some of those people may be computer savy, and some may not.

The e-ballot is suppose to be "secret" and yet accountable (think about data loss/corruption/recounts).

People must be assured the machine voted the way they wanted.

People have to be prevented from voting more than once.

It has to be "secure" from election fraud.

etc... etc ...

If I sat down long enough, I could probably come up with enough requirements to suprise you at the complexity.

Better yet make the Voter Registration Card an ATM like card. Make it surrenderable on death, moving, etc. like a driver's licence. Issue it once, and let people vote in any state registered polling place, not just the school, library, county office, etc. closest to home. The server software could pick up the proper district from the card and pull up the appropriate poll for that individual.

I walk into town hall to vote, there are 10 of these machines placed around the room in groups. they are the size of a 25 or 30 inch theater screen, (portrait of course) So they program this card which they hand to me and i place in the machines slot-(my voters number?)
Here is the kicker i am in line with 6 other people waiting to use the only 3 machines availalbe to service my section of the alpahbet or my voters number. meanwhile the other 7 machines are vacant and doing nothing. I tell the other voter in front of me. I have a cell phone chip that has enough memory to handle this whole districts voting needs. whats the deal with all these vacant machines. "not enough" paper on the roll" I tell her. So even though the technology is capable it is being held back by the limitations of its roll of paper to print the ballot on. Well I guess you don't want to run out of paper in the middle of an issue. "if you know what i mean" Gotta Go!!! if you know what i mean.

I would suggest something that is already being put forward. Open Source voting machines. http://www.openvotingconsortium.org/ They have already got the code somewhat ready and its OPEN so no more crap about Diebold GEMS hacks etc. If the entire e-voting system is opensource it is transperant to all. Take a look and if people would push for it and demand transperency we would all be better for it.

The technology of voting machines had to be complex and proprietary so it could be manipulated with minimal chance of detection. Now that the largest transfer of wealth in the history of the human race has been accomplished, its real job is done.

There is no need to defer the obvious and simple solution Bob describes any longer. But let's recognize that the old "technology" arguably delivered just what its creators brazenly and publicly intended.

The programming task of simply collecting votes is sublimely simple - websites do suverys all the time.

However, that isn't the goal, and the original letter writer's comments are rather naive ... the true task of collecting votes electronically in a secure manner, one that avoids the ability for a small number of poll workers to subvert the election, and that creates a permanent, indisputable, end-to-end and independently verifiable audit trail, is surprisingly difficult once you get into the details.

Consider some of the subtle issues that have been uncovered even in very well designed security protocols like SSL and the GSM cellphone handshake.

None of this however excuses the complete incompetence of vendors like Diebold who haven't even made the slightest effort to make their systems tamper-proof. The state of the art is shockingly poor - the main Diebold GEMS tallying software runs on Microsoft Access, with no security controls. A chimpanzee was taught to hack it - really. Sheesh.

Even Diebold themselves can do better, as shown by their efforts in industries that hold them accountable - they also produce ATMs, which aren't wonderful but are a whole lot better than their voting systems. But there is no incentive to do so. Voting technologies are administered by local county officials who don't have a clue what they are doing, consider audit trails an "incovenience", have vested political interests, and are almost never held accountable to state and local practices for running fair elections.

The fact that the technology is so bad stems from the fact that software engineering is an industry populated by amateurs and dilettantes - any unqualified individual who wants to can set themselves up as a software developer. Even a basic B.Sc in Computer Science is an exceptional qualification held by a minority.

Contrast this to a more established discipline like civil engineering that has formal certifications and well thought out processes for designing critical infrastructure.

References:

www.blackboxvoting.org
www.verifiedvoting.org

It's actually a little more complex than Bob states, although certainly not insurmountable. In Illinois, and I'm sure in other places, we have more than one precinct voting at one polling place. Furthermore, not all political boundaries fall along precinct boundaries. Our school districts, library districts, fire protection districts, townships, villages/towns/cities, and so on, have absolutely no boundaries in common unless they've been specifically designed that way, and it's easier to put a human being on Jupiter than it is to get any of them aligned. Thus, there needs to be a lot more logic involved in the system (we've been known to have as many as four different ballot styles in my precinct alone).

Public corporations have used a combination of internet, telephone, mail-in, and in-person voting for years at their annual meetings. I've never understood why it's so hard to come up with a system that works for public elections.

Let's not over think this...

Paper? Printers are now intelligent enough to alert when they are low and someone can replace paper between voters.
Data Loss or Corruption? Come on, simple database and clustering technology for this already exists.
Security? Everything can be encrypted, with proper dual-control of keys and two-phase security
Recount? Let the voter decide if they want their own copy, but one copy must go into the old ballot box.
Phone Line? Gee, I unplug the modem when not in use. Callback security also still works.
Upload results? Burn a backup CD and hand carry it to the central location. Can also be used for setup instead of phone line, with encryption and dual control for access (Remember those old nuclear war movies and the two keys?)
Voter card? Worried a bit about that suggestion. However, here's one of my own. There exists inexpensive security devices which lock down a machine when no one is physically near it. Like the old restroom key on a block of wood, when you check into the polling place, you receive a key. When you check out and submit your paper ballot, it must be relinquished. Being wireless, a standalone detection unit can be placed at the door to sound an alarm and take a picture of anyone attempting to leave with it.

I use to work for Diebold Systems as a contractor installing and maintaining these voting machines at low wages. You are correct, these machines were, at the time I worked with them, able to be hacked. At a regional training meeting over 1 year ago, a Senior Tech that was employed by Diebold told us that the voting machines could be hacked if the hacker knew how program the programmable EEPROMs, memory cards and bypass the Diebold encryption system. The Diebold employee had seen the hacking done during an unofficial Diebold test.

The real concern that I have is what Diebold does not disclose to the public: the source code programming and construction of the machines was offshore outsourced and contracted to a 3rd party company in Asia where proper QA may not have been performed. The voting machines are manufactured in Asia. I believe a safer project choice would have been to develop & compile the source code in the USA with American programmers...

People wonder why there are so many security concerns with Diebold voting machines? Just look at the source ... the third party contractor was given a set of construction specs by the Diebold Project Management Team. The offshore contractor then fulfilled the programming requests. Any changes in the source code had to be approved by the Diebold PMT through a documented change request. However, there may have been a language problem between Diebold and the contractor where documented emails were the prefered communication method between the parties. Sometimes, speaking/writing language barriers on programming projects cause unexpected problems when the project management team and contrators are not onsite.

The contractor was encouraged to make suggestions by email on how to improve the voting machine hardware/software. The suggestions were considered by the Project Management Team. However, the Diebold Project Manegement Team seemed to suffer a "disconnect" where due to project time pressures, the compiled source code from the contractor may not have been not thoroughly reviewed with documented Quality Assurance testing by the Diebold Project Management Team. There was Diebold management mandate to rush and get the voting machines out the door ASAP before the elections 1 year ago. I wonder if QA testing was cut short to get the project finished more quickly. The rush to get the voting machines out the door last year led to additional security problems that have not been disclosed by Diebold.

This is part of the reason why Diebold is very paranoid about disclosing any source code about the operation of their insecure voting machines at that time. IMHO, offshore outsourcing where Diebold management and the contactor doing the work thousands of miles away led to problems as the project

I have to ask just what problem do electronic voting machines (EVM) solve?

Providing a count at 7:01PM on the first Tuesday in November doesn't matter when the elected official doesn't take office until January. Not to mention mail ballots are usually accepted until Nov. 15th or so. So counting speed is not a problem. It is only an issue for the media organizations that want to report election results _right now_.

None of the security threat vectors from polling officials are mitigated. A bribed or unscrupulous poll worker can still cast extra votes. It may be more difficult to remove votes that have been cast but it's been demonstrated that this too is possible.

As implemented, EVMs may reduce the ability to challenge/verify/recount election results as they generally don't create an audit trail. Most that print a receipt simply note that you voted and not who you voted for (this is to prevent you taking the receipt out to the man-in-the-suit outside who pays you $10 after verifying you voted for whazzizname). And without a manual recount based on receipts there's nothing that says that what the receipt represents is the same as what was tallied (what it prints doesn't have to equal what it records).

EVMs are a waste of resources. Technology for technology's sake (and the profits of a few companies).

Do what Oregon does - paper ballots by mail, with no polling booths, except the central elections division for people with problems. There have been no hints of voter fraud. And, when your ballot is received and the fact that you have voted is recorded, most political phone calls stop! Hooray!

There is more to this issue that needs to be tossed in the trash. Polls. Voter registration. Dead voters voting. etc. Hackers and the like won't penetrate a central data base.

As all elgible to vote have a social security number, it should be used. Of course, legal aliens also have them, but the government knows who the legal aliens are.

The vote should go to a central internet data base. Voters should be able to vote anytime prior to the "polls closing" just like the absentee ballot system currently in use. The Proxy.com folks have been doing it for publicly traded stocks for some years now. It works fine.

It would be easy to run reports on voters. One could even check to make sure his vote was properly recorded. No way for hackers to monkey with totals, as a social security number can only vote once.

The solution is even simpler. Why not use electronic betting systems which are available virtually everywhere already? Aside from the humorous parallels in gambling, in reality these systems have been around for a long time and have a number of check and balances in place and have mechanisms for printing out receits, etc.

OK so there may be some modifications required as no money is changing hands (on the customer side of the counter anyway) but they have the infrastructure, are already staffed, and usually have video surveillance as well. Could it be any easier?

Wow, Greg -- I was going to comment till I saw your post...But still: I fondly remember our mechanical voting "machines" such as my parents were using 50 years ago -- the dramatic sweep of the metal arm that closed the drapes around one, the neat little levers to push down to indicate one's choices, the dramatic sweep back of the arm that recorded the votes, moved the little levers back up, and opened the curtains again. What was wrong with those, other than the fact that they ceased to be manufactured? Maybe they were hackable, too, but that could have been addressed. OK, I am a curmudgeon. But they weren't broken, OK, they were broken and they ran out of parts...But still I was sorry when my town went to our present blacken-the-oval and stick the ballot into the scanner system, although I am glad it provides a paper trail.

I live in Tallahassee Florida. Yes, THE Tallahassee Florida of 2000/2004 infamy. I've met JEB. More importantly for this discussion, I've met several Diebold voting machine programmers and technicians.

I'm liberal and proud of it so I like to think I'm about as unpredjudicial as one can get... but these guys gave me the creeps!

Most of the 20 or so that decended on us last week had a look and manner that was cold, dark and aggressive. Like someone from a very dangerous and oppressive environment. I couldn't help but envision prison. But that's pretty ridiculous... until I read some news items about Diebold having ballots printed by prisons and hiring ex-cons.

Why is it that most anyone who has ever written a line of code thinks paperless e-voting is the final nail in the coffin of election credibility, but few public officials are even listening?

Why is it that the most important software written in this country has less security, oversight, and quality control than my son's X-Box games?

There is one thing I am proud of about my community though. We keep re-electing probably the most highly trained and knowledgable Supervisor of Elections in the country.

Ion Sancho saw major problems in the way elections were being run way back in the 80s and decided to do something about it. He proceeded to pay his own way through just about every bit training offered on voting operations included becoming certified to repair the very maintenance-intensive mechanical lever machines which were the only things we had then. Then he ran for County Supervisor of Elections and won.

He's been winning ever since because his integrity and credibility is beyond reproach. Mr. Sancho is truly one of those oh-so-rare elected officials that is 100% a man of the people. Believe him when he says paperless is wrong.

Throughout the 90s, Mr. Sancho replaced all of Leon County's mechanical machines with optical scanners. We use a black felt-tip pen to fill in bubbles on a card-stock roughly legal sized page (that can be hand-counted if necessary) and shove it into a scanner that tallys votes and calls up the central office at the end of the day to upload the totals via modem. Safe, reliable, verifiable.

JEB and George are forcing the county to buy paperless machines and Mr. Sancho is fighting them for all he's worth. My Hero!

I think screen-based machines are a solution in search of a problem. In our district, we vote on mark-sense paper ballots which are scanned into a small computer at the voting site. (Sounds similar to the system Tallahassee Lassie described.) If there is any question about the vote, the original paper ballots are the backup and are (relatively) easy to hand-count. Voting seems just as quick as it would be on a screen, and even people who have never used a browser can vote easily.
BTW, I'm having calibration problems on my Palm T|X; I have to recalibrate it a couple of times per day! :-(

Take this as an axiom - "All encryption can be broken."

It is only a simple matter of a combination of time, power, or knowledge of the underlying process (i.e. source code). You can't see what goes on inside a computer. If someone tells you that they can see what the computer is doing they are lying to you and to themselves. If someone can effect the computer before, during, or after then the data is at risk. The end result is that the contents of computers (data) CAN be manipulated.

Taking this as true I have a real problem with Bob's simple solution. It assumes that the pole workers can be trusted. These are people who are so wrapped up with the election process that they got involved with it. This implies that they very likely have a vested interest in the end result of the process. Enough of an interest that they are willing to "do something".

The only safety in the results from a pole is having an iron clad chain of custody for the votes. The chain of custody must be verifiable at the time of the election and later during an audit or recount. The process should be designed so it doesn't trust anyone.

The ability to move any quantity of data because it has no size is an extreme risk. One of the real advantages of paper ballets is their size. They are large enough that they require real slight-of-hand to replace or tamper with. Good process control is pretty easy with physical ballets.

The only way I can see good process control with 'invisible' electronic ballets is to have more then one tabulation system running side-by-side from separate competing suppliers. This would still require some sort of physical backup for a permanent record or backup. Redundent human processes with people who aren't allowed to know each other would be a good idea too.

The last thing is that with the specific exception of the act of voting in the booth, any secrecy in any part of this process should be a felony and should be stamped out with the total wrath of the American voter.

The HBO "documentary" smacked to me more of ambush "journalism" and hysterical mush than a legitimate report right down to the dark tones in the narration.

I don't think the problem is as easy as you postulate and that's why you see a leading manufacturer of ATMs as the leading manufacturer of these new systems. The same security concerns of authentication and verification apply to both services.

For what it's worth, I've mostly used the "fill in the circle" type ballots (on both computer cards and regular paper) but even used punch cards in the infamous 2000 elections in Florida. In both cases, the instructions clearly state to completely fill in the circle or to ensure a clean punch through the card. So-called "dimpled" chads shouldn't have even been an issue in 2000 since Florida's laws and instructions clearly stated that you needed to be able to see through the hole or the vote wouldn't count. As always, it boils down to the citizens and workers taking the effort to actually understand how to use the systems and the effect lackluster efforts on their part can have on everyone else. Oh wait, this is the 21st century, I can't blame people, I have to blame an evil, corrupt or inhumane system ... ;)

I would venture to say half or more of the problems encountered could have been fixed with one expression: RTFM!

One problem that EVMs can solve is access to various handicapped and language-limited people.

Mail-in sounds so sweet. Problem: It's non-secret. Therefore, the possibility exists of coerced or payment-induced voting. (Same problem with takeout receipts.)

Ideal voting technology: mark-sense optical scanners. Ballots hand-marked by most voters; but a touchscreen ballot-printer available in each precinct for those who need or want them.

Mandatory hand-counted audits of 5% of the precincts in each county--randomly selected at the conclusion of the voting day. All precinct tallies posted locally before being transmitted to county tabulation facilities.

Bottom line: there's no advantage to the voters in using paperless machines. The only advantage of paperless accrues to people who want to cheat.

The whole issue of electronic voting arises from common problem in American culture - the desire for "instant gratification". We want to know the outcome of the election as soon as the polls close. We want to automate the process to remove the likelihood of error, or manipulation, but we don't trust the folks who set out to provide the automation. Manipulation has always been a concern, but without something tangible(e.g. a paper ballot) how do you perform a recount. Our constitution establishes a right to cast a ballot. It does not protect you from your inability to properly complete the ballot. Electronic voting machines attempt to be "idiot proof", therefore leading to longer times per voter in the voting booth, leading to longer lines and later closings that defeat our desire to know the outcome immediately. And in American culture, where we don't want to stand in line because we might be late to pick up the kids from day care, it is certain that some people who showed up at the polls to vote, failed to cast a ballot at all. Yes, there is early voting but that does not solve the problem. It masks the problem. Even the early voting sites had lines that people walked away from, because the wait was too long, because of technology that is supposed to provide for instant gratification.

The ATM-type voting "booth" is the best. Voters can cast their ballot from anywhere. As for security, I've always told my clients, you can get as much security as you are willing to pay for. The problem with security in balloting is, as usual, with people. People, for a variety of reasons, will steal, mangle, loose or miscount votes. Any good system of checks and balances will have manual and automatic methods of tallying. In my area, we use machines that are transported to the courthouse at the end of the day and its data is then uploaded into ....well, I really don't know. But somehow they add all the machines' votes up and report them to the state capital. But could the machines be tampered with enroute? What if the transporter has a wreck and the machine is destroyed?

I also love the idea of the printed receipt, think what a copy of a ballot voting for Teddy Roosevelt would be worth!

I also agree that Diebold has made this process seem far more complex that it really is, probably for profit. My understanding is that they only manufacture the ATM hardware, banks subscribe to a "network" service for the ATM software, two different things.
All in all, I enjoyed everyone's comments, it is an interesting issue.

Reading these comments, I just realized an overwhelmingly important aspect to touch-screen vs. mark-sense e-voting that I've not heard anyone consider...

At least 5-10 times as many touch-screen machines are needed to do the job of one mark-sense! Thus 5-10 times the cost!

Maybe most of the country hasn't used mark-sense machines so they don't know how they are employed...

Each polling place in our county typically has one or two mark-sense scanning machines and 5 or 10 cheap privacy tables (Imagine a small, light-weight platform with telecoping legs and 3-sided privacy panels that folds up into a briefcase) where you ponder over your choices and fill out the scan sheet. Then you walk over to the scanning machine, and feed the sheet in somewhat like a copier.

Since a touch-screen machine and a mark-sense scanner use essentially the same technology (i.e. a specialized computer), they should cost about the same. If anything, the touch-screen unit might cost a bit more. Each voter is tying up the touch-screen machine for several minutes instead 10 seconds. Thus, to accomodate the same voting rate, there would have to be as many touch-screen machines as there are mark-sense privacy tables.

How do fiscally conservative politicians square that with their love of touch-sense machines?

There is a world of difference between a system that must work perfectly once every 2 years and one (like an ATM) you use 1000 time a second 24/7.

The first one is never going to be tested properly and will be subject to all sorts of training issues and should be the most manual and visible system of all. This is where paper and pencils come in. Canada counts their ballots quicker than we do and it is largley paper based.

The ATM system you use every second should have the largest capital invenstment and this is where you can economicly add technology, training, data communications, etc.

It's had to understand why IT professionals can't see the obvious value here in paper and pencils. Think of the testing, training, implementation and oversight costs first.

Do we really need electronic voting? More and more people vote by absentee ballot. Here in Oregon, we vote by mail. Other states are studying the idea.
We mark the little circles, mail it to the election office where the signatures are verified. When the "polls" close, the papers are fed through the scanner. Results seem to come pretty darn quickly.

We Americans sometimes opt for technological fixes that aren't needed!

Seems to me that very few of you commenting have ever worked on an actual Election system. I think you'd be surprised at what actually has to go into doing this well.

Delaware has voted electronically since the mid-1990s and we do it very well. I both voted by and worked on various systems we had here and the electronic setup we have is far and away the best. But we also have good procedures in place for a whole lot of stuff from pre-election testing to who does what at the polling place to post-election chains of custody in order to avoid problems. (Most of this is generally not publicized, for understandable reasons.) It helps too that the methods and procedures are the same for the entire State as our system is centralized. While nothing would be 100% foolproof of course, it never was under the old systems either and I am sure this one is the most accurate we've ever had.

A lot of the things I see people suggesting are just alternate ways of having the same problems that already occur!

Mark circles to be read by an optical scanner? Suppose someone starts to mark something with a felt-tip and realizes they wanted a different candidate, but they've already put a small dot in the circle - so they then fill in the entire circle on the other candidate and hope it gets scanned like they want? There's a good chance that it will not or the vote may be discarded due to double-marking.

Count them by hand? Did you ever have to count a large stack of ballots by hand, where there are votes for 15 different offices? Even accountants who use printing calculators have to add long columns of numbers more than once, to ensure the same result each time (and it often requires several re-adds because humans do make mistakes.) Try handling that for 15 different offices on each ballot at one time, and hoping all the people assigned to work on it are as diligent as you are.

I could go on and on, but I think I've said enough. The whole country ought to copy our Delaware system, but they won't because it's a too hot of a political item.

Do we really need electronic voting? More and more people vote by absentee ballot. Here in Oregon, we vote by mail. Other states are studying the idea.
We mark the little circles, mail it to the election office where the signatures are verified. When the "polls" close, the papers are fed through the scanner. Results seem to come pretty darn quickly.

We Americans sometimes opt for technological fixes that aren't needed!

The Catlady at November 13, 2006 09:41 AM wrote:
>Count them by hand? Did you ever have to count a
>large stack of ballots by hand, where there are
>votes for 15 different offices?

And here I believe is the big part of the problem. If there was a separate ballot for each race (even better: a separate ballot for each selection, so that only one choice is made on each ballot), then the counting will be much easier, and the problem will mostly go away.
I do agree with the sentiment expressed by many here: electronic voting is an overkill, a way for companies to enrich themselves with our money, and for corrupt politicians (seems like any other breed is extremely rare) to subvert elections. The only legitimate issue is disabled voters, but it can easily be solved in one ballot-one choice option, as there will be space to print large font choices.
Just my $0.02. Oh, and in our boondocks the voting machines don't have paper trail, and election officials did not (or pretended not to) understand that this is a problem when I wrote and protested.

Oh please - mark circles on absentee ballots? I could come up with plenty of ways to rig an election with that. But I'm sure someone already has. And relying on the Post Office to deliver all the ballots to the right place and on time too? Hey, our Post Office is generally very good but we've probably all heard of mail that didn't get delivered, or have seen times when our mail was mixed up with someone else's. Some people who get mail that isn't theirs even throw it away instead of sending it back. And Canada's using all paper ballots? When they have 300 million people like the US does maybe they'll go electronic.

Sorry to post again but Alexandre did bring up some things I didn't address before. Most of all, The Paper Trail issue.

There *are* electronic voting machines that create internal paper trails, much like cash registers do. The old mechanical pull-lever machines did this also. But the public does not normally get to see that - and never did.

However, when some people talk about a Paper Trail they are talking about a receipt-type item they can use to verify the votes are being recorded the way they wanted. But no one seems to mention that the old lever-style machines did not do this either. (And others here have already written that the receipt method still does not guarantee the votes were recorded as printed. And usually the people on TV do not clarify what type of Paper Trail they are talking about either.)

Alexandre's other point about having all these different paper ballots is another nightmare. It sounds good until you have to create the procedures for properly recording them and the chains of custody for storing them for later recount possibilities. And *then* you have to ensure the poll workers follow those procedures both during and at the end of the day! As I said in my original post above, it's obvious that very few of you who posted above have actual experience working with election workers.

Many of these people are in the mold of "I've been working elections since the 1958 one". Others are more like "Wow, this is my first real paying job!" I've seen instances - under an old non-electronic system - where district workers responsible for dropping off the papers at a central location later that night (for verification purposes) actually took the stuff HOME instead. When tracked down, the reasoning was "I was going to drop it off in the morning because it was so late already."

Believe me, the electronic systems are SO MUCH BETTER and harder to screw up than anything else I've seen. They DO require certain amounts of testing and auditing ahead of time to ensure the coding works as designed. They can be standalone machines that are not networked together so that viruses don't get spread. They can use proprietary disk cartridges so practically no one from the general public can go into a booth and insert their own diskette. But it still beats relying on those people to count ballots and not lose any of them!