vote receipts
Over at Begging to Differ they're talking about electronic voting irregularities, and ways to solve them. One solution being discussed in comments is a voting receipt. Obviously printing how you voted would be a problem -- you'd end up with folks offering $5 for every receipt for candidate X.
The BTD commenters know this, so they suggest having a random voter ID printed on the receipt. Then, later on, the voter can log into a website and check their vote. But this is still no good -- someone else can look at the screen over their shoulder, confirm their vote, and hand over a five-spot. Vote buying is still possible. It's just a little harder to do on a massive scale.
But I think there is a solution -- one that occurred to me during the e-voting presentation that I wrote about previously. I couldn't tell you the proper cryptographic name for it, but it has elements of hashing and public key cryptography, if you feel the need to apply terms to it.
Here's the gist: when you vote, you have the option of entering your email address and a private seed. In this case, let's say the seed is a number from 1 to 10. Simple enough, right? You also see some text explaining how this works: depending on how you vote, the number you enter will be transformed. If, say, you voted for the Republican candidate, your number will have one subtracted from it. If you voted for the Democrat, 1 is added to it. If the number goes outside the 1-10 range, it wraps around -- so a Democratic ballot with a seed value of 10 will spit out a result of 1; so will a Republican vote with a seed of 2. Without knowing the seed, you can't know how the vote was cast.
That algorithm could doubtless be adapted to accomodate multiple parties, and probably made even simpler. The important thing is that the output of whatever function you choose is ambiguous, and that the function is well-known -- tables of seed values and their outputs could be published; the voting machines could also explicitly state what the possible outputs for a chosen seed value were once a user entered it.
Then, when the votes are counted, the tabulating machine sends out emails to voters with the output value specific to the seed they entered. This has two advantages.
First, it enables people to know how their vote was counted, without opening up the possibility of vote buying. With the help of those published tables, a potential vote seller could always lie to the buyer about their seed value, allowing them to collect the money while still voting how they want. So long as the seed is secret, there's no problem.
The second advantage is that this would do a lot to prevent Diebold-style problems. Instead of having to safeguard the code for the voting machines and the machines themselves you just have to safeguard the counting code and the counting machines. The counting program could be ridiculously simple -- maybe ten lines of code, open to public review. Securing the tabulators would be much easier than securing the voting machines. And this way if someone screws with the voting machines a lot of people will know about it right away, since they'll be expecting an email with a specific result code -- if they don't get it, they'll presumably raise a fuss.
This might all sound complicated, but I honestly think that a decent marketing campaign could make it easy to understand.
Comments
Except for people without e-mail addresses? Seems like a glaring problem. . . .
well, they sign up for text-messages, of course.
more seriously, the process could post the info on a website, or send out postcards, or phone calls, or smoke signals, or whatever else folks signed up for.
Tom, the verified voter technology that would probably be most useful and easiest to implement is a regular reciept printer that runs reel-to-reel under glass. You vote, your choices get printed out, you verify and hit another button and it rolls up onto the reel and the next voter steps up to the machine. If there's any question about the veracity of the machine results (or for a random check), you just read the finished reel.
I agree that a paper trail is a more likely solution to see implemented, and is a measure that we should demand. But that doesn't really provide secure receipt functionality, or a guarantee against fraud at the vote-counting stage. It only allows for auditing -- although I agree that auditing is probably more important.
Whether or not achieving the other objectives is worth the cost is an open question. But so far as the receipt idea has any merit at all, I think this scheme would be the best way to implement it.
I just don't think people would understand it, and it would lead to mass confusion in the auditing process, if not before when people raised a false panic.
I mean, if people have trouble figuring out a normal ballot, this would be a stretch, which isn't to say that it wouldn't work.
It wouldn't really be that complicated, people would just have to remember a single digit - they wouldn't have to understand how it works. I've seen plenty of tards figure out how to do this to find their Lin-Mark recorded time in a race. This is only if you think that buying votes is a bad thing - personally I believe that the amount of effort it takes convincing enough people to vote the same as you to have a significant impact on the election is near impossible and buying votes is a better way to be a valuable part of the political process. In a world where a "passionate constituency" means only 60% of eligible people vote, I don't see anything wrong with caring enough to go renegade.
Post A Comment