There’s been a lot of talk about this new computer system that casts election votes. Ideally, using electronic equipment has many advantages but there are disadvantages hiding in the cave ready to attack. We’ve all seen electronic equipment often work as expected but more importantly, it’s not uncommon for electronic equipment to fail and when this sort of concept is applied to voting, miscounting is simply unacceptable.
I think the best way to solve this type problem is to try to make the voting machines work without fail but to never assume it won’t fail. As we’ve seen from the arrogance of the engineers of the Titanic or from the 2004 New York Yankees, just because it looks and sounds workable, we should never assume these machines will do what it should. By this, I don’t mean the system should fail completely but we should design the system to constantly self-check itself to insure no errors have been made.
In addition, the system should friendly so that at least at the user point-of-view, there should not be problems with confusion or misinterpretation. Overall, making an e-voting system work requires the engineer to consider the logical, defensive (security against hacking) and personal standpoint of design and do so in a sensitive, introspective manner. First and foremost, the system should be ethical. What this means is the system should be created to an acceptable and mainstream protocol.
Ethics means different things to different people but we can’t satisfy all of these morals that people have all on one system since some might contradict one another so we need to decide on what the majority would find acceptable. Right off the bat, it’s important to prevent hacker attacks because people want a fair election and not a tailored one. We go to vote to voice our opinion and not that of someone else.
Secondly, it’s important to let the public know what these voting machines do and how they’re secured, letting the public know that the e-voting companies care about their security and that these voting machines are engineered with exhaustive research on how to keep it secure. Lastly, the user interface, the user interface should be unbiased (it shouldn’t look like the one candidate is better than the other). Another thing about the user interface is that it should be easy to understand as to not intimidate voters.
I think there also should be the option to choose the electronic voting systems or traditional paper ballots, having both systems operating in one polling place. This may allow voters who don’t believe in electronic equipment or aren’t used to using electronic equipment to take an alternative option. We can discuss how to get an e-voting system to appeal to people all we want, “evangelize” until we’re exhausted but I doubt that most of this would work on stubborn, one-sided people and more importantly, we shouldn’t force people to use something they feel uncomfortable with.
Using the bank system as an example, you can withdraw money from an ATM or going to a teller. For example, my grandmother doesn’t use ATMs at all because she doesn’t feel comfortable interacting with electronic equipment. On the voting side, this may or may not be needed because some areas may overwhelmingly prefer paper ballots over electronic voting or vise versa, in this case the polls would have to accommodate. If electronic voting systems are actually used, it is important that the programming is acceptable and safe.
This is why I agree private e-voting organizations should either share the source code with top security departments in the government or have the government regulate how the security department in the organization does business. Ideally, it doesn’t have to be checked by government directly, as long as the private e-voting organization is checked by security professionals of some kind, working outside of the company. This allows some sort of checks and balances so that these companies don’t manufacture poorly secured equipment.
As soon as a machine is certified, it can be manufactured. On top of this, there should be an individual who takes charge and watches out for any employees tampering with the software while the equipment is being manufactured. This is important since in the past there has been tampering with software on lottery machines and this can’t happen for e-voting machines. As far as the internal operation of the e-voting machine goes, I think three words say it all: checksums, tickets and encryption.
Encryption is mainly important for voter privacy, because we don’t want hackers interpreting the messages sent from the machine to the database server. The choice for the encryption should be that of an algorithm that has the best reputation among secured connections, such as RSA. In addition, checksums are important because we need to validate to see if hackers have changed or added code in the machine, we should never assume that the software wouldn’t be tampered with. The checksum would only validate correctly on the original copy of software.
The checksum algorithm, like encryption, should be reputable such as MD5 and the checksum and e-voting software both should be burned on static ROM chips, which shouldn’t be changed. If suspicion occurs there should be a way to plug a device that stored a backup copy of the checksum into the e-voting machine to check the software. Lastly, e-voting systems should use tickets, or signatures that identify each voter uniquely and each vote should be logged with user token in memory so that the voter can’t vote twice.
Although, any security measure isn’t entirely secure from clever hackers, keeping security very strict would prevent many attempts. Once you’ve voted from an e-voting machine and somehow passed all the security that was involved I think it would be appropriate to give the user a receipt showing exactly what was stored in memory because like I said early, we should never assume everything will work and if the voter can verify by eye what was stored then this would allow corrections if needed.
In addition this type of system could be used for hand recounts or to check user errors which would probably be 90% of all the complaints given that the programming was planned properly. Yes, it may be possible for deceiving information to be printed out, making the vote look correct but if all the aforementioned methods of checking, security, and logging and provided that everything was executed well, an electronic problem to this point should be very rare. Comparatively, this should be no more secure than paper ballots.
