Touch-screen voting isn't the right answer

March 31, 2006|By JOHN SCHNEIDER

A debate over the use of electronic voting machines in Maryland generally has focused on words such as "security," "interpretive code" and "hacking."

The arguments tend to pit the reliability and safety of one machine against the other and compare the veracity and experience of expert vs. expert. They are earnestly written, articulately defended and, in many cases, factually accurate.

Unfortunately, they are also largely beside the point.

This isn't surprising: There are powerful commercial and political interests vying for the upper hand, with much prestige and profit at stake. Still, the debate has been incorrectly framed, and voters are the poorer for it.

The problem is this: When discussing the integrity of any data storage, processing and retrieval system, the term "secure" is a misnomer. In the realm of computer science, there is no such standard, no such definition. One can only describe the precautions taken and the recovery plan if the system is breached.

More simply, all computer systems can be rigged or manipulated. It is never a question of "if," only of time or money and the potential payoff. That's why computer science regards security as a process, not a feature. This process has several integral parts, which include multiple layers of intrusion detection and prevention, alerting and, most important, a means to recover from a security failure.

The last point has been lost in the debate and needs to be reintroduced. As much as we would like to believe assurances that our machines are infallible (because most of us don't have the experience to determine this ourselves), we will have given up the right to know whether our vote was true if our recovery plan consists solely of trusting the technology masters.

So let's talk about a responsible recovery plan.

We first heard terms such as "dimpled ballots" and "hanging chads" in the fateful presidential election of 2000 in Florida. A near-panic ensued, leading the nation to an almost instant decision to radically alter a voting method that had persisted since the Colonial era: the elimination of a voter-prepared physical record - the paper ballot.

Instead, we decided to accept an electronic interpretation of the vote we cast, using machines we don't really understand.

Most everyone agrees that the simplest recovery plan consists of adding a so-called paper trail, which allows voters to confirm their electronic choices by referring to a physical, printed record. If machine problems lead to a recount, paper allows one to take place.

But in this case of recording and verifying a vote, not all paper is created equal. "Paper trail" has been used to describe everything from a continuous-feed roll under glass to a hand-prepared ballot.

In unanimously passing a recent voting machine bill, the Maryland House of Delegates accepted the idea of a paper record that captures individual votes. The Senate has not adopted the same proposal and may be heading toward a system that has serious limitations. For example, some senators seem to favor using individual touch-screen machines with paper-under-glass verification. After casting their votes, the voter peers through the glass at the paper printout and confirms the list as accurate.

It sounds easy, but "live" voters have difficulty reading small type, comparing as many as a dozen or more votes, and too often find it easier to just skip the verification effort. And even after that, machine-printed records are still subject to security problems. In short, this brand of paper trail provides little assurance that the voter's intent has been captured and confirmed, and introduces an administrative nightmare.

A House proposal requires a voter-prepared ballot, optically read by a scanner in the voting precinct and backed by a second accessible reader. After the ballot is read, the original paper record remains for a later recount, prepared by the voter's own hand.

Optical-scan machines require the voter to darken spaces on a paper ballot and then take the ballot to a scanner, where it is fed into the machine and read for tabulation. These ballots are retained inside the scanner, where they become a part of the permanent record of the election. Only one scanner is required for each polling location, plus a second unit that's accessible for people with disabilities.

The key difference between touch-screen voting and the optical scanner is that only the scanned system leaves behind an actual record prepared by the voter's hand and therefore is not "hackable" in the event a recount is necessary.

An added bonus with an optical-screening system is that it relies on far fewer machines and can be purchased with the residual value that lies in our current inventory of touch-screen machines. Net cost: about zero. Net gain: renewed confidence in our electoral process. A priceless benefit, at a fair price.

John Schneider is a consultant on Internet and data security. His e-mail is

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.