I recently read
this diary today about some obvious fraud with the Diebold voting machines in Ohio and started wondering how, or even if, it would be possible to ensure more accurate results and fewer possibilities of fraud. The most obvious one, of course, is a verifiable paper trail. AS soon as the user has voted a paper slip containing their vote is deposited in some sort of locked box while their vote is also recorded electronically. Not a very complex system. All you need is a printer with the paper feed going into the aforementioned box. How hard is that? Yet, strangely, this turns out to be too much for Diebold.
More ways to stop electoral fraud on the flip.
Another fairly obvious help is if the voter sees the name of the candidate he is supposed to have voted for after he voted and has a chance to cancel that if it looks incorrect or, if it does not get fixed, to alert election officials that the machine is out of order so they can allow the voter to vote on a different machine instead. The problem with this method is that the machine may display a vote for candidate A but record a vote for candidate B. One method of combatting this type of fraud might be to use an entirely separate system to display the vote then was used to record the vote. For example, Company X might have it's voting machines used to record the vote in some database, and only after it arrives at that database does Company Y's machine check to see the last vote cast from that machine and display it to the user. It's still not foolproof. If the vote is recorded onto a local database then fraud can certainly occur when the votes are transferred from all the local databases to a more centralized one. Also, there must be some sort of coordinating mechanism so that Company Y's machine knows when the new vote was recorded in Company X's database, and fraud could theoretically occur at this level so that sometimes Company X's equipment is triggered to display the vote cast just before this one at this voting machine. Still, it would help.
Another important measure in preventing fraud is to ensure that, after the machine has been set up, there are no changes to the software whatsoever. One of the more obvious methods of committing fraud requires that you know which candidates are running. If the machines and their software are in place and unchangeable years before the election and there is nothing to indicate in the software who is from what party then it becomes rather pointless to set the software up to commit fraud. Sure, it might be possible to ensure that every sixth vote is for the second candidate on every ballot, but without knowing any detials about who that is, what would be the point?
However, this does bring up the need for further precautions. The voting machinery must not be programmed with indicators like (D) or (R) by candidates' names. More importantly though, without in some way modifying the machine how do we get it to display the candidates that are running in the election, and when the candidates' names are input how do we ensure no other software is changed? I can think of two possible solutions. The first, and less secure one, is to have software set up which reads in a file containing the candidates' names. We try to prevent any other software from beign modified, but do allow the file containing the candidates' names, which might be kept on a different medium from the rest of the software, to be modified. For instance, the file containing the candidates' names might be copyable to a hard drive, but the operating software for the machinery is kept on a non-writeable CD which is in a locked box. THis solution does leave security holes, but they can be minimized to a large extent. The software could, for example, have initially been written to accept a 60th candidate for election which, if it is the name we7ytuedguy deuigher78y, will automatically throw votes to the first candidate on the ballot, but if it is the name ewjhiudhfu dfuihdf89yef will automatically throw them to the second.
The second possible solution would be to dispense with all names and all modifiable software in the machine. The machine allows the user to repeatedly type in numbers of candidates or options for as many ballots as the user wants. When the user is done they press end, and there is a "No Opinion" button as well. The names and issues corresponding with each of the numbers are posted on paper in the voting booth (or listed by an entirely separate system) and the ordering is determined randomly the day beforehand. This is significantly more secure, but does mean more possibilities for voters to make mistakes ("I thought option 1 was Reagan, not Ford. I wish they'd list these thing right on the screen").
Another important factor is testing. Testing should be thorough, and most importantly, there should be no representatives of the voting machine company, or that have an ideological axe to grind (if possible, or try to have all political sides represented equally if not) present during testing. From the time the testing starts until after the elections are over there should be no software changes of any sort allowed to the machines. In fact, the fewer people that have access to the machines in any way other then to ensure they are not tampered with, the better. After any new software of any sort is installed the machines must be fully tested again. Ideally there should never be any possible network access to the voting machines, but if it is deemed necessary for that to exist to store the results in a centralized database, then the machines should only be connected to the network for the absolute minimum length of time possible. I would strongly advise, instead, that the final talleys of voting at a particular machine simply be displayed and copied down, or printed on a sheet of paper, rather then allowing any direct electronic access to the machine.
Finally, no matter what you do, it is impossible to be sure you prevent fraud. It's always possible for those collecting the votes to commit fraud if they simply print out the final talleys from each machine, or, if the results are stored in a centralized database, for them to be tampered with there, or for the person or people who report the results to lie about them.
Hell, if the programmers of the voting machines want to get ingenious enough, simply pressing the voting option buttons in a particular sequence with particular delays will activate certain hidden pieces of software. Making the voting software open source would help to some degree, but without network access it would be hard to verify that the software listed was actually what was downloaded, and that it remained thatway, and with contrinuous network access there might be ways of modifying some aspect of the voting machinery, perhaps not related to the software directly (if the software exists in a read-only area), but perhaps one that can control things through subtler means. We can only hope to minimize the possibility of electoral fraud by putting in many safeguards including careful testing under controlled circumstances and a verifiable paper trail.
Welcome to my first diary. I hope you enjoyed it.