I’ll spare you the details, but in essence, they say that printing a paper ballot to verify an electronic vote is at best useless, and at worst counter-productive. Their premises are as follow:
- the Americans trust online payment
- e-Voting could be made at least as secure as online banking
- therefore, Americans should trust e-Voting.
First of all, online fraud and other cyber-atrocities aren’t targeted for the same reasons, don’t have the same fallout, and don’t affect nearly as many people. When someone grabs your credit card number and makes a payment online, it’s an identity theft. The pirate is you, from the server’s perspective. If he succeeds in paying something, it shows up on your account balance. You then call your bank and “prove” that you didn’t actually pay for that. After some time, insurances come in and you are (hopefully) refunded. And the police chases the pirate, hoping to refund the seller as well. Or the seller’s insurance. And to punish the pirate in the process.
To make sure this chain is secure, there are a few certainties : you know who you are. You have access to the list of your own purchases. You notice something goes wrong. You alert the Authority that something’s wrong. They know (for certain) who you are. They trust you (to a certain extent). Therefore there is a problem.
Voting is a lot less simple. You know who you are. You know who you voted for. There is no way to link that back to you, and there shouldn’t be. Therefore (unless you are the only voter for a candidate and there’s no vote accounted for this one) you can’t know if something is wrong. Therefore YOU trust the Authority to make sure everything’s accounted for.
Now, if you get cyber-stolen or somesuch, the insurance companies investigate on you to make sure that you are honest. The crux is how the voter can investigate on the validity of the result.
Some technologies presented in this paper are pretty clever ways to actually ensure that. Who knows? It might even work. I agree that paper trails from electronic voting machines don’t account for much if you don’t trust the system. Maybe it’s because most of the real problems appear at more macroscopic levels.
When someone steals an election, he or she has to do it by manipulating relatively large numbers. We are talking about thousands, or millions, of votes. Why bother with individual votes then? Let’s do the “half cent trick”. If very small amounts of data are manipulated at a local level, they may amount to huge shifts when added up together. The weakness of every system is the alert threshold. If I am a local (and honest) watchdog at a poll, will I trigger a general alert for a dozen miscast votes out of 3000? I should. But who would, honestly? If every local poll has a dozen miscast votes, that’s 0.4% error margin. If memory serves right, this could have tipped several elections in the past.
And the mistrust is right there : e-Voting leaves precious little trails. Who knows what someone with access to the central computer with enough skill to cover his tracks could do? Would we notice these 0.4%? Locally, most certainly not. It would mean that every one of these miscast votes would have to be traced back.
The alert threshold has to be lowered and trust has to be earned. What if I (as a local watchdog) asked random (truly random) people to watch me perform my duties? At the very least, even if everyone in the group agrees to drop the case on the 0.4% error margin, someone would know. At best, I can’t be slack anymore, since these people can voice this fact to the world.
The problem isn’t really to find a perfect model. Picking chiefs at random, and taking turns, to avoid professional politicians is as perfect a model as the random selection mechanism is truly random. It’s not even to rule if the paper solution is better or worse than the electronic solution for a perfect counting of the votes. The problem lies in the fact that democracy is built on people, and people rely on democracy. To earn the trust of these people, they have to know that their voice is heard, even if it’s just one man versus a million.
These guys in their article say that no count could really be perfect. Hell, yeah, we all know that. But if the choice is between a trusted and 99.4% perfect system and a non-trusted (since it’s opaque and witness-less) and theoretically 99.6% perfect system, my money is on the former rather than the latter.
Ah but… THAT’s the problem… Money. Electronic votes cost less (a lot less, agreed) and take less (a lot less, too) time than their paper counterpart. The thing is, from the voter’s point of view, the cost is the same: going in a room and validating his/her vote. And the voter wants a system it can trust. Time to remember who these elections are for : voters, or elected people.