% fortune -ae paul murphy

More on Evoting

If the evoting machine represents the visible tip of the iceberg, what happens below see level?

In both Canada and the United States electoral officials are expected to prepare an appropriate number of polling places, ensure that each polling place has a list of the people eligible to vote there, ensure that the voters know which polling place to go to, and ensure that only people on the list or eligible to be added to the list vote there.

Most of the dollar cost in running an election is tied to the list making, distribution, and check-off processes that go into this and therefore so are most forms of electoral fraud. Dead people can, for example, be put on many polling place lists, their names claimed by a small group of people travelling poll to poll or just checked off by someone with access who then stuffs the right number of pre-completed ballots in the box.

More creatively, some elections have swung on results from non existent polling places or booths - a trick made a lot easier by current registration methods and vote collection technologies.

Unfortunately voter list management is also the area where there are the fewest effective controls. For example quite a few well intentioned poll officers have been led to believe that knowingly permitting illegal immigrants and convicts to vote amounts to an honorable form of civil disobedience in support of real democracy - a bit of manipulative nonsense undertaken by those spreading it in the full knowledge that such people overwhelmingly vote against a party about whose actual operations and agenda they have no factual information.

Similarly, people's pre-existing beliefs about the likelihood of voting machine fraud can be used first to increase the percentage of people using absentee voting - the easiest of all forms of voting to manipulate - and later to attack the legitimacy of the winners.

However, hidden electoral fraud isn't remotely limited to such historically blessed tactics as stuffing the ballot box, manipulating the voter list, or holding mail-in military ballots until after the winner has been declared and then destroying them unopened. A few years ago in Toronto, for example, a candidate who'd made himself bitterly unpopular with the ruling party - which appoints the electoral officials - found that a minor clerical error kept the polls in his, mostly immigrant working class, district closed until well after the lines thinned out around (if I remember correctly) 9:30 to 10:00 AM. To many people's surprise the party's anointed candidate won easily - and by complete coincidence turnout ran significantly below historic averages for that riding.

The bottom line is simple: current evoting machines are, by all reports, ridiculously easy to hack and appropriately the focus of some attention, but known vote cheating has been much more along the lines of voter registration and eligibility fraud - or even simple stuff like egg throwing and tire slashing in known Republican neighbourhoods on election day.

In other words, if we're going to think about ways of protecting against voting fraud, the right places to focus are first on eligibility, and secondly on "chain of custody" for the voter's decision from the time the voter decides to vote for a particular candidate or proposition through to when that vote is tallied.

So let me pose a rough outline for a very different process:

  1. Voter eligibility is usually based, in both Canada and the United States, on age, residency, citizenship, and legal status - all of which can be determined from public records to create a single voter list for a district, a province, or a country.

    Almost all of these records are zealously pruned - dead people don't pay taxes (their estates do, but that distinction is clear) and people have to declare one primary address for public records like licensing files. Not everyone eligible to vote is on these lists, but the overwhelming majority are - and the exceptions can be dealt with one by one and on a clear legal basis.

  2. right now voters are expected to vote at the polling place where their name appears on the list. That's both a reasonable response to technology limitations at the time this process evolved and an invitation to fraud. Today, however, there's no technical reason not to put a a national electronic voting system in place - one that uses a voter list mainly derived from public records and is correspondingly always very nearly up to date.

    Such a system would allow anyone to vote from anywhere: just prove your identity and the computer pops up the ballot appropriate to your place of primary residence and later updates the local count appropriately.

Global eligibility verification from public records eliminates most of the traditional forms of fraud - while a vote-anywhere national electronic system eliminates most of the rest. Cost savings would be incidental - but significant.

All great, but there's a downside: this approach moves more of the problem into the realm most of the debate has been on: auditing and controlling that computer system. You can't make such a system foolproof, but the simpler you make it, the closer to that you can get and thus the greater the confidence you can have in its operations.

And the simplest, cheapest, most reliable, system of all? Sun Ray terminals in public offices, state level accumulators, and dual national data centers. Details tomorrow.


Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.