As opposed to many different countries, the Netherlands still vote using a paper ballot and a red pencil. Previously, I made a case why digital voting schemes are insecure. However, in our fear of digital solutions, we tend to forget that traditional methods are not perfect either.

Next Wednesday, the Dutch citizens make their way to the ballot box to vote for the National elections. Aside from a brief period using voting machines which did not prove to be secure, we still do this using paper ballots and red pencils. Basically, the procedure consists of showing your voter’s pass and passport to the members of the local voting committee to retrieve a ballot, going alone into a voting booth, colouring the box next to the name of your candidate of choice red, and putting the ballot into the box.

When the elections close, every voting station opens the boxes to count the votes. This works by first counting the total number of votes and comparing this to the number of ballots handed out. Secondly, the votes are split into stacks per party, counted once again, and confirmed against the totals. Finally, the ballots are places in a stack for each separate candidate and counted one last time.

During both the voting and the counting period, the voting station is governed by a committee consisting of three to five citizens. Furthermore, every citizen is free to enter the room and assure himself that the committee is doing its work properly.

Has There Been Tampered With the Ballots?
If someone manages to tamper with the ballots in some way, this is very hard to recognise. In the end, a ballot can be invalidated with just a strike of a red pencil. Comparably, a blank vote can be changed into a vote on a candidate. Please note that adding large numbers of additional votes is not really doable, because of the count confirmations.

On the other hand, cryptographic voting protocols are built in a way that they compare anonymity with the inability to alter someone else’s vote. Simply put, the tamper resistance of a traditional voting scheme lies with the alertness and honesty of the members of the committee and possible vigilante citizens, whereas cryptographic voting protocols have these properties implemented.

Authorisations: One of the Major Problems with Voting Schemes
The amount of people that authorises another person to vote for them due to absence or inability increases steadily – approximately one tenth of all votes is done by authorisation. When authorising someone else to vote in your behalf, you have no assurance that this person will actually vote as you asked. This cannot be changed, as this inability is derived directly from the very important property of strong anonymity.

Authorisations are nothing more than a question of trust. As long as we have schemes where someone has to go somewhere to vote, it is needed to enable certain parts of society to vote. Nevertheless, it can also be abused to coerce people into giving an authorisation. Currently, the only mechanism to prevent this is the limitation of two authorisations per person.

Counting, Recounting and Counting Once More
The counting of votes is a human process. This means that a vote can easily end up in the wrong stack. Of course, on a small scale this should not matter. However, in practice, the numbers show that a large amount of votes is counted wrongly.

Theoretically, the miscounted votes should be distributed evenly over the parties. Thus, we can reasonably expect dishonesty when wrongly counted votes have any effect on the outcome. However, we would most probably not notice this at all.

Traditional Voting: It Is Not Perfect Either
Yes, voting using digital machines has some very problematic properties. Especially the complexity of seeing what happens inside the machine and the scalability of voting using computers can be rather dangerous. Nevertheless, voting using paper ballots is not perfect either. For this reason, any debate regarding the security of either of those should look at which scheme is most secure, not which is insecure. If only because, in the end, nothing is fully secure.

3 Responses to The Insecurity of Voting by Pencil

  1. Ingrid says:

    Notice the simple man in the middle attack. One could simply say I’m from city x and these are our results.

    Stronger, if the verification package (set of votes) is stacked in a bag and send to the electionchamber you put your trust in the mail man. Hand signatures are not that strong and easily forgeable so probably digital voting could be safer in future.

  2. […] voting by paper has been glorified. However, as we saw in a previous post (10 September 2012), traditional voting is not secure either. Therefore, we should choose the system that is currently perceived as most secure: optical scan […]

Leave a Reply

Your email address will not be published. Required fields are marked *