Since it is known that the Dutch voting machines are very insecure, voting by paper has been glorified. However, as we saw in a previous post (10 September 2012), traditional voting is not secure either. Therefore, we should choose the system that is currently perceived as most secure: optical scan voting.

First of all, let’s remind ourselves of the important security properties voting systems should satisfy:

  1. integrity: the outcome must equal the voters’ intent;
  2. ballot secrecy: nobody should be able to verify how you voted, even if you want them to do so;
  3. availability: the voting systems should provide service during the elections;
  4. voter authentication: only citizens eligible to vote should be allowed to do so and they may only vote once; and
  5. enfranchisement: every eligible voter should get the chance to vote.

Optical Scan Voting: A Hybrid of Traditional and Digital Voting
In an optical ballot scanning system, citizens still fill out a ballot as they would do in a traditional voting scheme. However, these ballots are designed in a same manner as standardised tests and can be optically scanned. After the ballot has been filled out, it gets put through an optical scanner, which keeps track of the cast votes.

Due to the use of normal paper forms, an optical scanning system has both a direct registering counter and a traditional paper trail. For this reason, an adversary needs to alter both the paper ballots and the counting machine to successfully break the integrity of the voting system.  Such an attack is not easily done, because it requires both a large scale and a small scale attack. On a large scale, voting machines need to be infected with a specialised virus that alters the counters. Additionally, several small scale attacks need to be performed to alter the ballots. A practical example of such an attack is when the employees of the voting booth use small bits of pencil under their fingernail to alter ballots – it seems unrealistic, but this has happened in the past.

Verifiable Paper Trails Are Not an Alternative
You may have heard of direct recording electronic voting machines that print out paper receipts that need to be put in a separate box as a paper trail. Although this is an interesting solution to the same problem, it is far less superior as optical scan voting systems.

First of all, when a vote is printed wrongly, the largest chance is that this will go unnoticed. Most paper trail add-ons are so inconvenient that citizens will simply glance over them and not notice any mistake. Furthermore, when they do so, what will happen? The voting machine could alter to display the wrong selection on the screen and the voter may think it was a human error. Finally, the paper trail could get corrupted by citizens that do not put the receipt into the ballot box.

Ballot Secrecy: Problematic In This Day and Age
As I discussed in my short guide to committing election fraud in the Netherlands (14 September 2012), in the age of smartphones, guaranteeing strong ballot secrecy becomes a very difficult problem. At this point, I can see two directions to solve this problem. However, both of these directions are not feasible.

The easiest method to prevent any system capable of making photographic copies entering the voting booth is requiring voters to be nude. For obvious reasons, this is a very controversial requirement. Another line of solutions would be providing an eraser and an erasable pencil. However, this would make altering ballots during the counting process that much easier.

Optical Ballot Scanning as Voting System of the Future
At this point, I have mainly discussed the integrity and ballot secrecy of voting schemes. However, most other properties rely on different elements in the process. Voter authentication and enfranchisement are both part of the system used to call citizens to the voting booth and check their identity when they show up. Availability is to be preserved by having enough ballots and ballot boxes.

Nevertheless, especially when it comes to integrity, optical scanning provides the best security. Simply put, it combines the security of a traditional voting by pencil scheme with an additional electronic trail. Furthermore, premature results can be announced much earlier, due to the electronic counters. However, to take the full benefit of this scheme, audits of the paper trails are mandatory.

One Response to Towards Optical Ballot Scanning

  1. […] I explained why precinct optical ballot scanning is the most secure voting system (1 October 2012). However, to take full advantage of this security, the ballots still need to be manually recounted. […]

Leave a Reply

Your email address will not be published. Required fields are marked *