Voting Machine Logs + e-Government Laws = No Secrets When Voting

  • Article

Researchers in the state of Ohio in the United States have discovered that by analyzing the logs produced (by law) from e-voting machines used in certain counties, they can determine the vote(s) each voter made.  Further, the logs, by law, must be produced on demand, as part of our open elections process.

I haven't read the in-depth reports and analysis.  It appears to me that the manufacturers of the voting machine anticipated the risk of vote correlation with voters and tried to mitigate it by separating the vote log from the voter log.  However they mitigated this very poorly as (1) only one voter can apparently use the machine at a time and (2) every thing the machine does is logged and (3) every log entry is timestamped.  So simply separating the "Voter X logged on" records into one log, and the "Vote cast for candidate Y" records into another log seems to be a pretty naive solution.

I normally try to stay away from politics and commentary on my blog, because I don't want to alienate anyone.  But this is not a political issue.  Here in the United States we have problems with elections.  It doesn't matter which party you are in, there are things to be unhappy about.  The machines we have built to make elections easier seem to have made things much harder- from the "hanging chads" we had in the 2000 elections to the current pain we're having with voting machine certification.

The audit trail problem with voting machines is daunting.  How do you simultaneously accomplish the goals of (1) allowing only authorized individuals to vote (2) exactly once per election, regardless of location (4) the votes cannot be tampered with after being cast (or at least tampering is evident), (5) the votes can be tallied quickly (in a matter of only a few hours, (6) all of these steps can be accomplished in such a way that even if he voter wishes it, the vote cannot be correlated with the voter, and (5) a recount can reproduce all the same results with these same election characteristics (maybe we can relax the time window) without the voters physically being present.

Punch card and optical scan systems opt for auditing the voter before handing them the ballot, and the ballots themselves are the audit trail of the votes (and are not numerically linked with the voter).  These systems would seem to be pretty foolproof but there are systemic problems with both: the hanging chads and butterfly ballot problems were with punch card systems, and optical scan systems in general have a fairly high error rate, and all of these problems are largely due to users who fail to follow instructions which are critical to accurate operation of the machines which tally the votes.

Coupled with the fact that many e-voting systems are getting poor reviews from security researchers, I would be much more comfortable as a voter slowing down on e-voting until we work out the kinks.