San Francisco Chronicle
Getting Out the Vote:
Why is it so hard to run an honest election?
Sunday, October 31, 2004
Four years after the Florida debacle of 2000 and two years after Congress passed the Help America Vote Act, voting problems are again in the news: confusing ballots, malfunctioning voting machines, problems over who's registered and who isn't. All this brings up a basic question: Why is it so hard to run an election?
A fundamental requirement for a democratic election is a secret ballot, and that's the first reason. Computers regularly handle multimillion-dollar financial transactions, but much of their security comes from the ability to audit the transactions after the fact and correct problems that arise. Much of what they do can be done the next day if the system is down. Neither of these solutions works for elections.
American elections are particularly difficult because they're so complicated. One ballot might have 50 different things to vote on, all but one different in each state and many different in each district. It's much easier to hold national elections in India, where everyone casts a single vote, than in the United States. Additionally, American election systems need to be able to handle 100 million voters in a single day -- an immense undertaking in the best of circumstances.
Speed is another factor. Americans demand election results before they go to sleep; we won't stand for waiting more than two weeks before knowing who won, as happened in India and Afghanistan this year.
To make matters worse, voting systems are used infrequently, at most a few times a year. Systems that are used every day improve because people familiarize themselves with them, discover mistakes and figure out improvements. It seems as if we all have to relearn how to vote every time we do it.
It should be no surprise that there are problems with voting. What's surprising is that there aren't more problems. So how to make the system work better?
-- Simplicity: This is the key to making voting better. Registration should be as simple as possible. The voting process should be as simple as possible. Ballot designs should be simple, and they should be tested. The computer industry understands the science of user-interface -- that knowledge should be applied to ballot design.
-- Uniformity: Simplicity leads to uniformity. The United States doesn't have one set of voting rules or one voting system. It has 51 different sets of voting rules -- one for every state and the District of Columbia -- and even more systems. The more systems are standardized around the country, the more we can learn from each other's mistakes.
-- Verifiability: Computerized voting machines might have a simple user interface, but complexity hides behind the screen and keyboard. To avoid even more problems, these machines should have a voter-verifiable paper ballot. This isn't a receipt; it's not something you take home with you. It's a paper "ballot" with your votes -- one that you verify for accuracy and then put in a ballot box. The machine provides quick tallies, but the paper is the basis for any recounts.
-- Transparency: All computer code used in voting machines should be public. This allows interested parties to examine the code and point out errors, resulting in continually improving security. Any voting-machine company that claims its code must remain secret for security reasons is lying. Security in computer systems comes from transparency -- open systems that pass public scrutiny -- and not secrecy.
But those are all solutions for the future. If you're a voter this year, your options are fewer. My advice is to vote carefully. Read the instructions carefully, and ask questions if you are confused. Follow the instructions carefully, checking every step as you go. Remember that it might be impossible to correct a problem once you've finished voting. In many states -- including California -- you can request a paper ballot if you have any worries about the voting machine.
And be sure to vote. This year, thousands of people are watching and waiting at the polls to help voters make sure their vote counts.
Bruce Schneier is a security technologist, author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World" (Springer Verlag, 2003) and publisher of Crypto-Gram, a monthly newsletter. He can be reached at www.schneier.com.
Thursday, November 4, 2004
San Francisco Chronicle