Many attempts have been made to “fix the problems” with electronic voting, but rather than trying to go through issue after issue, I’ll try to address it from the other end: Is it logically possible to make it work? To answer that question one has to boil down the essential requirements first, and then see how they can be implemented.
The essential requirements are:
- There shall be one person – one vote (no unauthorized voting)
- The vote shall be secret (the fact that a person cast a vote shall be public for the election observers, since this is used to count the votes cast, but what that vote was shall remain secret and it shall be impossible to find out)
- It shall be impossible to manipulate the vote once cast (except optionally for the one casting it under certain circumstances)
- Once the election is over, the number of votes for the different alternatives shall be publicly visible (i.e. possible to verify without relying on any device, the inner workings of which not are not publicly known and verifiable)
To accomplish this, the vote must be represented by some physical property that is effectively indestructible in the timeframe of the election (absent force majeur). This is where electronic voting gets into trouble. An electronic vote is represented in memory as a physical state, not a physical property. We are talking about the energy state of electrons and things like that. One can liken it to a ball that can be in either of two cups, inside a box which nobody can peek into until it is time to count the vote. There are many ways to move the ball inside the box after the vote is cast – for instance by shaking the box. Similarly there are ways to change the memory state after the vote is cast, but before it is counted.
The key here is that the position of the ball is a state, not an inherent property. And since the vote has to be secret, by definition we can not guard it against manipulation by observing it. Thus we have to conclude that the vote has to be represented by such a physical property that cannot be manipulated out of view. Hence, electronic voting is not acceptable, unless – that is – the vote is recorded on an indestructible memory. There is such a memory. It is called PROM, programmable read-only memory. Will that work?
The memory must be able to record at least 4 conditions per race: Not voted, voted for alternative 1, voted for alternative 2, or a vote for neither (null, blank). The memory bits start out as either a 0 or a 1, and can only be changed once to the other state. This means that one bit is needed for each alternative, and if more than one is marked, it will be a null vote (similar to hole punching in paper). However, existing PROM memories typically don’t allow manipulation of bits or bytes, but only of whole pages at once, and that means that each voter would have to use up an entire page for his vote. Such an election would consume a lot of PROM chips. In fact, it would probably be much cheaper to vote manually using paper ballots inside envelopes stuffed in a transparent box, the good old-fashioned way.
The conclusion is thus that with existing memory technologies electronic voting does not live up to the requirements. They key would be to develop PROM memories with small page sizes, perhaps in the form factor of memory cards. But how to make sure there is no fraud with the physical cards being exchanged? There is one obvious way: That each voter uses a single memory card and deposits it in a box. Kind of like manual voting with paper ballots, isn’t it? Or else the PROM memory has to be semi-permanent inside the machine, exchanged only between elections. It could work.
There is one other way to assure that the memory state is not altered, and that is to control all methods by which it can be altered. In practice this means having complete control over the code of the computers involved. This is not the case in any system today, but it is theoretically possible, if both hardware and software are open source. However, that in turn requires a public development, and that is something that the private players who are in the field today vehemently would object to. So much so, that they might even be tempted to steal the election for the candidate who promises to protect their voting machine business.
Combining PROM memories with small page sizes, locked inside the machine for the duration of an election, with open-source software, electronic voting may be acceptable from a democratic point of view. But today we are a long way from that goal.
PS. Considering how fast and secure manual voting can be (e.g. in Sweden, where results are available sooner than in some countries with electronic voting, such as Venezuela), it just doesn’t seem very worthwhile to go electronic.