Common Sense: The Indispensable Role Of Voter Verified Paper Ballots

Note: This is the second post in an occasional series on Common Sense Election Integrity, summarizing, updating, and expanding on many previous posts covering election integrity, focused on Connecticut. <previous> <next>

Among the heroes of our Democracy, George Washington has been called The Indispensable Man. When it comes to voting integrity, voter verified paper ballots play The Indispensable Role.

Perhaps there is an alternative. I’ll grant that paper might not be the only possible media. Voter verified stone tablets/ballots might work but are hardly realistic. Beyond a different permanent media, so far, no safe alternative has been proposed which has withstood scrutiny.

The alternatives that fail to pass scrutiny, so far:

  • Basic Touch Screen Electronic Voting (DREs)
  • DREs with “Voter Verified” Paper Trails
  • Internet Voting (including: Websites, Email, or Kiosk based)

Any form of voting that relies solely on computers for integrity is subject to fraud and error:

A hardware error could occur changing a program, or causing a touch screen or scanner to function improperly and unexpected, undetectably, to dramatically change a result – either on an individual voting machine or in transmitting or accumulating results.

An unscrupulous insider could change a program or function of a computer in a variety of ways that could be difficult or impossible to detect.

A voting machine could be programmed incorrectly to begin with, running correctly for years and then suddenly produce the wrong result on a particular set of ballots or based on the placement or spelling of a particular candidate’s name.

(It is not common sense that the spelling of a candidate’s name could change the result. It is common sense for experienced computer programmers. Programmers all have stories of mysterious problems. Believe it or not! I cannot send emails with my cell number including imbeded dashes ‘-‘, I can use periods ‘.” and other marks, I can use other phone numbers but not my particular cell number with dashes – the sent emails just plain disappear. I was using the cell number on my email signature.  It took months of lost emails, lost communications, interpersonal misunderstandings, changing software and email providers to no avail. until I stumbled onto this hard to believe fact. I still find it hard to believe, but it was repeatedly, rigorously tested to my amazed/dismayed satisfaction. As far as I can tell it is either a Microsoft or Apache bug which I have not pursued.)

No amount of testing or security can be sufficient to prevent such errors and fraud:

Based on Alan Turing’s Halting Problem it is impossible to determine, in general, that a computer program will do what it is expected to do in all possible circumstances. We could test many sequences of ballots and prove they are counted correctly, but in different circumstances the computer might function differently: A different set of ballots, a different sequence of their submission, submission at a different time, or with different time delays between ballots etc. could yield different results. In reality, it would be almost impossible to test each voting machine with a reasonable number of typical sets of ballots to provide reasonable levels of confidence, let alone test each machine before each election.

Beyond these basic, insurmountable obstacles, voting has unique challenges:

  • Resources are limited. Election officials, in general have limited computer and security expertise. Jurisdictions cannot afford the expertise to plan reasonably effective testing and security measures. They cannot perform extensive testing of single voting machines, let alone each machine before each election.
  • Election computers are programmed anew for each election. Past results do not imply that current programming is reliable or that new errors or fraud have not been induced.
  • Scanners or touch screens can go out of alignment or develop blind/weak spots and errors.
  • Security measures to prevent insider tampering with programming and computer chips would be prohibitively extensive, costly, and sophisticated.

Each of the current alternatives have their own limitations:

Touch screen (DRE) voting machines without paper trails do not have transparent records which can be verified by the voter or election officials after elections. There is no way for anyone to determine if a vote cast by a voter increased the vote for the correct candidates; no way for the public or officials to determine if the counters or electronic records of votes accurately reflect the voters’ actual choices.

Internet voting methods are subject to all the risks of the public and “private secure” Internets.  Sophisticated Government agencies and corporations are regularly subject to hacking (e.g. Google and the U.S. Defense Department). It is wildly optimistic and delusional  to expect voting jurisdictions or voting vendors to do as well, let alone better. Kiosks mitigate a few, but hardly all of these risks. Banks lose billions in ATM electronic fraud each year – once again, they are more sophisticated and can afford more to avoid costly fraud. And bankers have an advantage with double entry bookkeeping and customer receipts which provide means to detect fraud – means by definition unavailable to electronic voting. The recent extensive Wikileaks disclosure of government documents is an example of what a lone or very limited number of insiders can do in compromising the security of a system.

Paper trail DREs provide an inadequate substitute for voter verified paper ballots. The current paper trails are difficult to read for voters and officials and are frequently lost to jams oeundetected “out of paper” conditions.  A small percentage of voters actually verify their vote – fraud or error can misclassify a significant percentage of votes, with the smaller percentage verified chalked up to “I/you must have pushed the wrong button”.  Beyond this DREs are much more costly to purchase, operate, and audit than optical scanners.

The Bottom Line

It is theoretically impossible to develop a computer only voting solution that is not subject error and fraud. Beyond theory, common sense shows that proposed electronic voting systems are subject to error and insider fraud, with all but impossible testing and security requirements, well beyond the capabilities and resources available to election officials.

Paper ballots filled out by voters are inherently “Voter Verified”. They provide the ultimate record of voters’ intent. They alone provide the opportunity for determining the exact result in close elections and the opportunity to verify the correct result in all elections. They alone provide the opportunity for public transparency necessary for real trust and confidence. Voter Verified Paper Ballots alone provide the opportunity for voting integrity, a necessary prerequisite for democracy.

We will have much more to say.  “Opportunity” is insufficient.


One response to “Common Sense: The Indispensable Role Of Voter Verified Paper Ballots”

  1. Minnesota voter

    Thanks for a great article. We here in MN have had paper ballots & precint optical scanners since the 1980’s. They have worked well & now other States are emulating the “MN system” as they junk their touch screen machines.
    During the campaign for the 2008 US Senate seat, our Unitarian Universalist voting rights group & a citizen-based election integrity organization formulated this question. We asked it of all the candidates running for Federal office.
    “Do you support, and will you advocate for a voter verified durable paper ballot that is the official ballot of record, with precinct optical scanners & statistically significant post-election audits, for ALL Federal elections?”
    Surprisingly, some of the candidates didn’t “get” the point of the question, and some skirted or avoided an answer.
    We have to educate our candidates on this issue as well as the voters.

Leave a Reply

You must be logged in to post a comment.