Log in

No account? Create an account

election procedures and security

So, I was thinking of posting this on election day, but was busy doing other things and misplaced my Round Tuit.

The voting procedure in New York State, as of two or three years ago, is as follows. They give you a printed ballot with bubbles under various candidates' names. You fill in the appropriate bubbles with black ball-point pen (which they provide), then feed the ballot, printed-side-down, into an optical scanner, which then beeps and displays a message saying "Ballot received" or something of the sort. Then you go home.

What are the security implications? Well, first, it's a big improvement over the old lever machines. With the lever machines, if there was a recount, it would be based on the tapes in the machines -- which you've never seen, so you have no way of knowing whether your vote was recorded correctly. If I want to steal an election, I'll hack the voting machines to record [some of] the X votes as Y votes, and nobody will ever detect the fraud. Under the new system, if there's a recount, it'll be based on the optical-scan form that you filled in yourself, so you (the voter) have nobody but yourself to blame if it's miscounted.

So what security holes remain? Well, most obviously, you have no way of knowing that the optical scanner recorded your vote correctly. If I want to steal an election, that's what I'll hack. But I'm vulnerable to a recount, which (in most places) will happen if the election is close. So the moral is: if you want to steal an election, steal it big enough that there won't be a recount.

The answer to this is to recount a small fraction of precincts at random, even when there are no close elections. I don't know whether New York election law specifies that.