Auditability of Non-ballot, Poll-site Voting Systems

The history of the use of non-ballot voting systems in the US is briefly described. The background of a current controversy is also noted. The differences between DREs as currently used and Internet voting are discussed. The voting process as a human system involving people, procedures and activities as well as machines is stressed. Alternative systems employing ballots are described, and their advantages and disadvantages as compared to DREs are discussed. Specific machine design changes and administrative changes in the testing and use of DREs are recommended. 1. Background The question of implementation of audit trails in non-ballot, i.e., direct-recording electronic (DRE) voting systems, is not new. It was discussed extensively in 1988 [Saltman, R., 1988, pp. 40, 41, 112-114] and a requirement for part of the recommendations proposed in 1988 was included in the Federal Election Commission standards of 1990 [Federal Election Commission, 1990, p. 18]. Recently, the topic arose again in connection with the desire of officials of Santa Clara County, California, to procure DRE systems for use by the voters of that county. Opponents of this procurement, led by David Dill, professor of computer science at Stanford University, proposed a requirement for a paper audit trail that is “voter verified.” That is, a paper record of the ballot would need to be produced by the DRE voting unit and approved by each voter before the ballot is cast. This demand of Dill and other computer scientists follows the recommendation of Rebecca Mercuri, professor of computer science at Bryn Mawr College, that has been presented on several occasions [e.g., Mercuri, R., Neumann, P., 2003, p. 40]. Following a request by officials of Santa Clara County for an opinion from the state, the Office of the Secretary of State of California undertook a study and issued a report [Secretary of State’s Ad Hoc Touch Screen Task Force, 2003]. The Task Force made several recommendations to improve the security and integrity of voting systems, and noted the new federal requirement that there must be a paper record for each ballot cast. The federal statute is interpreted to mean that the individual records could be printed in bulk from electronic records after the polls are closed. However, the Task Force stated: “For technical and logistical reasons there is no support to have the printing of this permanent paper record done at the time the ballot is cast ...” Thus, the state did not accept the demand of the computer scientists, but allowed that a county could purchase systems with this feature, if it so chose. The purpose of the discussion below is to further elaborate the arguments on both sides and to consider improved mechanisms that would increase voter confidence in the results produced by DRE voting machines.