Inside risks: voting automation (early and often?)

C omputerization of manual processes often creates opportunities for social risks, despite decades of experience. This is clear to everyone who has waded through deeply nested telephone menus and then been disconnected. Electronic voting is an area where automation seems highly desirable but fails to offer significant improvements over existing systems, as illustrated by the following examples. Back in 1992, when I wrote here [5] about computerized vote tabulation, a $60 million election system intended for purchase by New York City had come under scrutiny. Although the system had been custom-designed to meet New York's stringent and extensive criteria, numerous major flaws (particularly those related to secure operations) were noted during acceptance testing and review by independent examiners. New York withheld its final purchase approval and legal wranglings ensued. This summer, the contract was finally cancelled, with New York agreeing to pay for equipment and services it had received; all lawsuits were dropped, thus ending a long and costly process without replacing New York's bulky arsenal of mechanical lever machines. Given New York's lack of success in obtaining a secure, accurate, reliable voting system, built from the ground up, operating in a closed network environment, despite considerable time, resources, expertise and expenditures, it might seem preposterous to propose the creation of a system that would enable " the casting of a secure and secret electronic ballot transmitted to election officials using the Internet " [3]. Internet security features are largely add-ons (firewalls, encryption), and problems are numerous (denial-of-service attacks, spoofing, monitoring). (See [2, 6].) Yet this does not seem to dissuade well-intentioned officials from promoting the belief that online voting is around the corner, and that it will resolve a wide range of problems from low voter turnout to access for the disabled. The recent California Task Force report suggested e-voting could be helpful to " the occasional voter who neglects to participate due to a busy schedule and tight time constraints " [3]. Convenient access is a vacuous promise, in that the described authorization process requires pre-election submission of a signed e-voting request, subsequent receipt of a password, instructions, and access software. Clearly, it would be far easier to mail out a conventional absentee ballot that could be quickly marked and returned, rather than requiring each voter to reboot a computer in order to install " a clean, uncorrupted operating system and/or a clean Inter-net browser " [3]. Countless …