Technology Was Only Part of the Florida Problem
By Bruce Schneier
December 18, 2000
In the wake of the presidential election, pundits have called for more accurate voting and vote counting. To most people, this obviously means more technology. But before jumping to conclusions, let's look at the security and reliability issues surrounding voting technology.
Most of Florida's voting problems are a direct result of "translation" errors stemming from too much technology.
The Palm Beach County system had several translation steps: voter to ballot to punch card to card reader to vote tabulator to centralized total. Some voters were confused by the layout of the "butterfly" ballot and mistakenly voted for someone else. Others didn't punch their ballots in such a way that the tabulating machines could read them.
Ballots were lost and not counted. Machines broke and counted votes improperly. Subtotals were lost and not counted in the final total.
Certainly, Florida's antiquated voting technology is partly to blame, but newer technology wouldn't magically make the problems go away. Technology could even make things worse by adding translation layers between the voters and vote counters and preventing recounts.
That last bit is my primary concern about computer voting: There's no paper ballot to fall back on. Computerized voting machines, whether they have keyboards and screens, or a touch-screen, ATM-like interface, have more potential for problems. You have to trust the computer to record and tabulate the votes properly and keep accurate records. You can't go back to the paper ballots and try to figure out what the voter wanted to do. And computers are fallible; some computer voting machines - even outside of Florida - failed mysteriously in this election.
Online voting schemes have even more potential for failure and abuse.
We know we can't protect the Internet from viruses and worms and that all operating systems are vulnerable to attack. What recourse is there if the voting system is hacked or simply gets overloaded and fails? There would be no means of recovery, no way to do a recount.
Imagine if someone hacked the vote in Florida; redoing the election would be the only possible solution. A secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in computing history.
There are other, less serious problems with online voting. First, the privacy of the voting booth can't be imitated online. Second, in any system where the voter isn't present, the ballot must be tagged in some unique way so that people know it comes from a registered voter who hasn't already voted. Remote authentication is something we haven't gotten right yet. These problems also exist in absentee ballots and mail-in elections. But because online systems have a central point to attack, the risks are greater.
The ideal voting system would minimize the number of translation steps and make those steps remaining as simple as possible. My suggestion is an ATM-style computer voting machine that also prints out a paper ballot. The voter checks the paper ballot for accuracy, then drops it into a sealed ballot box. The paper ballots are the "official" votes and can be used for recounts, while the computer provides a quick initial tally.
With a clearly designed computer interface, this would be easy to use. With good error-handling, it would help reduce overvoting and under-- voting. It would rely on computer software, with all those associated risks, but the paper ballots would provide the ability to recount by hand if necessary.
Voting is inherently a noisy system. We can spend money to improve its accuracy, but we can never get perfection.
So from a statistician's point of view, the presidential election in Florida was a tie.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..