Some thoughts on what is needed to ensure the integrity of our votes if computerized equipment is used:
1. Open source code – Computer code in any machine used to record, count, or total votes should be available for examination and analysis by election officials and any qualified person. Secret ‘proprietary’ code cannot be permitted in any machine used to record, count, or total votes.
2. Random recounts – In any election where votes are recorded via computer or tabulated via computer or mechanical equipment, County election officials should recount no less than, say, 5% of votes cast in each jurisdiction, with precincts selected at random to produce the required numbers. If these recounts reveal errors or discrepancies, the entire vote must be recounted.
3. Restricted access to totals – Any computer system that tabulates or accumulates votes shall provide users with read-only access to the files containing recorded votes; access to delete such files should be permitted only as part of the setup process to prepare for the next election.
4. Machine security – All computerized devices used to record or tabulate votes must be locked and sealed with tamper-proof seals to prevent unauthorized access to the hardware or software
(a) any Internet, or external data connections must be secured with a lock and tamperproof seal AND should require password access to enable communications; there must be no capability for wireless communications on these devices;
(b) the operating system should validate any attempt to access network and communications functions and automatically log the date & time and the identity of the user in a file that is not subject to manipulation.
4. Touch-screen or other ‘Direct Recording Entry’ voting machines – if any direct recording machines are permitted,,which I do not recommend
(a) Original ballots – each machine must produce a voter-verifiable printout of the vote that is visible to the voter before the vote is recorded; the voter must be asked—on-screen, as part of the voting process—to examine the printout before recording the vote. The printer in the voting machine must be dependable and produce a record that is clear and easy to read, and these printouts shall be considered the original vote in the event of any recount;
(b) Sufficient Equipment – an adequate number of machines (and backup machines) must be available at each polling place to ensure reasonable waiting times of, say, 15 minutes or less, with paper ballots available for use if the machines do not meet this standard;
(c) Security – any machines used at polling places must be secured under lock & key and must have tamper-proof seals to prevent unauthorized access.
Provisional ballots – In addition to the computer requirements, it is critical that if a person appears at any polling place and claims eligibility to vote, then (1) he or she must be allowed to cast a provisional ballot; and (2) if it is later determined that the person is eligible but appeared at the wrong location, the provisional ballot shall be counted as if it had been cast in the correct location.
There are, no doubt, other ways to achieve the desired security goals — but many of the solutions developed by the voting-machine industry have been woefully inadequate and unacceptable. No business would accept such lax standards for its operations—and voting should have higher requirements, not lower. Maintaining the integrity of our elections is a public responsibility.