Friday, June 03, 2005

Punch Card Voting - Part 2

This is a continuation from the prior post "Punch Card Voting Can Be Good".

After a voter has reviewed their punch card ballot at the checking station and their ballot is correct, the voter can press a button that will print a voting receipt that contains:
  • The current date and time.
  • A code that identifies this polling location.
  • A code that identifies the kind of ballot.
  • The unique ballot identifying number that was prepunched in the card. This code is not associated with the voter at the polling place.
  • An encrypted string of letters and numbers that records how they voted. Encrypted means the characters are meaningless without a special "key" that a computer can use to determine exactly how the ballot was punched. This is similar to the technology employed when you use a secure web site. The vote is encrypted using a technique that will result in different codes for ballots with the same combination of punches. Even if you and your neighbor cast votes for the same candidates, your codes would be different.
  • Other security codes like you see on your lottery tickets. These would be used to verify the authenticity of the receipt if the voter challenges how his or her ballot was counted.

Voters should check that the number on their ballot matches the number on their voting receipt, drop their ballot in the ballot box, take their voting receipt with them and file it in a safe location.

As the punch cards are processed and the votes are counted, the ballot identifier and votes cast are recorded in a database.

After the ballots have been counted, the voter can use the Internet to access an election board site and key in the characters that identify their physical ballot (plus part of the encrypted code to prevent people from viewing other voter's ballots). They will then see a screen that shows how that ballot was counted. Some voters may forget exactly how they voted. Some voters may, after the fact, even want to deny to themselves how they voted. In order to refresh their memory and convince themseleves that their vote was counted correctly, they can enter the second string of characters (their encrypted selections), their polling location code and ballot type, and see exactly how they voted that day. This check would not read their ballot from the database, it would use just the data on their "receipt". This must match the data stored in the database. If it doesn't, a fraud alert can be sent to the election board.

If there are voting irregularities, election officials can ask voters to check their ballot on-line and report discrepancies. They can also randomly select voters to voluntarily show them their voting receipt to verify it against the recorded values and the physical ballot. With this system the voters themselves become watchdogs. Fraud is easily identified and there is an audit trail to help determine what happened. Once it is known that ballots can be easily checked by voters and election officials, ballot fraud will diminish.

The unique identifier and database insures that a single ballot cannot be counted more than once. It can also be used on recounts to determine which ballots were counted differently on the recount by comparing the current selections on the ballot with those recorded on the first count. These misread ballots can then can be inspected manually to determine the problem.

I'll complete the description of this system in the next post.

No comments: