I think it's wound up that way. I do not think it started that way, I think it started that way because there was no incentive for Diebold or other electronic voting vendors to do the right thing, and now keeping things status quo is very easy for an incumbent.
I imagine that it is very hard to convince someone that was elected with electronic voting machines that there is a problem with electronic voting machines.
> That said, paper ballots and hand counting are the answer for secure and accurate vote counts
Hand counts aren't particularly accurate. Change that to paper ballots counted by optical scanners with some clever ballot design using cryptographic techniques to allow voters to verify that their vote was included correctly in the count and to allow independent third party auditing of the results, and then you have a secure and accurate system.
> The problem with any form of voting that allows you to verify your vote was counted correctly, is that anyone can verify you voted 'correctly'.
That's not correct. There are several systems that let you verify your ballot was included in the count and the count is correct, which together show that your vote was counted correctly, without letting anyone verify who specifically you voted for. See Punchscan, Prêt à Voter, and Scantegrity II for examples.
Look at the research literature under end to end auditable voting systems [1] for more on this topic.
Hand-counted pen and paper ballots don't actually provide any way for you to verify that your ballot was included in the count and that the count is correct without letting anyone verify who you voted for. I'm curious what you have in mind here.
This is a solved problem. Independent observers from all parties involved that are allowed to view the entire process from end to end. The issue with computer only voting is that you just have to trust the machine.
In a large election it is a big challenge to ensure that independent observers from all parties are present every place someone could potentially tamper with ballots in storage or in transit between the time they are cast (especially in jurisdictions where polls are open a long time) and are counted and the count is folded into the overall total.
With simple hand counted paper ballots, the voter has no way of knowing that the chain of custody of their ballot was not compromised.
By enhancing the paper ballots with cryptographic techniques, we can make it so that lapses in the chain of custody do not allow tampering with the election results. We can make it so we only need observers from all parties observing at specific places in the process, which is much more practical. We can make it so the voter can know that their vote did it make it into the total and it was counted correctly. We can make it so we can have a fast machine count, but still have a paper trail that supports a hand recount, and we can do this in a way that allows outside independent checking of the machine count.
Cryptographic assurances are besides the point: the threat model is not that someone will change a record in a poorly-observed database. That's only a threat if you decide to make the thing electronic. The easiest way to solve that threat model is to not create it in the first place.
Put another way: the way you protect against the subversion or deception of very few humans is to build a system that by design requires very many humans to be involved.
> In a large election it is a big challenge to ensure that independent observers from all parties are present every place someone could potentially tamper with ballots in storage or in transit between the time they are cast (especially in jurisdictions where polls are open a long time) and are counted and the count is folded into the overall total.
Australia has done it this way for most of a century.
It's easy. Candidates are highly motivated to provide scrutineers because they distrust each other. And the rules require scrutineers to be present and cross-sign to assemble or open ballot boxes.
> With simple hand counted paper ballots, the voter has no way of knowing that the chain of custody of their ballot was not compromised.
With a software solution, no voter has a way of knowing if their vote and everyone else's vote has been counted correctly, unless ... you do verification by hand.
Seriously.
Pen and paper. It works. It's safe at scale. Everyone understands it. The US is not a special case.
> In a large election it is a big challenge to ensure that independent observers from all parties are present every place someone could potentially tamper with ballots in storage or in transit between the time they are cast (especially in jurisdictions where polls are open a long time) and are counted and the count is folded into the overall total.
It's actually pretty easy: Count the ballots at the polling place immediately after the polls close. That leaves no opportunity to leave them unguarded. Publish the results of each place so everyone can reproduce how they are summed up.
I haven't read the paper if you can't tell from the system who you voted for, then you must be trusting the machine to give you some kind of random number which corresponds to each candidate. So it's only a partial verification.
In that case, there is a simple way to do it. Just publish a list of all ballets (by random ID) and their matching votes (by another random ID). No math needed.
There's an article[0] with a powerful quote on the subject: "There is no one election in the United States, there are thousands of independent elections. ... They’re run with their own policies, and their own processes, and, frankly, in a lot of ways, their own vocabulary."
Machines are usually bought by local jurisdictions. Some states cover the costs for all elections; some for only some elections; over 6 cover nothing. In any case, local jurisdictions are faced with a conundrum: do we spend money for something that's used only a couple days a year, or fund more immediately beneficial programs (roads, aid programs, etc.)? Budgets can't even keep up with replacing equipment, let alone thorough code and security reviews. Assuming the administrators even recognize what kind of work needs done. It's outside their experience, and when you start considering the kind of attack vectors that freaking nation states can literally create, even the best efforts of well-intentioned election officials are going to be wholly insufficient. And when nation states that are willing to put in the effort are the threat you're protecting against, everything changes.
Individual states are unlikely to try and setup the kind of review that you're looking at. Or--possibly--even realize that they need to. It's expensive, and the people they're relying on to inform them about these matters are often the people selling the machines. Worse, you're looking at at least 50 separate efforts to secure voting machines. They may, or may not, somehow wind up coordinating with each other. The federal government could, but states guard their control over elections fiercely: just look at how almost all of them told the Obama administration to go pound sand when DHS warned them of potential hacking attempts.
Unless there's a major, undeniable breach, I don't expect much to change anytime soon in most states. Even then, we'll probably see a shift to paper ballots rather than the sort of hideously expensive expenditures needed for the sort of rigorous IT security efforts we now know are necessary for electronic voting in the current threat environment. Otherwise, we'll be lucky to see piecemeal incremental improvements when individual states get around to them.
Regulations seem to me like they are always reactionary to bad shit happening, we're just too dumb to be prescient enough to get ahead of the problems because we are too arrogant to think we'll make the same mistakes we always make and because we think our intentions are insurance against those mistakes if they do happen.
One problem with voting machines is that "bad stuff happening" can be beneficial to the people in charge of overseeing them, quite the opposite of gambling machines.
I think it makes sense that regulations are reactionary against bad shit that has (traffic fatalities, market manipulation, food and drug safety, etc) or is currently happening (global climate change). If we tried to write regulations against everything that might possibly maybe go wrong, I imagine we would end up with an unworkable regulatory landscape that ends up doing more harm than good. And I say this as someone who thinks regulations are a good thing on balance.
Electronic gambling devices are intensely code reviewed. It's the law. Why not electronic voting machines?
That said, paper ballots and hand counting are the answer for secure and accurate vote counts.