Time to kill paper ballots? First, let’s look at the alternatives

21

100821: Polling Day Imagery, Alice Springs.

This article is by Jennifer Rayner, Doctoral Candidate, Australian Politics at the Australian National University. It originally appeared on The Conversation.

analysis The Australian Electoral Commission’s (AEC) loss of 1,375 ballot papers for the West Australian Senate count was an unfortunate failure from an agency that already faced growing public pressure to do away with paper and pencil voting.

Even before the ballots disappeared, newly minted MP Clive Palmer was loudly calling for the introduction of US-style electronic voting machines. Meanwhile, an experiment with internet voting for people with disabilities in New South Wales in 2011 caused many to question why we all can’t vote from home.

But before we pulp the paper ballots, it’s worth considering what — if anything — is actually wrong with the system as it stands, as well as what the pros and cons of the alternatives may be.

Australia’s current procedures for recording and counting votes have essentially remained unchanged since federation. Voters are given a piece of paper and a pencil with which to record their voting preference, and the completed ballot papers are then placed in a sealed box.

At the close of the polls, those boxes are opened and an initial count is conducted by hand on-site at each polling booth. The AEC employs thousands of returning officers to staff each booth and manage this initial count; these officers then phone the results into AEC headquarters so they can be plugged into the commission’s central database. That’s how we get the “provisional results” that are broadcast on election night.

After election day, the ballot papers from individual booths are transported to a central location in each state so that a second, more formal, count can be carried out. This involves entering the preferences for each individual ballot into a computer, so a definitive distribution of preferences can be calculated electronically.

This counting process means that ballots are processed twice, by at least two different sets of people and in two different locations. This ensures there is a high degree of scrutiny and cross-checking. But it also creates a small risk that ballots will be lost, damaged or otherwise tampered with during the counting process.

There are a range of steps that could be taken to reduce these risks. To give just one example of an approach which was trialled in Belgium, ballot papers could be scanned on-site at polling booths using optical character recognition scanning. The electronic copy would then be transmitted to the central counting facility rather than the paper ballot.

Unfortunately, this would mean dispatching scanners to the 7,697-odd polling booths around Australia. Every booth would also need sufficient, secure and reliable internet connectivity to transmit the scanned documents back to AEC headquarters – making this option somewhat impractical.

Of course, in this tech-obsessed age there are many who would like to see a move towards either electronic or internet voting regardless of the real necessity for this. But these types of voting pose their own challenges and concerns. This may explain why only 11 countries use electronic voting for major state or national elections. And just one country — Estonia — has successfully implemented internet voting.

There are a range of different electronic voting machines on the market, each of which let voters push a button, pull a lever or tap a touch screen to register their voting choice. Votes are either recorded directly within the machine, or printed as a barcode which is then placed in a high-tech ballot box which “reads” and logs the vote data from the printed ballot.

While the act of voting itself might be more futuristic, the process for transferring the recorded votes from individual machines to a central database is usually anything but.

In some cases, the machines themselves must be physically transported so that they can be plugged into a central mainframe, while in other cases they download the vote data to a CD or USB so that this can be sent to the central counting facility.

So it’s not just a simple matter of hitting “upload” and having all the individual booth data materialise at the AEC’s headquarters. Either the counting machines themselves or a copy of the data must still be transferred, and this raises similar concerns about data being lost, damaged or interfered with.

What’s more, the technical nature of the machines means they can either break down, leading to long queues at polling booths, or develop bugs and glitches, which can affect the accurate recording of votes.

Internet voting avoids many of these problems, as voters can simply log on to a secure site and cast their vote. But there are two huge question marks hanging over this process: how do we ensure that the person casting the vote is actually who they say they are, and how do we ensure the site is not hacked or tampered with?

Estonia is the only country to have so far answered the first question. All Estonian citizens are issued with a national ID card which includes a smart chip recording their identity details. This has been used to verify voters for online voting at national elections since 2007.

Since the Australia Card was howled down in the 1980s, Australian governments have had no success in convincing us we should also carry national IDs. So it’s hard to see that approach catching on here – even if it did mean we could all vote without having to put on pants.

The issue of cyber security is more challenging, and experts suggest that the Estonian authorities have not comprehensively addressed this. Given recent revelations about the extent of international data snooping and penetration, is it really so hard to imagine an online group such as Anonymous choosing to disrupt the electoral process for kicks?

Or what about a foreign power manipulating the vote to ensure the party most sympathetic to their own interests gets elected? These are serious concerns, and until we have real solutions to them (or decide that we’re just willing to take the risk) internet voting isn’t likely to play a significant role in future national elections.

The loss of the West Australian ballots is a serious breach of electoral integrity, and one that must be thoroughly investigated to identify what went wrong. But amidst all the party-driven hysteria, it’s important to remember that no system is entirely fail-safe, and the risks posed by electronic or internet voting are potentially far more serious than this isolated incident.

Our paper balloting system has delivered good electoral outcomes for more than 100 years, and remains the best option available for running efficient, accessible and reliable national elections.

Jennifer Rayner does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations. This article was originally published at The Conversation. Read the original article. Image credit: Australian Electoral Commission.

The Conversation

21 COMMENTS

  1. So why not implement a VPN style system?

    Download ‘voting’ software from the AEC, the voting software authenticates itself against a secure AEC server, then it creates a VPN tunnel that only lasts for the length of time that the software is running.

    At which point, you then open up your web-browser, enter the URL of the voting site which gets shunted through the VPN tunnel where you can do all your necessary stuff.

    As for a ‘National ID’ system, each state has drivers licenses, why can’t the AEC do dataset lookups against each states drivers license system, and where the person doesn’t have one of those, fall back to birth certificate (that’s national) or 18+ card (assuming that still exists).

    There are a lot of possible alternatives to a national ID card.

    • Why use a national id when the current system uses your name and address.
      Very simply you physically mail a password to everyone.
      If you can’t find your password let you vote anyway. Refer to those passwordless votes only in the case that there is nobpassworded vote.
      Passwordless votes are only allowed if that registered voter hasn’t voted with a password. (and only one passwordless vote per name).

    • With a VPN, it’s still possible to get in if you have a flaw in the chain. This could be the users own computer, or the system which is connected to the users computer. Malware is still a big problem.

      Also, I’m pretty sure that using an identity document such as a license/proof of age card can still be broken.

      in terms of reliable internet connections, this is where the NBN Sats will come in. It’s plausible that the AEC could be granted access to the Satellites for connection, which would give national coverage with a good uptime. At least, as far as I understand it, it’s possible.

      Another problem, is where is the paper trail. It seems silly that something as important as this should have no paper trail, no means by which votes can be verified against.

    • No need to install software or anything like that. The ecensus has been around for a few years now and just uses a browser and an ID that is posted to your home address, no reason voting can’t be done the same way. It would likely start off slowly and pick up as more and more elections occurred and people became familiar with the technology.

      They will still need to have the traditional voting booths for some time to come, because not everyone has the internet or knows how to use it.

  2. Everybody seems to be asking where the missing ballots have gone. Has anyone asked, if they were ever there in the first place?
    If a batch of papers is accidentally counted twice the first time round, they won’t be there the second time.

    • They were definitely there before. It was the above-the-line formal and informal votes from four different count centres that were previously counted. The batches are labelled. If those batches from count centres go missing (i.e. you find you only have a few below-the-lines from those count centres), you’ll be able to tell quite easily.

      My theory is rather mundane. The contracted courier simply lost the boxes in transit.

    • Yup , they also record the numbers of votes issued , discarded , and counted

      so you have checks and balances all the way along for each polling booth

    • They know how many people have voted. They can easily cross reference that with the names ticked off the roll when they were given the ballot paper, and by how many ballot papers were handed out (each one is initialed when the name is crossed off the roll.)

      The checks and balances would ensure they know how many ballot papers they had to start, how many were handed out, how many were invalid and reissued and how many they had left at the end.

  3. The cost of a 3g stick for each voting booth without internet access is cheap. (And you’d get a bulk discount buying 8000).
    Also, what protection is there in the current system to “prove” you are who you claim to be?
    That is a rediculous hurdle.

    As it is my dad received a “why did you vote twice” letter, and my mum received a “why didn’t you vote” letter this year. Guess what happened? Protip: it wouldn’t have happened in an online system that tracks voters by something other than multiple giant books and a ruler.
    Track them by entering their own name perhaps.

    • The state electoral commissions have been trialling electronic rolls. I know that the WAEC trialled it for a few count centres, and Renai did a recent article on the purchase of thousands of Android-only (which was controversial) tablets for just that purpose (among others).

      It’s true, however, that they don’t check for ID that rigorously. My sisters were asked for their ID but I wasn’t. I was still asked for my full name, residential address and date of birth though. Ultimately it’s a matter of making sure people get to vote though – and the AEC is world-class, I think, when it comes to making certain everyone gets to vote – we have hundreds of booths at your local primary school, you have an entire day to vote, if you can’t make it on the day you get early voting, postal voting, and now even online voting. But you know, some people won’t have ID, or will forget to bring it. In the US, with its voluntary voting, poor minorities (which would tend to vote Democrat) can be kept out of the vote because they often don’t have ID. When you apply for a postal vote, you don’t need to provide ID either, just a security question and answer that later matches the envelope enclosing your ballot paper when you return it.

      Yeah, there are definitely ways of cheating or gaming the system. Parties already do, to a greater (e.g. preference deals) or lesser extent (e.g. the Liberals paper-bomb all the retirement homes with their glossy postal vote application forms), but in terms of actually voting multiple times or something, I’m sure some zealots will do so, but it’s usually insignificant (unless, of course, the margin is as close as it is here).

      • I have never been asked for actual ID when I have voted in the last 12 years of voting.

        I have only ever been asked: “What is your name”

        If they find me on the list; I move on.

        My wife this year; wasn’t even certain of what name she was registered under! and they didn’t ask for ID.

        Which is lucky; she is registered under her married name, but all of her ID is under her maiden name!

  4. I’m sure you could set something up based around tablets without too many problems. Assume iPad’s, at around $600 a pop, 10 per polling booth, and you’re talking about a $45m setup cost plus maintenance.

    Use them either as voting tools themselves, or simply to scan the completed documents into a localised server for upload – connect to a local wireless network, or even by cable for security. I’m sure it wouldnt take much to program something to do the job.

    Doesnt need to be an iPad of course, there would be plenty of ways to do it.

    If you want to do it online, the risk to security would be who did the voting. If there was a double match against someone’s ID, go to a manual verification process – simply send a letter to the registered address to confirm.

    Or use someones TFN for confirmation. That can be a defacto national ID as it pretty much serves the same purpose as the Social Security Number in the USA. Given the AEC is a Government department, it could be done relatively easily.

    • Probably not iPad.

      $45m doesn’t sound like a lot, nationally. But the AEC doesn’t really get a huge budget [p27 of pdf] though (for example, they don’t have the resources to police the reporting of political donations), so that’s something for the politicians in Government to decide (and so, likely only if it would be likely to provide their party with an advantage).

      TFN could be a good idea, but does every 18+ year old have a TFN?

      I think something like internet banking would work, where you’d need an ID number and a fresh password each election, and perhaps a security question, and you’d confirm a vote via a code sent to your email address AND/OR a code sent to you via SMS to your phone. Sounds like a lot to provide and get set-up, so what you’d do is make e-voting opt-in, you’d have to send in an application to submit all your details.

      The thing with snail mail is that it takes a few days, so it slows the entire process down. With postal voting, you need to get the applications in before a certain date before the election, and also they only accept them back for a certain period after the election (which is okay because the postal votes that don’t come back are usually statistically insignificant).

      Ultimately though, you know what it all comes down to? People are lazy. That’s why they want e-voting.

      • “does every 18+ year old have a TFN” — fairly sure they would have one by then. Needing one for a job, bank account, or (not sure here) Centerlink benefits would catch most people out, if not all.

        If not, no vote, and a letter asking why they didnt vote… Keep that part of the process the same. Or still have manual voting, just have less polling booths. There will still be some people who prefer the manual voting option anyway.

        Thought process around using a TFN is that it should be a secure identifier that pretty much everyone has or needs anyway, so why reinvent the wheel? For all intents and purposes its basically become our Australia Card level identifier over the past 20 years, so why not leverage off that?

        If you use the TFN, you could even move it online with that as your ID, shouldnt be hard.

        iPad was just tossed out as a suggestion, and it DOES have all the necessary do-dad’s to get the job done, but its far from the only option. Android or Windows tablets would do the job just as well, and I expect would keep the cost into roughly the same cost range.

        As for the budget, yeah, thats a concern, but as a one-off capital cost I think the money could be found easily enough. Stringent enough controls with them, and they serve the purpose for years before needing to be replaced. Its one of the things plenty of departments are going to need to consider in the near future anyway, so could serve as a bit of a test for the AEC to trial it first.

        • *edit* had a look and it shows that for most people, they will need a TFN for benefits, so it should catch everyone but those probably exempt from voting anyway. There are exemptions to providing a TFN for benefits, mostly for medical reasons (read: needing personal care), or short term issues (getting a support benefit while in a disaster area), that sort of thing.

          So there’s no reason your TFN couldnt be the basis of identification. The exceptions that wouldnt have one would be so minimal and would be far far less than people who dont have photo ID now, as needed to vote anyway.

  5. Electronic Voting would be quite a eutopian ideal, but in practice it seems very open to bugs and invisible manipulation.

    http://www.popsci.com.au/gadgets/how-i-hacked-an-electronic-voting-machine

    It’ll just be an arms race, especially with the proprietary closed source voting machines that are currently in use in America.

    Maybe if an open source initiative was invested in to create an electronic voting standard hardware/software, it may have some hope. But there are big players and big money involved.

  6. Its good to see you all offering some good choices.

    It does seem damn antiquated having to fill out paper forms and counting them manually.

    Didnt we send 12 men to the moon?

    • You’re right, we should instantly ditch those antiquated pencil-and-paper ballots, and replace them with the wonders of modern technology, such as paper-punch voting machines (hanging chads, anyone?), or touch-screen electronic voting machines (which have been proven, on multiple occasions, to be vulnerable to hacking that allows the hacker to set any election outcome they wish).

      Actually, my biggest problem with electronic voting is the difficulty of recounts. You have some systems used in the US where “recount” means “ask to machine to tell us the stored vote totals again, as we’ve got no record of what the individual ballots were”. If you start adding things like paper records of individual ballots, in the event of a recount you’ve got to count them all manually anyway.
      Assuming you want to actually *trust* the electronic tally without an independent manual count.

      What advantages do electronic voting give over pencil-and-paper ballots?

      (a) convenience – but, really, if you can’t be bothered going to a polling booth once every couple of years, that’s a pretty lame excuse for most people.
      (b) speed of counting – um, excuse me, but for the lower house we generally have results that night – only exceptionally close results need to wait until the next day or beyond. It’s not like we *need* the result instantly… (look at the WA senate – they’ve got time to run an entire re-election before the result was due to come into effect!)
      (c) …

      Actually, I can’t think of any other advantages off the top of my head. With postal votes, pre-polling, and the like, our current system allows anyone eligible to cast their vote. Electronic systems are no more resistant to tampering than the current paper system, where reps from multiple parties keep a very close eye on things to make sure the count is honest & fair, there are systems in place to track & secure ballot papers, and where we also have a completely non-partisan electoral commission to run the show. Does that mean things will never go wrong? Of course not, but Palmer’s ranting aside, nobody seriously thinks the AEC is deliberately trying to manipulate the result.

      IMHO, the only urgent reform that *needs* to be made is to allow optional preferential voting above the line for the senate. Requiring either a completely filled out below-the-line ballot *or* a single “vote 1” above the line, where party deals then direct preferences, is getting pretty undemocratic, as the recent election showed, where backroom deals played a bigger role in determining who was elected to the senate than the actual “will of the people”.

  7. I’ll just weigh in to this argument with a few simple truths

    1. Voting is never going to be 100% accurate; it just needs to be 99.99% good enough.
    2. No one has any proof that your vote was counted or not, because the ballot paper is anonymous
    3. The wad of paper and the ruler are prone to human error
    4. Vote counting is prone to human error
    5. There will always be a better way.

    And on that last note…
    http://www.ted.com/talks/david_bismark_e_voting_without_fraud.html

    Best idea I have ever seen to fix ballots

    • Prêt à Voter works for me. Verify my own vote, without verifing who I voted for (vote selling). Gold Star.

      Splitting up parts of the key to different parties – I like this. http://evoting.bismark.se/verifiable-electronic-voting/

      And if my results get lost, take my receipt in again. It’s too good to be true. There must be a flaw!

      I think what I’d want would be rolling checksum for the booth also printed on the reciept. So I don’t know how people voted but that everyone upto my vote has been counted correctly. So die hards would vote near the end of the day. Similar to a git commit hash.

Comments are closed.