November 29, 2011

A cheap technical solution to control election vote counting

The elections are coming in Russia. As always, its results are expected to be grossly falsified. But instead of politics I'd like to talk about a technical solution to the problem.

What if an independent party is allowed to observe the process of vote counting, in order to come up with its own results which later can be used to verify the official numbers. How could it be done without forfeiting the traits of the voting process such as privacy, and also so that it is reliable and cost effective and causes minimal disruption to the existing process ?

Voting process in Russia is like this. You present yourself to the voting site and you are given an anonymous paper ballot. You go to a booth, mark one square with a pen and drop the paper to the ballot box.

So I thought that the step which could be modified is "marking the square with a pen". Instead of putting a pen inside a booth, a "square marking device" should be installed by a supervising party. It is nothing but a simple plastic box with a thin slot for ballot and, say, 4 marked buttons. You go into the booth, draw a curtain behind you so nobody sees what you are doing. Then you slide your ballot into the slot, press a button, and the device prints a cross in a corresponding square. Then you take the ballot out and drop it into the box as usual.

The marking device adds 1 to the counter corresponding to the button you pressed. Later the counters can be read by an authorized supervisor with a key. The officials count the votes by hand as usual after taking the ballots out of the box.

This most significant threat to this scheme is double voting. It should be protected against malicious user just pressing buttons at will to push up the counters. This could be done by reading a pre-printed unique bar code and not allowing it to be used twice. Bar code is also useful to be sure the ballot is positioned correctly.

As the amount of memory on the device is limited, you should probably pair a device installed to each site with the series of ballots dispersed to that site. This way, in the morning, the supervisor will unpack the device, pick random ballot from the pack and go through "imprinting phase" by inserting a ballot and applying a key. The device will read the bar code and lock itself to the range of ballots it will accept from that moment on. This will also protect from using ballots from other sites.

The solution can even be made entirely mechanical, no electronics required - it can be made simply a paper cutting hole punching device known in Russia as "компостер". You force press a button, and it cuts a circle fragment from a ballot, the cut out circle falls into a tray and remains inside the device, protected by a regular mechanical lock and key. Later, a supervisor opens it and counts the confetti. Each piece may contain a number or be of different color and may be watermarked to prevent forgery.

Neither of the solutions is bullet-proof. But it is simple, cheap and reasonably effective. The devices need to be tamper-evident, they must last just one day, they need a 2D barcode reader, 4 buttons, a key slot (touch memory reader ?) and 4 static printing heads. To cut on the latter and avoid ink refilling, even the electronic version of the device can be cutting holes in the ballot instead of printing marks on it.

I'm not a production expert, but I'd say such a device would cost a few dozen bucks. And you need hundred thousands of them, so it'd be even more cheap.


cariaso said...

I've been paying closer attention to these concerns since the 2000 presidential election. Your proposal might work in your circumstances, but a few of America's thinkers on the topic might be of interest to you. I'm fond of the work of Ed Felten at and Bev Harris of as notable.

Most specifically a Voter Verified Paper Audit Trail seeming to be a very attainable and desirable goal.

I'm not sure of all of the details of your suggestion, but a bit troubled to hear of the need for a 'unique barcode' as they can in some scenarios be used to force voters to demonstrate they voted a particular way to your employeer or local mafiosi.

Dmitry Dvoinikov said...

Thank you for the links, I will check them out.

The unique bar code is anonymous, it only marks the ballot, any given ballot can be given out to any voter and as it is part of the ballot it never leaves the booth. There is no reason for anyone to want to know it - it means nothing. What a mafiosi would want is to see an entire ballot with a cross in a particular square *before* it is thrown to the box. This is indeed possible to do, but a bar code doesn't make it any worse.

Anonymous said...

technological realisation of digital democracy (russian forum).
I think what you are in the beginning of their project - on thinking stady.

Lesley Tilling said...

I have wondered if it would be possible to cast a vote at the ATM, instead of drawing out cash. All the ATMs would need to be changed for 24 hours, allowing you to put in your card and your pin, and select "cast vote" then the choice of candidates comes up and you press the button. It says, do you want to vote for Bloggs? You can cancel or confirm.

Then you get a receipt for your vote which you stick in a slot in the bank wall. Done.

Here the process of identifying the voters is hilariously slow and the best word to describe it is quaint.

Dmitry Dvoinikov said...

That's a really interesting idea but in my opinion impossible to implement. Banks are commercial entities and cannot be forced to update their ATM's. Installing 3rd party software to all ATM's is a MAJOR security risk and will likely not be approved by VISA/PCI DSS. Nobody will ever connect ATM's to public Internet to access the vote counting server of any sort. Even if you can force it by law, to many banks ATM's are locked black boxes with the only administrator long since left. Even if you overcome all this, the responsibility of counting will be on commercial companies, so what's the level of trust ?