A new system for ensuring accurate election tallies, which MIT researchers helped to develop, passed its first real-world test last Tuesday.
Last week, in Takoma Park, Md., a new cryptographic voting system that could ensure accurate vote counts was used for the first time in a real election. MIT’s Ron Rivest, the Viterbi Professor of Electrical Engineering and Computer Science, helped develop the system and says he’s quite pleased with how the technology worked. Takoma Park’s city clerk, Jessie Carpenter, agrees that the trial “went very well.”
To minimize the disruption of existing voting procedures, the system, called Scantegrity II, was designed to work with ordinary optical-scan voting technology. Optical-scan voting — which has become the dominant technology in the United States since the 2000 presidential election — usually requires the voter to fill in bubbles printed on a ballot next to candidates’ names. With Scantegrity II, the voter instead uses a special pen to expose a code printed inside the bubble in invisible ink. Thereafter, the ballot is fed into an ordinary optical reader, which simply determines which bubbles have been darkened.
Any voter who’d later like to confirm her vote can simply jot down the code that’s in the exposed bubble, along with the ballot’s serial number, and take that information home. (In the Takoma Park election, voters could record their codes on cards stacked in the voting booths, which were printed with the names of the contested offices — mayor and city councilor.) The voter can then look up that serial number on the election commission’s website and confirm that it’s correlated with the code inside the bubble she marked. Although on the website, the code is never associated with the candidate’s name, Scantegrity ensures that if just 2 percent of voters confirm their codes, it’s statistically almost impossible for vote tampering to go undetected.
The key to the system is that before the election, the election commission prepares a set of tables that, taken together, link the ballot codes and the candidates’ names; but that link can’t be deduced from any one table by itself. Then the commission publicly releases a set of digital signatures that cryptographically describe all the entries in the tables without actually revealing them. That way, the tables can’t be tampered with after the ballots are cast, but neither do they reveal any information that ballot stuffers could use before the election.
After the election, the election commission releases some of the information contained in the tables — including the codes exposed on all the recorded ballots — along with encryption keys that verify its authenticity. The partially revealed tables conceal enough information to preserve voter anonymity: There’s no way to figure out which ballot went for which candidate. But they reveal enough information that anyone interested in performing an audit can ferret out fraud.
There's more more about this system:
http://web.mit.edu/newsoffice/2009/rivest-voting.htmlThis sounds promising. There are probably kinks to still be worked out, but this beats what we have now.
It'll never be adopted if people can't cheat