This proposal has two fundamental parts, which are interdependent. A third part may be implemented later, but as it is much more costly, it is left until later.
Part I: Allow individuals to privately validate their votes after the fact.
- When an individual arrives to vote
- After identification, the individual is handed a card, with reference and validation numbers on the top. Both numbers are unique.
- The validation number is hand written in ink on the role next to the voter registration line, in the poll logbook. It is NOT entered into any computer. The reference number is NOT recorded in the logbook. The only place the two numbers ever exist together is on the voter card.
- When an individual casts his/her votes
- The individual inserts the card, and is asked to enter a four-digit number (his/her PIN) known only to the voter.
- When confirmed, the votes cast are printed on the card (the ballot sheet)
- No personally identifying information is printed or recorded; only reference number, validation number, and votes cast are printed.
- The machine does not record who voted.
- Reference numbers are chosen from a random pool for the machine, so they cannot be stacked sequentially to determine votes later.
- At the exit from the polling place is a shredder. The voter can either drop the card into the shredder, or take it home. Shredding the card forever surrenders the right to challenge the results.
- Each time a voter is finished, a large physical (NOT electronic) number on the machine is incremented, indicating how many ballots the machine has recorded. This number should be legible from fifty feet away.
- When the votes are recorded from the machine
- The poll officers validate the numbers of registrants with the numbers of ballots cast. A mismatch will invalidate all the votes on that machine, until they can be verified.
- The recorded votes include the encrypted reference and validation numbers, as well as the encrypted PIN chosen by the voter.
- A spreadsheet of registration numbers and votes cast is provided to the polling officers. A printed version is signed by the officers, who all verify that the numbers of ballots on the physical machine counters match the numbers counted in the spreadsheet.
- When the votes are tallied
- Every individual vote from every machine in every precinct is listed on a public website.
- Any voter can
- Enter his/her reference number, and see the votes that go with that reference number.
- Verify that the votes on the website match those on the ballot sheet.
- Enter the validation number from the sheet and PIN (from memory) and protest the reported sheet, if they do not match.
- A certain number of vote protestations will call a machine, a precinct, or an election into question.
- Anyone can
- Drill down from the final results to those of a machine, and see all the votes cast on that machine.
- Download the results for a machine or precinct on a spreadsheet, and verify that they have been tallied correctly.
- Download the results for an entire election, and verify that the precincts have all been tallied correctly.
- Any poll officer can
- Look at the data for a machine, and ensure it matches the results from the poll.
- Ensure that machine and poll data were recorded and tallied correctly.
Note that no one can tell what another person voted. This eliminates the possibility of privacy invasion or coercion. Fraud will be vastly more difficult. If fraud occurs despite these protections, the system itself is built to catch the fraud and limit it severely, if not eliminate it altogether.
The next part of the proposal will detail how to eliminate duplicate (fraudulent) voting.
Until next time,