How to judge a voting system
November 6, 2012  

Which of the following voting systems is best?

  1. A voting system that records a vote for 100% of the population and shows that all votes are for Saddam Hussein.
  2. A voting system that records a vote for 60% of the population and discards the vote of 40% of the population. All votes actually recorded are accurate.
  3. A voting system that records a vote for 100% of the population; 90% of the votes are recorded accurately and 10% are inaccurate.

Voting system (1) corresponds to the Iraqi system circa 2000. Before you reject this system out of hand, note that it has at least one virtue: everyone knows that it is fraudulent. In security terms, it is tamper evident.

Voting system (2) corresponds to the American system circa 2012. There is very little voter fraud (votes are accurate) but low voter turnout.

Voting system (3) is a hypothetical email voting system that is so easy to use that it achieves complete voter participation. Unfortunately it has some security vulnerabilities that are exploited to affect 10% of the vote.

Is voting system (2) better than voting system (3)? I don’t know. At the least I need more details—what are the election results, how many voters are there, how many candidates are there, etc. Depending on these details, either (2) or (3) could be more accurate.

For example, suppose we are voting yes or no on a ballot initiative supported by 65% of the population. In system (3) in the worst case 10% of votes are changed from yes to no, so the initiative is approved by a 55% to 45% margin. In system (2) in the worst case we count all 35% of votes against, and only 25% of votes in favor, so the initiative fails. System (3) gets the correct result, while system (2) gets the incorrect result.

In my opinion, voting security research focuses too much on accurately measuring votes and too little on other vulnerabilities. Voter suppression is also a vulnerability, even though it is mainly occuring in the physical and psychological realms rather than in computer systems. As we have found with phishing, computer security cannot solely be concerned with computers. We must take the human factor into account.