My change of heart came while listening to an NPR story last night. Election results for one county in Michigan were held up for two hours because some volunteers with ballots were barricaded in the building by a bear. A bear! What century is this?
There are some fair concerns about moving to a more-than-just-dead-trees voting system. We have to consider what the impact will be on voter enfranchisement. A change that makes it possible for the rich to vote by telepathy, for example, while the poor have to drive a hundred miles uphill both ways (to access a non-telepathic voting booth) would not be exactly democratic.
Would it have been fair, in 2000, for the middle class to be able to vote from the comfort of their homes and jobs, while the poor and homeless had to get to a voting booth? I don't know.
But my best guess is that, by 2004, this won't be a question anymore. Plot the percentage of lower-income homes with internet access from 1996 to 2000, and then extrapolate another four years. So if it should be done, how can it be done? There are five key issues to solve: authorization, anonymity, data confidence, UI, and security.
I propose a system in which each voting booth runs a webserver which logs votes (without identification) to two internal media (hard disk and floppy would be good, see below). Once the polls close, each booth's computer can be totalled and sent over the internet to the state's central server.
Meanwhile, any computer that speaks https on the internet would become a voting booth of its own, running slightly different software.
Each state's official results could be in an hour after its polls close. Which beats the ten-day waiting period we have now for our overseas ballots.
Authorization isn't really that hard: When you register to vote, you (by default) get a password delivered by snail-mail a week before the election. Tampering with that mail is a federal offense, of course. On election day you use secure http to sign in from anywhere with your name, address and password. Lose the password? Sorry, you don't get the comfort of home/work; you go to the voting booth with everyone else.
Anonymity is trivial; any logs with identifying information either don't get stored, or get wiped immediately.
Computers crash. Data confidence means the servers write the votes to multiple media: network, hard drive, flash RAM. A dot-matrix printer makes a good emergency backup medium.
This system also needs a dirt-simple GUI for voters connecting from home or work. No butterfly webpages necessary; click a name, and get a confirmation screen that shows you name, party, (importantly) photo, and big "yes" and "no" buttons.
At the voting booth it can be even simpler, using touch-screens.
Security is, of course, always a problem. Secure http effectively eliminates the man-in-the-middle attack, so the main worry are that an attacker will be able to run unauthorized code on a government computer which could (read) correlate my name with my vote or (write) change my vote. I'm going to go out on a limb and say that a completely open-sourced system, from the kernel up, combined with clean-room installations at a secure location, can make these concerns minor by comparison to existing vote-fraud concerns.
Also, net admins overseeing the effort need to have enough access to track and lock out attackers, but obviously they can't have access to change the election results. Lock them in a room for the day with a hundred video cameras tracking everything they do, like the officers on missile-launch duty. Many net admins will find this a relaxed and enjoyable work environment compared to their current jobs.
There are many problems that have to be solved -- please bring up the ones I haven't mentioned here, let's start the debate! My hunch is that they can be solved. And the overriding question must be, will it be an improvement over the current system?
Given that Florida's election is being decided by a 400-vote difference, with 19,000 botched votes thrown out, I'd say the impossibility of clicking on two presidential choices at the same time makes this system a huge win.
The broken user interface on our existing punch-cards system is probably going to give us the wrong President of the United States. How much worse could a digital system really be? I don't claim to have all the answers, but I know what century it is, and the time for Little House on the Prairie nonsense is over. Let's make this happen for 2004.
I'll give my last word to Andre Uratsuka Manoel, a partner at the internet firm Insite, in Brazil. (Props to TBTF for putting Andre and me in touch.)
Brazil has a 100% electronic election. On election day I go my "electoral section," identify myself, sign my name. The "section president" then types in my code and I walk to the booth which is in a corner of the room where no one can see my vote. I then type the number of my candidate, see his/her photo and press "confirm."
The voting machines store the votes in at least three different places: a floppy disk (which is locked), a flash card and the internal hard disk. There are written procedures for any kind of failure I could think of and back-up machines readily available. Those machines can connect to a phone line and send their results to the Election Court of the state.
The results are proclamed extremely fast. On the mayoral run-off elections that happened 2 weeks ago, results were out 2 hours after the election in the city I live in (Sao Paulo, with about 6 million voters) and 6 hours after it in the last city in which there was a run-off. In my home city the results came out a little after the election sites closed and the result was proclamed with the winner having 40 thousand votes more than the second place (0.4% of 1 million votes).
In the first round of elections in Sao Paulo, the third place contestant lost the ticket for the run-off elections by less than 0.1%. The one who lost didn't even think of contesting the results because no one thought there were any kind of frauds.
In the first round, 100 million voters (about the same as the active voters in US) in 5 thousand cities chose their mayors and councelors. All the results were proclaimed 30 hours after the voting closed.
This happens in a country that has a much lower level of literacy, technology-savvy and of money as the U.S. Remember that some mayors were chosen in places hours away from anyplace else (even by plane), i.e. in the middle of the rain forest. Those places don't have electricity.
Of course there were complaints, but not because of the electoral process. Mostly they were due to campaigning on the election day, voter transportation and coercion.
(Updates: Dave Riesz mentioned Riverside County, California, which has an electronic voting system already in place. Their 2000 primary turnout was the highest in 20 years, which may or may not mean anything. That led me to the California Internet Voting Task Force which looks interesting. Don Wegeng pointed me to RISKS thoughts by Douglas Jones. Brian Dunbar points out "Hurrah for Slow Recounts" by the always-interesting Ellen Ullman.
Lee Coursey passes along Elizabeth Ferrill's Discussion of Electronic Voting. James McCann, a programmer at VoteHere.net, says my description is "not terribly far off but very incomplete" -- I'll take that as a compliment -- check out his site and SecurePoll.com too. And finally, a story in Salon that makes my point better than I could: "Confessions of a Florida Poll Worker."
If you have more links or information, emailme.)