The pieces just fell into place in my mind, while I was outside working on my kinetic sculpture, for a highly tamper-resistant, yet still private, voting system. And it doesn't even require computers.

Here's the outline (all I have at this point). A voter shows his ID or whatever is necessary to get into the polling place. Once in, he randomly selects a ballot out of a stack of them, each in an unmarked outer envelope.

He opens it, fills it out, puts it in a new unmarked envelope, and inserts it randomly into another stack of completed ballots. He keeps a carbon copy. The ballot has a randomly-generated unique ID number on it, which is also on the carbon copy.

The state totals and publishes the vote plus two lists:

  1. The list of all registered voters for that city (or neighborhood, in the case of large cities), in alphabetical order.
  2. A listing of all vote cards, with the unique ID and the votes, abbreviated to just the letters or numbers of the completed ballot, in order of appearance. Say for example, N8XVQ99899: CACCBBDAAAACDB, in alphanumeric order of the ID numbers.

Everybody can look at the listings and see if any dead, minor-aged, non-existent, or not-registered people are listed as registered, and all their known-registered friends and neighbors are listed; can compare their ballot to their carbon copy and see if it's the same (and can file a complaint if not); can make sure the vote tallies match the raw ballots. Nobody but the voter can know the match-up between the registered voter and his vote, and he can only know his own, or any that was confided to him.

Sure, I can see some potential for abuse; a voter could cheat by taking more than one ballot; unscrupulous poll workers can go into the booth after each person, steam open the newest envelope (which he can spot because he's made hidden marks on previous envelopes), and record the person's vote for later blackmail or reprisal; people can make a mistake and put their completed ballot in the new-ballot pile or vice versa; but each of these has solutions both legal and technical. More sinister problems down the road of privacy loss could even include microscopic RFID chips to tag voter with vote, but a solution could hopefully be found for that too. I can't offhand think of an easy way to abuse this system towards large-scale vote fraud though. Sure, there are some people who will file spurious complaints and alter their carbon copy, but a large number of such shenanigans would cause a public outcry, and proof of tampering would go on a person's record and/or cause their voting privilege to be revoked.

And finally, the system could be computerized without losing any of the benefits, I believe. Thoughts?

Back to blog or home page

last updated 2012-11-17 02:26:45. served from tektonic.jcomeau.com