So, the scheme that, that most researchers believe is the best we can do with
available technology is to combine paper records and electronic records to have
redundant records. And one way to, to think about the, the
advantage of having these two records, is that they have what, what we might say are
orthogonal security modes. So, these are the differences in the ways
they could be induced to fail. With an old fashion paper record stored in
a ballot box, you have the possibility of physical tampering and retail fraud but
this is something that would take a large conspiracy to execute.
You need people at each of the ballot boxes you want to tamper with to change
the votes. With the digital records, things stored in
a, a memory card site, we have the possibility of, of cyber-tampering or, or
electronic tampering that would cause a form of wholesale fraud.
But this would require only a very small conspiracy.
Perhaps, just one person with brief access to the electronics.
So, when you combine these records however, if we checked to make sure that
they agree by performing some kind of auditing process after the election, then
we can have a very, very difficult situation for the criminals.
They need to have a large conspiracy to change paper records to match the
electronic records. And they have to be sophisticated enough
to make sure that they cheat in both records in a way that agrees.
Or else, we're going to notice a miss, mismatch in the audit.
So, by combining these low tech and high tech records, we can have something that's
far more secure than either paper ballots or electronic records on their own.
We can have in a way, the best of both worlds from a security standpoint.
One manifestation of this today, is precinct count optical scan, where you
have an electronic record made right at the ballot box.
The problem is that in many places, in most states, audits to check that the
paper records and electronic records agree are exceedingly rare, and only happen if,
say, there's a, a very large a very small margin of victory rather.
But we'll talk about auditing, and we'll talk about some of those procedural
questions later in the course. For these reasons, most researchers in
this field consider precinct count optical scan with audits to be the gold standard
in what today's technology can do for securing the election.
But there is another way that you can combine paper and electronic records, and
this is a technology that was invented to try to overcome some of the objections to,
to DRE voting machines. The idea is, is pretty simple.
Why not have the DRE every time someone votes, print out a piece of paper with
record of that individual ballot? And this is something that's, that's
called a Voter-Verifiable Paper Audit Trail, or VVPAT.
Also, you'll sometimes see that stand for Voter-Verified Physical Audit Trail.
Emphasizing that it's not paper that's important so much as some kind of physical
non-electronic record. The critical thing about a VVPAT is that
it has to be something that the voter can see and check is correct at the time their
casting their vote. Otherwise the, the DRE could just print
out whatever it wanted if it was behaving dishonestly at the time votes were being
cast. VVPATs are an, an interesting thing to
compare to precinct count optical scan because they have some, some slightly
different failure modes and for this reason, VVPATs although probably better
than paperless DREs are not regarded so highly by, by many researchers.
Before we conclude this week's lecture, I'd like to ask, what could go wrong with
DREs and VVPATs? Let's see if you can spot a couple of the
problems. A Voter-Verifiable Paper Audit Trail adds
some kinds of protections for the correctness and security of the DRE.