|
|
Acciones de DocumentoElectronic Voting SystemsElectronic voting or e-voting is a way to get the people=s vote electronically. There are different kinds of electronic voting systems used in several countries around the world. Most of these systems adapt existent technologies or develop specific technologies to be used for electoral purposes.
The main types of electronic voting systems include:
Electronic voting systems have been in use since the 1960s, with the introduction n the market of the punch card systems, followed much later by the optical scanning systems, the DRE and the Internet.
Electronic voting machines are used on a large scale in Belgium, Brazil, India, Venezuela and the United States among others. Although there is a trend for adopting this technology there are still many countries that prefer hand-marked and manually counted paper ballots.
While the efficiency of some of these electronic systems is not disputed they have suffered from different degrees of security problems as well as a perception that they are not reliable and that they can introduce substantial counting errors. One of its main advantages though, it is that facilitates voting access to persons with disabilities. Punch CardsWith punch card systems, voters punch holes in cards using a supplied punch device, to indicate votes for their chosen candidates. After voting, the voter may feed the card directly into a computer vote tabulating device at the polling place, or the voter may place the card in a ballot box, which is later transported to a central location for tabulation.
Two common types of punch cards used in the United States are the "Votomatic" card and the "Datavote" card. With the Votomatic card, the locations at which holes may be punched to indicate votes are each assigned numbers. The number of the hole is the only information printed on the card. The list of candidates and directions for punching the holes are printed in a separate booklet. With the Datavote card, the name of the candidate is printed on the ballot next to the location of the hole to be punched.
Punch cards and computer tally machines were first used in the U.S. for the 1964 Presidential primary election in two counties in the State of Georgia.
Although many U.S. punch card systems are being replaced by more advanced systems, many voters still use them. Punch card systems were used by 37.3% of voters in the U.S. 1996 Presidential election. Optical Scanning SystemsAn optical scanning device combines specialized computer hardware and software. The hardware devices capture an image and software converts the image to computer-readable data.
Voters using machine-readable ballots are given a ballot card with the names of candidates printed on it. Next to each candidate a symbol is printed, such as a rectangle, circle or incomplete arrow. The voter indicates a choice for a candidate by filling in the appropriate rectangle or circle or by completing the arrow.
After voting, the voter may feed the card directly into a computer vote tabulating device at the polling place, or the voter may place the card in a ballot box, which is later transported to a central location for tabulation.
The computer tabulating device identifies the marks made by voters on the cards and records votes accordingly. The individual votes are recorded in a database and aggregated to give total results.
Marksense systems were used by 24.6% of registered voters in the U.S. 1996 Presidential election. Use of these systems in the U.S. is increasing as older lever and punchcard systems are replaced.
Most machine readable/optical scanning voting systems use OMR technology. OMR technology has been widely used since the 1970s for a variety of purposes, including school and university tests, censuses, surveys and lotteries, as well as for voting. It is also used in barcode readers, which are in widespread use in retailing, stock taking, libraries and schools.
OMR typically involves a scanner reading particular kinds of marks in a defined set of locations on a page. The computer software used by the OMR scanner is programmed to recognise the meaning of the various marks and to convert scanned images into computer-readable data using the location of those marks.
OMR systems are well suited to first-past-the-post and list electoral systems, where voters are asked to make simple choices when voting, easily represented by a simple mark. In more complex electoral systems, such as alternative voting systems and single transferable vote systems, where voters are asked to choose candidates by showing sequential preferences, it is more difficult to apply OMR technology. As a result, scanning technology has not been used widely for counting these kinds of ballots. However, the increasing accuracy of ICR may make it a viable technology for these kinds of ballots in the 2000s.
Apart from voting systems, there are other potential applications for OMR technology. In Australia, for example, OMR systems are used to scan electoral rolls marked in polling places to indicate the names of electors who have voted. This permits Australian electoral authorities to automate the enforcement of Australia's compulsory voting system, as well as identify any instances of multiple voting.
OMR barcode systems are also used extensively for mailing applications. Many postal authorities place barcodes on mail to automate the delivery process. Some countries have mail systems that allow users to print address barcodes on mail so that postal authorities can process the mail without having to print barcodes in their mail-rooms, thereby creating a discount for the user.
Electoral authorities are also making use of barcodes on mail. Since barcodes can identify both the name and address of the voter, they can be used by electoral authorities to process the mail when it is returned. This is particularly useful for postal ballots to automate the recording of voter names. These barcodes can also be used where addressed mail is returned “not known at this address” in order to capture those details for electoral roll update purposes.
OMR technology is very useful for and efficient at gathering relatively simple, pre-determined data. However, it is not very good at gathering complex, variable data, such as large amounts of text. OCR and ICR systems are more suited to this purpose.
Optical Character Recognition (OCR) scanning systems
OCR scanning systems take scanned images and use computer software to recognise the shapes of printed or handwritten characters such as numbers and letters and store them as computer-readable data. OCR is typically used to convert printed text into computer-readable text.
This capability has many potential applications in the electoral field. For example, in the early 1980s, the Australian Electoral Commission produced an extensive set of procedures manuals. Some years later, when the manuals were due to be revised, the original computer files containing the manuals were not able to be used by the Commission's upgraded computer software. Rather than retype the original manuals, OCR software was used to convert the printed manuals into computer files suitable for editing and revision.
Another important use of OCR is for data capture of information printed on forms. Rather than manually typing information contained on forms, OCR can be used to automatically convert information from forms into computer-readable data.
OCR works by “training” the scanning software to recognise particular shapes as letters and numbers. Since different print fonts are different shapes, OCR systems have to be trained to recognise that a particular letter or number can take several different forms. Given the regularity of printed fonts, this is a relatively straight forward process. OCR systems can also be trained to recognise hand writing. However, given the infinite variety in hand writing styles, this is a much more difficult task.
Early OCR systems had a relatively high error rate when converting printed text to computer-readable data, particularly hand written text. This required a high level of human intervention to proof-read and correct the converted data. As optical scanning hardware and software improved towards the end of the 1990s, the error rates dropped. However, the next generation of scanning systems, ICR systems, went even further in increasing scanning accuracy rates.
Intelligent Character Recognition (ICR) scanning systems
ICR takes OCR systems one step further by using computer software to apply intelligent logic tests to scanned characters so as to more reliably convert them into computer-readable data.
ICR systems apply rules of spelling, grammar and context to scanned text in order to make “intelligent” assessments as to the correct interpretation of the data. This enables much more accurate conversion of scanned text than does the more simple OCR system, particularly with handwriting.
ICR software requires fast, powerful computers to perform efficiently. Reliable ICR systems only became available in the mid to late 1990s with the development of cheap, powerful computer products.
As ICR systems become more reliable, their use for electoral applications will increase. They are particularly suitable for capturing data from forms. ICR systems are also being examined for their suitability to capture hand written numbers from ballots used for more complex electoral systems, such as alternative vote and single transferable vote systems. To date, automatic data capture systems have not been used for these electoral systems owing to the complexity of the task.
Imaging technology
In addition to capturing images for conversion into data, scanners can also capture images to be stored as computer-readable images. Photographs, drawings and images of text can be stored and reused in computer-readable form.
Computerised images have many electoral applications. Images can be included on websites and printed in publications. Staff photographs can be placed on an electoral authority's “Who we are” Internet page and in its Annual Report. Photographs of polling stations can include on websites and instruction manuals. Examples of completed forms can be scanned as images and printed in training manuals.
Paper-based forms can be imaged and stored in electronic form. Copies of the images can then be downloaded over a computer network without the need to access the original paper copies. The Australian Electoral Commission is currently engaged in imaging all of its millions of voter registration forms and placing them on a computer network accessible from any of its offices nationwide. This system will be used to check signatures or any other details included on the forms by accessing the imaged forms on demand.
Corporate logos can be stored electronically as images and printed on a range of corporate publications. Where an organization may once have used expensive pre-printed stationery containing the corporate logo, stationery can now be printed from the desktop with professional letterhead using blank paper, a colour printer and a digitized image of the logo.
Imaging technology can also be used for identity verification purposes. Photographs can be digitized and placed on identity cards. Images of finger prints or facial features can be digitized and stored on smart cards. Software identity systems can be used to compare the image of the person presenting a smart card with the image of the person encoded on the card to determine whether it is the same person. Direct Recording Electronically (DRE)The increasing sophistication of computer technology towards the end of the 1990s led to the most recent development in the evolution of voting systems: Direct Recording Electronic (DRE) systems. Use of DRE systems is expanding and in Belgium, Brasil, India and Venezuela most if not all voters use a DRE device to vote while in the United States and other coutries the percentage of voters using DRE devices to vote is increasing. Using DRE systems, voters mark their votes directly into an electronic device, using a touch screen, push buttons or a similar device. Where write-in ballots are permissible, an alphabetic keyboard is sometimes provided to allow voters to cast write-in votes. With DRE systems there is no need for paper ballots. Voting data is stored by the electronic device, on a computer hard disk or a portable diskette, CD-ROM or smartcard. For backup and verification purposes, some systems copy voting data onto more than one storage medium. For example, in Belgium, voting data is written both to a hard disk and to a smartcard issued to the voter. After voting, the voter places the used smartcard in a ballot box. The smartcard can be used as backup should the hard disk copy fail, or as a way of auditing the data recorded on the hard disk. When the polls close, the data from the various voting locations are amalgamated in a central computer, which calculates the vote totals. Data can be transmitted to the central computer either on removable portable devices such as diskettes, or by a computer network. Since the 1990s the telephone has also been used as a type of DRE voting system. Voters are able to record votes directly into computer systems using the key pads on their telephones, and to identify themselves with Personal Identity Numbers (PINs), by following a series of recorded instructions. The introduction of DRE voting options at locations away from polling places, like internet voting and telephone voting, raises the issue of identifying the voter remotely which has not yet been solved to security standards required by the need to ensure that the person voting is indeed a voter, that he can not vote more than once and that the vote is secret. Internet VotingThe explosion of the Internet and the World Wide Web in the late 1990s led many individuals both inside and outside of the electoral administrations field to speculate about the possibility of using this new public resource to improve the efficiency, effectiveness, and legitimacy of democratic elections. Following on this discussion, several studies and experiments were developed, in independent jurisdictions and with mixed results. The overwhelming consensus which emerged from these studies is that Internet Voting presents numerous risks which need to be properly addressed before widespread deployment can take place. Why Consider Internet Voting? The most obvious advantage of internet voting is convenience for the voter. Regardless of how well polling places are designed and distributed, there could be no more convenient place to vote than from the comfort of one's home. By making electoral participation as easy as logging in to a website, checking a few boxes on a form, and clicking the "Vote" button, it is likely that voter turnout, and hence the overall legitimacy of the results, may be improved significantly. It could also allow significant cost-savings in the deployment and operation of physical polling stations, if the "adoption rate" of internet voting is at a sufficient level. The counting and tabulating of electronic ballots is potentially much faster and easier than counting traditional paper-based or even optical-scan or punch-card ballots, which may represent significant cost savings as well. It is possible to distinguish three different forms of internet voting:
Security Implications of Remote Internet Voting The possible benefits of internet voting must be weighed against the risks to which this polling method is exposed. As has been emphasized elsewhere, but bears repeating, every election conducted by whatever means should comply faithfully with the same basic principles of secrecy and anonymity, fairness, accuracy, and transparency. Every polling system, whether it uses pencil and paper, punch cards, touch-screen (DRE), or any other method, must assure that voters are identified accurately and that their votes are counted accurately. In most cases this must be done without allowing any means to associate a particular vote with a particular voter. It is also essential that the citizenry have confidence in the results; in other words, that the system chosen not only comforms to these basic requirements, but that it does so in a manner that is clear and well understood by all participants. Every polling method should be as secret and anonymous, fair, accurate, and transparent as a well-managed paper-and-pencil balloting system: "Indeed, if perfect clerks would conduct an election using paper-ballots, this would provide the best model we have for a public election. Such an election would be, for example: anonymous (avoiding collusion, coercion), secret (all cast votes are unknown until the election ends) and yet correct (all votes are counted) and honest (no one can vote twice or change the vote of another), oftentimes also complete (all voters must either vote or justify absence). In such a system, if we know the voter (e.g., in voter registration) we cannot know the vote and if we know the vote (e.g., in tallying) we cannot know the voter. After an election, all votes and all voters are publicly known – but their connection is both unprovable and unknown." Any purely electronic voting system must take into account the necessity of safeguarding the accuracy of the vote count, in the absence of a physical representation of the ballot. For a complete discussion of this issue, see Direct Recording Electronic Systems . In addition to these concerns, Internet voting is subject to other potential risks due to the inherent insecurity of both the user's machine and the network connection by which it connects to the central server or tabulator. At the present time, over 90% of home computers use a version of the Microsoft Windows operating system. As this operating system was never intended for highly sensitive "mission critical" applications, its primary goal is to be as easy as possible for a novice or casual user to operate. As such, little effort has been made to "compartmentalize" the operating system to prevent "rogue" applications from performing unwanted actions or making unwanted changes to the overall operation and configuration of the computer. This fundamentally insecure environment, along with the widespread deployment of "macro languages" in applications like Word or Outlook, has provided a fertile breeding ground for many different forms of computer viruses, "worms", "spyware", or "trojan horse" applications. Despite the widespread use of firewalls and anti-virus software, it has been estimated that 20% of all personal computers are infected with some type of "malware" (see Your PC May Be Less Secure Than You Think ). In other words, there is no way at present for designers of internet voting systems to ensure that the voters' home computers have not been compromised in such a way as to call into question the reliability of the voting process. Securing the connection between the voter's home computer and the central server is also problematic, but in this area at least the correct use of public-key cryptography allows a degree of confidence in the integrity of this communication channel. Specifically, the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols used by web browsers and servers to create secure channels for e-commerce and internet banking, for example, were designed to prevent the so-called "man in the middle" attack whereby a network transmission is hijacked by an attacker who has managed to control the channel through which the two end-points of the transaction communicate with one another. SSL uses signed encryption keys which have been verified by a trusted "Certificate Authority" to make it impossible for such an attacker to modify the contents of this communication, without revealing that the attack has taken place. Unfortunately, even if this technology is used correctly, it is still vulnerable to other types of attack, which may be characterised as either "denial of service" attacks or "spoofing" attacks. A denial of service attack is said to take place when the attacker, even if unable to alter or interfere with the substance of a communication, is able to prevent the communication from taking place, typically by overloading one or the other endpoint of the communication. A spoofing attack is said to occur when one of the communicating parties is tricked into opening a secure connection to a site controlled by an attacker. A variety of spoofing attack, popularly known as "phishing", has become extremely widespread in recent years, typically involving an email containing an obfuscated link to a site which has been created to perfectly mimic a particular target website (eg. that of a financial institution,) along with an urgent request to "re-enter" sensitive personal information (credit card numbers, passwords, etc.) This is related to a more general form of attack commonly referred to as "social engineering"; that is, bypassing technical security measures by targetting the users of the system, who often have a poor understanding of these security measures. For an informed discussion of the false sense of security created by the widespread deployment of SSL/TLS, see The Maginot Web . Despite the widespread deployment and use of the internet for banking and other sensitive transactions, it must be emphasised that guaranteeing the security of voting via the internet is a fundamentally more difficult problem, for two important reasons. First, unlike financial transactions, in most constituencies no connection may be made between the voter and his or her vote; record-keeping and auditing capabilities which are standard in the financial world are therefore not applicable to online polling systems. Secondly, discovery of anomolies or errors in the transmission or recording of votes cannot feasibly result in a correction of these results after the fact. At best, such discovery can only result in the invalidation of any votes so affected; at worst, in the invalidation of the election itself. Needless to say such an outcome could have disastrous effects in terms of public confidence in the legitimacy of the entire process. For a more complete discussion of the security implications of Internet voting in general, see Security Considerations for Remote Electronic Voting over the Internet by Dr. Avi Rubin of Johns Hopkins University. Real-world Deployment of Internet Voting The State of Geneva in Switzerland is perhaps the first constituency in the world to deploy internet voting in any widespread fashion. Beginning in 2003 citizens of Geneva have had the option to cast their ballots online. The motivations behind this deployment, as well as the strategies for overcoming the sorts of security issues outlined above, relate at least partly to circumstances particular to Geneva, which may reduce the applicability of this experiment to other constituencies. Geneva differs significantly from many localities in that citizens are asked to vote much more frequently, typically 4 to 6 times per year rather than once every 2 or more years, as is the norm elsewhere, due to a "direct democracy" system in which any parliamentary vote may be subject to ratification or refusal by the citizenry. As a consequence of this, electoral authorities in Geneva are under greater pressure than their counterparts elsewhere to make the voting process as simple and convenient as possible. In response to this pressure, in 1995 election officials in Geneva implemented a remote voting system based on postal voting, which quickly became the most popular method of voting, and which is credited with increasing voter turnout by 20%. Accepting the viability of postal voting has the effect of "lowering the bar" somewhat in terms of the security and public acceptance issues facing other forms of remote voting; any new system would only need to achieve the same level of security and acceptance as postal voting. For example, registered voters in Geneva already receive voting cards by mail which contains information allowing them to cast their ballots by return post. Internet voting is simply seen as an extension of this well-established service; as such, system designers have simply not addressed potential problems such as vote-buying or coercion by any technical security measures whatsoever, relying instead on socio-cultural norms and legal mechanisms to provide protection against this possibility. For an overview of Geneva's experiences with internet voting, see the State of Geneva's E-Voting web site ; for a detailed account of security risks and countermeasures considered by the implementors of Geneva's internet voting system, see Addressing the Secure Platform Problem for Remote Internet Voting in Geneva . Another significant experiment in internet voting, with a more negative outcome, was conducted by the U.S. Military for use by overseas active-duty military personnel. An initial pilot project was conducted during the general election in November 2000 in which a mere 84 military voters participated, despite a cost of 6.2 million dollars, and which was widely considered to have failed to address key security issues. (See Internet Voting Project Cost Pentagon $73,809 Per Vote ) Despite these misgivings, the project was further developed, under the administration of the Federal Voting Assistance Program (FVAP), as the Secure Electronic Registration and Voting Experiment (SERVE), for broader deployment in the general election of November 2004. In advance of this planned deployment, a group of computer security experts produced a detailed study of the system, which concluded that "The real barrier to success is not a lack of vision, skill, resources, or dedication; it is the fact that, given the current Internet and PC security technology, and the goal of a secure, all-electronic remote voting system, the FVAP has taken on an essentially impossible task. There really is no good way to build such a voting system without a radical change in overall architecture of the Internet and the PC, or some unforeseen security breakthrough. The SERVE project is thus too far ahead of its time, and should not be reconsidered until there is a much improved security infrastructure to build upon." In the aftermath of this report, in February 2004 U.S. Defence Secretary Paul Wolfowitz accounced the cancellation the project, citing these unresolved security issues as the primary reason. (See Pentagon halts Internet voting system ) Conclusions While it is likely, perhaps even inevitable, that voting via the internet will one day become commonplace, for reasons outlined above it is clear that designers and implementors of internet voting systems face major difficulties which must be overcome before it will be suitable for broad deployment. The most important consideration is the degree to which many crucial elements of any internet voting scheme are completely outside the control of election authorities, with the result that it will be difficult to have any degree of confidence in such voting systems until the architecture of both the personal computer and the internet itself have evolved to a state far beyond that which is currently in place. Dr. David Jefferson of Lawrence Livermore National Laboratories in Berkeley California, one of the authors of the SERVE Report, has stated that "Internet voting systems are vulnerable to denial of service attacks, spoofing attacks, malicious code attacks, spyware attacks, remote management attacks, and automated vote selling schemes. These attacks are powerful enough compromise large numbers of votes, either disenfranchizing voters, spying on their votes, changing their votes, or buying votes. These attacks can often succeed, possibly changing the results of an election, and yet go completely undetected. And they can be launched by anyone in the world, from a disturbed teenager to a foreign government. These vulnerabilities are quite fundamental. They cannot be designed around or fixed with the current generation of PC hardware and software and the current Internet protocols. Until such time as the security architectures of the Internet and the PC have been completely redesigned and the new designs widely deployed, which is probably at least a decade away, Internet voting in public elections must remain out of the question." And according to American computer security and cryptography expert Bruce Schneier, referring specifically to the American context, "Building a secure Internet-based voting system is a very hard problem, harder than all the other computer security problems we've attempted and failed at. I believe that the risks to democracy are too great to attempt it." Acciones de Documento |