I read the article and the vendor's web page on the ExpressVoteXL. I don't see anything about a network. #infosec
Also, I don't understand your objection to touch screens. If touch screens are easier for those with disabilities to use (and certainly this system seems to offer support for a wide variety of accessibility devices), how is that a bad thing? It seems to me like it expands access to the ballot box beyond those with good eyesight and the dexterity and strength to use a pencil, which seems unnecessarily restrictive. #democracy
I don't know that this technology is the best, nor what other challenges it might have, but I don't understand these objections. That doesn't create an obligation in you to explain in more detail, but you (and others) are welcome to do so if you choose.
There is still no mention of a network in either the article or the product description, so I'm still not sure where your references to networking come from. I generally agree that having voting machines on a network isn't a good plan, so I'm not arguing in principle, just that your objections to this device don't seem to be based on this device.
For this machine, per the product web page, it actually prints a paper description of the voted ballot in human read-able form that is held behind a pane of glass (so the voter can check it for correctness, but cannot damage or manipulate it directly), so it is apparently auditable.
In what ways does that fail to address your "all digital" concern with this device?
@kissake @digibrarian An auditable paper trail is an improvement... but still less reliable than I'd prefer.
If the votes are counted from the paper, that means the voter checked to make sure it was right, and what the voter checked got counted. If the system is tabulating votes and the paper trail is just there in case of an audit, that's only useful when there's an audit. There isn't always an audit.
Using the computer-tabulated results would be fine for early look numbers in all the horse race news coverage, etc, but official counts should always be made using human-reviewed, non-digital artifacts.
I hear your concerns, but I feel like you're moving the goalposts and are a little more attached to your objection to this piece of hardware than you are to improving voting.
1) You expressed concern about 2 things that don't apply to this device (a network that doesn't exist and a lack of a paper trail that instead does exist).
2) You haven't acknowledged that those original concerns are unfounded, or alternatively meaningfully challenged my assertions, and also
3) You are raising new concerns (that are also poorly founded, see below).
I feel like this should be my last contribution to this conversation until you show that you're taking my responses seriously.
My response to your concern about the paper trail only being checked in an audit is that A) audits are done all the time [examples: https://elections.maryland.gov/voting_system/ballot_audit_plan_manual.html and https://www.vote.nyc/page/canvass-information-and-absentee-ballot ], and B) it doesn't take much auditing to detect systematic flaws and attacks sufficient to change an election.
For A, the first two states I picked to do a quick search for how votes are counted clearly show that voting machines are picked randomly to be audited. An audit happens every time for those states, one of which is the state this machine is proposed for.
"But what if that machine wasn't the one that was compromised?!" you say? If you're trying to change the election, you need to _both_ have enough vote changes that the result changed, _AND_ a low enough chance of that fact being discovered that there is no hand recount from the audit data.
Combine the fact that elections that are close often require a hand recount automatically with the above random sampling audits, and hopefully you'll either agree that a hand recount of every vote isn't needed, or propose an attack or flaw that is outcome determining AND has a very low risk of being detected.
If you want to advocate for change, how about advocating for risk-limiting audits: [ https://www.stat.berkeley.edu/~stark/Preprints/RLAwhitepaper12.pdf ] instead of the fixed sample sizes?
To be clear, I'm not the world's biggest advocate of using computers in voting. I trust computers about as far as I can see their electrons (not very far).
However, I think it is important to acknowledge when someone actually implements a voting system that checks the important boxes, just like you need to stop boycotting a business when they've met your demands.
@kissake @digibrarian the very reasonable concern with any form of digital voting is that an individual voter cannot be sure that what they selected is what got counted. Add a network, and you introduce any number of potential integrity-violating attack vectors even if the machine gets it right.
In short - an all digital voting system is too susceptible to deliberate or accidental misconfiguration to be used for something as important as decisions about government.
If the touch screen also printed out a paper copy that each voter could check for correctness, and the paper is what was actually counted, things would be quite a bit more secure. It would also be auditable. Certain jurisdictions and voting machine vendors have been opposed to paper trails, though, for no rational reason.