Monday, August 8, 2011

Worrying news from Scotland

This is a story that wasn't exactly high profile but is worrying.

Scotland is trialing a new electronic vote counting system for local elections. On the face of it this might sound sensible speeding up counts by moving to a centralised electronic system at 32 centres across the country.

Of course even with the best will in the world it isn't as simple as that.

I start from the premise that elections are very important.  It is also important that every candidate is able to track the progress of the count and be satisifed that it is fair.  This is the strength of manual counting, you can watch each step and challenge the mistakes that inevitably occur and overall if everyone (including observers) does their job we can be fairly confident of the result.

The issue with electronic counting is it removes the ability of those at the count to challenge and check.

One nice feature about hand counts is you can see the stacks. This is clear in single member FPTP, but even in a STV elections you can see the stacks as they are broken and resorted.  You can get a feel that the result is correct.

If this is done electronically then you have to trust the software and hardware.  There are two key reasons not to do this with the software:
  1. Malice
  2. Incompetence
To get round allegations of both the code and tool chain would need to be open to scrutiny as widely as possible.  Certainly every political party must have access to the code.  But even this is not enough, if you don't believe me have a look at the results of the "obfuscated v" competition. If you know C have a look at one of the entries, and explain why it adds votes for Kerry and Nader to Bush's total  on November 2nd but not on November 1st! Also explain why it works differently on different operating systems. Even ignoring the possibility of malice, bad coding is not unknown to result in bugs that could do similar things. (Many of the entries in the contest use buffer overruns, the same sort of bug that is behind most web site hacks -- not an uncommon event.)

The code itself is also not enough as other entries show: you can use the build process to change source files, and this can also be hard to spot in a large enough software project.

Finally will the system be secure enough to withstand a malicious agent. I presume an air gap will be mean you have to be at the count (but that may not be certain), but how secure will the system be to someone trying to break into it?

A secondary, but also important issues is access to the count.  I don't know if the 32 locations will be a reduction in the number of locations, but if it is then it needs to be handled carefully.  Whilst Scotland and England have very different populations, and so more travel is inevitable than would be usual in England it has to be possible for candidates and activisits to get to the count.  They also need to be able to cope with the number of observers needed for reasonable scrutiny. If this change reduces the number of scrutineers it is undesirable for a robust democratic process.

Elections are too important for this.

(As an aside, clearly the big news story at the moment is the London riots, but I think letting the dust settle is the best idea at the moment.)

3 comments:

  1. Interesting points, although I can't claim to understand the code.

    The justification for this seems to be mainly the logistics of sorting out surpluses to redistribute fractions of votes. In student days, I remember these sometimes used to be skipped over (to see if a later stage was close) when very small surpluses were concerned - but that kind of discretion could cause concerns too.

    A real problem with STV seems to be that the count clearly needs to be transparent and comprehensible to people who want to make the effort - but ordinary voters don't really need to obsess about the idea of why the maths of the count look a bit bizarre in places. [Opponents of electoral reform, as we know, would like them to.]

    I don't know if there's a solution here. It's progress that they are at least testing the system this time in some way - something which was not done on a meaningful scale at all in 2007. Hopefully lessons (even mundane things like what writing implement to use!) will be passed on to the right people, including presiding officers at polling stations.

    It clearly wouldn't be 100% fail-safe, but perhaps manually counting a sample of wards or polling districts to check against the machine counts would be a possible improvement.

    Generally, I suspect people have lost sight a little of the differences with 2007 which will help. Many of the problems were ultimately caused by the flawed design of the Holyrood ballot paper used on that occasion - an alarming volume of which actually were spoiled wholly or on one side. Assuming counts happen on Friday, everyone should be fresh - having not been up until 6am the preceding morning trying to sort out the Scottish Parliament.

    ReplyDelete
  2. This is pretty worrying.

    http://www.youtube.com/watch?v=YcxGGnmRQAs&feature=player_embedded

    ReplyDelete
  3. That is it. I am now so ****ed off with blogger I'm going to move. It just lost my attempt to reply to these comments saying I don't have permission to comment on my blog! You what?

    *ahem*

    Thanks for the comments.

    Anon: I agree that it is very good that many lessons have been learned. Testing is welcome, as an ex-softie I know how important testing is and how often it is squeezed. I hope the other lessons you mention are learned.

    I hadn't thought of validating a few (non-predetermined) wards/seats/districts by hand counting, and you are right this would reduce the risk.

    I just don't see why we can't have hand counts. They may not be massively fast but Ireland is a similar population to Scotland (googling says 4.5m against 5m) and hand counts.

    Liberaleye: thanks for posting that video. It is revealing.

    It often seems that US election voting or counting machines are designed to encourage conspiracy theories, and reduce confidence. Thats a lesson we need to take on board if we want to be silly and introduce counting machines.

    Mind you US elections don't need technology to make them dodgy, remember Mayor Daly allegedly delivering enough votes in Chicago to win Illinois for Kennedy, and the clean up of the Florida electoral roll when Dubya first one is questionable...

    ReplyDelete