As Americans prepare to elect a president next month, most of them can be confident in one thing: Each vote, whether cast by pulling a lever or checking a box or touching a computer screen, will be veiled in complete anonymity. For the most part, no one but the individual voter will ever know whether his or her vote went to President Bush, Sen. Kerry, Ralph Nader, or the family dog.
To computer scientist and Radcliffe Institute fellow Rebecca Mercuri, holding such anonymity sacrosanct – a concept she wholeheartedly embraces – sets the nation’s discussion about voting technology on the horns of a dilemma. That’s because Mercuri is also an outspoken advocate of audit ability and accountability in voting: As the Florida recount showed the nation four years ago, the ability to double-check voter and machine accuracy is essential to the democratic process.
Between anonymity and accountability lies the rub.
“In voting for political offices, we have this understanding that the vote is to be anonymous,” says Mercuri. “We don’t have any way in computing right now, and maybe for the theoretical long term, to have full anonymity and full audit ability simultaneously in a fully computerized system. In fact, all the things we do to do audit ability require a lack of anonymity.”
That’s why this esteemed computer professional has become a sought-after and outspoken opponent of electronic voting that leaves no paper trail. In the upcoming election, however, 30 percent of American voters will cast votes electronically with no paper backup.
The long shadow of Florida 2000
Mercuri gave her first consultation on electronic voting in 1989, more than a decade before Florida’s recount and years before she became an expert in the field. Just starting her Ph.D. at the University of Pennsylvania, she was an elected committeewoman in Bucks County. At the time, the county was considering purchasing new electronic voting machines.
“I had this gut reaction that this is not a good thing,” says Mercuri, who had been working in real-time interactive systems found in consumer electronics like videodisc players. She said her piece (the county commissioners listened, and Bucks County still has not yielded to electronic voting) then started to investigate that gut feeling, producing a dissertation – “Electronic Vote Tabulation: Checks and Balances” – just 11 days before the 2000 presidential election.
While that election, with its now-infamous hanging chads and butterfly ballots, brought the unreliability of voting technology to the fore, Mercuri asserts that it wasn’t the first and won’t be the last time voting machines fail us.
She cites a recent election in California, which has a mandatory recount law that found discrepancies with optically scanned ballots. It turns out that the optical scanners weren’t calibrated to detect ink from gel pens and were reading those ballots as blank, while recounting the ballots produced a different total. In the 2002 primary election in Florida, which replaced its maligned punch-card machines with either electronic or optical scanning systems, optical scanners in one county read every ballot as Republican, even though a recount turned up different – and more accurate – results.
And in Tampa last month, several hundred voters cast votes on a touch-screen machine that was set up in the “test” mode. What distinguishes this malfunction from the other two, says Mercuri, is that optical scanning produces a paper trail, while the electronic “test” votes can only be recounted by the same computer that failed them the first time.
While voting technology experts generally agree that optical scanning is the best currently available system for voting, Mercuri points to another industry for a technology that marries the speed and convenience of computers with the transparency and accountability of paper. Buying a ticket to a major rock concert through an online ticket dealer now lets the music fan print out his or her own bar-coded ticket. Sure, one could print out 20 tickets, but only one ticket, when scanned at the concert hall, will let the bearer in. And the ticket, while accountable, is completely anonymous: there’s no way to tell who purchased it.
“It’s highly reliable and it’s all done very openly,” Mercuri says, noting that lottery tickets employ similar technology. “If we can do this for 30,000 people at a rock concert, we can certainly do this for voting. I think you could zap an entire precinct’s votes in an hour to two hours.”
Trust, transparency, democracy
Mercuri supports her strong views on electronic voting with solid and impressive credentials in computing. The founder of Notable Software, a consulting firm specializing in computer security issues, she’s spending her year at Radcliffe researching methods of counterbalancing transparency and trust in computational systems.
Because of a lack of transparency in proprietary software and systems, such as Microsoft’s, or even open-source software like Linux, users cannot trust that their systems are safe from viruses or even from the collection of information they may not want distributed.
“In your computational world, you want to be in a world where you feel safe, but you also want to be in a world where you know what’s going on,” Mercuri says. “What information are they collecting about me? How can I trust that what they say they’re taking is only what they’re taking, and that’s all they’re using it for? How much transparency do I need?”
Transparency and trust are principles that guide the electronic voting issue, too, but at its core, says Mercuri, electronic voting is more about democracy than technology.
“Having to recount elections is part of democracy. We want to improve the recount process so that it’s more transparent and so that it’s more uniform,” she says. “I feel that one of the reasons we’re losing voters … is the fact that the transparency of the process is going away. People don’t trust it. By making the process more expedient and obscuring the process, I think that we’re running the risk of causing people to feel that they don’t matter in the process.”