Q&A: E-voting issues still there

Spafford: There's something that I think has been overlooked by a lot of people who work in this realm. The average voter does not have the technological sophistication to have confidence that the mechanism preserves their anonymity and their vote. Some of the methods that involve cryptography, for instance, while scientifically very sound, would be used by people who don't understand the mathematics behind it and are mistrustful of the idea that they would have to take someone's word that it works.

The method of having a paper record is a technology people can immediately grasp and understand. That's really important. We want not only to protect the vote, but we want people to feel comfortable that their vote matters.

Anything that we do to make the system more complex or difficult to understand disenfranchises some people.

IDGNS: Some e-voting security critics have pointed to some major flaws, such having e-voting machines networked with each other. In your view, why did that happen?

Spafford: You have to look at systemwide problems with fault tree analysis. It's not an area where there's a lot of expertise. Certainly, the companies involved followed the existing regulations. It's hard to lay 100 percent of the blame on vendors.

It was a situation where states were required to go out and spend a lot of money in a short period of time without necessarily appropriate guidance. These companies responded, and they did, in large part, provide equipment that met the existing guidelines, which may not have addressed the potential problem.

IDGNS: Do you think the debate on e-voting has turned a corner with the TGDC vote?

Spafford: Not yet. The reason is that the issue is still not well understood by a number of local officials. Some of us in the community perhaps have not done the best job in describing the issue. We're worried about the security aspects, but we're also worried about reliability. For instance, what has happened in the Florida race is probably not a security breach. It's probably poor design or machine failure.

But we have no way of knowing what the voter intent was because there was no independent audit trail.

One of the ways we can capture attention is talk about security failures. The people at local elections level, when we have raised these arguments, have taken a sort of personal umbrage. First, we're calling into question their judgment for buying the machines in the first place, and second, we're implying that their procedures are faulty or the people involved are dishonest.

That isn't going to enlist their support in moving to better systems. We need to convey to them that it's in the interest of the population to have greater confidence in elections.