In a democracy, the ballot box is the sword and its people the wielder.

Ballots should be fine parchment and gold lettering.

With regards to point 3, perhaps I should have been more clear, the pilots so far have shown that e-voting doesn’t deliver the benefits (increased turnout, decreased costs) that it is claimed to provide. The risks are still unclear as proper security evaluation and monitoring was not done, or not publicly revealed to have been done which is as good as not doing it from a public trust perspective.

Personally I would be interested to see how any e-voting system works. However what the aims would be for you and for ORG of any such examination would need to be discussed.

1. The point about security protections is well made, and is an example of where the existing EML standards need to be refined to promote common protection systems. How is a record in a database different to a paper ballot by the way? If a system can be shown to record intent correctly then they’re equal surely? (don’t say no-ones proved the systems yet, we’re not talking about that, assume the system is proved).

2. Saw that footnote eventually, bit like hiding the plans to the bypass in a locked filing cabinet in a toilet hmm? As I’ve said before you might not like the current law, but the current law is the current law, and all elections must be conducted within it. Just out of curiosity what aspect of conducting an operation over the Internet breaks anonymity? If there is no association between credentials and person, and no association between ballot and IP host what’s the connection? And I want a specific here, not “well there’s identity theft online”, which is too vague.

3. Contradicition there, you assert that because we’ve run lots of eVoting pilots we know the risks, but the original point was that we don’t know the risks. Surely if we know the risks we can mitigate them? And that’s what the pilots are meant to do, promote development of eVoting systems to mitigate these risks. I wasn’t trying to make you appear luddite with the Wright brothers example, just to indicate that not knowing all the risks up front isn’t a case for not doing something. The Wright brothers had no idea of the potential impact of their work, nor the risks, so an overall balance couldn’t have been made.

Thanks for your comments.

1. While the EML standard in theory would allow ballots to be shifted to another e-voting system for a recount, in practice this hasn’t been done for any live elections ever. Additionally such a transfer would most likely break the security protections of whichever system the ballots were leaving. Furthermore, a meaningful recount is one which re-examines the voter intent, not the records of a system acting on voters’ behalf.

2. You may have missed a bit in our briefing paper: page 3, para 7, endnote 4 “Due to a historical anomaly brought over from an early version of the Australian Ballot, the British vote is not completely anonymous…” and so on. In most circumstances the British ballot is practically anonymous, however I do object to the current state of affairs which breach our own Human Rights Act and international treaty commitments. Why I say “votes must be anonymous” I mean it - it is not false - the United Nations and Council of Europe agree that a free and fair election must have the secret ballot. So under international treaties (to which the UK is a signatory) indeed votes must be anonymous.

3. We’ve been doing pilots since 2000, e-voting has been tried and used elsewhere with many problems reported. We’ve had a chance to trial this stuff and it’s found to be seriously wanting. Why keep coming back for more and spending piles of tax-payer money? Equating e-voting to the Wright brothers’ desire to fly is a little bit unbalanced I’d say. We’re not opposing electricity or printing presses here, were are against a specific implementation of technology in our electoral process.

“When you vote by computer, the computer is voting by proxy for you, you don’t know how it voted, it is not a pen and paper.”

You might want to check out the pre-encrypted ballot system. Various mechanisms exist for a voting system that takes a meaningless (without a physical key) n-digit number as your vote and allows the verification of voting servers through a response code tied to this (the number you enter is referred to as a PCIN). There’s more detail on this on my blog @ here , here and here.

Basically you can make it virtually (as far as possible in any system> impossible for a man-in-the-middle attacker or client-side virus or trojan to either inspect or influence a vote.

Me again, you thought I’d gone away for the winter huh?

Nice argument : “It will always give you the same numbers no matter how many times you click recount, so it’s not meaningful.” Would you rather that the computer “spat” out a different number each time? The argument around this doesn’t seem to make much sense… you have a set of data (paper ballots, db records), you perform a count operation of these records (manually, algorithmically), you get a result. How do the two differ? Given the EML standards that are available one system can give the ballots to a different count system which accounts for your different set of tellers example. Where’s the problem?

“Voting is a uniquely difficult problem for computer science because votes must be anonymous” - Come on Jason, you know this statement is completely false (as another respondent above has pointed out), so why persist in repeating it? Why is it in the briefing pack you’ve produced? It’s a complete myth! Lying to the public about current electoral law will only weaken your position my friend.

“The opportunities for fraud and failure with paper ballots are well known, containable and hence manageable. There is nothing false or FUD-like in saying that e-voting changes the level of risks or number of opportunities for fraud, it’s a true statement.” - Surely that’s why we’re conducting pilots rather than jumping feet first into deploying e-voting systems for general elections? To assert that something should not be done because the risks associated are unknown (which isn’t completely true, you can make a very reasonable guess at attack vectors and mitigate in the initial stages of any system design) isn’t very progressive. What if the Wright brothers had decided that building an aeroplane wasn’t a good idea because they didn’t know the exact risks associated with it?

Anyway I’ll leave it there for the time being. Interesting to speak with you again.

When you vote by computer, the computer is voting by proxy for you, you don’t know how it voted, it is not a pen and paper.

I don’t want my computer voting for the Russian mafia candidate just because they write the best virus software. If 2 million people don’t know their computers are running a root kit, then they have no way of knowing if that root kit changes the vote they are making.

eVoting is a bad solution in search of a problem.

On the specifics of the next local elections.

1. I am pleased to see that the need for signatures to obtain the ballot paper at polling stations has been got rid of. They were trialled at the last local election. I asked the people manning the station how they knew that the signature was valid as they had nothing to compare it against. They didn’t know, all they knew it was the rules from on high.

2. Electronic counting of paper votes. Well this could obviously work (recounts would have to be manual). However counting votes doesn’t take a massive amount of time and is generally agreed to not have significant problems. So this seems to be a solution in search of a problem. It certainly wouldn’t be much cheaper as you would have to have people on hand in case the result is tight and you need a full recount. Also at least one person would be needed to examine rejected ballots and see if the voter’s intention is clearly indicated but machine-unreadable.

3. Additional central polling stations outside of local wards. This seems to be the least controversial of the proposals (at least if using traditional methods).