Security Vulnerabilities and Problems with VVPT

Working Paper No.: 
16
Date Published: 
11/30/2008
Author(s): 
Jonathan Goler
MIT
Ted Selker

A proposed Voter Verifiable Paper Trail (VVPT) includes a printed ballot as a receipt that a voter can view to verify their vote before leaving an electronic voting machine. This method is also supposed to insure the accuracy of the recorded vote by allowing the tally to be checked later by counting the collected receipts.

This paper considers problems with ergonomics, logistics, security, fraud, and mechanical fragility with using VVPT. Ergonomic problems are introduced by the receipt having a different layout than the ballot, difficulty remembering previous selections to make the verification, by the extra step it introduces after making selections and by it not working well for sightless people. Logistics problems include difficulties in collecting and organizing the receipts, transporting them, and reading and reconciling them with electronic tallies. Security issues include the possibility that receipts can be systematically misprinted in a way that cannot be detected and that hand counting will not easily detect fraud. Mechanical problems include printer breakdowns and supplies running out. VVPTs could add problems by being questioned in various ways or though the development of computer programs that defraud the VVPT systematically. VVPTs do not address existing sources of disenfranchisement such as registration problems, equipment and ballot problems, and polling place problems.

Experiments and elections have yet to establish that people can in fact verify their ballots using a paper receipt. Effective approaches for accurately counting the paper receipts for auditing purposes have not been established either.

Proving that an election correctly records and transmits the intention of the voter is worthwhile. Computers are the first technology that can easily report voting results in multiple formats. Simple systems-verification solutions are possible. Parallel voting and time shifted testing require no extra equipment. Voter Verified Audio Transcripts would simplify voting and improve audit security by presenting verification as feedback during the selection process rather than post hoc auditing.

AttachmentSize
vtp_wp16.pdf57.22 KB