It seems so simple. Point, click and pick a candidate. We bank, shop and pay our bills online, so why not vote too? But a little more than a year after the Pentagon launched its Secure Electronic Registration and Voting Experiment (Serve) for US citizens based overseas to vote via the internet, it has shelved it - for the time being at least - because it cannot guarantee "the legitimacy of votes". There are now no major internet voting systems scheduled for use in the foreseeable future and there is debate as to whether internet voting is possible at all.
Serve is a pioneer. It was designed to handle up to 100,000 votes this year and cost $22m (£12m). Voters using the system would enrol and then vote in advance of the election date in a similar way to postal voting. That was until it was slated by four academics from the Security Peer Review Group (SPRG) who had been selected to evaluate the project. At the end of January, they released a report criticising not just the project but the whole notion of internet voting. "We recommend the shutting down of Serve", the report concluded, "and not attempting anything like it in the future until both the internet and the world's home computer infrastructure have been fundamentally redesigned." Within days of reading the report, Paul Wolfowitz, the US Deputy Secretary of Defense, put things on hold.
So why, in a world where we can secure billion-pound transactions over the internet, is e-voting proving a tougher nut to crack? "It is technologically a different problem," says the e-voting expert Jason Kitcat, of Sussex University. "When you complete a financial transaction you give away personal information and this is used to check your identity. Voting needs to be anonymous. But at the same time, society needs to be sure that each eligible voter is able to vote once only."
Jason Kitcat should know. He spent three years trying to develop a GNU open-source e-voting system. But he gradually came to the conclusion that it isn't possible and abandoned it. "You can never have 100 per cent confidence in technology," he says, "but you need to have a reasonable level of risk managed and I don't think that is possible with the technology we have today."
Not everyone shares this view. The Pentagon awarded the contract to build Serve to Accenture. Meg McGlaughlin is the president of E-Democracy Services there and says that e-voting is possible. "There are ways, using appropriate encryption, to hold the ballot separate from the voter's identity so you cannot identify who the voter is," she says. She also points out that postal voting is unreliable and subject to tampering; e-voting systems can be at least as secure as the current system.
But Accenture is swimming against the tide. Since George Bush signed the Help America Vote Act in 2002, Americans have seen a host of new technology introduced in their polling stations. And some well-publicised incidents where things didn't run smoothly have fuelled a growing distrust in systems that aren't completely transparent.
In November, for example, Rita Thompson ran as the Republican candidate at the School Board Elections in Fairfax County, Virginia. The Board of Elections had installed Direct Recording Election (DRE) machines in polling stations and voters were using a touch screen to select their candidate for the first time. But the machines didn't appear to be playing fair. "On the day of the election," says Thompson, "people whom I didn't know started calling me up and telling me that either my name wasn't on the ballot, or they would touch it and my name would disappear before they could do the final vote." Rita Thompson lost by 1.5 per cent.
This sounds sinister and, if true, Advanced Voting Solutions and their WinVote machines would be in big trouble. But Margaret K Luca, the secretary of the Fairfax Board of Elections, claims that the machines weren't biased. "They are the most accurate machines we've ever had," she says robustly. "They work exactly as advertised and I resent that I am never given a level playing field to put my case."
So what happened in November? "The screen is very sensitive. It has to be that way so that even a disabled person could vote using a stylus. You have to touch the screen very lightly: if you press it too hard you can send a mixed message." It seems that some voters may have been turning their own vote on and then off again.
And there was another problem. Some of the machines appeared to freeze and cease registering votes during the day. The reason? "They had been stacked on top of each other in the warehouse," says Luca, "and there was the ability for this to cause the case of the machine to touch the screen. We took all complaints very seriously and there is no longer the ability for this to happen."
This sounds like a classic example of technology working fine in a test environment but not doing its job so well in the real world. Whether it had an effect on the result will never be known. But the trust of the electorate has been undermined and this risks reducing turnout next time. Election machines don't just have to be accurate, they have to be seen to be accurate.
David Dill, of the Verified Voting campaign, has been saying this for some time. He wants a two-part solution to increase trust in voting machines. First, he wants all source code to be open to inspection. This is currently the case in Australia, but in the US some companies regard their source code as a trade secret and refuse to publish it. Second, he wants polling station machines to print a receipt that the voter can check for each vote they cast. If correct, the receipt would then go into a ballot box and if there is any dispute, the ballots could be counted manually.
Dill's campaign has received massive support and several states have proposed legislation to make such systems compulsory. But there is also a chance that this could be implemented at federal level. Dill has engaged the interest of Congressman Rush Holt and a bill is currently before the House of Representatives that may be law before the Presidential election on 4 November.
It is clear that whatever controversies DRE machines generate, they are likely to be tiny compared with a full remote internet voting system. With internet voting come the problems of hackers, denial of service, vote selling, lack of privacy and more. Accenture argues that all these problems are present in the current system and that their system is workable because it is limited to a discrete set of users. But there remains a loud majority who don't believe internet voting is possible at all.
Accenture claims that Serve is proof that e-voting is technically possible right now. But even if it is, whether it is politically possible remains to be seen.Reuse content