by Mary Howe Kiraly
Let’s give ourselves a round of applause. Now we must get back to work because the task at hand is complicated; but we are up to the task.
Because the controversial Elections Assistance Commission, created by HAVA, and tasked with developing the guidelines that govern the use of computerized voting technology, has posted the new Voluntary Voting System Guidelines (VVSG) on its website (www.eac.gov.) for public comments. And we need to comment if we live in a jurisdiction that continues to use touch screen technology to “capture” the vote because the privacy of our votes is now at stake.
Fortunately, a colleague who is savvier than I about the committees of the EAC, has provided us with the following information. If you go to the EAC website (www.eac.gov) and click on “TGDC Recommended Guidelines” you will be taken to a page where you can access the chapters of this report. There are two Sections in the EAC draft document that cover Secrecy of the Ballot In Part 1 (Equipment Requirements): Chapter 3, Section 3.2.3 and Chapter 7, Section 18.104.22.168-A.3. Secrecy of the ballot has become a pressing issue in states that use touch screen voting units because programmed “smart cards,” memory cards such as Voter Access Cards in Maryland, are used to activate the ballot and begin the voting process.
Most of the requirements in VVSG should be strongly supported because they restrict the information being exchanged between the registration system and the voting machine through the activation cards. However, one draft requirement is dangerous and should be changed: Requirement 22.214.171.124-A.3 “Ballot activation for provisional voting permits identification of voter,” which states that “Credential issuance, when used during provisional voting, may permit the voter’s name to be associated with the voter’s ballot for the purpose of deciding whether to count the ballot.” Further, it states:
“For provisional voting, the voter’s identity is associated with the voter’s ballot so as to permit a subsequent decision whether to count the ballot. As an example, the activation device may create an identifier and associate it with the provisional voter’s identity, and then include this identifier with other information necessary to activate the ballot. The vote-capture device may store this identifier with the ballot so as to trace the ballot back to the voter’s identity for the purposes of deciding whether to count the ballot. The identifier must not itself identify the voter. For example, it must not include the voter’s identity or other information associated with the voter such as an SSN or other identifying information.”
In other words, this provision allows for the citizen’s selection to be associated in the voting machine database with a unique number associated with that voter, so that citizen’s vote can be removed later if deemed to be ineligible. (If you are a committed activist who has stayed with me to this point, I know your hair is now on fire!) The intention of this requirement may be to streamline the counting of provisional ballots, to make the job of election officials easier; but it totally compromises the secrecy of the vote. Not only for the counties which might use this capability for early voting; but also for all counties which use voting systems that have this built-in capability.
The best way to avoid a possible break down in privacy is to prohibit the vendors from building this capability into the voting system. This is where our comments are important.
Certification should require testing both the voting units and the ballot activation devices, through their source code, to verify that they do not have this capability. If the proposed guideline is implemented as written, and voting systems are permitted to accommodate this dangerous capability, it would require that each and every county that is concerned about the secrecy of the ballot, perform the necessary testing to ensure that it is not being used. Most counties do not have sufficient expertise to accomplish this task and such testing would be prohibitively costly.
The capability of tying a vote to a unique number identifying the voter is not theoretical; it appears to have been practiced in early voting in Georgia. “In the 2004 election, 367,777 Georgia voters-more than 10% of the state's electorate-unknowingly gave up the secrecy of their ballot, by taking advantage of the new early-voting process” (http://www.countthevote.org/no_secret_ballot.htm). John Sullivan, the Fulton County Election Superintendent, said that, “Early votes are marked with a numbered identification in case they are later challenged.” (Atlanta Journal-Constitution, 09/29/04, Carlos Campos)
With my thanks.