'Nuf said?

If a nationally-distributed system can't be trusted to be hack-proof, how come the U.S. military operates their Top Secret network on the back of the global web and also successfully disseminates their confidential information via radio waves over many different frequencies many of which travel over very great distances…???

The fact is, distributed computing security *is* possible. Cost is the only factor.

You bring up a lot of good points.

Being a software engineer, I too know something about the topic. Not voting machines, per-se, but for the last 3 years I have been a developer on a globally-distributed wireless-device management system. So I am familiar with security and software.

I am not at all arguing that voting machines are 100% bulletproof; especially that the current crop are anywhere near satisfactory — I have no idea how good they've been engineered.

What I *am* saying is only that the system *can* be designed to be fairly tight and secure. Routines can be developed to trigger alerts to hacking attempts; databases can be designed to be capable of detecting tampering events; networks can be engineered to detect and alert eavesdroppers.

I know you are suggesting that even with all of this technical capability that doesn't preclude the fact that the team hired to do the engineering could be the one's rigging the system. But that's a *design* problem, not a technical one. Rather than hire a single private firm to do the engineering, a multi-pronged, open, and highly-observed approach could be taken.

Just like the mail-and-count system you referred to; you referred to it's success being based on the fact that the ballots are submitted via a distributed system and counted in a highly-controlled and highly-monitored way. That same approach could be taken with respect to the electronic-ballot machine; hire 1 firm to design the architecture, 1 firm to design the network, 1 to design the hardware, 1 to design the software, 1 to design the database and it's API, 1 to oversee and inspect the others, and let each major party pay for their own tech teams to also participate in the reviews and inspections.

But I won't lie; *cost* might ultimately be what makes the mail-and-count system the better one.

The computerized voting systems have more exposure (more "handling") than physical ballots. Everyone who touches the machine has access to it. Everyone who works on the data transmission lines and software has access to the ballots. Anyone who works on the software that tallies the ballots may have access to it. There are a lot of unseen exposure points in a computerized machine. Computer hacking is based in large part on those exposure points.

The post office also has a lot of handling, but it is very distributed, and actions aren't hidden inside computers. The mail handling is out in the open. Even though there is more actual handling of the ballots, there are fewer opportunities to interfere with them.

The people who do the counting in Oregon just do scanning with a machine that is like a multiple-choice test form. And their work is closely monitored. I watched them do their work on a news segment once. Everything was contained in one highly controlled area. That is a good thing.

As a systems analyst, I still find that the mail-in ballots are the most secure form of balloting. Paper ballots where individuals have access to entire boxes of ballots alone, that may or may not show up after the fact are one of the least secure kinds of balloting.

The computer balloting machines and their supporting software and supporting hardware (transmission lines, etc.) can be hacked or otherwise messed with. A concerted effort to affect the machines can throw an entire election. Historically, voting machines tend to crash a lot, which is a major security issue. I prefer a paper ballot over a computerized ballot any day.

I do, however, find one statement you made to be fallacious and actually argues *against* what you are arguing for. You said: "The fewer interested people there are handling the ballots, there less opportunity there is to fudge the vote count." I think this is wrong because if you want "as few interested people" as possible to be doing the counting then you can't get much less than 0: the number of people counting votes in an electronic voting machine. The machine does all the counting, humans do none (other than maybe spot-counting for validation or something); in face, this is the biggest advertised-strength of the voting machine — it removes human-error during the counting process.

But I think your overall point was a good one, I just think that that one statement was thought-out wrong. Even if you ignore the fact that an electronic-counter represents 0 human-counters and take your statement at face-value by reducing the human-counters to just *1* person, that hardly is a prescription for reducing the potential for fraud. With just 1 person doing the counting I know only have to coerce and buy-off 1 person — and as long as that 1 person doesn't open their trap, my secret is safe. Additionally, just this 1 counter has the power to corrupt the count *absolutely*. He, quite literally, could count every single ballot as being a vote for his preferred candidate (obviously the results of that wouldn't fly, but technically he could do that; more on this point later).

To the contrary, the more people I can incorporate to do the counting the *less* likely there is that any perpetrated fraud will go undetected nor that it will corrupt the system to a significant degree as to alter the outcome of the election. Granted, it's now more likely that *some* corruption would occur; but it's more likely that that corruption will get detected — because, as anti-conspiracy times always decry: there is no way a conspiracy involving large numbers of people could ever be perpetuated without *someone* spilling the beans. The larger the number of conspirators, the more likely a leak.

Furthermore, if you have 1000 counters but only 1 is counting fraudulently then in most elections (and to varying degrees) the votes that that 1 counter is corrupting are less likely to impact the total vote to any significant degree (as opposed to the 1-counter system where he could potentially alter 100% of the votes).

With respect to the voting-machine vs. counting-by-hand method I think a more accurate statement would be "the *more* hands doing the counting, the better."

Because it spreads the danger of getting caught and it spreads the risk of serious damage to the system.

Much like our different levels of gov't being spread out into many peoples' hands — if only one person held the reins of gov't we'd be in big trouble.

Now, with respect to distributed counting (in local township-sized areas) vs. centralized counting (in the central office of your local state representative responsible for administering the voting process) — you may have an argument on your side, since the controls are bound to be much better in a centralized-counting system. But you ended your argument with the simple assertion that dropping your vote off in the mailbox is virtually tamper-free and fraud-proof; as if it's the PO's responsibility to ensure your vote gets counted correctly. What you didn't discuss is whether or not your centralized voting office is actually doing the counting fairly or not.