|
The following are ideas I have been mulling over for how I would do voting:
November 19, 2004
Ok, here's what you do. Everyone is given a tiny computer program which is called a hash routine. This little program will turn anyone's social-security number into another UNIQUE number or maybe a UNIQUE alpha-numeric code. I am not a computer scientist, but I believe it is possible to do this such that there is no way to go back to the original social security number given that you have this unique code word/number that was output by this algorithm. So lets call this unique number the user's voter-identification-number (VIN). Now when it is time to vote (and incidentally, I don't think everyone should have to vote on a certain day as we stupidly do it now. I think they could vote anytime they wish up until a pre specified date/time, such as November 2nd at midnight), the user goes onto the internet and goes to this special website set up to accept these VINs and then present the user with a series of choices to make for that particular election, very much like an electronic voting machine (although now of course you don't get to have cool features like the ability to touch the screen in order to select your candidates). The user makes her selections and that is it. Her choices get stored in some community database. Now here is the part that keeps this from being manipulated unfairly. The user who just voted can go back onto the internet anytime and look to see if the way she voted is still recorded under her VIN. Now what I want to have is that this database file that stores all the votes should be accessible (readable but not writable) by ANYONE. There will be a program on this website that will count up the votes and show the results. This program will have been written by someone in the government, not a private company. But the thing is, the database will be accessible to ANYONE (I am not really sure how or if there is technically a way to make a database available to anyone on the internet in its raw form, but that's another matter. Well, certainly you could make this central database file ftp-able I guess). So if, for example, the democrats think that there is something fishy about the election, then they can have someone on 'their side' write a program to access that database file and read it and show the results (there would need to be a standard format agreed to by everyone for how the votes are stored in this database). And if the republicans thought there was something not right, they could do the same thing. Now as with every scheme, there are certainly details that need to be worked out. For example, with this idea, well, there are some people (lots in fact) who just don't have access to the internet. Well, these people could either go to a library or we could continue to set up polling places with computers connected to the internet just for these people. Also, this idea relies on everyone having a social security number, which isn't true. But there are lots of social security type numbers that aren't being used that they could be assigned for the purposes of the elections. Or they could just be given their VIN directly, or a VIN which was derived from an 11 digit number, for example.
So now what is wrong with this idea?
January 7, 2005
More on this idea:
The above has the problem that anyone can come along with some SSN (either one they have 'stolen' from somebody else or they could just type in a random 9 digit number). So we have to come up with a fix for this problem. So here is my fix for my new system of voting I am trying to conceptualize: When the voter goes to register for the election, the person registering them will go to their computer (connected to the internet) and they will bring up a form. ON the form will be a place to input the voter's Social Security Number (or maybe we could use their Driver's License identification number) and their birth date. If people are concerned about giving out their SSN during the voter registration process, we could have the voter actually enter her/his SSN into the registrant's computer his/herself with nobody looking. Using these 2 numbers as input, there will be a hashing routine that will spit out a Voter Identification number. This will then be given to the voter to take back with them. When this registration procedure is completed, a place will be created in a huge database (capable of holding up to --what is the current US population?-- 300 million entries) which will be keyed to this voter's VIN (Voter Identification Number). Now, I was just gonna have them use this VIN to enter into a website they would use to mark their election choices. But to make it even more secure, maybe this VIN could be like an account name, to which they would either be given a password, or after the first time they used it they would be forced to choose a password which would be required from then on to log on to this system to either view their election choices or make them (or change them). Now in order to start out simple, I am just thinking of the federal presidential elections initially. The database would be 300million entries, with each one being keyed to this VIN that was given to the voter. For the presidential choice, in one separate part of the database would be keys to each of the presidential candidates. So for the last election, it would be something like this: George Bush = 1, John Kerry = 2, Ralph Nader = 3, David Cobb = 4, Michael Badnarik = 5, etc. If there is a 0 in this place, that means no choice was made. Now, the fact that different states have different selections of candidates available (which is totally ridiculous but lets work with it) brings up a problem. Even when just voting for the president, there needs to be a way to distinguish what state the voter is from. And later when we have to start dealing with local elections, the county of the voter will have to be taken into account (now I know there are also things called 'precincts' within counties, but as far as the people whom you are voting for, I believe there are only 3 levels, federal, state, and county. IS THAT CORRECT?). So what I propose to do is add information to the VIN that would indicate the state of the voter and the county. A simple way to do this would be the following. Let's say that the VIN as output by our hashing algorithm was a 10 digit number. Then we could do this. Add 2 digits to the beginning of that number that would be a number to distinguish between each state. And then add 2 numbers after that to distinguish between the counties within each state (or 3 numbers if there is actually a state with more than 100 counties). So now the VIN, which started as a 10 digit number, is now a 14 digit number. And since the state and county distinguishing numbers are at the front (on the left, most-significant part of the number), in order to find out how each candidate did in any particular state, you would sort the entire database (well, it would most likely be stored as a sorted-list) and then if you wanted to see how each candidate did in state number 01 for example, you would just ignore all entries with VINs that did not start with the digits 01. So, for example, the database might look like this:
01013249429024 1 Someone in state 01, county 01 voted for George Bush 01018435934959 3 Someone in state 01, county 01 voted for Ralph Nader 01018495837498 1 Someone in state 01, county 01 voted for George Bush 01018998894398 2 Someone in state 01, county 01 voted for John Kerry 01024509340984 2 Someone in state 01, county 02 voted for John Kerry 01024805083089 1 Someone in state 01, county 02 voted for George Bush 01023495987593 2 01024534543654 0 Someone in state 01, county 02 has not voted for president 01039874579493 4 Someone in state 01, county 03 has voted for David Cobb
The fact that this ultimate 14-digit Voter Identification Number (VIN) would include the state and county numbers as the first 4 digits would also make the idea of using Drivers ID numbers (rather that SSNs) much more feasible since this way, people in 2 different states who just happened to have the same Drivers ID number and birthday would still have totally unique VINs.
Now this is just a very rudimentary look at how this database would be set up. Unfortunately, as you added more and more things you wanted this all to handle, it will get more and more complicated. And I do wish there was a way to avoid, or at least minimize, the complications. For example, it would be neat if you could have stored in this database for every voter not only their current selections, but also all their past election choices. It would also be nice to store the date and time of whenever they made changes.
But the beauty of this is, that all of these problems that people have been having with the current ridiculous voting system would be eliminated. There would be no need for people to wait in long lines in the rain, because you could do this from the convenience of your own home (or a library or a friends place or something like that). There could be no people being excluded from voting because of the color of their skin or their political persuasion. All this silliness would end.
So now what is wrong with this idea?
Of course, here is one problem. Since you wouldn't have results coming in bit by bit on election night like it is now, there wouldn't be this horse-race like show on the TV networks, so they would be out of LOTS of money from advertising they usually get during elections. In fact, since people could vote anytime they wanted to up until the deadline, the results would probably basically be known for days, even weeks before November 2.
April 4, 2005
Ok here is my latest version of this idea. Let's call the voter Joe and the voter registration official Jane. All voters will be registered at their local DMV facility (maybe they could rename it DMV&VR). There will be a small room with an official and a computer connected to the internet (or more if necessary). The voter will come in and give the voter registrar his driver license. The registrar will enter his driver's license number (checking that the voter matches the photo on the drivers license) and the state and county where the voter lives in a form at this special webpage on the internet. The voter will then be asked to enter a password in this form (the registrar will position herself such that she cannot see what the voter types for his password). Now the voter has his account set up and until he moves to another county or state he will not need to reregister to vote. Also this way he won't be given a certain HASH number derived from his SSN or driver's license number and birthday like I originally thought of doing it. However, the registration system will still run a hashing routine on his driver's ID, state number and county number to get the key under which the voters records are stored (in other words, this will all happen behind the scenes) When he wants to go vote, he will only need to access the voters page on the internet and enter his 1)driver's license number and 2)state of residence 3) county of residence and then his personally chosen password. I continue to believe that the voter should be able to vote any time up to the election deadline (we'll say November 2). And if the candidates are all set up to run by the time the voter registers, I think they should be allowed to vote their choices right then. But obviously a sufficiently long time before the election, the candidates will not have decided to run or been chosen by their primary. So I think there should be a date before which no one will be permitted to vote. So instead of one day to vote like we have it now, we would have a period of time, say a month or two, during which you could vote. Now remember the last presidential race. I don't even remember how long before the Nov 2 vote the candidates were all decided, you know when Kerry came out the winner of the Democratic party. But once that happened, in my system the voters would then be able to start casting ballots (assuming all the local candidates had also been decided, and this interaction between the federal and local elections is where all these complications I think are going to come up). And it would be interesting because this voting system would become like a polling system too. As the candidates revealed different parts of their platform, the voters (at least the ones who had registered at that point) could respond immediately as to how much they are in favor of them. And then the candidates could actually respond and shape their proclaimed stances on issues based on this (I suppose this might already take place using the polling mechanisms we now have). Oh by the way, the pollsters who didn't manage to get it right (:)) this last election, they would be totally against this system because it would effectively put them out of business. So we got the pollsters against it, the networks against it, the voting machine manufacturers against it. So I'm sure there will be little problem getting it implemented, :). Now another thing about this internet voting idea. When the voter goes to vote on this internet web page, the voter could be given a hyperlink to each candidates webpage. So right before you vote, you could actually go and see how the candidate stood on various issues. Now is that a good idea or what? You are under no pressure because you are not using some machine which they only have so many of which you will be holding up other people if you take too long. You can (assuming you didn't wait till the last minute) go and spend as long as you want to exploring the candidates positions. Hey maybe you could click a link to a forum on each candidate and argue the pros and cons of why said candidate should receive your vote with other voters, hehe! Is this perhaps TOO democratic?
PROBLEMS
I was just thinking about how I am currently thinking of creating the keys to the records of all the voters. I just stated that they would give their Driver ID, state and county and that would be hashed into a key under which their records would be stored. What I didn't think of is that, anyone who found out voter Joe's driver ID and knew the state and county where they lived could use the hash routine (which SHOULD be public domain) to derive the key and then look up their voting record. So that's no good. Perhaps the voters PASSWORD could be added into the mix of stuff that is fed into the hashing algorithm to derive the key to their voting records. I don't know enough about this area, to know if a routine could be created that would guarantee that a unique resulting key would always be output, and that there was no way to reverse the process. But that is a technical question that I am sure a CS expert should know the answer to. The part of this system that has the biggest chance of being compromised is the fact that the voter registration people would have to be the only ones who can access a webpage where the voters are registered. How do you insure that only they can access it and that they only used it for registering voters. I wanted this system to be completely open but here is can't be. I wonder if there is someway we could eliminate the registration at someplace by government officials part of the system. What if we set it up so that you go to a web page to register. It asks for your name (as shown on your driver ID), driver ID, your date of birth, your SSN. Now, I know that state governments keep a record of your driver ID and birth date. Do they also have the associated SSN. If so, the voter by entering all this could confirm that they are the person they claim to be (although of course anyone else who had all that info could register, but then when the real person went to register, he would see that there was a problem and then go to a government official). So they enter all that user info, and they enter a password. Now they are registered. Now, have I just come up with a full-proof way to register from home? If THIS worked, then it would greatly reduce, but by no means eliminate, the number of people who would need to be given write access to the database. No, I don't think you can have home registration because then couldn't someone register dead people? But here's the thing. Every person who would be voting would have write access to the database. They would just be limited to accessing their particular record via the voter webpage. In the same way, the registrars would only have access through a certain webpage. They would not have general access to the database. They would be on somewhat the same level of access as the voter. But the registrar would have the power to create people who didn't exist. How could there be some sort of check on this? Would we need to have at every registration station a representative of every party being voted on or something? Sigh! When the registrar enters the voters Driver's ID, it could be checked for existence against the states driver ID database. Wouldn't that eliminate that problem? Could that eliminate the home-registration problem? When someone dies, does their Driver ID get deleted from the state database? But even if you had home-registration, ultimately certain people or certain programs on certain machine which were accessible to certain people would have access to the database in a non-regulated way. Or they would have access to the ability to give access to. How do you insure that things don't get compromised? That the people who want to fix elections can't somehow rig the system. One possibility is, could have machines all over the country continually accessing (read access) the database and checking its integrity. These machines could be owned by the different parties in the elections. Every time a new person was registered into the database, they could do a check to see that that drivers ID... no, the driver ID is lost in the key, sigh... Anybody got anything for a headache?
|