Well we have been hearing about problems with voting machines in this 2020 election. Some of the machines in question are named Dominion (there’s a name that makes the hair on the back of my neck stick up!), and there have been credible claims of improprieties with regards to the ballot counting by these machines.
A voting machine has to do two simple functions.
- It needs to optically read the markings on the ballot.
- It needs to count up all those markings for reporting at the end of the night.
First off, no company who sells machines to count votes should be using proprietary software. This software should be open source. And a unadulterated version should be installed on every machine that counts votes.
Each machine should have two USB ports each of which will accept a USB hardware key. Each key will be loaded with the single version of the open source software which was agreed upon by all parties, and each key will be fingerprint locked to a local poll watcher, one for the Democrat, one for the Republican.
When you start the night each puts their key in the slot, and it reads their fingerprint. Once both are validated, it compares the two versions of the software on the keys and if they match, it loads them into a fresh virtual machine that is securely sandboxed in the OS. If either the fingerprints are not read, or the versions of the software are different, the machine does not start.
The network port used for maintenance is locked down, and when the machine starts up, it starts up a piece of client software that at a specific interval, pings a central computer cluster in homeland security. As long as nothing plugged into that port connects to the internet, they will never get a ping. But if they do, they can send back a response that shuts down the machine based on the IP. This insures that all the machines are air-gapped.
At the end of the night, each poll watcher puts his fingerprint on the key and once both are validated, a copy of the counts are dumped to each of the keys. The keys are placed in separate tamper resistant envelopes and a separate Sheriff’s deputy is assigned to sign for and deliver each key to the central location. Nobody sees any vote counts.
All of the ballots are placed in a sealed envelope with a tamper resistant seal. It is signed by both poll watchers. Given to a Sheriff’s deputy who signs for it and takes it to the poll watchers’ supervisors at a central location.
At the central location, the supervisor’s fingerprint unlocks the key from his particular party, and when both keys are dumped into the central computer (which also has open source software and “air-gap control”) the totals on both keys are compared and if they match, they are dumped.
Totals are reported by phone to a central location to representatives of both parties.
There is probably some way to cheat this. But I would think it would be incredibly hard. There is still the issue of fraudulent ballots being fed into the machine and counted, but chain of custody and poll watchers at the polling places would help stop that.