________________________________________________________________________________
What I don't get: vote counting is an easy to distribute problem, if done completely manually. Why take all this effort, cost and risk with the automation if it's awfully slow in the end?
Germany uses (mostly) all paper ballots which are counted in each voting location by the local election committee, which is usually chaired by a government employee, and filled up with randomly chosen citizens. First results are often available 3-4h after closing of the voting location. With final results available during the next 1-2 days. All ballots will be collected on the next org level, to be available for audits/recounts.
I think that the cost of hiring and training election workers is a major issue. I'm not sure how European countries handle this, but in my jurisdiction election workers are hired as temps, paid hourly, and receive a several hour training. Managing this is a formidable task for the fairly small election bureau, which has a limited budget because, well, elections only happen so often.
Just the staff that processes absentee ballots (on normal years, even more so this year) is a large group of people who operate 24/7 in a large warehouse. We're fortunate that the county has the resources to dedicate a large building to the election bureau, in other counties they have to borrow space in community centers or courthouses for counting and it's more of a logistical challenge to get equipment in/out. Yes, many of these same challenges exist and are managed for the physical polling locations, but hand-counting would be piling a lot more workforce and space to manage (I would guess about double) on a county that is already struggling to afford the operation. The use of precinct tabulators keeps the polling-place staff fairly small while meaning that the ballots are already tabulated when they are delivered to the election bureau.
I have been involved in hand-counting ballots and it is remarkable 1) how tedious and time consuming it is, and 2) how error-prone the process is. With our typical ballots (18" long paper with three columns of questions on both sides, typical Dominion design), it takes a while for each ballot and it's a two-person process for accuracy. Even then the election administration feels that the error rate is unacceptable and so takes every measure possible to avoid ballots that must be hand-tallied. Much of this is a result of election code requirements for accuracy that involve typically three-person (and two-party) sign-off on every tally operation. Security restrictions on access to the computer totaling system adds further complexity and has lead the county to abandon "distributed" hand-tally operations, with all handling now being done centrally in the warehouse.
My gut feeling is that countries which hand-count ballots probably have a lower emphasis on absolute accuracy than US election administrators typically do. I have no idea but would also be interested in knowing how common it is for election workers to be paid in Europe vs in the US. My gut feeling, though, is that hand-tallying is not practical in the US without a significant expansion of the budget for election administrators. I'm also unconvinced that hand-tallying has any meaningful advantages over precinct tabulation, since both allow for post-tally audit and in this jurisdiction and many others, hand-tally audit of a sample of machine tabulation is a standard part of post-election canvassing.
As an addendum on something somewhat poorly understood, in most US jurisdictions the long delay between "unofficial" and "official" election results is a result of the canvassing process, which is a combination of hand-processing "difficult" ballots like provisional and mismarked ballots, and a standardized post-election audit which may include hand-tallying a sample of the machine-tabulated ballots (I would like this to be a mandatory practice nationally). Much of this wait is not because the machine tabulation is slow, but because the machine tabulation is not completely trusted and there is an auditing process that takes some time, plus there being ballots which are inherently not suited for machine tabulation. In my area the unofficial tabulation is usually completed overnight after election day, but the canvassing process takes substantially longer because, among other things, every provisional ballot must be manually researched by a more highly trained records team, which is a measure to avoid denying anyone the right to vote because of procedural problems with looking them up in the pollbook.
Finally, as discussed, not all states allow absentee/mail ballots to be processed before polls close. There's a tradeoff here and I don't think this rule is entirely unreasonable, but it does obviously add to the delay.
Regarding your pay question, here in France it's random people, you and me, who are election workers (I explained the process in another reply): it's definitely not paid.
And the counting is done in polling stations after the voting process: just more hands and eyes that way.
And because it's that distributed, it's pretty much parallelized as much as you could. Another quality is you'd have to corrupt a fair amount of polling stations to make a substantial difference if you wanted to cheat.
Results are then sent to the next level (usually city hall which aggregates that and then sends that to the next level).
Pretty much as in Germany. Election workes get a small monetary compensation for refreshments in Germany. And because all polling is local, within a couple hundred meters of your place of living, and voting is on Sundays, there is nearly no costs incurred for the election workers.
Why are people being paid to work the elections? Most places have volunteers representing both parties.
While costs are always an issue, according to [1], the parties involved spend over 6 billion $ on their campaigns. I fail to see how money can be a issue here.
If we are talking about the allocation of money, then this is a political problem, not a monetary one, as money is clearly available.
[1]
https://www.opensecrets.org/elections-overview/cost-of-elect...
Election workers aren't hired by the parties, if they're hired at all it's through the state or municipality. Most of the time they're volunteers.
They're completely different thing.
Spain does this and they know the results the same night.
I don't understand how the US manages the election like a 3rd world country.
One issue is that "The US" doesn't manage any elections. The US states manage 50 different elections on the same day, with different rules, oversight, and processes, in many cases administered by the same people who are up for election, often also with 3rd-world-country levels of funding.
To add, at the local level, voter suppression strongly benefits incumbent candidates, so there's not really an incentive to make the election process easy and smooth.
It doesn't matter if it's done country wide or at federal level. The US is a very developed country that could do that if those in charge were willing to do it.
It's not nuclear physics.
I fully agree. Unfortunately, and as I mentioned, those in charge (of that decision) benefit wholeheartedly from the status quo.
Much of American physical and civic infrastructure is like that of a 3rd world country.
Most of the cases of extremely disrupted voting (such as 12 hour lines, mysteriously 'broken' voting machines in urban areas, or the 300,000 mail-in ballots that the postal system refused to deliver) are, however, intentional policies intended to reduce the turnout of Democratic voters. The US has a very long history of making it as hard as possible for non-conservatives to vote[0]; these irregularities are just the modern descendants of poll taxes and the Jim Crow laws.
Politically, the US has much more in common with Central/South America, and contemporary Poland under Law and Justice, than it does with places like Spain or Germany.
[0]
https://en.wikipedia.org/wiki/Voter_suppression_in_the_Unite...
Well, elections in Poland go smoothly and there is little doubt they are fair. Votes are counted the same night (most of them) by the committees in all voting locations and sent upstream then. Even the opposition doesn't dispute the fairness of the election much.
BTW, you need an ID to vote and you're responsible to update your official address or you won't be able to vote. The idea that you can do election without ID and with shady registration process sounds like someone trying to steal it to everyone here and I guess most of Europe.
That we elect authoritarian national socialists and that division of power is a myth here due to our half-assed constitution is another matter. We are just pretty backwards as a society. PiS and their ideas are very popular here sadly.
Both of the countries would laugh at the idea of voting without id, and getting id costs in Europe too and takes done time to get it done. I truly believe most of the Europeans would side with Republicans if they heard all the facts.
Yes. When I talked about this topic with some left leaning friends they were surprised that the requirement of an ID was taken as voter suppression in the US.
The issue US left-leaning people have with voter ID laws is threefold: there's no documented problem with voter fraud that needs to be fixed through ID requirements, two, ID requirements are often imposed with the explicit intention of reducing voter turnout among the poor, and three, that there is allegedly a large swath of Americans who don't have valid identification and can't get it easily.
Realize that in some states, the offices which produce identity documents for people who don't drive might only be open twelve days a year and are located in areas that are not accessible by public transit. For people at the bottom of the American income inequality pyramid, getting documentation might be something they can't afford, in terms of the time off work, taxi fares, and the costs of possible legal assistance.
Seems to me the _good faith_ solution is just to make sure everyone can get identification easily. However, the foundational issue is that voter ID requirements, combined with hard-to-get documentation, is a bad faith policy intended to keep poorer people from voting. Fix the 'bad faith' problem and everything else is trivial to put into place.
I'm against voter ID legislation but almost all these arguments are terrible.
> _there's no documented problem with voter fraud that needs to be fixed through ID requirements_
Maybe not, but that's not an argument against voter ID, it's an argument against one of the arguments _for_ it. Slightly different.
> _ID requirements are often imposed with the explicit intention of reducing voter turnout among the poor_
Implicit, maybe, but do we have anyone on record saying they want voter ID to raise the median income of the average voter? Or that they don't want poor people to vote so we're going to make you bring in a driver's license?
I buy that this is a side effect/consequence of voter ID, but not that it's explicit.
> _there is allegedly a large swath of Americans who don't have valid identification and can't get it easily_
Maybe, but like someone else said in many European jurisdictions you are required to show ID, it costs you money to get it, and you have a process to get it that takes time.
> _the offices which produce identity documents for people who don't drive might only be open twelve days a year and are located in areas that are not accessible by public transit_
I'm definitely calling BS on only being able to get a non-driver state ID one day every month, and _most_ of the US is not accessible by public transit. We are not as densely populated as Europe and expecting a nationwide public transit network that reaches 100% (or even 50%, honestly) of our citizens is unrealistic.
> _For people at the bottom of the American income inequality pyramid, getting documentation might be something they can't afford_
This I actually agree with, and this[0; PDF] is actually a great breakdown of costs associated with getting an ID. It's absolutely a biased source the number are accurate and you can ignore the politicizing narrative.
I agree that the good faith solution is making identification free for anyone who can actually prove their identity and needs the financial assistance. It's hard to argue against VID _if_ anyone who can prove their identity gets an ID if they want it.
[0]
http://sharedprosperityphila.org/documents/Revised-ID-Waiver...
And the public is allowed to watch the counting process by the local committee in Germany. So even lay people can follow what's going on if they want.
This would never work in America because Republican supporters would do their absolute best to disrupt the count by intimidating poll workers. It happened in 2000[0] and it's happening again now[1].
[0]
https://en.wikipedia.org/wiki/Brooks_Brothers_riot
[1]
https://www.msn.com/en-us/news/politics/what-is-the-brooks-b...
In Germany, those counting the polls are often associated with the parties, so you actually often have party members (at least of the biggest parties) involved in the counting. But because any party can contribute + there is free access for observers, this is a non-problem.
Actually I believe it's a feature, as it would (politically) be a lot harder to argue for the poll workers to be one-sided if your own party members are part of it.
Sweden here, all manual on paper. A first count in 2-3 hours the night of the election, then a complete recount the following weeks in all districts, no triggers or conditions to keep it simple and use the same process for any result.
You can observe the vote happening, count on election night or recount as long as you follow the instructions and don't interfere with it in any way, this includes adjacent rooms.
Easier to commit fraud or, more likely, easier to get cushy government contracts for the companies making the machines and software.
It's not properly distributed. I mean, look at Philadelphia right now. There's a convention center where they're counting _hundreds of thousands of ballots_. That's not only insane but idiotic. There are 66 wards in the city[0], those are further divided into a total of 1,703 voting districts. The city population is around 1.5 million - that's less than 940 ballots per district, which you can count in a day. There's no reason the same people watching the polls couldn't have been counting the mail in ballots on Wednesday and Thursday.
The fact that everybody is cheering Philadelphia for only taking 4 days to count a couple hundred thousand ballots is just silly.
[0]
https://files7.philadelphiavotes.com/maps/ward-maps/Wards_St...
Does Germany have as many items on a typical ballot. In Washington, DC, we had city council (by ward), city council (at large), non-voting delegate to Congress, shadow representative, shadow senator, a couple of school board slots, advisory neighborhood commissioner, and of course president.
In a state you might have two state legislative seats up, plus some county offices.
This was the 2011 city council ballot for Frankfurt am Main:
https://chalog.files.wordpress.com/2011/03/stimmzettel.jpg
Every voter had 93 votes, one for each seat in the city council. It's a rather complicated system, where you can freely assign up to 3 votes of your 93 votes to each candidate, can strike candidates from the list or simply vote for party lists.
Federal elections are way simpler, with just 2 votes. But often several elections are combined. But there are less elections overall in Germany, as we usually only vote for: city council, county council, state and federal parliaments, and finally EU parliament. 5 in total, most of them every 4 years, so on average 1.2 votings per year.
This is what happens in many elections.
The problem is mail in ballots, which were significantly more this year. When do you start processing them? In many states, the answer is: before election day.
In other states, notably PA, the law says "day of election". The legislature there deliberately did not take any action to change this. Why?
Cynically, PA's (Republican-controlled) legislature have a vested interest in doing everything they can to make vote-by-mail as arduous and sketchy as possible. Disenfranchising voters in Philadelphia and its suburbs is the only way they stay in control of the state.
We're literally seeing a race right now between the vote counters trying to finish the count and the leader of the Republican party suing to stop the count and invalidate as many mail-in votes as he can (because he knows they are likely to be overwhelmingly for his opponent).
Personally, mail in ballets should not be touched before the end of the election period and be counted together with the in-person votes. But given the ability to count them as they are received it should be rather easy to provide enough vote counting resources for a speedy counting on election day.
The issue I have with pure electronic voting machines are numerous: it's hard to audit them and it's been shown many times in the past how easy it is to compromise them.
But if you put aside the security or the bug free status of the whole thing, a true democratic vote has at least 2 properties:
1. it's anonymous
2. it can be audited by a layman
Because of the complexity or bugs or whatever, #1 cannot really be guaranteed. Voting machine vendors will say they have no way to track voters until someone finds a flow or figure it out. Or machines could be altered or hacked or...
But really the biggest problem is #2: because if there's a problem, you need a paper trail. Because in the event of a recount, you want your average joe or jane to be able to recount ballots.
You could bring all the blockchain stuff (because I often hear that) or what not into the argument, you still wouldn't be able to do both #1 and #2.
So to me, voting must remain a paper thing.
> You could bring all the blockchain stuff (because I often hear that) or what not into the argument, you still wouldn't be able to do both #1 and #2.
You can't do both #1 and #2 now. An anonymous ballot can't be audited, because it has no provenance -- if somebody slips an extra ballot in, how would you tell?
Here it's almost impossible to slip an anonymous ballot.
The ballot box is made of transparent plastic (something like [1]), and you don't slide the envelope in it yourself. The slot is blocked until an official pulls a lever to let it go through.
So you put the envelope by the slot, if you keep holding it you will be asked you to let it go (so you can't cleverly hold multiple of them while it looks like one). They'll check again who you are and if you can actually vote and so on. If all is good, an official will pull the lever.
[1]
https://www.jpg.fr/content/images/product/09812-00J_1_xnl.jp...
That's not the end of the process. At some point, the ballots are coming out of the box. Slip your extras in after that.
You can't do that either because the way it works here is you're being given a sealed bag with all envelopes coming straight for the ballot boxes and that process was supervised by multiple persons.
And then you have:
- one person who opens the envelope containing the ballot and unfolds it
- one who reads out loud the ballot
- at least two who write down what the person above said
And all that is supervised by the same people who were manning the polling station (at least 4 them).
So if you have multiple ballots in the same envelope, they will call it. The only way it'd work is if they all worked together. And you'd have to do that for a couple counting stations in many given polling stations... That sounds like an inside job you couldn't keep secret for long.
Because one thing I forgot to mention: counting is done at the polling station, it's not centralized, only results are.
Again, this sounds like something that happens before the theoretical audit. An audit by definition happens after the results are reported. It is a process meant to double-check that the original process, which you describe above, gave an accurate result.
If you stake everything you have on the original process being incorruptible, then your only response to an audit that shows a discrepancy must be "the audit is wrong". That's unlikely to satisfy many people; if that is your only strategy for dealing with audits, you are running an inauditable process.
It is very hard to split in more than a few ballots, i.e. an amount that will change the result.
In Denmark you don't know what the ballots look like before election day, so you can't produce them in advance, and they aren't printed on printerpaper but is larger and the paper has a distinct texture/feeling.
A voting machine can produce a printed ballot which is scanned by a separate counting machine. This can be checked for consistency by the voter. Also, you can have more than one scanning machine to verify the ballots are counted properly. And you have a paper trail if a recount is necessary.
So the voter would not only "print" his own ballot but check the consistency? That's not what I call audit. Audit is supposed to be multiple pair of eyes during counting. Plus you'd possibly lose the anonymity of the vote if the voter did both (timestamping transactions and so on).
If all counting machines are the same, how do you know they're not all wrong? Or not all tampered with?
And even if they all give you the same results, how do you know it's actually correct or how do you decide to recount? You have no real way to: you have to count. So at that point you might as well have counted in the first place.
Ideally you should have multiple vendors and make sure they all give the same results. But who's going to do that?
...if we do it right, the Devil himself could build the voting machines, and we could hold an honest election,” Jones says. “And doing it right means having genuinely auditable technology...
Volkswagen proves this to be an unsafe assumption - their technology intentionally behaved differently during an audit.
I'm pretty sure it would be straightforward for the devil to know when they were being audited or not.
Volkswagen got around it via triggers to detect tests, not audits. It is a bit different. If you could detect that your system was being used in a test, you could yield correct results. Then otherwise yield biased results (perhaps the first so many votes of the day are always correct, and the biases are introduced later).
Auditing means things like paper trails (get an automatic electronic tally, but produce a verifiable paper ballot that can be counted in the case of any apparent inconsistencies). This discourages cheating on the electronic tallies because you never know when an audit may take place.
Interview with Douglas W. Jones, a computer scientist at the University of Iowa and co-author of the book Broken Ballots
_A fundamental flaw of direct-recording voting machines—that is, ones where you pull the lever on an old mechanical machine or you touch the touch screen on a modern one—all of those machines end up being completely impossible to audit. There’s no way to know whether the machine was honest or not, short of taking it apart and actually being able to inspect the mechanism. We have no good way of doing that with software. The complete lack of any auditable record of the count, so that you had to completely trust programmers, was a real problem. [But] the vast majority of votes in the U.S. today are being recorded on paper ballots that are filled in by hand. That makes me feel reasonably good. And furthermore, a growing number of states have some kind of an audit law._
Interview with Douglas W. Jones, a computer scientist at the University of Iowa and co-author of the book Broken Ballots
_A fundamental flaw of direct-recording voting machines—that is, ones where you pull the lever on an old mechanical machine or you touch the touch screen on a modern one—all of those machines end up being completely impossible to audit. There’s no way to know whether the machine was honest or not, short of taking it apart and actually being able to inspect the mechanism. We have no good way of doing that with software. The complete lack of any auditable record of the count, so that you had to completely trust programmers, was a real problem. [But] the vast majority of votes in the U.S. today are being recorded on paper ballots that are filled in by hand. That makes me feel reasonably good. And furthermore, a growing number of states have some kind of an audit law._
Broken Ballots book website:
Douglas W. Jones:
http://homepage.divms.uiowa.edu/~jones/
I don't get this one since digital voting machines right now today have auditing built-in that can be done by anyone. When you submit your vote it prints out a paper receipt you drop in a box that can be counted asynchronously and take as long as needed to verify the digital count.
Best of both worlds.
But does the digital count ever get verified in the real world?
If it is every time, it means at the end of the day you don't really trust the machine. You could announce results early but they wouldn't be official so what's the point?
And if the count only gets verified every once in a while, what triggers the process? Something abnormal? A random check? Something else?
What tells you the count is valid or not? How do you ensure the machine is working as it should, wasn't altered in any way and so on?
To me these problems can't really be fixed: you need the paper trail. And you can't "count" (haha) on a machine you can't really audit.
The majority of polling in the US occurs using either DRE with paper trail (called VVPAT) or paper-primary precinct tabulation systems. DRE machines without a paper trail are relatively rare and appear to be becoming rarer over time, although it's hard to get statistics on the issue. As mentioned in the article most DRE machines were purchased as a result of the 2002 HAVA and seem to be slowly going away as jurisdictions replace their equipment --- although there are certain stubborn hangers-on to DRE w/o paper trail.
Many states conduct a mandatory sample audit of machine tabulation, either by hand or using an independent machine. I would urge those concerned about election security to lobby for this requirement in states that don't have it, as it is a practical and readily achievable improvement in election integrity.
In many states which use machine tabulation, machines are tested using a reference ballot set as part of the commissioning process, immediately before being sealed for delivery to the polling place. Once again, a requirement that should exist in those states which do not have it.
So machines are still sealed at the polling place? If so that'd be a good start but same shit really. What if they had a firmware which had a special counting mode you could trigger with a special ballot?
The only way to make sure it's partially secure is to audit the code and even with that you could miss stuff. Code for these things must be open.
Plus a quick google search shows (facepalm) the following (there are many others like that):
https://www.nbcnews.com/politics/elections/online-vulnerable...
The three largest voting manufacturing companies — Election Systems &Software, Dominion Voting Systems and Hart InterCivic — have acknowledged they all put modems in some of their tabulators and scanners. The reason? So that unofficial election results can more quickly be relayed to the public. Those modems connect to cell phone networks, which, in turn, are connected to the internet.
The largest manufacturer of voting machines, ES&S, told NBC News their systems are protected by firewalls and are not on the “public internet.” But both Skoglund and Andrew Appel, a Princeton computer science professor and expert on elections, said such firewalls can and have been breached.
"Can be" or "will be"?
I mean voting is a very human affair. If you don't trust the humans to count the votes to verify the results then you couldn't trust them to count normal paper ballots either.
The way it's done here in France is it's just random voters who offer to do the recount (usually after being asked because it's pretty boring haha).
And you don't count alone, there are people with you who count with you and who double check what you do.
It works the following way. You legally must have:
- one person who opens the envelope containing the ballot and unfolds it
- one who reads out loud the ballot
- at least two who write down what the person above said
And all that is supervised by the same people who were manning the polling station (at least 4 them).
So it becomes a lot harder not to trust humans when you have at least 4 persons who saw the ballot and a couple others observing if everything is being done as expected.
In Germany you can watch the local committees while they are counting. it's an open affair. And you'll hear the numbers as the results are reported by phone to the next level. Which allows anyone who was present during the counting to audit the numbers when they are published afterwards. And yes, I did watch every now and then.
Since election fraud is such a hot topic right now. There are statistical ways to test for Fraud. Here is a simple one, based on the distribution of integers.
DIY Election Fraud Analysis Using Benford’s Law
https://www.kdnuggets.com/2020/09/diy-election-fraud-analysi...
python code
Raw Data
https://www.kaggle.com/unanimad/us-election-2020?select=pres...
I've done election clerking, which I highly encourage everyone to do. Here in SF, it's an entirely paper election, and at every precinct there is a ballot scanner. As people fill out their ballots, it gets scanned, tabulated (aka "counted"), then deposited in a locked box that's part of the machine. Your ballot has no personally identifying markings, and is now lost in a pile of other ballots. That is how ballot secrecy works in practice.
At the end of the night, the electronic tabulation is removed from the machine (CF cards), then given in a security sealed bag to a deputy officer who takes it to city hall to be summed up for the results. The paper results are organized, and put in security sealed bags, and given to a sheriff (person with gun), and locked into a van to be transported back to city hall.
So now we have the best of both worlds: fast results, and paper audit trail. Any precinct can be retabulated - just run all the cards thru a machine again. The mail-in ballots are processed separately, and once the envelopes have been verified, the ballots are put thru a tabulation machine as well. My understanding is city hall has a ballot tabulator for every precinct mail-in, and as they process mail they drop them in the appropriate machine. If a mistake was made - it's easily correctable because each ballot has the precinct number printed on it.
It's a very easy to understand system, that requires only basic elements of computer security. Cross checking a ballot tabulator for accuracy is easy. Recounting is easy.
And finally, for accessible voting, people use a tablet to choose their selections, then their ballot is printed out, which contains the summary of the vote, and a QR code the ballot machine scans.
Oh yes, and the ballot machine scans and keeps image files of every ballot. I'm not sure what they do with that, but there we go.
It's fascinating, and my experiences in the SF elections department gives me high confidence that the SF election, and any run like it, are very secure, and accurate.
From the interview a story about paper ballot tabulation problems:
_With fill-in-the-bubble ballots, a typical error would be printing the ballot with the candidates in one order but programming the scanner with the candidates in a different order. There was a famous incident of this happening [in] Pottawattamie County, [Iowa], in 2006 in its June primary. The net result was that the numbers that came up were pretty nonsensical and bore no relationship with anyone’s expectation of the outcome of the race. The election officials noticed. They did a hand count, and that completely resolved the problem. And they could because they had paper ballots._
I think like most things there are tradeoffs and the qualities most needed in the system run counter to one another--speed can cause errors to be missed, security reduces access, etc.
Many jurisdictions do, and all jurisdictions should, test every machine with a reference set of ballots and verify the correct output as part of commissioning. This is intended to detect errors of this type.
Right but it seems some machines are connected to the internet (seriously).
And it's probably easy in the firmware to check if you're being tested (ask Volkswagen). And even if it's not, you could write a firmware you could trigger with a specific ballot.
The bottom line is firmware for these things should and must be open so they can be audited by experts. And hackers must be given access to them so they can try to do their worst.
As long as you treat it as a black box, I'm afraid to say you aren't trusting the device, you are just having faith in it.
While they do exist, internet-connected machines are relatively rare. Unfortunately guidance has been inconsistent. Some states have qualification standards that prohibit network connections on tabulators, some states have standards that allow it, and some states don't have standards at all. In non-binding recommendations, the NIST is against network connectivity but the FEC takes a softer line on the topic. This is a great area to lobby state governments, all state standards should prohibit internet connectivity.
Generally, from a network security perspective, electronic pollbook systems are a much greater concern as they are connected over the internet as a matter of standard practice, and it's difficult to avoid this while preserving functionality. There are also more, smaller vendors for EPBs and they receive significantly less scrutiny or security review than tabulators.
I can't speak to the particulars, but this is basically what MA and VT do. I can't see any good faith reason to do anything else.
Ohio, the only other state I've voted in (many years ago) had electronic machines that produced a paper audit receipt. The problem I see with that is that now you have two sources of truth, and no easy way to count one of them to reconcile them.
There is no two sources of truth - the paper trail (VVPAT) is the single truth. It is generally used for a sample-based audit of the machine tallies and depending on recount procedures can be used for up to a complete recount if necessary. Where VVPAT and machine tallies disagree, the VVPAT is correct.
