Tabulating votes is also problematic. Votes arrive through a variety of channels, via mail as well as polling stations, and must be tabulated quickly and accurately. But there is little regulation or oversight of the way existing software does this. “A lot of the concern comes out of the fact that no one can look at the software,” Bowen says. She notes that voting-machine analysis often has to be performed under a nondisclosure agreement, meaning that the details of some flaws remain undisclosed.
MIT computer science professor Ron Rivest, who has studied the security and privacy of voting systems, says that these systems should be designed to work even if the software underneath is somehow flawed. “Do you have to trust the software in order to trust the election results?” he asks. The ideal situation, Rivest says, is one where the presence of bugs or malware cannot affect the outcome of an election.
There are other ways that technology can complicate the election system. One of Bowen’s biggest worries about November’s presidential election isn’t the voting machines being used but the databases in which voter registration information is stored. A number of states recently introduced a requirement that names on drivers’ licenses and voter registration records match exactly. Bowen says this could unfairly disqualify some voters, because the software used to compare records often cannot account for typos. For example, a computer may not recognize that “OM’alley” is a typo of “O’Malley.” In 2006, Bowen says, exact match requirements prevented more than 20 percent of Los Angeles County voters from being properly placed on voter registration lists.
Under Bowen’s stewardship, San Francisco will experiment with new software in November. It’s one of the few cities already using instant-runoff voting, a system that lets voters rank candidates in order of preference instead of choosing just one. The rankings data can be used to determine a winner if no candidate receives a majority of the vote.