Currently deployed electronic voting has received a couple of setbacks in the US and Italy in recent days. The Italian Prime Minister's office has been reported as saying that evoting trials in Italy have been a failure and evoting will be discontinued there. (Thanks to Glyn via the ORG list for the link)
In the US the National Institute of Standards and Technology (NIST), which is required to assist the Election Assistance Commission with the development of voluntary voting system guidelines, has issued a draft white paper. Amongst other things the white paper concludes that "Software-dependent approaches such as the DRE are not viable for future voting systems." (DREs are 'direct record electronic' machines run by proprietary software). From the body of the report "software independence" is described as follows:
"A voting system is software-independent if a previously undetected change or error in its software cannot cause an undetectable change or error in an election outcome. In other words, it can be positively determined whether the voting system’s (typically, electronic) CVRs are accurate as cast by the voter or in error. In SI voting systems that are readily available today, the determination can be made via the use of independent audits of the electronic counts or CVRs, and independent voter-verified paper records used as the audit trail.
A simple example of this is op scan, in which a voter marks (by hand or using an EBM) the paper ballot. The voter verifies the paper ballot is correct, thus it is voter-verified, and the paper ballot is “outside” or independent of the voting system, i.e., it cannot be changed or modified by the voting system. As a consequence of these two factors, the paper ballot can be considered as independent evidence of what the voter believed he or she was casting. After the paper ballots are scanned, they can subsequently be used to provide an independent audit, or check, on the accuracy of the electronic counts.
If an undetected change or error in the optical scanner’s software were to cause erroneous counts, subsequent audits would show the errors. Even if malicious code was inserted into the scanner’s software, the audits would detect resultant errors in the counts. Therefore, the correctness of the scanner’s counts does not rely on the correctness of the scanner’s software, and thus op scan is software independent: changes or errors in its software will be reliably detected by independent audits of its electronic counts. Thus, the primary ingredients to SI as illustrated in op scan are (1) voter-verified records that are (2) independent of the voting system used in (3) audits of the scanner’s electronic counts."
Well worth a read for evoting geeks.