US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Harvard "Larry Lomax"
Organization :   Clark County, Nevada
Post Date :   9/30/2005

Section Comments
Section :  6.8.5
Page no. :  
Line no.:  
Comment :  6.8.5 Preserve Voter Privacy and Anonymity One of the problems with HAVA is that people are still trying to determine what the law requires. We don’t want that to occur with this document. I had my staff review this draft guidance and based upon requirements such as “the electronic an paper records shall be created and stored in ways that preserve the privacy and anonymity of the voter,” none of us are sure if it allows the use of a spool-to-spool printer or not. From a user’s standpoint, a spool-to-spool printer is the only realistic VVPAT solution. In a county our size, one election generates 7,500-8,000 tapes that must be catalogued and stored. Chopping them into half a million little slips of paper, each of which would have to be tracked, would create an administrative nightmare guaranteed to fail. Assuming a spool-to-spool printer is authorized, other than keeping the printer sealed and not allowing the voter to take a copy of the printed record, maintaining the privacy and anonymity of the voter is primarily dependent upon the manner in which the user administers the election—much in the same manner every clerk in the country must use administrative procedures to protect the privacy of absentee voters, whose name is printed on the very envelope in which they mail their ballot. To ensure the anonymity of the voter with the VVPAT, in Clark County we do not track the order in which people sign in and vote. We also have at least two voting machines in every polling place and we allow the voter to select the machine he/she wishes to use. Finally, there is no record of who voted on which machine. There is additional requirement in this section protect the privacy of individuals who select alternative languages and the discussion suggests having at least five voters use the alternative language on each machine. We cannot do that because it would be inappropriate to ask voters in which language they planned to vote. The privacy of the voter’s language
selection is ensured because we have no way of knowing in which language a voter actually chose to vote. Also, in the area of voter privacy, the guidelines state the paper record will indicate a provisional voter, but the guidelines do not make it clear if the paper record must or must not be linked to the voter. Although I can find no privacy and anonymity exceptions in the guidance for provisional records, states that use the paper record as the official ballot are going to need the ability to trace the paper record back to the voter because whether or not they count the provisional record (ballot in this case) is dependent upon whether or not subsequent research indicates the voter met some specific criteria. The voter’s privacy can still be protected through administrative measures, but not electronically. Clarification is needed in this area. Finally, from a practical perspective, does it still make sense to require the electronic ballots be stored in a randomized order when the printer is printing the ballots in the order the machine is used. The guidance requires a “unique identifier be attached to both the paper record and the electronic ballot so that they can be linked.” But what is the purpose of randomizing the electronic ballots if we attach a unique identifier to them so that they can be “un-randomized?” For those of us that might have to do this, it appears we are adding some unnecessary steps to the process by scrambling the records and then requiring us to unscramble them.
[Statements submitted at EAC public hearing, June 30, 2005, New York]