1) Bank security relies on the ability to undo and otherwise correct earlier mistakes, which requires a system with no anonimity.

Voting must be anonymous and secret. This means no one should be able to tell how you voted and you should not be able to prove how you voted.

This prevents you from applying almost every conventional security and reliability technique. It means that once you have deployed your software, you cannot monitor it or log it's output in any of the conventional ways. For example you cannot even record information about what time a vote was cast or what order the days votes were cast in as this may allow voters to be identified.

Banking systems make mistakes but the bank can then go through the logs and correct them. This is just not possible with an electronic voting system.

For a voting system to be trustworthy, there must be a paper trail. Without a paper trail you are asking the voter to trust the good intentions and also the competence of the programmer and also of the adminstrators of the election. This is unacceptable.

Voting systems based on paper do not require trust. Biased and unbiased observers can watch the ballot boxes and the counting process as closely as they like, all mutually distrustful of each other, all keeping each other (and everyone else) honest.

The purpose of electronic anything should be to assist humans but not to take control away from them. Electronic voting takes control away. With an electronic system, there is a point where my vote is entirely under the control of the electronic system. It exists nowhere except inside the memory of the machine and I have no way of knowing if it has been stored correctly, deleted or distorted.

We should be looking for Computer Assisted Voting. For example in Talahassee, you fill out a paper ballot. If you want, you can have it scanned by the computer which will tell you if there are any mistakes and will also tell you how your vote will be read. If you're happy, you drop it in the ballot box.

This optical scan system has a very low error rate (touch screen voting has an extraordinarily high error). It's also very cheap and very easy to use.

Rant over.

> This is why I would recommend that the bank's systems be used as a base. They've been battle-tested. Basically, the question is one of "How can we rebuild the wheel?", which is stupid.

Not quite. If a bank's system eats $4000 from your account, you have deposit slips, checks, and bank statements that the bank can use to recreate your account history. And, if you discover the problem 10 days late, the bank still can fix it.

In an election, there can be no mistakes from the software. And, if you find out later that there were errors, there is a lot more at stake, and a lot that can't be reconstructed. Bank systems might be a good model to look at for ideas about handling redundancy and implementing detailed logging, but voting systems are a separate problem.