Here is an excerpt from the NY Times Freakonomics blog of an interview with Bruce Schneier in which he had this to say:

Q: What is the future of electronic voting?

A: I’ve written a lot about this issue (see here and here as well). Basically, the problem is that the secret ballot means that most of the security tricks we use in things like electronic funds transfers don’t work in voting machines. The only workable solution against hacking the voting machines, or — more commonly — innocent programming errors, is something called a voter-verifiable paper trail. Vote on whatever touch-screen machine you want in whatever way you want. Then, that machine must spit out a printed piece of paper with your vote on it, which you have the option of reviewing for accuracy. The machine collects the votes electronically for a quick tally, and the paper is the actual vote in case of recounts. Nothing else is secure.

Let me repeat that last part: “nothing else is secure.” For an individual made famous assailing cut and dry security assertions, I’m surprised he had that to say. VVPAT is by no means above security criticism. But as much as the idea has advanced the discussion on verifiable elections, it is at its heart, a band-aid security solution. Of all people I would have expected this author to advocate security design simultaneous with system design, and not just slapped on top.

I think sometimes when people live with an idea for long enough, they stop thinking critically about it. But when you’re outside looking in, things jump out at you. The Europeans say, for example, `why do the Americans switch their fork into their knife hand after cutting their food–it makes more sense to have one hand for one utensil.’ Well, some things just emerge through time and are not the product of an original design. The Americans abandoned the hand counted paper ballot in favour of DRE’s because they were faster, but made the election outcome vulnerable to fraud and error in so doing. VVPAT was added on after the fact, yet for it to provide the security of a paper ballot system, you have to do the work of a paper ballot system.

Try to think about this from the perspective of someone who’s never heard the terms DRE or VVPAT. The kind of reaction you get is something like “so you’re giving up paper-based hand counting to switch to an electronic system that you make secure through paper-based hand counting?” Someone told me recently that’s like building a wind turbine to go green, and then powering it with a diesel engine… a self defeating solution.

So are VVPATs the wave of the future? I say yes, if by `wave’ you mean the “na na na na, good-bye” variety. The DRE-VVPAT combo is an awkward mismatch of technological epochs. Though it may be enjoying its day in the sun, there is change on the horizon, and Punchscan, Pret-a-Voter, Scantegrity point to this.

More tangibly however I would draw peoples’ attention to the new innovation class outlined in the 2007 draft VVSG, which has opened the door to new possibilities.

As my voting research colleagues meet in Washington D.C. tomorrow for the First Open Workshop on the “Voluntary Voting System Guidelines” to discuss the aspects of certification of new systems under this innovation class, I’m left thinking Schneier’s vision for the future of electronic voting is in the same league as “640kb of memory should be enough for everybody.”