The Open Rights Group has reported (pdf) on the May 2007 local and Scottish e-voting.

In short: We don't know what any of the software actually did. Nor does anyone else.

People ask questions about whether e-voting is secure. And vendors will always say, often truthfully, that their systems are secure: at least as secure as paper ballots. Developing secure e-voting systems is not rocket science.

Security is the wrong question to ask. It has a specific meaning, and many many computer systems, banking, ecommerce and so on, are easily secure enough. Yes, there is an arms race between the security people and those who would gain access to secure systems. Yes, many many home computers are compromised, and are therefore an unsuitable platform for e-voting. Nonetheless, security is not the issue.

What is the issue? In a word: transparency. The functions of a locked steel box are transparent: it keeps the objects put in it, unchanged, until they are taken out again. The functions of a computer are not. A computer could be doing absolutely anything with the virtual objects it is trusted with protecting. Without looking shifty.

The problem with computers is not that they are incapable of doing the job, but they are too capable. It is not that they cannot produce an audit trail, but that they could produce a completely fictional audit trail. The only systems that deserve any consideration are those with a paper audit trail - such as the optical scan system used in Scotland.

In Sheffield ... on the night of the count no breakdown of votes from different channels was provided to attendees: these were kept in sealed envelopes and declared ‘ballot boxes’. Officers then manually added figures together using pencil and paper before presenting the figures to candidates and agents. Understandably agents at the count felt that the numbers had ‘just appeared’ and were unhappy the process had not been more transparent.

...because the numbers had 'just appeared'. They were probably the correct numbers, but how is it possible to tell? If we had had independent international observers at this election, what could they possibly say about it?

Alistair Graham is quoted in the report:

I should like to put this question to you. How does DCA or the Electoral Commission know about the extent of electoral fraud when neither of them have kept any statistics nor have undertaken any research on the issue? Is it that, in their obsession with increasing participation at all costs, they have turned a blind eye to the risks of electoral fraud and its consequences on the integrity of our democratic system?

Amen.