Just what we want in a voting system! In this post, I'll give a brief overview of issues with electronic voting. Then I'll look at VSAP as an institution. Next, I'll show why the VSAP system is not only insecure, but likely to make money-in-politics even worse than it already is.
We've covered electronic voting before — see here, here, and here — and if you want to understand why hand-marked paper ballots, hand-counted in public (HMPBCP) is the world standard, you can read them, especially the first. In this overview, I'll make a few high-level observations about electronic voting in general.
Digital systems can never be shown not to have bugs. As Computer Science Elder God Edgers Dijkstra wrote: "Program testing can be used to show the presence of bugs, but never to show their absence!" Many bugs in many important programs persist for years before they are discovered. A list would include Flash in IE6 (persisted 12 years), OpenSSL (15 years), LZO data compression (18 years), and bash (25 years). None of these examples are outlier programs or trivial; they are all used by millions, essential to enterprises, networks, etc. Each of these bug is an insecurity waiting to happen. And that's before we get to Trojan Horses, which are bugs introduced deliberately by a developer for purposes of their own. In fact, I would go so far as to argue that any voting system decision maker who advocates electronic voting is doing so for reasons other than security, given that HMPBCP is available, which amounts to saying that such a decision maker regards a certain amount of exploited bugs — election fraud — as acceptable.