Month: November 2016

2001 University of Waterloo Faculty of Mathematics Work Report on Internet Voting Technologies

University of Waterloo Faculty of Mathematics Work Report on Internet Voting Technologies

Original report was at www·student·cs·uwaterloo·ca/~dasibley/
Now only available in the Internet Archive.
prepared by Douglas A. Sibley
March 2001

Conclusions

Without clean-room conditions, it is impossible to know whether a computer’s hardware and software are correctly transferring the intent of the voter into the correct form and registering it with the voting authority. Without a system that has been thoroughly reviewed by the cryptographic community, it is impossible to know whether the system is secure. In conclusion, since Internet voting has many theoretical flaws and the parts that are not theoretically flawed are not adequately proven, Internet voting should be abandoned and proscribed for all elections mandated by law, including, the public sector, elections mandated by corporate law, and union elections. The risks of fraud are too great.

Recommendations

This report recommends that the traditional paper-based system be used to ensure fairness and security. This report also recommends that Internet-based voting be outlawed for any elections held or mandated by government.

Updated from the original post on my legacy blog.

Waterloo Internet voting

The City of Waterloo has again rejected the use of Internet voting in its municipal election.

I really liked the framing by Regional Councillor Jane Mitchell: “showing that you are really tech savvy”.  Which is to say, rejecting Internet voting doesn’t show that you are backward-looking, it shows that you actually understand the technology.

Waterloo Region RecordWaterloo rejects online voting, ranked ballot – by Paige Desmond – November 21, 2016

Waterloo ChronicleWaterloo council rejects Internet voting for 2018 – by Samantha Beattie – November 22, 2016

CTV News Kitchener – Waterloo council says no to online voting, ranked ballots – November 22, 2016

The meeting was the November 21, 2016 Council Meeting.  The meeting will be posted to YouTube account citywaterloo.

The relevant report is CORP2016-105 Alternative Voting Methods (Internet Voting) by Olga Smith.  The report can be found on pages pp. 84-93 of the original packet (PDF) for the November 21, 2016 Council Meeting.  (The original packet is also available in the Internet Archive.)  It is an update on previous report CORP2013-053.

The CORP2016-105 report offers an overview of the current unfortunate state of affairs as Internet voting spreads across (small, low-IT-capacity) Ontario municipalities:

Since 2003, there has been an increase in Ontario municipalities introducing alternative voting methods (internet, telephone and mail-in voting). In 2014, 97 out of 414 Ontario municipalities offered paper, vote-by-mail, internet and telephone ballot options, others a combination of paper and internet or, in the case of 61 municipalities, offered all electronic (internet and telephone voting). The municipalities’ population ranges in size from 900 to approximately 300,000.

It then identifies some key concerns

Opponents of internet voting advise of concerns including:

  • security concerns and process vulnerabilities
  • voter authentication
  • loss of transparency with reduced oversight of the voting process by candidates and scrutineers

Next it turns to debunking some Internet voting myths, starting with turnout

The results of an extensive study conducted by Elections British Columbia, and presented to the Legislative Assembly of British Columbia in February 2014, dispel the myth that internet voting increases voter participation in general and participation by young people in particular

The report being referenced is from the British Columbia Independent Panel on Internet Voting, specifically the February 2014 Recommendations Report to the Legislative Assembly of British Columbia (PDF).

For security concerns it paraphrases me (I was not aware of this until now)

Research and information from experts in the computer science field warn of the risks of the use of online voting including:

  • Widespread use of online voting could enable coercion of voters and possibly vote buying.
  • Software and hardware components that would be involved in marking, transmitting, receiving and counting an online ballot represent an unreasonably high risk to the chain-of-custody for the ballot.
  • Canadian government departments have already been successfully cyber attacked.
  • Computer and national security experts warn that online voting is not secure.

The original text from my submission to ERRE reads

Considerations:

  • Widespread use of online voting would enable widespread coercion of voters, including vote buying.
  • The innumerable software and hardware components that would be involved in marking, transmitting, receiving and counting an online ballot represent an unreasonably high risk to the chain-of-custody for the ballot.
  • Canadian government departments have already been successfully cyberattacked by nation-states.
  • Computer security experts warn that online voting is not secure.
  • National security experts warn that online voting is not secure.
  • Social science evidence indicates that online voting won’t increase turnout.

It doesn’t reference my brief (lack of citations is not unusual for city staff reports).

CORP2016-105 also raises examines concerns about Internet voting in the following areas (using the document numbering):

  1. Auditability
  2. Scrutiny
  3. Accessibility (it finds that online voting provides accessibility)
  4. Lack of Federal/Provincial Standards
  5. Additional Costs for Internet Voting

The report next presents data from Guelph and Cambridge, with the following observations:

  • The statistics from municipalities offering a choice of paper ballots or internet voting show that most voters choose to mark a paper ballot.
  • Cambridge did see a minor increase of 1.18% in voter turnout as compared to 2010.
  • Guelph did see an increase of 9% in voter turnout as compared to the 2010 election but the increase could be attributed to the mayoral race and not necessarily that internet voting was offered.

corp2016-105-pp92-93-cambridge-guelph

This is followed by a chart for Guelph’s 2014 election showing a typical voter distribution pattern, i.e. there is no dramatic increase in youth turnout for an election with Internet voting.

city-of-guelph-voter-turnout-by-age-2014
The supplementary information packet (revised packet) for the November 21, 2016 Council Meeting also includes (on page 9) an email from Urs Hengartner, Associate Professor, Cheriton School of Computer Science, University of Waterloo, which I have reproduced below with email address removed:

-----Original Message-----
From: Urs Hengartner
Sent: Sunday, November 20, 2016 1:02 PM
To: Clerk Info
Cc: Jeff Henry
Subject: Comment on item 7.c)
         "Alternative Voting Methods (Internet Voting)"

Hello,

Here is a comment on item 7.c) “Alternative Voting Methods (Internet Voting)” to be discussed during the Waterloo City Council Meeting on Nov 21, 2016.

Given the arguably unexpected outcome of the U.S. presidential election, many people have called for an audit of the election result. As it turns out, about 25% of the entered ballots exist only in electronic form, so auditing them is pointless. Fortunately, the remaining 75% of the ballots (also) exist in paper form and could be audited.

In an Internet voting system, there are no paper ballots that are filled in by a voter him/herself or by a machine in the voter’s presence, so there is no paper record that reliably documents the voter’s intent.
Given that it is each voter’s choice with which voting system to vote, the percentage of votes entered via an Internet voting system could reach a significant proportion of the overall votes. Therefore, auditing an unexpected or narrow election outcome would become impossible. In turn, rumours alleging mistakes in the voting system or attacks on it could not be addressed, leading to voters losing their trust in the integrity of the voting process.

Best,
 Urs

--
Urs Hengartner
Associate Professor
Cheriton School of Computer Science University of Waterloo, Canada

Quebec moratorium on electronic voting – archived press releases

Quebec has a moratorium on electronic voting.  The main information pages are were:

UPDATE 2017-11-06: The above pages are not available any more, but there are copies in the Internet Archive

END UPDATE

UPDATE 2017-11-09: Elections Quebec has confirmed to me that they have completely removed all information about electronic voting and the 2006 moratorium from their website.  This is an ongoing issue of web content where old content is simply removed, even if it is still vital (the 2006 moratorium is still in effect, and the issues with electronic voting are still vitally relevant in 2017).

I have rescued (to the extent that putting a page in the Internet Archive is a rescue) two more pages related to the moratorium, because they too will almost certainly disappear:

END UPDATE

There is an accompanying extensive report in French only – Élections municipales de novembre 2005 : Rapport d’évaluation des nouveaux mécanismes de votation – octobre 2006 (PDF) – copy available in the Internet Archive.

There used to be four press releases (two in each official language) that accompanied the information pages.  Unfortunately those press releases have been archived.  Using my Pinboard cache plus Google and Bing caches I located copies of three of the pages; I have requested the text of the other one (Communiqué 2) although you can figure out its content based on Press Release 2.

Press Release 1

Evaluation Report of New Methods of Voting – The Chief Electoral Officer Makes a Disturbing Diagnosis of the Problems that Occurred during the Municipal Elections of November 6, 2005

October 24, 2006

Québec City, October 24, 2006 – Today, the Chief Electoral Officer of Québec, Me Marcel Blanchet, tabled in the National Assembly an evaluation report that makes a troubling diagnosis of the problems that occurred during the municipal elections of November 6, 2005, in some of the 162 Québec municipalities that used new methods of voting. One hundred and forty (140) municipalities used electronic voting while 22 “tested” the postal ballot. “The major problems that were encountered during polling and the release of results have eroded the confidence of many persons regarding the new methods of voting” recalled Me Blanchet. “It was in order to shed light on these events and determine what happened that I created an internal evaluation committee which conducted a review that is unprecedented in Québec.”

An In-depth Review that Used the Expertise of All those Concerned

The evaluation committee that reviewed the November 2005 polls examined:

– the written reports of 144 returning officers, three suppliers of electronic voting services and the supplier of postal ballot services;

– the complaints received by the Chief Electoral Officer following the elections, the motions presented before the courts, as well as judgements rendered by the courts.

The committee also met most of the returning officers as well as several stakeholders in person: services providers, experts, observers and complainants. It also reviewed the rejected ballot papers in seven municipalities, as well as technical audits of electronic ballot boxes and voting terminals used during the municipal elections. For this last stage, the evaluation committee called on the expertise of the Centre de recherche informatique de Montréal (CRIM).

The Problems Encountered in November 2005 are the Result of Many Circumstances

“We all remember the events that marked the municipal elections of November 6, 2005,” recalled the Chief Electoral Officer. “Not only did the systems fail, but the corrective measure proposed were insufficient, poorly adapted and often came too late.  The primary objective of our evaluation was not to point fingers since all those involved with the municipal elections of 2005 must share come responsibility for these problems,” explained Me Blanchet. “We are keen to understand certain situations and examine certain problems that arose primarily in order to be able to trace the path toward electronic ballots that, if maintained, should be marked by transparency and integrity that are at the heart of our democratic values,” declared the Chief Electoral Officer.

The root causes of the problems encountered by the various actors of the 2005 municipal elections, include the following:

  • an imprecise legislative and administrative framework that did not adequately assign roles and responsibilities or address the risks inherent in electronic voting;
  • absence of technical specifications, norms and standards that would have guaranteed the quality and the security of the voting systems used;
  • poor management of voting systems (especially lack of security measures) leaving a lot of room for errors, accidents and the absence or insufficiency of solutions in case of problems.

More specifically, it is possible to pinpoint a number of circumstances that increased the risks:

  • Voting machines, machines used for quality control of components and machines aimed at ensuring the security of the methods of voting and the integrity of the vote were not adequately tested.
  • In most cases, there was no backup plan covering all potential problems.
  • Procedures on how to use voting systems were not documented.
  • Due to the importance of the technical aspects of the vote, some returning officers had difficulty harmonizing their responsibilities with those of service providers, leading, for instance, to loopholes in the training of election staff
  • One of the suppliers overestimated its ability to simultaneously serve a large number of municipalities, particularly the largest municipalities.
  • This supplier probably delegated too much responsibility to sub-contractors (especially regarding training).
  • Imprecise contracts and incomplete specifications blurred the relationships between municipalities and their service providers.
  • There were no independent experts on electronic voting to whom returning officers could turn.

“Ten years of using electronic voting with no major problem, ten years of increasing satisfaction by municipalities who kept asking for it, had given some credibility to this new approach to holding elections,” surmised Me Blanchet. “What we experienced on November 6, 2005, and what our examination of the situation revealed, should convince us that this approach is more risky than earlier thought,” concluded the Chief Electoral Officer.

It is worth recalling that in Québec, a municipal election involves all democracy partners. Thus, under the Act Respecting Elections and Referendums in Municipalities, a Québec municipality that would like to hold an election using electronic voting or the postal ballot has to sign a memorandum of understanding with the minister of Municipal Affaires and Regions and the Chief Electoral Officer. The Act Respecting Elections and Referendums in Municipalities also states that it is a municipal actor, that is, the returning officer, who is in charge of the election and has responsibility for election operations, including honouring and administering the contract signed between his municipality and a supplier, for instance, of electronic voting systems. The Chief Electoral Officer, for his part, provides assistance to returning officers who so request and may, in keeping with his responsibilities and expertise in election matters, examine special situations and make recommendations.

Press Release 2

Evaluation Report of the New Methods of Voting – The Chief Electoral Officer Sets Very Stringent Conditions for the Future Use of Electronic Voting if it is Maintained

October 24, 2006

Québec City, October 24, 2006 – The review by the Chief Electoral Officer of the new methods of voting used during the municipal elections of November 6, 2005 leads him not only to question their value added, but to recommend very stringent conditions for the future use of electronic voting, if this method of voting is to be used again. In a report tabled today at the National Assembly, the Chief Electoral Officer, Me Marcel Blanchet, is very critical of the electronic voting systems that were used during last year’s municipal elections and on the manner in which they were used. In addition to noting that these systems did not seem to have lived up to expectations, he believes that electronic ballot boxes and voting terminals are vulnerable technologies. Furthermore, the manner in which they have been managed so far does not offer sufficient guarantees of transparency and security to ensure the integrity of the vote. As a result, the Chief Electoral Officer believes that it is up to the National Assembly to decide whether or not to maintain the use of these new methods of voting and that, for the time being, the moratorium on their use must be maintained.

“In its current form, the Act respecting elections and referendums in municipalities enables municipalities to decide whether to use a new method of voting during a general or by-election,” recalled Me Blanchet. “But after the evaluation that we have just conducted of electronic voting and the postal ballot, I am of the opinion that to reestablish the confidence that was eroded last November 6, major changes must be introduced to their legal and administrative framework, if they are to be maintained,” the Chief Electoral Officer stated. “The voting systems should be subjected to very high quality and security norms and standards before municipalities can use them again,” he added.

Revealing Tests and Audits

The recommendations regarding the future of electronic voting are based mainly on technical audits and tests conducted in collaboration with the Centre de recherche informatique de Montréal (CRIM) on the voting systems used during the last municipal elections. This detailed review was aimed at detecting the risks associated with the use of electronic ballot boxes and voting terminals.

The technical audits and tests helped to determine that electronic voting systems are exposed to many risks since they have limited or no formal protection and security measures, thus making them vulnerable to technological attacks. In addition, the systems are thus exposed to major service or network defects and breakdowns.

The review of the manner in which electronic ballot boxes and the voting terminals are tested, installed and managed during an election also reveals a lack of knowledge of voting system components, as well as lack of expertise by those involved with elections, including the service providers.

Modify the Framework and Implementation Method

Based on his evaluation of the new methods of voting in general and electronic voting systems in particular, that were used during the November 2005 elections, the Chief Electoral Officer recommends a modification of the framework governing their use and how they are implemented in Québec:

  • The legislation governing the use of these methods of voting must be reviewed and better defined, including the memoranda of understanding signed by the municipalities with the Chief Electoral Officer and the Minister of Municipal Affaires and Regions.
  • Rigorous technical specifications as well as security and reliability norms and standards must be adopted before any future use of a new method of voting. A group of experts must be created in this respect.
  • An independent authority must be vested with a mandate to monitor and the powers to audit and control the norms and standards related to the new methods of voting.

The Chief Electoral Officer also recommends that care should be taken to ensure that suppliers have the ability to offer their services to several municipalities simultaneously and suppliers should be required to sign more stringent contracts containing precise specifications regarding the professional services required and the voting systems used.

“The role and responsibilities of the Chief Electoral Officer, the Ministry of Municipal Affairs and Regions, returning officers and service providers must also be clarified, according to Me Marcel Blanchet, and it is definitely important for all these actors to receive in-depth training on the new methods of voting.”

As far as security is concerned, measures should be adopted in order to guarantee the integrity of the electoral process. For instance:

  • competent authorities should have access to the programming codes and source codes of the software used in the voting systems;
  • the implementation of mandatory and complete tests on all equipment to be used in an election;
  • the establishment of backup plans covering all potential problems;
  • the swearing in of all those responsible for programming and installing systems and software and providing technical support and troubleshooting;
  • the implementation of strict measures for the storage and safekeeping of systems used;
  • the adoption of measures aimed at ensuring that, after the election, the supplier destroys data recorded on the electronic voting systems.

To prevent the rejection of ballots by electronic ballot boxes, the Chief Electoral Officer also recommends the adoption of ballot papers similar to those used during traditional voting. In the case of voting terminals, these devices should be adapted to be able to do a recount.

As far as the postal ballot is concerned, the Chief Electoral Officer recommends especially that returning officers should adopt a model that is inspired from that used at the provincial level for voting by inmates and electors outside Québec. Thus, the systematic sending of voting kits to all electors domiciled in a municipality should be forbidden.

Communiqué 1

Rapport d’évaluation des nouveaux mécanismes de votation – Le DGE pose un diagnostic inquiétant sur les problèmes survenus lors des scrutins municipaux du 6 novembre 2005

24 octobre 2006

Québec, le 24 octobre 2006 – Le directeur général des élections du Québec, Me Marcel Blanchet, a déposé aujourd’hui à l’Assemblée nationale un rapport d’évaluation qui pose un diagnostic inquiétant sur les problèmes survenus lors des scrutins municipaux du 6 novembre 2005, dans un certain nombre des 162 municipalités du Québec ayant utilisé de nouveaux mécanismes de votation. 140 municipalités ont alors eu recours au vote électronique, alors que 22 municipalités ont « fait l’essai » du vote par courrier.  « Les problèmes importants qui ont marqué le déroulement des scrutins et la diffusion des résultats ont ébranlé la confiance de nombreuses personnes à l’égard des nouveaux mécanismes de votation » a rappelé Me Blanchet. « C’est pour faire la lumière sur ces événements et établir les faits que j’ai formé un comité d’évaluation interne, lequel a réalisé un examen sans précédent au Québec. »

Une évaluation approfondie qui a mis l’ensemble des acteurs à contribution

Le comité d’évaluation qui s’est penché sur les scrutins de novembre 2005 a examiné :

– les rapports écrits de 144 présidentes et présidents d’élection et ceux des trois fournisseurs de services de vote électronique et du fournisseur de services de vote par courrier;

– les plaintes reçues par le Directeur général des élections (DGE) à la suite des scrutins, de même que les requêtes présentées devant les tribunaux, ainsi que les jugements rendus par ces derniers.

Le comité a également rencontré en personne la grande majorité des présidentes et présidents d’élection, ainsi que plusieurs intervenants : fournisseurs de services, experts, observateurs et plaignants.  Il a en outre réalisé une étude des bulletins de vote rejetés dans sept municipalités, ainsi que des audits techniques des urnes électroniques et des terminaux de votation utilisés lors des élections municipales.  Pour cette dernière étape, le comité d’évaluation a eu recours à l’expertise du Centre de recherche informatique de Montréal (CRIM).

Les problèmes survenus en novembre 2005 sont le fruit d’un ensemble de circonstances

«  Nous nous souvenons tous des événements qui ont marqué les scrutins municipaux du 6 novembre dernier », a rappelé le directeur général des élections.   « Non seulement des systèmes ont fait défaut, mais les correctifs proposés étaient insuffisants, mal adaptés et souvent tardifs.  Le premier  objectif de notre évaluation n’a  pas été d’identifier un responsable plutôt qu’un autre de ces difficultés, puisque tous les acteurs des scrutins municipaux de 2005 doivent partager une certaine responsabilité », a précisé Me Blanchet.  « Si nous avons voulu comprendre certaines situations et nous pencher sur certains problèmes, c’était avant tout pour être en mesure de tracer la voie vers des scrutins électroniques qui, s’ils sont maintenus, devraient être marqués par la transparence et l’intégrité qui sont au centre de nos valeurs démocratiques », a affirmé le DGE.

À la base des dérapages constatés par les différents acteurs des scrutins municipaux de 2005, il faut souligner :

  • un encadrement législatif et administratif qui manquait de précision, notamment en ce qui a trait aux rôles et aux responsabilités de chacun et aux risques inhérents au vote électronique;
  • une absence de spécifications techniques, de normes et de standards qui auraient garanti la qualité et la sécurité des systèmes de votation utilisés;
  • des façons de gérer les systèmes de votation (notamment l’insuffisance des mesures de sécurité) qui favorisaient les erreurs, les accidents de parcours et l’absence ou l’insuffisance des solutions en cas de problèmes.

De façon plus spécifique, il est possible de pointer du doigt un certain nombre de circonstances qui ont augmenté les risques :

  • Il y a eu insuffisance de tests réalisés sur les appareils de votation, de contrôles de qualité des composantes des systèmes et de mesures de sécurité visant à protéger les mécanismes de votation et par conséquent, l’intégrité du vote.
  • Dans la plupart des cas, il y a eu absence d’un plan de relève couvrant l’ensemble des problèmes potentiels;
  • Les processus quant à l’utilisation des systèmes de votation n’étaient pas documentés;
  • En raison de l’importance des aspects techniques du vote, certains présidents d’élection ont eu du mal à arrimer leurs responsabilités à celles des fournisseurs de services, ce qui a causé, par exemple, des lacunes en ce qui a trait à la formation du personnel électoral.
  • L’un des fournisseurs a surestimé sa capacité à desservir simultanément un grand nombre de municipalités, et particulièrement les plus importantes.
  • Ce fournisseur a probablement délégué trop de responsabilités à des sous-contractants (particulièrement en ce qui a trait à la formation).
  • Des contrats parfois imprécis et des devis incomplets ont balisé les relations entre les municipalités et leurs fournisseurs de services.
  • On a noté l’absence d’une expertise indépendante spécialisée en matière de vote électronique, à laquelle les présidents d’élection auraient pu avoir recours.

« Dix  ans d’utilisation du vote électronique sans problème majeur, dix ans de satisfaction croissante de municipalités qui en redemandaient, avaient donné une certaine crédibilité à cette nouvelle façon de tenir des élections », a estimé Me Blanchet.  « Ce que nous avons vécu le 6 novembre 2005 et ce que notre examen de la situation nous révèle, devrait nous convaincre que cette voie était beaucoup plus hasardeuse que l’on pouvait le croire », a conclu le directeur général des élections.

Rappelons qu’une élection municipale, au Québec, c’est l’affaire d’un ensemble de partenaires de la démocratie.  Ainsi, en vertu de la Loisur les élections et les référendums dans les municipalités (LERM), une municipalité québécoise qui désire tenir un scrutin avec le vote électronique ou le vote par courrier doit signer un protocole d’entente avec la ministre des Affaires municipales et des Régions et le Directeur général des élections.  La LERM prévoit en outre que c’est un acteur municipal, le président d’élection, qui est le maître d’œuvre du scrutin et a la responsabilité des opérations électorales, ce qui inclut le respect et l’administration du contrat conclu entre sa municipalité et un fournisseur, par exemple, de systèmes de vote électronique.  Le DGE, pour sa part, fournit de l’assistance aux présidents d’élection qui en font la demande et peut, en vertu de ses responsabilités et de son expertise en matière électorale, examiner des situations particulières et faire des recommandations.

Canada’s Chief Electoral Officer wants electronic counting option

The Chief Electoral Officer has made his Recommendations following the 42nd General Election.  Buried in it is recommendation A3, which would in my opinion open the door to unaccountable experimentation with Canada’s (federal) vote-counting system, a system that is currently extremely fast and high-integrity.  In particular it opens the door to introduce electronic counting (vote counting computers).  I don’t know why one would want to fix something that is not broken, and why Canada would want to give the sole authority to make that change to the Chief Electoral Officer (CEO).

Recommendation A3: Subsection 283(3) should be replaced with a general provision that allows the ballot-counting process to proceed according to the CEO’s instructions.

These recommendations are being discussed in closed sessions of the Parliamentary PROC (Procedure and House Affairs Committee).  It is not clear how the public can provide input into the discussions, other than by contacting PROC.

PROC@parl.gc.ca

At the time of this writing, the next closed meeting will be meeting 42, November 24, 2016.  You can find the list of all PROC meetings for the current Parliamentary session at

http://www.parl.gc.ca/Committees/en/PROC/Meetings?parl=42&session=1

Recommendations Report

An Electoral Framework for the 21st Century: Recommendations from the Chief Electoral Officer of Canada Following the 42nd General Election

a3-counting-procedures-highlight-counting-devices

From Table A—Recommendations Discussed in Chapters 1 and 2

Issues with Vote Counting Computers

The only way to be sure that votes have been counted is to

  1. Vote on paper
  2. Count the paper

If you have very complex counting, with either many positions being voted upon at once, or with an indirect allocation of results based on calculations, then you might choose vote counting computers that scan the paper ballots.  But be aware that you then MUST

  • extensively test vote counting computers before and after the election
  • remove voting computers from service during the live election and test them (in order to test under true voting conditions)
  • conduct risk-limiting audits of the paper ballots
  • keep the computers secure at all times, including between elections
  • keep the computers well-maintained at all times, including between elections

Which is to say, using vote counting computers may be faster for complex elections, but it is definitely not cheaper when done with proper risk management.

It is possible to take a hybrid approach, although no jurisdiction I know of does so.  In a hybrid approach, particularly important votes would be separately hand marked and hand counted (e.g. in the USA it would make sense to separate the Presidential ballot and count from all other vote casting and counting).

Note that in Canada we don’t (yet) have complex elections, meaning there is literally no justification for computer counting of ballots.  You’re introducing greater security risk, along with the need to continuously warehouse, maintain and secure the voting computers.

And note I said voting computers not some incorrect term like “voting machines” or “electronic counting devices” or “electronic tabulators” or “optical mark-sense scanners”.  These are full-fledged computers with optical scanners attached.  Computers that are vulnerable to all the regular and routine sorts of attacks and errors that happen every day.

Now think about this concept of “efficiency”.  How often does an election take place?  Once every four years?  And how long does it take to do the count?  With a simple ballot, you might save a few minutes on the entire count.  And then what do you do with the computers?

To save a few minutes every four years, you have to spend millions of dollars to warehouse and maintain vote counting computers.  And warehouse them securely, if you care about elections security.  And technology goes obsolete quickly.  So basically you’re paying for computers to sit in warehouses going obsolete, in pursuit of some illusory time and efficiency savings.