How scanners and PCs will choose London's mayor

A third major difference is the design of the ballot papers. In previous GLA elections the candidates for both the Assembly and the position of Mayor were listed on the same page, meaning that voters had to cast multiple votes on one ballot. Scottish voters faced a similar set-up, which meant lots of people simply failed to vote in the election that was listed second on the sheet.

"We did market testing of the ballot paper and found that having two votes on the same paper was a major – if not the only - cause of the confusion," says Bennet. "So this time each assembly contest is on a separate paper."

So London voters will be issued with two ballots: one for the Assembly elections, and the other for the Mayoral race itself. Bennet says he expects this will reduce the number of missing votes considerably, and the number of ballots that will be sent to adjudication.

"Sensitivity [to unintentional or confusing marks] is set very high, because of our experience in 2000," Bennet says, referring to the election where roughly one in five ballots needed adjudication.

"The processing software can identify a continuous line as a fold in the paper, but if even a speck of dust makes a mark where a vote might be cast, the ballot paper will be put in the pile for adjudication."

Keeping STVs confidential

Despite this, he says he expects the voter error rate to be of the order of one per cent for the Assembly vote. The Mayoral race will be closer to ten per cent, he says, because the voter needs to indicate a first and second preference.

"With a single transferable vote system, you have to have two votes on the same paper. Market research indicates that 80 per cent of people look straight at the names and voting boxes. Only after that, if at all, do they read the instructions at the top of the page. Additionally, in London you have the significant issue of English not being everyone's first language.

"Short of separating the vote into two rounds, we are pretty much stuck with this as a problem."

But despite all the changes, there are still those who are concerned that introducing technology into the voting process risks compromising the integrity of the vote. One such campaigner is Rebecca Mercuri, an American expert on electronic voting and counting systems.

She is worried that equipment provided by companies with little or no experience in elections could fail to provide an accurate count because of an unintentional design flaw. She cites the example of a US election where the counting system reached a certain number, and then started counting backwards.

"It's not that easy to design [a well planned counting system]," she told us.

But Bennet says he's confident that the machines will return a result that accurately reflects the will of the people, simply because of the huge volumes of test papers that have been scanned. Over the last 18 months, almost one million ballot papers have been counted on test runs, and Bennet is so sure of his system that he is prepared to claim the machines are more accurate than people.

"When we've had to do recounts because of a discrepancy between the machine and manual counts, it has always turned out that the machines are right and the people have made a mistake," he told us.

But Mercuri questions Bennet's confidence in the voting machines. Testing, she says, is only good at spotting the problems that can be forseen. Optical scanners in the US were rejecting ballots that had been marked with gel-ink pens, for example, but this wasn't picked up in testing because no one was looking for it. Only low vote totals alerted officials to the problem.

Pre-election testing is also no good at spotting machines that develop a fault, or have been compromised on the day. It might be possible, Mercuri contends, for a hidden piece of code to be activated, or for a machine to be subverted by scanning a particular bitmap image, or even by an engineer pressing a particular sequence of keys. These so-called Easter eggs are common in electronic equipment, she says, as manufacturers commonly install them to allow engineers access to configuration or diagnostic settings.

A Fujitsu spokesman told us that the scanner that will be used on the counting day, the fi-5900 "can NOT be programmed/altered based on the image 'content' of a specific page".

Despite the assurances of those involved, Mercuri remains unconvinced. The only thing to do is to run a manual sample count to check the machines as the votes are totalled.

"Basically, without audits, you have no way of knowing if there were problems. Your deputy GRO would like to believe that the pre-election test provides confidence in the election results, but actually it is just a false sense of confidence," she counters.

London Elects, the body organising the poll, has taken plenty of the steps needed to avoid a repeat of the disaster in Scotland - but it has stopped short of ordering a sample manual recount to audit the machines.