Topic: Voting

Voting Fraud & Electronic Voting

I wrote this in the early aughts, when the first generation of electronic voting machines were deployed. Administering voter rolls and running elections is the single most important responsibility of state governments, and in 2018 it continues to amaze me how many of them apparently cannot be moved to give a shit about doing it competently.
Due in large part to the the difficulties with the Florida 2000 Presidential balloting, Congress and the states have been pushing hard to replace paper ballots with computer terminals. The hope is that vote counting errors will be reduced or eliminated. There is some question as to whether the systems currently being introduced are able to meet this goal.

Computers and the software that runs them have become an integral part of our lives. Sometimes they work so well we're not even aware of them, and at other times we're all too aware of their imperfections. While imperfection marks any work of man, there are situations where we have little or no tolerance for it. In these situations, considerably more effort is put into ameliorating it's effects. Corporate finance, medicine, aviation, and manned spaceflight all utilize anal retentive methods to reduce computing errors, and provide a safety net when errors do finally occur.

So, what about your vote?

Job Not Not Done 'Til The Paperwork Is Finished

In the USA, most votes are currently cast on paper ballots, then tabulated by scanning them into a computer system at the polling places. Each of these systems sends it's results by either floppy disc or by modem to a county clerk or secretary of state for final tabulation and certification of an election.

Unless a race is close or there is an accusation of voting irregularities, only a spot check is performed on a few ballots, and they are eventually disposed of without further review. Although there is plenty of room for error or fraud in the current system, the fact that the interested parties to an election can and usually do have representives at each step in the election process prevents egarious manipulation of a race.

As a final safety check, humans can be brought in to manually count ballots. It's an imperfect system, but it's open and visible to everyone.

... Except When There Is No Paper

Diebold Election Systems and other manufacturers are now marketing equipment that takes the paper ballot out of the system. Instead, a touch screen system is used, similar to some ATMs. The primary change from the current practice is that the voter sends her vote directly to the polling place computer, instead of inserting a marked paper ballot into a form scanner.

Herein lies the problem. While adding or trashing enough paper ballots to throw an election requires the colusion of many people, adding or deleting information on a computer is by its nature trivial. It is possible to make it very difficult to tamper with information on a computer, but it takes a lot of work, and to be trusted, everyone involved has to be able to SEE why it can be trusted.

One way to add trust is for the voting terminal to print out a paper voting receipt the voter can review before it gets dropped into a strong box. In this way, the voter can take advantage of an easy to read computer touch screen. At the same time, they can feel sure that when push comes to shove, their vote is still available for recount by teams of Republicans, Democrats, and Independents spending long nights side by side at card tables. At least these paper ballots won't have "hanging chads."

So, Why Not?

As an example of the wrong way to turn voting into a video game, the current Diebold computer voting terminal has the following disadvantages:
  • All votes are electronic, with no paper backup.
  • The voter ID smartcard is easily modified.
  • The terminal uses MS Windows, the code for which is closed to election officials.
  • The databases in which votes are stored are not secured from tampering.
  • Diebold has, according to its memos, updated the terminal software without the certification of election officials.

    The last two points are would be especially unacceptable in mission-critical computers mentioned at the beginning of this article. If our money and our lives are important enough to protect in both the private and publically funded arenas, aren't our votes?

    It would seem Diebold doesn't think so. Shortly after the State of Georgia has purchased 22000 Diebold voting terminals, Diebold inadvertently made both it's terminal control software and a number of internal memos accessable to the public. Security audits of the software exposed a number of serious security issues, while the contents of several memos seem to show a shocking lack of regard for the company's contractual obligations to the people of Georgia.

    It is possible for new technology to take some of the bugs out of the voting process, but only if it's done right, and made verifiable. Truly, to err may be human, but to really screw something up, you need a computer.

    I've added links at the bottom of this page which provide more depth on this topic.

    Final Comments

    For every problem that electronic voting solves it can bring more problems in baggage. It's not like we're talking about keeping computers out of the DMV or IRS. Rather this concerns a relatively infrequent governmental function (2-3 elections a year max) that really has to be absolutely transparent for us to trust it.

    And this is under the best of circumstances. In the light of how it is actually being implemented, it is horrific. There is an unnerving level of opaqueness involved where people are getting sued for defamation and hacking while bringing legitimate problems to light; where statistical analyses suggest that serious abuses have already taken place in a number of counties; where the cost that we are paying as taxpayers for this violation will only mount as the years go by.

    The accuracy problem cannot be fixed just by voter receipts, since most voters will not know how to verify them. It can only be fixed by ensuring that the votes can be re-counted using some mechanism other than the computer that first recorded them.

    The ideal solution is to use the computer to help the voter prepare the ballot, print it out, and then have the voter hand carry it to the ballot box.

    The computer can keep a running tally, but at the end of the day if the tally does not match a hand count of the box contents, then the ballot box is the only correct representation of the will of the voters.

    It is easy to teach the average person to keep an eye on the ballot box for tampering, and to hand count the contents. Teaching the average person correct computer security skills requires an upper division college course.
  • Back To The Mauiholm

  • A PhD Programmer's Research Quite readable, a valuable starting point.
  • Johns Hopkins University security analysis, HTML, PDF.
  • Questions To Ask Vendors
  • Diebold Memos: Examples & Analysis
  • Diebold Memos: Complete Index
  • About The Voter Confidence Act
  • Report From The Pima County (AZ) Democratic Party
  • Critique of and response from a whistle blower.

  • MSNBC Coverage
  • UC Bekeley Follows Diebold Case

    Electronic Voting Terminals: The Good ...
  • Accupoll
  • eVACS

    ... The Not So Good
  • Hart eSlate
  • Diebold AccuVote
  • ES&S iVotronic

    ... The Ought To Be Illegal
  • AVS WINvote, uses 802.11b wireless system, which in other curcumstances is hackable using publically available software on a laptop computer.