This November's election marks the first widespread use of electronic voting in the US. There is considerable concern among computer security professionals and others that electronic voting is not secure and evidence keeps mounting that the current crop of machines are not secure as they could be.
The Help America Vote Act (or HAVA) mandated certain things to states with respect to how the run elections. The most important for this discussion is a mandate that punch card voting machines be replaced. For many states that meant turning to electronic voting machines, commonly called direct recording equipment or DREs by voting officials and vendors.
We could argue that there were non-DRE alternatives for replacing voting equipment, but that train's left the station. Jurisdictions that have purchased DRE voting machines are not going to throw them out without a big fight. So far activists haven't been able to put up enough of a stink to make most elections officials even break into a sweat.
On the positive side, most people who use DRE machines like them. My parents, in their 70's, reported to me that they really felt confident that they were voting for who they wanted. What's more, they weren't intimidated by the equipment. Most reports from voters who've used the machines give similar reports. This is music to an election official's ears.
I've been an advocate of working within the system to make the new machines as secure as possible. Given the realities of the situation that I just discussed, I still think that's the best option. Still, there is considerable reason to be scared.
One thing that's always let me sleep at night is the fact that most jurisdictions are using machines that provide a voter-verified paper audit trail. The problem is that while having an audit trail is a huge step forward, it's no panacea.
This paper on election confidence is enough to make you seriously question the efficacy of paper audit trails in many situations. We're used to pollsters telling us things with great confidence and small margins of error using what seem like miniscule sample sizes, so the assumption is that auditing ballots should be easy and cheap. Sadly, that's not the case.
There are basically three variables:
- The percentage of machines that will be audited
- The closeness of the race
- The confidence you want to have that you can detect fraud
The data in the report is benchmarked against congressional districts in California, but it's easy enough to think about how it might apply elsewhere. The conclusions are startlingly. A typical congressional district in California has around 500 precincts, so recounting 1% would mean auditing 5 precincts, 2% would mean 10, and so on. Keep in mind that a precinct might easily have a dozen or more machines.
According to the report, if a race is decided by less than 1% of the votes, auditing 10 precincts would only give 10% confidence that the race in question has not been changed. To get a 90% confidence level, you have to audit around 50% of the precincts. In other words, recounting, by hand, half of all the ballots cast. Not very likely.
Of course for races that aren't that close, the news isn't so dire, but those probably aren't the ones you care about. My conclusion after reading this is that while we might be able to use audit trails to detect malfunctioning machines, fraud is undetectable with any significant level of confidence.
Like I said, at this point, no one is rushing out to buy new machines based on any of this information (which was available before they bought the current crop of machines) and I suspect that court cases are not likely to result in new machines being purchased either.
Even so, there is much that can be done however to machine the system as secure as possible. Policies and procedures can be put in place to reduce the likelihood of fraud and make it more easily detectable. Working with your election officials to help them see the danger and then helping them understand where good procedures can help is a great start.