Voting electronically? Be very afraid!

Voting electronically? Be very afraid!

Summary: This November's election marks the first widespread use of electronic voting in the US. There is considerable concern among computer security professionals and others that electronic voting is not secure and evidence keeps mounting that the current crop of machines are not secure as they could be.

SHARE:
TOPICS: Security
10

This November's election marks the first widespread use of electronic voting in the US. There is considerable concern among computer security professionals and others that electronic voting is not secure and evidence keeps mounting that the current crop of machines are not secure as they could be.

The Help America Vote Act (or HAVA) mandated certain things to states with respect to how the run elections. The most important for this discussion is a mandate that punch card voting machines be replaced. For many states that meant turning to electronic voting machines, commonly called direct recording equipment or DREs by voting officials and vendors.

We could argue that there were non-DRE alternatives for replacing voting equipment, but that train's left the station. Jurisdictions that have purchased DRE voting machines are not going to throw them out without a big fight. So far activists haven't been able to put up enough of a stink to make most elections officials even break into a sweat.

On the positive side, most people who use DRE machines like them. My parents, in their 70's, reported to me that they really felt confident that they were voting for who they wanted. What's more, they weren't intimidated by the equipment. Most reports from voters who've used the machines give similar reports. This is music to an election official's ears.

I've been an advocate of working within the system to make the new machines as secure as possible. Given the realities of the situation that I just discussed, I still think that's the best option. Still, there is considerable reason to be scared.

One thing that's always let me sleep at night is the fact that most jurisdictions are using machines that provide a voter-verified paper audit trail. The problem is that while having an audit trail is a huge step forward, it's no panacea.

This paper on election confidence is enough to make you seriously question the efficacy of paper audit trails in many situations. We're used to pollsters telling us things with great confidence and small margins of error using what seem like miniscule sample sizes, so the assumption is that auditing ballots should be easy and cheap. Sadly, that's not the case.

There are basically three variables:

  • The percentage of machines that will be audited
  • The closeness of the race
  • The confidence you want to have that you can detect fraud

The data in the report is benchmarked against congressional districts in California, but it's easy enough to think about how it might apply elsewhere. The conclusions are startlingly. A typical congressional district in California has around 500 precincts, so recounting 1% would mean auditing 5 precincts, 2% would mean 10, and so on.  Keep in mind that a precinct might easily have a dozen or more machines. 

According to the report, if a race is decided by less than 1% of the votes, auditing 10 precincts would only give 10% confidence that the race in question has not been changed. To get a 90% confidence level, you have to audit around 50% of the precincts. In other words, recounting, by hand, half of all the ballots cast. Not very likely.

Of course for races that aren't that close, the news isn't so dire, but those probably aren't the ones you care about. My conclusion after reading this is that while we might be able to use audit trails to detect malfunctioning machines, fraud is undetectable with any significant level of confidence.

Like I said, at this point, no one is rushing out to buy new machines based on any of this information (which was available before they bought the current crop of machines) and I suspect that court cases are not likely to result in new machines being purchased either.

Even so, there is much that can be done however to machine the system as secure as possible. Policies and procedures can be put in place to reduce the likelihood of fraud and make it more easily detectable. Working with your election officials to help them see the danger and then helping them understand where good procedures can help is a great start.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • Guess you haven't seen this yet

    http://www.boingboing.net/2006/10/09/video_testimony_of_v.html
    Here's video of Clint Curtis, a former programmer for Yang Enterprises (YEI) in Florida, testifying under oath that Representative Tom Feeney asked him to write a voting machine program to rig elections. Feeney is Republican Congressman who was the Speaker of the House of Florida at the time, as well as a lobbyist for Yang Enterprises, and Yang Enterprises' corporate attorney. (Feeney was also named one of the "20 Most Corrupt Members of Congress" by Citizens for Responsibility and Ethics in Washington).

    In the video, Curtis testifies that Feeney asked him to write a program for touchscreen voting machines that could undetectably "flip the vote 51-49 to whoever you wanted it to go to and whichever race you wanted to win."


    video of sworn testimony here:
    http://www.youtube.com/watch?v=JEzY2tnwExs
    tic swayback
    • tic

      If you believe everything that you read or hear I have to feel sorry for you. Of course there are no liars in this world. HAHAHAHAHAHA
      mlrodman@...
  • Easier ways to steal an election

    There are lots of problems with hacking an election electronically via the voting machine. Walk into any voting location and there are multiple machines. Multiply that by the number of places you would have to get to and you understand the problem. Remember, these machines are NOT interconnected via a network.

    That being said, one TV commecial can do what no amount of machine tampering will ever accomplish. Bush is our President not because anyone hacked anything, he is in office because of campaign tactics.

    Are these mcahines a problem? Absolutely but more because they destroy the transparency of the election process, not because someone is going to steal an election with them.
    jedwards123
    • Let's stick to the subject.

      I believe the question is not one of a group walking into voting locations corrupting voting machines, but of them being corrupted as they are built or updated. It isn't hard to hide a couple lines of code and change every hundredth vote or so....
      Here's an idea to consider, MAYBE Bush was elected because more people wanted him as President and voted for him. Reality is reality, not wishful thinking. You will get farther when you understand the American people aren't cattle, but thinking individuals that know what their core beliefs are and aren't blown by the hot air of retoric. I'm sure you voted in accordance with your beliefs and I praise you for it. But realize that everyone else voted their beliefs, too. What I'm trying to get across is that it appears that people who insist that the only way their belief system could have lost an election is that it was cheated, have stopped thinking and evaluating what is happening around them. Granted, if you begin questioning you views and the consequences they bring, you will probably not change you views. Unless your 'world view' changes, your political views usually won't change no matter what happens. Just make sure you know what you believe and can explain it to someone who doesn't share your views. I would suggest cultivating friendship with some people that do not share your views. You will both learn something about yourselves and maybe understand why others hold views that differ with your own. Thanks for reading my views. I wish you well.
      jpenn
  • WOW...Great Disinformation!

    Dr. Windley says, "...that the current crop of machines are not secure as they could be." No...Dr. Windley...DRE's are not as secure as they SHOULD be! That is a huge difference! What is more important than your right to have your vote counted correctly? Moreover Dr. Windley provides anecdotal evidence (his aging parents) that user trust these DRE's yet Congress has lots of sworn testimony from voters who report having voted for one candidate and seeing their vote switch. This phenomena was reported on a variety of electronic hardware so be very afraid indeed Dr. Windy!
    wmlundine
  • Database security is the problem, not the machines

    It would be very difficult for one voter to manipulate an election electronically through a single voting machine. Old fashioned fraud remains a problem, such as voting while dead, voting in two states, voting as someone else, voting while here illegally, etc. One voter only has one shot at their machine, not enough time to learn how to manipulate them.

    The problem is in the handling of the database after results from all the various machines are merged. This is also a problem with paper ballots, punchcards, old-fashioned lever counter style machines, etc.

    A printout so each voter can verify his/her vote is easily done, as it was at my voting place in the most recent primary using touchscreens. After verifying that the printout matched my intentions, I put the printout into a locked machine for availability should a recount be needed.

    Separate databases for each machine before merger would allow easy verification should fraud in the merged database be suspected.

    While electronic voting is not perfect (what is?), it beats the confusion caused by hanging chads, peper ballots with marks spanning more than one candidate, or boxes of lost paper ballots. And it sure beats the fiasco of vote by vote manual counts we saw in Florida in 1990.

    The real oversight must be in the database management after the election, as that is a problem no matter what the data collection media used.Close oversight is needed of the programmers/anlysts compiling the votes, as that is where fraud is most likely to have significant effect.
    TerryNT
    • Sorry about the year! I meant 2000.

      Thats what happens when you get older.
      TerryNT
  • It's the programming, not the machines!

    Something fishy is going on. The 2000 election was fixed - MIT and CalTech proved it. Gore won by more than 660,000 votes. (They independently came up with the same number!) Several esteemed lawyers have written books telling all and how the highest court in the land committed treason against the American people when they "appointed" the Shrub to the Oval Office (and look what has happened since then!!!

    The 2004 election was fixed because the electronic machines were hacked. Don't think so? Then explain to me how Bush got 6 million (plus) votes in several Ohio counties that only contain 300+ residents! This was brought to their attention, the GOP shrugged and said there was "nuthin' we can do about it now..." Sure there was. Toss Bush and inaugurate Kerry! That didn't happen and look at our country now.

    Don't want to get screwed again? Vote using an "absentee vote". This will ensure your vote is counted and there is nothing the Republican Party (the liars and the cheaters) can do about it!
    metilley@...
  • Computers sure make it easy!

    Digital voting and computer-counting sure make elections easy, don't they? Just as it would be easier to get my kids to eat their dinner if I only offered them candy. I seem to remember being told that the easiest way isn't necessarily the best way. Ballots should be paper, whether pencil-marked or punched, and ballot-counters should not be allowed to "improve" questionable votes, as they were in Seattle two years ago. (Our present governor was running behind until the third recount.) If a ballot isn't marked properly and the voter didn't request a replacement, then the voter was too stupid for his/her vote to be counted, anyway. And any ballot counter who is caught with a pencil remotely similar to the color used by voters to mark their ballots should be hauled off to jail immediately. He or she may have a perfectly reasonable explanation - and a judge will have time to listen to it in the morning.
    kidtree
  • Perspective from the polling place.

    I have worked for six years as a volunteer at a polling place on Election Day in Washington State. During that time, I've seen the DRE's come online.

    At first, they were scary, for all of the reasons talked about here. But last year, a new state law was passed that mandates the paper trail system for every vote. This paper trail is not some hidden printer tucked away inside the machine, it is displayed prominently in front of the voter. The voter is instructed to LOOK at the printout and make SURE that the printout shows what they want. Only after they confirm that it's correct is the ballot actually cast.

    If they don't like the printout, that page is voided (with a nice bog "VOID" printed on the page) and they are allowed to make changes on the machine, and print again. ALL of the poll workers in our county were instructed to explain the new system to the voters, and to make sure they could ask for assistance if they needed it. If they requested assistance, a judge from each party is required to be a part of that assistance, again to prevent fraud.

    Washington state law mandates that any race that is closer that a certain percentage (3.5%, I think) HAS to have a machine recount. If the race is even closer than that(1% or 1.5%, again I'm not sure the exact number) or if the machine recount reveals certain problems, a full hand recount is automatically triggered.

    This would mean that 100% of the paper printouts would be counted by hand.

    In out last gubernatorial election -- decided by just a few hundred votes -- the final issues came down to things like felons being allowed to vote, paper ballots in trays being accidentally left on a shelf and not counted, and so forth. The machines were an also an issue, since the 100% paper trail had not yet been implemented. I suspect THAT is what prompted our legislature to quickly mandate the 100% paper trail system.

    Now as a poll worker, I have seen that under the old system -- using paper ballots -- it was actually easier to stuff the ballot box. I have seen it happen accidentally several times. I was going to raise a stink about it -- my county is very responsive to poll worker observations and comments -- but that was just when we went electronic.

    Under the old system, I know that I could have voted 20 or 30 times during a busy election, and no one would have been the wiser.

    With the paper trail, and automatic recounts triggered by state law, I believe we now have one of the most secure systems n the country, even if the electronic machines or the databases are tampered with. I seriously doubt that enough machines could be fiddled with to create a large swing, and if it?s close, the paper can't lie.

    No, I am not going to reveal how that fraud would have worked.
    michaeloqu2