E-Voting: Something Broken In Need of Something New

You may also like...

4 Responses

  1. JT says:

    In the Kentucky case, it is worth noting that the business of changing votes cast on the electronic machine was done not through hacking or other electronic wizardry unique to electronic voting systems. The machines have, as mandated by HAVA, a final screen for voters to review their ballot and make sure that when they thought they had pushed the button for Smith, the vote had not been cast for Jones. (This is a good thing.)

    The indictment alleges that the defendant poll workers took advantage of the voters’ unfamiliarity with the new voting machines. They informed voters that when the voters “had pushed a button labeled ‘Vote’ that their votes had been cast, when, in fact, that function merely provided a review screen of the voter’s selections in each race, and that the further step of pushing the ‘Cast Ballot’ button was required.” The poll workers could then change the votes when the voter had left the booth. (Clever, but nothing to write home about as vote fraud schemes go.)

    Other voting systems are susceptible to similar trickery, especially when they are new and unfamiliar to voters; indeed, the unfamiliarity of voting devices and procedures almost certainly has a greater disfranchising impact than intentional fraud.

    The Humboldt situation appears to show a more serious problem with electronic machines. The efficiency of electronic equipment seems present not only when the machine is operating properly, but also when a human makes an error, as humans are prone to do. Thus a mistake by the poll official or programmer, with marvelous efficiency, erased a large number of ballots rather than just one or two, with a flick of the wrist. I don’t know enough about computers to know whether it would be possible — with the appropriate proprietary codes — to reconstruct the erased ballots.

  2. Let me refer folks to Matt Blaze’s blog post on the Kentucky incident: http://www.crypto.com/blog/vote_fraud_in_kentucky/

    The last paragraph is frightening: “But that’s not the worst news in this story. Even more unsettling is the fact that none of the published security analyses of the iVotronic — including the one we did at Penn — had noticed the user interface weakness. The first people to have discovered this flaw, it seems, didn’t publish or report it. Instead, they kept it to themselves and used it to steal votes.”

    What I teach my classes is that you don’t go through strong security, you go around it. A consequence of that is that someone evaluating the security of a system — any system, not just voting machines — has to look at the *entire* system, including the people-facing parts. Thus, the easy way to get a fake US passport is not to forge one; rather, you steal some identity documents and get a genuine passport in someone else’s name: http://fcw.com/articles/2009/03/16/us-passports-vulnerable-to-fraud.aspx

    I don’t think there are easy answers to voting systems. The advantage of paper ballots is not that they’re fraud-proof; rather, it’s that there’s something to examine later. In the Humboldt County case mentioned above, the pieces of paper can be rescanned once you’ve determined that there’s a problem. One can do forensic examinations of the ballots. I’ve seen pictures of election officials opening and inverting the ballot boxes before a crowd, before the start of voting, to show that they’re empty.

    Software, by contrast, is fiendishly difficult to audit. You will *not* find malicious code unless you’re both very skilled and very lucky — and that code can delete or tamper with more or less anything.

    The challenge is not to react reflexively and adopt one technology instead of another; rather, it’s to find the one that both minimizes fraud and maximizes the opportunity to detect residual fraud.

  3. Miriam says:

    We have an excellent system in Minnesota. We use paper ballots that are then optically scanned. This gives us the safety of paper ballots with the efficiency of electronic counting.

    It is not perfect – but really the problems we had with the current recount were due to absentee ballots – not votes that were cast on Nov. 4th.

  4. Joe says:

    So we’re back to paper ballots? Sometimes the more complicated, technologically advances alternative isn’t necessarily better or more efficient. It’s just more complicated.