Computer engineers and scientists have long warned that most electronic voting machines—especially those that don’t produce a paper record—are unreliable, subject to hacking, malfunctioning software and human error. Nevertheless, they are now in widespread use: 55 million people who voted Nov. 7 in the nation’s important midterm elections cast their ballots on some form of a computerized machine. But although there were scores of glitches caused by misbehaving machines reported around the country, there were no major meltdowns—much to the relief of worried computer experts.
“It went great,” admits Ted Selker, a Massachusetts Institute of Technology computer scientist and critic of computer voting. He gives credit to the many computer researchers who have helped raise the issue of the risks inherent in electronic voting machines. “All this scrutiny has made election officials paranoid, which is good.”
That said, Selker and other critics of electronic voting say November’s relatively trauma-free elections don’t prove the machines are now more reliable. “We’re not out of the woods yet,” he says. “We’re just going into the woods.” He and others continue to insist that use of computerized machines will remain fraught with risks until more-secure controls and reliable backup systems are universally introduced. That point was underscored late last year in a report on how voting machines performed in November by the nonpartisan, electionline.org. Noting the widespread hitches that occurred, it said: “ . . . there were also serious problems that will require analysis and action before Americans return to the polls.” Avi Rubin, the Johns Hopkins University computer scientist who authored the book, “Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting,” has argued that no voting system should ever rely entirely on software.
That point was ominously demonstrated last September, less than two months before the elections, when researchers led by Princeton University computer scientist Edward Felten showed how they could, within a minute, introduce vote-altering software into a popular touch-screen machine and how that the virus could spread automatically and anonymously from machine to machine during normal use. Moreover, they determined that the “secure” door that protects the machine’s memory card, which registers the votes, is locked by a standard-issue key, the kind often used for filing cabinets and hotel room mini-bars. And it’s a key that’s easy to purchase online. The Princeton team used a Diebold AccuVote-TS, a voting machine that was used by about 10 percent of the voting public. But Felten is confident he could have hacked into any machine just as easily.
The big push into electronic voting came in the wake of the ballot-counting fiasco in Florida in the 2000 presidential election, where a handful of suspect votes gave Republican George W. Bush a whisker-thin edge over his Democratic rival Al Gore and handed him the White House. Congress, in 2002, enacted a law to help fund states’ purchases of electronic voting machines. Sixty-three percent of voters now vote on machines that are more high-tech. Many use optical-scan technology, which scans and records paper ballots. But 39 percent of voters now cast ballots on touch-screen machines, also called direct-recording electronic voting machines, or DREs. DREs record the votes electronically and do not issue paper records of any sort, unless customized to do so. Touch-screen machines are now used in 37 states, and only 22 of them require some sort of paper trail.
Most computer experts say paper records are necessary to allow for thorough audits and accurate recounts, when recounts are required. Otherwise, the tabulators have to rely on whatever the software says. And in a recount, electronic machines will just repeat their first count. “What’s the point of hitting a button and spewing out the same results?” Felten asks. In the Virginia U.S. Senate race, slightly less than 9,000 votes separated winner Jim Webb, the Democratic challenger, from George Allen, the Republican incumbent, out of 2.37 million cast. Webb’s squeaker of a victory also handed his party control of the Senate. Yet despite the importance of the race and the narrowness of his loss, Allen opted not to demand a recount. Virginia is a state where paper trails are not required. “And that may have influenced his decision,” Felten says.
The biggest Election Day bugaboo involving touch-screen machines occurred in Florida’s 13th Congressional District, where initial results showed Republican Vern Buchanan beating Democrat Christine Jennings by a mere 377 votes. (There was a bit of a déjà-vu aspect in this race, since the House seat up for grabs was vacated by Katherine Harris, who made an unsuccessful run for the U.S. Senate. Harris in 2000 was Florida’s secretary of state who certified Bush’s victory.) In Sarasota, where machines manufactured by Election Systems and Software were used, there were 18,382 “undervotes” in the House race, about 13 percent of the total cast in Sarasota. The undervote rate in the Senate and gubernatorial races was just 1 percent. Undervotes are where voters don’t record a preference in a race but vote in other races on the ballot. “It’s just astonishing to get so many undervotes in a congressional race,” says Douglas Jones, a computer scientist at the University of Iowa. “That more than 10 percent of the population went to the polls and decided not to vote is not credible. It clearly demonstrates a problem.”
A recount trimmed Buchanan’s winning margin to just 369 votes, but state officials declared him the winner. Jennings responded by filing suit in state court to challenge that declaration, claiming “perverse malfunctioning” of the voting machines. A state-ordered audit of the machines was expected to be completed by mid-December. But experts weren’t hopeful it would resolve anything. “If there is a problem, there is no way to fix it, and it’s difficult to investigate it to see what happened,” Felten says. Even if a virus is discovered, no one can determine how it got there, he says. “And you can’t find out what the votes really were.” One possible explanation offered by Selker is the confusing way the House race appeared on the on-screen ballot, sandwiched between the Senate and governor’s races. It may have been easy for voters to miss it, he says. One ironic twist to the whole mess: Voters in Sarasota also approved a referendum requiring local officials to replace the $4.8 million DRE system with paper ballots.
Other computer-voting problems that day were less dramatic and more easily rectified. In Pittsburgh, Cleveland and several other cities, there were delays when machines would not boot up properly. Some machines in Hartford, Conn., failed to show the candidates’ names. In New Jersey, the state GOP complained that some Sequoia machines failed to allow voters to select the Republican Senate candidate, Tom Kean.
Human error sometimes contributed to the cyber-problems. Precincts in DeKalb County, Ga., stayed open late because election officials didn’t use the right procedures when some machines signaled that they weren’t properly charged. In another close—and closely watched—Senate race, Democratic challenger Jon Tester beat Conrad Burns, the Republican incumbent in Montana, by just 2,847 votes. But the final results of that race were long delayed because a poll worker punched a wrong button. “Computers are very good at making human errors worse,” Jones says. Adds Selker: “None of the equipment made for voting is reliable unless the people behind it are.”
Despite the problems and risks, computerized voting is here to stay. And, to be sure, election fraud is hardly a new phenomenon. Throughout U.S. history, regardless of the way votes were cast—paper ballots, lever machines, punch-cards—nefarious folks have devised ways to compromise the ballot box. Still, experts say, computers shouldn’t make things easier for fraudsters. The big worry about electronic voting is that hackers could change results and their evil deeds would never be noticed. “This is one of the big worries—a sophisticated attack no one sees,” Felten says.
That’s why most experts say a paper trail is essential. Rubin has said that while no method is foolproof, the best is one that produces or requires paper ballots, not paper trails, which can be compromised. Rep. Rush Holt, D-N.J., says he’ll reintroduce a bill this year, written with help from David Dill, a Stanford University computer scientist, requiring all electronic voting machines to spit out paper trails.
But Selker claims that printers and paper ballots are subject to possible fraud and software problems, too: Printers jam or fail to print properly. He advocates a “voter-verified audio audit transcript trail” system used in conjunction with a paper trail. It uses technology designed for the sightless. Each vote is repeated audibly to the voter via a headset and simultaneously recorded on tape. One added safeguard, he says, is the recording device is not made by the same company that makes the machine, so the software is written by different people.
Felten also recommends random audits of machines, not unlike the quality control measures used in manufacturing, where 1 percent to 2 percent of the output is checked at random for flaws. Experts also back parallel testing, which is now used in California and Maryland. On Election Day, a few machines are taken at random from polling stations and then put to use as realistically as possible—so the software doesn’t realize it’s being tested—using mock votes to determine if they’re recording votes correctly.
Computer experts are confident that, eventually, all states will put into place all or most of the backup systems that are needed to keep electronic voting machines from being compromised. “It will be the law,” Selker says. Let’s hope so. For American democracy to work, voters need to be absolutely confident that the final tallies on Election Day are honest, even if they’re unhappy with the results.
Thomas K. Grose is a freelance writer based in Great Britain.