Voting Technologies - Part of the Solution, or Part of the Problem?
Forum for Newly Elected Women Legislators, sponsored by the Center for American Women and Politics
Thursday, November 20, 2003, 7-9 p.m.
Mayflower Hotel, Washington, DC
Voting Technologies - Part of the Solution,
or Part of the Problem?
Forum for Newly Elected Women Legislators, sponsored by
the Center for American Women and Politics
Thursday, November 20, 2003, 7-9 p.m.
Mayflower Hotel, Washington, DC
Kim Alexander’s Remarks
Good evening, and thank you for inviting me.
Are new voting technologies part of the solution, or part of the problem?
This is an important subject. What we do about voting technology now will have consequences for decades to come.
I’m here to explain the problems with paperless, computerized voting systems as they are currently deployed in the United States, as well as ways we can address those problems.
Over the past several years, and especially throughout this year, I have been an outspoken critic of paperless, computerized voting systems. I came to this point of view reluctantly. I wanted to believe for a long time that election officials and vendors had all the details worked out and I wouldn’t have to think or worry about voting technology. I was also reluctant to question the judgment of election officials or undermine their credibility.
But common sense won out. Common sense tells me that there is no good reason for voters to trust one hundred percent computerized, paperless voting systems run on secret software.
I’m sure we can all easily recall the November 2000 images of Florida election workers carefully examining ballots. The thinking seems to be that we can make such images a thing of the past simply by eliminating ballots altogether. But that’s like trying to solve accounting errors by eliminating your accounting department.
Computerized voting solves the problem of the moment -- inaccurate vote counting technology -- but replaces it with a whole set of new problems we are only just beginning to understand.
Voters who cast ballots on DREs have no way of knowing whether the machine captured their votes as the voter intended. Software can have bugs. Software can contain malicious code. Software can be incorrectly programmed. Systems crash.
It’s these kinds risks that led hundreds of respected computer scientists and technologists to sign Stanford computer science professor David Dill’s Resolution on Electronic Voting, which insists there be an audit trail to back up digital ballots.
I have studied the state and federal testing and certification processes. I am familiar with the security procedures used with computerized voting systems. And I believe that in spite of everything we do right now to protect digital ballots, we are not nearly doing enough.
For paper and lever voting systems, we have developed elaborate security procedures to safeguard votes. For example, in a lever voting system, pollworkers check the mechanical counters before opening the polls to confirm the counters are set to zero. In a paper voting system, pollworkers open the ballot box and show the first voter at the polls that the box is empty and hasn’t been pre-stuffed.
There are attempts to replicate such procedures in a computerized voting system. The first voter who casts a ballot on a touchscreen sees a zero on the screen designed to indicate that there are no prerecorded votes in the machine. But neither the voter nor the pollworker can actually confirm that -- the pollworker doesn’t open the box and inspect the software to see that in fact it does not have any prestored votes.
There are tests performed on DREs before and after the election. The problem with these tests is that they are conducted when the machines are in “test mode”. It’s not difficult to design software to operate one way in test mode and a different way in live mode. These tests we currently perform are not enough to assure the public that the software is working properly and hasn’t been tampered with.
Already there are signs that some voters lack confidence in computerized voting. A poll taken of Georgia’s voters after that state deployed paperless touchscreens statewide in November 2002, found a significant racial disparity in voter confidence. While 79 percent of Georgia’s white voters said they were very confident their votes would be accurately counted, only 40 percent of black voters expressed the same level of confidence.
This year, it was discovered that Georgia’s vendor, Diebold, had used a public, Internet FTP site to distribute a software patch to county election offices. It would have been relatively easy for anyone in the world to find that site and replace that software patch with a different one that contained malicious code.
There’s no evidence of that happening, but there is also no evidence to the contrary. That’s the problem: computerized voting as it is in use today is not transparent. We don’t have access to the software, and we don’t yet have the right to inspect a hard copy backup of our digital ballots before leaving the polls.
Transparency is not the easiest idea to conceptualize; the absence of transparency is even harder. But that’s what’s at stake here. It’s like we’ve had a window into the world of elections but now it’s being shuttered.
Because Diebold allowed its software code to be exposed on the Internet, computer scientists have now had a chance to study that code and have found it to be seriously flawed. But Diebold isn’t the only vendor whose code has been exposed on the Internet. Sequoia’s code was also left on a public Internet site by a contractor who provided technical assistance to Riverside County, California’s elections department.
These security lapses raise important questions about how well these companies can protect the integrity of our elections. A voting company’s software in this competitive marketplace is nothing short of the corporate crown jewels, and these companies constantly insist that their software is proprietary. Yet they allowed their software, this precious piece of their voting system, to be exposed online. If these companies can’t protect their software, can they really protect our ballots?
Every election there are more stories that come out about problems with computerized voting systems. Most of these problems could be addressed by requiring a voter-verified paper audit trail. Here are some highlights from the most recent elections:
Indiana-- Boone County Nov. 4 2003 election -- initial election results reported over 144,000 ballots cast in a county with fewer than 19,000 registered voters, of whom only 5,532 actually voted. County Clerk Lisa Garofolo attributed the problem to being caused by a “glitch in the software”. The ballots cast in this county are electronic; there are no paper ballots that could be used to verify the computerized election results were accurate once the “software glitch” was fixed.
California -- Alameda County, home to hundreds of thousands of voters and the county with the highest percentage of Democratic voter registration in the state, installed uncertified voting system software into its Diebold touchscreen voting system prior to the historic October 7 recall election. The new software was tested after the election and reportedly worked properly. But that software was tested in “test mode”, not in “live mode” which is the mode the software was in when it was used on Oct. 7. There is no way to verify the final Alameda county election results are accurate because there is no paper audit trail of that county’s touchscreen ballots.
Virginia -- In Fairfax county, ten computerized voting machines broke down on election day Nov. 4 in nine precincts; elections officials were still trying to extract votes from those machines days after the election was over. Fairfax county Republicans have filed a lawsuit challenging the election results after learning that pollworkers removed the machines from the polling places to repair them, an action that party officials said violated state election law. It is uncertain whether those broken machines were repaired properly and recorded votes after they were put back in service. With no voter verified paper trail, county officials will have a difficult time convincing the public that the final results are accurate.
Mississippi -- In Hinds County, computerized voting machines overheated, and three dozen were left at precincts overnight, preventing election officials from compiling election results and exposing those machines to post-election tampering that could prevent election officials from ever obtaining an accurate count.
Louisiana -- In Grant Parish, a revote took place Nov. 13 after it was discovered that an election worker double entered electronic absentee ballot votes in a police jury race. The election worker’s error initially threw the race to incumbent Julius Scott. Scott’s opponent, Barney Durand, noticed that there were more absentee votes showing in the election results than there were absentee voters. Durand challenged the results; the election department’s investigation revealed their worker’s double vote counting error. When the absentee votes cast were counted once, rather than twice, the race went to Durand instead of Scott. Despite the election officials’ assurance that the revised vote count was accurate, Scott contested the revised results and a revote was held. Had those absentee ballots been backed up on paper, it would be far less likely that the revised results would be viewed with skepticism.
It doesn’t have to be this way. We could do this right. We could require computerized voting systems to create a paper backup of our digital ballots that we can inspect before leaving the polls. We can use these paper backups to verify the accuracy of computerized counts. That way when there are problems (and there always are) we have a way to recover from them. We don’t have to ask voters to trust a private vendor to assure us that they got everything right.
Fortunately, momentum for the paper trail is building. In May, Representative Rush Holt of New Jersey introduced HR 2239, the "Voter Confidence and Increased Accessibility Act of 2003". If enacted, this bill would require all voting machines to produce a voter verified paper trail by 2004. It would also require surprise manual counts of those paper audit trails to verify the accuracy of software-counted vote totals. So far 75 members of Congress have cosponsored Holt’s bill. Up until this week, however, no Republicans had signed on as cosponsors. In the past few days, three Republicans signed on, which increases the chances of this bill moving forward in Congress.
Some voting equipment vendors are responding to the demand for voter verification. ES&S has developed a voter verified paper trail feature that’s been receiving solid reviews from election officials and technologists alike. Avante, one of a handful of new vendors, makes a machine that’s already passed federal testing and is certified for use in California and provides a voter verified paper audit trail.
But two of the leading vendors in the country, Diebold and Sequoia, are dragging their feet and lobbying against the voter verified paper trail behind the scenes. Diebold has repeatedly told California officials that they could provide a voter verified paper trail if one were mandated; but behind the scenes, as the infamous Diebold memos reveal, company executives discuss plans to make the paper trail feature “prohibitively expensive”.
Those who defend paperless, computerized voting systems believe the burden of proof is on the critics to show the voting machines are not working. But I believe the burden of proof is on the election officials and vendors to show that the voting machines are working. Indeed, this is what the idea of verification is all about -- it’s to demonstrate to the public that they can have confidence in election outcomes. It’s not saying “trust us, we know what we’re doing.”
The prudent thing to do while vendors improve their technology is to limit the deployment of electronic voting machines to one per polling place to comply with new federal language and disability access requirements, require those machines to have a voter verified paper trail, and use paper-based optical scan systems for other polling place voters and for absentee voters. This would be a far less expensive, more reliable and secure solution than to go all touchscreen right now.
This page was first published on November 26, 2003 | Last updated on November 26, 2003
Copyright 1994 - 2003, California Voter Foundation. All rights reserved.