Voters are caught in an e-voting quandary

The prospect of political partisans rigging electronic voting machines to switch votes and steal an election was a prime concern of some voters right up to the eve of Election Day. But others were far less concerned about what they saw as a remote possibility.

Voting activists say they are amazed that the conversation has not changed much since the Help America Vote Act (HAVA) of 2002 ushered in the age of e-voting. They say it’s even more amazing that many local elections officials and policy-makers seem to brush aside security concerns.

“Overall, almost everybody is concerned except the people who could actually fix the problem,” said David Dill, a Stanford University computer science professor and founder of the Verified Voting Foundation.

Many elections officials don’t seem to understand the need for security, Dill and other e-voting skeptics say. In San Diego County, Calif., for example, Supervisor of Elections Mikel Haas had poll workers take Diebold Election Systems machines home with them days before the election so they could more easily transport the machines to the polling sites Nov. 7. Haas defended the sleepover idea, but security experts find it appalling.

“Plenty of people don’t get it on security,” said Michael Shamos, a computer science professor at Carnegie Mellon University. “This is true of some county election officials, who believe that ‘it can’t happen here.’ However, there are plenty of election administrators who are very serious about security and do all they can to safeguard the machines and the results. Sending machines home obviously doesn’t even pass the sniff test.”

Jeremy Epstein, a computer specialist who served on a commission created by the Virginia General Assembly to make recommendations on e-voting security, said many voters and officials do not understand the technology in computerized voting machines.

Local elections officials are hardworking, well-meaning people, he said. “But they’re not technical experts. I had one local official insist to me that the voting machines are not computers.”

Shamos said both extremes in the e-voting debate overstate their cases.

“The mania about voting system security is misplaced, not because intrusions are impossible, but they’re nowhere near as easy as people have been led to believe,” he said. “On the other side, you have the manufacturers who always refuse to admit there’s anything wrong with their systems.”

Elections officials, accustomed to working in relative anonymity, are caught in the middle. They have suddenly been thrust into the spotlight on an issue that most are ill-equipped to address, he said.

Nevertheless, many local elections officials are learning how to deal with the electronic machines, said Thomas Wilkey, executive director of the Election Assistance Commission, a federal body created by HAVA. Some jurisdictions still find it hard to round up enough volunteers to work at polling places, but they are doing a better job of providing training and voting machine security than in the past, he said.

Voters who worry about whether their electronic votes will be correctly counted have focused on reports from security experts who continue to find weaknesses in voting machine programming. The machines’ manufacturers assert that tests in a laboratory don’t reflect real-world conditions that provide added layers of security in elections.

Voters see some irregularities
Diebold has taken the brunt of the criticism, perhaps partly because it was Diebold code that Avi Rubin, a computer science professor at Johns Hopkins University, and several colleagues dissected early in the debate. Earlier this year, Edward Felten and other computer scientists at Princeton University’s Center for Information Technology Policy demonstrated that they could write a software virus and implant it on a Diebold machine so that it would flip votes from one candidate to another and spread to other machines on a network.

Diebold immediately fired back with a statement from Dave Byrd, president of Diebold Election Systems, arguing that the researchers used software that was two generations old and is no longer in use. Felten’s research was invalid for other reasons, Byrd said. “Normal security procedures were ignored. Numbered security tape, 18 enclosure screws and numbered security tags were destroyed or missing so that the researchers could get inside in the unit.”

Byrd added that e-voting machines never connect to a network, so a virus introduced on one machine could not spread to other machines.

Vote-flipping is a perennial complaint about touch-screen voting systems. The voter touches the screen to vote for one candidate, and the confirmation box for the other candidate lights up. The phenomenon convinces some people that someone has programmed the machines to steal votes from one candidate, although other critics say a program to steal votes would probably be invisible to voters. They would not see the vote change.

Check the alignment
A recent media report from Broward County, Fla., states that some voters reported a problem getting the ES&S iVotronic machines there to properly record votes during early voting. The report spread rapidly on the Internet and sparked the usual debate. Ed Solomon, a spokesman for the Broward Supervisor of Elections, said such incidents of flipping usually happen when voters press too hard and expand the area of the screen that the machine perceives as being touched or let the sides of their fingers touch the space allocated to an unwanted candidate.

On the other hand, Dill said no one has proved that voter error causes all of the vote-flipping. In past elections, there have been hundreds of reports about vote-switching on many kinds of equipment, he said. “It generated a lot of paranoia, and in many different forums, I called for this to be investigated. As far as I know, it’s not been investigated, and it’s still happening.” Officials have a “strange incuriosity” about the issue, he said.

Other computer scientists and some e-voting critics, however, say the switching of votes is the product of a misaligned screen or voter mistakes, and they don’t suspect malicious intent.

“I’ve never seen that myself, but it’s not hard to imagine why it happens,” said Rubin, author of the book “Brave New Ballot.” “It could be just screen alignment.”

Touch-screen voting systems must be set up carefully to work properly. “When you touch the screen, the screen has to know where your finger is,” Shamos said. “Of course, it’s bad that these machines require calibration, and if you use more expensive touch screens, they either don’t go out of calibration or don’t need calibration.”

Solomon said calibration wasn’t the issue in Broward because the ES&S screens go out of alignment only incrementally, not to a large enough degree to cause a vote cast for one candidate to show as being for another.

Whether it’s a simple error or a deliberate cheat that causes a vote to register for a candidate the voter didn’t intend, it’s still a wrong vote, Dill said. The machines can detect some voter errors, such as voting for too many candidates in a race, but it can’t detect a vote that is simply wrong. The onus is on the voter to carefully check the final confirmation screen before casting the ballot, he said.

Paper trail gains ground
Such problems are among the reasons that Dill’s campaign to require machines to produce a voter-verified paper receipt has begun to yield results, he said. So far, 28 states have passed laws that require a voter-verified paper record of votes cast. In most cases, those states are using optical-scan machines, in which the paper record is the initial ballot the voter fills out. Touch-screen machines can generate a paper record via an attached printer, but Dill said that configuration is unproven and questionable.

The paper record allows voters to see that their votes were recorded correctly on the paper. The elections office secures and keeps the paper records and can use them in an audit or a recount. However, Rep. Rush Holt (D-N.J.), who wants to pass legislation mandating a voter-verified paper record as a national requirement, said having the paper is only half of the solution.

“It’s one thing to require auditability — a paper trail — and another thing to actually require audits,” he said. “You have to mandate a random audit of the paper trail.”

Holt said the vendors’ confidence in security measures that they trust individual elections officials to enforce is not always well-placed.

“It is changing, but many elections officials tend to be either cavalier or supremely confident that nobody’s going to touch their machines, that there’s nothing wrong with their software, that it will all go well,” he said. “The most troubling thought is the election official who, after the election is over, says, ‘See, it went fine.’ The election official has no basis for saying that because an audit is impossible. My response to them is, ‘How do you know?’”

To date, e-voting security has largely been a Democratic concern. But some Republicans, notably Maryland Gov. Bob Ehrlich, are calling for stronger measures, too.

“The people who get worried about electronic voting are people who feel they got burned in an election and are in the minority,” Dill said. “Republicans are in the minority in Maryland.”

Shamos put that principle in blunter terms. Politicians, he said, are “willing to believe any reason they lost except that the voters didn’t want them.”