Web Only// Features » November 2, 2012
The Threat of a Stolen Election
With the use of paperless voting machines in 31 states, recounts become impossible.
If we have elections where half the population doesn't trust the outcome, that's very unhealthy for a democracy. We don't have to live with that. We can fix it.
Perhaps it's because the U.S. Constitution does not guarantee Americans the right to vote. Perhaps it's because election officials believe (or hope) that the public has forgotten what democracy means or what fair elections are all about. Perhaps both parties opportunistically seek an advantage through fraud. Perhaps people are simply stupid. Nevertheless, it remains an almost inconceivable screw-up: in many states, including critical swing states, government officials have not guaranteed that votes can be counted, either, in some cases, counted accurately or, in others, counted at all. The mechanics of U.S. voting systems, by international standards, languish at the level of a dismal third world failure.
Many–maybe most–of our current problems with election auditing can be traced to the proliferation of electronic voting machines. Paperless machines that leave no auditable evidence of who won, who lost, or who stole an election. Machines with flimsy paper trails that can be tinkered with and/or that are too unreliable when needed. Internet voting, which by its nature is 100% insecure. Adding insult to injury, the corporations that sell these electronic gadgets claim, and courts have agreed, that election software is proprietary: the public interest in ensuring a fair election takes second place to corporate profits. Worse still, we have an extremely troubling history of persons with a direct interest in election outcomes owning a piece of the companies that count the vote. See, for example, former Sen. Chuck Hegel's victory in 1996 or, notably, the Romney connection to the privately held company Hart Intercivic whose machines are widely used, including in Ohio.
On another level, given America's obsession with foreign threats, how quaintly and almost charmingly parochial it is that no U.S. government official has ever wondered aloud about the national security implications of potential electronic vote fraud. But to be realistic, it's not as if only Americans might ever have an interest in stealing American elections. Our failure on that score is a bright marker for just how far we've gone to avoid the subject of authentic democracy!
Most centrist policy experts, aided by the mainstream media, disparage concerns about electronic voting. After all, how bad could it get?
Dr. Barbara Simons is the co-author, with Dr. Douglas W. Jones, of Broken Ballots: Will Your Vote Count? (Center for the Study of Language and Information, Stanford, 2012). A retired researcher at IBM, Dr. Simons is also a former president of the Association for Computing Machinery (ACM), the nation's oldest and largest educational and scientific society for computing professionals. She has a Ph.D. in computer science from the University of California, Berkeley. Recently, I spoke with Dr. Simons. A podcast of our conversation is available on the website Electric Politics.
I've been worried about electronic voting for many years, and after the last election I thought to myself, “Well, now that there's been so much attention and it seems that states and local jurisdictions are doing something about it and it doesn't seem to be in the news, maybe the worst problems have been solved.” But I'm guessing that the lack of news reports doesn't mean that the problems are solved.
It's not quite true that there have been no news reports. The problem is that frequently problems occur at the local level, and are reported at the local level, but don't make the national news, and so things happen that most of us don't hear about unless we happen to be following this issue carefully.
You and Douglas Jones are careful not to raise red flags about particular elections. In a very temperate way, you go over all the problems that electronic voting can introduce into the voting process. But is it possible to say with any reasonable range of probability how likely it might be that this election will yield the wrong results?
We can't measure that probability unfortunately because we can't measure what we want to measure with the elections. I certainly am concerned we are going to have meltdowns. I think that's inevitable given the quality and age of a lot of the voting systems. The question is how serious will these meltdowns be? Will they be in battleground states? Could they potentially impact the outcome of the race? There are some states that are particularly worrisome, such as Virginia.
I couldn't believe this when I read it, but you're saying that in Virginia it's going to be impossible to do a recount?
In 16 states in the country, it is going to be impossible to do a recount because they have some kind of paperless voting machines, as does Virginia, and wherever there are paperless machines you cannot do a recount. Internet voting is another example of where you can't do recounts and more states are allowing some segment of the population to return ballots over the internet.
Is that a large number in absolute terms?
I believe it's 31 states.
And how many ballots?
In most states, it's a relatively small number because by and large the people using this method are voters overseas and in the military. And not all of them do it over the internet. But even so, it's very worrisome. As we saw in 2000, a small number of ballots can change the election.
And I suppose there's a precedence problem as well. If states are encouraged to allow internet voting for some certain group, then they may think, “This is easy and cheap, let's just do it for a lot more people.” That would be a horrible idea.
Yes, that's exactly our concern.
The bottom line on internet voting is that it's completely, totally, 100 percent insecure, right?
Yes. Internet voting is a problem. There's a threat that the voters' computers could be infected by a virus which could change the voters' selections without their knowing it. So basically the virus can vote the ballot and not the voter. A second concern is that the election officials' machines could be attacked as we've seen happen in many instances—Google's been attacked, the government's been attacked and a test of internet voting in Washington, D.C. was successfully attacked. A third concern is a denial of service attack that can prevent people from being able to vote by making it impossible to access the ballot. And then the fourth attack which people rarely talk about is an insider threat. That's a problem with any kind of voting, but it's of particular concern when there's no way to check.
Okay, so internet voting: insecure. At the moment it's not really a problem here, though.
Well, we're very concerned about internet voting in the United States. As I said it's already being used in 30 states and Washington D.C. to allow voters to return their ballots by fax, email, or web portal. So that's a big chunk of the country already. Now, as I said, that's limited, but there are internet voting vendors who want to sell their wares and who are claiming that their products are completely secure, although they don't allow them to be tested openly by security experts. And there are election officials who view internet voting as less expensive, although that may or may not be the case, and also as being more likely to draw young people into the voting process—which may or may not be the case. So there are a lot of myths that haven't been tested and in some cases are false.
The typical argument that we hear is, “I can bank online, why can't I vote online?” And what people who make that argument don't understand is that banking online is actually pretty insecure. Millions of dollars are stolen annually from online bank accounts, and what happens is the banks cover their losses quietly because it's still cheaper for them than building the buildings and hiring the tellers. But how do you replace stolen ballots? It's not possible.
You can't even estimate how many there are. How do you know when an election has been stolen? The whole point of the problem is that there is no direct evidence.
It's almost a perfect crime because if there's nothing to catch to recount, there's no way to catch it. I think a number of people who aren't familiar with computers assume that if there was some problem with the software, it could be found. There are a couple of problems with this assumption. First of all, not many people actually look at the software. Certainly independent people who have nothing to do with the vendors don't look at the software, because it's proprietary. A second issue is that even if you can look at the software, that doesn't necessarily mean you can prove that there was a problem. I like to compare it to the U.S. tax code, which is written in English, but no one completely understands it.
You write in the book you had a test with five computer experts who came in and looked at special code that was substantially reduced from the normal thousands of lines to 300 or so. And two of the five couldn't find the virus that was hidden in it.
Yes, there were bugs in it, and they knew the bugs were there, and none of them found all of them. And as you say that was a very small program, and these were very smart people looking.
When you've got thousands and thousands of lines of code, some of it from very flawed existing systems like Windows 95, the potential for bugs is enormous.
That's right. And that's not the only example of flawed systems. The Diebold machines are still in use. Their software for counting uses a database called the Jet Database, which is a Microsoft product. And Microsoft explicitly says, “Do not use this database for anything critically important.”
You explain in your book how it is that companies like Diebold can claim proprietary rights to their software. But how did the courts come to see this as a private issue?
There have been a number of court cases where people have attempted to get access to, for example, the logs from the computers that are used in these systems, and by and large they're not allowed to access them on the grounds that it's all proprietary. It is amazing that we have allowed private companies to take over this critical function of tabulating our votes. However, having said that, there is a way to deal with it if we have paper ballots, and we have good laws that require us to look at these paper ballots afterwards. And if we had those laws, then the fact that the software is proprietary is not as important because we can check on the computers.
So what you're saying is that we do an audit before the election results are officially announced?
It's critical that it be done before and that the right kind of audit be done to make sure that the winner declared by the computer is the actual winner. We need to be prepared to invest in our democracy. If we're not willing to check to make sure that the right candidates are the ones that the computers declare to be the winners, then what are we doing? Voting is the foundation of our democracy. We're talking about an issue of national security.
If we have elections where half the population doesn't trust the outcome, that's very unhealthy for a democracy. We don't have to live with that. We can fix it. But we need to have the right equipment, and we need to have the right laws, and we don't have that right now.
You're arguing for standardization for certain minimum thresholds. But the one government entity we have that could do that most efficiently, I would think, would be the federal government.
I do think that there should be national requirements. On whether or not the federal government should actually be running the election, I don't feel qualified to comment because I'm not a political scientist. But we need national requirements. We need to make sure that everybody votes on paper ballots because at this point we have no alternative for being able to check. We need systems that are reliable. We need laws that will check on those systems.
We're not saying you have to do things precisely this way or that way. What we are saying is that you need the paper ballot and to have people look at the paper ballot after the election and before the results are certified. Some states consider a recount to be you re-feed the paper ballots back into the machine that counted them in the first place, which is not a recount because if there's a problem with that computer, it's likely to make the same mistake the second time.
The last time I looked at this in any detail, it seemed to me that you had both Democrats and Republicans who were reluctant to move away from these paperless voting machines, perhaps each thinking they would confer some kind of advantage. But is it still the case that it's a bipartisan problem to get sensible regulations in place?
Fortunately, it is bipartisan. If we are going to achieve the needed reforms, we need to have both parties on board. We strive very hard to avoid to making it a partisan issue. There are Democrats who have been very good on this issue, and Democrats who have been very bad. The same is true of Republicans. There have been Republicans who really get it like former Sen. John Ensign from Nevada—a very conservative Republican who lost his first Senate election by a few hundred votes and wanted a recount for a paperless machine and discovered he couldn't get it. He understood the problem immediately. On the Democratic side, there's Rep. Rush Holt from New Jersey, who has for several years tried to get reform legislation passed. So there are good people on both sides of the aisle.
There's one bill you talk about to the end of your book that's sort of been blocked–HR 811–that didn't pass because Republicans didn't want to go along with it?
BS: I don't want to just blame the Republicans because Holt has had a number of Republican co-sponsors on this legislation in the past, and there have certainly been Democrats who have been hostile.
Is there any pattern in state adoption of proper voting procedures? Or is it just sort of random that some states seem to do better than others?
Sometimes it depends on who the chief election official is in the state. For example in California we've been fortunate to have two really strong Secretaries of State at different times—Kevin Shelley and now Debra Bowen, both Democrats. Kevin Shelley didn't understand the issue when he first came in, but he understood it very well after a short period. He thought that Diebold should be charged with a criminal offense for running an election on totally uncertified software. And then Secretary of State Bowen was able to build on what Kevin Shelley had done. Minnesota and its Secretary of State Mark Ritchie is another very good example. In both California and Minnesota there have also been citizens who have been very actively involved. Ohio has definitely improved. There are still some concerns with Ohio, but there was a Secretary of State there who got rid of all the paperless machines.
In Florida, former Republican Gov. Charlie Crist got rid of all the paperless machines. Unfortunately, there are also laws in Florida that make it very, very difficult to do a recount. They don't even allow a recount until after an election's been certified, so I think that one of the lessons 2000 taught all the people in Florida is that they don't want any more recounts, which is the wrong message.
Election supervisor Ion Sancho was in Leon County, Florida. Ion had a contract with Diebold to purchase their machines, and he brought in some security experts to check the machines beforehand, and they found a security hole. So Sancho told Diebold about that, and they cancelled the contract. There were two other vendors, ES&S and Sequoia, who were licensed in Florida at the time, and he tried to buy machines from them. Neither of them would sell him machines, at which point the then Florida Secretary of State demanded that Sancho return the federal money he had for buying these machines, and he was almost fired. I think the only reason he wasn't fired is that there were tests done in California, separate from his, that not only confirmed his findings but also found additional problems, which is fortunate because Sancho's a very dedicated and exemplary election official. Sancho has not declared a party identification, but there is a Republican election official in Utah who did something similar, and he actually lost his job.
The lesson that I think a number of election officials have learned from the example from these two gentlemen is that you stand up to the vendors at your own risk.
Are reformers suggesting any criminal penalties for these companies?
I know a lot of mistakes have been made in the past. But what I think we need to focus on is the future. We need to fix this problem, and I'd rather not get distracted by trying to punish people for past deeds. We need to focus on how we get ourselves out of this mess. We now have third-rate voting systems in use in part of the country, which is unacceptable. We have no way of doing recounts in some key states. We have no way of verifying results in many parts of the country. We have machines that are old, that are breaking down, that are unreliable and that are insecure. We've got to get rid of them. We've got to get decent voting technology throughout the country. And we've got to get strong laws so we don't end up in a situation where half the country's voters feel that the election was stolen. That really is unhealthy for a democracy.
Barbara is there anything that I didn't ask you that I should have asked you?
BS: There are issues with voter registration. There have been online voter registration systems developed recently, and some of us discovered that a couple of them—in Maryland and Washington state—have big security holes because the information they use to authenticate voters was easily publicly available, so somebody could automate an attack which would change voters' addresses without their knowledge, which could be done on a large scale as a way of selectively disenfranchising voters.
Whenever you start messing with technology you have to be careful and, ideally, you have to involve some people who are security experts to make sure you haven't inadvertently created a problem in your effort to make things better. I mean, these online voter registration systems are intended to make it easier for people to register to vote. I think that's highly commendable. But, you ought to ensure that the system you put in place is secure.
Assuming that you're correct, and that we will have a series of problems this election, how do people get involved after the election to try to keep this thing from happening again and again and again?
There are two things. First of all, I don't want the message we're giving to discourage anybody from voting because the best way to be sure that your vote doesn't count is to not vote. Then voters should follow up and find out what's happening where they live, what kind of machines they have, how secure they are, do they do recounts and so on. All of that information is publicly available. VerifiedVoting.org lets them see what kinds of machines are being used where they are. If they find out that the machines they're using are below standard then get involved and try to get these machines replaced by paper ballots with optical scans. Election officials and politicians tend to be responsive to citizens when they start making a fuss. I urge people to pay attention to this, to get involved with how elections are run and to do what they can to improve our democracy. It needs work, and we need all the help we can get.
ABOUT THIS AUTHOR
George Kenney, a former career U.S. foreign service officer, resigned in 1991 over U.S. policy toward the Yugoslav conflict. He is now a writer in Washington, and host and producer of the podcast Electric Politics.