The Threat of a Stolen Election

With the use of paperless voting machines in 31 states, recounts become impossible.

George Kenney

Romney has connections to Hart Intercivic: a privately held company that provides voting machines used widely across the country, including the battleground states Ohio and Colorado (Stephen C. Webster/ Flickr / Creative Commons)

Per­haps it’s because the U.S. Con­sti­tu­tion does not guar­an­tee Amer­i­cans the right to vote. Per­haps it’s because elec­tion offi­cials believe (or hope) that the pub­lic has for­got­ten what democ­ra­cy means or what fair elec­tions are all about. Per­haps both par­ties oppor­tunis­ti­cal­ly seek an advan­tage through fraud. Per­haps peo­ple are sim­ply stu­pid. Nev­er­the­less, it remains an almost incon­ceiv­able screw-up: in many states, includ­ing crit­i­cal swing states, gov­ern­ment offi­cials have not guar­an­teed that votes can be count­ed, either, in some cas­es, count­ed accu­rate­ly or, in oth­ers, count­ed at all. The mechan­ics of U.S. vot­ing sys­tems, by inter­na­tion­al stan­dards, lan­guish at the lev­el of a dis­mal third world failure.

If we have elections where half the population doesn't trust the outcome, that's very unhealthy for a democracy. We don't have to live with that. We can fix it.

Many – maybe most – of our cur­rent prob­lems with elec­tion audit­ing can be traced to the pro­lif­er­a­tion of elec­tron­ic vot­ing machines. Paper­less machines that leave no auditable evi­dence of who won, who lost, or who stole an elec­tion. Machines with flim­sy paper trails that can be tin­kered with and/​or that are too unre­li­able when need­ed. Inter­net vot­ing, which by its nature is 100% inse­cure. Adding insult to injury, the cor­po­ra­tions that sell these elec­tron­ic gad­gets claim, and courts have agreed, that elec­tion soft­ware is pro­pri­etary: the pub­lic inter­est in ensur­ing a fair elec­tion takes sec­ond place to cor­po­rate prof­its. Worse still, we have an extreme­ly trou­bling his­to­ry of per­sons with a direct inter­est in elec­tion out­comes own­ing a piece of the com­pa­nies that count the vote. See, for exam­ple, for­mer Sen. Chuck Hegel’s vic­to­ry in 1996 or, notably, the Rom­ney con­nec­tion to the pri­vate­ly held com­pa­ny Hart Inter­civic whose machines are wide­ly used, includ­ing in Ohio.

On anoth­er lev­el, giv­en Amer­i­ca’s obses­sion with for­eign threats, how quaint­ly and almost charm­ing­ly parochial it is that no U.S. gov­ern­ment offi­cial has ever won­dered aloud about the nation­al secu­ri­ty impli­ca­tions of poten­tial elec­tron­ic vote fraud. But to be real­is­tic, it’s not as if only Amer­i­cans might ever have an inter­est in steal­ing Amer­i­can elec­tions. Our fail­ure on that score is a bright mark­er for just how far we’ve gone to avoid the sub­ject of authen­tic democracy!

Most cen­trist pol­i­cy experts, aid­ed by the main­stream media, dis­par­age con­cerns about elec­tron­ic vot­ing. After all, how bad could it get?

Dr. Bar­bara Simons is the co-author, with Dr. Dou­glas W. Jones, of Bro­ken Bal­lots: Will Your Vote Count? (Cen­ter for the Study of Lan­guage and Infor­ma­tion, Stan­ford, 2012). A retired researcher at IBM, Dr. Simons is also a for­mer pres­i­dent of the Asso­ci­a­tion for Com­put­ing Machin­ery (ACM), the nation’s old­est and largest edu­ca­tion­al and sci­en­tif­ic soci­ety for com­put­ing pro­fes­sion­als. She has a Ph.D. in com­put­er sci­ence from the Uni­ver­si­ty of Cal­i­for­nia, Berke­ley. Recent­ly, I spoke with Dr. Simons. A pod­cast of our con­ver­sa­tion is avail­able on the web­site Elec­tric Politics.

I’ve been wor­ried about elec­tron­ic vot­ing for many years, and after the last elec­tion I thought to myself, Well, now that there’s been so much atten­tion and it seems that states and local juris­dic­tions are doing some­thing about it and it does­n’t seem to be in the news, maybe the worst prob­lems have been solved.” But I’m guess­ing that the lack of news reports does­n’t mean that the prob­lems are solved.

It’s not quite true that there have been no news reports. The prob­lem is that fre­quent­ly prob­lems occur at the local lev­el, and are report­ed at the local lev­el, but don’t make the nation­al news, and so things hap­pen that most of us don’t hear about unless we hap­pen to be fol­low­ing this issue carefully.

You and Dou­glas Jones are care­ful not to raise red flags about par­tic­u­lar elec­tions. In a very tem­per­ate way, you go over all the prob­lems that elec­tron­ic vot­ing can intro­duce into the vot­ing process. But is it pos­si­ble to say with any rea­son­able range of prob­a­bil­i­ty how like­ly it might be that this elec­tion will yield the wrong results?

We can’t mea­sure that prob­a­bil­i­ty unfor­tu­nate­ly because we can’t mea­sure what we want to mea­sure with the elec­tions. I cer­tain­ly am con­cerned we are going to have melt­downs. I think that’s inevitable giv­en the qual­i­ty and age of a lot of the vot­ing sys­tems. The ques­tion is how seri­ous will these melt­downs be? Will they be in bat­tle­ground states? Could they poten­tial­ly impact the out­come of the race? There are some states that are par­tic­u­lar­ly wor­ri­some, such as Virginia.

I could­n’t believe this when I read it, but you’re say­ing that in Vir­ginia it’s going to be impos­si­ble to do a recount?

In 16 states in the coun­try, it is going to be impos­si­ble to do a recount because they have some kind of paper­less vot­ing machines, as does Vir­ginia, and wher­ev­er there are paper­less machines you can­not do a recount. Inter­net vot­ing is anoth­er exam­ple of where you can’t do recounts and more states are allow­ing some seg­ment of the pop­u­la­tion to return bal­lots over the internet.

Is that a large num­ber in absolute terms?

I believe it’s 31 states.

And how many ballots?

In most states, it’s a rel­a­tive­ly small num­ber because by and large the peo­ple using this method are vot­ers over­seas and in the mil­i­tary. And not all of them do it over the inter­net. But even so, it’s very wor­ri­some. As we saw in 2000, a small num­ber of bal­lots can change the election.

And I sup­pose there’s a prece­dence prob­lem as well. If states are encour­aged to allow inter­net vot­ing for some cer­tain group, then they may think, This is easy and cheap, let’s just do it for a lot more peo­ple.” That would be a hor­ri­ble idea.

Yes, that’s exact­ly our concern.

The bot­tom line on inter­net vot­ing is that it’s com­plete­ly, total­ly, 100 per­cent inse­cure, right?

Yes. Inter­net vot­ing is a prob­lem. There’s a threat that the vot­ers’ com­put­ers could be infect­ed by a virus which could change the vot­ers’ selec­tions with­out their know­ing it. So basi­cal­ly the virus can vote the bal­lot and not the vot­er. A sec­ond con­cern is that the elec­tion offi­cials’ machines could be attacked as we’ve seen hap­pen in many instances — Google’s been attacked, the gov­ern­men­t’s been attacked and a test of inter­net vot­ing in Wash­ing­ton, D.C. was suc­cess­ful­ly attacked. A third con­cern is a denial of ser­vice attack that can pre­vent peo­ple from being able to vote by mak­ing it impos­si­ble to access the bal­lot. And then the fourth attack which peo­ple rarely talk about is an insid­er threat. That’s a prob­lem with any kind of vot­ing, but it’s of par­tic­u­lar con­cern when there’s no way to check.

Okay, so inter­net vot­ing: inse­cure. At the moment it’s not real­ly a prob­lem here, though.

Well, we’re very con­cerned about inter­net vot­ing in the Unit­ed States. As I said it’s already being used in 30 states and Wash­ing­ton D.C. to allow vot­ers to return their bal­lots by fax, email, or web por­tal. So that’s a big chunk of the coun­try already. Now, as I said, that’s lim­it­ed, but there are inter­net vot­ing ven­dors who want to sell their wares and who are claim­ing that their prod­ucts are com­plete­ly secure, although they don’t allow them to be test­ed open­ly by secu­ri­ty experts. And there are elec­tion offi­cials who view inter­net vot­ing as less expen­sive, although that may or may not be the case, and also as being more like­ly to draw young peo­ple into the vot­ing process — which may or may not be the case. So there are a lot of myths that haven’t been test­ed and in some cas­es are false.

The typ­i­cal argu­ment that we hear is, I can bank online, why can’t I vote online?” And what peo­ple who make that argu­ment don’t under­stand is that bank­ing online is actu­al­ly pret­ty inse­cure. Mil­lions of dol­lars are stolen annu­al­ly from online bank accounts, and what hap­pens is the banks cov­er their loss­es qui­et­ly because it’s still cheap­er for them than build­ing the build­ings and hir­ing the tellers. But how do you replace stolen bal­lots? It’s not possible.

You can’t even esti­mate how many there are. How do you know when an elec­tion has been stolen? The whole point of the prob­lem is that there is no direct evidence.

It’s almost a per­fect crime because if there’s noth­ing to catch to recount, there’s no way to catch it. I think a num­ber of peo­ple who aren’t famil­iar with com­put­ers assume that if there was some prob­lem with the soft­ware, it could be found. There are a cou­ple of prob­lems with this assump­tion. First of all, not many peo­ple actu­al­ly look at the soft­ware. Cer­tain­ly inde­pen­dent peo­ple who have noth­ing to do with the ven­dors don’t look at the soft­ware, because it’s pro­pri­etary. A sec­ond issue is that even if you can look at the soft­ware, that does­n’t nec­es­sar­i­ly mean you can prove that there was a prob­lem. I like to com­pare it to the U.S. tax code, which is writ­ten in Eng­lish, but no one com­plete­ly under­stands it.

You write in the book you had a test with five com­put­er experts who came in and looked at spe­cial code that was sub­stan­tial­ly reduced from the nor­mal thou­sands of lines to 300 or so. And two of the five could­n’t find the virus that was hid­den in it.

Yes, there were bugs in it, and they knew the bugs were there, and none of them found all of them. And as you say that was a very small pro­gram, and these were very smart peo­ple looking.

When you’ve got thou­sands and thou­sands of lines of code, some of it from very flawed exist­ing sys­tems like Win­dows 95, the poten­tial for bugs is enor­mous.

That’s right. And that’s not the only exam­ple of flawed sys­tems. The Diebold machines are still in use. Their soft­ware for count­ing uses a data­base called the Jet Data­base, which is a Microsoft prod­uct. And Microsoft explic­it­ly says, Do not use this data­base for any­thing crit­i­cal­ly important.”

You explain in your book how it is that com­pa­nies like Diebold can claim pro­pri­etary rights to their soft­ware. But how did the courts come to see this as a pri­vate issue? 

There have been a num­ber of court cas­es where peo­ple have attempt­ed to get access to, for exam­ple, the logs from the com­put­ers that are used in these sys­tems, and by and large they’re not allowed to access them on the grounds that it’s all pro­pri­etary. It is amaz­ing that we have allowed pri­vate com­pa­nies to take over this crit­i­cal func­tion of tab­u­lat­ing our votes. How­ev­er, hav­ing said that, there is a way to deal with it if we have paper bal­lots, and we have good laws that require us to look at these paper bal­lots after­wards. And if we had those laws, then the fact that the soft­ware is pro­pri­etary is not as impor­tant because we can check on the computers.

So what you’re say­ing is that we do an audit before the elec­tion results are offi­cial­ly announced?

It’s crit­i­cal that it be done before and that the right kind of audit be done to make sure that the win­ner declared by the com­put­er is the actu­al win­ner. We need to be pre­pared to invest in our democ­ra­cy. If we’re not will­ing to check to make sure that the right can­di­dates are the ones that the com­put­ers declare to be the win­ners, then what are we doing? Vot­ing is the foun­da­tion of our democ­ra­cy. We’re talk­ing about an issue of nation­al security.

If we have elec­tions where half the pop­u­la­tion does­n’t trust the out­come, that’s very unhealthy for a democ­ra­cy. We don’t have to live with that. We can fix it. But we need to have the right equip­ment, and we need to have the right laws, and we don’t have that right now.

You’re argu­ing for stan­dard­iza­tion for cer­tain min­i­mum thresh­olds. But the one gov­ern­ment enti­ty we have that could do that most effi­cient­ly, I would think, would be the fed­er­al government.

I do think that there should be nation­al require­ments. On whether or not the fed­er­al gov­ern­ment should actu­al­ly be run­ning the elec­tion, I don’t feel qual­i­fied to com­ment because I’m not a polit­i­cal sci­en­tist. But we need nation­al require­ments. We need to make sure that every­body votes on paper bal­lots because at this point we have no alter­na­tive for being able to check. We need sys­tems that are reli­able. We need laws that will check on those systems.

We’re not say­ing you have to do things pre­cise­ly this way or that way. What we are say­ing is that you need the paper bal­lot and to have peo­ple look at the paper bal­lot after the elec­tion and before the results are cer­ti­fied. Some states con­sid­er a recount to be you re-feed the paper bal­lots back into the machine that count­ed them in the first place, which is not a recount because if there’s a prob­lem with that com­put­er, it’s like­ly to make the same mis­take the sec­ond time.

The last time I looked at this in any detail, it seemed to me that you had both Democ­rats and Repub­li­cans who were reluc­tant to move away from these paper­less vot­ing machines, per­haps each think­ing they would con­fer some kind of advan­tage. But is it still the case that it’s a bipar­ti­san prob­lem to get sen­si­ble reg­u­la­tions in place?

For­tu­nate­ly, it is bipar­ti­san. If we are going to achieve the need­ed reforms, we need to have both par­ties on board. We strive very hard to avoid to mak­ing it a par­ti­san issue. There are Democ­rats who have been very good on this issue, and Democ­rats who have been very bad. The same is true of Repub­li­cans. There have been Repub­li­cans who real­ly get it like for­mer Sen. John Ensign from Neva­da — a very con­ser­v­a­tive Repub­li­can who lost his first Sen­ate elec­tion by a few hun­dred votes and want­ed a recount for a paper­less machine and dis­cov­ered he could­n’t get it. He under­stood the prob­lem imme­di­ate­ly. On the Demo­c­ra­t­ic side, there’s Rep. Rush Holt from New Jer­sey, who has for sev­er­al years tried to get reform leg­is­la­tion passed. So there are good peo­ple on both sides of the aisle.

There’s one bill you talk about to the end of your book that’s sort of been blocked – HR 811 – that did­n’t pass because Repub­li­cans did­n’t want to go along with it?

BS: I don’t want to just blame the Repub­li­cans because Holt has had a num­ber of Repub­li­can co-spon­sors on this leg­is­la­tion in the past, and there have cer­tain­ly been Democ­rats who have been hostile.

Is there any pat­tern in state adop­tion of prop­er vot­ing pro­ce­dures? Or is it just sort of ran­dom that some states seem to do bet­ter than others?

Some­times it depends on who the chief elec­tion offi­cial is in the state. For exam­ple in Cal­i­for­nia we’ve been for­tu­nate to have two real­ly strong Sec­re­taries of State at dif­fer­ent times — Kevin Shel­ley and now Debra Bowen, both Democ­rats. Kevin Shel­ley did­n’t under­stand the issue when he first came in, but he under­stood it very well after a short peri­od. He thought that Diebold should be charged with a crim­i­nal offense for run­ning an elec­tion on total­ly uncer­ti­fied soft­ware. And then Sec­re­tary of State Bowen was able to build on what Kevin Shel­ley had done. Min­neso­ta and its Sec­re­tary of State Mark Ritchie is anoth­er very good exam­ple. In both Cal­i­for­nia and Min­neso­ta there have also been cit­i­zens who have been very active­ly involved. Ohio has def­i­nite­ly improved. There are still some con­cerns with Ohio, but there was a Sec­re­tary of State there who got rid of all the paper­less machines.

In Flori­da, for­mer Repub­li­can Gov. Char­lie Crist got rid of all the paper­less machines. Unfor­tu­nate­ly, there are also laws in Flori­da that make it very, very dif­fi­cult to do a recount. They don’t even allow a recount until after an elec­tion’s been cer­ti­fied, so I think that one of the lessons 2000 taught all the peo­ple in Flori­da is that they don’t want any more recounts, which is the wrong message.

Elec­tion super­vi­sor Ion San­cho was in Leon Coun­ty, Flori­da. Ion had a con­tract with Diebold to pur­chase their machines, and he brought in some secu­ri­ty experts to check the machines before­hand, and they found a secu­ri­ty hole. So San­cho told Diebold about that, and they can­celled the con­tract. There were two oth­er ven­dors, ES&S and Sequoia, who were licensed in Flori­da at the time, and he tried to buy machines from them. Nei­ther of them would sell him machines, at which point the then Flori­da Sec­re­tary of State demand­ed that San­cho return the fed­er­al mon­ey he had for buy­ing these machines, and he was almost fired. I think the only rea­son he was­n’t fired is that there were tests done in Cal­i­for­nia, sep­a­rate from his, that not only con­firmed his find­ings but also found addi­tion­al prob­lems, which is for­tu­nate because San­cho’s a very ded­i­cat­ed and exem­plary elec­tion offi­cial. San­cho has not declared a par­ty iden­ti­fi­ca­tion, but there is a Repub­li­can elec­tion offi­cial in Utah who did some­thing sim­i­lar, and he actu­al­ly lost his job.

The les­son that I think a num­ber of elec­tion offi­cials have learned from the exam­ple from these two gen­tle­men is that you stand up to the ven­dors at your own risk.

Are reform­ers sug­gest­ing any crim­i­nal penal­ties for these companies?

I know a lot of mis­takes have been made in the past. But what I think we need to focus on is the future. We need to fix this prob­lem, and I’d rather not get dis­tract­ed by try­ing to pun­ish peo­ple for past deeds. We need to focus on how we get our­selves out of this mess. We now have third-rate vot­ing sys­tems in use in part of the coun­try, which is unac­cept­able. We have no way of doing recounts in some key states. We have no way of ver­i­fy­ing results in many parts of the coun­try. We have machines that are old, that are break­ing down, that are unre­li­able and that are inse­cure. We’ve got to get rid of them. We’ve got to get decent vot­ing tech­nol­o­gy through­out the coun­try. And we’ve got to get strong laws so we don’t end up in a sit­u­a­tion where half the coun­try’s vot­ers feel that the elec­tion was stolen. That real­ly is unhealthy for a democracy.

Bar­bara is there any­thing that I did­n’t ask you that I should have asked you?

BS: There are issues with vot­er reg­is­tra­tion. There have been online vot­er reg­is­tra­tion sys­tems devel­oped recent­ly, and some of us dis­cov­ered that a cou­ple of them — in Mary­land and Wash­ing­ton state — have big secu­ri­ty holes because the infor­ma­tion they use to authen­ti­cate vot­ers was eas­i­ly pub­licly avail­able, so some­body could auto­mate an attack which would change vot­ers’ address­es with­out their knowl­edge, which could be done on a large scale as a way of selec­tive­ly dis­en­fran­chis­ing voters.

When­ev­er you start mess­ing with tech­nol­o­gy you have to be care­ful and, ide­al­ly, you have to involve some peo­ple who are secu­ri­ty experts to make sure you haven’t inad­ver­tent­ly cre­at­ed a prob­lem in your effort to make things bet­ter. I mean, these online vot­er reg­is­tra­tion sys­tems are intend­ed to make it eas­i­er for peo­ple to reg­is­ter to vote. I think that’s high­ly com­mend­able. But, you ought to ensure that the sys­tem you put in place is secure.

Assum­ing that you’re cor­rect, and that we will have a series of prob­lems this elec­tion, how do peo­ple get involved after the elec­tion to try to keep this thing from hap­pen­ing again and again and again?

There are two things. First of all, I don’t want the mes­sage we’re giv­ing to dis­cour­age any­body from vot­ing because the best way to be sure that your vote does­n’t count is to not vote. Then vot­ers should fol­low up and find out what’s hap­pen­ing where they live, what kind of machines they have, how secure they are, do they do recounts and so on. All of that infor­ma­tion is pub­licly avail­able. Ver​i​fied​Vot​ing​.org lets them see what kinds of machines are being used where they are. If they find out that the machines they’re using are below stan­dard then get involved and try to get these machines replaced by paper bal­lots with opti­cal scans. Elec­tion offi­cials and politi­cians tend to be respon­sive to cit­i­zens when they start mak­ing a fuss. I urge peo­ple to pay atten­tion to this, to get involved with how elec­tions are run and to do what they can to improve our democ­ra­cy. It needs work, and we need all the help we can get.

George Ken­ney, a for­mer career U.S. for­eign ser­vice offi­cer, resigned in 1991 over U.S. pol­i­cy toward the Yugoslav con­flict. He is now a writer in Wash­ing­ton, and host and pro­duc­er of the pod­cast Elec­tric Pol­i­tics.
Limited Time:

SUBSCRIBE TO IN THESE TIMES MAGAZINE FOR JUST $1 A MONTH