Voting Early and Often

TCS Daily ^ | 9/19/2006 | Glenn Harlan Reynolds

[Jane2005]

Can I call 'em, or can I call 'em? Nearly four years ago, I predicted charges of electoral fraud before the polls had even opened in the 2002 elections. I was right, and such charges have only grown louder as in recent elections.

It's easy to dismiss this as the grousing of losers, for the good reason that that's pretty much what it is. But although it's easy, fun -- and basically the right thing to do -- to heap scorn on the purveyors of silly conspiracy theories, we shouldn't stop there. One of the great risks of the modern world is that when a cause is propounded by loudmouthed fools, we tend to dismiss the cause as well as the fools.

But in fact, there are lots of reasons to worry about ballot security. Computers are inherently insecure, and electronic voting machines are basically computers. As this report illustrates (complete with video), Princeton researchers were able to hack a Diebold voting machine in short order. And get this summary of how it turned out:

"1. Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss. We have constructed demonstration software that carries out this vote-stealing attack.

"2. Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.

"3. AccuVote-TS machines are susceptible to voting-machine viruses — computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity. We have constructed a demonstration virus that spreads in this way, installing our demonstration vote-stealing program on every machine it infects.

"4. While some of these problems can be eliminated by improving Diebold's software, others cannot be remedied without replacing the machines' hardware. Changes to election procedures would also be required to ensure security."

And though Diebold gets the most bad press, all electronic voting machines of this type are vulnerable. So the problem is real, even though it's often shouted about by nutty conspiracy-theorist types. And a voting system needs to be secure enough not just for ordinary purposes, but secure enough that reasonable people, at least, won't have serious doubts about its integrity. Our current voting system doesn't pass that test. As a recent article in the Washington Post noted:

"What is clear is that a national effort to improve election procedures six years ago -- after the presidential election ended with ambiguous ballots and allegations of miscounted votes and partisan favoritism in Florida -- has failed to restore broad public confidence that the system is fair."

And as the abstract above notes, to fix this problem we need not only changes to hardware, but to voting procedures.

On the hardware front, I think that it's important that the hardware not only be secure, but also that it be secure in an understandable way. A system using biometrics and fancy encryption -- even it it's truly secure -- is a "black box" to most voters. They can't understand its workings, and must thus take the word of, well, somebody. That's not trust-inspiring, meaning that even if the underlying system actually is trustworthy, it won't be trusted as it should.

It's for this reason that I've previously recommended paper ballots -- they're pretty secure, especially compared to electronic voting machines, and their workings are easily understandable. Paper ballots aren't the only way to achieve this end, but they're certainly a good one, and any alternative method needs to share these characteristics. If, as some argue, people are too dumb to use punch-card voting, then we can use touch-screen machines that punch a card for the voter and then spit it out, so that the voter can inspect it before depositing it in a ballot box. The key is to have a human-readable output that's what's actually counted. And that output should be at least as hard to alter as a paper ballot, and any alteration should be at least as obvious as it would be on a paper ballot. This may cost a bit more, but it's a small price to pay for something that's at the core of our political system.

But moving beyond the hardware, we also need to look at voting procedures. Machine fraud, after all, is only one form of voting fraud. That means we need to work harder at ensuring that voters are actually eligible to vote, and that they don't vote more than once. This means stricter identification processes at polling places, cleaner voter-registration lists, and techniques of the sort used in other countries (finger-inking, for example) to ensure that people don't cast multiple votes.

There has been considerable resistance to these techniques -- interestingly, often from the same people who don't trust voting machines -- but that resistance doesn't seem to have much actual basis. (The notion that minority voters might be intimidated by anti-fraud procedures seems implausible to me, as well as a bit condescending. It's just as plausible that people would be more willing to vote if they had more faith in the outcome's honesty.) At any rate, in a world where I have to show photo ID to buy a beer, requiring something similar for voting doesn't appear to be asking too much.

It seems to me that if people are serious we ought to be able to reach a good compromise -- more reliable voting hardware, along with more reliable voting procedures. If people aren't willing to make that deal, then I think we should conclude that they aren't really worried about fraud.

Glenn Harlan Reynolds is a TCS Daily contributing editor.