I’ve blogged for a while about voting machines and my concern about the mechanics of our democracy. The issue is best expressed to me by Tom Stoppard’s great quote from ‘Jumpers‘:
George: Furthermore, I had a vote.
Dotty: It’s not the voting that’s democracy, it’s the counting, Archie says.
Which is, of course, a rehash of Josef Stalin’s insight:
“It is not the votes that count, but who counts the votes.”
Today the L.A. Times had an article on voting machines, and it descends into a fine, Patterico-worthy, mess.The article opens:
Five years after the vote-counting debacle in Florida suspended the election of a new U.S. president, California and other states are embroiled in a contentious debate over how voters should cast their ballots.
The maligned punch cards that snarled the 2000 count are all but gone. But with electronic machines under attack as unreliable and vulnerable to hackers, there is little consensus about what the new technology should look like.
That has left many counties nationwide in turmoil as they struggle with unproven technology while state regulations remain in flux and the federal government offers minimal guidance.
In some places, voters are facing their third balloting system in five years.
Note that the story simply states the claims that the systems are unreliable and vulnerable to hackers…classic “he said, she said” journalism.
The problem is that the vulnerabilities are real, well documented, and put forth by serious people whose claims have not been meaningfully refuted. The article just flat skips over this point…bad writing, or bad editing?
Adding to the difficulties was the unexpected emergence of security as a central issue in the modernization debate.
Soon after 2000, a cadre of activists and computer scientists began raising alarms that electronic systems could be breached by hackers who could change election results with just a few keystrokes.
Critics focused much attention and suspicion on Ohio-based Diebold, the industry leader, whose chief executive had written in a fundraising letter that he was committed to helping President Bush carry Ohio in 2004.
Many elections officials and manufacturers initially dismissed the activists, arguing that the new systems were more reliable and tamper-proof.
“There was a level of trust with vendors, who said, ‘Don’t worry; it’s a computer,’ ” said Pam Smith, nationwide coordinator for the Verified Voting Foundation, one of several advocacy groups.
“It would have been good for people to recognize that these were computers. And as such, they were subject to all the glitches and errors and vulnerabilities,”
To date, there has been no verified tampering with an electronic voting system during an election. But the controversy has had an effect.
Two years ago, California’s then-secretary of state, Democrat Kevin Shelley, announced that electronic voting machines would be required to produce a paper record of each vote. Today, more than half the states require such records, according to Verified Voting.
It would have taken the reporter – Noam Levey – about an hour with Google to find reputable computer scientists who have legitimate, profound concerns about the state of voting machine technology, as well as a core set of concrete recommendations about how to fix them.
Take Avi Rubin, of Johns Hopkins (pdf).
Or Douglas Jones from the University of Iowa.
Or Bruce Schneier.
I could go on, but breakfast is waiting…
There’s an interesting post on what this shows about the media in general, but I’ll leave that for Jeff Jarvis. There’s an interesting post on what this shows about the Times, but I’ll leave that for Patrick.
The real issue here is that the Times has laid out the problem with e-voting as though it was a simple issue of diligent government workers facing competing interests, rather than making any effort to dig into the facts.
I do computer stuff for a living, and I can tell you with absolute certainty that no business accounting system with the kind of vulnerabilities documented in a variety of e-voting systems – not just Diebold – could be used for corporate finance or controls, because the officers involved would have major liabilities under Sarbanes-Oxley.
And we want to run our country with this stuff?
When you are talking about millions of votes (or anything) the problem is there is no such thing as an exact measurement. The counting will behave as a complex system. It only really works if you can gray out the sausage making, because once you start studying any one moving part too closely the flaws start to become apparent. Florida is a classic example. If you start with a certain number of ballots in a single district you will find flaws. It then becomes apparent that the other ballots in the district are at risk. They have flaws. Then other districts come into play. Entire states. And its true. You could hand recount the entire country and find just as big a mess as they did in one county in Florida, worse in many places. Note, I dont think this is only a technical obsticle. It is a form of friction inherent in the system. Fraud must be agressively defended against, true, but if perfection is the level of protection to ensure there is no fraud, we might as well give up now.
The voting system must not only be accurate; it must be *perceived* to be accurate. The existence of “black boxes” mitigates against the perception of accuracy.
Seems to me that paper ballots would be preferable. What is the problem if the counting takes a few more days, or even weeks? This is *not* a situation where time is of the essence…we’re not talking about the air traffic control system here.
But if we must have voting machines, then they should be as simple and transparent as possible. This means a minimal application and a minimal operating system, with source code published openly, and with ways in which local officials can easily verify correct operation (push the button and watch the counter count..)
AL — You’ll find this organization — verifiedvoting.org — of interest, started by among others a Stanford prof of computer science. They’re pushing for state-level legislation and/or regs requiring auditable papertrails and are tracking the status in each jurisdiction (see map of US). You might add to your list of folks concerned about this issue, the Carter-Baker commission on electoral reform. You rightly note, this isn’t the exclusive preserve of the tinfoil hats folks.
This isn’t about getting the results accurate to the fifth decimal place. As D Foster points out, a perception of accuracy/ability to verify is critical for democratic legitimacy.
Did Diebold make the voting machines used in the 2004 election in Ohio?
bq. “no business accounting system with the kind of vulnerabilities documented in a variety of e-voting systems – not just Diebold – could be used for corporate finance or controls,”
What database backs your corporate accounting systems? A frightening amount of the financial world’s software is based on exactly the same platforms as these suspect voting systems, and vulnerable to many of the same attacks.
h2odragon –
Really? I’m not aware of a lot of corporate systems that run on MS Access…
A.L.
A.L., true, but alot of corporate systems run on Windows, which is where the vulnerabilities are.
This too is something of a red herring, because corporate back office security is largely a matter of _network_ security, not OS or application security.
There is no system which is so secure that corporations would put it directly on the internet and count on it not to be compromised. Modern network security architecture is “defense in depth” and resembles the layered tiers of trenches on the western front in WWI.
But back on topic: I think a paper audit trail is the single most important issue. In most cases it won’t be needed; in those counties of N residents where 2.7 * N votes are cast, it will be good to have.
Machine countable paper ballots. They use them here in Australia and in several smaller states in the US…Alaska I am pretty certain is one. Anything the machine can’t read gets kicked out and can be evaluated by humans. And you still have all the ballots and can hand recount every one in front of a committee representing all interested parties if you absolutely have to. The original is the original, not a paper trail. It seems to me that is a scalable solution. More reading machines in high population areas. I remember voting in NYC with machines in the 60s. They opened them and read off the numbers – you had to just trust the witnesses who swore that all the number started off at zero and that the machine worked correctly. An electronic machine that makes a paper record is acceptable if it can’t be diddled. But no electronic only ones. There is no way to really know if they have been gotten at.
Lgude,
We use something like this here in my county in WA state, USA. Of course it isn’t fraud-proof–what could be–but it has the basic good qualities that you recommend.
One of the reasons for the high interest in computerized systems in the US, that people in other places may not appreciate, is how darn self-governing we are and how many items we therefore vote on, even in an off-year election. Hand-counting paper ballots would take weeks and weeks of expensive (or increasingly-rare volunteer) effort.