Dan Wallach on Electronic Voting Machines

It's been a while since I've written about electronic voting machines, but Dan Wallach has an excellent blog post about the current line of argument from the voting machine companies and why it's wrong.

Unsurprisingly, the vendors and their trade organization are spinning the results of these studies, as best they can, in an attempt to downplay their significance. Hopefully, legislators and election administrators are smart enough to grasp the vendors’ behavior for what it actually is and take appropriate steps to bolster our election integrity.

Until then, the bottom line is that many jurisdictions in Texas and elsewhere in the country will be using e-voting equipment this November with known security vulnerabilities, and the procedures and controls they are using will not be sufficient to either prevent or detect sophisticated attacks on their e-voting equipment. While there are procedures with the capability to detect many of these attacks (e.g., post-election auditing of voter-verified paper records), Texas has not certified such equipment for use in the state. Texas’s DREs are simply vulnerable to and undefended against attacks.

Posted on July 2, 2008 at 6:15 AM • 46 Comments

Comments

Peter GalbavyJuly 2, 2008 6:41 AM

Not being hugely familiar with the intricacies of the US political system, except for what the BBC feeds us, but knowing that we are going down the same inevitable slippery slope in the UK, it shouldn't take a genius to observe and quickly conclude that the companies that make voting machines and allow the flourishing of backdoors and other flaws, while poo-pooing research countering their claims of perfection, are owned and run by the same people who have most to gain by corrupting election results - I believe you call them Republicans ?

Perhaps an airdrop by Dielbold to Zimbabwe might be in order ?

RichardJuly 2, 2008 6:56 AM

Given all this, would it be unethical to make an entire county vote for Snoopy? It sounds like the people need a serious wake-up call.

Scott ShorterJuly 2, 2008 7:08 AM

At the ITIF symposium on VVSG last year, Beirne (or maybe it was Ed Smith from Sequoia) made the argument that "all of these security problems have been solved for military applications, so what's the fuss?" Perhaps it's naive to expect a representative of voting equipment manufacturers to be aware of the differences in the security environment between the military and civil elections.

Of course, the military has no problem with authenticating everybody and logging their actions to ensure accountability. Voting systems, of course, must maintain voter privacy and ballot secrecy - the challenge would be considerably reduced if this were not so.

Dan's article states that "Hopefully, legislators and election administrators are smart enough to grasp the vendors’ behavior for what it actually is and take appropriate steps to bolster our election integrity." It's not really a question of smarts, it's a question of education and interest. I'm sure that the majority of elections administrators are aware of the reported problems, but without pressure from constituents, change is unlikely to be rapid or wide-spread.

Ex-TexanJuly 2, 2008 7:36 AM

"Texas’s DREs are simply vulnerable to and undefended against attacks."

Honi soit qui mal y pense...

Texas ExpatJuly 2, 2008 7:43 AM

Further confirmation that the slogan "Everything is bigger in Texas" just might actually have some truth behind it.

Dan IsleJuly 2, 2008 8:14 AM

Why would anyone want to tamper with a vote? That's about the most un-American thing anyone can do!

Jim A.July 2, 2008 8:25 AM

Personally, having used levers, optically scanned ballats, punched card ballots and electronic voting, my favorite is optically scanned hands down.
1.)There only needs to be ONE fancy, secure (and therefore expensive) vote counting machine per polling place. This is because the time consuming part of voting can simply be done at leasure while sitting down at a table. Feeding the ballot into the reader only takes a moment. This largely eliminates the long lines that often characterized using the lever machines.
2.) Recounts are possible, and random sampling recounts of polling places is possible to ensure that nobody has monkeyed with the machines.
3.) Inthe event of mechanical problems, the voting process itself doesn't change, just store the ballots to be counted later.
Also, absentee ballots can be identical to polling place ballots.
4.) Penciling in a box is less twitchy than the ballot punchers that we used with the punch card ballots.

JMJuly 2, 2008 8:32 AM

I agree with Jim A. Additionally, the optical scan system I've voted with printed an asterisk beside each choice that was detected. The voter then had the option to verify that all of his choices were scanned correctly, and back out/restart if they were incorrect.

Steve ByanJuly 2, 2008 9:33 AM

Jim A. notes:

2.) Recounts are possible, and random sampling recounts of polling places is possible to ensure that nobody has monkeyed with the machines.

This widely-held opinion worries me. Diebold's central tabulator keeps (or at least used to keep) two sets of data, one for the overall election and one for the precinct level, so that a random sampling recount could show correct results while the overall election results could still be hacked. The central tabulator software is the same regardless of whether touch-screens are used at the polling place or optical-scan systems are used.

GWJuly 2, 2008 9:35 AM

@Richard

Given our past experience: SCOTUS would assign those votes to John "Snoopy" McCain.

OFF July 2, 2008 10:16 AM

If the voting were manual and the counting automated, it might work better. Making anything more complex than it needs to be always ensures that it is 1. less dependable and 2. less secure. Or that there is at least the potential for one or both. The Air Force studied aircraft reliability and as complexity goes up, reliability tends to go down. That's why you can't beat the old C-130, it's simple and solid. It's like those old voting machines that served well for decades.

OFFJuly 2, 2008 10:34 AM

This is telling. New machines already being junked. The people are getting sold a bill of goods that isn't so good.
"Things went so swimmingly on election day in Sarasota County, FL, that the county will abandon touch-screen voting in 2008 and return to paper ballots"
"The e-voting machines may have lost some 18,000 votes in a hotly contested congressional race."
http://government.zdnet.com/?p=2731

FrisbeeJuly 2, 2008 10:48 AM

Do you need a fancy technological tool for something that occurs every so infrequently? Assumine 1election/year, you might get 10 uses out of a piece of computer before it degrades.

BobJuly 2, 2008 10:51 AM

"If the voting were manual and the counting automated, it might work better. "

They did that in Florida for the 2000 election. It didn't work so well. Even though the legislature made no provision for a manual recount that didn't stop the courts from ordering one.

Then Congress, working on the FM theory, ("It's Flaming Magic!") strongly suggests that the states implement electronic voting, and provides money. Nobody wants to leave free money on the table, so they buy the fancy new machines.

The virtue is in the craftsman, not the tool. Sometimes, too, the problem is a nut loose on the keyboard.

The problems in Florida were: 1) The Butterfly ballot, which was approved by both Democrats and Republicans. 2) The legislature did not specifically forbid manual recounts, although that probably would not have stopped the courts. 3) The win-at-any-cost-and-hang-the-rules mentality.

OFFJuly 2, 2008 11:02 AM

"Hackers broke into Citibank's network of ATMs inside 7-Eleven stores and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record."
Yahoo News

I recall the sales pitching that said that e-voting machines were as secure as ATM's.

OFFJuly 2, 2008 11:20 AM

MailClad E-Voting doesn't require any secure hardware or networks..
It assumes all are untrusted while still providing total anonymity, security, incorruptibility, verifiable accuracy and simplicity.
"The source code should not be expected to keep the system secure!"
http://www.mailclad.com/index.html

Interesting concept.

++DonJuly 2, 2008 11:27 AM

@Peter Galbavy: Republicans hardly have a lock on election rigging. Both major parties here have a long history of it.

Alice Bevan–McGregorJuly 2, 2008 11:33 AM

There's a simple solution to the corruption. Fight back directly. If /everyone/ hacks the machines to give themselves a favorable result without the knowledge of the other hacks, then it all evens out in the end. :P

OFFJuly 2, 2008 11:43 AM

"Those who cast the votes decide nothing.
Those who count the votes decide everything." Stalin

All the votes count though. Computers are good at the counting.

CaryJuly 2, 2008 11:45 AM

As a previous commenter said, Citibank ATM network was hacked and I remember that most of the companies that make ATM also make Voting machines. (Diebold for one.) And it seems that they have security philosophy of: 'hard crusty shell.' 'We just have to protect the entrance.'

Thanks.

old guyJuly 2, 2008 12:35 PM

It's ironic to read the comment that humans are counted as part of the defense-in-depth that strenghtens the security by the vendor. I guess he doesn't read this blog site.

RonKJuly 2, 2008 1:08 PM

@ OFF

> MailClad E-Voting

It fails at several of its stated requirements:

1) By showing a third party your mailer, you can either sell your vote or be coerced.

2) It isn't anonymous, the mailer codes could be stored by the issuing party.

3) It is easy to DoS someone's vote, merely change his entered code to a random number. In a district with a close race, doing this to a population of voters favoring one of two candidates could sway the result in favor of the second.

Although the person behind the proposal does a fairly good job defining the requirements for a good voting protocol, he fails badly at fulfilling them with his proposal.

RoyJuly 2, 2008 2:37 PM

All it takes to steal the election is to hack the totals.

After the race is won, it won't matter if the composite subtotals don't add up. There won't be any audit real audit trails. SCOTUS will jump the gun and appoint the winner. The people can later agonize over how broken the system is, but the incumbents don't want it fixed.

AnonymousJuly 2, 2008 4:43 PM

Yes, it is your most patriotic duty to show this situation for what it is. Get a whole county to vote for mickey mouse.

When they take you away, please do not mention my name.

I have however felt that tweeking the establishment *is* the most patriotic use of our freedom.

Sean

OFFJuly 2, 2008 5:02 PM

It still depends more on people than computers. If you take people out of the process, all that is left is computers. Take the computers out and all that there is is more work and people like passing that off to computers. Maybe we should just forget it all and go back to old paper ballots and boxes. In the old days they counted the votes by hand and were more careful about it. The computer just lets sloppy people handle the whole thing because they have computers doing all the work. The old method was neater and required thought.

AnonymousJuly 2, 2008 6:29 PM

@OFF
"All the votes count though."

But some count more than others.

"Computers are good at the counting."

Only when that's all they do, and when this can be independently verified.

Davi OttenheimerJuly 2, 2008 7:17 PM

"would it be unethical to make an entire county vote for Snoopy?"

No less unethical than when a cartoon character from Texas "fixed" the presidential election in 2000.

Davi OttenheimerJuly 2, 2008 7:24 PM

For what it's worth, no matter how corrupt and backward Texas might become, I doubt they will ever achieve the absolute corruption of Kansas City elections under Tom Pendergast.

http://en.wikipedia.org/wiki/Tom_Pendergast

Pendergast provides a true American story of how industry, given the opportunity, will use a heavy hand to fix votes for personal and financial gain.

FrancesJuly 2, 2008 8:42 PM

We use optical scanning for municipal elections here in Toronto. It works.

ShepJuly 2, 2008 8:47 PM

Please excuse my ignorance, but why mechanise voting, online or punchcard?

A simple tick or cross seems to work fine here in New Zealand (not that our various systems are perfect).
You can spoil your vote if you choose to turn up. We really don't need tools to do that for us ;)

It seems to me it must be the ideology of American Modernity with a twist to electronics.

They not building hardware I assume, but merely software. That would be totally redundant.

Austria is taking a little turn to the right but also has some of the highest levels of democracy in the world today.

mooJuly 2, 2008 8:56 PM

Voting in the U.S. is much more complicated than in most other countries. They vote for a whole laundry list of things at the same time, like local politicians, judges, etc. Doing it by hand would probably be tedious. By comparison, Canada has it easy---our ballots are for one thing only, and you just mark a single box with a pencil.

But I think the real reason why the U.S. accepted electronic voting is because they insist on knowing the outcome of the election immediately. Although here in Canada, we do get our election results pretty quickly, usually by the time the polls close in the last timezone, the results are clear. Hmm.

OFFJuly 2, 2008 9:05 PM

It might turn out like the Dubai ports deal. All of a sudden some other country is put in charge of our U.S. e-voting system because we can't run it. You'll be voting at Walmart the way things are going.

AnonymousJuly 3, 2008 4:03 AM

Cheers for that moo.
Police Chief Wighams elected isn't he- very scary.
That delay time is when everyone gets together & gets drunk.

AnonymousJuly 3, 2008 7:08 AM

Funny shit.

In most civilized (western) countries simple paper ballots counted by hand worked and still work pretty well. Results are in 2 or 3 hours after the vote ends.
But I guess that's too easy for 'mercins.

bobJuly 3, 2008 7:11 AM

I love this quote "...In a realistic election environment, the technology is enhanced by elections professionals and procedures, and those professionals safeguard equipment and passwords, and physical barriers are there to inhibit tampering...."

May I paraphrase this? - "We have the same security features in effect that we did 20 years ago with paper ballots, despite the fact that REAMS of Doctoral Theses of new attack vectors have been created by the technology."

In my town the "election professionals" are people to whom the $30/day seems like a lot of money; retirees (not insulting retirees, will be one myself [hopefully] in the not too distant future but with my eyesight, hearing and mobility decreasing by the day I wont consider myself much of a security asset), unemployed, students.

My problem is NEITHER guy is worth the effort to vote for. I think they should have a "NONE OF THE ABOVE" choice in ALL elections; and if that choice wins a majority, then the office stays empty for that term; saving $$Trillions and preventing stupid laws (the overwhelming majority) from being created. Face it, the country was a pretty good place already in 1980 (bump it a couple of years either way to throw the kudos to whichever side you prefer to get the credit) and nothing is wrong enough that BIG STEPs (the kind that get somebody different elected) need to be taken to fix it.


@Peter Galbavy: I dont get my UK news from CBS; evidently you should stop using BBC to get your US news. No, President Bush does NOT wear a cowboy hat every day. We did NOT self-inflict 9/11 to raise our defense budget. And the biggest source of fraud in US voting has pretty much been Chicago IL, where Senator Obama [the other team] comes from. The local government there is a direct descendant of the infamous gangster "Al Capone"'s bootlegging gang (which admittedly we did inflict on ourselves when we outlawed alcohol) - where the phrase "Vote Early/Vote Often" originated - and where dead people are known to turn out in large numbers to vote for whatever the Mayor wants.

offJuly 3, 2008 8:47 AM

People vote with their wallets at Walmart. It's not the same as voting for a political person running for high office or low office. Maybe Walmart could just package votes and the person who sells enough gets the office. All the sales money could go to charity instead of the politicians. Instead of Obama raising $50 million, the $50 million goes to a good cause. The way it is now, all the money goes to the media to tell us who is good. The person buying the most media is naturally good to the media. All the stores could do it along with Walmart.

You can't sell your vote, so why not buy it?

Chas, PEJuly 3, 2008 12:26 PM

I had an epipany awhile back: the ballot is whatever is marked permanently by the voter. Everything else is simply counting ballots faster, be it scanners, card readers, whatever. It is the permanent ballot that matters. If there is no ballot, there is no way to subsequently verify the election.
Any chance of a constitutional ammendment requiring a permanent, marked by the voter, record ballot? (hahahh...)

roystgnrJuly 3, 2008 1:10 PM

"Computers are good at the counting."

Yes, they are, when they're correctly programmed. But they're even better at lying about their results. Why don't more people realize that?

Corporate rep: "I'd like my company to take all this election's ballots out of your sight, then count them, then tell you the number we counted."

Smart voter: "What? That's outrageous! How do I know you won't lie?"

Corporate rep: "I'll give you a copy of the instructions we give to our ballot counters."

Smart voter: "And how do I know you don't really give your ballot counters different instructions?"

Corporate rep: "Did I mention my ballot counters are computers?"

Suddenly retarded voter: "Oh, well then, that's perfectly fine! Computers never make mistakes, even when they're told to!"

bobJuly 3, 2008 2:40 PM

As far as I can tell the overwhelming majority of people in the computer industry recoil in horror at the thought of computerized voting machines. But there seems to be a "general public" opinion that we are not to be taken seriously because we are merely computer geeks.

HELLO!?!? Who the hell else is qualified to have an opinion on this besides the people who know how they work??

averrosJuly 5, 2008 5:45 PM

Who cares about vote count when the choice offered is between two shits - one is slick demagogue socialist shit, another is gruff demagogue fascist shit?

The problem with democracy not producing sensible governance for the society is not in the failure to do magic democratic rituals properly, but in the fact that democracy itself is an irrational belief into moral superiority of a large crowd.

we-know-better-dept.July 7, 2008 8:53 AM

"democracy itself is an irrational belief into moral superiority of a large crowd."
Let averros and a few others run things, while the rest of us wait for wise directions to be revealed.

"What could be bad about free wireless Internet access? How about censorship by federally mandated filters that make it no longer “Internet.”"
http://wendy.seltzer.org/blog/archives/2008/06/...

The new policy seems mighty Chinese.

stepneyOctober 10, 2008 3:57 AM

Washington, October8 Rice University in Houston is running an advanced computer security course wherein students are taught just how easy it is to wreak havoc on the computer software used in electronic voting machines.
-----------------------
Stepney

Guaranteed ROI


Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..