Denton Scratch June 24, 2019 7:18 AM

“The more cost-effective way and the more secure way is investing in secure hardware that would be available to jurisdictions coupled with open source software.”

And open-source firmware; e.g. Coreboot. But not if that firmware has been messed about with by a government agency.

It’s also not obvious to me that an agency of the DoD (DARPA) is the best choice for a program to develop hacking-proof voting hardware. Nearly all incidences of election manipulation around the world are conducted by the government-in-power. But perhaps the Los Angeles Country project could be made available for free to election authorities nationwide (naturally, after an independent audit has been completed).

This isn’t directly my business; I am not a US citizen. But unfortunately for the rest of us, the election systems used in the USA can have absolutely appalling consequences for the inhabitants of other countries far away from the USA.

Mike Acker June 24, 2019 7:39 AM

my suggestion is: use paper ballots that are easy for people to read and score. this is necessary if we hope to establish confidence: we have NO CONFIDENCE in the integrity of computer electronics. None: zero, zilch, nada.

Using paper ballots we can establish document control: at each precinct: first: record the number of ballots received from the distribution center. record the number of registered voters who appeared and the number of ballots cast. take care to record the number of ballots spoiled as well as the number of ballots un-used.

these figures can now be checked within a few minutes after the precinct closes for voting..


before the election is certified there should be an AUDIT of ( e.g. ) 1% of precincts, selected AT RANDOM. This to be sure the vote scanning machines totals match the actual ballots. this is why paper ballots have to be used: paper ballots will be necessary for the manual audit or for any recount that may be mandated.

If a precinct fails its audit that will have to go to problem analysis. if the ballot counting machine reported the wrong totals then the audit will have to be expanded so as to dtermine the damages.

Winter June 24, 2019 10:36 AM

It seems to me that the main problem of the US voting system is a lack of resources leading to too few polling stations with waiting times in the hours and a lack of resources to count the votes. The voting computers are a tool to speed up the voting process on the cheap. Security is expensive, so that falls by the wayside.

These problems distort the outcome of the elections. The incumbents are now relying on these distortions to get reelected.

In short, a solution to the problems would put incumbents at a disadvantage. Therefore, I would be very surprised if anything effective was done.

Clive Robinson June 24, 2019 11:20 AM

@ Winter,

You forgot to mention the media haste for results.

The US voting system is not “sudden death” for those currently holding office, thus you have the some what quaint “President Elect” who only gets the job two months after the “President in Office” gets to make pardons and do other things such as “salt the earth” for the President Elect…

Thus why on earth does their need to be a rush on election days?

There are over 330million people in the US which by age criteria suggests something like 3/4 – 4/5ths should be able to vote…

Thus something like 250 million people in around half a day call it 2 million an hour. If it takes 10minutes from in the door to out the door then you would be looking at around 1/3 of a million votes in progress at any one time.

But for some strange reason the MSM want the results faster than is humanly possible, and candidates and their supporters want their parties to start as soon as possible so the winners can dance the night away etc.

But this unseamly haste makes a security nightmare especially with a rising head of population (other Western Nations have falling populations).

Thus as there is no need to make the voting window so small, you have to ask are there other people that benifit by making not just the security but actual voting process a nightmare?

Unfortunatly it would appear that some politicians see not only manipulating the voting districts (Gerrymandering) but also the location of voting stations etc a way to gain advantage. Hence I suspect they see making the voting process a nightmare advantageous especially if the distribution of places to vote is also Gerrymandered in some way…

What ever way you look at it you can rightly claim it is an undemocratic process compared to other places.

Cliff Crabtree June 24, 2019 12:04 PM

Also you might want to read “CODE RED: COMPUTERIZED ELECTIONS and the WAR on AMERICAN DEMOCRACY” by Johathan D. Simon.

Cliff Crabtree June 24, 2019 12:16 PM

All the things recommended in the report are good maybe required, but if we cannot verify the vote then nothing else about voting really matters. Without hand marked paper ballots we cannot verify the vote.

Tony June 24, 2019 12:37 PM

@Mike Acker I’d worry about trusting a vote counting machine based on an audit of a small number of votes. Remember that Volkswagen fixed their cars to pass emission tests by be able to tell the difference between a test and being on the road. A hacked scanner could be programmed to give the correct counts when the total number of ballots is small, but give the biased count when fed the full precinct.

VinnyG June 24, 2019 12:46 PM

@Clive Robinson re: “President-elect” – There are all sorts of distortions that result from the “lame duck” effect, and not only on the office of the US President. The original reason for the delay(s) is rooted in the time it took for an electee to travel from his home district to District of Columbia when the method of transportation typically involved one or more four-legged animals. I’m not certain that any of that is necessary or justified today. Perhaps it could be eliminated without the usual baggage of unintended consequences…

AlexS June 24, 2019 1:36 PM

I think Clive Robinson’s got the right idea — I’d rather the results NOT be reported for a week and be correct than the media feeding frenzy that starts with pseudo-science exit polls to preliminary results to ‘final’ results that get contested, litigation ensues, etc.

I’m not sure about other states, but at least in my part of Florida, we use hand-marked paper ballots, similar to the ScanTron machines from schools. At the very least, there’s a paper trail which can (and should) be manually verified.

Realistically, hacking voting systems to alter vote results is still a more Hollywood plot than reality. Most of the fraud happens at the polling places (and some voting offices), like Miami-Dade where dead people vote early & vote often.

John June 24, 2019 5:05 PM

Actually, it’s even worse. They needed a time delay long enough to travel to the Capitol, travel back from the Capitol, and finally travel to the Capital yet again. The first trip was to get the electoral college together in the Capital. And the remaining two trips were to get the final results back out and the new president back to the Capital… And this was during the winter when travel is more difficult.

Keith Rettig June 24, 2019 6:36 PM

Can someone clarify for me why you wouldn’t simply want to do voting like we do in the State of Washington?

I get my voting pamphlet about a month before the election mailed to my home (addressed to me at my registered address which I can fix up to about a month before to still get it in time).
I can register to vote until 8 days before the election via mail or online. I think the day of if in-person.
I get my ballot sent to me about 12 days before Election day. I can send it in via mail for free; just has to be postmarked by Election Day. I can drop it off at voting boxes around the city until 8 PM on Election Day.

Completely convenient for me.
Completely traceable since it is a paper ballot; I can go online to verify that my ballot was received (if I save the top of the ballot that has the identifier on it).
I have never had any doubt of the security of my vote.

As I understand it, it is far cheaper than any other method as well.
Why would you not do it this way?
Oregon has taken it a step further with automatic registration based on your driver’s license. Very easy; especially given that every state is supposed to meet RealID requirements.

Petre Peter June 24, 2019 7:38 PM

Even if US stays with paper ballots which offer an easy trace,It would be impossible for every individual to verify the count of the election. At some point we’d have to trust somebody else with the count regardless if it’s a person with pen and paper or one with a keyboard. The main issue is trust-who can be trusted with counting the votes?

Winter June 25, 2019 12:07 AM

“The main issue is trust-who can be trusted with counting the votes?”

This problem has been solved long long ago. In every country with a functioning democracy, poll stations are run by representatives (volunteers) of all participating parties. They also do the counting.

I am surprised people in the USA have forgotten this very simple and effective method. Or maybe representatives of the two parties in the USA would not be able to agree on a count?

Ergo Sum June 25, 2019 6:48 AM


Thus something like 250 million people in around half a day call it 2 million an hour. If it takes 10minutes from in the door to out the door then you would be looking at around 1/3 of a million votes in progress at any one time.

The Census Bureau statistics for 2018 election shows 249,748,000 eligible voters. Your estimate is right on money. On the other hand, you did not take in to account how many of them actually voted. The same source states that 49% of the eligible voters actually voted. That’s still 150,000 votes in progress at any one time.

Except that there are rush-hours at the voting places, since people try to cast their votes before and/or after working hours. There are few states where election day is a holiday, but my state isn’t one of them.

I would not even attempt to cast my vote during the rush-hours. It takes way to long to stay in line. In my semi-retired life, I cast my vote during daytime where the lines are shorter, bringing along my grand-kids. One of the reason why the process is rather slow is the election officers. They are volunteers with no pay, most of them are retired, and some of them takes a long time to verify my identity/voting eligibility. Most of the times, I point out my name to them on their printed out spreadsheets.

The other reason is the paper ballot, where I actually cast my vote. Once finished, I take to the copy machine, that digitize the vote, presumably uploaded somewhere and my votes added to the candidates. Once my paper ballot leaves the copy machine, certainly, there are ways to change my vote in the tabulation process. Albeit, the might be some preventive measure to misrepresent the voting records, like the voting place manually counting the paper ballots to verify the electronic record, having both DNC/GOP representatives as heads of the polling station, but I am not aware of that process. Maybe I should volunteer to be an election officer and peak at the process in 2020…

The results can be challenged by candidates, but it is a long and costly proposition. The first such a recount of the votes costed $3.9M in total, with close to $1M for the challenger.


Challenging the results is really not a deterrent to voting fraud.

Since the election can be rigged on a number of different ways, there’s no reason not to have instantaneous results. The earlier the results are reported, the easier to have people accept the results. I’d venture to say, that if the people would need to wait a week or so for the results, they more likely would believe in fraud/rigged. After all, the US is an instant gratification society, where we cannot even wait until tomorrow to have the results, much less waiting for weeks…

Clive Robinson June 25, 2019 7:26 AM

@ Ergo Sum,

After all, the US is an instant gratification society, where we cannot even wait until tomorrow to have the results, much less waiting for weeks…

And there in is the trap…

Look at it this way, voting machines are an expensive item that get used very infrequently thus have both a high capital cost and storage cost but low utility.

Thus fiscal prudence says “minimise cost” which boils down to minimise the number of voting machines what ever they might be (direct or indirect input to the tallying systems).

The thing is about scarce resources –as we see with China- they can become a very very effective weapon of control.

So let me say I’m the incumbrant of party A I can see where most people who voted for me are based geographically. So lets say I favour those areas with more than the average number of machines.

That means I make voting easier for party A supporters and less easy for party B supporters in a two party system.

Which has the knock on effect of increasing party A voter turn out with respect to party B voter turn out.

But I can make that differential greater with a little stratigic Gerrymandering I can also make the sites for party A voters in places where they are more convenient, whilst those for party B a lot less convenient.

But there is a usefull “knock on effect” from vote to vote. The machines are a scarce resource, so I can use the excuse of greater turn out in the favoured areas to move more voting machines into the party A voting areas and less into the party B voting areas. Thus over a few votes making it even easier for party A voters and even harder for party B voters.

Even if it only favours party A areas by one or two percent in voter turn out in a two party system that can be a major advantage and can swing a vote very easily.

Unless you look very specifically for this type of Gerrymandering it will not show up in the voter statistics or any other vote related statistics except in the turn out differential. And that differential can easily be argued was down to better campaigning or more money spent etc…

So yes there are a lot of dirty tricks that an artificial scarcity of voting machines can be used to fascilitate.

It’s just one reason some countries vote at weekends and others fine those who do not turn out to vote. Oh and other countries get “party members” in egual numbers to run the voting process from door in to final tally, including recounts.

Personally I’m in favour of both the first measures because it puts a reverse on the trend of “rich voting, poor not” that is becoming more and more prevelant as artificially created austerity makes the poor poorer and more fearfull and the rich richer and more secure (as they become rent seekers with unearned income gained off of assets etc).

As I live in a country where the various parties help run the process I’ve a certain degree of fondness for that, if it’s done properly (which it has not on some occasions that have led to criminal prosecutions).

parabarbarian June 25, 2019 10:40 AM

Paper ballots are not much of a solution. Politicians were stuffing ballot boxes long before there were electronic voting machines.

VinnyG June 25, 2019 1:44 PM

@Winter re: poll stations are run by … all participating parties. … (who) also do the counting.
So, would you say that, should enough of those representatives be bribed or otherwise coerced to misrepresent the count that the election results are altered, the result is equitable, because the party of the candidate who would otherwise have won should have done a better job of picking incorruptible poll workers? Or do you contend that such an event is highly improbable or impossible?

Winter June 25, 2019 2:56 PM

“So, would you say that, should enough of those representatives be bribed or otherwise coerced to misrepresent the count that the election results are altered,”

If the parties themselves are corrupt, why bother changing the votes?

The ballots are aggregated and stored for recounting, and there are exit polls. To make a difference, you would have to compromise a lot of polling stations. And all representatives (actually, volunteers) had to conspire, because a single member talking would bring down the police. And these are not “observers”, they are the one actually running the polling station.

In summary, to make a difference, you would have to compromise a lot of PARTY MEMBERS, in secret. And it is a crime, so even a rumor would bring in the police.

Winter June 25, 2019 2:59 PM

“Politicians were stuffing ballot boxes long before there were electronic voting machines.”

But it is easy to make ballot boxes where you can check whether they are empty.

Thunderbird June 25, 2019 5:48 PM

Realistically, hacking voting systems to alter vote results is still a more Hollywood plot than reality.

I suppose your reasoning is “if it were happening, it would be reported.” But that assumes that each occurance has some probability of being detected, so if there are no reports, we can be confident that less that $SMALLNUMBER of fraudulent votes happened. But–unlike the dead voting early and often, where each event is one vote–a single event potentially alter a large number of votes. So, I’m not quite so confident.

Cliff Crabtree June 26, 2019 9:18 AM


Realistically, hacking voting systems to alter vote results…

The vendors providing support have access to these systems.
Hacking is not necessary when you have means, motive, and opportunity.

…to alter vote results is still a more Hollywood plot than reality.

There is strong statistical evidence that this access has been used to alter the vote since 2002. Much of that evidence is available in the book “Code Red:”

Joseph June 26, 2019 9:09 PM

@parababarian wrote, “Paper ballots are not much of a solution. Politicians were stuffing ballot boxes long before there were electronic voting machines.”

Whether we use paper or electronic ballot, the propensity for a democracy to be hijacked remains very high. This is one of the reasons why it is easy for the US of A to influence or “meddle” in democratic elections all over the “free” world in support of our handpicked candidates.

Back in our homeland, we are not immune to this type of “attack” in our own democratic process as it’s proven that both sides of the two-party system perpetrate it. The problem will persist whether we use a paper or electronic system because the root cause is the intent not the method itself. Either way, people will find a way to cheat. It’s only a matter of whether they are exposed or not.

Sancho_P June 27, 2019 4:30 AM

Election security is a red herring.
Honestly, are we talking about an undetected failure of one or two percent of the votes?
Or 5 ? Or even more? Closer to 10% ???

This would be easily mitigated:
Set a minimum margin of 10% for a party / candidate to win the election.
If the difference is less: All options are bad, stick with the incumbent.

That would have probably saved us a lot.

With any democratic system there are two basic flaws:
The options/candidates, and the voters.

Two Cents June 29, 2019 7:18 AM


The first trip was to get the electoral college together in the Capital. And the remaining two trips were to get the final results back out and the new president back to the Capital…

You are not clear which Capitol you are referring to but if you refer to the national Capitol you are incorrect. The Electoral College never meets as a body. Rather:

The Electors shall meet in their respective States, and vote by Ballot … and transmit sealed to the Seat of the Government of the United States, directed to the President of the Senate.

As originally written in Article 2 section 1:

As amended in 1804 (the part I quoted above did not change):

Of course, this would, if anything, probably make the process take even longer when travel and communication was slow.

For the record the period between the election and inauguration used to be even longer. In 1933 both the start of a Presidential term and the start of a new Congressional session was moved from March to January:

WhiskersInMenlo June 29, 2019 10:29 AM

There are multiple issues most of the ones we see are product and marketing driven.
Another group is cost driven at both ends of the $$ range.

Some want to sell up $$$$$ and others want to save money.
These $$ centrist views can miss the real issues.

I am a fan of hand marked ballots. The ballot can be designed and formatted with a
common word processor. Paper security tech is well understood from the view of hand written paper checks. No tiny #2 pencil 1950s friendly optical scanner red boxes. Mark them
as one might a Bingo card or Keno ticket.

Today optical readers can read almost anything. So as long as a human can read the ballot the odds are a machine can read it. Perhaps readers in the field can send a video stream to a central decoder that can process the stream inside of 24 hours. Two/three readers, two/three decoding systems for check and redundancy.

The false urgency drives automation. Legislation needs to step on this fabricated urgency and remove the expensive overtime and dangerous late night flashing light transport.

The current crop of systems run on old generation hardware (state of shelf two+ years ago) and run software that is less than ideal to this purpose because MS has declared it history yet the service life of the hardware is a decade per the vendor. At least the finances write it down for much longer than the hardware+software justifies.

Mail in and internet… ballots. Mail-In ballots seem OK but we under count military and other absentee ballots universally. Partly as a response to false urgency demands but such ballots are still badly managed and under counted.

Audit and privacy. A tear off ticket that allows verification that a ballot was cast has risks. To do so correctly it also has the ID of the voter and allows retribution. There is no tidy way to back out and recast a ballot that was incorrect without exposing the voter’s identity. We already see individuals publicly attacked and sacked from employment because they made a $10 donation to a political cause and are thus on record.

Chain of custody… physical hand marked ballots and normal law enforcement chain of custody processes seem obvious. Interested parties can apply their own seal at the polling place and verify that it is intact at each transfer point. If law enforcement chain of custody tools and processes are fragile we have a larger problem.

Laws… some of us think this is an issue of federal law. In our republic this is a states rights issue as the recent gerrymandering SCOTUS decision reminds us. By tying physical hand market ballots to law enforcement chain of custody procedures flaws in either are near equal footing and fixing one helps the other.

Cost of voting systems is high but dwarfed by the training and consulting fees. The companies are large and do involve interstate commerce so at that level there is some federal oversight potential.

One brand of machine marks ballots with barcodes for speedy reading. They are computers with printers. They could also print the vote in text with the bar code. By law the text that a human can read should be the vote. OCR tech can cross check the bar code and cross check the system and as long as the physical record is intact a recount is possible.

An under stated risk is local politics has more skin in this process than many consider. Dog catcher, sheriff, prosecutor, local judges are the most likely troublemakers in all this. the small town wear lots of hat guys are mostly honest but not all. Any system needs to think big and small in all this.

The other challenge is privacy and marketing of candidates in the world of big data. People are complex and with last mile internet targeting the information bubbles are ripe. ISP data and even editing on the fly of content or IP addresses is not to be discounted.

Tracy Valleau July 26, 2019 1:36 PM

I came here to propose what turned up in Keith Rettig’s post.
My suggestion: do away entirely with polling places, and hence the weak spot of electronic voting machines. Send everyone a ballot, and postage optional return envelope. I’ve voted by mail in California for decades now. Pretty sure no bad actors hacked my ballot.

Then tell the television networks “tough luck” – no instant results.

At the very least, prevent the networks from their state-by-state “here’s who won” coverage. It only -discourages- voting.

I’d happily wait a few days to learn the results, if the results were more secure.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.