Essays in the Category “Elections”

How Secure Is the Papal Election?

  • Bruce Schneier
  • CNN
  • February 21, 2013

Spanish translation
Portuguese translation

As the College of Cardinals prepares to elect a new pope, security people like me wonder about the process. How does it work, and just how hard would it be to hack the vote?

The rules for papal elections are steeped in tradition. John Paul II last codified them in 1996, and Benedict XVI left the rules largely untouched.

Read More →

E-Voting Certification Gets Security Completely Backward

  • Bruce Schneier
  • Wired
  • August 09, 2007

Over the past several months, the state of California conducted the most comprehensive security review yet of electronic voting machines. People who I consider to be security experts analyzed machines from three different manufacturers, performing both a red-team attack analysis and a detailed source-code review. Serious flaws were discovered in all machines, and as a result the machines were all decertified for use in California elections.

The reports are worth reading, as is much of the blog commentary on the topic.

Read More →

Vote Early, Vote Often

  • Bruce Schneier
  • Wired
  • November 16, 2006

In the world of voting, automatic recount laws are not uncommon. Virginia, where George Allen lost to James Webb in the Senate race by 7,800 out of over 2.3 million votes, or 0.33 percent percent, is an example. If the margin of victory is 1 percent or less, the loser is allowed to ask for a recount. If the margin is 0.5 percent or less, the government pays for it.

Read More →

Did Your Vote Get Counted?

  • Bruce Schneier
  • Forbes
  • November 13, 2006

This essay also appeared in the Pittsburgh Post-Gazette.

Danish translation

Last week in Florida's 13th Congressional district, the victory margin was only 386 votes out of 153,000. There'll be a mandatory lawyered-up recount, but it won't include the almost 18,000 votes that seem to have disappeared. The electronic voting machines didn't include them in their final tallies, and there's no backup to use for the recount.

Read More →

What's Wrong With Electronic Voting Machines?

  • Bruce Schneier
  • OpenDemocracy
  • November 9, 2004

In the aftermath of the American presidential election on 2 November 2004, electronic voting machines are again in the news. Computerised machines lost votes, subtracted votes, and doubled some votes too. And because many of these machines have no paper audit trails, a large number of votes will never be counted.

While it is unlikely that deliberate voting-machine fraud changed the result of this presidential election, the internet is buzzing with rumours and allegations in a number of different jurisdictions and races.

Read More →

Getting Out the Vote

Why is it so hard to run an honest election?

  • Bruce Schneier
  • San Francisco Chronicle
  • October 31, 2004

Four years after the Florida debacle of 2000 and two years after Congress passed the Help America Vote Act, voting problems are again in the news: confusing ballots, malfunctioning voting machines, problems over who's registered and who isn't. All this brings up a basic question: Why is it so hard to run an election?

A fundamental requirement for a democratic election is a secret ballot, and that's the first reason. Computers regularly handle multimillion-dollar financial transactions, but much of their security comes from the ability to audit the transactions after the fact and correct problems that arise.

Read More →

Voting Security

  • Bruce Schneier
  • IEEE Security & Privacy
  • July/August 2004

Voting seems like the perfect application for technology, but actually applying it is harder than it first appears. To ensure that voters can vote honestly, they need anonymity, which requires a secret ballot. Through the centuries, different civilizations have done their best with the available technologies. Stones and pottery shards dropped in Greek vases led to paper ballots dropped in sealed boxes.

Read More →

Insider Risks in Elections

  • Paul Kocher and Bruce Schneier
  • Communications of the ACM
  • July 2004

Many discussions of voting systems and their relative integrity have been primarily technical, focusing on the difficulty of attacks and defenses. This is only half of the equation: it's not enough to know how much it might cost to rig an election by attacking voting systems; we also need to know how much it would be worth to do so. Our illustrative example uses the most recent available U.S. data, but is otherwise is not intended to be specific to any particular political party.

Read More →

Voting and Technology: Who Gets to Count Your Vote?

Paperless voting machines threaten the integrity of democratic process by what they don't do.

  • David L. Dill, Bruce Schneier, and Barbara Simons
  • Communications of the ACM
  • August 2003

Voting problems associated with the 2000 U.S. Presidential election have spurred calls for more accurate voting systems. Unfortunately, many of the new computerized voting systems purchased today have major security and reliability problems.

The ideal voting technology would have five attributes: anonymity, scalability, speed, audit, and accuracy (direct mapping from intent to counted vote).

Read More →

Technology Was Only Part of the Florida Problem

  • Bruce Schneier
  • Computerworld
  • December 18, 2000

In the wake of the presidential election, pundits have called for more accurate voting and vote counting. To most people, this obviously means more technology. But before jumping to conclusions, let's look at the security and reliability issues surrounding voting technology.

Most of Florida's voting problems are a direct result of "translation" errors stemming from too much technology.

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.