By Susan Q. Stranahan
On November 2, millions of Americans will vote on computers, many of which may be vulnerable to partisan hackers, disgruntled poll workers, or anyone else with a desire to alter the outcome of the election, writes Ronnie Dugger in the current issue of The Nation. “The result,” he says, “could be the failure of an American presidential election and its collapse into suspicions, accusations and a civic fury that will make Florida 2000 seem like a family spat in the kitchen.”
Dugger’s detailed analysis of the problems of electronic voting and the potential for fraud and error would seem to be a crucial election story of 2004, full of the stuff journalists love — hints of skullduggery, cronyism, and conflicts of interest. But, with a few exceptions, the advent of e-voting has remained an issue hovering persistently beneath the media’s radar.
The stories that have appeared largely have been local, piecemeal and rarely rise much beyond the “he said/she said” level of reporting. As a result, the public — to the extent that it’s even aware of the controversy — is left to its own devices to figure out a complex issue, with considerable ramifications.
New York Times editorial page writer Adam Cohen is one of the very few who has delved into the subject, spending much of the year writing about the “mechanics” of democracy in a series entitled “Making Votes Count.” Electronic voting — and its lack of accountability — has been a frequent topic.
Cohen, a lawyer with an interest in politics and technology, opened his series last January with this warning:
The morning after the 2000 election, Americans woke up to a disturbing realization: Our electoral system was too flawed to say with certainty who had won. Three years later, things may actually be worse. If this year’s presidential election is at all close, there is every reason to believe that there will be another national trauma over who the rightful winner is, this time compounded by troubling new questions about the reliability of electronic voting machines.
This is no way to run a democracy.
Given the media’s lack of interest in the subject, it can also be said: This is no way to cover one, either. Come November, can you be sure that your vote will be accurately recorded? It seems a rather fundamental question that cries out for an answer.
About one-third of the expected computerized vote this fall will be tabulated by touch-screen machines that will provide no paper trail of a voter’s choices, and, as a result, are vulnerable to tampering. Writes Dugger: “The United States therefore faces the likelihood that about three out of 10 of the votes in the national election this November will be unverifiable, unauditable and unrecountable.”
In Florida, where the outcome of the 2000 presidential election remained in limbo for 36 days due to voting irregularities, more than half the state’s voters will rely on paperless touch-screen systems. Florida is a crucial swing state, with its winner garnering 27 electoral votes — 10 percent of the total needed.
Ironically, it was the chaos of the Florida returns four years ago that catapulted the nation towards electronic voting. In 2002, Congress passed the Help America Vote Act, and when President Bush signed it, he declared that “when problems arise in the administration of elections, we have a responsibility to fix them.” But, as the Times’ Cohen noted earlier this year, the president’s budget provided only $40 million of the $800 million promised by Congress for election improvements at the state level. Wrote Cohen: “[N]either the president nor Congress is very serious about fixing the system.”
Some states scrambled to switch to electronic voting, and for the limited federal funds to buy new equipment. About 20 percent of the nation’s 3,114 counties will have switched completely to computerized voting by November, according to Election Data Services, Inc., a Washington, D.C. research company. (Some of those machines offer a printed copy of the ballot as a backup; some do not.)
But the states also discovered that there are no federal guidelines or security standards for the equipment. That will come at a later date, long after this presidential vote. (The Election Assistance Commission, appointed by President Bush to set those standards and oversee the transition, has been slow to get organized, in part because of a lack of funding.)
The electronic voting market is dominated by a handful of companies, which stand to make huge profits from the shift to touch-screen computers and the software that runs them. Nearly 100 million votes will be cast on the computers operated by this tiny group, which has aggressively promoted its product and just as vigorously defended the secrecy and reliability of its technology.
Diebold, Inc., of North Canton, Ohio, holds about 45 percent of the equipment market. Its track record thus far has been less than impressive, and not necessarily reassuring. As Dallas Morning News reporter Vikas Bajaj noted (registration required), Diebold has “become a lightning rod for the industry”:
In April, California Secretary of State Kevin Shelley, citing security concerns, banned Diebold machines in four counties. He has also required that any electronic voting machines the state buys must have verified paper trails.
Ohio’s legislature in May required that all electronic voting machines have paper trails by 2006. In July, the state’s secretary of state, J. Kenneth Blackwell, stopped the use of Diebold machines in three counties, saying they hadn’t met security requirements.
Diebold’s problems don’t stop there. Critics cite a fund-raising letter written last year by the company’s chairman and chief executive, Walden O’Dell, who said he was “committed to helping Ohio deliver its electoral votes to the president.” He has since apologized.
More worrisome to many experts, however, is the apparent vulnerability of the so-called source code used in the Diebold machines. “Given the gravity of the security failings the computer security community has documented, it is irresponsible to move forward without addressing them,” Dr. Avi Rubin, a computer science professor and technical director of the Information Security Institute at Johns Hopkins University told a House committee last month.
As Knight Ridder’s Sumana Chatterjee wrote: “The main problem, according to Rubin, is that there’s no way for election officials to be sure that electronic machines are free of codes designed to manipulate results. Companies are reluctant to share their ‘source code,’ the proprietary software that controls voting and tabulating results, so their software can be checked independently.”
Backers of computerized voting — among them many state and local election officials — dispute the critics’ worries about vulnerability. Chatterjee quoted Linda Lamone, Maryland state administrator of elections, who also testified before the committee: “Although any electronic voting system is hypothetically ‘hackable,’ I am confident that the likelihood of this occurring is extremely remote.” Hackers would need a working knowledge of the software’s specific programming language and gain physical access to computer servers and voting machines, she testified.
Unlikely, maybe, but the first of those two conditions has already been met. Bev Harris, a Seattle literary agent and voting rights advocate, has become something of a legend among critics of e-voting. Miami Herald columnist Jim Defede wrote about Harris last month: Concerned about the lack of security, Harris Googled Diebold, hoping to find a computer engineer or programmer who could put her fears to rest. Instead, she stumbled across a link to 40,000 files of the company’s ultra-secret source codes, which she downloaded and posted on her own web site, asking experts for help in analyzing the information. Diebold obtained a court order shutting down her site. Ultimately the codes were posted on the congressional website of Democratic Rep. Dennis Kucinich. Diebold claims the code was outdated and no longer in use.
In Georgia during the run-up to the 2002 Senate race, as The Times’ Adam Cohen reported, Diebold machines were plagued by hardware and software problems, and the company on several occasions sent “patches” — programming updates — for installation. (The software was installed without the required review and approval by the Georgia Secretary of State.) When the votes were counted, Sen. Max Cleland, a Vietnam war hero and triple amputee, who held a strong lead in the polls before Election Day, suffered a decisive loss to challenger Saxby Chambliss (who also ran ads picturing Cleland with Osama bin Laden). Critics, like Bev Harris, questioned whether the patches could have converted Cleland votes into Chambliss votes. Because there was no paper trail, there was no evidence to prove or disprove the allegation.
In his series, Cohen notes that the secrecy over source code may be a red herring. Source code can be produced, if authorities insist. Nevada gaming officials have instant access to source codes and all equipment at casinos in the state without compromising proprietary information. Ironically, he says, “gamblers are more protected than voters.”
Critics of e-voting come from two camps — a growing number of local activist groups around the country which last month sponsored a national “The Computer Ate My Vote Day,’ and computer security experts. The Nation’s Dugger quotes one of the most outspoken, Dr. David Dill of Stanford University:
Last fall during a public talk on “The Voting Machine War” for advanced computer-science students at Stanford, Dill asked, “Why am I always being asked to prove these systems aren’t secure? The burden of proof ought to be on the vendor. You ask about the hardware. ‘Secret.’ The software? ‘Secret.’ What’s the cryptography? ‘Can’t tell you because that’ll compromise the secrecy of the machines.’ … Federal testing procedures? ‘Secret’! Results of the tests? ‘Secret’! Basically we are required to have blind faith.”
Dugger also quotes recent testimony from Johns Hopkins’ Avi Rubin to the federal Election Assistance Commission: “I do not know of a single computer security expert who would testify that these machines are secure.”
Advocates of e-voting have portrayed criticism as coming from a handful of unhappy academics, or as being motivated by partisan politics — claims the media have largely bought into. Among the chief proponents of the new system is Gov. Jeb Bush, who presided over the 2000 debacle from which his brother emerged with an official winning margin of 537 votes. As the Miami Herald reported last month, Gov. Bush has suggested that, as the paper put it, “people who repeatedly raise questions about the touch-screen machines were doing it to motivate their voters in the upcoming presidential election, in which Florida will be a battleground state.”
But that’s not necessarily true elsewhere. The Republican secretaries of state in Nevada and Missouri — both expected to be hotly contested this fall — have expressed concerns about the reliability of the equipment. As a result, they have required that touch-screen voting machines also be equipped with a “voter-verified paper trail” in November. (This is an inexpensive add-on to the machine, which allows a voter to confirm manually his or her vote before it is cast; that confirmation is retained independently of the computer tally in the event a recount is required.) It is this type of backup that Adam Cohen and others believe will eliminate many of the potential problems with e-voting.
Nevada’s 2,000 electronic voting machines will all come equipped with printers this fall. Secretary of State Dean Heller told the Associated Press that paper receipts are “an intrinsic component of voter confidence.” Nevada is the first state to institute such a policy statewide. Nationally, legislation requiring printed backups is pending in both the House and Senate — but no action is expected before November.
So, the question remains: Will this year’s contested presidential election proceed smoothly, or will the scenario be closer to what a letter-writer to The New York Times predicted: “[T]he havoc wreaked by the butterfly ballot [in 2000] will soon be compounded by a plague of worms, the kind encoded in electronic voting machines that leave no ‘voter verified paper trail.’”
No one knows. But it sure sounds like a story worth pursuing by more than a few lonely souls like The Nation’s Ronnie Dugger and the Times’ Adam Cohen.
Susan Q. Stranahan wrote for CJR.