November 19, 2003
Embarrassing Problems in Touch-Screen Voting
The more I hear about the touch-screen voting system from Diebold Election Systems, the less I like it. Yes, I used the system myself in the local elections on November 4th, and purely from a user-interface standpoint, I did find it a vast improvement over the old punch-card ballots. However, I noticed a few disturbing problems, which I'll get to later.
I realize the old system had plenty of flaws as well. The punch-card ballots gave you no receipt of your actual choices, the only record being the ballot itself. And every time I have voted, nobody has ever checked my ID, so security wasn't all that great. But at least you still had a receipt that said that you voted, and at least there was a physical record of whom you voted for, one that you yourself created.
And that last part is the key ingredient missing from the new system: a paper trail. There's nothing wrong with the idea of touch-screen computers, but the way it works right now, there is no way to double-check them. If a hard-drive gets corrupted, or a software bug miscounts, or somebody hacks in to electronically change the votes, there's no way to correct it. Worse, there's no way of even knowing whether it happened. This is absolutely unacceptable.
What the system needs is pretty simple. After the voter is finished picking his choices on the screen, it just needs to print out a human-readable ballot (if it also contains an barcode or magnetic strip that's machine-readable, that's fine, but the important part is that it can also be read by humans to double-check the machine count). The voter can then take the printout, verify that it is correct, and put it in the box just like before. This is not rocket science. The technology to create paper printouts has been around for billions and billions of years... well decades, which can seem like eons as far as computers are concerned.
So now, if someone demands a recount, we have the paper ballots to perform it. In addition, election officials can perform random independent audits of the system to ensure its integrity. Clearly, a paper trail should be requirement of any computer voting system. And indeed, there is legislation which would make that into law, the Voter Confidence and Increased Accessibility Act of 2003 (H.R. 2239). Seems like a no-brainer, but as Calpundit observes, it's currently stalled in a House Committee and has no Republican support.
Without a paper trail, the potential problems are endless, and some of them may already be reality. AlterNet recounts numerous cases where faulty chips would have mistakenly handed the election to the losing candidate, but poll workers noticed the odd results and obtained new chips that corrected the problem. There was also an extremely suspicious case in Texas in 2002 where three different candidates won their races with exactly 18,181 votes. As a software engineer, I'll say that repeating pattern just screams out software bug, but unfortunately nobody thought to ask for a new chip in that case. Similar allegations are made in a Sludge Report at Scoop. Both AlterNet and Scoop seem rather partisan in alleging a Republican conspiracy. I don't know that I'm ready to go that far, but it seems obvious a paper trail is necessary so that allegations like these can at least be investigated. Now we'll never know.
Still, there are certainly questions that need to be answered, especially by Diebold Election Systems, who have faced embarrassment after embarrassment. First, hackers easily broke into their rather insecure FTP server to access their proprietary code, then researchers reported on numerous security flaws, and then more hackers found internal memos revealing that Diebold was aware of the security flaws and also faked demonstrations to election officials. This does not exactly inspire confidence that Diebold's software is any more secure than Microsoft's. To top it off, they are now accused of installing uncertified software patches for Georgia's 2002 gubernatorial election. Another case where a paper trail would have been invaluable.
Diebold made matters even worse by sending a bunch of cease-and-desist letters to students, bloggers, and ISPs posting the above internal memos. Diebold's dubious claim is that they are protected under the DMCA (typically only applicable to works of marketable value, not internal memos -- let alone memos that may indicate criminal intent). Not surprisingly, the Electronic Frontier Foundation (EFF) is helping a couple of students and an ISP sue Diebold to stop issuing these threats in a case that may have far-reaching effects on free speech. There's more coverage of that on en banc.
Some other sites to check out are VerifiedVoting.org and Votewatch, the latter of which I know is a non-partisan organization. I would encourage you to learn more, and to contact your Congressman to voice your support of H.R. 2239.
Update
I have an update here.
