Reconsidering E-Voting

My e-column last week, in which I attempted to get my brain around the experts' astoundingly different opinions on electronic voting machines, generated a huge number of reader responses.

(Incidentally, shortly after the e-mail went out, I got word that my "CBS News Sunday Morning" segment on the topic has been rescheduled for August 1-and may shift yet again, which isn't uncommon in the TV news business. If you woke up early or took the time to set the VCR last Sunday, my most frustrated apologies.)

One note came from David Dill, the Stanford computer science professor who has created a Web site, verifiedvoting.org, dedicated to the cause of voting-machine security.

"With electronic voting, a single programmer could make a change in voting machine software that would be installed in every machine in the country. And there is no reliable way to detect that this has been done. I intend this to be a strong statement!"

But, I wrote back, there will be a huge amount of scrutiny in place for this fall. Among other precautions, many states will be conducting surprise random spot checks during election day. How, realistically, could an evil programmer at, say, Diebold (the largest electronic voting machine maker) write software that would skew an election without getting caught?

Dill suggested an approach that had never occurred to me: a nefarious programmer could escape detection by exploiting the write-in candidate feature of every touchscreen voting machine. (You tap the Write-In button, and then type on-screen keys to enter your write-in's name.) Dill points out that the trigger for switching the software into election-stealing mode could be writing in "an implausible candidate name. How about a last minute campaign to write in a joke candidate? The joke candidate wouldn't be in the tests, and voters wouldn't even know they were triggering the code." (He also pointed me to this voting-expert roundtable transcript [http://news.com.com/2009-1028_3-5251471.html?tag=prntfr], which is fascinating.)

I also heard from Dan Wallach of Rice University, a co-author of the Johns Hopkins report. "I think you underestimate the ability of low-tech adversaries to modify the software inside a voting machine," he wrote. "Here in Texas, where early voting lasts maybe two weeks or so, I've learned that the poll workers take the machines home with them at night…Imagine the opportunity, in the comfort and privacy of your home, to 'upgrade' the software on these machines. The tamper-resistance measures they take (special tape or numbered tie-wrap seals) can be easily gotten around if you've got the time and privacy to work on it. Some election officials require that their poll workers pass basic background checks (i.e., they have no felony convictions), but that's hardly reassuring."

In the column, I pointed out that conspiracy theorists might find just as many potential vulnerabilities in older technologies, like lever machines. But some of you pushed back on that point. "The tallies taken from these machines were always monitored by designated judges from all political parties who were on the ballot," wrote one person. "We stood next to the election officials as they opened the machines and read the registers. And we read them ourselves, and wrote the results on our own independent tally sheets.

Likewise, party representatives monitor the counting of paper ballots, either manually or by scanner. (I've been there in that role on numerous occasions.) If you're using optical-scan machines, each party can have its own scanner (programmed in open code, of course); and if the totals don't match, you can go to hand counts."

One final point: In my research, I couldn't help noticing a strange partisan slant. For example, most of the sponsors of Congressman Rush Holt's paper-trail bill are Democrats, and so is the California Secretary of State who decertified the machines. The committee chairman who (according to Holt) is trying to squash his bill is Republican, and so are the 11 Diebold executives who have made party campaign contributions. (According to a Times story from late last year, no Diebold contributions were made to the Democratic party.)

Yet a pro-machine speech by Joe Andrew, former chairman of the Democratic National Party, makes an intriguing point I thought I'd pass on. (Diebold sent the transcript to me.) It makes both parties' stances seem counterintuitive:

"Any Democrat who thinks that getting rid of electronic voting machines will help the Democrats win is simply out to lunch. Study after study shows that the voters who are most likely to be helped by [these machines] are the disabled (they are not intimidated and vote independently), the less educated (the machines are easier to read and are more like ATM's, which almost everyone uses), lower socioeconomic groups (who trust machines more than they trust people), the truly elderly (bigger print, no pressure-sensitive punching or marking on small circles), and U.S. citizens who are more comfortable voting in a language other than English (Older Hispanics and Asian Americans). Now it doesn't take a genius, or even a former Chair of the Democratic Party, to tell you that those are all Democratic voters."

In the end, though, the speaker wound up condemning voting-machine paper trails, which is where he lost me. Computer voting machines may be as insecure as the university computer scientists say, or as solid as the manufacturers say; they may be favored by Republicans and disliked by Democrats, or vice versa. But one thing seems unassailable: short of throwing out the billions¹ worth of newly purchased voting machines (it ain¹t gonna happen), adding a voter-verified paper trail seems to be the simplest, least partisan and most trustworthy solution we have available.