Electronic voting produces questions of reliability

By Mike Himowitz, The Baltimore Sun

Published: Sunday, Sep. 18, 2005

Over the last 20 years, I?ve spent enough time with computers to conclude that (a) they?re really cool and (b) you can?t always trust ?em.

I?m particularly leery of asking computers to do anything really important, such as running elections, without adult supervision.

So I was delighted when critics of electronic voting systems won a convincing victory in the ongoing battle to keep our elections honest and accurate.

The vehicle was a $7.5 million National Science Foundation grant to a group led by Johns Hopkins University researchers who will study electronic voting systems and suggest improvements to make them safer and more reliable.

As grants go, this isn?t much. It?s a small part of a $36 million cybersecurity research package that itself is barely big enough to creates a ripple in NSF?s $5.5 billion research pool.

But for those of us worried about electronic voting, there was sweet satisfaction in NSF?s choice of Hopkins? Avi Rubin to head a consortium of voting researchers from six institutions, including Stanford, Rice and Berkeley. Collectively, they?ll be known as A Center for Correct, Usable, Reliable, Auditable and Transparent Elections, or ACCURATE.

For years, Rubin and like-minded computer scientists have been telling election officials, lawmakers, talk show hosts and anyone else who will listen that current electronic voting systems are not necessarily safe, accurate or secure. Actually, it?s worse than that. They?re far more vulnerable to fraud, mischief, sabotage and just plain screw-ups than anyone who makes them or buys them is willing to admit.

Rubin?s tiny computer security group at Hopkins created a national furor two years ago when it found an all-you-can-eat buffet of security flaws in the programming code used in Diebold voting machines.

Outraged by the outing of their sorry secret, Diebold, other manufacturers and voting officials launched an immediate campaign to discredit Rubin and other concerned scientists as academic kooks and anti-democratic troublemakers who were out to subvert the entire election process.

But Rubin and company had some advantages in this David vs. Goliath public relations battle. First, they were right. Their findings rang true with computer security experts around the world. Second, they argued their case in simple, understandable language, so it made sense to the public. Finally, after the 2000 presidential election debacle, that public was in no mood to believe voting officials whose only response to criticism was

?Trust us.?

As problems with electronic voting systems piled up in state after state, demands for ?verifiable? systems ? such as electronic machines that produce a simultaneous paper ballot ? began to sound less like paranoid ranting and more like a textbook demand for good government. According to the advocacy group VerifiedVoting.org, 25 states now have laws or rules mandating a paper trail to back up or replace electronic voting systems.

By choosing Rubin & Co. to help straighten this mess, the nation?s premier scientific institution has sent a clear message to election officials: Something is wrong here, and you?d better fix it before we have a disaster.

So what do we do now? The first step for all of us is to realize that no vote counting system is perfect ? paper or electronic. Studies have shown that the very best are no more than 98 percent accurate. In fact, you can get a better measurement of voters? intentions from a well-designed political poll.

But we don?t elect candidates by surveys ? we vote for them. So any system must be designed from scratch to be easy to use, accurate, open to inspection, secure from tampering, and ultimately verifiable.

We already know that electronic voting terminals are easy to use. Officials in Maryland argue that voters ?enjoy? using electronic terminals to excuse an arrogant indifference to their well-demonstrated security flaws. Heck, I?m sure I?d ?enjoy? driving a Rolls Royce if I didn?t know it had bad brakes ? right up to the instant it drove off a cliff.

We should never be blinded by technology. The Help America Vote Act of 2002 authorized $3.8 billion to replace punch card and mechanical voting machines in the wake of the 2000 presidential debacle. But that doesn?t mean we have to buy into every electronic bell and whistle.

For example, for decades, many jurisdictions used scanned paper ballots. They?re clunky and ugly, but also understandable and easy to tally ? quickly and accurately ? at the end of the day. Absentee ballots and regular ballots are exactly the same. And if there?s a dispute, you can always count the ballots by hand.

Why are so many jurisdictions throwing these systems out? Because paper ballots are expensive to print and store. Touch screen electronic terminals cost more upfront, but they?re much cheaper to administer. The question is, do we trust them?

The answer, I think, is no. As a variety of security audits and problems have shown, there are still to many ways for an all electronic system to be compromised ? deliberately or by sheer misadventure.

For that reason, the software that runs the system should be open to public inspection. The secret, proprietary programming in today?s systems should be outlawed ? I?m just not a trusting guy.

Ultimately, we also need a voting system with some sort of paper verification, even if it adds cost and inconvenience. Democracy is messy and no one ever argued that it?s cheap.