Can America trust electronic voting?

Much clout, no regulation for big firms

By Freddie Oakley and John Oakley Special to The Bee - (Published November 23, 2003)

The recall election allowed California voters to express fundamental dissatisfaction with the status quo. That's democracy in action. But we should not take it for granted.

Coming to light now are serious concerns about the rush to adopt electronic voting systems, and why this may threaten the way our democracy works in the future.

The reliability of California's voting systems was seriously questioned during the recall campaign. Some counties were caught in a transition between discredited punch-card ballot systems and new-wave systems that supposedly would put worries about how ballots are counted and which ballots are counted to rest for good.

In everyone's mind was Florida's botched conduct of the 2000 presidential election. In reaction to that disaster, Congress last year passed and President Bush signed the Help America Vote Act (HAVA). It was not in effect when the California recall election took place. But it soon will be, and it seeks to make sure that the rights of voters nationwide are not compromised by shoddy local voting systems.

This is not the first time the federal government has sought to reform how elections are conducted at the local level. The Voting Rights Act of 1965 barred a variety of corrupt impediments to participation by racial minorities in the exercise of the franchise poll taxes, literacy tests and the like. Later amendments refined this approach to bar more subtle methods of reducing the influence in elections of minority voters. But what is unique is the fact that HAVA combines federal standards with federal financial subsidies of local voting systems.

HAVA has set off a gold rush. Not a rush by local voting officials to meet some new gold standard of voting reliability and security. No, a gold rush by special interests and their lobbyists, joined by the entrenched local bureaucrats who are the natural prey of public-contract profiteers. Where is ex-Sen. William Proxmire and his "golden-fleece" award when we need him? The fleece is flying in capitals and county seats across the country.

The special interests are large voting-machine manufacturers who, through their lobbyists, worked hard to make sure that states and their counties were required to make huge purchases of new voting equipment, funded in part by Congress but subject to virtually no congressional standards of quality.

What has resulted is a set of uncritical mandates heavily weighted in favor of the local purchase of untested and unreliable electronic voting systems, supported by large federal subsidies of your tax dollars or rather borrowed dollars that future taxpayers will eventually have to pay off, with interest.

Election officials nationwide failed to demand that HAVA include meaningful regulation of voting-system manufacturers and vendors. Congressional staff were apparently persuaded that the mere application of electronic technology would be sufficient to protect the security of the right to vote, and the integrity of elections.

But this is at best a willing suspension of disbelief, a confusion of the difference between hope for the future, and money in the bank.

At worst the rush towards unregulated, federally subsidized purchases of unreliable new voting equipment may reflect yet another instance of "regulatory capture," where regulators become beholden to the industry they are supposed to be policing. The major voting-systems manufacturers and vendors wield close to monopoly power, having swallowed up most of their smaller competitors. This makes the major manufacturers and vendors the equivalent of public utilities, offering vital services virtually free of competition.

And this makes official regulation all the more important. So these supposedly regulated companies open their doors and their payrolls to the regulators themselves, making it a practice to hire former election officials, from state secretaries of state on down to state and county executives.

The company that prints most of the paper ballots for California elections, Sequoia Printing, is a division of De La Rue, an English company that also own Sequoia Voting Systems, one of the large manufacturers and vendors of touch-screen voting machines. This English company thus services a huge portion of the voting supply market in California.

As the Los Angeles Times reported on Nov. 10, former California Secretary of State Bill Jones is now a paid consultant to Sequoia. As secretary of state until 2003, he regulated the company's voting related services; now he works for them.

So does his former press officer, Alfie Charles. According to the Times, Charles has said of their new positions, "It's no different than anyone in the election business. You learn from your experience." Jones' former chief of technology certification, Lou Dedier, now manages California operations for one of the other big companies, Election Systems and Software (ES&S). Dedier denies any conflict. "I'm shocked at the idea of anything being said of inappropriate behavior," he was quoted as saying in an Oct. 31 article in The Bee.

Diebold is the third company of the Big Three that are poised to control American election technology. Diebold employs Deborah Seiler, who was chief of elections under California Secretary of State March Fong Eu.

It is Diebold's president, heavy-hitting Bush contributor Walden O'Dell, who stated in an Aug. 14 fund-raising letter to Ohio Republicans: "I am committed to helping Ohio deliver its electoral votes to the president next year." O'Dell has since stated that he regrets the wording in the letter: "I can see it now, but I never imagined that people could say that just because you've got a political favorite that you might commit this treasonous felony atrocity to change the outcome of an election."

From our perspectives, as the chief elections official of Yolo County, and as a scholar of the constitutional law of federal-state relations, the implementation of HAVA reminds us of an old caution: Don't throw out the baby of honest and accurate tallying of election returns along with the bathwater of poorly managed elections and unreliable punch card voting systems.

In their haste to introduce supposedly easy-to-use and easy-to-administer voting systems, the members of Congress responsible for HAVA, as well as the local officials rushing to spend their HAVA dollars, have seemingly been dazzled by the shiny buttons and blinking lights of touch-screen computerized machines. Yet these machines are programmed with computer code far beyond the technical knowledge possessed by ourselves or any voting official we know computer code that is indeed secret, its secrecy closely guarded as the proprietary intellectual property of the machines' manufacturers.

These machines leave no "paper trail," that is, no voter-verifiable record allowing a retrospective audit of the votes recorded as cast for each candidate or ballot proposition. In the words of Kim Alexander, president of the California Voter Foundation: "We are all in way over our heads."

As most of these touch-screen systems are designed, the machine will "record" your "vote" electronically in as many as three different places, but you the voter will never know what the machine recorded. It's on the hard drive, maybe. It's on a flashcard, maybe.

It's somewhere else, maybe. Wherever it is, you cannot see it, cannot verify it and cannot be sure that it will remain recorded. The old-fashioned concept of a ballot box filled with ballots that voters have checked and verified before casting a ballot box with a lock on it that gets a sheriff's escort to the counting room at the local elections office, not to be tampered with at pain of felony charges that quaint system of physical security of physically marked ballots will be gone.

Should there be an occasion to recount the votes, officials will print out an image from the electronic "tally." And we will see whatever report of the votes cast that the machine was programmed to show us. California voting officials who have embraced these systems insist that it is appropriate to respect the expertise of the vendors, trusting in their judgment and having faith in their abilities to program these machines properly.

If the machines are misused, they assert, it can only be because of malign interference. Well, it seems to us that in these perilous times times malign interference is a very real threat.

California's secretary of state, Kevin Shelley, apparently shares our concerns. We sent him a copy of this article Thursday. On Friday he announced new standards requiring electronic voting machines purchased after July 1, 2005, to produce a voter-verified paper trail. Moreover, to the consternation of counties that have already purchased equipment that does not have this capability, he announced that this new standard would be applied retroactively, as of July 1, 2006, to previously purchased voting systems.

That's progress, but it still leaves in place for two more election cycles the very voting systems we condemn. And it does nothing, now or in the future, to ensure that electronic voting systems can't be hacked into.

Tougher standards for these systems will cost more money. In all likelihood the present generation of unreliable electronic voting systems will have to be junked, or expensively rebuilt to meet the higher standards we're calling for. So it's important to understand what's wrong with these systems, which should never have been permitted to be sold in California in the first place.

The great exemplar of electronic voting is electronic banking. We are told that anything that automated teller machines (ATMs) can do, electronic voting machines can do as well, and no less reliably. Pause to consider that proposition. ATMs have become commonplace because of the savings in labor costs (bye-bye, live tellers).

This is the result of a strictly dollars-and-cents cost/benefit analysis. ATMs do make mistakes, and are vulnerable to fraud. But so long as the cost of fraud and mistakes is less than the savings generated by dispensing funds through robots instead of humans, ATMs are profitable.

Are you persuaded that we should permit use of ATM-like electronic voting systems, on the theory that their vulnerability to fraud and mistake is outweighed by the appearance of precision and the generation of virtually instant vote totals once the polls close? We're not.

Dollars and cents are "commensurable." A bank doesn't care if it loses $200 to a hacker who makes unauthorized withdrawals, so long as it gains back something more than $200 in cost savings from using the ATM that the hacker attacked. There is no difference except in amount between the dollars lost and the dollars gained. Their value is commensurable.

But there is no such commensurability between the false vote tallies that electronic voting systems might yield when things go badly, and the benefits of speed and efficiency that they might offer when things go well.

So the ATM analogy fails. The stakes are higher when it comes to electronic voting, and the gains promised can't offset the compromises of electoral integrity that we fear. We simply lack the knowledge base that would permit our election officials to set up and administer dependable, trustworthy electronic voting systems that are based on vendor-owned proprietary control systems which are vulnerable to hackers, and leave no voter-verified record.

Especially not when you consider that some major vendors have been so sloppy with security that their "top-secret" computer code and a bunch of sensitive internal communications were discovered on and copied from publicly accessible Web sites. One of the compromised manufacturers, Diebold, was reduced to sending out threatening "cease and desist" letters to college students and others who penetrated its Web site. The vendors' policy seems to be, "Trust us. If you don't, we'll sue you." As you might imagine, these threats haven't been effective.

Among those whom Diebold threatened to sue was Sacramento computer programmer Jim March (whose Web site displays the firm's internal documents) and a group of students from one of the country's most small colleges, Swarthmore, near Philadelphia. These people thought they were performing a public service by puncturing Diebold's claim that its ace programmers could guarantee absolute security for Diebold's touch-screen voting machines. The Swarthmore students responded to Diebold's threatening letter by suing Diebold first.

Represented by the Electronic Frontier Foundation and the Stanford University Law School Center for Internet and Society, the Swarthmore students claim that Diebold is seeking to interfere with their right to speak out on issues of public concern. In his declaration to the court, plaintiff Luke Smith said, "I fear that Diebold will come after me or sue me, or pressure the Swarthmore administration to take disciplinary action against me if I discuss the problems with voting technology revealed in the [Diebold's e-mail archive. [I] feel that my academic freedom and my freedom to discuss the political process and to participate in it especially as a first-time voter are seriously hampered."

The pleadings in the case also detail many of the security shortcomings of the Diebold system and technicians' e-mails expressing concerns about the products and the patches made to the programming code, along with executives' replies detailing how to avoid discussing the topic. The student plaintiffs, mere college sophomores, outline in their pleadings the potential consequences to election reliability of Diebold's poor engineering.

Are we being unreasonable in fearing that there are other folks out there, even more skilled and a lot less idealistic than these teenagers, who could exploit Diebold's insecure voting system maliciously, for either fun and profit and do so without any of us being the wiser? Unlike Diebold, we are not worried about the hackers who proclaim to the world what they have accomplished. We are worried about the hackers we never see.

Sequoia Voting Systems' computer code popped up on the Internet, too. The company blamed one of their subcontractors for putting it there, but there it was. This is particularly interesting, given Sequoia's claim in its advertisements that its system is "tamperproof." The code reveals something else: It relies heavily on Microsoft components. And in case you hadn't noticed from the recent worldwide assaults of various viruses and worms, Microsoft programming code is particularly vulnerable to hacking.

Is there better news about ES&S, the remaining company of the Big Three? Sorry. On Feb. 2, 2002, the Baton Rouge Advocate reported, "Arkansas Secretary of State Bill McCuen pleaded guilty to felony charges that he took bribes, evaded taxes and accepted kickbacks. Part of the case involved Business Records Corp. [now merged into ES&S], a Dallas company that sold Arkansas computerized systems for recording corporate and voter registration records. Arkansas officials said the scheme involved ... then-BRC employee Tom Eschberger .... Eschberger got immunity from prosecution for his cooperation. Today, he's a top executive for ES&S."

It would be nice if we could advocate simply postponing HAVA-funded investments in new voting systems until better electronic-voting technology becomes available. That's an option in some counties, such as Yolo, where our manual voting system remains fully certified and operational. But jurisdictions that use the kind of punch-card voting system discredited in Florida in 2000 are under a mandate to replace that equipment at once as if it were guranteed that newer equipment is inherently more reliable than older equipment. We doubt this.

Policymakers bear tremendous responsibility in this matter.

Systems used for casting and counting votes need to be better designed and better vetted, and this will only happen when election officials demand it. Counties that presently use de-certified voting equipment won't be permitted to delay purchases of new voting systems until better products are brought to market. They can only choose from among whatever products are available now. And besides the market itself which is ruled by concerns of profit, not virtue what's available on the market is constrained only by the standards officially set for the certification of voting equipment.

Peter G. Neumann is principal scientist at SRI International in Menlo Park. He's a world leader in studies of risk analysis. Here's what he said in Baseline magazine's Oct. 2 issue: "We are going from the frying pan into fire" in our rush to abandon old voting systems for currently available electronic systems. Speaking of the new touch-screen voting machines, Neumann said: "They've been certified against lame standards."

Better standards are the responsibility of legislators, secretaries of state and, finally, local election officials. If we set better standards, we'll assure that future elections are properly conducted. We urge that California's standards be expanded to embrace all of the problems posed by electronic voting systems, not just some of them. And the sooner, the better.

---

---