Sunday's New York Times Magazine has a 7800+ word feature story on electronic voting, "Can You Count On These Machines?" The column is already online, spanning ten pages on the NYT website. As I read it I excerpted many passages I thought I might want to comment on, collectively about 1/3 of the article. As I work through a second pass to lay it out for you here, I will try to limit that further. For starters I would say the article really doesn't provide much substantial new information and performs worse still as a matter of framing.
January 6, 2008 Can You Count On These Machines? By CLIVE THOMPSON
This article will appear in this Sunday's issue of the magazine.
...
For a while, it had looked as if things would go smoothly for the Board of Elections office in Cuyahoga County...Then at 10 p.m., the server suddenly froze up and stopped counting votes...No one could figure out what was wrong. So, like anyone faced with a misbehaving computer, they simply turned it off and on again. Voilą: It started working - until an hour later, when it crashed a second time. Again, they rebooted. By the wee hours, the server mystery still hadn't been solved.
...
Introduced after the 2000 hanging-chad debacle, the machines were originally intended to add clarity to election results. But in hundreds of instances, the result has been precisely the opposite: they fail unpredictably, and in extremely strange ways; voters report that their choices "flip" from one candidate to another before their eyes; machines crash or begin to count backward; votes simply vanish. (In the 80-person town of Waldenburg, Ark., touch-screen machines tallied zero votes for one mayoral candidate in 2006 - even though he's pretty sure he voted for himself.) Most famously, in the November 2006 Congressional election in Sarasota, Fla., touch-screen machines recorded an 18,000-person "undervote" for a race decided by fewer than 400 votes.
So opens the expose, providing a little background and clearly setting the stage for the no basis for confidence meme, which is never explicitly stated. In fact, for the appearance of balance, the article goes on to quote renowned electronic voting machine apologist Michael Shamos, who often gives the appearance of acknowledging real problems while simultaneously minimizing and discounting them with subtle reframing:
It's difficult to say how often votes have genuinely gone astray. Michael Shamos, a computer scientist at Carnegie Mellon University who has examined voting-machine systems for more than 25 years, estimates that about 10 percent of the touch-screen machines "fail" in each election. "In general, those failures result in the loss of zero or one vote," he told me. "But they're very disturbing to the public."
The majority of this article shows Shamos' quote to be ridiculous on its face. With such limited auditing of the machines we can't really know what percentage of them fail nor can we know the true extent of known failures. What we know is that our elections are unverifiable so the outcomes are necessarily inconclusive. Such inherent uncertainty is fueled by paperless electronic voting machines that prohibit the possibility of a recount:
During this year's presidential primaries, roughly one-third of all votes will be cast on touch-screen machines. (New Hampshire voters are not in this group; they will vote on paper ballots, some of which are counted in optical scanners.) The same ratio is expected to hold when Americans choose their president in the fall. It is a very large chunk of the electorate. So what scares election observers is this: What happens if the next presidential election is extremely close and decided by a handful of votes cast on machines that crashed? Will voters accept a presidency decided by ballots that weren't backed up on paper and existed only on a computer drive? And what if they don't?
What if they don't? What if, huh? Have we learned anything in the past seven years? Certainly a lot of information not immediately available to us in the aftermath of the 2000 election has since emerged to enable our understanding of a completely and intentionally broken process. Last August, Dan Rather presented an investigative report on HDNet (thanks BradBlog for the archive) that revealed Palm Beach County's ballots were knowingly foisted upon them with flaws. I noted the Times' failure to mention this at what seemed an opportune spot in the article (though it is mentioned toward the end of the piece):
The 2000 election illustrated the cardinal rule of voting systems: if they produce ambiguous results, they are doomed to suspicion. The election is never settled in the mind of the public. To this date, many Gore supporters refuse to accept the legitimacy of George W. Bush's presidency; and by ultimately deciding the 2000 presidential election, the Supreme Court was pilloried for appearing overly partisan.
Many worried that another similar trauma would do irreparable harm to the electoral system. So in 2002, Congress passed the Help America Vote Act (HAVA), which gave incentives to replace punch-card machines and lever machines and authorized $3.9 billion for states to buy new technology, among other things. At the time, the four main vendors of voting machines - Diebold, ES&S, Sequoia and Hart - were aggressively marketing their new touch-screen machines. Computers seemed like the perfect answer to the hanging chad. Touch-screen machines would be clear and legible, unlike the nightmarishly unreadable "butterfly ballot." The results could be tabulated very quickly after the polls closed. And best of all, the vote totals would be conclusive, since the votes would be stored in crisp digital memory. (Touch-screen machines were also promoted as a way to allow the blind or paralyzed to vote, via audio prompts and puff tubes. This became a powerful incentive, because, at the behest of groups representing the disabled, HAVA required each poll station to have at least one "accessible" machine.)
What a completely bogus and false premise: electronic voting results are conclusive. How so? Corporate trade secrecy says otherwise. This is a gigantic example of how the media continues to shape perceptions of fundamentally flawed aspects of democracy. Even before the no basis for confidence meme had crystallized in my mind and pervaded my writing, I had the basic notion down as early as November 28, 2000, right in the middle of the prolonged recount battle between Bush, Gore, and the intellectually dishonest Supreme Court.
The Times' article next turns attention to Ohio, describing the use of Diebold TSx touch-screen machines, confusing paper trails with paper ballots and also wrongly concluding (with no evidence) it would take weeks to count:
Under Ohio law, the paper copy is the voter's vote. The digital version is not. That's because the voter can see the paper vote and verify that it's correct, which she cannot do with the digital one. The digital records are, in essence, merely handy additional copies that allow the county to rapidly tally potentially a million votes in a single evening, whereas counting the paper ballots would take weeks.
...
[Referring to the May 2006 primary in Cuyahoga County]...poll workers complained that 143 machines were broken; dozens of other machines had printer jams or mysteriously powered down. More than 200 voter-card encoders - which create the cards that let voters vote - went missing. When the machines weren't malfunctioning, they produced errors at a stunning rate: one audit of the election discovered that in 72.5 percent of the audited machines, the paper trail did not match the digital tally on the memory cards.
...
Still, the events of Election Day 2007 showed just how ingrained the problems with the touch-screens were. The printed paper trails caused serious headaches all day long: at one polling place, printers on most of the machines weren't functioning the night before the polls opened. Fortunately, one of the Election Day technicians was James Diener, a gray-haired former computer-and-mechanical engineer who opened up the printers, discovered that metal parts were bent out of shape and managed to repair them. The problem, he declared cheerfully, was that the printers were simply "cheap quality" (a complaint I heard from many election critics). "I'm an old computer nerd," Diener said. "I can do anything with computers. Nothing's wrong with computers. But this is the worst way to run an election."
He also pointed out several other problems with the machines, including the fact that the majority of voters he observed did not check the paper trail to see whether their votes were recorded correctly - even though that paper record is their legal ballot. (I noticed this myself, and many other poll workers told me the same thing.) Possibly they're simply lazy, or the poll workers forget to tell them to; or perhaps they're older and couldn't see the printer's tiny type anyway. And even if voters do check the paper trail, Diener pointed out, how do they know the machine is recording it for sure? "The whole printing thing is a farce," he said.
...
The Nov. 6 [2007] vote in Cuyahoga County offered a sobering lesson. Having watched Platten's staff and the elections board in action, I could see they were a model of professionalism. Yet they still couldn't get their high-tech system to work as intended. For all their diligence and hard work, they were forced, in the end, to discard much of their paper and simply trust that the machines had recorded the votes accurately in digital memory.
THE QUESTION, OF COURSE, is whether the machines should be trusted to record votes accurately...One might expect computer scientists to be fans of computer-based vote-counting devices, but it turns out that the more you know about computers, the more likely you are to be terrified that they're running elections.
The article mentions that Diebold voting systems are built on notoriously buggy Windows platforms on which unanticipated voter behaviors have caused system crashes. And the REAL QUESTION, (OF COURSE), is not whether any specific machine is worthy of trust but rather whether it is appropriate for election results to require our trust, as opposed to providing verifiable outcomes reflecting an actual rational basis for voter confidence in the reported results.
In the infrequent situations where computer scientists have gained access to the guts of a voting machine, they've found alarming design flaws. In 2003, Diebold employees accidentally posted the AccuVote's source code on the Internet; scientists who analyzed it found that, among other things, a hacker could program a voter card to let him cast as many votes as he liked. Ed Felten's [Princeton University] lab, while analyzing an anonymously donated AccuVote-TS (a different model from the one used in Cuyahoga County) in 2006, discovered that the machine did not "authenticate" software: it will run any code a hacker might surreptitiously install on an easily insertable flash-memory card.
That graf sent up a red flag for me because I remember the report of Felton's hack, and recall that BradBlog was the supposedly anonymous machine donor. Sure enough, in his own coverage of the Times story, Brad Friedman calls out Felton for continuously depriving him of due credit.
Fed Certification Labs NEVER conducted "penetration" tests
Great article, Dave; and thanks for linking minewhich complements the ideas raised in yours.
When speaking of federal certification labs, you note the Times article reports:
If the machines are tested and officials are able to examine the source code, you might wonder why machines with so many flaws and bugs have gotten through. It is, critics insist, because the testing is nowhere near diligent enough, and the federal regulators are too sympathetic and cozy with the vendors. The 2002 federal guidelines, the latest under which machines currently in use were qualified, were vague about how much security testing the labs ought to do. The labs were also not required to test any machine's underlying operating system, like Windows, for weaknesses.
Vendors paid for the tests themselves, and the results were considered proprietary, so the public couldn't find out how they were conducted. The nation's largest tester of voting machines, Ciber Inc., was temporarily suspended after federal officials found that the company could not properly document the tests it claimed to have performed.
Here, Thompson reported a significant feature of current election conditions. As Kentucky computer expert, Jeremy Epstein, pointed outto the KY Attorney General:
The review relies on the completeness and accuracy of the testing by the Independent Testing Authorities (ITA) for conformance to voluntary Federal guidelines (Voting systems Standards 2002). However, it has been well established that the ITAs do not adequately perform this role.
The ITA reports used for Federal certification and included in the review packages used by the SBE certifiers are cursory…. (as) reinforced by the fact that none of the ITAs identified the flaws found by the California or Florida source code review teams.
Because the ITA reports are of limited value, the quality examination of the machines as part of the certification processes is crucial, but it too can best be described as cursory.
The security of all of the machines appears to be extremely dependent on their never coming in contact with malicious code, as once that occurs there are few defenses or recovery mechanisms. This is sometimes referred to as the M&M model of security: there is a hard crunchy exterior that protects a soft chewy interior.
These details, however, miss the point you make that trust has no place in free and fair elections conducted in a democracy.
by
Rady Ananda (72 articles, 201 quicklinks, 17 diaries, 535 comments)
on Sunday, January 6, 2008 at 3:11:45 PM
JFK lost his life for daring to shine the light on the stage. He was removed. The truth gave power no choice, for power, the truth IS THE ENEMY.
From all centers of power there is a long arduous slow cooking design that seduces with bribery, uses and then removes its own after usefulness is drained, rewrites its own history and points to a future of dread if not allowed continued alligence. Secrecy is its mandate. Those that choose secrecy have but one goal. To control the known. They are closing doors as we speak.
Paper ballots are the only way to secure fair representation. Period.
When enough people care, there will be a rebellion. Not if, but when.
Spread the word. Power hates truth. Their hate for the truth will be their end.
peace
by
mikel paul (2 articles, 1 quicklinks, 6 diaries, 289 comments)
on Sunday, January 6, 2008 at 2:49:03 PM
I say in the general election once you enter the booth demand a verifiable ballot that can be recounted by an eighth grader who would come up with the same number time after time. There is no time limit to cast your ballot. Also ,through letters to the editor before the election make known your intention that you will not leave the booth of any electronic voting machine for thirteen hours.
Hand counted paper ballots can be rigged but no where near the possible extent of a black box vote count which can start with negative vote counts. I believe that we elected a veto proof congress last election and that can also be included in the things that have been taken from us by the government that is supposed to serve us. Try and prove that the senate has the people actually elected last election in office, you can't.
And if any Republican complains, quote Saint Ronnie "trust but verify."
by
tjb (0 articles, 0 quicklinks, 0 diaries, 171 comments)
on Sunday, January 6, 2008 at 3:36:38 PM
Props for all-paper, no lines, Oregon's Vote-by-Mail
Every ballot an absentee ballot.
In voters' hands two weeks before Election Day. Take your time, look, talk, and think it over.
No waiting at a polling place, no discord or suppression by unfair distribution of voting machines.
Greater participation percentage and voted ballots, (seems that, in eligible voters, there are 10 -to- 15 percent of people who 'avoid' appearing in public ... such as voting at a polling place).
Reduced election expenses for voting machines, elections personnel, and such.
Equal open records and process of tabulating paper ballots in a optical scanner.
All around good results since Oregon's universal Vote-by-Mail began, 1996, and on track for coming soon in Colorado.
by
meremark (1 articles, 3 quicklinks, 23 diaries, 423 comments)
on Monday, January 7, 2008 at 10:11:01 AM
Votes are still counted in secret by discredited scanners, and on top of that you have chain of custody issues when relinquishing your ballot to the postal service. I'm not buying.
by
Dave Berman (34 articles, 0 quicklinks, 4 diaries, 22 comments)
on Monday, January 7, 2008 at 10:25:40 AM
