Election Technology -The Issues

Voting machines are nothing more than simple computers, no more mysterious or infallible than the ones that scan our groceries. The quality of the election results they tabulate is no better or worse than the quality of the work that goes into maintaining and operating them.

That is: Voting machines themselves are not the issue. Our management of them is.

1. Technology of RECORDING our votes.

In simpler times, every voter could ensure his or her vote was recorded correctly by correctly marking a paper ballot. Many of Wisconsin's jurisdictions still use voter-marked paper ballots, although they are read and counted by computer.

Some jurisdictions, however, use touch-screen voting machines, also known as "direct-recording electronic machines", or DREs. Although Wisconsin requires touch-screen voting machines to create a "voter-verifiable paper trail," multiple types of failures can cause that paper trail to be inaccurate or non-existent. When the paper trail is inaccurate, incomplete, or unreadable, the vote can never be recounted, and the machine can never be audited for accuracy. And chances are great that incorrect votes on a paper trail will not be noticed. Studies of voter behavior have repeatedly found that the vast majority of voters do not look at or cannot see (because of light conditions or faint ink) the paper trail of their vote, and of the few who do look at it and notice errors, only a small proportion will correct or report the error.

2. Technology of COUNTING our votes (and of validating to make sure those counts are correct.) 

In simpler times, every voter could, if he or she wanted to, watch the votes being counted. Hand count procedures routinely include a validation count--one person counts a stack of votes, hands that stack to a second counter. If their counts disagree, they must resolve the discrepancy before moving on to the next stack.  

ComputerProgrammer_copy.jpg

 Our votes are counted by software controlled by programmers working in proprietary secrecy for private vendors in other states--or by whomever may have hacked in behind them. National experts in computer forensics have judged that the most likely electronic fraud would be perpetrated by someone compromising the systems of the voting-machine vendors who manufacture, program, and update the software that counts our votes, and yet our local elections officials have no control of the quality of those vendors' internal security programs.

Despite these vulnerabilities that are outside the control of even the most diligent local elections clerk, Wisconsin machines' tabulations are certified as final election results before anyone checks them for accuracy.

HandCount-Shopped.jpg

Machine-tabulated election results can easily be validated by trusted citizens counting in public--and in 20 other states, it is illegal to certify electronically counted election results before checking them for accuracy. But not in Wisconsin.

No other use of computer technology in either business or government makes consequential, irreversible decisions on the basis of unaudited, unverified computer output.

 

 

3.  Prudent management is realistic about each technology's unique risks

Prudent management of any technology--not just in elections, but everywhere in business and government--consists of assessing the risks, taking steps to minimize them, and checking afterwards to make sure things worked right. The main risks of electronic elections technology risks are the same as in all computer technology: 1) Malfunction; 2) Mistakes; and 3) Malicious interference.

Malfunction. As anyone who uses a computer knows, computers can do unexpected things because of power surges or outages, physical damage, or for no apparent reason. Around the nation, voting machines have malfunctioned on Election Day without voters or poll workers noticing. In one case in New York, optical scanners overheated and lost calibration, but kept counting ballots continuously throughout the day without actually counting any votes. Thousands of voters were disenfranchised. After the election results had been declared final, the problem was discovered only by a law student working on a class project. How many Wisconsin election results have been determined by malfunctions? No one knows, because we don't perform the post-election audits that prudent management would dictate.

Mistakes. More than 600 voters in Medford, Wisconsin were disenfranchised in November 2004 when their voting-machine vendor neglected to program the machines to read straight-party ticket votes. The problem was discovered in March 2005, when a political party consultant compiling data on registered voters noticed that the number of voters who cast ballots was much higher than the number of votes counted. How many other Wisconsin election results have been determined by mistakes? No one knows, because we don't perform the post-election audits that prudent management would dictate.

Malicious interference. Wisconsin's county and municipal clerks might maintain the tightest security they can (no one knows; it's never audited), but the elections software is not fully in their control. Private out-of-state corporations write and maintain the software that counts our votes. Wisconsin's election clerks can do little more than trust that the vendors' employees were all honest and competent, and that the vendors' own security systems successfully resisted hackers. 

If any local officials did want to manipulate the voting machines, however, they have the opportunity. Standard security practices provide them with access to the machines and their programming out of public sight, and computer-security professionals report that hacking the vote-counting software does not require advanced programming skills.

In private labs and in academia, computer security professionals have demonstrated that election software can alter votes either continuously or for only short periods, and that can allow the machine’s functions to be temporarily altered at any time either on site or remotely. Electronic evidence of the tampering may be detectable only by computer-security professionals, or may not be detectable at all. In many races, a hacker would need only to 'flip votes' in a few precincts to change the results of an election. If these votes are flipped in precincts where the hacker's candidate was expected to do well, no suspicions will be raised. And since it is well-known that the results produced by Wisconsin's voting machines are never checked for accuracy before election results are declared final, hackers know there is little chance of detection.

Finally, even when miscounts are detected, election officials in most states simply accept the vendors' explanation (predictably, either 'operator error' or 'glitch') without independent forensic analysis. How many Wisconsin election results have been determined by malicious manipulation? No one knows, because we don't perform the post-election audits that prudent management would dictate.

Inadequate oversight of the voting machines' operations

Wisconsin election officials do not routinely check, at any time after the polls close, that all the pre-election security measures were successful. Unaudited computer output is routinely certified to be our final election results, and is only rarely and ineffectively checked for accuracy even after that.

The wonky details:

  • While Wisconsin statutes allow the Governmental Accountability Board (GAB) to rely on determinations of the United States Elections Assistance Commission (EAC), computer-security experts have determined that EAC standards allow for approval of voting technology with vulnerabilities. For example, EAC-approved machines used in Virginia and several other states were found to have an astounding number of critical vulnerabilities.
  • Vendors of electronic voting technology currently provide state and local officials with access to, or the ability to observe, certain levels of programming, but for the deepest level of programming (the ‘source code’), vendors maintain secrecy even from state and local officials who have election-security responsibility. Although state law provides GAB the authority to review the voting machines' software after an election, the GAB does not have the staff to carry out those reviews and even if it did, has no way to ensure that the software operating in the voting machines on Election Day was the same as the software provided by the voting-machine vendors for review.
  • In the pre-computer era, deliberate manipulation of election results required fairly large and therefore difficult-to-hide conspiracies. Today, one programmer working for one vendor, or one computer-savvy person anywhere in the world could manipulate the results of elections in every county that uses voting technology with Internet communication capability. In elections decided by relatively close margins, tampering with just a few machines or very slight manipulation with many machines could produce false results without raising suspicions among election officials or others.
  •  Amazingly, Wisconsin law currently provides no public official clear responsibility for checking to make sure the machines counted accurately on Election Day. Worse, staff of our state's highest elections agency, the Governmental Accountability Board (GAB), had until recently even interpreted state law to forbid local elections officials from checking the accuracy until after the machine tabulations were certified as final--except in the case of an official, full recount. If the computers said your candidate lost by more than 2%, its verdict was final. This policy was changed in October 2014, but many clerks are still extremely hesitant to check the results' accuracy unless a full recount is ordered.
  • Wisconsin law does require some post-election voting machine audits, but these audits would not be able detect even outcome-altering miscounts in time to prevent them from being declared final. Among the many limitations of these GAB-ordered audits: they occur only once every two years; include a very small sample of individual precincts around the state; allow the chosen municipalities to wait until after election results have been declared final to conduct the audits; include no procedures for expanding the audits beyond a single precinct in which a miscount is detected; instruct the municipalities to explain away any miscounts they discover; have no procedure for investigating any miscounts that may be found; and detailed results (the differences between votes counted by the machines and by hand) have never been made public.
  • No post-election audits are done after the non-partisan Spring elections or after the partisan primaries, so the audits have no deterrence value in those elections.
  • The post-election audits examine only voting-machine hardware reliability. Other important aspects of election security, such as the processing of absentee ballots, the appropriate handling of unused ballots, and the secure chain of custody for marked ballots, are never reviewed.

 

More information about post-election audits

 

For updates, follow Wisconsin Election Integrity on Facebook.