Maryland abandons e-voting machines for paper ballots
The state of Maryland has decided, after spending $65 million on electronic voting machines made by Premier (formerly known as Diebold) Election Systems, to spend another $20 million on optical-scan machines that read paper ballots. The reason for this incredible expenditure of taxpayer money, which the state will be paying off until at least 2014? Security concerns about the purely computerized voting machines.
The basis of the concerns is that fully-electronic machine voting is unverifiable, and subject to attacks that could compromise the system in a number of ways. Consider the machines Premier makes: the votes are either sent over a modem to a central server, or are stored on a Compact Flash memory card, such as those used by some digital cameras. The memory cards are inside the machine during the election, then taken out at the election’s end and transported to a central computer that tallies the results. No physical record of the vote is produced, and there is no way for a third party to observe the counting process or conduct a recount.
Potential attacks include everything from switching the CF memory card – which is protected by a wet-bar key such as can be purchased for roughly $3 – to cracking the security of the computer running the voting software (they are basically standard Windows machines, in case you were wondering) and changing things from there, to the developers of the software themselves compromising the system by setting it to (for example) randomly and invisibly change 6% of the votes for one candidate to votes for another candidate (since the source code for the software is considered a trade secret, no third party can verify that some such event is not in fact occurring). Any of these attacks could have effects ranging from simply losing a large number of votes to secretly stealing the entire election.
Of course, there are attacks one can conduct against paper ballots as well – but these attacks are generally far more visible. For example, modifying a ballot such that nobody can tell it has been modified is hard enough even in privacy, but with people watching it’s effectively impossible. Paper ballots can certainly still get lost in one way or another, but it is much easier to properly secure a big box – hopefully clear plastic with a one-way slot to insert ballots and a strong lock preventing it from being opened in secret – than it is to secure a memory card that can fit in the palm of one’s hand or a stream of digital signals on a phone line.
Of course, the paper ballots are still counted by machines. The important difference is that in this case, the machines are only a convenience – the paper ballots can still be counted by hand. They can be preserved for recounts and examined by third parties. Anybody could design a machine to read the ballots, so even if any given machine were of unverified reliability another one could be used instead.
So, given the advantages of optical-scan machines with paper ballots, why did Maryland and so many other states ever switch to the fully electronic systems? Mostly convenience and accessibility. Electronic voting machines can be designed for use by the blind, by the deaf, by those who can’t hold a pen, by those who don’t know English, and can do it without the need for a human assistant during the voting process. The machines can tally the results immediately, having a complete count by the time the polls close. They can be designed with a simple and clear interface, avoiding the confusion caused by butterfly ballots, hanging chads, and other bizarre paper ballots. They could even check identification to prevent people from voting multiple times, or voting if they lack the right to do so.
The complete solution, which is probably expensive but hardly difficult to envision, would be to use the two systems in parallel – use a computer to place your vote, but have it print out a paper ballot with your votes in a form that can be read by both humans and computers. Check your paper ballot before you leave. Have the computer tally and send its results electronically, but also run the paper ballots through an optical scanner and compare the results. In case of inconsistencies, manual recounts are possible. Ideally, the computers and software used should be visible for audits by security experts for all parties, but even if that is not possible simply use the computer count as an unverified result, similar to exit polls, and use the paper ballots as the official record.
Some additional reading for those who are interested: http://blackboxvoting.org, http://blackboxvoting.com (different from previous), http://verifiedvoting.org
Sources for this post include http://www.baltimoresun.com/news/nation/bal-te.voting19jan19,0,1820162.story?page=1 and http://politics.slashdot.org/article.pl?sid=08/01/21/187253
Comment by Kris Plunkett
January 22, 2008 @ 1:19 pm
I just wanted to comment that this is a very well written article. Not only are the purely electronic and purely paper methods of voting very well compared, but the proposed hybrid solution is very interesting. I would argue, however, that this proposed alternative would only be considered expensive because of all the money already spent on the e-voting system combined with the expense of switching back. If officials would have had the foresight to envision such a hybrid alternative, we would have probably been better off from the beginning. Finally, although I strongly agree with having this alternative utilize an easy to use computer interface combined with the printing of ballots, as well as with the notion of requiring all software in these systems to be open sourced, I would hesitate to make both a paper trail and an unofficial electronic trail. Though the benefits could be rewarding (quick unofficial results and double results for verification) I would argue that the electronic trail would be so tremendously unreliable (as it is with the current pure e-voting systems) that the overhead involved would not be worth it.
Comment by Robert
January 22, 2008 @ 1:36 pm
You would think that the Premier Election Systems would have gone out of there way to make their electronic voting systems appear as secure as a strongbox. The companies reputation can hardly be unscathed from all the recent attention and this seems to really put the nail in the coffin. I’m surprised though that Maryland spent so much money before deciding to go to the paper alternative.
Comment by Fabian
January 26, 2008 @ 3:59 pm
I also like to comment that besides convenience accessibility of a voting machine, it is also the advantage of time. Using the voting machine, the result can be seen almost immediately after the pools are closed. The interesting issue that I would like to mention is why don’t we use open source code. For example, the website http://www.openvotingconsortium.org/ discuss such issue.