San Francisco Weekly
The Past and Future Fraud
Yes, punch card voting machines are error-prone. The touch-screen systems planned to replace them may be just as bad.
By Matthew Smith
Civil rights advocates, partisan Democrats, and liberal academics are pleased with the three-judge panel of the Ninth Circuit Court of Appeals that delayed the Oct. 7 recall. They concur with the panel's ruling that the punch-card balloting system used by 44 percent of California voters is so outdated and unfair that it would disenfranchise an important number of voters if used next month. Right-wing radio talk show hosts, pro-recall zealots, and partisan Republicans are furious with the court's decision. They criticize its political overtones and believe postponing the election would cheat Californians wishing to vote on the recall.
I couldn't agree more -- with both groups. The Votomatic punch-card machines discussed in the court's ruling are a national travesty; they've been widely condemned for decades as inaccurate, insecure devices seemingly designed to facilitate errors, manipulation, and fraud. But the court's cure -- postponing the recall until they are replaced with touch-screen voting terminals -- would disenfranchise far more voters than it might aid. Specialists in elections technology who've studied the aftermath of the 2000 Florida vote count learned a clear lesson that didn't get much publicity: The best way to disenfranchise voters is to switch balloting technology immediately before a major election.
"It's very clear that if you change your voting system, you cause a huge spike in the voter error rate," said Douglas Jones, a University of Iowa political science professor specializing in the history of voting technology. "You don't want to change voting systems very frequently. You also don't want to change them before a high-profile election. You want to try it first during an off-cycle election, something like an election for library district, something where 2 percent of the voters show up. You can use that as a dry run, then do it in a major election."
During the summer and fall of 1985, New York Times reporter David Burnham wrote a series of lengthy articles contending that Votomatic punch-card machines, at the time made and distributed by Computer Election Systems of Berkeley, were vulnerable to tampering. These articles spawned a federal inquiry and an August 1988 report concluding that standards and controls for computer vote-tallying were worse than those employed in other computing sectors, that hanging-chad-prone technology made verifying voting results difficult, that the lack of computer controls facilitated "undiscoverable frauds," and that poll workers were ill-equipped to run the machines.
Shift forward to 2003: Three years ago, America made itself a global laughingstock in Florida. The U.S. Supreme Court wrote that the election "brought into focus a common, if heretofore unnoticed phenomenon": About two percent of ballots cast do not register a vote for president, and an important portion of those uncounted votes are the result of errors stemming from the voting technology used.
As part of a nationwide -- and, in my view, weak-hearted -- effort to improve voting systems, California's Secretary of State plans to replace punch-card systems in several counties with touch-screen systems manufactured by Diebold Election Systems, a division of Diebold, Incorporated.
n 1997, Douglas Jones, the voting-technology researcher I quoted earlier, alerted Iowa voting officials to security problems in the Diebold touch-screen system. Systems throughout the state used the same, easily hacked security access password, a flagrant no-no in the world of computer security.
"This is like all bank ATM cards having the same PIN," Jones said. "They viewed it as a low-priority problem."
Rather than build sophisticated anti-tampering features into their software, Diebold adopted an olden-days policy of "security through obscurity." This programming chestnut holds that as long as people are kept in the dark about how the software works, it can't be hacked.
But in July, a group of Johns Hopkins University researchers released a study of Diebold software, derived from 2000 and 2002 versions of the software that had been leaked onto the Internet. The study showed myriad security problems, among them the 1997 flaw discovered and publicized by Jones. Diebold had simply ignored the problem, he says.
Diebold published a response downplaying "alleged" security failures, claiming that the company installed security upgrades since 2002, a claim Diebold will not allow the public to verify. Last month, Jones told an audience of computer security experts that the fiasco casts further doubt on American voting technology.
"I want to emphasize that this story represents more than just a black eye for Diebold," he said at the security symposium in Washington, D.C. "As I said in my 1997 letter, it represents a black eye for the entire system of voting system standards promulgated by the Federal Election Commission and the National Association of State Election Directors. Not only did the I-Mark/Global/Diebold touch-screen system pass all of the tests imposed by this standards process, but it passed them many times, and the source code auditors even gave it exceptionally high marks. Given this, should we trust the security of any of the other direct recording electronic voting systems on the market?"
All voting systems should be required to leave a hard-copy audit trail so votes can be accurately re-counted. Anti-vote-tampering technology should approach present-day computer security standards ubiquitous in industries such as banking, database services, online retail, and newspaper publishing.
In the case of touch-screen voting, it's a simple matter of outfitting the machines with printers, then tallying the printed receipt as the official record of a citizen's vote. Warren Slocum, chief elections officer for San Mateo County, is so disappointed with the Diebold touch-screen machines he's commissioned a custom machine that shoots a printed record back to the voter through a mail tube. The voter reviews the receipt, then puts it in another tube, whereupon it becomes an official record.
"Until registrars stand up and demand a paper trail, it is unlikely that voting-machine companies will build and market any type of verifiable voting system," Slocum says in a Sunday post to his personal Web log.
Until voters themselves stand up and demand an end to the error-prone hacker's dreamland that is the U.S. election system, bureaucrats will remain satisfied with the anti-democratic status quo.