Tuesday, 14 October 2003
E-lection security in Georgia
The issue of election integrity has gained widespread public attention since the 2000 Presidential election debacle. Demagogues have taken up electronic voting systems as the silver bullet to cure all the ills of paper-based elections. While it is true that electronic systems do eliminate some problems, they introduce just as many — which are not solvable with current technology and election laws.
It has been apparent for some time that electronic voting systems lack sufficient safeguards to guarantee their security and integrity. David Dill, a computer science profesor at Stanford, has been pointing out these flaws for over a year now. For example, the companies that produce "touch screen" voting machines guard their equipment (both hardware and software) as trade secrets. Very little information about the equipment (beyond marketing literature, of course) is available to the public or to local election authorities before they enter contracts with these companies to provide products and services. The methods of keeping ballots physically secure and safe from hacker-tamperers are proprietary information in this burgeoning industry. In other words, the public is not permitted to know how their elections are being kept secure. Furthermore, there is ample opportunity for deliberate tampering with election results from the inside.
No balloting machine currently on the market creates a hard copy of a ballot as it is cast. This would require installing a printer in each machine, which would increase the machine's cost, or connecting each machine to a central printer, which would destroy the secrecy of the ballot. Either way, the local jurisdiction must absorb the additional costs of printing (paper, ink, and maintenance on the printers). So why is a paper trail necessary when the point of these machines is to decrease costs while improving accuracy? Because the balloting machines' software is proprietary, nobody outside the company that manufactures it knows what it is doing. A first-year programming student could write a program that displays input from a keyboard on a screen while recording different information on a disk. A voter might press the button for Gray Davis and see his name on the screen, but Arnold Schwarzenegger's name could be recorded. If the voter cannot see a paper record to verify his vote, there is no way to ensure that the proper votes are being recorded. These paper ballots would be verified by each voter in the polling booth, then secured in a locked box in much the same way that paper ballots are stored now. Without paper records, it is impossible to link individual voters to individual ballots after the election, if tampering is suspected. Paper ballots remain intact long after the election, making investigations and hand recounts possible.
It is a long-shot that anyone would ever fix an election in the U.S., you say? Maybe. But this is a live issue right now. Diebold Election Systems had its software certified by Georgia's election commission in advance of that state's 2002 gubernatorial election. Diebold then altered the software before the election without telling anyone! Diebold seems to have made the changes in response to reports that its machines were insecure and unreliable. Perhaps, but the move was awfully suspicious, considering that the election resulted in an upset and was decided by a very slim margin. Only a few votes would have to be altered to change the outcome and, without a paper trail, those few votes would be impossible identify. Wired News reports this story here.