E-Voting Bites

This column was written by Genevieve Smith.

When Princeton researchers announced in September that the Diebold Accuvote TS voting machine software was vulnerable to tampering, it was the first time that independent computer scientists had confirmed the weaknesses long suspected in techie circles. A few days later, in a minute-and-a-half segment on Fox News, Professor Edward Felten demonstrated just how easy it would be to steal an election (to which the blonde and tanned anchors responded with the canned surprise you'd expect from a demonstration of a new food processor).

While Felten's results were new, the first indication that there may be problems with the machines came in 2003, when Johns Hopkins researchers postulated that the machines may be insecure by studying computer code believed to be used in a Diebold machines. But digital record electronic (DRE) voting machine-makers denied researchers access to the machines until last May, when Professor Felten and a team of researchers at Princeton's Center for Information Technology Policy began to study the Diebold machine. After spending several months learning how the machine worked, Felten's team was able to write a computer code that could be used to infect the machine and rig votes. While writing the code took months of preparation, tampering with a DRE machine could be accomplished in less than a minute.

Despite this and countless other accounts of the voting machine's vulnerability, 5 percent of voters will cast ballots on the Accuvote TS in November, and 41 percent of voters will use electronic voting devices. Diebold alone will deploy some 150,000 Accuvote TS and TSX voting machines on November 7.

Diebold claims that Felten's team was working with older software and that new security measures mean the machines at the polls are still safe. But the security of electronic voting machines still relies on keeping them out of the wrong hands. Only one person needs time and access to the voting machine for all machines to be unsafe. Though the machines are not networked together, the same code could be distributed to multiple people and used to infect multiple machines, changing the outcomes of votes on that machine not just for the current election but for all elections ever cast on that machine.

As Felten's colleague at Princeton, Andrew Appel, pointed out, "No one worries that finding an arm lever voting machine at a bar in Baltimore leaves other arm lever voting machines insecure." But the Diebold touch-screen voting machine found in a Baltimore bar in August of 2004 may give election officials reason to pause. "It's unrealistic" to base a system on keeping all these machines secured, says Appel.

While the machines' vulnerability to deliberate tampering is one issue, even more troublesome is the potential problems that could result from simple human error. The rush to update voting equipment after the 2000 election means that at least 30 percent of voters will be voting on equipment bought since the last federal election. And if Maryland is any indication, poll workers poorly trained on new equipment could wreak as much havoc as a computer virus.

Most of the country's electronic voting machines are provided by one of four companies, many of which entered the market only after the 2000 election, when the promise of federal dollars under the Help America Vote Act suddenly made the business of elections a lot more profitable. But after passing in 2002, the appointment of commissioners to the Election Assistance Commission, which would oversee implementation of the bill — and more importantly, dole out the dollars — stalled, leaving states and voting machine manufacturers in a holding pattern.

As former Election Administration Commission Chair Rev. DeForest "Buster" Soaries put it, the commission was so understaffed and underfunded that they "had to bootstrap the creation of the EAC. We had to do everything but stand on street corners to sell cookies to raise money." The "false start" of the EAC left states without the necessary assistance to meet HAVA's new requirements. "Many of them were waiting for money. Many were waiting for guidance from EAC," says Soaries.

Then, in July 2003, Johns Hopkins researchers released their report detailing the vulnerabilities of DRE machines. States already hesitant to implement costly new equipment stalled further. HAVA required states to meet all the new voting requirements by the first federal election of 2006. In 2005, with the first HAVA deadline fast approaching, states rushed to fulfill the mandate. Having little time to shop around, many states opted for the touch-screen electronic voting device to meet the requirements of the act, despite their known insecurities.

While HAVA does not require electronic voting machines, it does require a system in which voters are notified if they fail to fill out the ballot correctly. DREs became the expedient way for states to comply. HAVA does not, however, require a voter verified paper trail. Neither do 15 of the 32 states that use electronic voting machines.

Earlier this year New Mexico and Connecticut reversed course on plans to use electronic voting machines. And after botches in Maryland's primary, Governor Robert Ehrlich has joined the ranks of the disenchanted, calling for Maryland to abandon its $106 million electronic voting system weeks before the election. Despite a late September push by Democrats in Congress to ensure voters the choice of a paper ballot, the session adjourned before the bill could even make it through committee — for Republicans, campaigning back home for votes that might not count evidently took priority over legislating to ensure that they will. In November, voters in most states will have to use the election systems they have, not the ones they want. (In a typical finding, 80 percent of voters in a new poll in Pennsylvania say it is important for electronic voting machines to have a verifiable paper trail, and only a third believe that votes cast on an electronic voting machine can be fully trusted to be accurate.)

Take new voting technology, administered by inexperienced and thinly-stretched poll workers, and combine it with new voting registration requirements, faulty state registration databases, new restrictions on voter registration drives, legally questionable voter ID laws, and the ever-present possibility of voter suppression and intimidation. It all makes for a "combustible confluence of events," in the words of election reform expert Tova Wang of the Century Foundation.

Indeed, with 30-odd seats up for grabs, the fate of Congress hanging in the balance, and rabid lawyers waiting in the wings ready to call foul, this November might make us all long for the days of hanging chads. As Soaries put it, "At least when we had hanging chads, we knew what we did not know. Today, with the growth of electronic voting, we don't know what we don't know." Though in a few short weeks, we're bound to find out.

Genevieve Smith is an editorial intern at Harper's magazine.

By Genevieve Smith
Reprinted with permission from The American Prospect, 5 Broad Street, Boston, MA 02109. All rights reserved