New Paper: Evidence Based Elections

A new paper by Andrew Appel and Philip Stark: EVIDENCE-BASED ELECTIONS:CREATE A MEANINGFUL PAPER TRAIL,THEN AUDIT  <read> Provides a thorough description of how the public can be assured of election outcomes, in spite of hack-able voting equipment.

The bottom line: The only reliable method available is Voter-Marked Paper Ballots, with strong security for the ballots, followed by sufficient post-election audits. Other technologies, including Ballot Marking Devices and Internet voting are insufficient.

Anyone interested in trustworthy elections should read this paper – especially those who think that expensive Ballot Marking Devices should be trusted.

The vulnerability of computers to hacking is well understood. Modern computer systems, including voting machines, have many layers of software, comprising millions of lines of computer code; there are thousands of bugs in that code. Some of those bugs are security vulnerabilities that permit attackers to modify or replace the software in the upper layers,so we can never be sure that the legitimate vote-counting software or the vote-marking user interface is actually the software running on election day. One might think, “our voting machines are never connected to the Internet, so hackers cannot get to them.” But all voting machines need to be programmed for each new election: They need a “ballot-definition file” with the contests and candidate names for each election, and lists of the contests different voters are eligible to vote in. This programming is typically done via removable media such as a USB thumb drive or a memory card. Vote-stealing malware can piggyback on removable media and infect voting machines—even machines with no network connection. There is a way to count votes by computer and still achieve trustworthy election outcomes. A trustworthy paper trail of voter selections can be used to check, or correct, the electoral outcomes of the contest in an election…

If a BMD is hacked and systematically steals 5% of the votes in one contest and only 7% of voters inspect their ballots carefully enough to notice, then the effective rate of vote-theft is5% ?93% ,or 4.65%;this is enough to change the outcome of a moderately close election. The same analysis applies to a DRE+VVPATsystem.One might think:“not everyone needs to carefully verify their ballots;” if only 7% of voters carefully inspect their ballots, they can serve as a kind of “random audit” of the BMDs. But this sentiment fails to hold up under careful analysis…

in our hypothetical scenario in which a hacked BMD steals 5% of the votes, and 7% of voters carefully inspect their ballots (and know what to do when they see a mistake), then7% ?5% ofvoters will alert a pollworker; that is, 1 in every 285 voters will claim their paper ballot was mismarked—if the voters do not assume it was their own error. The BMD would successfully steal “only” 4.65% of the votes.One might think:“but some voters caught the BMD cheating, red-handed.” But nothing can be done. It is a rare election official who would invalidate an entire election because 1 out of 285 voters complained.


Leave a Reply

You must be logged in to post a comment.