New York Times: Can You Count On Voting Machines?

New York Times Magazine article today, Can You Count On Voting Machines? <read>

This is a large, significant article primarily focused on touch screen voting machines. Hailed by advocates as significant because the New York Times is recognizing problems with voting machines. Yet, also criticized by advocates for selective quotes and statements that do not accurately portray the complete picture. Overall the thrust of the article is scary and accurate, however, there are areas that could provide quotes that would lead to a false impression of security. Full coverage follows below.


This is a significant article. Taken as a whole it should leave the reader justifiably concerned about the integrity of our election process and the system that is supposed to provide confidence in our elections. For the most part the covers only touch screen (DRE) machines, but while pointing out that optical scan machines are much better, clearly indicates many of the problems and concerns that exist with optical scan as well.

Advocates are disappointed that Michael Shamos is quoted extensively. He is one of the very few computer scientists with long term voting machine experience and even more rare, a computer scientist who believes in computerized voting. Unfortunately, he gets more than his share of quotes in this article, in some documentaries, and in congressional testimony. I am pleased to see Ion Sancho, the Leon County FL voting official, quoted extensively. He is a “star” of the HBO documentary Hacking Democracy. I often highlight the 17 minute clip where he is completely and genuinely converted from skeptic to believer in the potential for hacking the Dieblod AccuVote-OS used in Connecticut.

Advocates point out there is no mention of Random Post-Election Audits as part of the solution to provide integrity and confidence. Others point out that the potential for hacking by insiders is not taken seriously. It is not a conspiracy theory by those on the periphery, it is highlighted by the Carter-Baker Commission, the Brennan Center for Justice, and almost all computer scientists as the weakest, most vulnerable point in the system.

My disappointment is the strong emphasis on problems with the machines. Yes they are a significant problem, however, the rest of the problem is the lack of investigation, the stone walling, and the destruction of evidence. We keep hearing there is no proven case of fraud. Yet, I will keep pointing out that there is plenty of evidence causing concern. What we have is a lack of evidence of investigations of those suspicions, even in Connecticut. One need only read a little about Ohio or watch Hacking Democracy to see the clear evidence of covering up, destruction, and preventing access to the evidence.

What Others Are Saying:

We are expecting a flurry of articles online and in print complementing and criticizing the New York Times article over the next few days. We will keep a list here and update it.

Brad Friedman

Quotes and Comments:

There is a lot to absorb. Here are some significant quotes for those who do not have time to read the entire article. Also some comments. I’ll freely add to these over the next few days.

When the votes were finally tallied the next day, 10 races were so close that they needed to be recounted. But when Platten went to retrieve paper copies of each vote — generated by the Diebold machines as they worked — she discovered that so many printers had jammed that 20 percent of the machines involved in the recounted races lacked paper copies of some of the votes. They weren’t lost, technically speaking; Platten could hit “print” and a machine would generate a replacement copy. But she had no way of proving that these replacements were, indeed, what the voters had voted. She could only hope the machines had worked correctly.

This should give pause to those who advocate eliminating the Electoral College at this time. Until, every state has elections we can trust with uniform laws, eligibility, and enforcement lets at least be fully responsible for our own electoral votes.

This has created an environment, critics maintain, in which the people who make and sell machines are now central to running elections. Elections officials simply do not know enough about how the machines work to maintain or fix them. When a machine crashes or behaves erratically on Election Day, many county elections officials must rely on the vendors — accepting their assurances that the problem is fixed and, crucially, that no votes were altered.

In essence, elections now face a similar outsourcing issue to that seen in the Iraq war, where the government has ceded so many core military responsibilities to firms like Halliburton and Blackwater that Washington can no longer fire the contractor. Vendors do not merely sell machines to elections departments. In many cases, they are also paid to train poll workers, design ballots and repair broken machines, for years on end.

“This is a crazy world,” complained Ion Sancho, the elections supervisor of Leon County in Florida. “The process is so under control by the vendor. The primary source of information comes only from the vendor, and the vendor has a conflict of interest in telling you the truth. The vendor isn’t going to tell me that his buggy software is why I can’t get the right time on my audit logs.”

Meanwhile in the Nutmeg State we are leading the pack in risky outsourcing. We outsource the programming of each election to unnamed individuals who program our elections in secret in Massachusetts who are employees of LHS our Diebold distributor. We don’t have Ion’s problem, since there is no evidence that anyone in Connecticut ever reviews the audit logs.

If the machines are tested and officials are able to examine the source code, you might wonder why machines with so many flaws and bugs have gotten through. It is, critics insist, because the testing is nowhere near dilligent enough, and the federal regulators are too sympathetic and cozy with the vendors. The 2002 federal guidelines, the latest under which machines currently in use were qualified, were vague about how much security testing the labs ought to do. The labs were also not required to test any machine’s underlying operating system, like Windows, for weaknesses.

Vendors paid for the tests themselves, and the results were considered proprietary, so the public couldn’t find out how they were conducted. The nation’s largest tester of voting machines, Ciber Inc., was temporarily suspended after federal officials found that the company could not properly document the tests it claimed to have performed.

“The types of malfunctions we’re seeing would be caught in a first-year computer science course,” says Lillie Coney, an associate director with the Electronic Privacy Information Commission, which is releasing a study later this month critical of the federal tests.

In any case, the federal testing is not, strictly speaking, mandatory. The vast majority of states “certify” their machines as roadworthy. But since testing is extremely expensive, many states, particularly smaller ones, simply accept whatever passes through a federal lab.

Here Connecticut is a positive exception. The Secretary of the State has commissioned tests by UConn and has taken some action to mitigate some of the vulnerabilities uncovered. <read>. However, there is more to do in creating fully effective procedures and follow-up. <read> <read>

I wandered into a church in a suburb of Pittsburgh. The church was going to serve as a poll location, and I was wondering: Had the voting machines been dropped off? Were they lying around unguarded — and could anyone gain access to them?

When I approached the side door of the church at 6 p.m., two women were unloading food into the basement kitchen. (They were visitors from another church who had a key to get in, but they told me they’d found the door unlocked.) I held the door for them, chatted politely, then strolled into the otherwise completely empty building. Neither woman asked why I was there.

I looked over in the corner and there they were: six iVotronic voting machines, stacked up neatly. While the women busied themselves in their car, I was left completely alone with the machines. The iVotronics had been sealed shut with numbered tamper seals to prevent anyone from opening a machine illicitly, but cutting and resealing them looked pretty easy. In essence, I could have tampered with the machines in any way I wanted, with very little chance of being detected or caught.

Is it possible that someone could hack voting machines and rig an election? Elections officials insist that they are extremely careful to train poll workers to recognize signs of machines that had been tampered with. They also claim, frequently, that the machines are carefully watched. Neither is entirely true.

Of course your local voting officials will assure you they are honest and “it could not happen here”. But it does happen somewhere, and that somewhere can determine who is elected your President, who leads your Congress, your Governor, your State Senate, and your State House. I agree most are honest and many overworked, yet the chain of custody is long and often open to compromise.

Yet here’s the curious thing: Almost no credible scientific critics of touch-screen voting say they believe any machines have ever been successfully hacked. Last year, Ed Felten, the computer scientist from Princeton, wrote a report exhaustively documenting the many ways a Diebold AccuVote-TSX could be hacked — including a technique for introducing a vote-rigging virus that would spread from machine to machine in a precinct. But Felten says the chance this has really happened is remote. He argues that the more likely danger of touch-screen machines is not in malice but in errors. Michael Shamos agrees. “If there are guys who are trying to tamper with elections through manipulation of software, we would have seen evidence of it,” he told me. “Nobody ever commits the perfect crime the first time. We would have seen a succession of failed attempts leading up to possibly a successful attempt. We’ve never seen it.”

This whole paragraph is questionable. The statement “Yet here’s the curious thing: Almost no credible scientific critics of touch-screen voting say they believe any machines have ever been successfully hacked.” is far from supported and far from accurate. Read the UConn report by our own computer scientist. Read the California reports Perhaps there is no proof of hacking an actual election, but as we have said before there is plenty of evidence for suspicion, but what is lacking is investigations, especially credible investigations. For optical scan watch Hacking Democracy to review the words of Ion Sancho.

And from Machael Shamos’ Pennsylvania where he is a voting machine inspector we have this:

The prospect of being thrust into the national spotlight has already prompted many counties to spar over ditching their iVotronics. The machines were an election issue in Centre County in November, with several candidates for county commissioner running on a pledge to get rid of the devices. (Two won and are trying to figure out if they can afford it.) And the opposition to touch-screens isn’t just coming from Democrats. When the Pennsylvania Republican Rick Santorum lost his Senate seat in 2006, some Santorum voters complained that the iVotronics “flipped” their votes before their eyes. In Pittsburgh, the chief opponent of the machines is David Fawcett, the lone Republican on the county board of elections. “It’s not a partisan issue,” he says. “And even if it was, Republicans, at least in this state, would have a much greater interest in accuracy. The capacity for error is big, and the error itself could be so much greater than it could be on prior systems.”

And finally lest we be complacent in Connecticut because we have (thankfully, and for very good reasons) avoided touch-screen voting:

Still, optical scanning is hardly a flawless system. If someone doesn’t mark a ballot clearly, a recount can wind up back in the morass of arguing over “voter intent.” The machines also need to be carefully calibrated so they don’t miscount ballots. Blind people may need an extra device installed to help them vote. Poorly trained poll workers could simply lose ballots. And the machines do, in fact, run software that can be hacked: Sancho himself has used computer scientists to hack his machines. It’s also possible that any complex software isn’t well suited for running elections. Most software firms deal with the inevitable bugs in their product by patching them; Microsoft still patches its seven-year-old Windows XP several times a month. But vendors of electronic voting machines do not have this luxury, because any update must be federally tested for months.

There are also serious logistical problems for the states that are switching to optical scan machines this election cycle. Experts estimate that it takes at least two years to retrain poll workers and employees on a new system; Cuyahoga County is planning to do it only three months. Even the local activists who fought to bring in optical scanning say this shift is recklessly fast — and likely to cause problems worse than the touch-screen machines would. Indeed, this whipsawing from one voting system to the next is another danger in our modern electoral wars.


Comments are closed, but trackbacks and pingbacks are open.