Reminder – The End is Nigh

More Computer voting

From Andrew Case, posting at Transterrestrial Musings:

Basically the commentator felt that since ATMs are so reliable, we should trust voting machines. This completely ignores that fact that ATM errors have multiple redundant means of catching errors, since they generate a paper trail at the time of the transaction, the customer has additional opportunities to catch errors when they receive their bank statement, and the bank has enormous incentives to ensure correct accounting if they want to stay in business. If there is a potential problem with an ATM it can be taken off line for a couple of days until it is fixed.

In the case of electronic voting machines, they are put to the test once every couple of years, set up by people with minimal training, there is no independent audit trail, and there is considerable incentive to falsify votes, knowing that if you are successful you or your allies will control the investigation into what happened.

I do not buy claims that only the GOP would try to falsify the election. Michael Moore and his legion probably think that’s the case, and I’ve had people tell me that to my face, but it’s pretty ridiculous.

In any event, I’m worried about this. Not specifically because I expect electronic cheating. I’m worried because we will all always be worried about electronic cheating. Because claims that the other side committed electronic cheating will always carry weight. Because distrust of government plus distrust of electronic devices equals overwhelming expectation of electronic cheating.

I just don’t see any bright side. I don’t see any benefit. I don’t see any reason to attempt to commit national suicide.

Written about previously on MO here, here, here, here, here, here, here, here, and especially here.


  1. I’m convinced there are always people in any party that would cheat if they could. The real problem for me is that if Florida had used the e-vote systems since put in place in that state in the 2000 election, I couldn’t contradict Michael Moore’s contention that Gore had won: There simply would be no way to check with any reasonable certainty.

  2. An excellent point. Do we trade greater perceived insecurity for greater actual insecurity? People bet their lives every day on software working right. Just look at aircraft avionics. Software controls things like Nuclear Power Plants, Nuclear Launching systems etc, and it’s possible to make it so it works 100% first go. But unless the software, hardware, OS, compiler, etc are *all* independantly reviewable by anyone, the voting public is taking a lot on trust. Now they do this already with paper, but with paper, although it’s easy to rig a single polling booth’s results, it takes ingenuity to rig an election (unless the vote is really close). But in a 2-party system, the vote usually is close, 55/45 at worst, so the polling officials have to rely on ‘equality of cheating’ and cross fingers. See Texas and Chicago elections, where the (R) and (D) sides respectively do whatever they have to to win. Bottom line: it’s relatively easy to make an electronic system that’s more trustworthy than paper. But none of the US voting machines meet that standard, a sad indictment of the manufacturers.

  3. Well stated Alan. I work on software every day, lead a team of engineers in an effort to make the best software possible, and I have as much faith in the power of technology as any informed person. That being said, I’m appalled at what I see coming this November. There is NO EXCUSE for ‘paper audit’-less voting systems in our first (probably first couple) electronic election.

  4. Fifty years from now someone might ask, ‘Where did democracy go so wrong?’ And the answer could be that we had an apathetic population that allowed themselves to be suckered into ‘shortcuts’ such as electronic voting. It’s insane to have any system without a paper trail. I seriously question the motives of anyone proposing or attempting to implement such a system. -jdm

  5. JDM: That’s exactly what I’m afraid of. I do think that there are going to be issues this fall, especially if the election is close. But the real threat is the long-term damage that electronic voting, and the distrust that it will always bring with it, causes America. If things go more-or-less smoothly this fall, I expect that the paper-trail crowd is going to lose a lot of sway. That’s not good. Rock. Hard place.

  6. Re: paper trail. Consider the following hypothetical situation: we have a WORM CD whose trail-of-evidence is known, with an MD5 encryption with a key only the polling official knows. We also have the sources of the application, the OS, the compiler, and the hardware is open-source. The binary is secured both before and after the election, and is checkable. And we have a paper tape roll, also with a trail-of-evidence, which disagrees with the CD. Which is more likely right? Which would be the easier to fake? The key is the trail-of-evidence. At least one of them is flawed. And it would be far, far easier to fake a paper tape beforehand, than to miraculously guess the MD5 encyption number, pre-burn a CD, and substitute this, especially if multiple copies were made by the voting machine with different MD5 checksums (I’d suggest 3). The reason I’m against paper trails is simple: printers break, they cost more than the rest of the system put together, and they provide an easy way of contesting valid results with bogus ones, substituted after the event. If the paper-tape roll was encrypted – say, on banknote-quality paper, with banknote-quality security measures against forgery, only the cost aspects would be significant, and I’d be far less anti-paper than I am today. But even without, compared with today’s standard paper-ballots on easily-forged paper, and easily substituted ballot-boxes, e-voting (unless done hopelessly badly) should be better. I’m not convinced that it is though, at least in the USA.

  7. Alan, you bring up a lot of good points, but frankly, I’m more worried about accidental problems than I am about tampering. You know, like the crash and loss of data in Florida from 2002. A paper trail is an easy safeguard against that, because each voter confirms that the paper trail is in fact an accurate representation of their vote before they submit it. Not to say I’m not worried at all about tampering…

  8. A paper trail isn’t sufficient, but it is much harder to change it after the fact. Florida has ‘found’ the lost voting records on a cd-rom. It is probably honest but their procedures were insanely inept. They lost the regular backups because they moved! There needs to be multiple verification and auditing processes – heavy redundancy. I believe an e-voting system (not just the end point devices) can be made reasonably secure if designed properly and subject to proper security procedures and oversight. On the other hand, if that isn’t done (and there is abundant evidence it isn’t in many locations) I believe it would be far easier to hide substantial vote tampering than with the more manual based systems. And even assuming you get everything right today, remember that the hardware (and therefore software) for all those machines is going to be upgraded every few years – so procedures will change between elections and the changes will require constant verification. No, I’m not very comfortable with that.

  9. I seem to have been left in the dust as far as discussing the technical aspects of an electronic system. I agree that an electronic system could be made reasonably secure, though I will probably always have my doubts. And that’s exactly why I think an electronic system might cause significant harm to democracy. Because most people will always have their doubts. That’s my biggest issue in the long term. Great discussion.