Internet/Telecom/Social Media

Staking out the (astro)turf in battles over electronic voting

By Martin Bosworth

Earlier this month, the Information Technology & Innovation Foundation (ITIF), a self-proclaimed “nonpartisan think tank,” released a policy statement opposing the usage of paper audit trails for electronic voting machines. The report’s author, Daniel Castro, wastes no time staking out the ITIF’s position on the issue, calling supporters of paper balloting and audit trails a “technophobic movement,” and saying that the debate needs to “move beyond discussions of paper” into purely electronic voter-auditing trails.

Castro would seem to make a persuasive argument about the safety of e-voting, but there are a few things that trip up his own “paper audit trail,” if you will.
Castro’s employer, the ITIF, is an adjunct arm of the Information Technology Industry Council (ITIC), a massive technology industry lobby group that counts heavyweights such as Microsoft, Oracle, IBM, and Unisys among its members. Many of these companies have been deeply invested in writing source code, applications, and providing hardware for e-voting machines, so they get a black eye as well every time they fail. Naturally, since it costs less to pay analysts to write papers supporting their position than it does to write better code, the ITIC has undoubtedly nudged the ITIF to put this thing out and stir the pot in their favor.

Castro is also extremely facile in dismissing the serious problems with e-voting machines that can malfunction, be tampered with, or simply not work properly from the start. A regular sticking point in debates over e-voting security is enabling third party auditors to have full access to the source code in order to ensure it is stable, secure, and cannot be easily tampered with or altered. Castro says that “Many DRE vendors are unwilling to release their source code publicly
because they fear copyright infringement. They also fear that individual reviewers will make unsubstantiated claims against their voting systems prior to an election simply to undermine the public’s confidence in the voting systems.”

As it happens, I recently wrote an article for Federal Computer Week detailing the decertification of thousands of voting machines in California due to pervasive, multileveled errors in the source code and software of the machines. We’re not talking malicious code inserted by hackers, but simple, stupid, garden-variety mistakes made by coders and designers who probably aren’t getting paid enough, don’t have the requisite skill, and were under tremendous pressure to get these machines’ software up and running in time for elections. As Dr. Rebecca Mercuri said when I interviewed her (paraphrasing slightly), “This is what happens when you build machines without security as a core principle. Adding voter-verified paper audit trails to insecure machines won’t change the essential problem.”

The idea often proposed by e-voting proponents (and echoed by Castro) is that if we trust critical everyday applications like banking, doctor’s appointments, etc. to purely electronic means, well, why not voting? The difference is this–if I bank online, I always have the option of printing out my current account statement, a billing invoice for a transaction, or some kind of record that proves I did what I did, when I did it. I would never use any service or company that completely prohibited or failed to provide ANY kind of paper record for electronic transactions. Even something as simple as an e-mail notice verifying I bought something online is a record I can refer to later if things go wrong. Given the importance of elections and making sure that they transpire fairly and honestly, the idea that there is something flawed about demanding a verifiable paper trail of every voter’s vote seems silly on its face.

Obviously, paper audit trails won’t address the problem of inherently insecure systems–that’s a much deeper issue that needs to be addressed if electronic voting is ever to be adopted on a large-scale basis throughout the country. But to simply dismiss the idea of adding a verifiable paper audit trail as a check on a potentially vulnerable and insecure system as “technophobia” betrays both a lack of understanding of the seriousness of the e-voting problem, and the obvious desires of the companies invested in the e-voting experiment to prevent anyone from seeing just how crappy their systems really are. As Ed Felten says:

One could spend months arguing about what exact position emerges from the 19 pages of delicately drafted hedging that make up the body of this report. But the bottom line — contrary to the impression most readers will gather from the report — is that paper and electronic voting together are, if done right, better than either the best paper system or the best computerized system would be alone.

No system can ever be completely 100 percent secure, but when it’s something as important to our country and democratic process as voting, every measure that adds transparency and accountability to the process is a worthwhile endeavor. In a perfect world, no state, county, or city would permit voting machines with records as dismal as Diebold’s or Sequoia’s from EVER being used. But until that day comes, using a verifiable voter-auditable paper trail is a good start to keep these machines–and their makers–honest. And giving paid flack reports like Castro’s the criticism they deserve will serve to keep so-called “nonpartisan think tanks” honest about their own paper trails as well.

TechDirt and Ars Technica have more criticism of the Castro report.

10 replies »

  1. You know, Martin, the precinct where I vote always gives out those “I Voted!” stickers to everyone who passes through. Maybe those could be used if a problem occurs with the e-voting…. 😉

    Thanks for this post that shows that corporate interests seem to want to trump democratic imperatives yet again…

  2. Thanks for reading, Jim. I know it’s a very techie issue and hard to understand (Hell, net neutrality is simple by comparison), but it’s so very important and so vital to our democracy.

  3. This is a techie issue? And it’s harder than NN to understand? Really? Wow, and here I thought it was the other way around…. 🙂

    Seriously, “election fraud can be caused by crappy electronic voting machines” is a lot easier for me to wrap my brain around than “companies shouldn’t be allowed to charge more for faster Net bandwidth because it sets up two classes of internet users that are separate but unequal.”

  4. Brian,

    Didn’t we already established that your priorities are warped on occasion? 🙂

    I thought the same thing you did, but in the course of working on the FCW article, I found it to be far more complex. For example, disabled-rights groups are furiously opposed to paper balloting as they consider it a form of disenfranchisement. There’s also debate about the different types of auditing, from VPATs (Verified Paper Audit Trails) to VVPATS (Voter-Verified Paper Audit Trails) and everything in between.

    At its core, it is simple, but there are a lot of issues to consider that people don’t think about.

  5. Martin,

    I’m glad that you have reviewed our report, but I think you have missed (or misunderstood) our core arguments. We make three main points in the paper (and I only see you addressing the first one).

    1. Paper audit trails have many limitations, which many discussions of paper audit trails do not consider.

    2. We state in the paper that we want Congress to require that all e-voting machines have durable, independent, verifiable audit trails, but we should not mandate that these audit trails be paper. Many other (and arguably better) options exist, such as audio audit trails or video audit trails. Many of these other audit trail technologies work better for people with disabilities.

    3. Finally, what we really want is for better voting technology that allows “end-to-end verifiability” or “universal verifiability.” This is the cryptography that we discuss in the latter part of the report, in systems such as VoteHere and Scratch & Vote (not mentioned in the paper, but also an option is Punchscan). We say that this is the goal we should be working towards — fully verifiable voting systems where a voter can verify that his or her ballot has been counted in the final vote tally BUT cannot prove to another voter how he or she voted. If you do not understand how this could work, then read the paper. We explain the cryptography behind it — and if our explanation does not convince you, then we provide references back to the academic papers that first proposed these ideas.

    Martin, I would be happy to talk to you further if you have more questions about the report.

    Anyway here is the link to the paper for everyone else —

  6. Daniel,

    Thanks for coming by and offering a counterpoint! I’ll tell you what–I’ll take this comment and respond to it in its own post, since you brought up a few points I want to address.

  7. I’ve also been blogging about the Daniel Castro’s ITIF eVoting report:

    Detailed point-by-point review

    In brief:
    I am basic agreement with the thesis of the report which is that the debate about eVoting should move beyond voter-verified paper audit trails to include systems that can prove to a voter that their vote was counted as cast. However, I found the tone and focus of the report disagreeable and I disagreed with much of the material in the report advocating for eVoting and against voter-verified paper audit trails.