Photo
CreditIn my old workplace, right next to
the comfortable couches where we would take breaks, we kept
a voting machine. Instead of using the screen to pick our
preferred candidate, we played Pac-Man. We sent Pac-Man’s
familiar yellow chomping face after digital ghosts with the
same kind of machine that had been used in 2008 in more than
160 jurisdictions with about nine million registered voters.
This was at the Center for Information
Technology Policy at Princeton University, where researchers had been able to
reprogram the voting machine without even breaking the
“tamper evident” seals.
Voting isn’t a game, of course, and we need
to trust the machines that count our votes. Especially this
year. Donald J. Trump, the Republican presidential nominee,
raised the possibility of “rigged” elections, and his former
adviser Roger J. Stone Jr. has warned of a “blood bath” in
such a case. A recent poll found that 34
percent of likely voters believed the general election would
be rigged.
It’s unclear what mechanism the Trump
campaign envisions for this rigging. Voter fraud through
impersonation or illegal voting is vanishingly rare in the
United States, and rigging the election by tampering with
voting machines would be nearly impossible. As President
Obama pointed out in a news conference last week, where he
called charges of electoral rigging “ridiculous,” states and
cities set up voting systems, not the federal government.
That’s true, and it means the voting machine landscape is a
patchwork of different systems, which makes the election
hard to manipulate in a coordinated way.
But it’s still a bleak landscape.
Over the years, the team at Princeton,
cooperating with other researchers, has managed to disable
and tamper with many direct recording electronic systems
that use touch-screen computers without a verifiable paper
trail.
I’m not the only one who
is worried. This month, Jeh Johnson, the secretary of
Homeland Security, said his department was concerned about
infiltration of the nation’s electoral systems. Experts have warned about
voting machine vulnerability for years, but nothing has
changed.
The mere existence of this discussion is
cause for alarm. The United States needs to return, as soon
as possible, to a paper-based, auditable voting system in
all jurisdictions that still use electronic-only,
unverifiable voting machines.
I study the impact of technology for a
living, and I’m a former programmer. I happily bank online,
and use my smartphone to message friends and family. I
support and trust encryption to protect ordinary people’s
communication. I even believe computers will probably turn
out to be safer drivers than too-easily distracted humans.
I’m not averse to technological solutions.
In this case, though, we need to stick with
methods that allow a paper trail that is verifiable after
the election. No matter how you vote, there should be a
tightly guarded paper record that can be used for audits, if
not for the initial counting. This is not just because paper
verification is more tamper-resistant than our insecure
voting machines. Our elections need to be open to oversight
without the need for voters to understand how encryption
works. We can’t tell them to simply trust the experts,
especially when people are deliberately sowing distrust.
There is another upside to relying on paper.
Audits of such systems can require something else that, at
first glance, seems like a hindrance: People need to show up
to do them. As the “hanging chads” debacle in Florida
demonstrated in the 2000 election, paper systems, too, can
be badly designed. However, in a healthy democracy,
requiring people to show up is a good thing.
There are already minefields ahead for this
election. Georgia, for example, relies on electronic systems
that leave no paper trail. The machines in Georgia are also
quite old, and a Brennan Center for Justice report found that their
software was “outdated” — primarily using operating systems
like Windows 2000. This not only puts them at risk for
crashes and lost votes, but also leaves them more vulnerable
to hacking, as such older software no longer receives fixes
for security flaws.
Since 1996, Georgia has voted for the
Republican candidate in presidential elections, but this
year a batch of recent polls have painted a tight race —
with some polls even indicating that the Democratic nominee,
Hillary Clinton, may have an edge. If the race is close, and
the outcome questioned, voters in Georgia will have no means
to audit the results. Other potential swing states, like
Pennsylvania and North Carolina, also use electronic
machines with no paper trail, at least in some counties.
According to the nonprofit Verified Voting,
people in at least a dozen states could encounter that same
situation.
We have also seen concerns about foreign nations
meddling directly in United States elections, via hacking or
other means. This is an unlikely scenario; however, the fact
that people are even voicing such concerns makes it all the
more urgent to dispel them. As Matthew Green, a professor at
Johns Hopkins University who specializes in cryptography and
cybersecurity, said, “There is only one way to protect the
voting system from a nation-state funded cyberattack: Use
paper.”
Fortunately, there is a
reliable and transparent method that combines convenience
and the ability to perform an audit: paper ballot systems
with optical scan counting. Avi Rubin, an expert on election
security who is also a professor at Johns Hopkins, testified
about a decade ago that when properly put into effect, these
systems have many advantages. People can keep voting even if
the equipment fails; it’s possible to audit results; and the
systems are easy to use.
It is too late to fix everything for this
election. But we should start planning to verify and audit
voting wherever possible. For jurisdictions that still use
electronic-only voting, we need to guard the machines, to
avoid the kind of direct tampering that can turn them into
Pac-Man consoles. Randomly selected units should also be
used as “test only” machines on Election Day, to check that
they are tallying the votes correctly.
No comments:
Post a Comment