[admin]

Ballot Reforms: Can We Stop Election Fraud?« Thread Started on Dec 13, 2007, 5:11pm » --------------------------------------------------------------------------------

http://progressive.stanford.edu/cgi-bin ... &archive=1

Ballot Reforms: Can We Stop Election Fraud?
December, 2007
by Kai Stinchcombe

If you are a Californian, you can go to the polls with the certainty that your vote will be counted in this February’s presidential primaries. Debra Bowen, California’s secretary of state, recently undertook a top-to-bottom review of all voting machines and procedures in an attempt to identify problems and potential weaknesses in California’s voting system.

As part of the review, Bowen’s office sent “red teams” of people specially trained to covertly assess the vulnerabilities of the voting system to the polls in March in an attempt to hack the voting machines that have been used in California’s past elections and are still being used around the country. Her results and subsequent review generated an outpouring of reports and responses.

The problems Bowen found were sufficiently troubling to cause her to decertify California’s voting machines, and should raise eyebrows across the rest of the country. As it turns out, there are many ways to compromise the standard voting system. The red teams were able to gain access to voting machines without opening locks or breaking seals, create software viruses that spread from to machine to machine when elections workers insert their swipe cards to turn them on, exploit the database access to change the software running on the computer, shut the machines down, and make machines falsely inform voters that they have voted incorrectly. It is even possible to add and remove votes from both the individual voting units and the central database, and to modify the tamper-detection audit trail to cover one’s tracks.

Proponents of the status quo often note that there is no proof an election has ever been stolen. But that’s exactly the point— according to the results of Bowen’s review, it is possible with the current technology to steal an election without leaving a trace. What progressives want is a system that would accurately detect any attempts to tamper with election results. Right now, we don’t have that system.

The scariest feature of electronic voting is the possibility for undetectable mass voter fraud – for tens or hundreds of thousands of votes to be silently changed in a single stroke. Preventing small-scale elections fraud -- stuffing a ballot box or wrongly removing voters from the rolls -- still requires diligent oversight and careful procedures. But with the advent of electronic voting, it no longer takes a conspiracy to steal a whole election. One single dishonest elections supervisor in Ohio could have changed the course of the presidential election in 2004, and we would have no way of knowing.

Advocates for transparent elections have proposed three different ways to increase the security of our elections. I’ll review the pros and cons of each here.

Optical Scan Ballots
The first is a return to old-fashioned optical-scan ballots, wherein voters mark their candidate choices on a piece of paper that is then read by a machine. The advantage to this option is that there’s no sneaky software involved -- there’s a physical piece of paper of instructions that tell you what the bubbles mean, and there’s a physical paper ballot that you mark. Of course, the old-fashioned methods of voter fraud — stuffing the ballot box or having people vote twice — still apply, but if you have election monitors from both parties it’s relatively ironclad.

The downside, though, is the old-fashioned paper systems are harder for voters to use. It’s easy to accidentally mark two bubbles in the same row, or not make a dark enough mark, or color outside the lines of your chosen bubble onto the adjacent one. Lower-literacy voters are more likely to be affected by these problems than those of us who have gotten used to filling in bubbles after taking standardized tests for years.

It is possible to set up a scanner in the booth that verifies that the ballot is being filled out correctly — for example, a screen might pop up saying “Oops, looks like you voted for two different people for President!” There are fixes, but the bottom line is that this system is harder to use and can’t be relied on to count every vote.

Open Source Voting Machines
A second possibility is to use open-source software, which is less vulnerable to sneaky attacks. In order to make sure that illegal codes aren’t being put in software, the public needs to be able to see the software and verify that it is sound. Open source software is software code that is available to the public to read, meaning that anyone who finds a security vulnerability can report it or fix it. So when software is open-source, people like the members of Debra Bowen’s red teams could fix security vulnerabilities they find rather than leaving them in systems around the country. Open source software also prevents workers at elections companies from sneaking tricks into the software without being noticed.

Open source voting machines have not been contracted for use in any state. This seems to be primarily a result of the political influence of voting-machine corporations. For example, one of Nebraska Senator Chuck Hagel’s political opponents found out that the machines used to count the votes in the Nebraska Senate election were made and programmed by a company formerly run by Hagel, and in which he still secretly maintained a large ownership share. When Hagel’s connection to the voting machines with which he was elected came to light, his opponent requested a hand recount of ballots. Unfortunately, under Nebraska law, government-employee election workers were prohibited from looking at the ballots. According to the elections code of 2002, the only way to count votes in Nebraska is with machines programmed by Hagel’s company.

Of course, the obvious argument against open-source software is that the code could be easily viewed by hackers attempting to find security problems that could be exploited. Though this is hypothetically true, a look at the history of open source software shows that the tendency is for vulnerabilities to be found and fixed before than can be exploited. For example, Linux, the most well-known open source software system, contains only 30 known viruses as the result of diligent editing, whereas closed-source Windows contains approximately 140,000 viruses.

Voter-Verifiable Paper Trails
The final method of ensuring open elections is for each electronic voting machine to provide a paper printout to each voter, like an ATM receipt, that records their choices. By randomly checking these paper printouts against electronic results with hand recounts, elections officials can make sure elections machines are providing the same results the voters intended.

There are a few loopholes to this approach. First, you can still cleverly tamper with election software -- for example, program the software to switch a vote from John to Jack one in ten times and put this on the paper transcript. If the voter notices and corrects the switch, the machine will record his or her vote properly. If one in five voters doesn’t carefully check his or her receipt, however, this kind of trick can add up to a significant percentage of the votes. Other possible hacks include printing an “extra” receipt from time to time to cover up an extra vote recorded for a given candidate, or figuring out clever ways to make automatic recounting systems misread the paper trails. In short, paper trails are not a perfect fix, but most of the ways of getting around them are pretty convoluted.

To conclude, there is no silver bullet solution for fair, verifiable elections. But using methods like voter-verifiable paper trails, which hand-check every part of the process, and open-source machines, which ensure that clever and convoluted hacks cannot be inserted into the software, we can solve most many of the most dangerous problems.

Human security -- controlling access to the machines and the ballot boxes, and counting them in front of the press -- is still important. But if we carefully institute a process that combines transparent software with verifiable ballots, we can be reasonably certain of preventing massive-scale election fraud.