Voting Machine Follies

Ohio's Secretary of State, Jennifer Brunner, made national news after releasing a report in mid-December listing vulnerabilities in the voting machines that Ohio uses and recomending a complete overhaul of Ohio's voting process. Several other states are using Brunner's report as justification for getting rid of their own voting machines.

Is all of this (or any of it) justified? Not on the basis of Brunner's report. While I am not implying that there was any attempt to deceive on the part of the people who did the assessment, the report itself is highly misleading, mainly because of major omissions. One of the biggest omissions of the report is its failure to point out its own shortcomings. While everything about the methodology is documented, you have to dig to put the pieces together.

To examine this more closely:

The first problem is that the report is being treated as a general assessment on voting machines (called DREs in the report). It was not. It was an assessment of what vulnerabilities could be found in the machines using in Ohio when given total access. The difference is subtle but vital. By only focusing on DREs used in Ohio, the report gives the impression that there are no problems with any other forms of voting. In fact there are tremendous problems. In the 2000 election it became general knowledge that the punch card machines most often used rejected up to 10% of votes. The switch to DREs was a response to this. When the switch was made, it was felt that DREs were the method of voting most likely to capture all available votes.

The issue of total access vs realistic conditions is possibly the most misleading issue. The people doing the evaluations were given a voting machine to experiment with in an empty room. They not only checked for software vulnerabilities, they also evaluated physical security. To illustrate the difference, the report noted that all of the machines used standard locks and could be picked with lock picks.  While this is undoubtedly true, I doubt that anyone could pick the lock of a DRE and open it up in the middle of an election. Either voters or election officials would stop anyone from trying this.

The report found that it is possible to change the stored totals on some machines. This does not change the printed record. If an audit comparing the printed record and the totals came up with a discrepancy the resulting uproar would send an untold number of people to jail. It would be too risky to contemplate. The only way around this would be to infect the machines with specialized software that would display the vote one way but record it in both the totals and on the paper record differently. Even that would be risky since the paper record can be read by the voter. The evaluators did not address this possibility at all. Conspiracy mongers insist that this come built-in as an option that only Republicans and Hillary supporters know how to use.

Another lapse in the report is any suggestions for mitigating the vulnerabilities outside of keeping anti-virus software updated. This is a curious lapse. Security reports normally list vulnerabilities, how difficult they are to exploit in the real world, and ways that potential damage can be minimized.

The report then moves on to its recommendations. These include centralizing polling places, extending the polling period from a single Tuesday to a fifteen day period, and using optical mark cards that would be read at a central location. There is no discussion of the drawbacks of doing this. They present their own problems.

One problem is security. While I do not think that anyone would have enough access to pick the lock of a DRE during a crowded single-day election, there would be a lot more chances in a 15-day election. This includes questions about security at night. Someone who can pick locks could gain access to the optical mark cards and substitute different ones.

When assessing the current optical mark machines, the report mentions that there is no control to prevent extra cards from being fed into the machines. The recommendation is to use the same machines but the option for counting the cards on-site turned off. That would still allow extra votes to be cast.

Brunner's plan guarantees an undervote problem. The report calls for optical mark cards to be filled out and fed into a reader. The reader would show the recorded vote and reject over-votes. If the voter agreed that the card registered correctly then it would be put in a locked container and transported to the centralized vote. Since two different machines will be used, I can guarantee that not all cards will be counted the same. Worse, a high-speed machine will mangle some cards. We will be back to the issue of lost votes which the DREs was supposed to resolve. Several voting rights organizations have noticed this issue and filed complaints with Brunner. This surprised her since these came from left-leaning organizations.

The final problem is that the report recommended switching to machines that have not been tested for security problems of their own. The report even notes that only one machine has been certified that can do a central count with others coming. How can anyone seriously justify switching voting methods based on a security report that has not evaluated the alternatives.

Between the omissions and the unacknowledged problems with Brunner's alternative, it would appear that the proposal was prepared separately and the two documents joined.

Considering what is at stake - throwing out $100,000,000 in new equipment and buying $32,000,000 in new equipment, a closer look needs to be given to all alternatives. In the meantime, Brunner has shaken the nation's faith in the honesty of its elections. She has made public statements advising that she does not trust voting machines and will use a paper ballot herself. On what is fast becoming a partisan issue, she is making things much worse.