Faulty Machines Ready to Count Your Vote

Based on scientific research, we have a clearer picture of just how vulnerable our American voting system really is.

Some of the biggest battleground states this primary election season — New Hampshire, Ohio, Texas, Pennsylvania and Indiana — have also been some of the worst performing states for election integrity. And the first four are likely swing states come November.

These states not only received a large number of reported malfunctions and complaints, they also used many of the same ballot-counting machines that computer scientists across the country have shown are faulty and easily hacked.

With election officials and the general public largely blocked from knowing how the computers that tabulate our elections work, and manufacturers saying that theoretical risks are just that — theoretical — politicians have turned to scientists at America’s leading universities to help them make informed choices.

But despite the overwhelming research identifying them as insecure and prone to failures, these same voting machines are likely counting close to 90 percent of the nation’s ballots this year, said Bev Harris, an expert on election integrity issues who runs the nonprofit BlackBoxVoting.org.

Her group has funded several university research studies, and in perusing her Web site, or others like it such as VotersUnite.org and The Brad Blog, a long list of election irregularities come to light. And irregularities inevitably spawn suspicions whether merited or not.

“I’m supposed to be nonpartisan,” Harris said. “But I looked at a dozen states way before the primaries that I identified would have problems, and it’s almost a 100 percent correlation with where (Sen. Hillary) Clinton has done well.”

Harris was featured in the HBO documentary Hacking Democracy in which Johns Hopkins University computer scientist Avi Rubin and Finnish computer programmer Harri Hursti proved an optical scanner that counts paper ballots could be hacked through the scanner’s memory card. Rubin and Hursti have since helped several states evaluate their voting equipment.
Some states have listened. Others haven’t.

States That Listened

Based on the proliferating research, secretaries of state in California, Ohio, Florida, Colorado and New Mexico each sent tens of millions of dollars in fancy computer voting machines to the trash heap where they sit as Orwellian industrial art forms. At least one machine surfaced on Ebay.

While touch-screen or computer push-button (known as direct-recording electronic) voting machines have been largely discredited as insecure and faulty, equally troublesome are optical paper scanners. Both types of machines are still being used — with some added layers of precaution — even in states that found they could be easily fed a vote-flipping virus.

The vast majority of Americans vote by filling in a bubble on a paper ballot that is read by an optical scanner either at the polling place or somewhere else. Results are then tallied by a central computer. Scientists found that a malicious virus could be spread to the entire network by infecting just one machine.

The machines that failed security tests include those made by all four leading vote-counter manufacturers: Premier Election Solutions (formerly Diebold), Election Systems & Software, Sequoia Voting Systems, and Hart InterCivic.

“If you step back from the details, these reports are showing us that the whole computer software system is insecure,” said Ellen Theisen, co-director of VotersUnite.org. “The vendors have paid virtually no attention to security. Even if they worked hard at it, it’s difficult to do. They are all insecure.”

Voting machine manufacturers generally take the view that the scientific research is misleading because it doesn’t represent a real-world situation.

“In some cases the studies have been lacking in appropriate perspective and balance,” said Chris Riggall, spokesman for Premier. “We take these assessments seriously. We don’t argue our machines can’t be improved. They can be. In many instances, we have adjusted or improved our products, re-engineered them to reflect what we think are good valuable suggestions as it relates to security.”

In August 2007, computer scientists at the University of California, Berkeley and UC Davis gave California Secretary of State Debra Bowen all the proof she needed to throw away almost all of her state’s DRE vote-counting machines made by all four top manufacturers.

Each California precinct is now allowed just one DRE — for use by voters with disabilities. The studies also cast considerable doubt on the state’s optical scanners, but these are still used because there is no other practical way to count millions of ballots in the nation’s most populous state.

David Wagner, a computer science professor at UC Berkeley led several of these studies. “We found security flaws in all four electronic voting systems, flaws that could be used to hack all the voting machines,” Wagner said. “We found some differences with how easy it is to audit them. The optical scan systems, generally speaking, are easier to audit, to cross check the results and test whether any hacking went on.”

Wagner said he feels the tide of science is catching the attention of state governments. “The bottom line is this risk shouldn’t be brushed off,” he said.

In 2007, Ohio commissioned the Everest Study by computer scientists from the University of Pennsylvania, Penn State and UC Santa Barbara. Their work led Ohio Secretary of State Jennifer Brunner — after the 2006 general election — to recommend eliminating almost all of her state’s DREs. But counties still used them to a large degree in the recent primary. Brunner instead chose to count paper ballots at centralized locations, which created other suspicions as they were transported in private cars. And, as in California, the same paper ballot scanners that could be fed a vote-flipping virus are still being used to tally the majority of Ohio’s ballots.

“This is the conundrum these election officials face,” Wagner said. “They have to rely on what’s available commercially on the market. Unfortunately, none of it has everything we want. The question is how do you choose the lesser of two evils?”

States that haven’t listened

Despite the overwhelming research, many states are retaining the most suspect touch-screen machines, which are prone to both fraud and failure.

States such as Pennsylvania, Indiana and Texas have acted with barely a fraction of the urgency showed by their neighbors. More than half of the populations in these three states vote on DRE computer voting machines. And they each are among 11 states nationwide that do not require either a voter-verified paper trail or an automatic audit of the election. So there could never be a recount aside from what the computers tell election officials. (This map, created by the nonprofit VerifiedVoting.org, shows how other states approach electronic balloting.)

Even with a paper record on computer voting machines, scientists have shown it’s unreliable.

Princeton University computer scientists proved in 2006 that one of Diebold’s touch-screen voting machines could be compromised even as it printed out a record that matched the genuine votes cast. And even when there is a verification screen, voters are unlikely to review it, according to 2007 research by Sarah Everett at Rice University. Everett found that 60 percent of voters would not notice if their vote on a computer screen was incorrect.

“As a lot of people have pointed out, if voters are not even checking the review screen, what makes people think they are going to check the paper record,” Theisen said.

Another study, of Cuyahoga County, Ohio, in 2006, found that voter-verified records were often unreadable, failed to print and did not, in many cases, match the election outcome.

Where computer ballots are placed makes all the difference. In Texas, for example, touch-screen machines are located in major metropolitan areas, which account for a majority of voters, said Scott Haywood, spokesman for the secretary of state.

“The machines were not proven to be faulty,” Haywood said. “All the studies were done in an unfettered environment. There are a lot of studies that say a lot of things. Our office would argue they don’t take into account all the checks and balances that go into running an election.”

California researchers examined some of the same machines used in Texas, Wagner said.

“It’s true we weren’t asked to hack an election,” Wagner, the UC Berkeley professor, said in response to Haywood’s observations. “So, of course, we didn’t hack an actual election. Of course, the procedural safeguards play an important role in determining the risk. Based on my personal experience, based on what’ve I’ve seen, this is a serious risk.”

Scientific research is under attack, too, by the subjects of their tests. Vendor companies refute the evidence, reluctantly submit to tests or, in some cases, threaten legal action. A Sequoia Voting System executive recently warned two Princeton computer scientists and the state of New Jersey that they could face legal action if they analyzed any of Sequoia’s voting machines.

Minorities Disaffected

Could computers be prejudiced?

Research helps show why at least voting equipment could be prejudiced on Election Day. In some cases, even if the machines worked perfectly and no one tampered with them, studies show that poor and minority voters — concentrated in urban centers — have higher rates of voting errors on computer ballot machines.

Theisen along with Theron Horton and Bruce O’Dell of the Election Defense Alliance crunched numbers from the New Mexico 2004 presidential election and compared them to the 2006 general election; the former had mostly touch-screen voting machines, and the latter used mostly scanned paper ballots. The two studies show that higher rates of so-called under-voting (where a ballot fails to register a vote for whatever reason) occurred during the presidential election in minority precincts with computer voting machines. She also found that African-American and Spanish-speaking populations were more affected than predominantly white districts.

In some cases, the computers acted differently if voters chose the Spanish-language option.

A dirty little secret in every national election is that millions of ballots (roughly 3 million nationwide) are not counted — some partially, others completely thrown out. It’s generally understood by election experts that a 0.5 percent under-vote in a presidential election is normal, Theisen said. So when some precincts in Ohio in 2004 had an 80 percent under-vote, it didn’t take a computer scientist to know something wasn’t right.

New Hampshire Red Flags

New Hampshire is another state that, even when faced with the irrefutable evidence, has retained vote-counting machines fraught with risks. Computer scientist Hursti, who was featured in Hacking Democracy, even went to New Hampshire and testified before the Legislature.

The same Diebold Accuvote optical scanner shown in the film was used to count more than 80 percent of the ballots in the state’s December primary, said David Scanlan, New Hampshire’s deputy secretary of state.

“I know we use an Accuvote,” Scanlan told Miller-McCune.com. “I’m not technical enough to tell you whether it’s the same one that was used in the film, but it’s possible.”

A 30 to 40 percent recount directly following the 2007 election supported the outcome of the vote in New Hampshire. But Harris of BlackboxVoting.org and her cadre of civilian muckrakers are busy reviewing internal audit logs that may show discrepancies and have already found serious levels of miscounts.

The upside, she says, is that citizens can conduct their own election audit.

“The main issue is turning over the counting of our elections to corporations and government insiders,” Harris said. “It’s actually a transfer of power that was never designed in our democracy. These machines are quite literally having big brother count our votes.”

“I can tell you where the bodies are buried,” said Brad Friedman, a self-described advocate journalist. The Brad Blog is loaded with scandalous precursors to another botched presidential election in November 2008. For instance, the California Republican Party already has an alleged software pirate, Tony Krvaric, as its chairman in San Diego.

“I’m not so much running around saying they are being hacked,” Friedman said. “I’m saying they can be hacked. It’s a scientific fact.”

The bottom line, Friedman said, is that computer ballots — regardless of a paper trail — should be scrapped.

Sign up for our free e-newsletter.

Are you on Facebook? Click here to become our fan.

Add our news to your site.

Related Posts