Thanks in part to the recall election, those error-prone punch cards are well on their way out in California. The bad news is that their replacement has some voters fearing the cure may be worse than the disease.
At issue are the new touch screen voting machines now being used throughout Alameda County—which critics say have the potential for skewing voting outcomes in ways far more serious than chad-hanging punch card ballots.
Critics say the notorious potential for hacking posed by computer-driven systems, plus the inherent fallibility of computer systems combined with the absence of paper-based verification, could prevent accurate recounts.
“With these machines you have no way to really confirm the outcome of an election,” said Katherine Forrest, co-founder of the Commonweal Institute, a Menlo Park think tank, who discussed the issue last week with members of Berkeley’s Gray Panthers organization.
“Based on what we’ve heard from computer experts, there are real questions about the reliability and security of the machines,” Forrest said. “There is a fear that the election will not represent the will of the voters.”
The machines used in Alameda County are manufactured by Diebold, one of three large companies that make the majority of touch screen machines used in the country.
Alameda County Registrar of Voters Brad Clark said the county first used the machines in 1999, and within three years they were the only voting mechanism used.
Clark said the county started looking to replace the old voting system in 1995, and settled on the touch screen because of features they thought would facilitate and expedite clean and fair elections.
Proponents of the machines downplay security concerns, saying the devices are rigorously tested and certified to ensure accuracy.
Frank Kaplan, Diebold’s Western Region Manager, said tests go on for months at a time and include verification by Wylkie Industries, an outside consulting firm.
Tests include a line-by-line examination of source code for bugs and any glitches that could affect the machines’ accuracy. They are also put through several voting simulation tests before they are put into use.
Clark and Kaplan disagree with the accusation that there is no way to create an accurate paper trail, pointing out that after each voter verifies his or her choices, the computer captures a digital image of the ballot which is then stored in case of a recount.
Under California election law, every county must do a hand recount of at least one percent of the precincts to ensure accuracy, hence the reason for the digital image capture.
None of this satisfies opponents.
Judy Bertelsen of the Wellstone Democratic Club in Berkeley has been researching the machines and charges that the systems contain numerous vulnerabilities.
She says that the digital image stored on the machine could be an exact copy of a mistake.
“How can I be assured that my vote was cast accurately and how can I assure that is was counted accurately?” she asked.
David Dill, a computer science professor at Stanford University, said the problems posed by Bertelsen and other critics show exactly why the machines could be problematic.
“Why should we trust a machine?” he said. “Nobody has been able to answer that.”
Dill says that even though the machines go through testing, there is still room for error because they are programmed by humans. Bugs are inevitable—and without a means to double check how the machine processed the vote, such as a paper receipt, voters are leaving their choices to chance, hoping that they get recorded and counted accurately.
“What happens if the machine goes up in smoke? You can’t go back and check the paper trail,” said Dill.
Opponents also point out that the software Diebold uses to run the machine is proprietary, which Diebold’s Kaplan said is necessary to protect that company’s livelihood.
Kaplan said Wylkie Industries has had access to the code and, acting on a request by Maryland Governor Robert L. Ehrlich, another independent firm, Science Application International Corp., just concluded a favorable review of the Diebold machine and its code.
Dill said that much of what the firms check for is malicious code written by programmers that could do things like change votes after they are cast. He said a well-written string of malicious code could recognize a test and function correctly, then begin manipulating the vote once it recognized that the balloting was official.
He said one possible means of spotting test versus real voting might be time recognition, where it would recognize that more votes were being cast at certain times—like early morning, the lunch hour, and then in the evening, while in a test votes might be cast at random times.
Independent investigations are not satisfactory, Dill said, adding that what is really needed is public disclosure of the code in order to accurately and fairly assess the software.
Another negative review came from a team from John Hopkins University, who stumbled across the software for the Diebold machine on an unprotected Web site. After conducting a number of tests, they concluded that the software was full of flaws.
Diebold said that the software was an outdated version no longer in use, but Bev Harris, who runs the blackboxvoting.org, posted an article written by Wired.com that found that the code had been used in the November, 2002 general elections in Georgia, Maryland and in counties in California and Kansas.
Harris, who many call the Erin Brockovich of voting equipment, is a writer and literary publicist who has dedicated much of her time to monitoring new touch screen voting machines, and has time and time again found what she declares are major flaws.
Diebold recently got her Web site taken briefly offline after Diebold threatened a suit for copyright infringement.
Among Harris’s finds was an open Diebold FTP site where she found a software patch that had been applied to all the voting machines in Georgia just before the 2002 election. Because the site was openly accessible to Web surfers, many critics worried that the patches were malicious.
Several people are also concerned about the Diebold software counties use to run the servers that tally votes for all precincts.
Kaplan said that the firm’s software and the servers the counties use are reliably isolated, and when a county’s results are sent out they are first copied onto a CD from the server and only then sent over the Internet—and from another computer that is not connected to the county’s server in any way.
He said the server is locked behind a pair of code-locked doors and that the server’s software, like that on the individual touch screen machines, is also closely tested.
Critics again point to the fact that machines make mistakes, and that many of the same problems that apply to the individual voter machines also apply to the server.
Diebold is not the only company drawing fire.
Election Systems and Software (ES&S) attracted considerable media attention after Chuck Hagel, the Republican Senator from Nebraska, and the former CEO of ES&S—at the time called American Information Systems—ran in and won two elections where 85 percent of the votes were counted by ES&S machines.
Hagel held stock in the company during both the elections, and in 1996 he scored one of the biggest upsets of the year, becoming the first Republican to win a Nebraska senatorial campaign in 24 years.
Here in Berkeley, City Clerk Sherry Kelly says that the city has had no serious problems with the Diebold machines. When several voters were unable to complete their votes last November, the machines were cleared and restarted and the voters were eventually able to cast their votes successfully.
Still, critics are not satisfied, remaining skeptical about a procedure they believe could potentially damage a crucial part of the democratic process, the right to vote.
In the meantime, those who are hesitant about the new machines are voting absentee, which leaves a paper trail. They encourage others to get their paper ballots in before the deadline Tuesday.