E-Voting Is Very Different From E-Banking
from the paper-trail dept
Catching up on my reading, I recently came across this post from the University of Chicago's Saul Levmore about the merits of touchscreen voting. Levmore thinks that "the future is surely with the touch-screen or some other form of online voting." Levmore doesn't go into any detail about why he thinks this; I assume he's simply not familiar with the many e-voting problems we've covered here at Techdirt. He may not know, for example, that voting machines are susceptible to viruses that can allow a single person to corrupt every machine in a county or even an entire state. Levmore makes an interesting analogy to automatic teller machines. He points out that we've been using ATMs without any serious problems for decades, and wonders why we can't use the same technologies for voting machines.
What Levmore is missing is that the security model of an ATM is totally different from the security model of a voting machine. The most important line of defense against ATM fraud is not the machines themselves, but the fact that they produce a lengthy paper trail. If a hacker breaks into a bank's network and transfers funds from someone else's account to his own, two important things will happen. First, the victim will notice an unauthorized transaction and complain. And second, the perpetrator will need to pick up the money somehow, which will create a paper trail that will help the police find him. For example, a hacker trying to physically steal the cash from an ATM has to be physically present to pick up the cash, which increases the risk that he'll be caught in the act -- especially if he tries to knock off several machines in a row. It is the likelihood that fraud will be detected and punished, not the inherent unhackability of the machines themselves, that makes ATMs secure. In contrast, nobody knows what the "right" election outcome is supposed to be, so there's no one in a position to object if the results get altered. And because peoples' votes have to be kept secret, voting machines can't create the same kind of personally-identifiable paper trails that ATMs do. Unlike stolen cash, a stolen election doesn't need to be physically delivered to the beneficiary, so there's no way to trace the loot to find the perpetrator. That means that even if election fraud is detected, there's not going to be any straightforward way to figure out either who did it or what the result should have been. We can be pretty sure, for example, that something went wrong in the 2006 election in Sarasota County, but we have no way to be sure if foul play might have been involved or if (as seems more likely) the software was just flaky.
There's a more fundamental issue that should be especially familiar to the folks at the University of Chicago: banks have much stronger incentives to get things right than election officials. If a criminal succeeds in knocking off an ATM machine, the bank that owns that ATM machine stands to lose a lot of money. As a result, the bank has a strong incentive to take the steps necessary to secure the ATM, or to not deploy the ATM at all if it thinks that securing it would be too difficult. Banks have both the incentives and the resources to hire computer security experts to advise them on fixing potential problems with their ATM machines. In contrast, state officials have only a weak incentives to get voting machine security right. A stolen election will be a rare occurrence even with insecure voting machines, and if it does occur, state officials can easily shift blame to other people -- county election officials, vendors, poll workers. It's not surprising, therefore, that states have rushed to deploy electronic voting systems that virtually every computer securit expert on the planet says are insecure. Without strong accountability, election officials tend to be swayed by the superficial impression that computerized processes are inherently better than older technologies, or even by lobbying by voting machine vendors. Peoples' opposition to e-voting is not, as Levmore seems to think, a result of knee-jerk opposition to new technologies. It's a recognition that the e-voting problem is much harder than is generally supposed, and it's better to err on the side of caution until e-voting technology has had a chance to mature.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: e-banking, e-voting, saul levmore
Reader Comments
Subscribe: RSS
View by: Time | Thread
and yet somewhat similar....
This has always seemed very odd to me. Especially where the same company makes both types of machines.
[ link to this | view in thread ]
Scantron
Hell, since the punchcard is apparently "too difficult" for the common man to use keep the touch screen idea so you click a button with the person's name next to a picture of the person.
THEN have it spit out the punch card so you can verify you got who you wanted. No hole by the name of the person you voted for? Scream about it because your vote is being manipulated.
Then just have a slot to dump the scantron form in, preferably a seperate unit just for counting the votes.
Then once the Polls are closed transmit the results to a central repository (say in Washington DC, since that's the national capitol) and ship the paper version (via the US Treasury Deparment) to wherever they keep that stuff now/before (probably in the local State capitol).
Congrats, electronic voting with a paper trail for backup and audit purposes. When the time rolls around again for the next national election (hopefully after 4 years) recycle all the paper scantrons to make new paper scantrons.
System will be a lot better and I hearby publish this to Public Domain (eg THE INTERNET) so if anyone trys to patent this system and gouge us we can show this in court. TechDirt should have a timestamp and I'll screenshot it for giggles.
Now the only trick is to make a device that is as difficult as an ATM to break into (eg can't use a pen/no tools) but not impossible. Just time consuming and noisy (mandatory battery powered alarm on it opening, even for maintenence. Just put an off switch in it).
Seriously, I just made this up on the spot after reading this article. Who agress it is a better system than the bullshit Diebold has been putting out? May be only theory right now, but it already sounds more secure.
[ link to this | view in thread ]
[ link to this | view in thread ]
Why on Earth...
The future of voting for all intents and purpose should be electronic and further more online. It benefits the democratic process to make voting not only accessible but also easy!! so if security is of a concern, then figure it out already.
[ link to this | view in thread ]
Right outcome
Presidents should be selected from the population and forced to do the duty :-). In no way should anyone who desires the power be given it.
[ link to this | view in thread ]
The basic difference between ATM fraud and voting fraud is also a simple one. If an ATM is defrauded, the most that someone will lose is a few grand (usually recovered through the bank, for which they are insured). If the election is defrauded, the country's government system is undermined. Why are people still so intent on sacrificing their votes for convenience?
[ link to this | view in thread ]
Re: and yet somewhat similar....
[ link to this | view in thread ]
Re: and yet somewhat similar....
[ link to this | view in thread ]
Re: Re: and yet somewhat similar....
Electronic voting machines can generate paper trails that do not violate the secret ballot. Secret ballots are intended only to keep how an individual voter voter secret, not the vote itself. The real reason paper trails on electronic voting machines are resisted is because it makes it harder to rig elections.
[ link to this | view in thread ]
Voting Fraud
[ link to this | view in thread ]
Confounding
Electronic voting machines COULD offer a number of benefits. You can easily set up multi-lingual ballots. You can have large fonts for those with impaired vision, or audio for those who are blind. You can present candidates in random order so none are advantaged by position.
All that needs to happen is that you confirm your view, receive a human-readable card, and drop that receipt into the ballot box. The e-voting machine will enable fast/instant vote tallies. The ballot boxes contain the paper records needed to validate the electronic tally. (And the paper ballots are the legally binding ones.)
Why this simple concept seems to generate so much controversy is beyond me. The only thing I've heard which is remotely sensible is that paper and ink handling are mechanical and susceptible to failure. But surely there are ways to make it so robust as to become a non-issue.
[ link to this | view in thread ]
There are choices.
Using Pen and Paper as the basis for voting and have the digital component results as the audit trail is the reciprocal of today's voter model. Unfortunately, early interest has been from emerging democracies that recognize elegance in the simplicity with integrity and appreciate its lower costs.
We in the US seem to have our skivvies in knot when comes to thinking about voting systems. Just as an answer to automobile efficiency is a hybrid, we can not link that to a better voting system that uses a hybrid of old paper and pen combined with an digital audit trail. Maybe 2012 or 2016?
[ link to this | view in thread ]
Re: and yet somewhat similar....
[ link to this | view in thread ]
Re: Scantron
Start your own electronic voting machine company?
Theres a good market out there for a good, traceable system. :)
[ link to this | view in thread ]
Re: Scantron
Here, we have a choice between touchscreen and bubble sheet ballots. I see no reason (other than expense) that the two couldn't be combined.
But frankly, I never saw the need. If I have to go to the courthouse anyway, bubble sheets are no slower than touchscreens. Yes, there are millions of people in the state, but the state has never had a serious problem getting those bubble sheets counted on time - national news usually starts reporting most of the results the same evening.
Since bubble sheets can be counted in a reasonable amount of time, I really don't see the need for touch screens. Getting the votes counted quickly isn't really an issue, but that's the only benefit of touchscreens.
Except for Internet voting, which would have a real benefit in convenience and getting more people to vote, but your system wouldn't work there and we're back to square one.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Besides, considering everything else the Republicans are ripping us off with and blatantly lying about to the world and country, I'm kind of inclined to believe they'd be more apt to pull the ruses.
[ link to this | view in thread ]
The Straight Facts
[ link to this | view in thread ]
E-Voting Is Very Different From E-Banking
[ link to this | view in thread ]
Tautology
[ link to this | view in thread ]
Unrealistic expectations are never satisfied
Our expectations for a voting system seems to be that it must produce zero errors and contain no fraud. This is to a certain extent understandable because of the high stakes involved (especially in a presidential election), but when 125 million people participate in a system, there will be errors and there will be fraud. Expecting to completely eliminate either is a very unrealistic expectation. Systems fail and people do bad things. We need to accept these realities even as we attempt as best we can to mitigate their consequences.
The other major challenge we face is in the guaranteed anonymity of the ballot. All the security challenges we face eventually come up against the need for anonymity in the voting choice. Security would be simple (as stated in the article and comments) if we could tie a name and voter ID to a specific ballot. Unfortunately, we have yet to find a way to do that while still protecting the anonymity of the voter.
We need to look for balloting systems that offer the best balance between ease of use, security, and anonymity. Discussions like this will help in that effort, but I suggest that the best course of action is to continue to allow local election districts to experiment. What works for a village of 200 people in Iowa will not work for New York City. As each local election authority tries new (or old) systems, other districts will take note and apply lessons to their own situations. This is far better than congressional mandates that impose a single system, or even a single type of system, on every district nationwide. A de-centralized system leads to innovation and will mitigate the consequences of failure since the failure will only affect that one district, not all.
[ link to this | view in thread ]
Re: Unrealistic expectations are never satisfied
Expecting perfection and accepting fraud are two very different things. I don't expect perfection but I don't accept fraud either. To say that I have to do one or the other is false.
What works for a village of 200 people in Iowa will not work for New York City.
Who says that there couldn't be such a thing? You just proclaim it with no evidence.
[ link to this | view in thread ]
Re: Re:
Yep. For example, if it weren't for the e-voting shenanigans that they pulled off in Ohio in 2004 Bush wouldn't be president today.
[ link to this | view in thread ]
Defining the problem wrong
This will scare silly those that control the existing political voting system, because soon those that converse over the web will be able to swing the vote extensively by using the instant feedback online to alert those demographic groups that are not voting to get there. Because the secure account carries all of my demographics, but reports them only in aggregate, much more accurate statistics on participation will be available. The pollsters will have problems here because anyone that wants can query this base, and the primaries for both parties will be able to be managed completely without the crazy antics necessary today.
The lamenting over those poor lost souls that they can't drag out to the voting booths will be a thing of the past. Rather than braving wind, rain sleet or hail to go out and get accosted by all those busybodies that are trying to sway voters last minute or find out what they did in the booths, I can sit comfortably at home in my ubiquitous bunny slippers and see who is winning, then cast my vote and see the difference I make in real time.
If I log into my voting account and see a vote posted that I didn't do, or a double vote, I can lodge a complaint, just like with any other account that a transaction should be disputed over. In fact, third parties that should be seriously considered for this job would need to be credit card companies or credit reporting agencies that already manage personal data for most of us.
This also addresses the auditing issues that concern many who contemplate this change in our voting process. By using systems that manage accounts similar to financial accounts, the auditing of these accounts could be done by independent groups to keep everyone honest. My personal account provides a voting record that I can refer back to whenever I choose. For those paranoids that don't want the government managing their private voting account (count me in here), this could always be managed by a third party. After all, that's what banks are, private keepers of our publicly issued currency. If I am willing to trust a bank or credit card company with my money, why not my vote?
Let's stop trying to use 1700's processes when we have 22nd century technology.
And, by the way, shame on you at tech dirt if you have been posting on these self-created problems forever, since it should be just you tech savvy guys that suggest innovative solutions to problems, not get caught up in the paranoia of the non-technical masses.
[ link to this | view in thread ]
Motivation Behind Adoption
> A stolen election will be a rare occurrence even
> with insecure voting machines, and if it does
> occur, state officials can easily shift blame to
> other people -- county election officials,
> vendors, poll workers. It's not surprising,
> therefore, that states have rushed to deploy
> electronic voting systems that virtually every
> computer security expert on the planet says
> are insecure...
I am betting you did *not* intend to suggest that states are implementing trust-free voting machines primarily as scapegoats. But that's a side point.
Here is the real clarification I want to add (assuming someone else hasn't already... I haven't ventured into the comment thread rabbit hole on this post.)
States are implementing e-voting technology regardless of security issues because there is a Federal incentive (if not arguably an impending mandate) to do so: money.
I am referring to the Help America Vote Act of 2002 or simply "HAVA." HAVA is Congress's largest ever investment in election reform. The Act devoted $4 billion in federal funds to replace punch card voting machines, develop state voter registration databases and establish the U.S. Election Assistance Commission. HAVA more or less set a deadline for old punch card and lever machinery replacement to be the end of 2006, although that was not cast in code per-se, and the sunset on old systems has waned.
But the point is the incentive for the states is/was the ability to receive Federal subsidy dollars to pay for machinery replacement. And that is more the motivation than simply deploying a digital scapegoat. HAVA is not likely to be reversed, and the digital democracy isn't going to slow down. Yet, clearly we need to save Democracy from Computers.
So, the real question I submit has less to do with motivation for implementing sloppy technology, and more with why the technology is trust-free in the first place.
The root problem with e-voting today is simply that it has never been in the best interest of vendor shareholders to incur the true non-recurring engineering charges to properly design, develop, and produce the high-assurance single-purpose application specific devices required for trustworthy e-voting. High assurance engineered devices are complicated, expensive, and time-consuming to build. High assurance methodologies are regularly employed in mil-spec products, medical technology, and NASA spacecraft and related devices. But in voting, there is no ROI (return on investment) that pencils for the e-voting vendors to go to that trouble. In other words, the market is paradoxically small while requiring expensive equipment. So given that shareholder value trumps voter assurance, they turned to the only alternative they could: off-the-shelf general purpose computing hardware with off-the-shelf commodity operating systems software, combined with their proprietary "black box" application (their only real value added).
Not to be preachy here, but honestly, the only way to solve the root problem of trustworthy e-voting machinery is to do so in the public trust in a transparent open source manner. The cornerstone of our democracy (the machinery by which we cast our votes) increasingly digital as it is becoming, can no longer be left to the shareholder interests of the private sector, nor the bureaucratic mandates of Governments. Once this cornerstone is developed in the public trust, then and only then will it be possible to have public inspection, accountability loops, and no more scapegoating. In other words, this nation needs to move from black box voting to glass box voting.
[ link to this | view in thread ]
Public Officials are Honest???
Oh, and I am really curious if these technology naysayers have ever driven a car, or flown in an airplane, or used a computer to make their life/job more efficient and easier? I have to wonder why they seem to be in a feeding freenzy over the problem but they aren't proposing anything as a solution that promotes the technology in question. Yep, that dang thing will never fly! Them computers is just a commie trick! One day that dang'd voting machine is going to kill someone!! Remember, I told you so!
[ link to this | view in thread ]
Just one inconsistency - please correct so I can f
However, please fix this slight inconsistency so I can widely let people know about your article:
You said both:
"nobody knows what the "right" election outcome is supposed to be, so there's no one in a position to object if the results get altered."
I agree. But then you said:
"A stolen election will be a rare occurrence even with insecure voting machines, and if it does occur, state officials can easily shift blame to other people."
But in the vast majority of states no one would ever know if an election were stolen - yet this sentence makes it seem as if one could tell. You cannot possibly know that "stolen election will be a rare occurence" It could be happening constantly on all levels, state, federal, and local - but how would you ever know without publicly verifiable audits, ballot security, and ballot reconciliation since NO state does all three.
Cheers and thanks for writing this.
[ link to this | view in thread ]
Re: Why on Earth...
The big problem with electronic voting is not "security" in the technical sense --- it's the lack of transparency. With paper ballots and manual counting anyone can see what is going on, you do not have to be any sort of technical expert.
E-voting machines are, by nature, black boxes. They make public scrutiny by ordinary Joe Bloggs impossible. Some people on here have suggested parallel electronic and paper systems. But what's the point? The paper ballots would have to form the definitive result, so what's the point in the electronic counting anyway?
I'm also sceptical of mechanical counting of paper ballots, because of the same problem of lack of transparency. The manual counting process is open to public scrutiny, simply because lots of people are doing it and supervising it, and point out (more like pounce on) any irregularities.
Stick to tried and tested voting mechanisms. They work.
[ link to this | view in thread ]
Re: Defining the problem wrong
We aren't using "1700s processes", if we were then people would be declaring their vote in public by standing on one side or the other of a hall (that's how all elections used to be conducted). The secret ballot actually is an invention of the mid-19th century. Having Internet voting from home would violate the secret ballot. We don't have ballot boxes and voting booths because of some quaint old tradition or because the voting process is out of touch with modern times. It is because of the need to ensure that votes are cast *in secret*. If votes can be cast from home, or anywhere else other than a supervised voting environment, then there is no way of preventing coercion or vote-buying. You can make the voting process as technically secure as you like, but no scrutiny is possible over the circumstances under which the vote was cast.
Being able to "see" your votes in a "voting account" would also violate the secret ballot. If you have no way of seeing how you voted, then you have no way of proving to anyone else how you voted, and that is the most effective way of preventing vote-buying.
Letting people see how their vote affects the result immediately is also a BAD idea, because it would give an advantage to people who vote later (as they will know better how their vote is going to affect the result). Making sure that the result is not known until every vote is collected and counted means that everyone is voting based on the same knowledge of the electoral situation --- i.e. they know the opinion polls from the day before, but the rest is a guess.
Trusting someone with your money is very different from trusting someone with your vote. Banking secrecy is very different from voting secrecy: your bank needs to know about your financial affairs, but NO-ONE SHOULD BE ABLE TO KNOW about how you voted. The way youtalk about lodging complaints about irregularities in your "voting account" suggest that you entirely misunderstand the secret ballot. The vote is not a private right that only affects the individual. It is a PUBLIC right. A voting irregularity affects much more than the individual whose vote was lost or wrongly cast --- it affects the integrity of the entire election. The sort of mechanisms you talk about inevitably mean that someone --- whoever runs the auditing --- can find out how you voted, and that is unacceptable, whoever it is.
Finally, my experience is that the people who tend to go on about how old-fashioned our voting process is in the "21st century" tend to be technical ignoramuses --- they're the sort of people who are starry-eyed but pig-ignorant anout technology. While those who urge caution tend to be technically minded people --- especially security professionals --- who actually understand the real issues involved.
[ link to this | view in thread ]
Re: Public Officials are Honest???
You are "assuming" that the voting machines do what they say they will. The point isn't whether they *are* technically doing the right process, but whether they are *seen* to be. Since a voting machine is a black box, that is not possible.
Give me a machine and I am NOT a happy voter, because I only have the machine's word that my vote has been registered and counted.
Don't let the expert control the election.
And why should people sceptical of e-voting technology have to propose something technological as an alternative? This is technology for its own sake. Non-technological voting systems WORK. Or if they don't, it's easy to discover why and correct the problem. The problem is people who are starry-eyed about technology, who think automatically "It's hi-tech therefore it must be better." Not necessarily so.
[ link to this | view in thread ]