« Centralized stupidity | Main | The science »

Getting out the vote

Thumbnail image for bush-gore-hanging-chad-florida.jpg"If voting changed anything, they'd abolish it, the maverick British left-wing politician Ken Livingstone wrote in 1987.

In 2020, the strategy appears to be to lecture people about how they should vote if they want to change things, and then make sure they can't. After this week's denial-of-service attack on Georgia voters and widespread documentation of voter suppression tactics, there should be no more arguments about whether voter suppression is a problem.

Until a 2008 Computers, Freedom, and Privacy tutorial on "e-deceptive campaign practices", organized by Lillie Coney, I had no idea how much effort was put into disenfranchising eligible voters. The tutorial focused on the many ways new technology - the pre-social media Internet - was being adapted to do very old work to suppress the votes of those who might have undesired opinions. The images from the 2018 mid-term elections and from this week in Georgia tell their own story.

In a presentation last week, Rebecca Mercuri noted that there are two types of fraud surrounding elections. Voter fraud, which is efforts by individuals to vote when they are not entitled to do so and is the stuff proponents of voter ID requirements get upset about, is vanishingly rare. Election fraud, where one group or another try to game the election in their favor, is and has been common throughout history, and there are many techniques. Election fraud is the big thing to keep your eye on - and electronic voting is a perfect vector for it. Paper ballots can be reexamined, recounted, and can't easily be altered without trace. Yes, they can be stolen or spoiled, but it's hard to do at scale because the boxes of ballots are big, heavy, and not easily vanished. Scale is, however, what computers were designed for, and just about every computer security expert agrees that computers and general elections do not mix. Even in a small, digitally literate country like Estonia a study found enormous vulnerabilities.

Mercuri, along with longtime security expert Peter Neumann, was offering an update on the technical side of voting. Mercuri is a longstanding expert in this area; in 2000, she defended her PhD thesis, the first serious study of the security problems for online voting, 11 days before Bush v. Gore burst into the headlines. TL;DR: electronic voting can't be secured.

In the 20 years since, the vast preponderance of computer security experts have continued to agree with her. Naturally, people keep trying to find wiggle room, as if some new technology will change the math; besides election systems vendors there are well-meaning folks with worthwhile goals, such as improving access for visually impaired people, ensuring access for a widely scattered membership, such as unions, or motivating younger people.

Even apart from voter suppression tactics, US election systems continue to be a fragmented mess. People keep finding new ways to hack into them; in 2017, Bloomberg reported that Russia hacked into voting systems in 39 US states before the US presidential election and targeted election systems in all 50. Defcon has added a voting machine hacking village, where, in 2018, an 11-year-old hacked into a replica of the Florida state voting website in under ten minutes. In 2019, Defcon hackers were able to buy a bunch of voting machines and election systems on eBay - and cracked every single one for the Washington Post. The only sensible response: use paper.

Mercuri has long advocated for voter-verified paper ballots (including absentee and mail-in ballots) as the official votes that can be recounted or audited as needed. The complexity and size of US elections, however, means electronic counting.

In Congressional testimony, Matt Blaze, a professor at Georgetown University, has made three recommendations (PDF): immediately dump all remaining paperless direct recording electronic voting machines; provide resources, infrastructure, and training to local and state election officials to help them defend their systems against attacks; and conduct risk-limiting audits after every election to detect software failures and attacks. RLAs, which were proposed in a 2012 paper by Mark Lindeman and Philip B. Stark (PDF), involves counting a statistically significant random sampling of ballots and checking the results against the machine. The proposal has a fair amount of support, including from the Electronic Frontier Foundation.

Mercuri has doubts; she argues that election administrators don't understand the math that determines how many ballots to count in these audits, and thinks the method will fail to catch "dispersed fraud" - that is, a few votes changed across many precincts rather than large clumps of votes changed in a few places. She is undeniably right when she says that RLAs are intended to avoid counting the full set of ballots; proponents see that as a *good* thing - faster, cheaper, and just as good. As a result, some states - Michigan, Colorado (PDF) - are beginning to embrace it. My guess is there will be many mistakes in implementation and resulting legal contests until everyone either finds a standard for best practice or decides they're too complicated to make work.

Even more important, however, is whether RLAs can successfully underpin public confidence in election integrity. Without that, we've got nothing.

Illustrations: Hanging chad, during the 2000 Bush versus Gore vote.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.


TrackBack URL for this entry:

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)