Levmore Misses the Issue with E-Voting
It is unfortunate, too. There may be e-voting Luddites, but most of the objections I am aware of come from e-geeks who are generally excited about technological developments. However, these are also the people who are very aware of how badly companies can muck up software and hardware products. Not only that, some of us are rather familiar with how easily so many systems can be infiltrated, if not just sniffed (the anonymity of your vote is just as important as making sure it is counted). In general, when people who are typically huge fans of and knowledgeable about a product or procedure start screaming objections about improper use in critical activities, it is a good idea to consider why these people, otherwise fans, are so worried.
In general (obviously I can only speak for myself, but I don’t think most would disagree with me), most people agree that e-voting IS desirable. Once the machines are setup, it dramatically reduces the cost of conducting an election and provides a number of convenient features that is impossible for a mechanical machine to replicate so cheaply. This includes translation services, greater degrees of choice on where you vote, private services for the blind or those with other ailments which may make a typical ballot difficult to use, among others. So, yes, we do want e-voting. However, not all electronic interfaces are superior. Many touchscreen systems can be a pain to use, and they often limit the amount of information that can be on the screen at any given time. Indeed, part of the reason so many physicians I know hate EMR is that the INTERFACE to them is so much worse than plain paper. These are relatively easy design issues though. The major one is that digital, networked systems produce different and dramatically escalated security concerns compared to mechanical voting systems (watch “Battlestar Galactica” if you want this point driven home for you, not that fiction should be used as a judge of reality). Levmore misses this key point on multiple occasions in his one post: 1) comparing touch screen vulnerability to mechanical vulnerability, 2) comparing the rather lax security in absentee voting to potential dispersal voting mechanism via ATMs (more on the ATM issue later). He has a linearity assumption of vulnerability to votes, which works rather well in the mechanized analysis. But the digital process can have highly non-linear vulnerability to votes breaches.
I’m not a security expert; so, I will not go into significant details of the various vulnerabilities of the system. But, consider this: a single machine can be used to alter the votes of every other machine that comes into contact (in terms of exchanged information) with it. This is not a hypothetical. Data breaches happen all the time, and e-security is not something most organizations deal with particularly well. We (as I’m sure Saul does as well) hold the integrity of our democratic processes VERY high. The shortcomings of mechanical voting technologies are well known, as are the remedies and processes for reducing the risk. This may be pricey, but the costs of a secure election with mechanical voting are not so high as to justify the switch to e-voting.
There are a number of ways to deal with this. The first thing I would like to see is an “open, closed source” license for software. This is an issue that is coming up not just with voting technologies, but also the equipment used by police and manufactured by 3rd parties. In general, when a machine says “guilty” or “s/he won” people want to know how it came to that conclusion. The use of closed-source software creates a ‘black box’ effect which seriously undermines the trustworthiness of the process, whatever that process is. However, companies have been loathe to release their code, creating problems in, for example, the justice system. These types of systems ought to be open for public scrutiny, but of course, we want to maintain the ability for the company to its intellectual property. Thus the open, closed source license. It would be a license that allows for research into the integrity of the code, but bars all other uses of the code. Creating this kind of license, and ensuring the protection of the code is, of course, an incredibly difficult task. For devices in critical areas of public service, though, I would like to see such a license as being the ‘minimum level of openness’ allowed. Black boxes are not instruments of an open government. Obviously, exceptions for national security (F-22 code does not need to be public, though I’m sure the military has its hands on it, which is all that is needed in that case anyway) and non-critical tasks (we don’t need to know Word’s underlying code, just that it prints what we type). Yes, I know there will be difficult lines to draw.
The comparison to ATMs is incredibly annoying. It shows a terrible lack of understanding of how to create a secure system. The security measures taken to ensure the proper operation of voting machines are rather pathetic compared to those used by banks for ATMs and even casinos for their slot machines. There is and has been legislative movement on this front, but it is still rather behind. Further, the nature of the security problem is different for ATMs than it is for voting machines; so that, even if the regulations for ATMs were adopted completely, they would still be inadequate for ensuring a proper count. This is largely due to the anonymity required in the voting process.
If you disagree with me, PLEASE read the Bruce Schneier essay as well as some of Jon Stokes stuff. The most thorough is probably this article, though more recent ones are available. This is a very serious issue, and with the current setup in many jurisdictions, massive election fraud is UNDETECTABLE, which is why people get up in arms when the tallies differ from the polls. The only evidence of fraud would may very well be such differences, though those differences are by no means strong evidence of tampering or error.
Voting Machines
On Mega-Tuesday Iasked to use the electronic voting machine at my local voting place, and I did so. This is my third such vote, and I remain puzzled by the hostility to new voting tehcnology. I do not doubt that some touch-screen machines are vulnerable, but it is not as if the older technologies have been foolproof. The future is surely with the touch-screen or some other form of online voting.
So here was my Super-Tuesday thought. We should associate touch-screen voting with touch-screen ATM machines. Banks have won over consumers to these machines, and though they occasionally err, they are far superior to human tellers for simple banking transactions. And much less expensive too - leaving aside the interesting question of how the costs of tellers are passed on, as compared to the more obvious fees associated with cash machines. If hacking dedicated but online machines is so easy, one would think that hackers would focus on ATMs, but in fact our ATM system is quite secure. So why not let voters cast their votes at bank machines? With some effort, a large number of ATMs, perhaps in indoor locations, could double as VMs, or voting machines.
Under one version of this plan, the vestibules and lobbies of banks would become the new polling places. But under another version, voters could first receive a card or number from an election office or polling place and then proceed to any or almost any ATM machine to cast a vote. Election Day might be a banking holiday, and banks might even pay for the right to be an Election Day spot because such identification might imply first-rate security. Under the first plan, we picture election officials serving as gatekeepers at each ATM, much as they do at the polls at present. Dispersed ATMs make this more difficult. Under the second version, where voters receive cards to use at ATM/VMs, the analogy is to absentee ballots or early voting in most states. Whatever fraud we fear from the possibility that a voter will receive the authorization card to cast a vote - and then sell it or transfer it to another, we ought to fear from absentee ballots that are picked up by or mailed to voters. These constitute an increasing proportion of the vote, and I know of no evidence that fraud is a serious problem at this retail level.
It is interesting that despite all the problems with conventional voting technologies, including hanging chads, lost ballots, stolen boxes, and long lines, there is resistance to new technology. I like to think that innovation will come more quickly if it is associated with a related technology that is now so widely accepted.
