Appel: Down for the count, our voting machines remain vulnerable to tampering
Sunday, June 22, 2008
Andrew W. Appel is a professor of computer science at Princeton University. He is serving as an expert witness for plaintiffs suing the state over its use of paperless voting machines.
AFTER the hanging-chad debacle of 2000, people started paying more attention to the physical machinery of voting.
Many states, including New Jersey, rushed to buy paperless voting computers to replace their punch cards or lever machines, motivated in part by a federal grant of "use-it-or-lose-it" money.
But by 2004, it was widely recognized that voting computers, such as the Sequoia machines that most of New Jersey votes on, can be easily manipulated to produce whatever results a hacker desires. There's practically no way to know whether the computer is counting your vote.
If hackers could replace the code inside voting machines, then they might commit high-tech, automated election fraud.
In 2005, the New Jersey Legislature, in a forward-thinking move, passed a law requiring that voting machines in New Jersey be equipped with a voter-verified paper ballots. This would mean the votes could still be counted by computer, but voters must be able to see their votes on a paper ballot.
If the computer malfunctions, the paper ballots can be recounted by hand.
The Legislature left plenty of time — until Jan. 1, 2008 — for the state to purchase and install such a system.
The optical-scan ballots used in many states are a good example of a voter-verified paper ballot system. You fill in the bubble next to the name of your candidate, the computer counts the ballots right there in your precinct, and the pile of paper optical-scan ballots in the machine's bin can be recounted by hand as a check on the computer.
Dropping the ball
It would have been straightforward in 2005-2006 to purchase optical-scan machines, train poll workers and have everything in place for the 2006 election. New Mexico recently made a successful transition to optical-scan in just six months.
But New Jersey election officials did not move quickly to implement paper trails. Instead, they put all their eggs in one basket: They decided to wait for their existing voting-machine vendor, Sequoia, to design, debug, test and deliver a modification to the state's current Sequoia equipment.
The idea is that as a New Jersey voter, you would continue to select your choices on the same voting machine that you've been voting on for the past few elections. The add-on device would print out a record of your votes on a paper ballot. After you inspect and approve the paper to make sure it accurately records your choices, the paper automatically drops into a ballot box.
The computer counts your vote, and just in case the computer program is defective or fraudulent, the paper ballots can be audited or recounted later.
Like the tried-and-true optical-scan system, this is an auditable, voter-verified paper ballot. But it was a mistake for election officials to decide to wait for new technology when optical-scan equipment was readily available, a proven technology and cost-effective.
In fact, Sequoia and the state missed the generous deadline set by law, then asked for an extension, then missed the deadline again, then asked for another extension.
When you vote in November, you will still be voting on a paperless computer, and it's not possible to be sure that your vote will count.
Of course, you should vote in the upcoming election. We can all hope and expect that the computers will not be manipulated. But we, as the electorate, deserve better: We deserve to have certainty that our votes will be counted.
The New Jersey Constitution grants the right to vote and have our votes counted. Therefore, a group of public-interest plaintiffs have sued the state on the grounds that it's unconstitutional to keep using these paperless voting computers in election after election, when we can't be sure they're really counting the votes.
When independent computer scientists have examined models of computer voting machines used in other states, they've found shockingly bad software-engineering designs that compromise the security of elections.
The model of voting machine we use in most of New Jersey has never been examined by independent experts.
Recently, the court has ordered that the state and Sequoia permit independent computer scientists (including me and several of my colleagues at Princeton University) to examine voting machines and the computer programs that run them, and to evaluate their security and accuracy.
However, this examination was delayed because the state had insisted that if an examination takes place, the public must be prevented from knowing the result.
This is unacceptable: Elections are the foundation of our democracy, and the public must be able to make informed judgments about their reliability.
Fortunately, Superior Court Judge Linda
Feinberg ruled Friday that a gag order on the computer experts will be
lifted by Oct. 1, and findings of the experts will be made public
The stakes are high this November. As we vote for president and for other offices, we can also hope that it's the last time we use voting computers that can't be audited.
Find this article at: