How to restore trust at the ballot box

In 2004, more voters found their faith in the system shaken by reports that electronic voting machine screens were not calibrated properly. Voters who thought they were voting for one candidate found the machine had recorded a vote for another.

And in one Ohio voting precinct that had just registered 800 voters, electronic machines reported an extra 3,893 votes for President George W. Bush. Officials caught that error before it made it into the final statewide tally. Bush won Ohio — and the presidency as a result — by a mere 137,000 votes.

In a more alarming, likely, and less overtly partisan event, a county in North Carolina saw so many voters on election day 2004 that the memory cards in the machines filled up and overwrote the earlier votes. The county lost more than 4,500 votes that way. With so many stories like these, it’s surprising that more Americans don’t think their votes will not count.

Despite documented problems with the machines in many places in the country, counties and states have continued to contract out to private companies what used to be the most public of functions: the counting of votes.

Meanwhile, independent computer scientists and security experts have time and time again demonstrated that hackers could easily tamper with electronic voting machines.

Last month Princeton computer science professor Ed Felten and his research team opened a machine made by the notorious Diebold company using a key so common that it is used to open file cabinets and hotel minibars. Once open, anyone could mess with the insecure memory card that records and stores the vote records. A vandal might not have a partisan agenda. But the damage to democracy would be grave nonetheless.

And time and time again, teams of researchers led by such experts as Professor Avi Rubin at Johns Hopkins University and David Dill at Stanford University have shown that many electronic machines are inherently insecure and that paper records are essential to maintaining a trustworthy system.

Rubin, in his brilliant and entertaining new book, "Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting," tells stories of his efforts to get authorities to take security and design flaws seriously.

The standard model goes like this: researchers test a system for security flaws and find them present and alarming. Then the company that makes the machine responds via press release that the researcher did not have the most up-to-date system to test. Then the researchers request the most up-to-date-system. Then the company refuses to release it for testing. The company says “trust us.” The state and local officials say “trust us.” The scientists, of course, believe in evidence and proof — not faith-based systems. But no one in power seems to. So nothing changes.

The mainstream press, with its obsession for balancing “sides” in an argument, grants equal weight and credibility to scientists who have no financial stake in the outcome of a policy decision and vendors who clearly do.

MORE FROM SECURITY

Security Section Front

Facebook hit by ‘Control Your Info’ intruder Twitter phishing ploy goes for ‘Direct Messages’ Red Tape: Your chance to spy on Google Hacking ring caught in $9 million fraud Tagged.com settles with states in invite fight Framed for child porn — by a PC virus Beijing puts foot down on ‘Oba Mao’ T-shirts Spain: Internet-related child porn on the rise Google providing better view of personal data EU agrees on new Internet user rights Security Section Front   Add Security headlines to your news reader: