Center for Policy Alternatives
CPA - Header Photo

Voting Machine Security

There is widespread distrust of the accuracy of voting machines.
In November 2000, about 1.5 million Americans’ votes for president were not counted because of hanging chads, misaligned machines, or other flaws in voting technologies.1 Billions of dollars have been spent since then to ensure that every vote cast is counted. Still, an October 2006 survey by the Pew Research Center found that one in eight American voters—and three in ten African American voters—were not confident that their ballots would be counted in the November election.2 Even Maryland Governor Robert Ehrlich suggested that voters should cast absentee ballots to ensure they were counted—and Marylanders responded by voting absentee in record numbers.3
Encouraged by the Help America Vote Act (HAVA), states dramatically changed voting technology between 2000 and 2006.
In 2000, about 36 percent of Americans voted with punchcards, 18 percent used mechanical lever machines, 35 percent used optical scan technology, and 14 percent used direct recording electric (DRE) machines. HAVA, enacted by Congress in 2002, provided grants to help states switch to modern voting equipment—optical scanners and DRE machines. That law was very effective. By the 2006 election, about 90 percent of Americans voted with those two types of equipment.4
Modern voting systems remain vulnerable to election fraud.
The Brennan Center for Justice issued a comprehensive report which detailed 120 possible ways to tamper with DRE and optical scanner systems.5 A Johns Hopkins University study also revealed numerous techniques that could be used to change votes.6 The easiest and most successful schemes would alter the software of DREs or scanners. An employee of the voting machine manufacturer, an employee of the board of elections, a computer hacker armed with a specially-designed virus, or any person who could get their hands on a voting machine for one minute or less could carry out an attack on the integrity of a voting machine. Such a vote-switching scheme would also modify records, audit logs and counters inside the machines, making even a careful forensic examination of records futile.
Modern voting systems remain vulnerable to error.
Mistakes are all too common. According to the Brennan Center, “votes have been miscounted or lost as a result of defective firmware (coded instructions in a computer system’s hardware), faulty machine software, defective tally server software, election programming errors, machine breakdowns, malfunctioning input devices, and pollworker error.”7 For example:
  • Diebold Election Systems discovered a screen-freeze problem in several Maryland voting machines, yet the company did not fully inform the state and took three years to replace the flawed machines.8
  • The California Secretary of State banned one model of Diebold machines after finding that the machine disenfranchised voters during the 2004 presidential primary. Diebold machines were recertified in California only after the firm paid a fine of $2.6 million.9
  • In November 2006, iVotronic touchscreen machines in Sarasota County, Florida, registered 18,000 ballots cast without a vote for Congress in a hotly contested race. Sarasota’s undervote was far higher than in neighboring counties—raising the likelihood that an error caused the results.10
It is crucial for all states to mandate that voting systems include a voter-verified paper trail and that elections officials conduct regular audits of these paper ballots.
The Association of Computing Machinery surveyed its members and found that 95 percent expressed concern about the security of electronic voting systems and endorsed the use of voter-verified paper records.11 Where there is a voter-verified system, each voter views and approves a paper copy of his or her ballot before leaving the polls. Afterwards, election officials audit the results by counting paper ballots in a small number of randomly-selected precincts and comparing them to the computer-generated totals. This procedure catches both fraud and mistakes, and if a recount is needed, the paper ballots are the final word.
States are adopting voter-verified paper records and audit requirements.
Currently, only 13 states (AK, AZ, CA, CO, CT, HI, IL, MN, NM, NY, NC, WA, WV) require both voter-verified paper records and regular audits of the paper ballots. Twenty-two states (AL, ID, ME, MA, MI, MS, MO, MT, NE, NV, NH, NJ, ND, OH, OK, OR, RI, SD, UT, VT, WI, WY) use machines that leave a voter-verified paper trail but do not require regular audits. The remaining 15 states (AR, DE, FL, GA, IN, IA, KS, KY, LA, MD, PA, SC, TN, TX, VA) do not require voter-verified paper records or audits.
Endnotes
  1. Caltech/MIT Voting Technology Project, “Voting—What Is, What Could Be,” July 2001.
  2. Pew Research Center for the People and the Press, “November Turnout May Be High,” October 11, 2006.
  3. Christian Davenport, “Democrats Blast Ehrlich’s Absentee-Voting Initiative,” Washington Post, September 22, 2006.
  4. Michael Duffy, “Can This Machine Be Trusted?” Time Magazine, October 29, 2006.
  5. Brennan Center for Justice, “The Machinery of Democracy: Protecting Elections in an Electronic World,” 2006.
  6. Tadayoshi Kohno et al., “Analysis of an Electronic Voting System,” IEEE Symposium on Security and Privacy, 2004.
  7. “The Machinery of Democracy.”
  8. Associated Press, “Diebold Makes Fixes on the QT,” Wired News, October 27, 2006.
  9. Associated Press, “Diebold to Settle E-Voting Suit,” Wired News, November 10, 2004.
  10. Marc Caputo, “18,000 votes in House race may be lost,” Sarasota Herald-Tribune, November 9, 2006.
  11. Association for Computing Machinery, “ACM Recommends Integrity, Security, Usability in E-voting,” September 28, 2004.
Updates