E-Voting Is Very Different From E-Banking
from the paper-trail dept
Catching up on my reading, I recently came across this post from the University of Chicago's Saul Levmore about the merits of touchscreen voting. Levmore thinks that "the future is surely with the touch-screen or some other form of online voting." Levmore doesn't go into any detail about why he thinks this; I assume he's simply not familiar with the many e-voting problems we've covered here at Techdirt. He may not know, for example, that voting machines are susceptible to viruses that can allow a single person to corrupt every machine in a county or even an entire state. Levmore makes an interesting analogy to automatic teller machines. He points out that we've been using ATMs without any serious problems for decades, and wonders why we can't use the same technologies for voting machines.
What Levmore is missing is that the security model of an ATM is totally different from the security model of a voting machine. The most important line of defense against ATM fraud is not the machines themselves, but the fact that they produce a lengthy paper trail. If a hacker breaks into a bank's network and transfers funds from someone else's account to his own, two important things will happen. First, the victim will notice an unauthorized transaction and complain. And second, the perpetrator will need to pick up the money somehow, which will create a paper trail that will help the police find him. For example, a hacker trying to physically steal the cash from an ATM has to be physically present to pick up the cash, which increases the risk that he'll be caught in the act -- especially if he tries to knock off several machines in a row. It is the likelihood that fraud will be detected and punished, not the inherent unhackability of the machines themselves, that makes ATMs secure. In contrast, nobody knows what the "right" election outcome is supposed to be, so there's no one in a position to object if the results get altered. And because peoples' votes have to be kept secret, voting machines can't create the same kind of personally-identifiable paper trails that ATMs do. Unlike stolen cash, a stolen election doesn't need to be physically delivered to the beneficiary, so there's no way to trace the loot to find the perpetrator. That means that even if election fraud is detected, there's not going to be any straightforward way to figure out either who did it or what the result should have been. We can be pretty sure, for example, that something went wrong in the 2006 election in Sarasota County, but we have no way to be sure if foul play might have been involved or if (as seems more likely) the software was just flaky.
There's a more fundamental issue that should be especially familiar to the folks at the University of Chicago: banks have much stronger incentives to get things right than election officials. If a criminal succeeds in knocking off an ATM machine, the bank that owns that ATM machine stands to lose a lot of money. As a result, the bank has a strong incentive to take the steps necessary to secure the ATM, or to not deploy the ATM at all if it thinks that securing it would be too difficult. Banks have both the incentives and the resources to hire computer security experts to advise them on fixing potential problems with their ATM machines. In contrast, state officials have only a weak incentives to get voting machine security right. A stolen election will be a rare occurrence even with insecure voting machines, and if it does occur, state officials can easily shift blame to other people -- county election officials, vendors, poll workers. It's not surprising, therefore, that states have rushed to deploy electronic voting systems that virtually every computer securit expert on the planet says are insecure. Without strong accountability, election officials tend to be swayed by the superficial impression that computerized processes are inherently better than older technologies, or even by lobbying by voting machine vendors. Peoples' opposition to e-voting is not, as Levmore seems to think, a result of knee-jerk opposition to new technologies. It's a recognition that the e-voting problem is much harder than is generally supposed, and it's better to err on the side of caution until e-voting technology has had a chance to mature.