If we continue to vote on insecure e-voting machines, we run the risk that our first clue that something is wrong will be when the voting machines in a key swing state “malfunction,” throwing the presidential election into turmoil. I don’t think we can afford to take that risk.

You mean … again, right? I don’t want to play into conspiracy theories but I believe that is what’s happened in our most recent presidential elections.

Not just one swing state, there needs to be a total and catastrophic failure of voting systems in several states, preferably involving more than one vendor.

Nothing else is going to wake up voters and make them start to think about the security (or lack thereof) of current electronic voting systems.

A few minor ‘inconsistencies’ in one or two states can easily be brushed off. “Exit polls are inaccurate”, etc. It’s _already_ happened twice. The voting public is blissfully unaware of this.

“The canary was already sick, it probably died of natural causes”

That won’t wash if the problems are widespread and obvious.

It’s been nearly twenty years since I was awakened by a panicked call from Purdue University’s Computing Center operations staff telling me “all the VAXes are down”, because that’s how it looked at first blush. What followed was a fairly good reality check and a substantial amount of panic as it was realized that this problem extended across the campus and beyond. We were lucky: my colleague Kevin Braunsdorf and I figured out a one-line fix that blocked the worm from propagating, and of course it turned out that it didn’t include malicious, data-destroying code.

Fast-forward to today and it becomes clear that NONE of the vendors or backers of computerized voting systems have absorbed the lesson — or if they have, their knowledge has been overruled by their profit motive. As Schneier’s brilliant economic analysis has shown, the budget available to an attacker going after the US Presidential election should be presumed to be on the order to $100 million. That’s easily enough to subvert these systems using a Morris-worm-ish technique albeit with considerably more subtlety so that it’s not nearly as easy to detect.

Moreover, the continued refusal by voting system vendors to publish all source code, all hardware design documents, etc. and submit them for public inspection means that the pool of people with access to this information is severely limited. Worse, it’s limited to the same people who are known to be designing, building, and deploying buggy, insecure systems, thus the people least likely to detect an issue similar to the Morris worm.

We need to go back to pencil and paper ASAP. (Yes, pencil and paper systems have their issues, too, but they’re vastly better-understood and they have the highly desirable property that they’re much more difficult to subvert en masse, which largely prevents large-scale fraud.)

It makes me chuckle and sad how few people (not just in the US) understand their own electoral process, let alone the complexities of their election system or the machines and processes used to implement them.

Improving any system or process is like ‘peeling an onion’. Identify and address the most serious flaws and issues first, then continue until the flaws and issues become small enough to be acceptable. Of course this takes a rational, unemotional, systematic approach which is properly funded.

Election activists, critics and conspiracy theorists have a tendency to harp on about their own little concerns and pet peeves, rather than take the time to understand the big picture and target the real issues. And you know what? the incumbent politicians and power brokers the world over are just happy for them to do so, as it takes attention away from how they really influence elections, so they can continue to do just that.

Take elections in the US, which are the most complex in the world. Here are some facts of which most Americans, including the activists, appear to be blissfully unaware:

The democratic process is an illusion. When voting for President, Americans are actually voting for a representative on the electoral collage for their State, NOT for the President. Your vote does not count for President. It is that Electoral College that decides how to allocate that States votes for President (each state has a different number of electoral collage votes based on size, population, history etc). There is an assumption that the Electoral College will follow the popular vote for that State, but it has no constitutional obligation to do so, and in the past there have been documented occasions when it has not. So much for democracy.

It is a Federal offence to interfere with the election process in order to influence the result. Influencing the election for senior positions (State and Federal rather than local) in such a manner would require such a wide spread corruption and law breaking that the risk of it being detected is just too great for any of the major parties to even consider, whether it be interfering with electronic machines, paper ballots, polling places or the tally process. Why should they bother when they have a much wider range of legal and borderline legal ways to achieve the same goal? Incumbents use legislation and policy to affect voter registration, voter eligibility, accessibility to polling sites etc. The number of cases of legal but immoral practices to achieve this is widespread, however many activists tend to try to blame the election technology used rather than identify the true issues. Take Ohio in 2004 as an example – activists blame the use of electronic machines rather than the distribution of those machines and the policies to reduce access to the poling places in certain areas, both of which were legal and highly effective.

The easiest point in the electoral process to influence an election is voter registration, not the polling place (or voting machines). If people are registered to vote who should not be (non-existent, dead, out of state) or certain legitimate groups are not registered (discouraged, removed from electoral roll), then the election can be influenced at source. This happened in Florida in 2000, when a State law was passed requiring registrars to remove anyone from the electoral roll who was ‘suspected of being a felon’ (felons are not allowed to vote in Florida). The State (read Governors office) provided a list of people who were suspected of being felons to some (but not all) registrars. These lists were concentrated in areas of particular geo-political nature and included people who shared the surname and initials of a known felon! These voters were not notified that they had been removed. Hence, many voters turned up to vote only to be told they were not eligible to do so. Coupled with same highly dubious decisions concerning provisional and absentee voting, this policy was both legal and highly effective.

The amount of effort required for a jurisdiction to implement an election in the US is huge due to the complexity and frequency of elections. It is just a simple fact that even if those tasked with running the election wanted to ‘rig’ it (and really they do not) they do not have the time or manpower to do so. All they really want to do is to successfully implement it, with a minimum of issues and hope they survive with their sanity intact for the next one!

Paper based elections are only slightly more secure than a show of hands. There is a growing misconception, that the use of paper ballots ensures a secure election because it leaves a permanent record of the ballots cast which can be audited. Paper based election have been used for centuries and a myriad of ways to rig them have been invented and successfully used in that time. How can you tell if ballot boxes have been stuffed or ballots removed? – when you audit the election the records include the ‘extra ones’ and does not include those removed – it is ‘self auditing’. This has been common place in the past. Another easy way, which has been used in the US, is the artificial creation of over-votes for certain contests during the counting or auditing process. Choices in over-voted contests (where more choices have been made than are allowed) do not count, so if an election worker adds a mark to a ballot or punches out an extra hole, on some ballots then those votes will not count either in the main counting process or the re-count process, and there is no evidence of it as the very ‘auditable ballot’ is the thing that has been manipulated.

Very little money is actually spent on the election process for the complexity an frequency of the elections. Election departments are funded at County (or City) level and with budget restrictions are usually under funded and struggling. Even the $5 Billion that the Federal government made available from Federal funds for HAVA sounds a lot but only represents about $12 per eligible voter and a large proportion of that went to voter education and infrastructure.

Now, that’s not to say that the election activists do not have good points. They certainly come up with a myriad of ways to improve the election process and make it more secure. However, they are concentrating on minor issues compared with the glaring issues that exist and do not recognize the level of funding needed to really guarantee a fair and secure election. I just hope that community gets smart and starts to concentrate on the biggest issues, so that America can once again gain the respect of the rest of the world as the beacon of democracy it once was.

Australia We can’t believe it either–Australia is the last stop on our Lost Girls China printing round-the-world journey! We’re gonna make the most of our time in Oz by renting an apartment on Bondi Beach in Sydney (just a block away from the water!) and taking road trips to cool scaffolding spots up and down the East Coast. All three of us are dying to learn how to surf, so we’re definitely signing up for classes with the hottest instructors we can find plastic bucket manufacturer!

After our two months in Sydney are up, The Lost Girls are parting ways…Jen goes back to the States to do the “friends n’ family tour,” Holly is returning to NYC and Amanda will stay on in Oz to dive the Great Barrier Reef. Are we abandoning the blog? Hell, no! Stay tuned for regular updates about our American re-entry, reverse culture shock and latest travel adventures.