E-Voting Is Very Different From E-Banking

from the paper-trail dept

Catching up on my reading, I recently came across this post from the University of Chicago's Saul Levmore about the merits of touchscreen voting. Levmore thinks that "the future is surely with the touch-screen or some other form of online voting." Levmore doesn't go into any detail about why he thinks this; I assume he's simply not familiar with the many e-voting problems we've covered here at Techdirt. He may not know, for example, that voting machines are susceptible to viruses that can allow a single person to corrupt every machine in a county or even an entire state. Levmore makes an interesting analogy to automatic teller machines. He points out that we've been using ATMs without any serious problems for decades, and wonders why we can't use the same technologies for voting machines.

What Levmore is missing is that the security model of an ATM is totally different from the security model of a voting machine. The most important line of defense against ATM fraud is not the machines themselves, but the fact that they produce a lengthy paper trail. If a hacker breaks into a bank's network and transfers funds from someone else's account to his own, two important things will happen. First, the victim will notice an unauthorized transaction and complain. And second, the perpetrator will need to pick up the money somehow, which will create a paper trail that will help the police find him. For example, a hacker trying to physically steal the cash from an ATM has to be physically present to pick up the cash, which increases the risk that he'll be caught in the act -- especially if he tries to knock off several machines in a row. It is the likelihood that fraud will be detected and punished, not the inherent unhackability of the machines themselves, that makes ATMs secure. In contrast, nobody knows what the "right" election outcome is supposed to be, so there's no one in a position to object if the results get altered. And because peoples' votes have to be kept secret, voting machines can't create the same kind of personally-identifiable paper trails that ATMs do. Unlike stolen cash, a stolen election doesn't need to be physically delivered to the beneficiary, so there's no way to trace the loot to find the perpetrator. That means that even if election fraud is detected, there's not going to be any straightforward way to figure out either who did it or what the result should have been. We can be pretty sure, for example, that something went wrong in the 2006 election in Sarasota County, but we have no way to be sure if foul play might have been involved or if (as seems more likely) the software was just flaky.

There's a more fundamental issue that should be especially familiar to the folks at the University of Chicago: banks have much stronger incentives to get things right than election officials. If a criminal succeeds in knocking off an ATM machine, the bank that owns that ATM machine stands to lose a lot of money. As a result, the bank has a strong incentive to take the steps necessary to secure the ATM, or to not deploy the ATM at all if it thinks that securing it would be too difficult. Banks have both the incentives and the resources to hire computer security experts to advise them on fixing potential problems with their ATM machines. In contrast, state officials have only a weak incentives to get voting machine security right. A stolen election will be a rare occurrence even with insecure voting machines, and if it does occur, state officials can easily shift blame to other people -- county election officials, vendors, poll workers. It's not surprising, therefore, that states have rushed to deploy electronic voting systems that virtually every computer securit expert on the planet says are insecure. Without strong accountability, election officials tend to be swayed by the superficial impression that computerized processes are inherently better than older technologies, or even by lobbying by voting machine vendors. Peoples' opposition to e-voting is not, as Levmore seems to think, a result of knee-jerk opposition to new technologies. It's a recognition that the e-voting problem is much harder than is generally supposed, and it's better to err on the side of caution until e-voting technology has had a chance to mature.

Filed Under: e-banking, e-voting, saul levmore

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Gregory Miller, 18 Mar 2008 @ 6:16pm

    Motivation Behind Adoption

    Tim, your post is great. I'd like to add one point of clarification if I may. You commented in relevant part:

    > A stolen election will be a rare occurrence even
    > with insecure voting machines, and if it does
    > occur, state officials can easily shift blame to
    > other people -- county election officials,
    > vendors, poll workers. It's not surprising,
    > therefore, that states have rushed to deploy
    > electronic voting systems that virtually every
    > computer security expert on the planet says
    > are insecure...

    I am betting you did *not* intend to suggest that states are implementing trust-free voting machines primarily as scapegoats. But that's a side point.

    Here is the real clarification I want to add (assuming someone else hasn't already... I haven't ventured into the comment thread rabbit hole on this post.)

    States are implementing e-voting technology regardless of security issues because there is a Federal incentive (if not arguably an impending mandate) to do so: money.

    I am referring to the Help America Vote Act of 2002 or simply "HAVA." HAVA is Congress's largest ever investment in election reform. The Act devoted $4 billion in federal funds to replace punch card voting machines, develop state voter registration databases and establish the U.S. Election Assistance Commission. HAVA more or less set a deadline for old punch card and lever machinery replacement to be the end of 2006, although that was not cast in code per-se, and the sunset on old systems has waned.

    But the point is the incentive for the states is/was the ability to receive Federal subsidy dollars to pay for machinery replacement. And that is more the motivation than simply deploying a digital scapegoat. HAVA is not likely to be reversed, and the digital democracy isn't going to slow down. Yet, clearly we need to save Democracy from Computers.

    So, the real question I submit has less to do with motivation for implementing sloppy technology, and more with why the technology is trust-free in the first place.

    The root problem with e-voting today is simply that it has never been in the best interest of vendor shareholders to incur the true non-recurring engineering charges to properly design, develop, and produce the high-assurance single-purpose application specific devices required for trustworthy e-voting. High assurance engineered devices are complicated, expensive, and time-consuming to build. High assurance methodologies are regularly employed in mil-spec products, medical technology, and NASA spacecraft and related devices. But in voting, there is no ROI (return on investment) that pencils for the e-voting vendors to go to that trouble. In other words, the market is paradoxically small while requiring expensive equipment. So given that shareholder value trumps voter assurance, they turned to the only alternative they could: off-the-shelf general purpose computing hardware with off-the-shelf commodity operating systems software, combined with their proprietary "black box" application (their only real value added).

    Not to be preachy here, but honestly, the only way to solve the root problem of trustworthy e-voting machinery is to do so in the public trust in a transparent open source manner. The cornerstone of our democracy (the machinery by which we cast our votes) increasingly digital as it is becoming, can no longer be left to the shareholder interests of the private sector, nor the bureaucratic mandates of Governments. Once this cornerstone is developed in the public trust, then and only then will it be possible to have public inspection, accountability loops, and no more scapegoating. In other words, this nation needs to move from black box voting to glass box voting.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.