New Voting Machines for New York State: Promise or Peril?
A Forum on New York's Quest for New Voting Technology

Remarks By Kim Alexander, President & Founder
of the California Voter Foundation

Tuesday, June 24, 10 a.m. - Noon
Association of the Bar of the City of New York, 42 West 44th St.

Good morning, and thank you for inviting me.

Are new, paperless, computerized voting machines a sign of promise or peril?

This is an important subject. What we do about voting technology now will have consequences for decades to come.

I'm here today to explain why I believe it is necessary that there be a voter-verified paper trail to accompany digital ballots. The short answer is this: there is no good reason for voters to trust paperless, one hundred percent computerized voting systems run on secret software. Most of the security risks associated with computerized voting can be addressed by requiring a voter-verified paper audit trail.

I'm sure we can all easily recall the November 2000 images of Florida election workers carefully examining ballots. The thinking seems to be that we can make such images a thing of the past simply by eliminating ballots altogether. But that's like trying to solve accounting errors by eliminating your accounting department.

Computerized voting solves the problem of the moment -- inaccurate vote counting technology -- but replaces it with a whole set of new problems we are only just beginning to understand.

Voters who cast ballots on DREs have no way of knowing whether the machine captured their votes as the voter intended. Software can have bugs. Software can contain malicious code. Software can be incorrectly programmed. Systems crash.

It's these kinds risks that led hundreds of respected computer scientists and technologists to sign Stanford computer science professor David Dill's Resolution on Electronic Voting, which insists there be an audit trail to back up digital ballots.

I have studied the state and federal testing and certification processes. I am familiar with the security procedures used with computerized voting systems. And I believe that in spite of everything we do right now to protect digital ballots, we are not nearly doing enough.

For paper and lever voting systems, we have developed elaborate security procedures to safeguard votes. For example, in a lever voting system, pollworkers check the mechanical counters before opening the polls to confirm the counters are set to zero. In a paper voting system, pollworkers open the ballot box and show the first voter at the polls that the box is empty and hasn't been pre-stuffed.

There are attempts to replicate such procedures in a computerized voting system. The first voter who casts a ballot on a touchscreen sees a zero on the screen designed to indicate that there are no prerecorded votes in the machine. But neither the voter nor the pollworker can actually confirm that -- the pollworker doesn't open the box and inspect the software to see that in fact it does not have any prestored votes.

There are tests performed on DREs before and after the election. The problem with these tests is that they are conducted when the machines are in "test mode". It's not difficult to design software to operate one way in test mode and a different way in live mode. These tests we currently perform are not enough to assure the public that the software is working properly and hasn't been tampered with.

Already there are signs that some voters lack confidence in computerized voting. A poll taken of Georgia's voters after that state deployed paperless touchscreens statewide in November 2002, found a significant racial disparity in voter confidence. While 79 percent of Georgia's white voters said they were very confident their votes would be accurately counted, only 40 percent of black voters expressed the same level of confidence.

This year, it was discovered that Georgia's vendor, Diebold, had used a public, Internet FTP site to distribute a software patch to county election offices. It would have been relatively easy for anyone in the world to find that site and replace that software patch with a different one that contained malicious code.

There's no evidence of that happening, but there is also no evidence to the contrary. That's the problem: computerized voting as it is in use today is not transparent. We don't have access to the software, and we don't yet have the right to inspect a hard copy backup of our digital ballots before leaving the polls.

Transparency is not the easiest idea to conceptualize; the absence of transparency is even harder. But that's what's at stake here. It's like we've had a window into the world of elections but now it's being shuttered.

Many of you are lever machine voters and may be wondering why no one's made much of a fuss over that voting system's lack of a paper trail. The reason is this: lever machines are mechanical; there's no need for a paper audit trail because there is no software used.

Paper based systems rely on software to count ballots; but in a paper system the paper ballots serve as an audit tool that can verify the accuracy of automated counts. In California, we have a manual count law that requires a subset of the paper ballots to be selected at random and publicly tallied by hand to show the hand counted totals match the automated totals. If there is no longer a paper audit trail, then we lose the ability to verify the automated count.

It doesn't have to be this way. We could do this right. We could require computerized voting systems to create a paper backup of our digital ballots that we can inspect before leaving the polls. We can use these paper backups to verify the accuracy of computerized counts. That way when there are problems (and there always are) we have a way to recover from them. We don't have to ask voters to trust a handful of election officials and a private vendor to assure us that they got everything right.

Fortunately, momentum for the paper trail is building. In May, Representative Rush Holt of New Jersey introduced HR 2239, the"Voter Confidence and Increased Accessibility Act of 2003". If enacted, this would require all voting machines to produce a voter verified paper trail by 2004.

Meanwhile, author Greg Palast and MLK the III have started an Internet petition demanding "a halt to further computerization of balloting until such methods are made unsusceptible to political manipulation, fraud, and racial bias." In the few weeks it's been up the petition has gathered over 34,000 signatures.

Voting vendors are responding to the demand. In the past six months the top three vendors in the US, Diebold, ES&S and Sequoia, have all begun developing prototypes for a voter verified paper trail feature.

The prudent thing to do while vendors improve their technology is to limit the deployment of electronic voting machines to one per polling place to comply with new federal language and disability access requirements, require those machines to have a voter verified paper trail, and use paper-based optical scan systems for other polling place voters and for absentee voters. This would be a far less expensive, more reliable and secure solution than to go all touchscreen right now.

Main Page

What's New




Contact Us

Support CVF

This page was first published on July 1, 2003 | Last updated on July 1, 2003
Copyright 1994 - 2003, California Voter Foundation. All rights reserved.