By Kate Conger
By Brian Rinker
By Rachel Swan
By Anna Pulley
By Erin Sherbert
By Chris Roberts
By Erin Sherbert
By Rachel Swan
Civil rights advocates, partisan Democrats, and liberal academics are pleased with the three-judge panel of the Ninth Circuit Court of Appeals that delayed the Oct. 7 recall. They concur with the panel's ruling that the punch-card balloting system used by 44 percent of California voters is so outdated and unfair that it would disenfranchise an important number of voters if used next month. Right-wing radio talk show hosts, pro-recall zealots, and partisan Republicans are furious with the court's decision. They criticize its political overtones and believe postponing the election would cheat Californians wishing to vote on the recall.
I couldn't agree more -- with both groups. The Votomatic punch-card machines discussed in the court's ruling are a national travesty; they've been widely condemned for decades as inaccurate, insecure devices seemingly designed to facilitate errors, manipulation, and fraud. But the court's cure -- postponing the recall until they are replaced with touch-screen voting terminals -- would disenfranchise far more voters than it might aid. Specialists in elections technology who've studied the aftermath of the 2000 Florida vote count learned a clear lesson that didn't get much publicity: The best way to disenfranchise voters is to switch balloting technology immediately before a major election.
"It's very clear that if you change your voting system, you cause a huge spike in the voter error rate," said Douglas Jones, a University of Iowa political science professor specializing in the history of voting technology. "You don't want to change voting systems very frequently. You also don't want to change them before a high-profile election. You want to try it first during an off-cycle election, something like an election for library district, something where 2 percent of the voters show up. You can use that as a dry run, then do it in a major election."
If any switch in voting technology causes problems, the touch-screen machines slated to replace California's Votomatic lemons are likely to be double vote-count trouble. The new touch-screen systems have already exhibited security problems, and it doesn't look like these problems will be solved by March. Of particular concern is the lack, at present, of any paper record of votes cast.
In other words, if problems arise, the new, supposedly improved systems -- whether they are first used in October or in California's March primary, expected to be a major battleground for Democratic presidential candidates -- would not allow a manual recount.
"I want our counties to be able to recover from the kinds of snafus and glitches we see in every election," said Kim Alexander, president of the California Voter Federation, a Sacramento group advocating for voter rights. "If something goes wrong with the software, when those problems and glitches occur, we may not have any way to recover from them."
Buried under the partisan bickering surrounding the Ninth Circuit's initial recall decision (which a larger panel of the Ninth Circuit is reconsidering as I write this column) is a scandalous history of American voting technology, one that may continue to be ignored once the current round of arguing dies down. Despite a quarter-century of widespread, highly publicized criticism, this country's slipshod system of administering elections has drifted from scandal to scandal, unperturbed.
An apparent alignment of interests -- actually, a lack of interest in change -- extends from voters to poll workers to candidates to party bosses to vote-machine entrepreneurs, allowing the system to persist.
Punch-card machines -- essentially slightly reworked surplus IBM computer punch-card readers -- have been cheap, durable, and easy to understand. They have, therefore, been favorites of poll workers. Candidates have been as likely as not to benefit from inaccurate poll results, so rarely will even half the electorate extend much outrage. Bad polling technology has been seen as affecting minority and other disenfranchised voters, and therefore has not been an issue regularly championed by Republicans. And though nobody likes to say it, voting error and fraud have a natural constituency: whichever side happens to benefit.
For decades, small, secretive, for-profit firms have provided poorly designed, failure-prone voting machines to local poll workers, producing an intermittent stream of mangled results. Hanging and dimpled chads represent but a small portion of the problems associated with the Votomatic punch card machines discussed in the Ninth Circuit's decision to postpone the recall. Perhaps more important is the way the cards are counted; experts who've seen the closed-source software used in the counting process say it is easily subject to vote-tampering.
Battles over Votomatic's wide-ranging electoral deficiencies erupt with regularity following close or suspicious-seeming votes, usually in tiny local elections, sometimes in regional contests, once in a presidential election. In these debates, the machines become a symbol used to allude to everything one side hates about their political foes. Typically, though, the ballot machines are sidelined in the conversations.
I'll admit, for example, to not having read Bush v. Gore until last week; I'd considered the U.S. Supreme Court decision a judicial coup d'état and didn't think there was much more I needed to know. Likewise, the voluminous history of the Votomatic punch-card machine comprising the bulk of the 66-page Ninth Circuit decision in Southwest Voter Registration Education Project et al. v. Kevin Shelley has not informed the gist of most public discussion of the case.
For example, as I waited in the chow line at a Republican fund-raiser last week, the woman in front of me said, "They're saying minorities can't figure out how to use ballot cards; that's insulting." The decision actually says nothing about the technical abilities of minority-group members. Rather, it says error-prone punch-card balloting machines are concentrated in minority-heavy voting districts.
A columnist wrote in last week's Chronicle that she had interviewed experts on both ends of the political spectrum, and all of them said the Ninth Circuit panel decision was political retaliation for the U.S. Supreme Court's Bush v. Gore decision. Actually, though, when people of different political persuasions blindly speculate about the motives behind a court decision and reach the same conclusion, it doesn't mean they have engaged in anything more meaningful than blind speculation.
Regardless of politics, the Ninth Circuit's initial ruling highlights a vital issue -- the inherent and longstanding unreliability of much of the electoral technology used in the United States -- that we ignore at our peril.
During the summer and fall of 1985, New York Timesreporter David Burnham wrote a series of lengthy articles contending that Votomatic punch-card machines, at the time made and distributed by Computer Election Systems of Berkeley, were vulnerable to tampering. These articles spawned a federal inquiry and an August 1988 report concluding that standards and controls for computer vote-tallying were worse than those employed in other computing sectors, that hanging-chad-prone technology made verifying voting results difficult, that the lack of computer controls facilitated "undiscoverable frauds," and that poll workers were ill-equipped to run the machines.
The report called for stiffened federal standards on poll technology. In November 1988, The New Yorker published a 21,000-word exposé of Votomatic's deficiencies, focusing on a battle between plaintiffs in voter-fraud lawsuits and Computer Election Systems executives about the necessity of keeping the company's vote-counting software secret. Reformers, including computer scientists interviewed by New Yorker writer Ronnie Dugger, said it was necessary to examine the code to expose and correct security deficiencies. CES executives scoffed at the potential for fraud, said the software was a trade secret, and prevailed in keeping the code hidden.
Shift forward to 2003: Three years ago, America made itself a global laughingstock in Florida. The U.S. Supreme Court wrote that the election "brought into focus a common, if heretofore unnoticed phenomenon": About two percent of ballots cast do not register a vote for president, and an important portion of those uncounted votes are the result of errors stemming from the voting technology used.
Last week's Ninth Circuit ruling cited at length the 1988 federal study, which "revealed significant problems with the system."
"However," the Ninth Circuit added, "the use of the systems continued."
As part of a nationwide -- and, in my view, weak-hearted -- effort to improve voting systems, California's Secretary of State plans to replace punch-card systems in several counties with touch-screen systems manufactured by Diebold Election Systems, a division of Diebold, Incorporated.
In 1997, Douglas Jones, the voting-technology researcher I quoted earlier, alerted Iowa voting officials to security problems in the Diebold touch-screen system. Systems throughout the state used the same, easily hacked security access password, a flagrant no-no in the world of computer security.
"This is like all bank ATM cards having the same PIN," Jones said. "They viewed it as a low-priority problem."
Rather than build sophisticated anti-tampering features into their software, Diebold adopted an olden-days policy of "security through obscurity." This programming chestnut holds that as long as people are kept in the dark about how the software works, it can't be hacked.
But in July, a group of Johns Hopkins University researchers released a study of Diebold software, derived from 2000 and 2002 versions of the software that had been leaked onto the Internet. The study showed myriad security problems, among them the 1997 flaw discovered and publicized by Jones. Diebold had simply ignored the problem, he says.
Diebold published a response downplaying "alleged" security failures, claiming that the company installed security upgrades since 2002, a claim Diebold will not allow the public to verify. Last month, Jones told an audience of computer security experts that the fiasco casts further doubt on American voting technology.
"I want to emphasize that this story represents more than just a black eye for Diebold," he said at the security symposium in Washington, D.C. "As I said in my 1997 letter, it represents a black eye for the entire system of voting system standards promulgated by the Federal Election Commission and the National Association of State Election Directors. Not only did the I-Mark/Global/Diebold touch-screen system pass all of the tests imposed by this standards process, but it passed them many times, and the source code auditors even gave it exceptionally high marks. Given this, should we trust the security of any of the other direct recording electronic voting systems on the market?"
A letter last month from Diebold's CEO, Walden O'Dell, which told Ohio Republicans that he is "committed to helping Ohio deliver its electoral votes to the president next year," further fueled criticism of the company. Diebold is one of three firms scheduled to qualify to provide voting machines to Ohio precincts.
In California, voters in several counties will soon use these touch-screen machines in a high-stakes election -- either an October gubernatorial recall or a March primary that includes a rescheduled recall. And, Jones predicts, there will be many errors. The system is a "black box," with proprietary computer code hidden from the public, a circumstance rife with risk of errors and tampering. California voting-rights activists are agitating for a revision of the Diebold system that would produce a paper receipt, so that votes can be re-counted by hand in case there are challenges.
Kim Alexander, the voter-rights advocate, recently sat on an "ad-hoc touch-screen task force" set up by Secretary of State Kevin Shelley to study this problem. The committee's recommendations, published in July, are essentially a wish list asking for better testing of the touch-screen systems, greater testing documentation, and permanent paper printouts documenting every vote. Still, Alexander expresses concern that new paper-documented systems won't be added in time. And ironically, the court's decision to postpone the recall election to March, when the additional touch-screens are supposed to be in place, increases the imperative that the elections run smoothly, with as little untested technology or procedure as possible.
Theoretically, this could mean delaying the creation and implementation of a system for generating a paper trail and allowing a manual verification of vote-counting accuracy.
"Without that kind of audit trail, we have no ability to verify accuracy of touch-screen totals in any reasonable way," Alexander says.
This issue may not sound quite as interesting as The Terminator and the Gray Man, Cruz "Twins" Bustamante and Gary Coleman. But if Californians fail to bring their voting technology into the 21st century, the potential will remain for a spectacle even more interesting than today's recall campaign: a California replay of the 2000 Florida vote-count fiasco.
As has been the case for decades, the salient points in the debate over voting systems are being lost amid partisan yelling.
California and other parts of the country have been using inaccurate, easily-tampered-with punch-card voting systems. The touch-screen machines slated to replace them contain significant faults. Secretary of State Kevin Shelley may go ahead and approve these new systems anyway. And no one in a position of power seems to be even discussing -- much less implementing -- the reforms necessary to make elections as fair as possible.
Real voting reform would involve new federal requirements including, among other things, a rule forcing voting-equipment firms to reveal vote-counting computer source code to the public. Without access to this code, critics are unable to verify claims that a system may be subject to tampering or systematic errors. Government agencies, unable to point out hackable loopholes and code bugs, cannot demand that these defects be repaired.
Currently, the only piece of evidence U.S. voting districts have as to the security of the Diebold system is the company's claim that the current version does not contain the defects identified by Johns Hopkins researchers. In the real world of computer security technology, corporate clients seeking secure transactions and database systems would not be satisfied with such a claim. Yet U.S. regulators appear to be.
All voting systems should be required to leave a hard-copy audit trail so votes can be accurately re-counted. Anti-vote-tampering technology should approach present-day computer security standards ubiquitous in industries such as banking, database services, online retail, and newspaper publishing.
In the case of touch-screen voting, it's a simple matter of outfitting the machines with printers, then tallying the printed receipt as the official record of a citizen's vote. Warren Slocum, chief elections officer for San Mateo County, is so disappointed with the Diebold touch-screen machines he's commissioned a custom machine that shoots a printed record back to the voter through a mail tube. The voter reviews the receipt, then puts it in another tube, whereupon it becomes an official record.
"Until registrars stand up and demand a paper trail, it is unlikely that voting-machine companies will build and market any type of verifiable voting system," Slocum says in a Sunday post to his personal Web log.
Until voters themselves stand up and demand an end to the error-prone hacker's dreamland that is the U.S. election system, bureaucrats will remain satisfied with the anti-democratic status quo.