Page 2 of 3
Regardless of politics, the Ninth Circuit's initial ruling highlights a vital issue -- the inherent and longstanding unreliability of much of the electoral technology used in the United States -- that we ignore at our peril.
During the summer and fall of 1985, New York Times reporter David Burnham wrote a series of lengthy articles contending that Votomatic punch-card machines, at the time made and distributed by Computer Election Systems of Berkeley, were vulnerable to tampering. These articles spawned a federal inquiry and an August 1988 report concluding that standards and controls for computer vote-tallying were worse than those employed in other computing sectors, that hanging-chad-prone technology made verifying voting results difficult, that the lack of computer controls facilitated "undiscoverable frauds," and that poll workers were ill-equipped to run the machines.
The report called for stiffened federal standards on poll technology. In November 1988, The New Yorker published a 21,000-word exposé of Votomatic's deficiencies, focusing on a battle between plaintiffs in voter-fraud lawsuits and Computer Election Systems executives about the necessity of keeping the company's vote-counting software secret. Reformers, including computer scientists interviewed by New Yorker writer Ronnie Dugger, said it was necessary to examine the code to expose and correct security deficiencies. CES executives scoffed at the potential for fraud, said the software was a trade secret, and prevailed in keeping the code hidden.
Shift forward to 2003: Three years ago, America made itself a global laughingstock in Florida. The U.S. Supreme Court wrote that the election "brought into focus a common, if heretofore unnoticed phenomenon": About two percent of ballots cast do not register a vote for president, and an important portion of those uncounted votes are the result of errors stemming from the voting technology used.
Last week's Ninth Circuit ruling cited at length the 1988 federal study, which "revealed significant problems with the system."
"However," the Ninth Circuit added, "the use of the systems continued."
As part of a nationwide -- and, in my view, weak-hearted -- effort to improve voting systems, California's Secretary of State plans to replace punch-card systems in several counties with touch-screen systems manufactured by Diebold Election Systems, a division of Diebold, Incorporated.
In 1997, Douglas Jones, the voting-technology researcher I quoted earlier, alerted Iowa voting officials to security problems in the Diebold touch-screen system. Systems throughout the state used the same, easily hacked security access password, a flagrant no-no in the world of computer security.
"This is like all bank ATM cards having the same PIN," Jones said. "They viewed it as a low-priority problem."
Rather than build sophisticated anti-tampering features into their software, Diebold adopted an olden-days policy of "security through obscurity." This programming chestnut holds that as long as people are kept in the dark about how the software works, it can't be hacked.
But in July, a group of Johns Hopkins University researchers released a study of Diebold software, derived from 2000 and 2002 versions of the software that had been leaked onto the Internet. The study showed myriad security problems, among them the 1997 flaw discovered and publicized by Jones. Diebold had simply ignored the problem, he says.
Diebold published a response downplaying "alleged" security failures, claiming that the company installed security upgrades since 2002, a claim Diebold will not allow the public to verify. Last month, Jones told an audience of computer security experts that the fiasco casts further doubt on American voting technology.
"I want to emphasize that this story represents more than just a black eye for Diebold," he said at the security symposium in Washington, D.C. "As I said in my 1997 letter, it represents a black eye for the entire system of voting system standards promulgated by the Federal Election Commission and the National Association of State Election Directors. Not only did the I-Mark/Global/Diebold touch-screen system pass all of the tests imposed by this standards process, but it passed them many times, and the source code auditors even gave it exceptionally high marks. Given this, should we trust the security of any of the other direct recording electronic voting systems on the market?"
A letter last month from Diebold's CEO, Walden O'Dell, which told Ohio Republicans that he is "committed to helping Ohio deliver its electoral votes to the president next year," further fueled criticism of the company. Diebold is one of three firms scheduled to qualify to provide voting machines to Ohio precincts.
In California, voters in several counties will soon use these touch-screen machines in a high-stakes election -- either an October gubernatorial recall or a March primary that includes a rescheduled recall. And, Jones predicts, there will be many errors. The system is a "black box," with proprietary computer code hidden from the public, a circumstance rife with risk of errors and tampering. California voting-rights activists are agitating for a revision of the Diebold system that would produce a paper receipt, so that votes can be re-counted by hand in case there are challenges.
Kim Alexander, the voter-rights advocate, recently sat on an "ad-hoc touch-screen task force" set up by Secretary of State Kevin Shelley to study this problem. The committee's recommendations, published in July, are essentially a wish list asking for better testing of the touch-screen systems, greater testing documentation, and permanent paper printouts documenting every vote. Still, Alexander expresses concern that new paper-documented systems won't be added in time. And ironically, the court's decision to postpone the recall election to March, when the additional touch-screens are supposed to be in place, increases the imperative that the elections run smoothly, with as little untested technology or procedure as possible.
Theoretically, this could mean delaying the creation and implementation of a system for generating a paper trail and allowing a manual verification of vote-counting accuracy.
