_____                   _                  _____            _____       _ 
  |     |___ _____ ___ _ _| |_ ___ ___ ___   |  _  |___ ___   | __  |___ _| |
  |   --| . |     | . | | |  _| -_|  _|_ -|  |     |  _| -_|  | __ -| .'| . |
  |_____|___|_|_|_|  _|___|_| |___|_| |___|  |__|__|_| |___|  |_____|__,|___|
  a newsletter by |_| j. b. crawford               home archive subscribe rss

>>> 2021-08-16 on voting (PDF)

The use of electronics to administer elections has been controversial for some time. Since the "hanging chads" of the 2000 election, there's been some degree of public awareness of the use of technology for voting and its possible impacts on the accuracy and integrity of the election. The exact nature of the controversy has been through several generations, though, reflecting both changes in election technology and changes in the political climate.

Voting is a topic of great interest to me. The administration of elections is critical to a functioning democracy, and raises a variety of interesting security and practical challenges. In particular, the introduction of automation into elections presents great opportunity for cost savings and faster reporting, but also a greater risk of intentional and accidental interference in the voting process. Back when I was in school, I focused some of my research on election administration. Today, I continue to research the topic, and have added the practical experience of being a poll worker in two states and for many elections [1].

Given my general propensity to have opinions, it will come as no surprise that this has all left me with strong opinions on the role of computer technology in election administration. But before we get to any of that, I want to talk a bit about the facts of the matter.

The thing that most frustrates me about controversies surrounding electronic voting is the generally very poor public understanding of what electronic voting is. If you follow me on Twitter, you may have seen a thread about this recently, and it's a ramble I go on often. There is a great deal of public misconception about the past, present, and future role of electronics in elections. These misunderstandings constantly taint debate about electronic voting.

In an on-and-off series of posts, I plan to provide an objective technical discussion of election technology, "electronic voting," and security concerns surrounding both. I will largely not be addressing recent "stolen election" conspiracy theories for a variety of reasons, but will undoubtedly touch on them occasionally. At the very least, because I can never turn down an opportunity to talk about J. Hutton Pulitzer, an amazing wacko who has a delightful way of appearing with a huge splash, making a fool of himself, and then disappearing... to pop up again a couple years later in a completely different context.

I will restate that my goal here is to remain largely apolitical (mocking J. Hutton Pulitzer aside), and as a result I will not necessarily respond to any given election fraud or interference claim directly. But I do think anyone interested in or concerned by these theories will find the technical context that I can provide very useful.

Who runs elections?

One of the odd things about the US, compared to other countries, is the general architecture of election administration. In the US, elections are mostly administered by the county clerk, and the election process is defined by state law. Federal law imposes only minimal requirements on election administration, leaving plenty of room for variation between states.

Although election administration is directly performed by the county clerk, for state-level elections (which is basically all the big ones) the secretary of state performs many functions. It's also typical for the secretary of state to provide a great deal of support and policy for the county clerks. So, while county clerks run elections, it's common for them to do so using equipment, software, and methods provided by the state. It's ultimately the responsibility of states to pay for elections, which is probably the greatest single problem with US election integrity, because states are poor.

While it seems a little odd that, say, a presidential election is run by the county clerks, it can also be odd the other way. Entities like municipalities, school districts, higher education districts, flood control districts, all kinds of sub-county entities may also have elected offices and the authority to issue bond and tax measures. These are typically (but not always) administered by the county or counties as well, usually on a contract basis.

What is electronic voting?

Debate around electronic voting tends to focus purely around "voting machines," a broad category that I will define more later. The reality is that voting machines are only a small portion of the overall election apparatus, and are not always the most important part. So before I get into the world of election security theory, I want to talk a bit about the moving parts of an election, and where technology is used.

The general timeline of an election looks like this:

To meet these ends, election administrators use various different systems. There's a great deal of mix-and-match between these systems, many vendors offer a "complete solution" but it's still common for election administrators to use products from multiple vendors.

Each of these systems poses various integrity and security concerns. However, election systems can be roughly divided into two categories: tabulating systems and non-tabulating systems.

Tabulating systems, such as tabulators and direct recording electronic (DRE) machines, directly count votes which they record in various formats for later totalization. Tabulating systems tend to be the highest-risk element of an election because they are the key point at which the outcome of an election could be altered by, for example, changing votes.

Non-tabulating systems perform support functions such as design of ballots, registration of voters, and totalizing of tabulated votes. These systems tend to be less security critical because they produce artifacts which are relatively easy to audit after the fact. For example, a fault in ballot design will be fairly obvious and easy to check for. Similarly, totalizing of tabulated votes can fairly easily be repeated using the original output of the tabulators (and tabulators typically output their results in multiple independent formats to facilitate this verification).

This is not to say that tabulating systems are not subject to audit. When a paper form of the voter's selections exists (a ballot or paper audit trail), it's possible to manually recount the paper form in order to verify the correctness of the tabulation. However, this is a much more labor intensive and costly operation than auditing the results of other systems. In the case of DRE systems with no paper audit trail, an audit may not be possible.

We will be discussing all of these systems in more detail in the future.

Why electronic voting

There is one fundamental question about electronic voting that I want to address up front, in this overview. That is: why electronic voting at all?

Most of the fervor around electronic voting has centered around direct recording electronic (DRE) machines that lack a voter verifiable paper audit trail (VVPAT) [2]. These machines, typically touchscreens, record the voter's choices directly to digital media without producing any paper form. As a result, there is typically no acceptable way to audit the tabulation performed by these machines. Software bugs or malicious tampering could result in an incorrect tabulation that could not be readily detected or corrected after the fact.

It's fairly universally accepted that these machines are a bad idea. Basically no one approves of them at this point. So why are they so common?

Well, this is the first major misconception about the nature of electronic voting: DRE machines with no VVPAT are rare. Only ten states still use them, and most of those states only use them in some polling places. Year by year, the number of DRE w/o VVPAT machines in use decreases as they are generally being replaced with other solutions.

The reason is simple: they are extremely unpopular.

So why did anyone ever have DRE machines? And why do we use machines at all instead of paper ballots placed in a simple box?

The answer is the Help America Vote Act of 2002 (HAVA). The HAVA was written with a primary goal of addressing the significant problems that occurred with older mechanical voting systems in the 2000 election, including accessibility problems. Accessibility is its biggest enduring impact: the HAVA requires that all elections offer a voting mechanism which is accessible to individuals with various disabilities including impaired or no vision.

In 2002, there were few options that met this requirement.

The other key ingredient is, as we discussed earlier, the nature of election administration in the US. Elections are not just administered but funded at the state and county level. State budgets for elections have typically been very slim, and suddenly, in 2002, most states suddenly faced a requirement that they replace their voting systems.

The result was that, in the years shortly after 2002, basically the entire United States replaced its voting systems on a shoestring budget. Many states were forced to go for the cheapest possible option. Because paper handling adds an appreciable amount of complexity, the cheapest option was to do it in software: "paperless," or non-auditable, DRE machines.

To the extent that DRE w/o VVPAT machines are still in use in 2021, we are still struggling with the legacy of the HAVA's good intentions combined with the US's decentralized and tiny budget for the fundamental administration of democracy.

We don't have non-auditable voting systems because someone likes them. We have them because they were all we could afford in 2003, and because we haven't since been able to afford to replace them.

Basically the entire electronic voting landscape revolves around this single issue: there is enormous pressure in the US to perform elections as cheaply as possible, while still meeting sometimes stringent but often lax standards. The driver on selection of election technology is almost never integrity, and seldom speed or efficiency. It is nearly always price.

In upcoming posts, I will be expanding on this with (at least!) the following topics:

[1] I highly recommend that anyone with an interest in election administration step up as a poll worker. You will learn more than you could imagine about the practical considerations around elections.

[2] We will talk more about VVPAT and how it compares to a paper ballot in the future.