Slashdot Mirror
The Computer Scientist Who Prefers Voting With Paper (theatlantic.com)
Geoffrey.landis writes: The Atlantic profiles a computer scientist: Barbara Simons, who has been on the forefront of the pushback against electronic voting as a technology susceptible to fraud and hacking. When she first started writing articles about the dangers of electronic voting with no paper trail, the idea that software could be manipulated to rig elections was considered a fringe preoccupation; but Russia's efforts to influence the 2016 presidential election have reversed Simons's fortunes. According to the Department of Homeland Security, those efforts included attempts to meddle with the electoral process in 21 states; while a series of highly publicized hacks -- at Sony, Equifax, the U.S. Office of Personnel Management -- has driven home the reality that very few computerized systems are truly secure. Simons is a former President of the Association for Computing Machinery (ACM); and the group she helps run, Verified Voting, has been active in educating the public about the dangers of unverified voting since 2003.
It's way too easy for someone to sneak in an extra box of fake ballots to rig an election.
It's hard to rig an election with a single box of fake ballots. It's also hard to bring in thousands of boxes without anybody noticing.
One of the requirements for a proper voting system is that ordinary people can understand it and oversee its correct implementation, so that they don't need to take someone else's word for it. Computers are basically out by definition.
The sad part is that it's not only security experts who should be saying this. Voting should not only be accurate, but that accuracy needs to be verifiable by laymen, and they should be able to understand the end-of-end process to tally and verify the count. Voting by computer violates that principle on a fundamental level.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Yes paper can be destroyed, replaced, and added to, impacting the outcome. But the impact will be at most ONE small district. And you would need to do this at multiple voting centers. There are 435 districts in the US. Great path if you want to rig your very local election.
But going to major cities or state levels... the amount of money you would need to spend to significantly impact such elections would be a waste of funds and a high risk for capture through multiple attempts. It would be far more cost effective to spend that on ads to sway public opinion or a candidate directly.
At the federal level... easier to buy out the Electorial College. That may seem difficult but nothing compared to what you propose.
With electronics, you have a centralized, standardized, single target. But this target would have multiple stages to attack, any of which can yield control of the entire system.
It is possible to create a good enough electronic voting system but we just don't have anyone nearly competent enough to do so. Our current system of hundreds of thousands of cogs watching each other is more than good enough at the moment.
There are plenty of instances of tampering with paper ballots. Can you provide a single instance of an electronic voting machine actually being tampered with during an election?
You've summarized the problem. Electronic voting allows for undetectable manipulation.
The ballots we use up here (and the system we use to count and track them) are amazing.
The voter goes to a table where the ballots are handed out by elections officials. The ballot has the candidate's names in alphabetical order and a removable counterfoil that has a serial number that matches against the book that the ballot was torn from. The official puts their initials on the ballot and hands it to the voter. The voter goes behind the screen and marks the ballot and folds it. The counterfoil and initials are still visible.
The voter hands the ballot back to the offical who checks both the signature and the serial number on the counterfoil (this ensures the voter has returned the ballot they got). The counterfoil is then removed and now the ballot is completely anonymous. The voter then gets the ballot back and she places it in the ballot box in front of the official.
When it comes time to count the votes, the elections officials count all of the ballots in the presence of other non-partisan officials as well as the candidates themselves or their representatives -- a vote isn't recorded until everyone has seen and verified the ballot. Once everything is counted and verified (does the number of ballots counted match the number given out and returned by voters, etc) the tally is made on paper and the ballots themselves are sealed up and passed up the chain. They are kept for 7 days in case a recount is needed.
The great thing about this system is that it scales to any population size since the ballots are counted right there at the polling station, box by box and verified on the spot.
It's certainly not perfect and there are some opportunities for tampering but nothing even in the same universe as the kind of wide-spread hacking that can occur with electronic systems.
more detail:
http://www.elections.ca/conten...
http://www.elections.ca/conten...
It's way too easy for someone to sneak in an extra box of fake ballots to rig an election.
It's hard to rig an election with a single box of fake ballots. It's also hard to bring in thousands of boxes without anybody noticing.
In addition, cryptographic security researchers have constructed a cost-effective, scalable, paper ballot system which makes this sort of fraud (and others) detectable.
Paper, backstopped with math, is unquestionably the most fraud-resistant way to conduct elections. Pure electronic voting systems are perhaps the best way to enable fraud.
There is a valid argument for the use of electronic voting machines for accessibility. Large touch screens are easier to use, especially for people with disabilities, but they should merely be an interface to collect information for printing on a human-readable paper ballot.
I'm both a computer scientist and a computer security expert. I think you'd be hard-pressed to find anyone who understands computer security who would honestly support direct recording electronic voting.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.