As I See It: The IT Election
October 27, 2008 Victor Rozek
As the election draws near, the experts are again speculating about which sector of society will provide the winning margin. Will it be the undecideds, or first-time voters, or minorities who ultimately decide the course of the nation? Or perhaps our future will be fashioned by the frozen hands of hockey moms, or the lead feet of NASCAR dads, or the uppity minds of latte-sipping intellectuals. Or, who knows, maybe Chicago’s cemetery precincts will weigh in, or space aliens will drop off their absentee ballots?
Or, just maybe, none of them will matter.
The astute candidate will be courting another constituency–the only cultural subgroup with the power to actually guarantee elections: programmers. Information technology has long been central to the American experience, and it promises to be in the eye of the hurricane again as the November election draws near. As Uncle Joe Stalin–never one to be encumbered by the electoral process–understood so well: the people who cast the votes decide nothing; the people who count the votes decide everything. But Stalin was yesterday’s despot. His electoral wisdom has been updated by his intellectual heirs: Today, the people who cast the votes decide nothing; the people who program the machines that count the votes decide everything.
In a closely divided nation, it doesn’t take much. Change the vote totals in a handful of key precincts in selected swing states–say, Florida and Ohio–and the hacker vote trumps the registered vote. Here’s how easily it could be–and evidently, was–done.
In 2003, writer and activist Bev Harris, founder of Black Box Voting, managed to, shall we say, access the Diebold Website and tested the source code for its voting machines. She examined the operation of touch screen and optical scanning units and found the reason why the company is so intent on keeping its software proprietary. The system worked as follows: Using Diebold machines, voters would cast their ballots at the precinct and, after the polls closed, the votes were transmitted by modem to the county office. At the county office, there was a host computer with a program on it called GEMS, which received the incoming votes and stored them in a vote ledger. But then, says Harris, she discovered troubling irregularities. “We found, [GEMS] makes another set of books with a copy of what is in vote ledger 1. And at the same time, it makes yet a third vote ledger with another copy.”
As any first year accounting student can attest, the existence of multiple sets of books is a legal no-no, and would raise the eyebrows of any auditor. Indeed, the Election Supervisors who used the system to produce county summaries and precinct detail reports never saw these three sets of books. They had no way of knowing which set of data GEMS was using because the interface draws its information from an Access database that is hidden.
“And here is what is quite odd,” says Harris. “On the programs we tested, the Election summary–totals, county wide–come from vote ledger 2 instead of vote ledger 1.”
Why does it matter? Because unbeknownst to election supervisors, votes can be added and subtracted from vote ledger 2, so that it may or may not match the actual totals in vote ledger 1. Thus, the official summary report comes from a ledger “which has been disengaged from vote ledger 1.”
If, however, the supervisor asked for a detailed precinct report, that report came from ledger 1. Therefore, if the correct votes are kept in ledger 1, a spot check of precincts (even one that compares voter-verified paper ballots against machine totals) will always be correct. Since the likelihood of every precinct being recounted is extremely remote, the summary reports from ledger 2 can easily be manipulated to reflect whatever outcome the programmer wants without fear of a full audit. For example: in the summary ledger, an equal number of votes can be deducted from the winner and moved to the loser, thus making the loser the winner while keeping the vote totals identical to those in ledger 1. Although Harris found that internal audit trails and time stamps could be easily changed, for appearances the machine could be equipped with tamper-proof software security on vote ledger 1, because vote ledger 2 can be secretly manipulated by anyone who knows of its existence. The irrelevance of security measures is beautifully depicted in the following cartoon: http://xkcd.com/463/.
Harris doesn’t know the purpose of the third set of books.
Here are some of the suspicious outcomes that surfaced in the last few election cycles.
When Nebraskan Chuck Hagel first ran for the Senate in 1996, his victory against the incumbent Democratic governor was called “the major Republican upset in the November election.” Hagel, the first Nebraska Republican to win a Senate seat in 24 years, miraculously won virtually every demographic group in the state, including large African American communities that had never previously voted Republican. Upsets happen, but voters didn’t know that Hagel was the head of (and continues to have an ownership interest in) the parent company of a voting machine provider. The same provider that installed, programmed, and supplied technical support for the voting machines used by most of Nebraska’s voters. In the following election, all pretense of fairness was abandoned and Hagel won in a landslide with an improbable 83 percent of the vote–the widest margin of victory in the history of Nebraska.
In Georgia, the Democratic incumbent was Vietnam veteran and triple amputee Max Cleland. His opponent, Saxby Chambliss, who managed to avoid military service, nonetheless ran on the goofy premise that he was more patriotic than Cleland. Max Cleland was believed to be untouchable. But contrary to every pre-election poll, Chambliss won. Coincidentally, Georgia was also the state that ran its election using the most electronic voting machines.
Similarly, no polls predicted the upset victory of Georgia Republican Sonny Perdue over incumbent Democratic Governor Roy Barnes. Perdue won by a handsome margin of 52 to 45 percent. However, the last Mason Dixon Poll before the election had shown Barnes ahead by an even larger margin of 48 to 39 percent. Barnes had a 9 point lead and lost by 7 points–a 16 point swing! A former Diebold employee subsequently admitted that the company installed unauthorized patches on its machines before the state’s 2002 gubernatorial elections–programming changes that were neither independently tested nor approved by Georgia election officials.
In Texas, three Republican candidates in three separate races received an identical number of votes: 18,181. In Ohio, there were machines that flipped the vote, and touch screen machines that registered Bush votes even though Kerry had been selected. There were ballots used in heavily Democratic precincts that did not list presidential candidates at all; and ballots where the punch-card votes for Kerry were taped over to be unreadable by an optical scanner while a Bush vote was punched by pen, not the stylus provided in the voting booth. There was also a precinct which, based on the number of votes cast, would have required a highly improbable 98.55 percent turnout. These and other abuses are meticulously documented by Richard Hayes Phillips in his book, Witness to a Crime, which is based on 30,000 images of forensic evidence.
With the introduction of voting machines, polling–especially exit polling–that had been highly accurate and refined over a half century, suddenly became wildly inaccurate. In critical races, the Republican Party profited from a pronounced last-minute swing of between 4 and 16 points. Not, perhaps, by coincidence, these mysterious shifts were concentrated in critical Senate races that guaranteed Republicans complete control of Congress. That Republicans benefited almost exclusively from these irregularities can be explained by the fact that Diebold is owned by a Republican activist.
The government’s answer to voting machine irregularities was to call for voluntary testing, to be overseen by the National Association of State Election Directors (NASED). Designed by voting machine manufacturers and conducted in secret, voluntary testing was such a disaster that the vice chair of New York’s election board called NASED’s “qualified” rating “meaningless. . .a piece of toilet paper.” As a result, New York cancelled a $60 million contract to buy new touch screen machines.
The program was so farcical that, by 2005, the government was forced to assume certification responsibilities. But either by incompetence or design, in three years the Federal Election Assistance Administration has yet to certify a single voting machine.
In 2007, California conducted a security review of its electronic voting machines. Unlike NASED’s exertions, this was a serious review, with security professionals getting access to the source code. They found multiple ways to compromise machines from the three vendors used by the state: Diebold, Hart Intercivic, and Sequoia Voting Systems.
Just last week, according to investigative reporter Greg Gordon, “Texas-based Premier Elections Solutions. . . alerted at least 1,750 jurisdictions across the country,” that its machines “could drop ballot totals for entire precincts.” Think of it as a feature. And in early 2008 voting, Florida reported Diebold machines had failed to count ballots properly on the second day of use. While in Tennessee and Vest Virginia, ES&S voting machines were flipping votes.
Turning over the electoral process to private corporations puts democracy, little “d” which means all of us, at peril. If the people can’t trust the vote, the choices are tyranny or revolution. It stretches credulity that Diebold can make ATMs that are unerringly solid and provide a paper trail, but can’t seem to make a functioning voting machine.
Solutions remain elusive. Some states like Oregon have moved to vote by mail, but privacy cannot be guaranteed since you are required to sign the return envelope, and voters are at the mercy of the Secretary of State. Imagine trusting Katherine Harris to count your ballot. While some precincts have abandoned voting machines, many others across the nation still use them without a proper paper trial to verify the results.
Without an independently tested, source code reviewed, secure nationwide system whose results can be audited and reproduced by means of a voter-verified paper trail, the opportunity for vote and ballot manipulation remains high. Let’s be clear: This is not a partisan issue. When any party places itself above the will of the electorate, it devalues the most cherished and vital symbol of representative governance–the ballot–and erodes the very foundation on which our nation was built.
Sophocles said he would rather fail with honor than succeed by fraud. Sadly, his idealism seems quaint in a world that–if financial markets are any indication–increasingly appears to be run by fraud. It is a testament to the power of those who control Information Technology that as we approach what is arguably the most important election in the last half century, a nation founded by honorable leaders, sustained by two centuries of honorable patriots, now must hope anxiously for a few honorable programmers.