With midterm elections near and the 2008 presidential election on the horizon, many computer engineers and scientists fear that electronic voting machines might facilitate voting fraud on an unprecedented scale.
Election fraud has always existed, regardless of the technology used. Both U.S. political parties have used such simple tactics as ballot box stuffing, ballot destruction, buying votes, and fraudulent counting, which, for conventional voting systems, are labor intensive and hard to conceal.
E-voting eliminates none of these "traditional" modes of cheating, while making possible entirely new corruption methods that are very hard to detect because detailed digital system operations are invisible to human observers.
E-voting systems have already crashed on election days. When there is Internet access, there are real dangers of hacker break-ins.
Still more serious is the possibility of systems with concealed features deliberately designed to falsify results by switching votes from one candidate to another. Engineers are accustomed to looking for program bugs and inadvertent design errors, and to testing systems for faulty circuit elements. Finding hidden features in a complex program, when even the comments may be deliberately misleading, is a very different, daunting problem, akin to detecting the tricks of stage magicians. Programs can be written that respond properly to all normally expected inputs during testing, but which change their behavior completely after some special input signal is entered.
Malware might be inserted during the election process by wireless transmissions, or under the guise of spelling corrections, or fixing "minor" program bugs. This code might become active only at certain times during the election process and then delete itself, leaving no trace behind.
Given the complexity of modern integrated circuit technology, with tens of millions of transistors on a chip, ensuring that the hardware side is clean would be at least as difficult.
Another corruption technique is a "denial of service attack." In precincts where the cheater's opponent is expected to receive a large majority of the votes, a substantial subset of the machines can be programmed to break down during the election, causing many voters to leave without casting ballots.
A proposed antidote to electronic manipulation is paper ballots. Voters, after verifying that the on-screen votes match their intentions, press a key causing the screen image to be printed on a paper ballot that they can see (but not touch). If the printed ballot is correct, they press another key, causing the ballot to be dropped into a slotted ballot box in full view of the voters and all observers. The system reports the tallies as computed from data corresponding to voter approved screen images or from optical scans of the paper ballots. Disputes over the validity of the final numbers can, in theory, be resolved by manual recount of the paper ballots, which are carefully preserved.
However, experiments indicate that most voters won't notice discrepancies between screen and paper ballot. Suppose a machine is programmed to change 10 percent of the votes cast for X to votes for Y both electronically and on the printed ballot, and that this is noticed by voters (and corrected) in 50 percent of the cases. Then 5 percent of X's votes would be recorded both electronically and on the paper ballots as votes for Y.
Post-election manual recounting of paper ballots and parallel testing (election day tests on randomly selected voting machines) have been proposed as safeguards. But election laws and the way they are administered in the various states offer little hope that these could generally be implemented reliably enough to thwart corrupt E-voting systems.
Every voting system is vulnerable to fraud if it is not open to public inspection or if representatives of concerned parties are not sufficiently vigilant at every stage. Ensuring that E-voting systems are not cheating may be impossible in the real world even with back-up paper ballots.
Having spent a lifetime working on the kind of technology underlying E-voting systems, I find myself in the peculiar position of advocating use of the most primitive type voting system: manually marked, manually counted, paper ballots. This simple, inexpensive technique has withstood the test of time, functioning reliably and scaling well for electorates of all sizes. It can be operated and monitored effectively by ordinary citizens, and is widely used (e.g., in New Hampshire, parts of several other states, and in most other countries, including Canada, France, Germany, and Sweden). E-voting systems confer no benefits justifying their great risks.
The writer is professor of computer science at Columbia University. The West Nyack resident is currently on a leave of absence.
