A new study of voting machines is spotlighting the “serious risk” that election results can be manipulated because most voters do not check that their ballot is correct, according to new research. 

Ballot-marking devices, or BMDs, combine physical and digital voting methods in a single machine. A voter selects a candidate on a computer screen, and the machine then prints out a paper ballot for review. The goal is to provide both ease of voting and a physical audit trail that hackers can’t readily change, and the Washington Post reports that ballot-marking devices are used by at least 18% of the country’s electoral districts.

But the new study from the University of Michigan suggests that if a voting machine is compromised, people are not likely to realize it, because so few of them check that their printout is correct. And even the rare voters who do check the paper version almost never catch errors when they’ve been made.

The research raises questions about hackable computers and post-election audits—two major issues in election cybersecurity—just weeks before the first US primary votes are cast in New Hampshire on February 11.

“Inserting a hackable computer in between the voter and the recording of intent poses big issues,” says Eddie Perez, a former election industry executive with Hart InterCivic for 16 years. “If we don’t know if voters actually look at the the paper and accurately confirm their intent, the strength of audit is weakened.” 

Perez, who is now the global director for technology development at the Open Source Election Technology Institute, said this research was a crucial first scientific look at how voters behave with ballot-marking devices and what it means for election integrity.

“Based on the performance of 241 human subjects in a realistic polling place environment, we find that, absent specific interventions, error detection and reporting rates are dangerously low,” the researchers wrote. “Unless verification performance can be improved dramatically, BMD paper trails, particularly when used by all in-person voters, cannot be relied on to reflect voter intent if the machines are controlled by an attacker.”

Researchers found that voters missed over 93% of errors. In the study, just 40% of participants reviewed printed ballots at all, and only 6% found errors despite their being intentionally introduced on every single ballot. 

The new research comes just one day before the three major election technology companies—Election Systems & Software, Dominion Voting Systems, and Hart InterCivic— will testify before the House Administration Committee in a hearing centered on 2020 election security. When reached for comment, Election Systems & Software said they were reviewing the findings.

“Yes, we’re familiar with the paper and, in general, agree with its conclusions and recommendations,” Steven Sockwell, Vice President at Hart InterCivic, said in an email. The company supports improved voter instruction, poll worker training, and polling place design as recommended by the research.

The researchers found, however, that educating voters can make a world of difference. Verbal instructions to review printouts resulted in increased review and reporting rates from voters. 

Security experts say post-election audits are crucial, but this research draws attention to how those audits will be done and what they mean.

“These results also raise questions of whether audits of machine-marked BMD ballots are reliable or not,” says Perez. “If voters don’t review the paper, and if we don’t know whether the papers match voter intent or not, then the audit is simply confirming how the papers got tabulated by automated equipment—and that’s different than confirming that the outcomes matched the will of the voters."

The story has been updated to include comment from Steven Sockwell, Vice President at Hart InterCivic. This story was also updated to note that the first primary votes will be cast in New Hampshire in February, not in Iowa which is a caucus state and doesn't utilize voting machines.