We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Valid Voting?

Stanford University computer scientist David L. Dill on the security of electronic voting.

David L. Dill
Professor of computer science, Stanford University
Issue: Electronic voting. U.S. state and local election commissions are increasingly adopting computerized voting machines. But many believe the systems open the door to increased voting error and fraud.
Personal Point of Impact: Crafted the Resolution on Electronic Voting, advocating a permanent paper record of each vote that allows voters to verify their own ballots; the resolution has been endorsed by several top computer security experts

Technology Review: Electronic voting is a relatively new concept in the United States. How do these systems work?

David L. Dill: We have touch-screen machines, or more generally, direct-recording electronic machines. The voter puts in the vote either via a touch screen or a knob, and the ballots are recorded electronically in the machine’s memory.

This story is part of our February 2004 Issue
See the rest of the issue

TR: Wouldn’t that make counting votes faster and more accurate than other systems, like punch cards? Why object?

Dill: The problem with this technology is the voter can’t observe the record that it made. So a voter could vote for candidate A, and the machine could record a vote for candidate B. There is no way that anyone can tell that that voter voted for candidate A. No matter how you conduct a recount, you’re going to get what appears to be a vote for candidate B-we’re unable to do a meaningful recount.

TR: Are errors and fraud really more likely with these machines, though?

Dill: Of course, there has been election fraud with paper ballots. Sometimes what the debate gets down to is, people admit that electronic voting is completely insecure but say that paper is insecure as well. It really depends on how well your election is run. People have had a hundred-plus years of experience with paper ballots. It’s pretty well known how to maintain the integrity of a paper-ballot election.

The problem with the touch-screen machines is, regardless of how diligent election officials are, there can be errors or fraud committed by the programmers or anybody who had access to the software before it was installed on the machine.

Now, I suspect that the most frequent problem we’ll see-or more worryingly, the most frequent problems that will occur that we don’t see-will be errors, just accidents, causing changes in the vote.

TR: Intentional fraud wouldn’t seem to be much of a concern, then.

Dill: If you think about it rationally, there’s a set of questions. Who might commit fraud, and what is their level of motivation? Can they get technical experts to do it? What kind of money or other resources can they muster? And if you think about people who would want to alter the results of elections-particularly at the national level-they can bring tremendous resources to bear. We’re talking about foreign governments, organized crime, major government contractors-people who have a major financial stake in who is controlling the U.S. government.

There are certainly case studies of these things happening in foreign countries, but in our own country, if you look at Watergate as an example-suppose those guys weren’t trying to bug the Democratic Party headquarters but were actually going after the electoral system through a voting company? It’s a pretty scary prospect, and it seems to me from examining the system that there’s little likelihood that somebody committing that sort of fraud would get caught.

TR: Voting-machine companies face severe criticism for the security of their software. But couldn’t these machines be made secure enough to avoid that scenario?

Dill: As a computer scientist, I don’t think they can make it secure enough, no matter what their procedure, or how they design the machine, or how the machines are inspected at independent laboratories. I have, however, attempted to find out what the actual processes are, and they are much worse than what is achievable. The place where we learned the most was when [touch-screen-voting leader] Diebold’s source code and many of their other files were placed on the Internet. They were examined by researchers at Johns Hopkins University and Rice University. And various possibilities for external attacks-even by voters-came up in that review.

I don’t know how concerned to be about that. It could be that these systems have major weaknesses that they don’t need to have. That was certainly the case with Diebold. And the various regulations, the testing laboratory, the logic and accuracy tests are not solving the problem.

TR: Diebold has sold touch-screen machines to Georgia, and has a contract with Maryland?

Dill: Yes. [Note: A Diebold spokesman says these machines use updated source code, different from that posted on the Web.]

TR: What is required to avoid fraud or large-scale errors?

Dill: I wrote the Resolution on Electronic Voting with help from other computer scientists. We tried to make the most general requirement we thought would work. So we asked for a voter-verifiable audit trail-a permanent record made of the vote that the voter can check is accurate, and that is available for a recount. Now, the only way to do that that is proven at this point is to use paper somehow. You can have a fully manual process, in which case the ballot that you fill out is that voter-verifiable audit trail: you have the ability to make sure it’s correct because you’re actually filling it out. The same for an optical-scan ballot or punch card.

With the touch-screen machine, the solution is to add on a voter-verifiable printer. That prints a copy of your vote, and you get a chance to look at it, make sure that it correctly registers your vote, and reject it if it does not. Then that paper record goes into a locked ballot box. It’s important that the voter not be able to take it out of the polling place because that facilitates vote selling or coercion.

There’s nothing inherently wrong with having computers in the process. You just have to do it right. The Help America Vote Act, a national election reform law passed in 2002, says something about a manual audit capacity. And California’s Prop 41 says that the machines have to print paper copies of the ballot either during the election or right after the polls close. The problem with the second solution is, if we go back to the scenario where the voter votes for candidate A, and a vote is recorded for candidate B, anything that’s printed after the polls close cannot be verified by the voter. You’ll end up with a copy of what’s in electronic memory. Your recount is always going to come out the same as your electronic copy, and it will fail to catch errors in recording the votes.

TR: So what is currently the best option?

Dill: It’s a really difficult question because people have a very long wish list for electronic voting-or for any kind of voting. It’s hard to satisfy all of these requirements. But given what I know now, I think the best option is a precinct-based optical-scan system-with some special device such as a touch-screen machine for use by people who cannot use that system. In a precinct-based system, the voter himself puts the ballot into the machine which reads it. The advantage is that the machines can be programmed to reject ballots that have stray marks or too many votes, so that the voters can correct them then and there.

The other option is to go with direct-recording electronic machines with a voter-verifiable printer. I really only have two concerns about that. One is that it is even more expensive than the touch-screen machines, which are pretty expensive. The other concern is that it’s a relatively new idea that hasn’t been tested a lot in actual elections. I think we should have the pioneering counties try it out and then, once we understand how that system works better, consider deploying more machines.

TR: The U.S. Department of Defense has a pilot program using Internet voting to help soldiers stationed abroad vote more easily. Might we all vote that way someday?

Dill: They’ve succeeded in finding the only idea worse than electronic voting in precincts. Even people who disagree with me about touch-screen voting say that Internet voting is a bad idea. I understand the need to make sure that people in the services vote. And I understand the problems they have now with getting absentee ballots. But I think Internet voting is not the right solution. I’m too busy with my particular battle to combat that, but I hope somebody is able to get it killed.

Be the leader your company needs. Implement ethical AI.
Join us at EmTech Digital 2019.

Register now
Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Print Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.