Voters using new machines must review candidate choices before casting ballot
Starting with the Florida recount in 2000, attention has turned to how our votes are cast and counted at election time. We have progressed from punch cards and paper counted ballots to a series of machine answers, including direct recording electronic devices, until recently used here in Delaware, and optical scans of hand-marked paper ballots and DREs with verified paper trails used elsewhere. Starting in 2019, Delaware acquired Ballot Marking Devices for use in all elections.
DREs were criticized by voting machine experts for their lack of verified paper trails, potential hypersensitivity on the touchscreen and miscalibration, which cause vote-flipping. Voter studies showed that even for the machines that created voter-verifiable paper audit trails, fewer than half of all voters checked the results to ensure that the ballot captured their choice of candidates.
Attempted foreign interference in the 2016 U.S. elections adds urgency to the issue of machine accountability, and to the vulnerability and accuracy of voting machinery. The Senate Intelligence Committee established that part of the Russian interference was attacks on voting machines and the companies that make them.
The ES&S Express Vote XL BMDs purchased by Delaware basically work by requesting that the voter insert a ballot card given to them by election officials at the polling site, mark their choices on a computer screen which records the vote using a barcode, verify the names chosen on a human readable ballot summary, and finally cast the ballot by pushing the vote button.
As reported by Jennifer Cohn in the New York Review of Books, on Dec. 17, 2019, the new ES&S Express Vote XL BMDs are still vulnerable. She reports that one source of vulnerability arises when a machine or voting system is connected to the internet. She reports Professor Rich DeMillo of the Georgia Institute of Technology as saying that “like all voting machines, BMDs receive programming before each election via memory cards or USB sticks prepared on centralized election-management computer systems that are likely connected to the internet on occasion.”
It appears that the experts also agree that all computerized voting systems, including BMDs, can be hacked. The experts also appear to agree that a machine recount alone would not detect tampering or a failure to accurately record the voters’ intent.
The recent election in Northampton County, Pa., demonstrates the concern. Election-night totals showed one candidate receiving only 15 votes. A recount found that candidate winning by over 1,000 votes. The culprit was that dozens of voting machines were not properly calibrated; this despite representations from ES&S that calibration was never an issue because the system included a “calibration routine.” Efforts to decertify the machines are ongoing in the courts.
What electoral officials can do
First, and most significantly, voters using the new BMDs must verify that the ballot summary card shows the correct choices before casting their ballot. Yet less than half of us do this simple act.
Second, election officials must ensure that their election voting machinery is never connected to the internet, or unsecure phone lines, and that all programs are free from internet infections.
Third, election officials must engage in robust testing of all software, hardware, firmware and operating systems, as well as source code review.
This testing should be performed by independent experts not associated with the manufacturer.
Fourth, election officials must conduct comprehensive “logic and accuracy testing” of the voting machines before each election. This testing should be conducted by election officials in public and include representatives of the political parties and civic organizations such as the League of Women Voters, Common Cause and other voters’ organizations.
Fifth, state and federal officials must recognize that the integrity and security of voting machines and processes are part of the country’s critical infrastructure.
Increased funding is needed for cybersecurity (over and above the appropriations in the new government funding). Part of this responsibility is the duty to ensure that the machines and devices used by voters accurately record their vote. This process includes meeting the U.S. Election Assistance Commission and Department of Homeland Security standards.
Anything less than following these steps is simply unacceptable.
Jack Young is the co-editor of America Votes! (4th ed.) (with Benjamin Griffith), recently published by the American Bar Association. He resides in Rehoboth Beach.