Or, how Politico summarizes much of BRAD BLOG's 15 years of e-voting coverage in 8,500 smart words....
By Brad Friedman on 8/5/2016, 1:15pm PT  

Please read the cover story of Politico Magazine today headlined "How to Hack an Election in 7 Minutes". Ben Wofford's excellent, comprehensive feature summarizes a great deal of almost 15 years of our work here at The BRAD BLOG. He focuses his piece on the core of computer science and cybersecurity experts initially working out of Princeton University back in 2005 or so, who have, since that time, gone on to publicly hack virtually every electronic voting system and tabulator still in use around the country (and even, looking forward, hacking at least one planned Internet Voting scheme.)

We've covered and/or broke the news about many of those landmark exploits, both here and on the radio, going back through 2005 or so. I don't have time to collect all the links here at the moment, but it's very nice to see so many of them rounded up so thoroughly in Wofford's piece.

The 8,500+ word article is far too detailed to adequately summarize, or even quote from in detail here. So please go pour a tall drink or cup of coffee (you may need several, there's a lot there) and go read about the "parabola of havoc and mismanagement that has been the fifteen-year nightmare of state and local officials", as he accurately describes it, following the horrifically misguided and ill-advised move to computerized voting and tabulation systems following the 2000 election. I suspect we've filed almost as many articles on this topic as Wofford has words in today's piece!

But there's one element of his piece I want to ring in on specifically, as I think it represents something a bit more encouraging from the computer scientists who are discussed in the report than I have seen over the years...

Other than pulling together so many of their landmark e-voting exploits into one lengthy and harrowing article, what I think I may appreciate most here is that Wofford eventually gets to, in the final sections of the piece, the observation that many of the computer science and security experts themselves are finally beginning to take notice of. Specifically, that even many of their proposed solutions to this long American nightmare (such as newer computers to replace old ones, encrypted voting technology, post-election "spot checks" known as audits) will be no "silver bullet" to the existing problems. Many of their suggested solutions, as Wofford describes, are likely to result in some of the very same concerns that have caused worry among the electorate about security and a lack of confidence in reported results as with the previous "solutions" implemented as an answer to the 2000 Presidential Election nightmare, when the nation moved to the often-unverifiable and non-transparent, easily-manipulated and simply error-prone computer voting and counting systems funded by the federal Help America Vote Act to the tune of $4 billion.

For example, rather than directly just calling for, as I have, pilot programs for publicly hand-counted, hand-marked paper ballots, with results posted at the precincts on Election Night before ballots are moved anywhere (what I have long described as "Democracy's Gold Standard"), Wofford cites Rice University computer scientist (and longtime critic of our existing e-voting systems) Dan Wallach's explanation for a suggested cryptographic "solution"...

Wallach walks backward through the concept by offering a thought experiment. The most unimpeachable election technique would be to count the votes on an enormous corkboard; every voter would pin his or her vote, and the public would count the results together. Everyone would see the votes, and everyone would agree on the result.

Well, that's close to "Democracy's Gold Standard". But Wallach's solution is then a system that would encrypt electronic ballots. It would, in theory, be far more secure than what we have now, but such a system still make it impossible for the public to oversee all of those ballots and, therefore, unable to know that they were accurately tabulated. As Wofford reports, he was left "dumbfounded" by four different explanations of Wallach's confusing crypto solution that, he accurately observes, would likely repeat problems with public oversight of our current, horrible computer systems and "would abolish the concept of a countable 'ballot' [by] forcing us to trust that incomprehensible code is the equivalent of a ballot"...

[E]ncrypting the vote would allow a public accounting while keeping the actual votes private: voters would make their selection on a digital processing machine; they’d then receive an encrypted receipt, a random assortment of numbers and letters. Their vote would then be uploaded to a public bulletin board online; any voter could compare their encrypted vote to see if it matched the numbers and letters online. The vote itself would be scrambled and completely secret; a complex function, known as homomorphic cryptography, would count the votes without unencrypting the source.

“Crypto,” as it’s known in the field, would secure our elections something close to permanently. But it would change fundamentally the way we vote. It would make the act of gawking at random source code a civic requirement. And it would abolish the concept of a countable “ballot,” forcing us to trust that incomprehensible code is the equivalent of a ballot. Cryptographic voting is still years away from ready. But it also begs the question, of whether the concept has simply transferred a technocratic leap of faith from one part of the electronic system to another one. It seemed difficult to believe, after a bruising decade of invisible votes and disappearing ballots, that voters would put their faith in something so abstract. After four explanations from Wallach, I was still dumbfounded.

And that is at the core of the problem with electronically tabulated ballots. If the public --- not just computer scientists --- can't oversee it and understand it, we will never have confidence in the reported results. And that, as I have long argued, represents as grave a threat to democracy as elections that are actually stolen.

(The need for Wofford's article itself, coming on the heels of the DNC Email hack, charges by many Sanders supporter that the primary election was stolen, claims by Trump and friends that the November election will be "rigged", etc. continue to support my argument that merely the threat or fear of a stolen election is as damaging to confidence in America's system of democracy as anything else. I discussed this on air in great detail in a recent BradCast.)

In other words, even if a voting and counting solution is judged to be "secure" by experts, that's not good enough for American democracy. Every citizen needs to be able to know and understand --- without having to merely "trust" in anyone --- that the reported election results accurately reflect voter intent.

It makes no more sense to simply trust in computer scientists than it does to simply trust in corporate entities like Diebold or ES&S or Sequoia or Hart InterCivic or Dominion when they tell us, as they have sworn over the years (and still do, as Wofford reports) that their systems are really, seriously, totally secure. Nothing to worry about!

Andrew Appel, another seminal player in the past decade of ingeniously disturbing voting systems hacks emanating out of the Princeton group, offers a solution that is, a bit closer to "Democracy's Gold Standard", even if it's not yet all the way there...

Appel, the Princeton cybersecurity expert—master of numbers, merry prankster of machines—proposes a radical idea to this fifteen-year nightmare: What if we took a page from the town criers of two centuries ago, and simply read the precinct results out loud?

“There’s a very simple and old-fashioned recipe that we use in our American democracy,” Appel says. “The vote totals in each polling place are announced at the time the polls closed, in the polling place, to all observers—the poll workers, the party challengers, any citizen that’s observing the closing of the polls.” He goes on to describe how the totals in that precinct would be written on a piece of paper—pencils do just fine—then signed by the poll workers who have been operating that polling site.

“Any citizen can independently add up the precinct by precinct totals,” he continues. “And that’s a very important check. It’s way that with our precinct-based polling systems, we can have some assurance that hacked computers could not undetectably change the results of our election.”

If I understand what Appel seems to be calling for there, it is almost like the system of precinct-based, publicly hand-counted, hand-marked paper ballots I am suggesting (see how some 40% of New Hampshire towns do it on election night, to fully appreciate "Democracy's Gold Standard"). But his system of publicly announcing precinct results still seems to be based on an initial computer-tally of results in the first place.

The good news here is that even the scientists --- who I have long worked with, interviewed, and hugely respect for their work in identifying problems and vulnerabilities in our e-voting systems --- finally seem to be getting closer and closer to realizing that the solution to the problem of computer voting and tabulation is not necessarily using different or better or newer computer voting and tabulation systems.

They are computer scientists, after all. So, it is not a surprise that many of them seek computer science based solutions here. In this case, however, with the unique issue of counting votes cast on secret ballots, and the need for the public to be able to oversee and have confidence in the tally, I suspect more and more each year that the solution must ultimately have nothing to do with computers at all.

Now go pour that tall drink or brew that pitcher of coffee and read Wofford's piece at Politico.

* * *
Please support The BRAD BLOG's fiercely independent, award-winning coverage of your electoral system, as available from no other media outlet in the nation with a donation to help us keep going (Snail mail, more options here).

Share article...