Vote of No Confidence
Buy 70 GCAT: The Book
Metro: Silicon Valley's Weekly Voting story from the New York Press
Buy election equipment
NOTE: This article was written more than 11 years ago, yet it couldn't
be more relevant today. In fact, while the article covers such
now-familiar (then-obscure) issues as "hanging chad," it also
examines a potentially more important issue that isn't being discussed
during the current electoral confusion: the possibility that
vote-tabulation software could be easily altered and that, even absent
deliberate fraud, the software code itself is such a mess that chances for
error and malfunction are dangerously high.
Reprinted in abridged form from
The next president of the United States may not be chosen by the voters of the United States. Instead, he or she may be the choice of whomever controls or manipulates the computer systems that tally the votes. A single, Berkeley- based firm manufactures the software used in the machines that compile more than two-thirds of the nation's electronically-counted votes. Analysts describe the software as "spaghetti code," tangled strands of instructions indecipherable to outsiders. The experts say the code could be manipulated without detection. In fact, that may have happened already.
Vote fraud by computer is an even greater threat to local elections, the experts fear. With the entire system shrouded in mystery and absent of assurances that the voting process is tamper-proof, voters these days have more reason than ever to ask, "Does my vote count?"
"The whole damn thing is mind-boggling," says Ronnie Dugger, a Texas-based writer who investigates computerized elections. "They could steal the presidency." "Any use of computer technology is subvertable," Peter Neumann of the Menlo Park research firm SRI confirms. "The consensus is that elections can be rigged easily locally, but nationally takes a lot more work." However, Neumann says, the task of fixing a presidential election is "doable."
Election-rigging is a time-honored tradition in the US, from the days of New York's Boss Tweed and Tammany Hall to Chicago's legendary Mayor Richard Daley, who, historians believe, engineered President Kennedy's narrow margin of victory over Richard Nixon in the 1960 general election by stealing a key bloc of Illinois votes. And Lyndon Johnson's 1948 Senate victory, according to a biographer, was the result of vote-rigging in Southern Texas, where ballots were burned before a recount could take place.
As recently as 1988, a US Senate race in Florida, in which Republican Connie Mack defeated incumbent Buddy MacKay by just 35,000 out of four million votes, stirred deep suspicion though no fraud was ever proved. The question, however, is whether a well-executed computer vote fraud ever would yield enough evidence to constitute "proof."
Ballot boxes can be stolen and stuffed, mechanical lever machines can be tinkered with, paper ballots can be forged. But computers seem somehow more sinister. Though defended, as one would expect, by professionals in the field who insist that computers are less vulnerable to error and tampering than counting paper ballots, the invisibility of computer functions and the esoteric languages they use make that assurance difficult to accept.
"Computerized elections could be made more difficult to defraud than hand-counted elections, but they're not that way now," says Erik Nilsson, a Portland, Ore., software engineer who monitors computerized voting for the Palo Alto-based Computer Professionals for Social Responsibility (CPSR). "If you believe election officials deliberately defraud elections, if you really believe people are that dishonest, then we're kind of stuck."
Nilsson echoes many computer professionals who say that the internal security/measures of most vote-counting systems make tampering difficult to detect. He is cautious on the subject of widespread computer tampering. "Our feeling has been that while we know vote fraud exists, the larger problem is error," he said in an interview.
Other critics go a step further. "CPSR has been very conservative on this issue," Dugger says. The journalist is a native of South Texas, where, he says, election-rigging is a matter of course. "If they're asking me to trust politicians and election officials," he quips, "they'll have to ask Someone else."
Even if elections were never corrupted, the vulnerability of computerized vote-counting could so damage public confidence as to render elections virtually useless.
"The public's perception of the security (as well as the accuracy) of the vote tabulation process is as important as the actual security measures," said a 1988 report by the Pennsylvania research firm ECRI." And care must be taken to avoid even minor nuisances that can give the public and political leaders the impression that the system's integrity is not sound."
Unfortunately, the problem is more than simply "public perception," more than "minor nuisances." In many important ways, the system is not sound. "The complex systems that tally 55 percent of our electorate are badly designed, hard to monitor and subject to a host of technological threats," Nilsson wrote in a CPSR "Election Watch" report. "Worse yet, detection of error or sabotage is more difficult than in traditional elections." In the report, Nilsson and a co-author listed ways in which vote-counting software can be "secretly changed." The possibilities include adding extra ballots,' discarding some ballots, misreading ballots, turning off the computer's internal record-keeping system or simply changing the results.
"Any of these threats can be accomplished by a single computer expert or, in many instances, by a non-professional," Nilsson's report states.
So far, there have been no legally established cases of computerized vote fraud, or at least of fraudulent software tampering. "There's probably been some we don't know about," claims one computer company executive. If a computerized vote fraud were successful, would the public ever know? A Los Angeles Times article earlier this year raised that very point, quoting former California state prosecutor Steve White, who pointed out that "if you did it right, no one would ever know. You just change a few votes in a few precincts in a few states and no one would ever know."
The technique of fixing a relatively small number of votes could be used to swing a close election to a designated candidate. Just as troublesome is the prospect of increasing a candidate's margin of victory. Presidential elections are rarely won by margins of more than a few percentage points, and more than 8 percent is considered a crushing margin of victory. Altering a small percentage of votes in various districts across the country could turn an indecisive election into an artificial "landslide," creating a false "mandate" for the winning candidate.
But who on Earth would do such a thing? In Chicago in 1982, 58 Democratic party bosses were convicted of fraud after they were caught stuffing not the ballot box, but the computer. They had punched out fraudulent cards for falsely registered and nonexistent voters, then run them through the card-reader.
There have been numerous other ambiguous cases. Many of them have involved Berkeley's Computer Election Service (CES)-which recently changed its name to Business Records Corporation Election Service. The company is the dominant force In the American election industry; an estimated 33 to 40 percent of all American votes are cast on and counted by CES systems. CES uses aversion of the punch-card voting system prevalent in California.
In 1985, the National Security Agency (NSA)-the government's most expansive and most secretive intelligence service-took an interest in CES. According to the New York Times, NSA was following a directive from then-President Reagan to improve the security of major non-military computer systems.
Government officials were queasy at the prospect of a top-secret military spy agency-particularly NSA, whose domain is high-tech intelligence gathering-delving into the nation's electoral process. According to the Times, an official of the government's General Accounting Office told a Senate committee that NSA's involvement with CES "raises basic questions concerning the extent to which the defense establishment should be involved in policy formulation within the government's civilian agencies."
The chair of the House Science and Technology Subcommittee at that time, Rep. Ron Glicksman, also expressed "serious reservations " about NSA's involvement with CES. The Times story of Sept. 24, 1985 (which ran in the San Francisco Chronicle the following day) , announced that NSA was "investigating" CES to determine if its systems were open to fraud, but the NSA now says the Times got the story wrong. "There never really was an investigation," says Cynthia Berecek, an NSA public information officer. Berecek said the National Security Agency's interest in CES was in "data gathering," not "investigating." The NSA, according to Berecek, no longer has responsibility for computer security outside of government operations. She says the Times misquoted an NSA spokesperson as saying, "We have no interest in any particular election." The correct quote, according to Berecek, should have been, "We have no interest in elections per se." (Berecek says the NSA spokesperson interviewed by the Times kept a written record of the conversation.) Exactly what "improvement" the NSA was supposed to have made in the CES system was never announced. Berecek says there were "no results to talk about" because there was no "investigation," only "data gathering."
"If you sit and read a magazine that has an article about a computer company, that's gathering data," Berecek says. The NSA is the government's electronic intelligence bureau, responsible for monitoring telephone calls, telex messages and other electronic communications. It also gets information from spy satellites.. According to some reports, the secrecy-obsessed agency possesses the most powerful computer system in the world. In addition to the concerns raised by NSA's "data gathering," doubts about the company's integrity have been raised in several civil lawsuits. In these civil lawsuits (no criminal charges were filed), CES has been accused of actually participating in election fraud. Despite the fact that CES has never lost a court case, the company's public image certainly hasn't been helped by the litigation. In 1983, several losing candidates in Indiana (a state where a county clerk once pronounced vote-buying as "a way of life") sued CES and local election officials, charging them with "false and fraudulent" vote counts.
CES President John Kemp denied in the press that his company participated in wrongdoing of any kind, though he did admit to the New York Times, "It is totally economically unfeasible to have a fraud-proof system." CES also has been challenged in at least three other states. When investigators have tried to unravel the CES counting program, however, they inevitably have gotten lost in the linguini-like mess. In the Indiana case, the defeated candidates brought in computer consultant Deloris Davisson to analyze the CES vote-counting software. She found it hopelessly obscure and hard to follow. Her report termed the program's source code (the key to understanding the program) "convoluted, unstructured and undocumented."
Davisson called its memory functions -- where the vote counts are actually stored within the computer -- "a shell game," and noted that the program doesn't stop running or even give a warning if "there are more votes recorded than, there are registered voters."
Davisson's report may be open to accusations of bias. After all, she was a paid consultant hired by people who had a vested interest in proving CES faulty. But her finding are echoed in the ECRI report, which was funded by a grant from an independent foundation. Criticizing the software of "some vendors" (indicting CES only by implication), the report states that the vote-counting software has been modified so many times that "the resulting 'spaghetti code' may hide routines that could affect the accuracy of results in subtle ways, and it would be virtually impossible to find deliberately erroneous routines." (Emphasis added.) The source codes of CES programs, and those manufactured by companies with a smaller market share, are usually impenetrably obscure, incapable of being understood by "me voting public and even by the election officials who run the programs. "They treat it like it was something handed down on stone tablets. The codes should be in the public domain," says Robert Naegle, a federal elections consultant based in La Selva Beach, south of Santa Cruz. Naegle authored the government's new voluntary standards for computerized election tallying. But some of his best suggestions were refused. , Naegle recommended to the Federal Elections Commission (FEC) that all source codes be written in "high level language," a computer language resembling English. While still hard to understand for the uninitiated, the codes would be more accessible than those written -- as most codes currently are -- in digital "assembly language."
The FEC rejected Naegle's recommendation.
A 1980 Pennsylvania study, not related to any court case, found that one CES program was so complex and jumbled that "it is possible to alter its functioning without any record." the study's author, University of Pittsburgh Professor Michael Shamos, recommended that the state refuse to certify CES. The state ignored him.
State elections boards are being "buffeted by elections systems salespeople," Shamos was quoted as saying in Datamation magazine. "Punch cards result in disenfranchisement. The CES system is riddled with scandal potential."
According to Santa Clara County Registrar of Voters George Mann, the system is subject to a "logic and accuracy test" run before the election, in which up to 45,000 pre-punched cards are fed through the computer. The computer's count is matched against the actual count. Members of news media and political office holders are invited to view the test. Mann, however, concedes that the system's accuracy could never be verified unless someone wanted to hand count personally 45,O00 computer cards. They just have to take his -- and the computer's -- word for it.
The punch-card system used by CES, called the Votomatic, has another disadvantage that has long concerned computer voting critics: the problem of the "hanging chad," The issue concerns the little perforated squares that voters punch out of computer-voting cards, known as "chad." When the paper rectangles aren't punched fully, they hang from the card, creating an ambiguous ballot. Elections workers, however, "sweep" the chad from the cards. The workers are put in the questionable position of deciding whether voters intended to vote for candidates where chad is incompletely punched. There are no laws in California governing how voter intent is to be determined in the case of ambiguous ballots. Usually, though, workers are not supposed to remove chad unless it is hanging from the card by one or two perforated corners.
Mann estimates that "less than five percent" of all punch cards come into the counting room with hanging chad. But there has been many an election decided by less than five percent of the vote. He also says that when a ballot fails to run through the card-reading machine correctly, election workers simply punch out a new ballot, attempting to duplicate the one filled out by the voter. There is a rich history of elections botched because of faulty card reading and counting. In a 1970 election in Los Angeles, a computer assigned votes to the wrong candidates and failed to read other votes at all. A Carroll County, Maryland, school board election in 1984 was thrown into confusion after a CES computer picked the wrong winner (the "true" victor was later determined by a manual recount). Somehow, the correct counting program had been replaced with a test program.
A four-way Dallas mayor's race in 1985 also featured oddities. When the second-place finisher requested a recount, vote-totals changed in 161 of the city's 250 precincts. Roy Saltman, a government consultant who wrote a 1988 report on "Accuracy, Integrity and Security in Computerized Vote-Tallying," calls the count changes "perplexing" in his report. The second-place candidate's campaign manager alleged that the vote-counting computer's "instructions" were changed after the count showed her candidate leading by 400 votes. At around 8 pm on election night, her candidate was ahead when the computer went down. When it came back up, he was trailing.
And election that same year in Arizona experienced a near-miss when a mistake that would have given all Democratic votes to Republicans.
Those are just a few of the sizable list of elections that have been distorted by faulty computerized counting. in 1985, the wrong man was elected to the Moline, Ill., board of aldermen. In the 1986 general election, the computer simply skipped two percent of the ballots in Oklahoma County, Okla., effectively disenfranchising hundreds of voters.
And so on.
Since CES changed its name to Business Records Corporation there is now a new Computer Election Services. This separate company was founded by Robert Varni, a founder of the original CES in the 1960s. His company, located in a Benecia industrial park, is planning to market a "chad free" punch card system and hopes to reestablish what Varni says was the original, sterling reputation of CES -- a reputation that has been tarnished in the original company's later years.
Another founder of the "first" CES has a similar idea. Jack Gerbel's company, Unilect of Dublin, Calif., is also selling a chad-free punch manufactured by Triad of Ohio. In fact, Gerbel says he has "no knowledge" of any other chad-free punch and was surprised to hear of Varni's system.
But punch-card voting may be on the way out, replaced by more advanced technology. the trend in the computer elections business is toward "direct recording" machines -- basically, automatic teller machines for voters. These machines increase the convenience of voting and the speed with which votes can be tabulated on election night. But since there are no ballots,, there is no way to manually verify the machine's counts. Some direct recording devices are capable of transmitting counts immediately over phone lines or even via satellite.
Consultant Naegle recommended to the Federal Elections Commission that direct recording machines should have some way of recording votes independent of its own internal memory. Again, the FEC rejected what seems like a sensible, even crucial, suggestion.
One of the most widely used direct recording machines is called the "Shouptronic" named for its company, R.F. Shoup. The president of that company, Ransom Shoup II, was convicted in 1979 of conspiracy and obstruction of justice related to an FBI inquiry into a lever machine-counted election in Philadelphia.
New York City is now prepared to spend up to $50 million to convert its elections to direct recording machines or another electronic system known as "optical mark." the Shouptronic is among the candidates in a furious campaign to win the Big Apple contract.