Voting By Computer: A Chip Too Far

When you cast your vote on election day, where does it go after you punch it in the voting-machine? Into the hands of other people, some critics of the system say, because there are no mandatory design standards and little informed oversight of the multi-million dollar voting-machine industry.

"There are no adequate standards established to ensure that the [vote-tabulating] software is trusted," said Roy Saltman. a computer expert at the National Institute of Standards and Technology. "There's no money, no organization that's responsible" for ensuring reliable operation of the computerized machines used by more than 60 percent of voters.

A Wisconsin special congressional election in 1992 saw 4.5 percent of votes cast on computerized voting machines disappear. A March 1993 election in St. Petersburg, Fla. -- won by 1,425 votes -- sparked a legal case in which it was revealed that a computerized voting machine had assigned 1,429 votes to a factory district with no registered voters. In Cleveland, election officials fed several hundred fabricated votes into a computer so they could declare the count completed and then depart for home late on election night in 1992.

These problems lie behind a high-stakes battle in New York over a $60 million contract for 7,000 computerized voting machines, awarded last May to Sequoia Pacific Voting Equipment Inc., a Jamestown, N.Y., company owned by Jefferson Smurfit Group Ltd. of Dublin, Ireland.

Concerns over the security of the vote resulted in an effort to redesign the machines, and create extensive new security procedures for their use, said Danny DiFrancesco, the executive director of New York City's Board of Elections.

"We believe the integrity of the ballot is the most important thing," he said, adding that the machines will be used in a single precinct election in 1995 if they pass security tests.

The technical problem posed by computerized voting has two main elements: making sure each voting machine correctly allocates all votes for Candidate Ernest Sincere to his score, not to rival Candidate Trudy Honest's score, and making sure both candidates scores are correctly tallied by computers at the central voting-counting station.

The problem is growing more difficult, said Saltman. The first generation of computerized voting machines typically had some physical record, such as a ballot card marked by punched holes. But newer voting systems, called Direct Recording Electronic machines, are all-digital and leave no physical evidence for the voters in New York or other cities to review should there be a dispute over the outcome of an election.

Without a paper trail, "how would you prove the system is producing accurate and correct results?" Saltman said.

Government officials are also eyeing plans for next-generation voting techniques, including voting via the much-touted infobahn or even the humble telephone, further increasing concerns among critics.

For their part, they say election results can be corrupted by numerous methods, including accidental misreading of ballots by poorly designed machines, deliberate insertion of vote-switching software routines into the voting machines, or by electronic ballot-stuffing at the central precinct.

The use of computers allows many new avenues for fraud, traditionally practiced with paper-based voting systems, said Eva Waskell, director of a Washington, D.C.-based project on election security sponsored by Computer Professionals for Social Responsibility.

"The [computers] are no better than the individuals that operate them and the individuals that set them up," said Jim Mattox, a Democrat who served as attorney general for Texas from 1983 to 1990.

Defenders of computerized voting point out there have been no convictions for tampering with computerized ballots. But Waskell said there will likely be no convictions for voting fraud "unless someone is very stupid, because the [company-owned software in the] machines can erase all of the evidence" of fraud as soon as the votes are illegally altered.

Any flaws with computerized voting systems can be resolved with the aid of managerial and administrative controls, said Penelope Bonsall, director of the Clearinghouse on Election Administration, part of the Federal Election Commission. "We'll be looking a lot at that matter over the next couple of years," she said. The clearinghouse is concentrating its efforts on boosting voter registration, and has already published voluntary security standards in 1989, she said.

Security can be boosted by carefully combining computer-security techniques with other measures, such as careful election-day procedures, said Doug Webb, a computer security consultant for SRI International of Menlo Park, Calif. But Webb, who has a New York contract to review security documents prepared by Sequoia Pacific for the city voting process, said "There is no such thing as 100 percent security... any [computer] system can appear trustworthy to an inexperienced layman, but that can be deceiving." Webb declined to comment on his review of the Sequoia Pacific document, submitted to New York officials in early August.

Jim Hyssen, head of Sequoia Pacific, said people "should be concerned with security in their elections, whether they are computerized or not..... As with any other decision their elected officials make, they should do that what they are entitled to do in order to make them feel comfortable." However, there is no need for mandatory federal standards, he said, partly because each state has a board responsible for overseeing elections.

But lack of knowledge or funds often causes local officials to short-change security measures.

The largest company in the business is Business Records Corp., based in Dallas, followed by Sequoia Pacific. Other companies include American Information Systems Inc. of Omaha, Neb., and Microvote Corp. of Indianapolis. The voting-machine business is estimated to be worth $10 million to $50 million a year, said observers.

To alleviate concerns over security, the federal government should establish a panel able to promote and support the use of security provisions by the many local jurisdictions in the country, said Waskell.

Among the measures that should be pushed, said Saltman, is the creation of a federal standards-setting body, and the development of secure technology. NIST has the capability to perform these functions, but has no role because Congress excluded itself and its elections from the Computer Security Act of 1987.

Saltman, Waskell and other critics are very pessimistic that the federal government will address the security issue. Members of Congress and other elected officials are "not interested in examining the system that got them elected," said Waskell.