Howard County Maryland Blog

Local Politics and Current Events

MD Voting Reform Likely to Include Paper Trail

Posted by Ed C on Monday, December 11, 2006

On Friday,Dec 8th Computerword reported that Maryland Senate President Mike Miller plans to support a bill that will require a paper trail of electronic votes.

Miller said he had opposed legislation filed earlier this year to require a paper trail of electronic votes because the bill was filed too close to last month’s general election.

The senator said he had feared that local officials wouldn’t have enough time to meet the requirements of the bill. With the next major election two years away, those officials should have plenty of time to ensure that e-voting machines provide a paper trail if such a law were enacted next year, he said.

“A law requiring a paper record of every vote cast would ensure the integrity of the election process, Miller said. “We want to make sure that every vote is counted and secure and that “there is a paper trail,” he added.

The article also quotes Lillie Coney, coordinator for the National Committee for Voting Integrity, a project of the Electronic Privacy Information Center.

[Coney], called voter-verifiable paper trails “the most secure way to audit an election and the most secure way to recover from [voting machine] failures.”

“Maryland has been trying since 2002 to get it right with their voting systems,” Coney said. “This is good news because that’s where we are with the technology.”

This is a good step in the right direction. If this law passes and is implemented correctly, Maryland voters (living, dead and proxy) should be able to have confidence that their votes can be verified and can re-counted if there are questions or suspicions of voting problems. The other part of the equation will be to require a strong form of identification to ensure that each voter matches the voter’s name on the voting registration role.

This may actually put Maryland ahead in ensuring voting integrity. In a related article: Government rejects e-voting paper-trail proposal

A U.S. government board looking at ways to improve the security of electronic voting has rejected one proposal that would have required election officials to use paper-trail ballots or other audit technologies with the machines.

The Technical Guidelines Development Committee (TGDC), an advisory board to the U.S. Elections Assistance Commission (EAC), on Monday failed to pass a proposal to certify only those direct record electronic (DRE) machines that use independent audit technology. Before the 6-6 vote, TGDC members expressed concerns that a requirement would create a costly mandate to local governments.

An advocate of paper-trail audits, Eugene Spafford, chairman of the U.S. policy committee at the Association for Computing Machinery (ACM) said the proposal was:

“a much-needed step toward making certain that voting systems are secure, usable, and reliable”

“Software independence avoids reliance on the accuracy and security of the voting machine software in order to verify an election outcome,” “The … initial recommendation was well-grounded, carefully balanced, and addressed an issue that is critical to the integrity of our election process.

Opponents of requiring an audit trail cite concerns of the cost to jurisdictions that have already spent their funding to update election equipment.

“I’m not sure that we’ve really proven that the processes that state election officials have used for a few decades now of testing and verifying that the systems work … are failing,” said Paul Miller, voting systems manager at the Washington state Secretary of State’s Office. “Now we’re adding another requirement.”

But Brittain Williams, representing the National Association of State Election Directors, said the U.S. banking industry has largely figured out how to conduct large-scale electronic transactions with few mistakes. “You say all software is buggy,” he said. “The question is, can you test it to an acceptable list of security? The banking industry … moves billions of dollars around every day with this buggy software without ever producing a single piece of paper.”

I don’t think the banking analogy holds up in this case. Its not the “quality” of the software that should be an issue. Software can be written and tested to very high levels of reliability and confidence – at a cost. Think Space Shuttle software:

The software is checked very carefully in a bottom-up fashion. First, each new line of code is checked, then sections of code or modules with special functions are verified. The scope is increased step by step until the new changes are incorporated into a complete system and checked. This complete output is considered the final product, newly released. But completely independently there is an independent verification group, that takes an adversary attitude to the software development group, and tests and verifies the software as if it were a customer of the delivered product. There is additional verification in using the new programs in simulators, etc. A discovery of an error during verification testing is considered very serious, and its origin studied very carefully to avoid such mistakes in the future. Such unexpected errors have been found only about six times in all the programming and program changing (for new or altered payloads) that has been done

If you think adding a paper audit trail is expensive, try getting a quote on writing Mission Critical software.

For me, where the banking analogy breaks down is that finical institutions have an adversarial relationship with each other and with the customer when performing transactions and there is an independent way to validate each transaction.

When you walk up to an ATM machine to withdraw some money you present a card and provide a PIN number to verify that you are authorized to perform the transaction. This strongly identifies you to the bank. (Only you should have the card and at the same time know the PIN.)

You make the withdrawal, the ATM gives you some money and your account balance is updated. The transaction is verified in a number of independent ways.

  • You get a statement – If you see any discrepancies you can notify the bank.
  • At the end of each day, each bank balances its books. If the columns don’t add up the bank will start an investigation. They know which account the money came from and went to.

With voting, some of these checks are deliberately prohibited – voting is designed to be anonymous. Without a voter verifiable trial (a statement) you can have no idea that the machine registered your vote correctly. You don’t get to see a running total so that when you vote you can see that the count for Gov. Ehrlich went up by one (and only one) and that O’Malley’s count stated the same. The Board of Election has no way to determine who you meant to vote for (they can’t check you account balance.)

When the polls close and the final counts are read from the machine there is no way to tell if the counts are correct. You can check that the number of voters does not exceed the number of votes cast, but that’s it. Maybe a just a few votes were switched from “the good guys” to the “bad guys”, there is no way to tell. A few votes per machine and you can change the result of a close election.

And don’t forget under-vote. Maybe you only meant to vote for the Judges but the machine snuck a vote for Boyd/Madigan or Driscoll/Rothstein in. The machine totals will still add up because the counts do not exceed the number of voters and there is no way to tell any different. And in the next election, the Green Party demands to be included in all debates because they received 5% of the vote last time. Okay, they are going to demand this anyway, but even without changing the outcome of the election there can still be consequences.

You can test the machines to you hearts content. But you will need to test every permutation of votes. You should also make sure that you set the day and time of the machine so that it is the same as election day. You need to test endless other possibilities and you still will have just tested things that “you” have thought of.

So, we can develop software at enormous cost with all of the controls required for the space shuttle and then deploy it on hardened / protected systems so that you can guarantee that the software you developed is the software that actually runs on election day. Or you can provide a paper-trail. The voter can determine that the individual votes are correct and as long as the integrity of the ballots is protected you can go back at any time and recount to validate the results.

Another factor that should not be ignored is voter confidence. A piece of paper is real, its tangible. You can hold it in you hand and then file it away in a box. People are used to dealing with paper. You can try to explain all of the safeguards, the testing and validation and controls that are in place with an electronic voting machine but to most it will never be real. If their candidate does not win it will be a conspiracy. Show them (or their lawyers) boxes of paper and they will need to find another windmill to attack.


One Response to “MD Voting Reform Likely to Include Paper Trail”

  1. bsflag2007 said

    This is only reasonable — there MUST be a verifiable paper trial.

    Now, of course, we should prepare for a hand count at least the first time – if only to add a level of confidence to the electronic results for future elections.

    Cindy Vaillancourt

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: