E-Voting's Continuing Scandals

Dan Gillmor is a BoingBoing guest-blogger.

Brad Friedman at the Brad Blog has been keeping up on the latest too-real news about the nation's voting machines and the people who sell, buy and operate them. Two recent postings send the outrage meter way into the red.

First is California's continuing effort to clean up the mess it's made over the last few years. It's going to be harder than anyone imagined. As we learn in this post:

Even the audit log system on current versions of Premier Election Solutions' (formerly Diebold's) electronic voting and tabulating systems --- used in some 34 states across the nation --- fail to record the wholesale deletion of ballots. Even when ballots are deleted on the same day as an election. That's the shocking admission heard today from Justin Bales, Premier's Western Region manager, at a State of California public hearing on the possible decertification of Diebold/Premier's tabulator system, GEMS v. 1.18.19.

Then there's the incredible charges in Kentucky, where officials are said to have literally changed votes after the fact:

The Kentucky officials arrested and indicted today, "including the circuit court judge, the county clerk, and election officers" of Clay County, have been charged with "chang[ing] votes at the voting machine" and showing others how to do it!

It all makes you wonder if we're ever going to have voting we can trust.


  1. Low tech solutions are usually best. Here in Canada, we have the inside scrutineering system with pencil and paper ballots that seems to work reasonably well. With representatives from local parties observing the ballots being counted by hand and reporting back to their respective campaign headquarters, there is less likelihood of fraud (at least at the local level).

  2. I was going to write just the same as #1:

    Pencil and paper ballots, counted by hand – what we use here in Denmark too.

    Votes are counted in the presence of officials randomly (more or less) selected from the members of all political parties. Electronic voting is an invitation to fraud UNLESS it has a 100 % clear paper trail making a recount by hand actually possible – but then, nothing is gained from being electronic.

    Voting is possibly one area where “hi-tech” does not equal “good” or “efficient”.

  3. “It all makes you wonder if we’re ever going to have voting we can trust.”

    No, thanks for playing.

  4. What I find absolutely astounding is that apparently it’s too difficult these days to make a machine that simply counts. Really, how hard is it to make a box that counts button presses and doesn’t even have an interface or means for deleting or changing any information other than a complete reset?

  5. We don’t have democracy unless we can trust the voting system.

    Is there a line forming for the angry people? Just point me to it.

  6. #4 Sc0tts0: I was thinking the same thing. Why were the Diebold machines made so sophisticated in the first place? What’s the point in including functionality which should never ever be used? Why have a “fuck up the election” button?

  7. “Why have a “fuck up the election” button?”

    Well, take a moment to think (and breathe a bit) and you’ll have your answer.

    Hint: It’s cause it pays some particular people pretty good to fuck up the election.

  8. Why have a “fuck up the election” button?

    That seems one of those questions that comes with its own answer.

  9. #4 No kidding. Nearly every day here on bb or other sites I see people do some AMAZING stuff with ten year old pc hardware or radios or broken bicycles or whatever! But apparently making a system that can keep track of a very short series of yes/no questions or what number you selected when given eight choices is impossible.

  10. Plus, a machine that simply counts button-presses, in a simple, mechanical way that can’t be easily messed with would cost fuck-all compared to a Diebold-style monstrosity. Bit like a more sophisticated bus conductor’s ticket machine maybe?

  11. Pencil and paper here in Australia as well. We have a national Electoral Commission to oversee all voting.

    I can just see the wingnut hysteria such a simple system would stir up in the U.S.

  12. So who was the State’s bureaucratic asshat(s) that advocated the specs & reqs for these machines? Who developed the testing regime? There is severe incompetence here, and it isn’t only on Diebold’s part.

  13. Voting you can trust = Everyone has mail in ballots.

    Then you just have to secure the physical ballots.

  14. In 2006, HuffPost published this entertaining bit, “Marty Kaplan: How to Hack a Diebold Voting Machine”:


    except that… ruh roh, it looks like it’s off-line (temporarily? or have Our New Masters managed to take it down forever?), but the post cites this (again, 2006) source:


    I am all for paper-and-a-marking-tool voting system. Corporations (and yeah Diebold is but one) pretty much run the joint in D.C. so I wonder if we’ll ever get the chance to go back to our old paper voting system again.

    @ #5: I think we-the-American-people as a majority will have to get a lot hungrier, more uncomfortable, more challenged than we are right now before you see that line forming. I mean, those of us who aren’t already challenged enough working our asses off just to pay the electric bill and put food on the table.

  15. Voting should be cryptographically secure — can anyone imagine a higher application of crypto? We’ve been doing this for years with other information — secure hashes, signatures, the works. It’s very very, mathematically difficult to change secure data without breaking a checksum or signature somewhere.

    Are we not doing this with votes?

  16. There is always a hole somewhere, but the minimum standard for electronic voting should be that it no worse than paper.

    There are serious flaws with paper mind you. Votes can be “lost” intentionally or unintentionally. No matter how simple the ballots are, a measurable percentage of people seem not to understand how to vote properly and inevitably makes mistakes. Worse though is that they are simply hard to count and people make mistakes especially in places with ranked choice voting which involves more than adding 1 for each ballot to calculate a winner.

    I’ve always thought the simplest solution is simply to have a machine that prints out a scanable ballot. The voter votes on the first machine that prints out a filled out ballot and keeps a tabulation of the current counts. The voter inserts the scanable form into a second machine made by a different manufacturer into another machine that counts the ballots. The second machine shouldn’t even need to know about the election – that is, it should be dumb. At the end of the day, the people at the ballot place take 200 random ballots and do a tabulation for a third count. At this point, if both machines agree with each other perfectly and the count made by the 200 random ballots is within an acceptable margin of error, you’re reasonably certain everything is ok.

    As a final fail safe, you could ship all the ballots to a central location and scan them a second time to ensure you come up with the same number.

    Vote by mail may work for Oregon, but frankly I can’t imagine a worse system to prevent voter intimidation or vote selling – something our current system of anonymous voting without a take-home paper trail accomplishes quite nicely.

  17. Aloisius @ 20: You’re describing a system very much like the Open Voting Consortium‘s system, which I wrote about years ago. I haven’t followed their subsequent development closely, but I do know the fundamental architecture hasn’t changed all that much.

  18. takuan, has anyone done a follow-up investigation into connell’s plane crash? i have searched and searched, but never heard another word about it.

  19. **It all makes you wonder if we’re ever going to have voting we can trust**

    …did we, & i missed it?

  20. Trust is something to earn in todays world. Hard to come by anymore. What you mean we white man?

  21. As a real life voting official I have a few things to say…

    1. When the voting machines are handled the same way as paper ballots (i.e. have representatives present during tabulation and programming) they should be secure. We require this by law in Virginia. We keep them in locked cages at all other times.

    2. The old fashioned lever machines weren’t perfect, but they were simple machines that could reliably count votes and were not particularly prone to tampering – pretty much what a couple of previous posters were proposing. They were banned in most jurisdictions by the “Help America Vote Act”. Most were sold for scrap metal.

    3. Anybody can tamper with paper ballots if they get access to them. This requires no special expertise. History is full of instances of paper ballot tampering.

    4. Nobody can tamper with electronic voting machines if you actually prevent access to them.

    I obviously like the electronic voting machines, but I also think voting officials have to recognize that enough people distrust them to such an extent that we need to use machines that produce a paper trail. Most vendors offer or are at least working on add-on printers for the electronic voting machines.

  22. #26 made some posts on other threads that indicated a sleeping beauty. The problem with most sleeping beauty’s is that they wake up stupid. Leadership used to be determined by agreement. The vote opened the door to all sorts of lies and deception. Our new president won because enough of us overwhelmed the system. The contamination of people with agendas fingering the voting machines is just to easy. Going back to raise your hand is more reliable.

  23. I’m confused as to why we can’t have a public/private kind of receipt system…

    1. I go to vote and push all the super buttons on the complex and expensive machine.

    2. I am given a receipt that lists all the things I voted for, along with a unique tracking code.

    3. All the votes are visible to everybody on an open, Internet system, but listed by tracking code. Anybody can look at the totals, and individual ballots, and do the math.

    4. I can go to the site and see if my vote got screwed with; ie, I check the votes tabulated to my tracking code against the public record of such. If there’s a difference, I report it to the Appropriate Dude.

    If you had concerns about keeping it more secret, you could have a ballot receipt where the code acts as a password; I can log in and see that the record of my voting matches my receipt, but others (besides those counting the votes) cannot.

    This is the same way I balance my checkbook to make sure that what I paid for at Walmart is what my debit/credit card got pinged for. If the online record doesn’t match my signed receipt, I make a call.

    Am I missing something? Or would this work kinda ok?

  24. The main problem with the voter taking home a receipt is vote buying and/or intimidation. We’ve had problems with this historically in Virginia, even in the past few years. If the receipt goes in a ballot box though, I don’t see a problem. The technology to print out a record of the voter’s ballot is within our reach, I think.

    Not sure about the sleeping beauty comment… guess I’m too stupid to get that one.

  25. I lived in Clay County for a while way back when, so these charges are no surprise at all. Traditionally, voters were paid to vote a certain way, so at least the citizenry got something out of it, such as a pint of whiskey or not getting fired. The new machines just make it cheaper for those in power.

  26. I’m from Texas, and I voted in the last election. I, too was concerned with Diebold, or whatever they call themselves now. I was very relieved when I showed up at the polling station and was handed a PAPER ballot, and sent to a little booth, which contained a pen. After finishing the ballot, I put it in a locked steel box. I know they could have just fed those ballots to a Diebold machine, or to the nearest shredder, but it somehow reassured me that my vote was properly counted, and I didn’t have to wrestle with the dilemma of “should I vote on the machine anyway?” or “Walk out, because whatever button I push will count for McCain?” So even in Texas, some people got paper ballots, and I hope that mine was not the only polling station that did business that way. AND there were no lines. Weird.

  27. Aloisius@20:

    There is always a hole somewhere […] There are serious flaws with paper mind you.

    Thank you for making this point. I’ve seen plenty of articles decrying problems in e-voting systems, but the real question should be, how do problems in e-voting systems compare to problems with paper ballots. Such a comparison must be out there, but it’s not getting a lot of exposure.

  28. @32 — It’s a little tricky comparing the paper ballots to electronic machines, because paper ballots have been around long enough to have a well documented history that includes fraud in some cases (though the fraud can be prevented). The electronic machines are so new that it’s hard to judge their track record.

    Meanwhile, the lever-machines were around for nearly 100 years with hardly any documented fraud. Yet, that’s the system that got rejected in the HAVA act.

  29. It all makes you wonder if we’re ever going to have voting we can trust.

    I’m so sick of this being raised as an issue over and over again and the solution being ignored.

    Cryptography has already solved this problem!!!

    * zero-knowledge proof
    * dining cryptographers protocol
    * end-to-end auditable voting system

    In brief: You can have mathematically tamper-proof electronic voting that is completely open-source (i.e. transparent) and that doesn’t reveal who you voted for.

    As one side-benefit of this, everyone could have the ability to conduct their own independent recount electronically, which would ostensibly be free and take maybe a day to compute.

    There’s no good reason to justify equating “electronic voting” with DRE machines, which given the above (published since the 1980s), seems to only have the purpose of painting a thin veneer of legitimacy over an electoral fraud system.

    There’s also much to lose by going back to paper ballots, as they’re not perfect either and exorbitantly expensive to do recounts with.

  30. In cryptography, a blind signature, as introduced by David Chaum, is a form of digital signature in which the content of a message is disguised (blinded) before it is signed. The resulting blind signature can be publicly verified against the original, unblinded message in the manner of a regular digital signature. Blind signatures are typically employed in privacy-related protocols where the signer and message author are different parties. Examples include cryptographic election systems and digital cash schemes.

    An often-used analogy to the cryptographic blind signature is the physical act of enclosing a message in an envelope, which is then sealed and signed by a signing agent. Thus, the signer does not view the message content, but a third party can later verify the signature and know that the signature is valid within the limitations of the underlying signature scheme.

    Blind signatures can also be used to provide unlinkability, which prevents the signer from linking the blinded message it signs to a later un-blinded version that it may be called upon to verify. In this case, the signer’s response is first “un-blinded” prior to verification in such a way that the signature remains valid for the un-blinded message. This can be useful in schemes where anonymity is required.

    Blind signature schemes can be implemented using a number of common public key signing schemes, for instance RSA and DSA. To perform such a signature, the message is first “blinded”, typically by combining it in some way with a random “blinding factor”. The blinded message is passed to a signer, who then signs it using a standard signing algorithm. The resulting message, along with the blinding factor, can be later verified against the signer’s public key. In some blind signature schemes, such as RSA, it is even possible to remove the blinding factor from the signature before it is verified. In these schemes, the final output (message/signature) of the blind signature scheme is identical to that of the normal signing protocol.

  31. IIRC didn’t diebold previously specialize in producing machines that dispensed the one think lacking in todays e-voting machines – receipts and tickets?

    @37 According to the pollsters, I think most American’s were ashamed of who they voted for in 2004 – Nyuck nyuck!

  32. Are you ashamed of who you vote for?

    How about, “I’d be fired if the company I work for found out who I voted for.”

    Sure, it wouldn’t officially be because I voted for Ron Paul, but there’d suddenly be much more scrutiny over my job performance, real or more importantly perceived.

  33. Surely none of our politicians would ever actually steel an election right?


    Sigh. I suppose, at least, now the e-vote-theft goons can no longer say its never been shown to have happened.

  34. Lizard,Zuzu,
    Thankyou for your replies,Those things are a shame
    and are very telling,sorry that it has to be like that,
    I guess it is not as charged here(AUS),mostly we don’t care who is in,only that they do a good job
    not what name is on their sleeve.


    2004-Yeah dude,Thanks for the Lulz..:)

    Sorry,That is sad that you would be picked on for your (right :) choice,I like Ron Paul,he has integrity and Honour from what i have seen.

  35. You may have noticed that there’s one thing I don’t complain about: Politicians. Everybody complains about politicians. Everybody says, “They suck”. But where do people think these politicians come from? They don’t fall out of the sky. They don’t pass through a membrane from another reality. No, they come from American homes, American families, American schools, American churches, American businesses, and they’re elected by American voters. This is the best we can do, folks. It’s what our system produces: Garbage in, garbage out.

    I have solved this political dilemma in a very direct way: I don’t vote. On Election Day, I stay home. I firmly believe that if you vote, you have no right to complain. Now, some people like to twist that around. They say, “If you don’t vote, you have no right to complain”, but where’s the logic in that? If you vote, and you elect dishonest, incompetent politicians, and they get into office and screw everything up, you are responsible for what they have done. You voted them in. You caused the problem. You have no right to complain.

    I, on the other hand, who did not vote — who did not even leave the house on Election Day — am in no way responsible for that these politicians have done and have every right to complain about the mess that you created.

    — George Carlin

  36. Isn’t it ironic that the one symbolic action representing the freedom of choice and peoples empowerment is being constrained to an imposed format?!

    A symbol of choice becoming a symbol of the lack thereof.

  37. A few days ago German supreme court issued a sentence making it (currently) impossible to use electronic voting machines in Germany..

    The telling argument is (paraphrased, from memory):

    “the paper voting system allows any member of the interested public to follow and supervise the complete process of counting the votes – without ANY special and additional (technical) knowledge”

    The German supreme court also stated that it is ready to allow technical voting systems (electronic of otherwaise) that will conform to the above standard.

  38. The UN and the Carter Center both have demonstrated expertise in running and observing voting. Why don’t we go ask them?

    I suspect it is the embarrassment factor. The supposed world leader in democracy should not need help from the people who made elections work in places like East Timor and Congo.

    You know you are dealing with arrogance and ignorance when one party refuses to seek help from an a more experienced party and instead bumbles on. Certainly not very good leadership for the supposed world leader in democracy.

    It appears that once again, the citizens will have the drag the government, kicking and screaming, to the future. I’m really impressed with the stuff they are doing in Humboldt County, CA.


  39. The UN actually did send observers to the 2008 election in the US and in 2004, I believe. They were satisfied with the way we run our elections.

  40. I vote paper.

    The two chief points of opposition to paper ballots on this thread seem to be the fact that if you get to them you can tamper with them (gurduloo @26) and that the cost of a paper ballot recount is expensive (zuzu @35).

    However, as we have seen, if you can get to the electronic machines you can tamper with them, too.

    Also, I fail to understand why a paper ballot recount would be (or would have to be) exorbitantly expensive. In Canada, those supervising the process (one from each party) aren’t paid to do so. And those working for Elections Canada aren’t paid well. Surely it can’t be more expensive than to have multi-million dollar court battles to decide who wins.

    The reason Canada hasn’t switched away from paper ballots is because it’s a simple, cheap, relatively tamper-proof system with an easy-to-trace paper trail. Can the same be said of any electronic methods?

  41. #12 Gilbert Wham

    “Bit like a more sophisticated bus conductor’s ticket machine maybe?”

    Bit like a less sophisticated bus conductor’s machine if you think about it, those devices are seriously impressively complicated.

    At its lowest you’re talking about a set of the little clickers that bouncers use to record the number of people inside a nightclub as all you actually need for automatic counting – you put your voting card in a slot to unlock the mechanism, you press one button, it increments one of the counters and the mechanism locks and bites out a chunk of your voting card so you can’t use it again. At the end you just read the counters, send them to a central counting office for checking and then add up the whole total.

    We don’t even need electronic voting, if we want to automate counting we could just use a mechanical device.

  42. speaking of continuing scandals..

    I’m still amazed every time I hear Al Franken & Norm Coleman are still fighting out the Senate election…
    that’s now mutated into bobbleheads.

  43. i think we should forget about democracy – if we need permanent markers, or machines – and just take over the joint.

    there are enough of us, aren’t there?

  44. However, as we have seen, if you can get to the electronic machines you can tamper with them, too.

    No, you can’t, if you use the cryptography I mentioned. It’s as mathematically unlikely as breaking someone’s PGP encryption.

    Yes, Diebold and DRE machines are practically designed for electoral fraud, but don’t equivocate that with all electronic voting.

    The reason Canada hasn’t switched away from paper ballots is because it’s a simple, cheap, relatively tamper-proof system with an easy-to-trace paper trail. Can the same be said of any electronic methods?

    Yes, only if you use the cryptography I mentioned.

    At its lowest you’re talking about a set of the little clickers that bouncers use to record the number of people inside a nightclub as all you actually need for automatic counting – you put your voting card in a slot to unlock the mechanism, you press one button, it increments one of the counters and the mechanism locks and bites out a chunk of your voting card so you can’t use it again. At the end you just read the counters, send them to a central counting office for checking and then add up the whole total.

    That’s only true for DRE voting machines, not all electronic voting systems.

  45. I was pointing out how simple an automated counter actually is, the clickers I was thinking of are these things:


    You just press the button and the number goes up by one, fancier models even let you click another button to take one away. That’s automated counting at its most basic level.

    If you need a computer to do the function of that little clicker you should consider that maybe you’re over engineering the problem.

    Fundamentally a voting machine has to sit still and tally up votes and then tell you how many were counted at the end. It doesn’t need to do more than that, it’s when you add more functionality that you start to get “mess up the election buttons” appearing.

  46. The faux (or misguided) outrage over the voter registration fraud carried out by low level Acorn workers trying to make a quick buck by not doing their jobs really stands out against the incidents that are linked to in this article.


    How could anyone think that asking lots of individuals to commit a felony by voting fraudulently is a better way to steal an election than by doing it covertly at the point of counting the votes or by preventing lots of legit voters from voting by caging lists or intimidation / misinformation?

  47. As an election administrator, these kinds of stories infuriate me, and they should everyone else, because in my own county, there are typically 850 obstacles (e.g., political and logistical) in running an election–outside of fighting with a machine vendor who may or may not be unscrupulous or unofficially associated with a political party.

    Without releasing names, our Election Board recently voted to change our election vendor to a smaller, more service oriented one. We did this largely in part to ensure that we knew exactly what that vendor was doing with each vote. Even though I know how all the hardware and software works, there were still aspects of the process that we were told by our vendor we weren’t able to be a part of. This was crap, our Board recognized it as crap, and we dumped them.

    No matter my party affiliation, my mission is to hold free, fair, and transparent elections–always. I wish I could say the same for some of my colleagues.

    1. The fact that paper ballots require so many volunteers to deliver, count, etc. seems like an advantage. It involves more people in the voting process itself, so that democracy isn’t just a division of Weyland-Yutani.

  48. >if you use the cryptography I mentioned.
    The public can easily evaluate and maintain the security of paper ballots. That isn’t true of your solution. This is about public trust, after all.

  49. @61 An advantage in the sense you mentioned perhaps but also a drawback in the already mentioned sense that more hands means more links in the chain with a potential to be broken. There may be a ‘sweet spot’ number where it is a benefit but there is certainly a point where there are too many and becomes a morasse or worse a corrupted morasse

  50. @57 –

    The machine you’re reinventing was in use all over the USA until the HAVA act. They’re called lever machines, or officially “Direct Recording Voting System”. I really liked them. They weren’t 100% tamper proof, but more so than any other method I can think of (including paper ballots).

    The reasoning behind the discontinuation of their use is that they don’t leave a record of anyone’s individual ballot, just the total votes for each candidate at the end of the day. The Diebold style DRE machines actually keep an internal record of each individual ballot cast.

  51. I understand why the government would outsource the production of voting machines to a private company, but one of the conditions for such a contract should be radical transparency. If you want us to buy your voting machines then there can be no such thing as a “trade secret” relating to their production. The blueprints, the circuit diagrams, and every line of code should be a matter of public record.

  52. I think the basic problem, in the view of the Rest Of The World, is that Americans simply do not get it.

    Electoral Reform, Health Cover, Education Funding, you name the problem and all you Americans can do is frame the solution in terms of the failed but existing framework.

  53. #63 Gurduloo

    Precisely, and I thought they were just about the archetypal “voting machine” and this is me saying they should have been kept. The more functions you build onto a voting machine the more loopholes start to (unintentionally, we hope) crop up.

    I personally don’t see only counting the aggregate number of votes as a downside – that’s actually a constitutional norm in Britain, the secret ballot.

    With respect, you don’t need PGP signing when what you need is to be able to say “candidate A got 5 votes, candidate B got 10 votes.”

  54. The QuickBrownFox has it right.
    Americans just do not get it: and when the going gets tough, their Media go into “self-exmination” mode (as if someone threw a switch): they stop reporting the story, and instead report the controversy “erupting” over their (ie the Media’s) own coverage of the story.
    Without a prepared script, their Media become literally clueless…and for most “predictable” stories (ie plane crashes. auto accidents, crime) there are “shelf scripts” already in place.

  55. We’ve had voting machines, here in the Netherlands. Then, a group called Wij Vertrouwen Stemcomputers Niet, “We Do Not Trust Voting Computers”, produced proof that the voting machines could conceivably be tampered with. The government then did something totally awesome: they responded competently. All voting machines were recalled, and the country is now back to the paper ballot.

    Zuzu: No matter how good the crypto is, there’s no way I can look straight through a voting machine. I will never put my faith in the damn thing.

  56. Antinous @ 61:

    The fact that paper ballots require so many volunteers to deliver, count, etc. seems like an advantage. It involves more people in the voting process itself, so that democracy isn’t just a division of Weyland-Yutani.

    That may be the smartest thing anyone has said in this thread so far.

    I know of no system that cannot be corrupted by a enough people on the inside conspiring to do so. Trustworthy people can provide an honest election with the shittiest of systems.

  57. #56 Zuzu, if you build an impregnable door, the thieves will go through the wall. Even if the theory is sound, and you can’t break the cryptography, we will see people attacking the implementation.

    The problem with electronic voting systems is that 99% of the population is unable to verify it’s “honesty”. Even if the source code is available, most people would not be able to understand it, or know anyone who could. They would have to rely un “experts” they do not know, who may not be trustworthy. Even if you’re a programmer, there’s no way to verify that the program you examined is actually running in the machine on voting day.

    As the German court said, a paper system is simple to verify. Anyone can spend the whole day at the polling station, see the people voting, and in the evening, watch the votes being counted one by one. Neutral monitors will usually do this in a random fraction of the places, and the candidates’ supporters will verify all the locations. Curious people may also watch, but most people just go home and watch it on TV.

    The only advantage of an electronic system is that you can get the result much faster. However paper systems usually takes only a few hours. After campaigns that lasts weeks or months, and the vote that took all day, saving 2 hours at the end is not worth the loss of confidence in the electoral process.

Comments are closed.