e-Voting = “Extreme Voting” = a moon shot for democracy ?

E-voting = “Extreme Voting” = “moon shot for U.S. democracy”

California’s Secretary of State office is facing an unexpected early primary in 2008 by performing a “top to bottom” analysis of the preparedness of its electronic voting systems. A series of reports by security and accessibility researchers documents the bad news that flaws abound in 3 commercially provided voting systems and, beyond that, in the policies, procedures, and training that enact voting in a polling place.

My initial reactions to reading the accessibility analysis was that disabled voters were being thrown into a situation akin to an extreme sport, testing their limits of skills and endurance, both cognitive and physical. Likewise for software developers, testers, and certifiers face extreme challenges of time and performance. In sports terms, the athletes, judges, and sporting officials) are participating in a high stakes competition and race toward deployment where the rules of the sport are still being made, marred by rampant reactions to disqualification, maintaining credibility, and keeping the sports attractive to viewers. Is this any way to run a democracy?

Problems documented in the California reports are so varied: wheelchairs don’t fit under polling station tables; voice users take 4 times longer to vote, often requiring standing; voices are uneven in speed and intelligibility; instructions are convoluted, with poor grammar; eavesdropping on votes and large print screens isn’t difficult; keypads require special plus and often fall out, disabling the workstation; personal sanitation practices must be put into place for a succession of voters handling the same equipment; multiple natural languages other than English must be supported; and the list goes on. Even if standard codes of accessibility conformance were met, accessibility is inadequate without usability, which addresses ballot design and the overall ability of the voter to accomplish the task with reasonable effort, accuracy, and satisfaction.

Security? As now documented in a check list of vulnerabilities from many studies in New Jersey and general knowledge of the security education community, voting systems are highly vulnerable to tampering and simple misuse: Physical entrance to change memory cards (using a hotel mini bar key in one study); equipment failure in (don’t we all curse our printers?); add to tabulation difficulties, e.g. complex rules for multiple choice races; ambiguous configurations of hardware and software that make replication of election conditions impossible; unregistered user accounts that might enable login to change results; applications running over an inherently insecure operating system, Windows; and this list goes on. Running a democracy on inherently, well, there’s no better word for it but “flaky” electronic systems is folly if democracy is at stake, both in voting results and in credibility of the process.

Software engineers know well the above manifestations of underlying systemic failure. Source code will inevitably have errors, if not coding mistakes, then problematic conformance with specifications. Getting specifications complete and consistent in both art and science. It is tedious, time-consuming, and expensive to design and execute test cases to identify software failures (e.g. overflow) and assure that all states in a vast space of user and operator actions, invoking the rule of thumb that half of the lines of good code are for handling exceptions. Configuration management is a challenging process in itself, keeping track of components, both hardware and software, and what it means to be version of a system. And we cannot forget documentation for users, which includes end voters, poll workers and vote certifiers, installers, other developers, and buyers. What we’re talking about here is literally millions of lines of code, specs, tests, documentation, procurement, and other artifacts.

Furthermore, voting is complicated by its infrequence, requiring the assembly of special equipment, trained poll workers, and an accessible environment only a few times a year. The success of a voting setup requires enormous outreach to draw voters to their polling places (which may include homes). For people with “special needs”, additional outreach is required to prepare voters for their experience, assuming they have been able to ready themselves for their private voting decisions. Wow, democracy is an expensive process!

In the view of many computer and policy minded people, the U.S. system is inherently flawed by the ideology of the marketplace. Multiple vendors offer competition but not necessarily better products and encumber state and local agencies with complex purchase and CYA decisions. As in many other areas of safety and finance, regulatory protections have been blended with industry self-interests to the point that broad regulation is non-existent independent of the operational purchase and oversight demonstrated by the California state officials.

The kicker for computer scientists, an often libertarian breed, is that source code is unavailable for scrutiny enabling the practice of “{security through obscurity”. Indeed, many of the flaws suspected to undermine the election system vulnerabilities (reported in separate confidential reports) seem to track back to two root causes: (1) violation of rationalized coding practices known to well educated software developers, testers, and tech writers and (2) an industrial practice that never works, namely to attempt to retro-fit security and accessibility onto code modules and designs. The power of “open source” dominates much current thinking about software development in that openness spreads the quality responsibility among many developers and invites improvements from diverse minds without destroying the market place opportunities for customization, maintenance, and general support of open source code ndeed, in some countries, Australia I believe, voting system code is at least open for all developers and crackers, leading, at least in theory, to closing of security vulnerabilities. Yes, this is ideology at war, the proprietary and unregulated versus the transparent and, with sufficient knowledge and effort, regulated by inspection and use. Democracy in the U.S. seems to have become confluent with the marketplace and profit, a potentially, if not already realized, lethal combination.

I am in awe of the California “top to bottom” effort. I have some experience with computer security education, know the high quality of the academic researchers who wrote the reports, and understand quite a bit of the lingo of security and accessibility. That the work was done within a period of a few months is remarkable in ints elf and the reports are eminently readable.

As I read (actually listened to) these reports, I was struck by the magnitude, complexity, and inspiring goal of a credible, accessible electronic voting system. The challenge is comparable in many ways to the JFK challenge to get humankind to the moon in a decade. Lots of engineering and management expertise, the memory of recent deaths of astronauts, the image of the moon hanging there in the sky, the motivation that comes from teamwork, the not forgotten shock of Sputnik, so much spirit headed in the same direction. The year 2000 election is today’s Sputnik, although there aren’t any Russians to race, just our own U.S. political system. The California report suggests many ways of mitigating at least security vulnerabilities and the enormous complexity of addressing all forms of disability in multiple languages. In some ways, the e-voting situation is more complex than a rocket to and landing on the moon because so much human fallibility is involved. The moon shot succeeded with a rethinking of the science and engineering principles from the Mercury to Apollo and the maturing of a few generations of engineers and managers.

My personal voting experience in 2006, first time voting partially sighted was not satisfying. The Election Board told me of their nice new crisp touch screen system but I only managed to make it in for Early Voting on the last afternoon, due to teenage driver scheduling issues. Indeed the screen was sharp and colorful but the overhead lights and the screen in self made me recoil, the continual complaint of the photophobic partially sighted. My driver/nephew read the choices to me and we muddled through a 40 page ballot, losing stamina when it came to the propositions. I had no privacy, surrounded by poll workers and other voters, a bit scary as a blue voter in a red county. Something was printed out, but it could have been a grocery list for all I could see. Well, I take responsibility for not being prepared for my voting experience and have vowed to seek out demonstrations and ask more questions before I next vote.

So, what would I do if I were in charge? The California accessibility report convinced me that the sheer number of human factors makes accommodating every variation of every disability impossible. Democracy must trump accessibility, except for issues of entry to the polling place. Trusted sighted poll assistants that accomplish the voting task in whatever time it takes and at whatever low level of technology required is preferable to a high tech sabotage of election results. Let’s put the accessibility criteria in the category of a moon shot achievable within a half decade provided a new regime of voting systems is attempted. Security dictates only one conclusion: throw out the current systems, adjust the ideology of private vendors to accept transparency, and design the system in the broadest sense, including not only hardware and software but also polling place training and outreach education to all voters.

Here’s a little experiment for sighted people to understand how it might be voting. March down to your ATM with ear buds or ear phones and withdraw $100 from your account. No voice-enabled ATM, go elsewhere, but also complain to your bank. OK, close your eyes and find the little hole to plug in your ear buds, listen to the instructions, and follow through the menus. Correct or cancel out if you make a mistake. Never mind the lines of gawkers behind you if you’ve chosen a busy time. Like that voice? get used to it, we Vision Losers live with those robotic speakers and are thankful for their interaction. Have to memorize keyboard and stretch to the Enter key? Can’t tell where the menus will lead you or how many key strokes to get there? Forgot what you wanted to do? Actually, it’s pretty easy, after a year of monthly practice, only takes me about 10 keystrokes, less than a minute, at Chase Bank, except if the service throws in a credit card offer before returning my card, which causes a bout of cussing and complaint to the nice service people inside the bank. And my favorite ATM serves both walk-up people like me and drivers, so I’m often in line with big trucks. But, my point is that any ordinary citizen can get the flavor of using a service by key and voice only, somewhat like I imagine a voting system for the blind.

Am I over-stating the complexity and significance of e-voting? I really think the model of e-voting as an extreme sport captures the challenges for accessibility and the cross-section of disabilities, and will require a great deal more applied science, testing, and sensitivity to needs if the ultimate goal of private voting for every citizen is to be achieved. And I’m sorry but I think that is a less worthy goal in the near term than a credible election in 2008. Is the level of effort to overhaul and implement a national voting system comp[arable to a moon shot? Yes, but this is 2007, not 1963, and enough is known to do the job well enough, accepting imperfection but not failure, if ideologies can be controlled.
eferenced Links:

California Secretary of State “Top to Bottom” Review with
links to reports in PDF on 3 voting systems and accessibility


Overview, U.C. Davis Prof. Matt Bishop, Study Director

Podcasts on “accessible voting”


5 Responses to “e-Voting = “Extreme Voting” = a moon shot for democracy ?”

  1. grant czerepak Says:

    Very good post. I believe that the current technology will have to be completely thrown out. An internet solution has to be developed where you can place your vote from your own home within a timeframe that is suitable to you. The idea of a brick and mortar voting center has to go the way of the dinosaur.

  2. slger Says:

    I think you’re right if the objective is fully electronic, instantly countable voting, eventually. But, actully I’m even more in the luddite camp of fully paper-ized voting, until it all comes together, if ever.

    Even with Internet-based voting, accessibility problems are tough. Either the voter is fully comfortable with and fluent in the assistive technology for voting or the voting experience becomes a monumentally strenuous and difficult task. My ATM contest is an example: can sighted people walk in off the streets, literally, close their eyes, poke in an ear bud and listen their way through a typical baking transaction? Extrapolate from that experience to the situation for all kinds of disabilities.

    And Internet voting has the additional security problem of denial of service. Given the apparent requirement of conducting an election within a 12-15 hour time frame across the entire U.S. plus a few hours of counting and waiting, any interruption of service anywhere in the country disenfranchises somebody. Same as with local elections now, of course, but the disruptions seem to be an accepted practice, or beyond the ability of citizens and the courts to handle. 50,000 scattered disgruntled voters is one thing, 500,000+ “temporarily unable to logon” would invalidate an election. When can anybody guarantee that level of Interset protection against internal dissidents or external attackers, or even the requisite load on servers?. When?

    Thanks for commenting.


  3. hamrichards Says:

    Coming late to this discussion, I second Grant Czerepak’s compliment about slger’s post. One of the motivations (excuses?) for adding electronics to voting is to level the accessibility playing field for voters with various disabilities, and slger’s insights are insightful, valuable, and authoritative.

    The rest of Mr. Czerepak’s comment is less agreeable. Secure, private voting from one’s own home would be nice, but so would a perpetual motion machine. Just as the latter is ruled out by thermodynamics, the former is ruled out by logic. Mr. Czerepak’s mistake–shared by all proponents of Internet voting in the comfort of one’s home or office–is to overlook half of what’s meant by voting privacy.
    We commonly think of privacy as the ability to keep information from being shared. When it’s election time, you want to cast your ballot secure in the knowledge that no one can find out how you voted.
    In elections, however, the other half of privacy is equally important. It is the inability to share certain information, even if its possessor wants to share it. That aspect of privacy often comes as a surprise to people who haven’t thought about it–if I want to tell someone how I voted, why shouldn’t I be allowed to? Of course I am allowed to, but a properly run voting system gives me no way to PROVE how I voted. This benefits you by preventing me from selling my vote, and it protects me from pressure from an overbearing spouse, parent, or employer.
    If Mr. Czerepak has a plan for voting from home by Internet–or by postal mail, for that matter–which prevents anyone from looking over the voter’s shoulder, I hope he will share it with the rest of us. Until he does, an honest statement of his position is something like, “For the sake of convenience, I advocate a voting system which is vulnerable to serious abuse.”

  4. voting Without Viewing? Yes, but It’s so Slow! « As Your World Changes Says:

    […] Previous post on extreme Voting and a Moon Shot for Democracy […]

  5. Accessible Voting Worked for Me, I Think « As Your World Changes Says:

    […] E-voting = Extreme Voting, a Moon Shot for Democracy on the complexity, accuracy, urgency, and other issues of getting voting right, including disability equity […]

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: