A Democracy Worth the Paper — Ballot — it’s Written on
By Mark Halvorson and Barbara Simons
As the CIA digs deep to investigate foreign influence on our election, we should recognize that we don’t need cybersecurity experts to tell us if our votes have been accurately counted. Citizen observers can do the job, if we fix the way we vote and the way we verify those votes.
Our democracy is in crisis because we have introduced computers into our voting systems without proper safeguards. First and foremost, every vote must be cast on a paper ballot marked by the voter. In addition, we must require that at least a random sample of those paper ballots be counted by hand to determine if the electronically reported election results are correct.
About 25 percent of the 2016 votes, including almost all of Pennsylvania, were cast on paperless, computerized voting machines. Since software can contain bugs, programming errors, and even malware, we never should have allowed paperless voting machines to record and count our votes, because there is no way to verify that votes are properly recorded and counted inside the machines. Voting on a paperless electronic voting machine is like speaking your vote to a stranger behind a screen and trusting him to cast it for you, without ever seeing the person or how he marked your ballot.
Furthermore, even states with paper ballots tabulate almost all of them using computerized optical scanners. Paper ballots provide no protection unless they are manually checked after the election to verify or correct the computer-declared results.
There are only two ways to independently verify electronic tallies (that is, to confirm whether or not the person behind the screen was honest and accurate): post-election audits and recounts done by hand by examining the original paper ballots.
About half the states conduct post-election ballot audits. A post-election ballot audit refers to hand counting a random sample of the votes on paper ballots and comparing those counts to the corresponding electronic vote counts originally reported as a check on the accuracy of election results. Unfortunately, most current audit requirements are inefficient spot checks, requiring the same percentage of voting systems or precincts to be audited, independent of the margin of victory. Others are even more problematic.
Almost all states have recount laws, but only five states require that state-wide recounts be conducted by hand. The rest conduct recounts primarily by rescanning the ballots, sometimes using the same scanners that produced the original results. A rescan will provide essentially the same results and almost certainly will not detect problems with the software operating the scanners, especially if there is malware. In Wisconsin about one third of the 72 counties chose to conduct rescans instead of manual recounts.
Some audit and recount laws contain provisions that decrease their effectiveness. Audits in Florida and Ohio take place after election results have already been certified. In Vermont and Wisconsin the audits results are not binding on election results. In addition, the recount law in Michigan provides that if the number of ballots does not match the number of voters who signed into the polling precinct, the precinct will not be recounted. (In other words, the only thing you have to do to prevent a recount is remove or add one ballot to the ballot box!)
Regardless of how we feel about the results of our elections, we should be able to dismiss claims of a corrupted election by saying “It did not happen, and here is proof.” Because necessary safeguards are missing from our electoral system, however, all we can say is “How will we ever know?”
Here are three ways to build public confidence in our elections:
1) Ban all direct recording electronic (DRE) voting machines and replace them with paper ballots that can be counted by hand or tabulated by optical scanners.
2) Conduct publicly financed robust audits after every election by manually counting in front of observers a random sample of ballots and comparing that count to the corresponding electronic tally of those ballots. If discrepancies are discovered, expand the audit and count more ballots to maximize the chance of detecting and correcting incorrect election tallies before results are certified. These are called “risk-limiting” audits, and have been endorsed by the Presidential Commission on Election Administration, Verified Voting, and many other election integrity organizations.
3) If a manual audit has not escalated to a full recount in a close election, then candidates and voters should be entitled to a full manual recount.
A healthy democracy, free from post-election speculation and recriminations, requires secure, accurate and independently audited paper ballots. It should always be possible to demonstrate to the losers and the losers’ supporters that they truly lost.
Let the CIA dig deep. In the meanwhile, we’ll count the paper ballots.
Mark Halvorson, founder, former director and current board member of Citizens for Election Integrity Minnesota, organized non-partisan observations of Minnesota’s 2008 and 2010 recounts and created a database for recount laws.
Barbara Simons, co-author of Broken Ballots: Will Your Vote Count?, is retired from IBM research, on the Board of Advisors of the U.S. Election Assistance Commission, Board Chair of Verified Voting, and a former President of ACM, the oldest and largest scientific society for computing professionals.