Are non-blockchain Electronic Voting Machines critically flawed?
Around 31 countries worldwide have experimented with non-remote Electronic Voting Machines (EVMs) as a whole or part of their election system. Currently only 20 countries actively employ them. Concerns about their security and transparency have led to programs being discontinued throughout much of Europe, including France, Germany, the Netherlands and Ireland. While EVMs can mitigate some of the costs associated with paper ballots, such as human tabulation and ballot printing, they impose a host of new costs, including buying, updating, storing and servicing the machines.
Problem #1: Transparency Issues
Black Box Architecture
Direct Record Electronic (DRE) systems, particularly those without a Voter-Verified Paper Audit Trail (VVPAT), are intrinsically opaque since a vote is only recorded in the DRE computer’s memory. Results produced by DRE systems without a VVPAT cannot be audited, since there is no audit mechanism to compare against the machine’s memory. Even with a VVPAT, the integrity of these black box systems is not guaranteed, as it is possible to compromise the software interfacing between the machine and the VVPAT, thereby altering both results.
Most voters fail to detect errors in VVPAT record after they have finished their ballot, which diminishes its ability to act as a failsafe against hacks and other vulnerabilities.
No Proprietary Source Code
Another transparency issue that beleaguers many EVMs is the proprietary nature of their source code. Without open source code, the election is effectively at the mercy of third-party providers. This is not just an issue of potential misconduct by these providers — errors in their code could result in changes in the election outcome that would be very difficult to detect.
Problem #2: Integrity Issues
Security Vulnerabilities
DREs have been consistently shown to be vulnerable to a variety of cybersecurity attacks, including the insertion of malicious code which then propagates through links in the electronic voting system’s network. In the Netherlands, critics were able to expose these vulnerabilities, the existence of which were denied by the machine suppliers, by reprogramming one of the voting machines to play chess.
While machines that are connected to the internet or phone systems are the most vulnerable to security issues, these are not the only vectors through which hostile code could be inserted. If the DRE employs a voting card for identification, the cards can be altered to upload malicious code upon insertion. This form of attack, known as an “air-gap attack,” has been successfully demonstrated by security researchers. These are just a few of the many security vulnerabilities that have plagued EVMs.
Outsourcing Vulnerabilities
Another issue is that hangs over the use of EVMs is the challenge of their implementation. As official election staff may lack the proper training and IT skills needed to manage machines themselves, the machines’ on-site servicing and management is often outsourced to the EVM supplier. This effectively outsources the integrity of the election to the EVM supplier as well. The supplier’s special knowledge allows it to act without effective supervision, and consequently, if even one or a few individuals are subverted, they could easily alter an election by inserting malicious code.
Central Tabulator Vulnerabilities
Systems that rely on centralized vote counting machines increase the ways in which an election’s results can be subverted. Central tabulators have been shown to be vulnerable to attacks, just as voting machines themselves. For example, the GEMS central tabulator, which integrates with Diebold machines, can be effectively taken over by entering a 2-digit code in a hidden location. Anyone with physical access to the machine would then have complete control of election results.
Problem #3: Cost Issues
Although EVMs avoid some of the associated printing costs of paper ballots, they are quite expensive in their own right. EVMs cost between US$3,000 to $5,000 each, and approximately one DRE machine is needed per 180 voters. However, the upfront cost of purchasing machines is only a fraction of the total cost of operating these systems. The cost of programming voting machines can range between US$250 to $1,500 per machine every election. Maintenance costs another US$100 to $250 per machine every election. Software must also be re-licensed each year, and the machines must be stored in secure and air-conditioned locations. In sum, the cost of running an election with EVMs can be striking.
Machine Lifespan
Perhaps the highest cost associated with EVMs is machine lifespan. The estimated lifespan for most DRE systems is only about 10 to 20 years, after which time they must be replaced. For the US, which was one of the early adopters of EVMs, a staggering US$1 Billion is presently required to replace its aging fleet of machines. It is critical that these machines be replaced as soon as possible. Not only do machine breakdown cause delays on election day, but older EVMs are far more likely to be subverted by hackers. For example, the U.S. state of Virginia’s recently decommissioned WinVote machines were vulnerable to a security breach because the wireless cards that they employed used outdated Wi-Fi encryption standards.
Accuracy is another issue associated with older voting machines. The AccuVote TSX machine was shown to register incorrect votes when it aged due to a slippage of the touch screen as the glue holding it in place degraded.
Polling Stations
Machines and equipment are only part of the cost associated with non-remote EVMs. Just as in paper ballot systems, polling stations must be established, outfitted, staffed and secured. In fact, these stations often incur greater costs than paper ballot systems.
Conclusion
While many countries are falling back to paper ballots as an alternative to what may be potentially insecure Electronic Voting Machines, future voters will ultimately demand a trustworthy digital voting system. Blockchain offers functionality that we believe can make digital voting successful where prior technologies have failed. We encourage you to learn more about Agora, which is committed to providing a cryptographically secure and fully-transparent voting system that meets the needs of our generation.
