Here are two overlapping stories. First, Tucsonan John Brakey, head of AUDIT-USA and longtime election integrity watchdog, recently received a cease-and-desist order from Election Systems & Software, one of the big three election machine companies. Second, a lengthy article in this week's New York Times magazine details the very problems Brakey is concerned about: ways voting machines can malfunction or be hacked which can change election results, turning winners into losers and losers into winners.
Brakey put instruction manuals for ES&S voting machines on his AUDIT-USA website
. They look like the typical, detailed user manuals we get when we buy software packages, but ES&S doesn't want them in public view. The company wrote Brakey a cease-and-desist letter demanding he take the material down. If not, the company threatens to take him to court for copyright violation.
Has Brakey violated copyright law by posting the ES&S manuals? I won't venture a lay person's opinion, though I've talked with people who say, as with many copyright cases, there's not a clear answer. But another question has a clear answer for me. Should a company whose products are used to count votes in elections be allowed to work in secret, out of public view? My answer is no. When one of the foundations of our democracy, free and fair elections, is at stake, machines and software created by a private, for-profit vendor should not collect and tally votes under cover of darkness. If bad actors can change election results at will, it's game over for our democratic system.
Brakey's reaction to the cease-and-desist letter? If a company which works so hard to guard its secrecy wants to take him to court, that's fine with him.
The New York Times magazine article is titled, The Crisis of Election Security
. The shoddy programming described in the article, the gaping security holes, the ease with which the machines can be hacked and votes altered, were serious problems when the voting systems were first put into common use. Today, when we know Russian hackers have their tendrils in our election systems, the possibility that election results can be changed by a foreign power is all the more frightening.
We know the machines have had problems in the past. Some examples in the critical Ohio election during the 2004 Bush-Kerry race illustrate what can happen. One Ohio precinct tallied 5,258 votes for Bush, though only 638 votes were cast. The vote total was corrected in that case, but we have no way of knowing if less obvious errors went unnoticed. In some precincts, voters complained that when they touched the screen to vote for Kerry, it came up as a vote for Bush. In other precincts as many as 25 percent of the ballots were said to have left the presidential vote blank, an unheard of number.
Were these honest mistakes, simple machine malfunctions? If so, those innocent mistakes may have changed the presidential vote outcome in Ohio, which would have changed the outcome of the presidential election. Even worse, was it a case of purposeful fraud? We don't know.
A congressional inquiry found “numerous serious election irregularities” in Ohio but ultimately couldn’t conclude whether fraud had occurred.
In fact, we have no hard evidence that voting machine software has been manipulated in any election. Then again, neither local nor national election officials have spent much effort trying to find out.
“We should always be careful to point out that there hasn’t been any evidence that votes were changed in any election in this way, and that’s a true fact,” said Matt Blaze, a computer-science professor at the University of Pennsylvania and a voting-machine-security expert. “It’s just less comforting than it might sound at first glance, because we haven’t looked very hard.”
What we do know for certain is that someone with computer programming skills, access to voting machines and malicious intent can change vote totals without leaving a trace. We know the voting machine industry, which pulls in $300 million a year, is notoriously secretive. And we're seeing the curtain of secrecy being pulled even tighter now that election integrity groups are becoming more visible and the federal government is under pressure to look more carefully at our election systems.
Even now, when the country is desperate to prevent Russian hackers from interfering with future elections, the company [ES&S] is more focused on asserting proprietary control over its systems than on working with communities of researchers who want to secure them. In addition to the comments it sent the Copyright Office, it also sent a vaguely threatening letter to its own customers, warning them against helping researchers by providing them with voting-machine software to examine.
The cease-and-desist order ES&S sent to Brakey is a part of the industry's larger attempts to keep its secrets secret. But in this case, there's an irony. Brakey and others want to publicize an improved option in the newer systems, a security feature called "digital ballot images," which can be used to audit election results. "A lot of elections officials don’t understand it," Brakey writes, "and we’re finding that many are even disabling it. So we often help elections officials see how this feature works, why it’s important and how to use it. ES&S could see that as helpful!"