Virginia Says “No” to Touchscreen Voting - WhoWhatWhy Virginia Says “No” to Touchscreen Voting - WhoWhatWhy

Virginia Board of Elections, DRE
Photo credit: Adapted by WhoWhatWhy from Mark Warner / Flickr (CC BY-SA 2.0) and Verified Voting.

Virginia Says “No” to Touchscreen Voting

“It’s About Time,” Say Experts

09/13/17

The state is off to a good start after decertifying its highly vulnerable DRE voting machines. But it still has work to do if it wants truly secure elections.

For years, cyber security experts and voting advocates have pleaded with election officials to purge touchscreen Direct Record Electronic (DRE) voting machines from our elections. And while some states were receptive to their message, others stubbornly resisted while downplaying the risks. It seems Virginia has finally switched camps with last week’s announcement that it would immediately decertify DREs statewide.

In 2015, Virginia phased out one particularly troublesome DRE — the WINVote — and planned to follow suit with the rest after passing a law to eliminate its remaining DREs by 2020. But the state’s election department recommended that the Board of Elections act urgently to expedite the process, given the “current security environment surrounding election administration,” and the highly-publicized decimation of DRE security measures by Def-Con hackers.

Only eight states had audit laws deemed “Good” or “Excellent” by Verified Voting. Twenty-eight — including Virginia — are rated “Inadequate.”

WhoWhatWhy has written previously about the numerous pitfalls of these machines, including a Wi-Fi capability that leaves the device susceptible to smartphone interference.

But the most troubling concern for many experts is what some would tout as the DRE’s most “advanced” feature: a touchscreen display, which casts aside paper ballots for a purely digital voting experience.

This may sound fine, until you realize those paper ballots are the only way of providing indisputable evidence of voter intent. Without them, voters must place blind faith in invisible computer code, and the programmers who write it.

The results, therefore, are impossible to verify by audit or recount.

With that context in mind, it’s easy to see why Barbara Simons, the president of Verified Voting, is feeling invigorated.

“What happened in Virginia was really tremendous, and it was a very strong move in the right direction,” Simons told WhoWhatWhy.

Democracy Costs Money

.

But removing the problematic voting technology is only step one. Next, affected jurisdictions will have to secure — and finance — new machines to fill that void.

“There is resistance nationwide, and I’m sure there was some in Virginia as well, to widespread decertification, because then these systems have to be replaced, and that costs money. And a lot of states are hard-up for money,” Simons said.

DRE, voting machine, Virginia
Photo credit: Adapted by WhoWhatWhy from Joebeone / Wikimedia (CC BY-SA 3.0) and Charles Keck / Wikimedia.

Although VA Governor Terry McAuliffe budgeted $28 million in 2014 to upgrade the state’s voting machines, the proposal was ultimately axed by the state legislature.

Simons, who already considers America’s election spending paltry, says the integrity of our elections is something that should not be compromised in the name of saving a few bucks.

“We have to be prepared to spend some money on our elections if we want them secure,” said Simons. “This is a national security issue.”

As the state prepares for a November general election, it remains to be seen how the replacement process will play out; when the Department of Elections announced the decertification late last week, only 10 of the 22 DRE-employing localities indicated they were engaged in obtaining new voting devices.

And once the new systems are in place, simply possessing the means to verify elections is no guarantee the state will actually do so.

“The next question is adjusting the laws to recognize the fact that we now use computers extensively in our elections. Unfortunately, many state [recount and audit] laws were written before the widespread use of computers,” said Simons.

“I think it’s a very simple concept: computers are vulnerable. Paper ballots are not.”

“We just have to recognize the technological reality in our election laws.”

And by that, she means mandating regular post-election audits — a common petition from election integrity activists. The US as a whole has a long way to go in this regards: only eight states had audit laws deemed “Good” or “Excellent” by Verified Voting.

Twenty-eight — including Virginia — are rated “Inadequate.”

And with all the attention on this issue coming out of the Russian hacking fiasco, these vulnerabilities have been exposed to the world. And let’s not kid ourselves: Russia is hardly the only actor with a vested interested in disrupting American democracy.

“The Chinese, the North Koreans, ISIS, Iran, various political parties — anybody can now see that we have a lot of vulnerable voting systems and that, in many cases we don’t want to check them,” said Simons.

“There was a lot of opposition for the recounts in 2016 and we have a number of state laws that make it difficult to [do] a post-election ballot audit or a recount because people really don’t want to question the declared outcome of an election.”

And in the US political system where targeting a few key districts could flip a swing state, the idea of malicious hackers altering the outcomes of Senate, congressional, or even presidential elections is not so far-fetched.

“The bottom line is, you can’t make cyber attacks on a paper ballot. You can make a cyber attack on the computer that counts a paper ballot [but as far as] the paper ballot itself, there’s nothing that any of our potential foes can do.”

When it comes to defending ourselves from remote cyber attacks, Simons sums up the difference succinctly.

“I think it’s a very simple concept: computers are vulnerable. Paper ballots are not.”


Related front page panorama photo credit: Adapted by WhoWhatWhy from Virginia capitol (J. Hendron / Flickr – CC BY-NC 2.0).

Author

Comments are closed.