Electronic Voting: I’d Like a Receipt, Please

I’m not much of a conspiracy nut. When I hear that the CEO of Diebold, the leading maker of electronic voting machines, said last summer that he’s “committed to helping Ohio deliver its electoral votes to the president next year,” I believe that he was speaking as a citizen. That is, I seriously doubt that there’s a scheme to manipulate the vote-counting software in a way that definitely delivers Ohio’s electoral votes, or any other state’s, to Bush.

Notwithstanding that, reading about the security flaws and the related controversy over Maryland’s Diebold system, I can’t for the life of me figure out why these machines do not print out records of the votes. Every IT expert in the world will tell you to always back-up your work. In the context of electronic voting, the only 100% sure way to back-up a vote is to print it out. Moreover, no unhackable system has ever been devised, and by all accounts, the Diebold machines are depressingly far from the state of the art in security.(*)

Voting is certainly no less important — perhaps even more important, given the whole Democracy thing that we have here in the US — than a credit card charge or an ATM withdrawal. The answer is simple and inexpensive: I’d like a receipt, please.


(*) For an disturbing analysis of Diebold’s security, put on your tin-foil hat and see Analysis of an Electronic Voting System (pdf), by computer scientists at UCSD and Rice, under the auspices of the Johns Hopkins University Information Security Institute. The researchers obtained and then analyzed the source code for Diebold’s AccuVote-TS voting machine:

…Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We identify several problems including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. We show that voters, without any insider privileges, can cast unlimited votes without being detected by any mechanism within the voting terminal software. Furthermore, we show that even the most serious of our outsider attacks could have been discovered and executed without access to the source code…outsiders can do the damage. That said, we demonstrate that the insider threat is also quite considerable, showing that not only can an insider, such as a poll worker, modify the votes. … We conclude that this voting system is unsuitable for use in a general election. Any paperless electronic voting system might suffer similar flaws, despite any “certification” it could have otherwise received. We suggest that the best solutions are voting systems having a “voter-verifiable audit trail,” where a computerized voting system might print a paper ballot that can be read and verified by the voter.”