Securing the Votes

Voting machine security is an unresolved issue • You walk into the polling place, cast your ballot, and—hours later—read or hear the results of the election.
February 25, 2016

But how do you really know if your vote was counted as intended? Or even if your vote was counted at all?

Such questions are central to the research of Suzanne Mello-Stark, an associate teaching professor of computer science at WPI. She has co-written a paper, accepted for publication next month, which proposes a metric to measure how well a voting system protects itself and enables audits, both before and after elections.

“I’d like to at least understand what we have, to a point of knowing where the problems exist, so we can figure out how to fix them,” Mello-Stark said in an interview, with the presidential primary season now in full swing.

Her interest in voting machine security was piqued in the 2000 presidential election, when the hotly contested result of the tally in Florida made it all the way to the Supreme Court.

“That first really alerted me to the problem,” Mello-Stark said. “They couldn’t figure out who voted for whom. It just kind of seems silly that everybody’s vote couldn’t be counted properly. It’s a problem that hasn’t been solved.”

While computerized voting machines have greatly speeded the counting of votes, she and co-author Edmund A. Lamagna of the University of Rhode Island raised concerns about technology in their paper, “Toward a Metric for Forensic Analysis of Governmental Elections.”

A major issue, they say, is that voting machines are built and maintained by private companies whose proprietary interests in their software limit oversight, making it possible for code errors, for example, to go undetected. Potentially compounding the problem, many of the new voting systems are totally electronic, with no paper ballots as backup.

“At the end of the day, if you have an issue, you can’t recount the vote,” Mello-Stark said. She pointed out that New Jersey was forced to redo an election after problems with so-called direct recording machines, and that a new Microsoft application failed in places during the Iowa caucuses.

Besides their concern about lack of public access and oversight regarding software, Mello-Stark and Lamagna also stressed the importance of a secure chain of custody for both machines and ballots, and the need to verify that votes are counted as intended and included in the final count.

They recommended that election officials demand software and hardware transparencies from vendors, including testing and access to software by a greater number of election officials.

Mello-Stark and Lamagna called their metric a baseline that needs further study. But they hope a forensic metric will become part of the Election Assistance Commission’s certification process for voting machines. It would benefit boards of elections, guide states and communities in future purchases, and help manufacturers produce “forensically sound” voting machines, they wrote.

Despite the complexities of securing voting machines in states—and communities within states—that decide on their own systems, Mello-Stark cautions against any one-for-all approach.

“If you wanted to hack a presidential election, there’d be so many obstacles,” she said of the myriad systems in use today. “You’d need all kinds of different hackers.”