Election Integrity Increasingly Controversial

Many different kinds of election fraud and manipulation have been alleged and denied by both of the two major and some of the minor parties in the United States over the years, but such debates cannot usually be settled definitively because, in America, we simply don’t have reliably verifiable elections. For example, some e-voting machines don’t produce printed ballots making meaningful recounts impossible.

Fortunately, in order to implement new, verifiable and trustworthy election systems, it isn’t necessary to argue at length and try to prove or disprove election rigging that may have happened in the past. We don’t have to establish whether Republicans or Democrats have stooped to unfair tactics more. All that’s necessary is that we agree no party should manipulate elections and that we want to commit to making fair elections the norm, to making election rigging impossible (or at least extremely difficult) and that we’re willing to work together, across political divides, to plug any existing holes in our elections systems. A judicious use of game theory can be used to identify potential vulnerabilities in existing elections systems and formulate designs to eliminate or manage them.

Among the vulnerabilities in current elections systems:

1. Where e-voting (touch-screen) voting machines are used:

   • The software could be hacked to flip votes from one candidate to another (See Clint Curtis testimony from 2000)1.

   • There might be no printed record of individual voters’ ballots that could be recounted later.

   • The printed ballot might not match the voter’s on-screen selections

   • E-voting machines might be broken or under-allocated, strategically, in precincts dominated by the targeted party to discourage voters with long lines that take many hours to get through.

   • The central aggregating tabulator might be hacked or subject to “man-in-the-middle” manipulation by servers controlled by an e-voting equipment vendor.

2. Where mail-in ballots are used:

   • There is no formal chain-of-custody for ballots delivered by the USPS, which is federally controlled and not subject to the jurisdiction of local city and state elections officials. The question of local vs. federal authority is important but outside the scope of this article.

   • Ballots might be delivered to fictitious or deceased voters at valid addresses.

   • Multiple ballots might be delivered to the same voter registered at different addresses where they can receive mail.

   • There is no opportunity for poll-watchers to challenge voters’ identity, citizenship or residency at the polling place.

   • There is no opportunity for exit polls to be conducted of voters as they are leaving the polling place.

3. Where older lever-action or punched card systems are used:

   • Please see the book “VoteScam” by the Collier brothers for methods used in the bad old days to rig elections where these systems were used.

To be sure, election rigging is not a new thing and the issue is complicated by U.S. international covert actions where foreign elections (may) have been compromised by U.S. intelligence assets such that official protection of “sources and methods” might present barriers for discovery of all election manipulation tactics.

But, we have enough information to proceed.

By now, nearly everyone understands that e-voting machines are subject to hacking and should neither be used nor trusted, even if they do print paper copies of the virtual ballots, because voters don’t always check the “receipts” to make sure the printed record matches their intended vote.

Thus, a large consensus for hand-marked paper ballots exists and I advocate that as well. There are ballot-marking devices (BMD’s) that facilitate hand-marking of paper ballots for blind voters and voters without use of their hands.2

When it comes to e-voting, it may seem like overkill to belabor the point of hand-marked paper ballots, but, unfortunately, there have recently been popular calls for use of encrypted and/or block-chain voting systems, so it is necessary to address these options separately and put a wooden stake in that Dracula or a silver bullet in that Werewolf, just to be sure.

Yes, it is possible to use encryption and/or block-chain for secure financial systems because people can be counted on not to share the keys to their own wallets with strangers. The problem with crypto-voting is that some human being needs to be trusted to hold the keys and not share them with those who would seek to manipulate the election by generating apparently legitimate ballot tokens and voting these ballots for a candidate who might not be popular enough with real voters to win without cheating. In many cases, such a manipulation would be undetectable. The elections official could, hypothetically, be coerced or bribed to share the keys covertly with agents capable of using them to hack the election and no one would be the wiser. Election systems are qualitatively different from financial systems in this regard. With financial systems, someone eventually notices that money is missing. With elections, we can only say that the official count was unexpected, but proving it’s innaccuracy is often an unattainable goal

Even if I and my and thirty years of professional software systems experience were wrong about that (I could probably go back and forth with a block-chain expert about why the usual auditing and tracing features would not be enough to deter highly-skilled and doggedly determined bad actors), the public doesn’t understand crypto well enough to trust it the way they can trust hand-marked and/or hand-counted paper ballots. Regaining voter trust and justifying their trust is our prime objective.

I am not being a Luddite by taking this stand against crypto. I’m as excited as the next geek about the wealth of benefits crypto systems will make available to humanity, but I am also reached a mature age and I would like to offer techno-enthusiasts who have difficulty letting go of block-chain voting ideas something that my uber-boss at Intel Supercomputers Systems division once told me:

”Don’t fall in love with the technology.” — Justin Rattner3

Once people are settled on hand-marked paper ballots, the remaining challenges are validity of voters, chain-of-custody of ballots and counting/reporting of election results.

Validity of voters

I live in Oregon where elections have been 100% mail-in ballots for over 20 years4, however many (most?) voters here still turn their ballots in to county elections drop boxes instead of entrusting their ballots to the USPS. Also, I have come to the election reform movement from what most would consider “the left”, so I was first aware of election theft from exit poll analyses of the 2000 and 2004 presidential elections and I have been slow to adopt voter-ID provisions as necessary.

My current position is that ballots should be mailed out to voters, but collected in person at precincts. I support RFK Jr’s proposal to require voter-ID and make such I.D. available immediately and at no cost at every Post Office in the country. Mailing the ballots out to voters provides people a “heads-up” that it’s time to vote and confirms that they can and do receive mail at their registered address. It gives them time to study the ballot and consult sources while making their decisions. Because all this work is done up-front at home there should never be waiting lines at precinct drop-offs station longer than 20 minutes. Only people whose disabilities or age prevent them from showing up at the precinct in person would be allowed to mail in their ballots5.

There should also be year-round ability to challenge voter registrations by bonded representatives of each party who sign NDAs with strict penalties for releasing any personal data. A penalty for a false report of perhaps $200 should deter spurious blanket-reporting of legitimate voters. I also support banning voter purges in the 90 days leading up to any election because voter validation includes both excluding illegitimate voters and including legitimate voters and purges close to election days have been abused in the based to disenfranchise legitimate voters (Florida 20006, NYC Brooklyn 20167 )

At the precinct, voter-ID could be challenged and checked and exit polls can be conducted (functions that are not possible with pure mail-in voting).

Voter Privacy/Secret Balloting

At the precinct, voters who may have been coerced to vote one way at home or perhaps at work, can exchange and void their ballot for a new one and mark it as they choose without pressure. There will be a tear off tab with the voter’s ballot number (and QR code) on it that is given to the voter as a receipt. The ballot numbers are never recorded as associated with the voter anywhere in the elections system so that secrecy is preserved. If the voter wants to check if their vote was recorded accurately they can do so online using the receipt. If they don’t want to risk anyone finding their receipt and looking up their ballot, they can destroy the receipt at the precinct before they leave.

Ballot Chain of Custody

Ballots are deposited in locked clear boxes (witnessed to have no ballots in them before voters start dropping ballots off) at each of the ballot drop-off precinct locations. There was a promotional advertisement for 3M years ago where people were offered $3 million if they could break a clear plastic/glass advertising pane8. It was nearly bullet-proof. No one could break it to get to the money (using hands and feet— I’m not sure if anyone got to try steel-toed boots). I think ballot boxes should be made of that kind of material for the unparalleled security and transparency. If there were just two things inside each ballot box before balloting began those two things would be:

1. A certificate from the Secretary of State designating the box for use at a specific precinct for a specific time period, such certificate being designed to make duplication of false certificates nearly impossible or at least highly impractical. The certificate is visible to voters so they can verify/record the certificate for the box they put their ballot in.

2. One or two Go-Pro video cameras with sufficient battery life to record the full balloting time period from inside the box (untamperable).

Each party will have a lock and key for each ballot box such that the box cannot be opened unless all of the parties are present with their keys to unlock all of the locks. No single party alone can open the ballot boxes. A video record of each ballot box’s transportation from the precinct to county election centers would be kept and streamed or uploaded to the web for any interested parties to check.

Ballot boxes could be collected from the precincts by one or more observer busses with representatives from each party on board to oversee the transportation of locked ballot boxes from the precincts to county election centers.

Once at the county election centers a video record of keyholders opening each ballot box with an elections official present would be kept showing the ballot box unlocking, opening, verification of the SoS certificate in the ballot box, removal (and uploading) of GoPro memory cards from cameras in the box and the official first scanning (and upload) of ballot images by the elections official. Other interested parties could then perform their own scans of the stack, if there is interest. Such independent scans would allow interested parties to do their own “by hand” counting from the ballot images without relinquishing the stacks to their custody for any longer than it takes for them to scan their own working copy of each stack.

Counting/Reporting Election Results

There has been, in recent years, a great deal of popular support for hand-counted ballots, and I certainly appreciate the integrity and intent of that method. There have been serious questions raised about ballot scanners/counters, particularly vendor-supplied equipment with proprietary software that is changed on a regular basis. Where both official counts and exit polls have been available in past election years, it has often been the case that states and counties with hand-counting processes have exhibited less divergence of official results from exit polls than any other balloting method.

Nonetheless, for the sake of efficiency, economy and speed, I recommend optical ballot scanning and digital counting conducted by multiple competing parties using COTS (commercial, off-the-shelf) document scanners and open-source software. An earlier paper from 20069 describes how the software can be maintained independent of specific election years and candidates by putting all of the election-year specific data into XML files that are much more easily read and reviewed by non-programmers. Thus, the software can be free from last minute changes before each election that might, potentially, be abused to insert election-rigging coding changes.

If hand-count advocates are content to work from ballot images from their own scanning, then, for all intents and purposes, the option for hand-counting is preserved (and ballot chain of custody is not exposed to the risks of “many hands” that are inherent in hand counts). But the real benefit of optical scanning is speed. It is becoming increasingly important to have election results shortly after the polls close because the public’s perception has shifted to make any and all time delays suspect and potential opportunities for elections officials to stuff ballot boxes, either physically or virtually.

Conclusion

I believe the election systems methodology outlined in this article is suitable for delivering verifiable election results in any country or other governmental unit at a very low cost and with the best possible speed and accuracy. It is my hope that, because the core technology is open-source software, a resourced non-profit organization will be formed to oversee the development and feasibility phases of this project in a relatively small jurisdiction to start with, adding more states, provinces or countries as the system proves itself.

Please comment below if you’d like to be involved in a project to make this vision of verifiable elections a reality.

Share