When voters in Alameda and Santa Clara County head to the polls on Nov. 6, about one percent will cast their ballots on electronic voting machines that have known security vulnerabilities.
California has safeguards in place. In addition to requiring paper records for votes cast on electronic machines, California also manually audits one percent of all ballots cast, to make sure there’s no discrepancy in the numbers.
Now, experts like David Dill, a computer science professor at Stanford and founder of Verified Voting, are saying that isn’t enough, and are pushing states like California to implement more rigorous auditing methods.
“The problem of protecting machines is pretty unmanageable, even with the best and most modern hardware … so what you need to do is select a bunch of ballots at random and hand count them in order to make sure the electronic counts are accurate,” says Dill.
What Dill suggests instead is something called a risk-limiting audit — an incremental recount that continues until there’s strong evidence that counting additional ballots would simply confirm the recorded results.
Although this sounds like more work, Philip Stark, associate dean of Mathematical and Physical Sciences at UC Berkeley, says risk-limiting audits often involve fewer ballots than traditional auditing methods.
“If California adopted risk-limiting audits for all contests, we would end up looking at fewer ballots than we do right now, but we would look at them chosen in a different way, and we’d make an intelligent decision about when to stop,” he says.
Risk-limiting audits are currently being piloted in Orange County and are run state-wide in Colorado.
On Election Day, the majority of voters in Alameda and Santa Clara County will cast paper ballots, which are then tabulated on optical scanning machines, which some experts say are also vulnerable to attack.
In Santa Clara County, this machine is kept in a secure room with 24-hour surveillance, and only certain people at the Registrar’s office have access to it.
This security system is Santa Clara’s own.
“Every county throughout the nation has a different security protocol,” says Wendy Hudson, Election Division Coordinator for Santa Clara County.
In both Alameda and Santa Clara counties, voters with accessibility needs will cast their ballots on an electronic machine called the Dominion AVC Edge.
This machine came under scrutiny this summer, when hackers at a conference in Las Vegas easily breached its security protections and installed malware on its system.
Hackers opened the machine using “common screwdrivers,” and swapped out the machine’s storage device for their own. This new storage device contained a different operating system on it, which could then manipulate the vote.
Today, the AVC Edge is used in 22 districts in California.
Margaret MacAlpline, a New York-based election auditing specialist, says the lack of security is common. “Some of these elections are managed with the same security you might see at a county fair,” she says.
Alameda County Registrar of Voters Tim Dupuis said he has no concern whatsoever about the security of the upcoming election. “It’s very protected,” he said. “Everything is in an isolated network. If something happened, we would detect it.”
Due to the age of the voting machines in both Alameda and Santa Clara County, both counties plan to upgrade very soon.
In neighboring San Mateo County, voters will mail in their ballots or drop them off at a vote center. For the second time ever, the county is doing an all mail-in ballot election.
The issues with electronic machines date back to 2002 and the Help America Vote Act, which gave $380 million to states so they could upgrade their voting systems. The act was meant to move states past punch-card voting machines, which had famously disrupted the 2000 presidential election, when they failed to completely punch ballots in Florida, leaving many ballots uncounted.
In a flurry of excitement over federal money, states rushed to upgrade to electronic machines. Barbara Simons, a computer scientist and former president of the Association for Computing Machinery, says the risks weren’t properly understood. “We introduced computers into our voting system…without a proper understanding of the security issues,” she says.
In March, election security seemed to be getting a boost, with the introduction of the Secure Elections Act. “It was the most promising thing we’d seen in terms of election security in a while,” says MacAlpine.
The bill would have required states to do post-election audits (only 33 states require them now). It also would have mandated paper ballots or records, for states with electronic-only machines. Under reported pressure from the White House, the bill was never voted on, and there are no plans to bring it to the floor.
Despite the security concerns, experts say issues in the voting system shouldn’t dissuade people from voting.
“If you’re worried there might be somebody hacking the vote…it is completely irrational to decide not to vote because of it,” says Dill. “If there are problems in the voting system, having more voters vote is more likely to expose those problems and get them fixed, and besides, maybe you can elect people who would improve the voting system.”
MacAlpine agrees. “My thing is, if someone is trying to stop you from voting, why would you want to make their job easier?” she asks.
