Key Papers and Documents
Key Papers and Documents
- Issue Overviews
- Auditability and Confidence
- Accuracy and Reliability
- Useability
- Privacy
- Security
- Standards
- Recommendations
Issue Overviews
Voting Technologies in the United States: Overview and Issues for Congress, Eric A. Fischer, CRS Report for Congress, updated March 21, 2001.
Black Box Voting: Ballot Tampering in the 21st Century, Bev Harris, 2003. Summary: Bev Harris is one of the most prominent activists in the electronic voting field. Her book, which is freely available on her web site in pdf format, provides an excellent introduction to the subject and is fully referenced.
Annals of Democracy: Counting Votes, By Ronnie Dugger, The New Yorker, November 7, 1988. Summary: The first mainstream media news story questioning the integrity of electronic vote counting systems.
Voting - What Is, What Could Be, Report of the Caltech-MIT Voting Technology Project, July 2001
Accuracy, Integrity, and Security in Computerized Vote-Tallying, Roy G. Saltman, U.S. Department of Commerce, National Bureau of Standards Special Publication 500-158, August 1988. (This classic document contains highly relevant material for those who are thinking of procuring new voting systems.)
Voting Technology and Democracy(pdf), Paul M. Schwartz, 2002. Abstract: The 2000 presidential election exposed a voting-technology divide in Florida and many other states. In this Article, Professor Paul M. Schwartz critiques this phenomenon from the perspective of systems analysis. He considers both technology and social institutions as components of unified election systems. Schwartz first examines data from the Florida election and demonstrates the central importance of feedback to inform voters whether the technology they use to vote will validate their ballots according to their intent-an advantage he finds distributed on unequal terms, exacerbating built-in racial and socioeconomic bias. Schwartz then turns to the various judicial opinions in the ensuing litigation, which embraced competing epistemologies of technology. He suggests that judges who favored a recount saw election technology as a fallible instrument for converting voters' choices into votes, while the U.S. Supreme Court majority trusted machines over fallible humans and required hard-edged rules to cabin discretion and avoid human imperfections. Finally, the Article concludes with a review of efforts to reform the unequal distribution of voting technology. Schwartz finds that some efforts at litigation and legislation show promise, but in many instances they are stalled, and in many others they exhibit shortcomings that would leave the voting-technology divide in place for future elections.
Auditability and Confidence
Statement on Verifying the Vote and Auditing Elections, Caltech/MIT Voting Technology Project, February 10, 2004
A Better Ballot Box?, Rebecca Mercuri, IEEE Spectrum 39:10, (2003). Excerpt: A method of voting described by this author over a decade ago, referred to as the Mercuri Method, requires that the voting system print a paper ballot containing the selections made on the computer. This ballot is then examined for correctness by the voter through a glass or screen, and deposited mechanically into a ballot box, eliminating the chance of accidental removal from the premises. If, for some reason, the paper does not match the intended choices on the computer, a poll worker can be shown the problem, the ballot can be voided, and another opportunity to vote provided.
Confidence -- What it is and How to achieve it(pdf), Jim Adler, Founder, VoteHere, Inc, paper presented at NIST Symposium on Building Trust and Confidence in Voting Systems, Maryland, December 10-11 2003. Summary: Adler argues that voter verified paper ballots are not the way to achieve voter confidence in elections. Instead, he offers a solution in which voters have the option to take home encrypted voting receipts which could be used to verify that there vote was counted properly while maintaining the secrecy of their vote.
Paper v. Electronic Voting Records - An Assessment, Michael Ian Shamos, April 2004. Summary: This paper by a Carnegie Mellon Computer Science professor argues that, although electronic voting machines have security issues that must be addressed, DREs are more secure than the paper based systems they are replacing. See rebuttal arguments for this paper: Barbara Simons, Marian Beddill.
Accuracy and Reliability
Residual Votes Attributable to Technology: An Assessment of the Reliability of Existing Voting Equipment, The Caltech/MIT Voting Technology Project, Version 2: March 30, 2001. Excerpt: The central finding of this investigation is that manually counted paper ballots have the lowest average incidence of spoiled, uncounted, and unmarked ballots, followed closely by lever machines and optically scanned ballots. Punch card methods and systems using direct recording electronic devices (DREs) had significantly higher average rates of spoiled, uncounted, and unmarked ballots than any of the other systems. The difference in reliabilities between the best and worst systems is approximately 1.5 percent of all ballots cast.
Useability
Usability Testing of Voting Systems, Federal Elections Commission and Election Assistance Commission (2003). Summary: This guide, titled Usability Testing of Voting Systems, is written for voting system manufacturers who may be developing new systems and for election officials who may be procuring new voting systems. It presents a rationale for conducting usability tests, outlines the basic steps in the testing process, and shares lessons learned from prior test experience.
Disenfranchised by design: voting system and the election process, Susan King Roth, Information Design Journal, vol. 9, no. 1, 1998. Summary: Two studies of voting systems in use identified design problems related to the display height of text, organization of information on the ballot, legibility, and correspondence between voters' intentions and recorded selections. It should be noted that design of the ballot interface (as with other fixed displays) must take into consideration the context of use - it presents information used in decision-making, under the pressure of time, in a controlled environment. The need to consider human factors and anthropometric data is as important in this case as more traditional design concerns such as specification of type size and format.
Privacy
Privacy Issues in an Electronic Voting Machine, Arthur M. Keller, David Mertz, Joseph Lorenzo Hall,and Arnold Urken, 2004. Excerpt: It is not sufficient for electronic voting systems to merely anonymize the voting process from the perspective of the voting machine. Every time a ballot is cast, the voting system adds an entry to one or more software or firmware logs that consists of a timestamp and indication that a ballot was cast. If the timestamp log is combined with the contents of the ballot, this information becomes much more sensitive. For example, it can be combined with information about the order of votes cast collected at the polling place with overt or covert surveillance equipment-from cell phone cameras to security cameras common at public schools-to compromise the confidentiality of the ballot. As described below, system information collected by the voting system should be kept separated from the content of cast ballots and only used in conjunction by authorized, informed elections officials.
Security
Election Reform and Electronic Voting Systems (DREs): Analysis of Security Issues, Eric A. Fischer, November 4, 2003, Library of Congress report. Summary: A thorough overview of security issues. Good starting point for new researchers.
Reflections on Trusting Trust, Ken Thompson, Communications of the ACM, Vol. 27, No. 8, August 1984. This important Turing Award lecture explains precisely how it is possible to conceal nefarious programming such that it will never be found in a source code inspection.
Can a Voting Machine that is Rigged for a Particular Candidate Pass Certification?, Avi Rubin, Johns Hopkins University (no date). Excerpt: My greatest concern with paperless DREs is that whoever makes the machines has the capacity to rig election results however they like. Proponents of DREs argue that the ITA process would catch any attempts to manipulate the results. They argue that Trojan horse programs would have to have magical properties and that they would be detected. They further argue that techniques such as parallel testing, where machines are selected at random and elections are run on them on election day where they are checked for accuracy, ensure that no such rigging is possible. Security experts do not buy these arguments.
I propose a challenge.
Analysis of an Electronic Voting System, Johns Hopkins University Information Security Institute Technical Report TR-2003-19, July 23, 2003. Summary: This report, based on an analysis of voting software developed by Diebold Inc. discovered on a public FTP server by activist Bev Harris, sparked mainstream media interest in the subject.
A Security Analysis of the Secure Electronic Registration and Voting Experiment SERVE, Dr. David Jefferson, Dr. Aviel D. Rubin, Dr. Barbara Simons, Dr. David Wagner, January 20, 2004. Summary: This report is a review and critique of computer and communication security issues in the SERVE voting system (Secure Electronic Registration and Voting Experiment), an Internet-based voting system being built for the U.S. Department of Defense's FVAP (Federal Voting Assistance Program).
Ad Hoc Touch Screen Task Force report, California, July 1, 2003. Summary: Secretary of State Kevin Shelley created the Ad Hoc Touch Screen Task Force on February 19, 2003 in response to concerns expressed over the security of Direct Recording Electronic (DRE) voting equipment. This is the report of findings.
Direct Recording Electronic (DRE) Technical Security Assessment Report (Ohio), Compuware Corporation, November 21, 2003. Summary: The Ohio Secretary of State (SOS) hired Compuware Corporation to conduct an extensive security assessment and validation of the Direct Recording Electronic (DRE) voting machines from four vendors: Diebold Election Systems, Election Systems and Software (ES&S), Hart InterCivic, and Sequoia Voting Systems. The report lead Ohio Secretary of State J. Kenneth Blackwell to halt the use of electronic voting machines in the state until security weaknesses are resolved.
Usability Review of the Diebold DRE system for Four Counties in the State of Maryland, (PDF), Benjamin B. Bederson, Paul S. Herrnson, University of Maryland, 2002. This study, conducted prior to the Fall 2002 primaries, provides an early indication of machine failures with Diebold equipment.
Security Criteria for Electronic Voting, Peter G. Neumann, 16th National Computer Security Conference, September, 1993.
Risks in Computerized Elections, Peter G. Neumann, Inside Risks, 5, CACM 33, 11, p. 170, November 1990.
Standards
STANDARDS FOR ELECTIONS: PAST, PRESENT AND FUTURE
ROY G. SALTMAN, M.S., M.P.A.
presented to: Workshop on Election Standards and Technology Washington, DC - January 31, 2002
Recommendations
Recommendations of the Brennan Center for Justice and the Leadership Conference on Civil Rights for Improving Reliability of Direct Recording Electronic Voting Systems, Brennan Center & LCCR report. Summary: An independent assessment of DRE system security with recommendations that can be implemented immediately by jurisdictions planning to use DREs in their 2004 elections. Developed by a team of nationally renowned security experts. Endorsed by NCVI.