With South Carolina poised to acquire a new election system to replace the mid-2000s system bought with federal funds, now is the time for citizens to get involved in what should be an open, transparent acquisition process. I recently chaired the annual conference of the Election Verification Network, which focused on the similar choices that local election officials face the nation over.
The usual vendors are offering very few options, but virtually all jurisdictions are abandoning direct recording electronic systems like South Carolina’s and again adopting paper ballots that can be viewed by the voter, sampled and audited afterward, and provide a simpler system for poll workers.
Voters should encourage South Carolina to be part of the national move back to paper, which would allow them to again that their votes were cast as intended and counted as cast. We should also encourage a serious look by legislators and the State Election Commission at the new STAR-Vote system being developed for Travis County, Texas (including Austin). STAR-Vote will use commodity hardware and high-integrity, high-assurance computational methods in a ballot-marking device. The official ballot is a marked paper ballot that the voter can examine before it is scanned by an optical scanner.
We also should be very skeptical of claims that voting over the Internet, or returning voted ballots over the Internet, is acceptable. No studies have validated claims that Internet voting increases turnout or young voter turnout; all such studies conclude that no such increases have occurred. And just this month, two computer scientists demonstrated that a major vendor’s system, being used on a trial basis in Australia, was easily corruptible. Using a known attack, they demonstrated that votes could be intercepted and changed in flight between the voter and the election office. The response from officials was dismissive — and frightening: “We acknowledged in our risk assessment that there’s always been the potential for the voting client to be corrupted and votes to be tampered with, we can’t do anything about that.”
All public examinations of proprietary vendor software have found shortfalls or errors; the Australian trial is only the latest example. With the almost-daily reports of security breaches in banking, credit cards and government offices, we should understand fully that the only reason any particular computer has not yet been hacked is that no one has yet bothered to try to hack it. Were a target as rich as the 2018 midterm elections to be available over the Internet, one could virtually guarantee that it would be hacked.
Elections are important to a democracy; we deserve the best system we can obtain for South Carolina.
Duncan A. Buell
USC Department of Computer Science and Engineering