A Transparent, Open-Source Vision for U.S. Elections

Yves here. Many readers will no doubt recoil at the idea that the answer to bad and fragmented US election technology is yet more technology, even if open-source is arguably more benign. The article below hand-waves away the idea that paper ballots hand counted in public could work here when other countries manage that approach without a hiccup. Are our ballots really so much more choice-heavy as to make paper ballots untenable?

And I fail to understand what was wrong with old fashioned, mechanical voting machines, the kind where you gratifying flipped toggles and then pulled a big lever to input your choices and clear the machine for the next voter. Were they any more fraud prone than what we have now? Or was the issue slower voter throughput at polling stations plus the nuisance of moving such heavy devices around?

By Spenser Mestel, a poll worker and independent journalist. His bylines include The New York Times, The Atlantic, The Guardian, and The Intercept. Originally published at UnDark, with support from the Pulitzer Center

While the vendors> pitched their latest voting machines in Concord, New Hampshire, this past August, the election officials in the room g­­asped. They whispered, “No way.” They nodded their heads and filled out the scorecards in their laps. Interrupting if they had to, they asked every kind of question: How much does the new scanner weigh? Are any of its parts made in China? Does it use the JSON data format?

The answers weren’t trivial. Based in part on these presentations, many would be making a once-in-a-decade decision.

These New Hampshire officials currently use AccuVote machines, which were made by a company that’s now part of Dominion Voting Systems. First introduced in 1989, they run on an operating system no longer supported by Microsoft, and some have suffered extreme malfunctions; in 2022, the same model of AccuVote partially melted during an especially warm summer election in Connecticut.

Many towns in New Hampshire want to replace the AccuVote. But with what? Based on past history, the new machines would likely have to last decades — while also being secure enough to satisfy the state’s election skeptics. Outside the event, those skeptics held signs like “Ban Voting Machines.” Though they were relatively small in number that day, they’re part of a nationwide movement to eliminate voting technology and instead hand count every ballot — an option election administrators say is simply not feasible.

Against this backdrop, more than 130 election officials packed into the conference rooms on the second floor of Concord’s Legislative Office Building. Ultimately, they faced a choice between two radically different futures.

The first was to continue with a legacy vendor. Three companies — Dominion, ES&S, and Hart InterCivic — control roughly 90 percent of the U.S. voting technology market. All three are privately held, meaning they’re required to reveal little about their financial workings and they’re also committed to keeping their source code from becoming fully public.

The second future was to gamble on VotingWorks, a nonprofit with only 17 employees and voting machine contracts in just five small counties, all in Mississippi. The company has taken the opposite approach to the Big Three. Its financial statements are posted on its website, and every line of code powering its machines is published on GitHub, available for anyone to inspect.

At the Concord event, a representative for ES&S suggested that this open-source approach could be dangerous. “If the FBI was building a new building, they’re not going to put the blueprints out online,” he said. But VotingWorks co-founder Ben Adida says it’s fundamental to rebuilding trust in voting equipment and combatting the nationwide push to hand count ballots. “An open-source voting system is one where there are no secrets about how this works,” Adida told the audience. “All the source code is public for the world to see, because why in 2023 are we counting votes with any proprietary software at all?”

Others agree. Ten states currently use VotingWorks’ open-source audit software, including Georgia during its hand count audit in 2020. Other groups are exploring open-source voting technology, including Microsoft, which recently piloted voting software in Franklin County, Idaho. Bills requiring or allowing for open-source voting technology have recently been introduced in at least six states; a bill has also been introduced at the federal level to study the issue further. In New Hampshire, the idea has support from election officials, the secretary of state, and even diehard machine skeptics.

VotingWorks is at the forefront of the movement to make elections more transparent. “Although the voting equipment that we’ve been using for the last 20, 30 years is not responsible for this crisis,” Adida said, “it’s also not the equipment that’s going to get us out of this crisis.” But can an idealist nonprofit really unseat industry juggernauts — and restore faith in democracy along the way?

F>or years, officials have feared that America’s voting machines are vulnerable to attack. During the 2016 election, Russian hackers targeted election systems in all 50 states, according to the Senate Intelligence Committee. The committee found no evidence that any votes were changed, but it did suggest that Russia could be cataloging options “for use at a later date.”

In 2017, the Department of Homeland Security designated election infrastructure as “critical infrastructure,” noting that “bad cyber actors — ranging from nation states, cyber criminals, and hacktivists — are becoming more sophisticated and dangerous.”

Some conservative activists have suggested simply avoiding machines altogether and hand-counting ballots. But doing so is prohibitively slow and expensive, not to mention more error-prone. Last year, for example, one county in Arizona estimated that counting all 105,000 ballots from the 2020 election would require at least 245 people working every day, including holidays, for almost three weeks.

That leaves election administrators dependent on machines to tally up votes. That August day in Concord, VotingWorks and two of the legacy vendors, Dominion and ES&S, were offering the same kind of product: an optical scanner, which is essentially just a counting machine. After a New Hampshire voter fills in a paper ballot by hand, it’s most likely inserted into an optical scanner, which interprets and tallies the marks. This process is how roughly two-thirds of the country votes. A quarter of voters mark their ballots using machines (aptly named “ballot-marking devices”), which are then fed into an optical scanner as well. About 5 percent use direct recording electronic systems, or DREs, which allows votes to be cast and stored directly on the machine. Only 0.2 percent of voters have their ballots counted by hand.

Since the 2020 election, the companies that make these machines have been the subject of intense scrutiny from people who deny the election results. Those companies have also come under fire for what critics on both sides of the political aisle describe as their secrecy, lack of innovation, and obstructionist tendencies.

None of the three companies publicly disclose basic information, including their investors and their financial health. It can also be difficult to even get the prices of their machines. Often, jurisdictions come to depend on these firms. Two-thirds of the industry’s revenue comes from support, maintenance, and services for the machines.

Legacy vendors also fight to maintain their market share. In 2017, Hart InterCivic sued Texas to prevent counties from replacing its machines, which don’t produce a paper trail, with machines that did. “For a vendor to sue to prevent auditable paper records from being used in voting shows that market dynamics can be starkly misaligned with the public interest,” concluded a report by researchers at the University of Pennsylvania in collaboration with Verified Voting, a nonprofit that, according to its mission statement, works to promote “the responsible use of technology in elections.”

The companies tell a different story, pointing out that they do disclose their code to certain entities, including third-party firms and independent labs that work on behalf of the federal government to test for vulnerabilities in the software that could be exploited by hackers. In a statement to Undark, ES&S also said it discloses certain financial information to jurisdictions “when requested” and the company shared approximate prices for its voting machines, although it noted that final pricing depends on “individual customer requirements.”

In Concord, officials from some small towns where ballots are still hand-counted were considering switching to machines. Others were considering whether to stick with Dominion and LHS — the New Hampshire-based company that services the machines — or switch to VotingWorks. It would likely be one of the most expensive, consequential decisions of their careers.

Throughout his pitch, the representative for LHS emphasized the continuity between the old AccuVote machines and the new Dominion scanner. Wearing a blazer and a dress shirt unbuttoned at the collar, Jeff Silvestro knew the crowd well. LHS is the only authorized service provider for the entire state’s AccuVote machines, and it’s responsible for offering training for the towns’ staff, delivering memory cards for each election, and weathering a blizzard to come to their poll site and service a broken scanner.

Don’t worry, Silvestro reassured the crowd: The voter experience is the same. “Similarities,” Silvestro told the crowd. “That’s what we’re looking for.”

Just down the hall from Silvestro, Ben Adida laid out a different vision of what voting technology could be. He opened by addressing the “elephant in the room”: the substantial number of people who distrust the elections. VotingWorks could do so, he said, by offering three things: security, simplicity, and transparency.

Adida first started working on election technology in 1997, as a computer science undergraduate at MIT, where he built a voting system for student council elections. After earning a Ph.D. from MIT in 2006, with a specialty in cryptography and information security, he did a few more years of election work as a post-doc at Harvard University and then transitioned to data security and privacy for medical data. Later, he served as director of engineering at Mozilla and Square and vice president of engineering at Clever, a digital learning platform for K-12 schools.

In 2016, Adida considered leaving Clever to do election work again, and he followed the progress of STAR-Vote, an open-source election system proposed by Travis County, Texas, that ultimately didn’t move forward. He decided to stay put, but he couldn’t shake the thought of voting technology. Adida knew it was rare for someone to have his background in both product design and election security. “This is kind of a calling,” he said.

Adida launched VotingWorks in December 2018, with some funding from individuals and Y Combinator, a renowned startup accelerator. The nonprofit is now unique among the legacy voting technology vendors: The group has disclosed everything, from its donors to the prices of its machines. VotingWorks machines are made from off-the-shelf electronics, and in the long-run, according to Adida, are cheaper than their competitors.

The day of the Concord event, Adida wore a T-shirt tucked into his khakis, and sported a thick brown mustache. When he started discussing the specs of his machine, he spoke quickly, bounding around the room and even tripping on an errant wire. At one point, he showed off his machine’s end-of-night election report, printed on an 8 ½ by 11 piece of paper, a far cry from the long strips of paper that are currently used. You don’t have to have “these long CVS receipts.” The room laughed.

Adida and his team are staking out a position in a debate that stretches back to the early days of computing: Is the route to computer security through secrecy, or through total transparency?

Some of the most widely used software today is open-source software, or OSS, meaning anyone can read, modify, and reuse the code. OSS has powered popular products like the operating system Linux and the internet browser Firefox from Mozilla. It’s also used extensively by the Department of Defense.

Proponents of OSS offer three main arguments for why it’s more secure than a locked box model. First, publicly available source code can be scrutinized by anyone, not just a relatively small group of engineers within a company, increasing the chances of catching flaws. Second, because coders know that they can be scrutinized by anyone, they’re incentivized to produce better work and to explain their approach. “You can go and look at exactly why it’s being done this way, who wrote it, who approved it, and all of that,” said Adida.

Third, OSS proponents say that trying to hide source code will ultimately fail, because attackers can acquire it from the supplier or reverse engineer it themselves. Hackers don’t need perfect source code, just enough to analyze for patterns that may suggest a vulnerability. Breaking is easier than building.

Already, there are indications that bad actors have acquired proprietary voting machine code. In 2021, an election official in Colorado allegedly allowed a conspiracy theorist to access county machines, copy sensitive data, and photograph system passwords — the kind of insider attack that, experts warn, could compromise the security of the coming presidential election.

Not everyone is convinced that open-source code alone is enough to ensure a secure voting machine. “You could have had open-source software, and you might not have found all of the problems or errors or issues,” said Pamela Smith, the president of Verified Voting, citing the numerous lines of code that would need to be examined in a limited amount of line.

Adida doesn’t expect anyone to go through the hundreds of thousands of lines of code on the VotingWorks GitHub. But if they’re curious about a specific aspect, like how the scanner handles paper that’s askew, it’s much more manageable: only a few hundred lines of code. Already, a small number of coders from outside the company have made suggestions on how to improve the software, some of which have been accepted. Then, to fully guard against vulnerabilities, the company relies on its own procedures, third-party reviews, and certification testing at the federal level, said Adida.

In addition to security, any new machine also needs to be easy for poll workers to operate — and able to perform reliably under the high-stakes conditions of an election day. In interviews, election officials who use the technology in Mississippi raved about its ease of use.

Some also love how responsive the company is to feedback. “They come to us and say, ‘Tell us in the field what’s going on,’” said Sara Dionne, chairman of the election commission in Warren County, Mississippi, which started using VotingWorks in 2020. “We certainly never had that kind of conversation with ES&S ever.”

To expand VotingWorks’ reach, though, Adida must pitch it in places like New Hampshire, where election officials are navigating tight budgets, fallout from the 2020 election, and misperceptions about voting technology.

New Hampshire is a swing state, and, after the 2020 election, it has a small but vocal faction of election deniers. At the same time, Republican Secretary of State David Scanlan has done little to marshal resources for new machines. Last year, Scanlan opposed a bill that would have allowed New Hampshire towns and cities to apply for funding from a $12 million federal grant for new voting machines; Republicans in the legislature killed the bill. (Asked what cash-strapped jurisdictions should do if they can’t afford new scanners, Scanlan told Undark they could cannibalize parts from old AccuVote machines.)

Some critics also say Scanlan has done little to dispel some conservative activists’ beliefs that New Hampshire can dispense with machines altogether. At the Concord event, a woman told Undark that Manchester, a city with 68,000 registered voters, could hand count all of its ballots in just four hours. Speaking with Undark, Scanlan acknowledged that this estimate wasn’t correct, and that hand counting is less accurate than machines. However, his office hasn’t communicated this message to the public in any formal way. “I definitely think that he is complicit in allowing [misinformation] to continue to flourish,” said Liz Wester, co-founder of 603 Forward, which encourages civic participation in the state.

The VotingWorks model won over some machine skeptics at the Concord event, like Tim Cahill, a Republican in the New Hampshire House of Representatives. Cahill said he’d prefer that all ballots in the state be hand counted but would choose VotingWorks over the other vendors. “Why would you trust something you can’t put your eyes on?” he told Undark. “We have a lot of smart people in this country and people want open source, they want transparency.”

Open source has found fans in other states, too. Kevin Cavanaugh is a county supervisor in Pinal, Arizona’s third most populous county. He says he started to doubt voting machines after watching a documentary, funded by the election denier Mike Lindell, claiming that the devices have unauthorized software that could change vote totals without detection. In November 2022, Cavanaugh introduced a motion to increase the number of ballots counted by hand in the county, and he told Undark he’d like a full hand count. “But, if we’re using machines,” he added, “then I think it’s important that the source code is available for inspection to experts.”

Back in Concord, Adida appeared to be persuasive to the public at large — or at least those invested enough to attend the event. Of the 201 attendees who filled out a scorecard, VotingWorks was the most popular first choice. But among election officials, the clear preference was Dominion. Some officials were skeptical that open-source technology would mean much to people in their towns. “Your average voter doesn’t care about open source,” said one town clerk.

Still, five towns in New Hampshire have already purchased VotingWorks machines, some of which will be used in upcoming March local elections.

Two main factors determine whether someone has faith in an election, said Charles Stewart III, a political scientist at MIT who has written extensively about trust in elections. The first, which affects roughly 5 to 10 percent of voters, is a negative personal experience at the polls, like long lines, rude poll workers, and problems with machines, which can make the public less willing to trust an election’s outcome.

The second, more influential factor affecting trust is if a voter’s candidate won. That makes it supremely difficult to restore confidence, said Tammy Patrick, a former election official in Maricopa County and the current CEO for programs at the National Association of Election Officials. “The answer on election administration — it’s complex, it’s wonky, it’s not pithy,” she said in a recent press conference. “It’s hard to come back to those emotional pleas with what the reality is.”

Adida agrees with Stewart that VotingWorks alone isn’t going to eliminate election denialism — nor, he said, is that his goal. Instead, he hopes to reach the people who are susceptible to misinformation but haven’t necessarily made up their minds yet, a group he describes as the “middle 80 percent.” Even if they never visit the company’s GitHub, he says, “the fact that we’re putting it all out in the open builds trust.” And when someone says something patently false about the company, Adida can at least ask them to identify the incriminating lines of source code.

Are those two things — rhetorical power and a commitment to transparency — really a match for the disinformation machinery pushing lies across the country? Adida mentioned the myths about legacy vendors’ machines being mis-programmed or incorrectly counting ballots during the 2020 election. “What was the counterpoint to that?” he asked. “It was, ‘Trust us. These machines have been tested.’ I want the counterpoint to be, ‘Hey folks, all the source code is open.’”

Print Friendly, PDF & Email


  1. Es s Ce tera

    I would hazard that what’s wrong with old fashioned lever stye voting machines is you have to go somewhere to pull those levers, whereas digitial has the convenience and possibility of voting from home, a key plank in any open/direct e-democracy initiative such as cities have been trialing. The idea behind participatory democracy is you’d decide all issues at referendum and there would be a lot of them, so having to actually go out and pull a lever to vote on everything would become cumbersome and inconvenient, most would stay home. Whereas digial voting allows such convenience that you’d want to participate in all decisions.

    1. The Rev Kev

      Convenience? Yeah, about that. Remember how it was convenient to have medical prescriptions be digitized? But as a coupla days ago that system came under cyberattack and now there is chaos in tens of thousands of pharmacies across America. And there went all that convenience-


      Man, I have been reading stories of digital shenanigans with digital voting since the 2000 US election and that was nearly a quarter of a century ago. Internet voting cannot be trusted and in fact I would have more trust in a Nigerian prince first.

      1. Joe Well

        But that system isn’t open source much less publicly owned. Open Source is like a WWII jeep that anyone can see how it works and call for fixes to it if it breaks. Proprietary software is like a 2024 Tesla that might not start after a bad software update.

        1. hk

          I am curious: why would “open source” necessarily mean a more confidence-inspiring process? I realize that this is a hotly debated issue (as far as I know), but open source seems to mean that the process is more easily hackable–perhaps not by the “operators” (at least not as much as proprietary ones), but certainly by outsiders. Plus, even if the internal mechanisms are known, this adds an extra layer (or several) between the voter and the “output” and creates problems for validation and verification. How can you do a recount, for example?

          I’m not sure if I can, personally, trust any other ballot besides paper, preferably hand counted, with no more than 1 election per ballot. (If you have to have multiple elections on the same day, print separate ballots for each)

          1. Polar Socialist

            I believe the argument for open source is that since the source is open, it can’t use “security by obscurity” which is, or at least used to be, very much used method in proprietary software.

            Or, in other words, since the developers know that an attacker can see how the software handles sensitive data or events, they have to use methods that have been proven to be secure. It’s also much easier to audit that this indeed is the case.

            1. Lambert Strether

              > I believe the argument for open source is that since the source is open, it can’t use “security by obscurity” which is, or at least used to be, very much used method in proprietary software.

              Do you understand what a compiler is? Does the concept of tooling resonate?

              I am extremely familiar with open source software. (Here, the heavy lifting is being done by “proven to be secure.” People keep thinking that’s possible. It’s not, on neither a theoretical nor a practical level. I think open-source software is good. But overselling it is bad.)

    2. Yves Smith Post author

      Wash your mouth out. The post nowhere advocated Internet voting, which we following many experts have repeatedly, in the context of CalPERS elections, derided as asking for fraud. There is no way to make it secure.

  2. PlutoniumKun

    As Yves implies, this is very much a solution looking for a problem.

    Old style public counts with paper ballots work fine in many countries. Here in Ireland we have a referendum next week – as a member of the public I can go if I’m inclined to a public gallery to see the boxes opened and counted. Independent tallyman do more fine grained analyses (box by box) which provide adequate fine grained statistical data to identify if there has been any ballot stuffing or other forms of interference by the authorities. Even with multiple choice or ranked voting ballots and recounts it rarely takes more than 48 hours to come to a firm and agreed outcome. No system is 100% bullet proof, but its as good as reasonably possible and is not particularly expensive or complex to administer.

    1. The Rev Kev

      Totally agree here. New Hampshire is supposed to have only a million voters so how hard is that? There are way more voters in a city like Sydney and they can get the job done with paper ballots. When the doors close at 6, the votes get tallied and they ALL have to be accounted for and I mean all of them. Representatives of the political parties, who hand out how to vote leaflets all day long, come in and are given ID as observers who watch everything like a hawk. I have seen then stay long enough to see which way the votes are running and then call it a day as far as they are concerned. When the count is know, it is phoned in by the officer in charge and all those stacked & sorted votes are then sent to a center to be recounted for confirmation. Maybe an intrepid reporter can do a bit of research and find out how States like New Hampshire were able to do it before the age of computer.

      1. lyman alpha blob

        Not hard at all Rev. As the article notes, many towns in NH do still hand count votes, as do many small towns in VT where I grew up. If it ain’t broke…

        But we are raising a new generation who believes that if you can’t do something by pressing the screen on your personal voluntary surveillance device, it didn’t really happen.

    2. Adam1

      The assumed problem is that hand counting votes is inefficient, but since when was democracy about efficiency.

      I think the most efficient way to hold an election (not that this is my recommendation by any means) would be just to round up all your local voters into a firing line with the local police/militia/army unit and do a raise the hand vote. Should be able to complete it with a near unanimous decision in 5 minutes or less.

      I think the real problem is that no one wants a conversation about diverting real resources to enhancing elections when the last thing TPTB want is the voting populace to actually have a vote. I mean just look at the US… it has become a Dem vs Rep contest but the ranks of Independents & non-voters have exploded. I believe both Hillary & Trump lost to the no-vote population and sadly that is a desired outcome of the TPTB. If they can’t own or mobilize your vote they don’t want you voting – period!

    3. scott s.

      I think the general issue in the US is the evolution of elections into a single day (even allowing for early/mail-in) where there might be 20 separate items on a ballot; each with its own requirements (eg in my state-HI, a blank vote on a constitutional amendment is recorded as a “no”, but for other things like county charter amendment isn’t).

      I think in the 1800s parties came to like the multiple election ballot as it allowed them to produce “tickets” — pre-printed ballots with the party candidates for each office.

      Years ago I searched every source I could find to get a history of election mechanics in the US. Never found anything. Various poly sci books/papers on how election mechanics influenced particular elections but no overview. Even for finding out election day I had to go through old state constitutions. There’s some stuff on history of same-day presidential voting in 1848 and again for Congress in 1872, and some on adoption of the “Australian ballot” in the 1890s.

  3. William Beyer

    I recommend the book, “Votescam,” written by brothers named Collier and published after both brothers had died by a daughter, Victoria Collier in 2012. The Collier boys describe exactly how the old lever-type voting machines were repeatedly tampered with in Florida as part of their deep dive into that state’s fraudulent voting processes.

    They also get into the strange rise of Nebraska politician Chuck Hagel, who owned the company that counted that state’s votes when he was a long-shot winner of his first election there.

    In Minnesota, we have hand-marked paper ballots, machine-counted. As noted in the article above, the machine software is open-source, or at least available for public examination, and owned by the state. I believe for each election random machines are selected for testing against hand-counts of the same paper ballots that were fed them on election day. If discrepancies exist, additional investigations are made.

    Georgia continues to use touchscreen technology. At least one expert has stated that touchscreens are unauditable, that is, if the machine software has been tampered with to change votes, something a 10-year-old could do, there is no way that fraud could be detected post-election.

    Clearly a bigger problem has been erasure from the registration rolls of eligible voters for bogus reasons, well-documented in Georgia, Ohio and elsewhere.

  4. lyman alpha blob

    That was quite the hand wave on hand counted ballots.

    Last year, for example, one county in Arizona estimated that counting all 105,000 ballots from the 2020 election would require at least 245 people working every day, including holidays, for almost three weeks.

    Sounds like they used the estimate from the absolutely most incompetent county possible, because if it takes that many people that long, they are clearly doing it wrong. In the hand recount I participated in several years ago, we used 24 people to hand count 3-5K ballots and it took four hours. And we triple checked.

    Assuming an 8 hour workday, in the system we used we could have counted 105K ballots in about 12 days with 1/10th the workforce. In actuality it would be done even quicker with fewer people because you wouldn’t necessarily be triple checking on the first count.

    With a basic understanding of arithmetic and some common sense, the author should have known the estimate they used was complete bunk.

    1. JonnyJames

      Interesting how paper ballots can be counted so quickly and efficiently in France, UK and other countries.

    2. Joe Well

      The insane assertions about the time it takes to hand count paper ballots felt like extreme agnotology in the form of gaslighting.

      Right-thinking people are supposed to forget that many places do hand count ballots and many others did in the not-so-distant past. Those who refuse to go along are labelled conservatives or misinformationists or just idiots.

    3. ChrisPacific

      Yes, that deserved more of a challenge.

      I looked it up and New Zealand (population around 5 million) employs around 25k people for its general election, and had a budget of $144 million in 2023. Turnout was 78% so that’s about 4 million ballots (I’m unclear how special votes from overseas factor into this). All ballots are hand counted. The goal (which is always achieved in my memory) is to have 95% of votes counted by 11pm on election day. Special votes take longer so a final result is generally available within 2 weeks – unofficially earlier if it’s clear special votes won’t be enough to make a difference. All election roles are paid, with no volunteers, but it’s clear a lot of the workers consider it a public service anyway. Many of them are immigrants from countries without proper functioning electoral systems.

      Getting corresponding numbers in the US looks to be almost impossible because it’s a complicated nightmare of interlocking responsibilities. It seems like every state does their own thing with relatively little in the way of centralization or Federal oversight (even for Federal elections). The same dynamic is replicated at state level with much of the admin and responsibility actually falling to counties – it wasn’t until 2002 that there was even a requirement for a statewide voter registry, for example.

      America being America, I’m sure any proposal to create a simple, centralized, Federally funded process, operated franchise style the same way everywhere, would meet with howls of outrage and voters defending their hideously complicated and inefficient systems in the name of states’ rights.

  5. t

    Clearly a bigger problem has been erasure from the registration rolls of eligible voters for bogus reasons, well-documented in Georgia, Ohio and elsewhere.

    This is not to disagree, but if I’m at a picnic and both the potato salad and the turkey breast are bad, I’m not sure one is a bigger problem.

  6. marym

    Here are some links to hand count studies.

    The first link is a recount of VVPAT “ballots” which present other issues, but the study may be useful for assessing the accuracy and person/hours of the hand vs machine count of what may or may not be what the voter intended! Per the abstract “Each ballot contained twenty-seven political races and propositions, with the candidates and propositions having fictional names and properties…”

    The third link has numerous links to other reports.


    1. hk

      This is an important point: the complexity of American ballots (too many races/items on the same ballot) messes with quick hand counting. Most countries have just one race or two per ballot. Maybe that’s where we want to start reforming first?

  7. Carolinian

    Maybe we should bring back punch cards but with a voting device that won’t produce “hanging chads.” But ultimately it all comes down to trust no matter the voting system. Arguably private companies should not be involved in this at all.

  8. Mark Gisleson

    I remember watching my dad vote on a mechanical voting machine. it was astonishingly complex, like looking at early Chinese typewriters except much bigger. My recollection was that Chicago had no trouble ‘adjusting’ their voting machines to spec.

    You can always print more pages if the ballot is long but with mechanical machines there is a finite limit on how many lines and candidates you can have. I suspect the Blob was more than happy with machine voting (in all senses of the word) but referenda-happy states forced their hand and they somehow got electronic voting accepted by the public.

    Paper ballots, hand counted. Yes, I am a hick, a luddite, a stick in the mud and damnit, physically preserve all the ballots for at least a couple of election cycles.

  9. Lefty Godot

    What is the hurry in tallying votes? It’s not like the newly elected are taking office the next day. Is this just for making the media happy that they can advertise instant results? Seriously, screw the media. They’re already a huge part of what’s wrong with our political system, between prohibitive advertisement rates and serving as stenographers to the plutocrats and their government mouthpieces.

    No voting machines or software. Just paper ballots that can be recounted easily. Provide 4 days for voting (maybe Saturday to Tuesday) and overtime pay for election workers for any late or weekend hours. For something that usually only happens once or twice a year, why overcomplicate this with dodgy, insecure software systems connected to even more insecure networks?

    1. zach

      I’m with you. Isn’t that part of the reason why there’s a couple of months between voting and people taking office in the US system?

      Also, if jury duty is a mandatory civic duty why not vote counting also? Press gang 1000 or so vote counters per district at random every election – it’s “our” vote after all! Seems like I’ve heard Nader suggest that before.

    2. marym

      Ironically, whatever establishment support there is for hand counting it’s coming from Republicans – who also want counting to be done by midnight, are hostile toward election workers and volunteers, and distrust existing precautions (cctv, chain of custody procedures, etc.) to protect the process.

        1. marym

          I’m not saying they’re right or wrong, just that their advocacy for hand counting is inconsistent with their disdain for the time, people, and procedures that would support it.

    3. ChrisPacific

      I think prompt, transparent and accurate results (with appropriate disclosures for special votes still to be counted and the like) help instill confidence in the electoral system, something the US arguably needs quite badly right now.

      Vote counting isn’t the problem, though (and therefore better vote counting software isn’t the solution). Other countries with fully hand counted systems still manage to deliver results far quicker than the US with its automated counting – see examples upthread.

  10. JonnyJames

    Thank you for raising the topic of voting.

    We need to fix the basic electoral structure before we can talk about methods of voting. Voting is irrelevant when there is no meaningful choice and bribery is formalized and perfectly legal. We have a bad case of institutional corruption.

    First of all, we need our bought-and-paid for Congress to enact legislation that effectively reverses the Citizens United decision. IMO, that’s absolutely necessary to restore any basic semblance of democratic accountability. Right now it should be clear that the US has no functioning democracy at all. Elections Inc. are just BigMoney PR stunts that generate billions for politicians, parties, consultancies, PR firms, advertising etc.

    It would be great to have our MassMedia cartel include honest discussions about barriers to democratic legitimacy: The Electoral College, winner-takes-all electoral system (first past the post), BigMoney, and a discussion of new legislation necessary to regulate campaign finance. But that would mean some sort of regulation or requirement that MassMedia become a public service and not just a means to condition the public and sell products and ads.

    This would be a good start, however is quite unlikely to happen as the entrenched interests (oligarchy) will do everything to stop positive reform. The public needs to be made aware in the first place: without accurate information, democracy is not possible.

    I agree, hand counted paper ballots work well. France, the UK and other countries use this and they are able to tally votes in a timely manner. If we had a functioning democracy, that is. Now “voting” is little more than participating and legitimizing a sham. We will “vote” for another senile sociopath for POTUS and a bunch of amoral and fully bribed Congress Crooks. But bribery is perfectly legal at the moment and most folks either forgot or choose to live in denial.

  11. Susan the other

    Why does voting need to be so fast? Let it take three weeks. Break districts down into manageable polls. But keep it local, start to finish. It’s just another neoliberal absurdity to farm out the electric ballots to some obscure corporate processing software, or joint, or worse, another country because it’s cost efficient. Like Moldova or someplace equally mind boggling.

    1. JonnyJames

      Having a uniform, nationwide electoral system would be nice as well. Other countries do that, but not in the US where it is a chaotic mess of different county and state rules.

  12. Martín

    Being from a country where voting is done with paper ballots inside a booth, and where counting is done by hand, it is easy to see that voting in the US is set up the way it is because political parties want it that way.

    Paper ballots have tons of benefits (anonymous, secure, hard to tamper, can be double-checked, etc.) but one that often goes unmentioned is that it gets people involved in the process. You need common people to be at the voting stations, and common people doing the counting, and common people making sure that the counting is fair. All this is to say that it gets people involved in politics, which is why I believe such a system, despite all its benefits, is never going to be seriously pushed in the US by neither Dems nor the GOP.

  13. Lambert Strether

    Digital = hackable.

    Does the “open source” software rely on a compiler? Then it’s hackable.

    The incentives for election theft are astronomical. It’s foolish to think that social engineering in the cause of theft and fraud won’t defeat whatever engineering these no-doubt-well-intentioned useful idiots are doing. It’s a phishing equilibrium, case closed.

    1. Polar Socialist

      Almost all voting systems are hackable, one way or the other. Maybe with the exception of division voting a la UK parliament.

      Even when publicly hand-counting the votes, the officials have already engaged in multiple formal validation procedures to ensure that the vote is not hacked: they check that the ballot box is empty before locking it, they check that the ballot itself is unmarked when it is given to the voter, and where I live they stamp the ballot before the voter inserts it into the box. And so on and so on. All this to prevent hacking completely non-digital system.

      So naturally, any digital system that can be considered for replacement should be able to allow at least the same level of validation and verification as the manual voting. I have no idea if such a system is possible to design while still feasible, and I prefer hand written ballots counted by hand myself. Just wanted to point out that digital alone does not make a voting system hackable.

      1. ChrisPacific

        Yes, like Polar Socialist says, it’s not an equivalence relationship. Digital implies hackable but hackable does not necessarily mean digital.

        You can, for example, hack the laws (lobbyists love this one) or the underlying theory. The NSA famously promoted the use of certain elliptic curves in RSA cryptography because they knew they were flawed and could exploit that to create backdoors for them to access. If it hadn’t been for Edward Snowden, it might still be in use.

        1. Lambert Strether

          Hackable in the digital world is a technical process, well documented and well understood. There are entire communities sharing code, globally, there are conferences (“Black hats” and “white hats”).

          Hackable in the social world is a metaphor; none of the above conditions apply. in other words, if this comment correctly summarizes Polar Socialist’s views, both comments are based on grossly obvious category errors.

          I am not unaware that social systems can be socially engineered, the truism that this category error resolves to. The various ways in such hacking and putative hacking can be distinguished can be found at the technical level as well as the social level (who is actually to perform the putative hack), along with detectability, scale, speed, and so forth.

          Honestly, this whole argument devolves into the idea that library card catalogs are the same as databases. Sure, at the 300,000 foot level. And so what?

          1. ChrisPacific

            I did actually have a point here, I think, although I didn’t make it well. I meant to say that ‘hackable’ was not a sufficient reason not to use something, as per your initial throwaway remark, because it was too general and applied to pretty much everything. In order to treat the subject properly and establish (for example) why digital might be unsuitable for voting but OK for some other things, we need more nuanced discussion of risk and security. It sounds like you might agree with that point.

            I think my other point is that manual and automated processes aren’t always as different as people think. In both cases for electoral systems, they’re implementing a process that has been designed with checks and balances for security. It’s just that in one case the people are performing the functions directly, and in the other they’re writing software that does it for them. Both are subject to compromise, and both can be analyzed using the same set of security risk tools – likelihood, severity, blast radius etc. You might be surprised how much time at the conferences you mention is spent on meatspace issues rather than technical ones.

      2. Lambert Strether

        > .So naturally, any digital system that can be considered for replacement should be able to allow at least the same level of validation and verification as the manual voting

        “Naturally” is doing a lot of work there. What you want cannot be done; see the link, because digital systems aren’t simple transpositions of physical systems.

        1. hk

          I think that is the point PS is raising: I don’t think a digital voting system that inspires same level of confidence as a good paper ballot system is possible at all, by my reading of his argument.

          1. Polar Socialist

            Yes, thank you. I don’t think there’s a way to design a digital voting system that is both as trustworthy and anywhere near as simple to use as paper ballot system.

            I wouldn’t be surprised if there some day was a cryptographical schema for a digital system that can be mathematically proven to be secure, trustworthy and anonymous but I’d be very surprised if it was actually usable (or even implementable) in a real world situation. Or during a blackout.

      3. hk

        That hits the problem at its head: the problem is that of assuring confidence in the process, not of technology. Trying to make voting “easier” by whatever means is fundamentallt at odds of adding verifications and validations into the process and that’s really at the heart of everything. Technology is really a sideshow and distraction, one that mostly detracts confidence, really.

        1. ChrisPacific

          Exactly, and if the problem is to ensure your process is verifiably and transparently secure, then the simpler your process is, the easier the job will be.

          I would not go as far as Lambert in saying it’s impossible (vote counting, at least – fully online voting may indeed be an intractable problem) but why would you make life so difficult for yourself? Even the simplest automation adds many new layers that require verification – Lambert called out the compiler, I’d add the runtime environment, OS, database, network, and probably others – and malware or bad actors in any of them can mess things up. Or you could simply say ‘trust me, it works’ and not verify, at which point you’re in phishing equilibrium territory. All of this to solve a problem that doesn’t even exist in jurisdictions that do hand counting.

  14. scott s.

    “Some of the most widely used software today is open-source software, or OSS, meaning anyone can read, modify, and reuse the code.”

    That isn’t really correct. OSS generally is published subject to some license. “Copy-left” and “MIT” license may allow virtually any use but I think the “GPL” license has more restrictions as does “CC” (but that license can be tailored).

    While I see the benefit of open source for voting machines, it seems to me some things like optical scanners the interface between hardware and software is important. The hardware probably has some sort of embedded controller that moves the scanner around on the page and converts the CCD output to a digital form.

    If there is a good audit system in place, it would reduce the need for reliance on software IV&V. In my state (Hawaii) audit is difficult because the audit generally requires 100% review of random precincts, but with all mail-in election the election authority needs to sort returned ballots into precincts.

  15. WillD

    Manual counting of votes has always been open to fraud, so technology is the only safe(r) option, and obviously open source software the best one. If we think of open source software like a piece of legislation or contract that is entirely based on the written words, then anyone can inspect it to look for problems.

    Open source voting software is the only viable solution, in my opinion.

    1. The Rev Kev

      ‘Manual counting of votes has always been open to fraud’

      Respectfully there is a key difference here. When you do a manual count of votes, any fraud can only be done on a retail level. When you jam computers into the process then fraud can be done wholesale. Bonus points when political authorities make it illegal to view the software, to have an actual receipt of voter’s choice or to even question the choice of having computers in the first place.

  16. Lambert Strether

    We should put AI on writing programs like this. That will pollute absolutely everything:

    The actual bug I planted in the compiler would match code in the UNIX “login” command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user.

    Such blatant code would not go undetected for long. Even the most casual perusal of the source of the C
    compiler would raise suspicions. The final step is represented in Figure 3.3. This simply adds a second Trojan horse to the one that already exists. The second pattern is aimed at the C compiler.

    The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler.
    This requires a learning phase as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere.

    Fun stuff. Thompson’s conclusion:

    The moral is obvious. You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code.

    1. Acacia

      There is definite potential for mischief here, especially as people use code they didn’t write all the time.

      And sometimes the unexpected behavior (bug? feature?) causes huge headaches, such as the case of Java Log4j, just a couple of years ago.

      Even if we’re not dealing with malicious actors (and of course they are out there, looking for vulns), we can expect significantly more bugs in AI-generated code, simply because it wasn’t scrutinized by a human engineer.

  17. Matthew G. Saroff

    There is already a technology out there, known as the Personal External Non Computerized Information Listing (P.E.N.C.I.L.) system.

    When used with the Portable Application Personal Enhanced Recorder (P.A.P.E.R.) the applications are almost unlimited.

Comments are closed.