Evidence-Based Elections: Create a Meaningful Paper Trail, Then Audit
There is no perfect, infallible way to count votes. All methods— including optical scan, touchscreen, and hand counting—are subject to errors, procedural lapses, and deliberate manipulation. Almost all U.S. jurisdictions count their votes using computer-based technology, such as touchscreens and optical-scan machines. Computer-based methods are subject to “hacking,” that is, the replacement of legitimate vote-counting software with a computer program that changes (some fraction of) the votes in favor of the hacker’s preferred candidate(s). Hacking can be performed remotely (even if the machines are supposedly “never connected to the Internet”) and it is very difficult to detect. Voters and election administrators see nothing out of the ordinary.
The vulnerability of computers to hacking is well understood. Modern computer systems, including voting machines, have many layers of software, comprising millions of lines of computer code; there are thousands of bugs in that code.1 Some of those bugs are security vulnerabilities that permit attackers to modify or replace the software in the upper layers, so we can never be sure that the legitimate vote-counting software or the vote-marking user interface is actually the software running on election day.2
Andrew W. Appel & Philip B. Stark
Andrew W. Appel, Eugene Higgins Professor of Computer Science, Princeton University.
Philip B. Stark, Professor of Statistics, University of California, Berkeley.