Serious political tensions and fears of COVID-19 have led record-breaking numbers of Americans to vote early this year, either by mail or in person. Now the process of counting these votes—whether in states that did so on a rolling basis as they came in or those that waited until Election Day—relies on machines that vary a great deal from state to state and even from county to county.
Although the technology used in voting continues to evolve, it remains vulnerable to both malicious and unintentional errors. To protect the systems against both, explains Douglas W. Jones, a computer scientist at the University of Iowa and co-author of the book Broken Ballots, election officials need to be able to check and double-check the election’s results.
“There’s a nice dictum that that [computer scientist and electronic-voting-security researcher] David Dill came up with at Stanford University: if we do it right, the Devil himself could build the voting machines, and we could hold an honest election,” Jones says. “And doing it right means having genuinely auditable technology—with ballots where the average voter knows that the marks they made on their ballot express their real intent.” Scientific American spoke with Jones about how voting machines work, their vulnerabilities, and what to expect on and after Election Day.
[An edited transcript of the interview follows.]
What kinds of machines are in use across the U.S. today?
We’ve gotten rid of the punch card and mechanical lever voting machines. Those are now not so ancient history. What we’re left with are two categories of voting machines, both of which were introduced in the 1960s and 1970s. Optical scan voting machines are the ones that are closely related to standardized test scoring machines, where you fill in a bubble on the ballot next to the candidate names. Those are, at this point, the most widely used voting technology in the U.S. The other category we have are the direct-recording electronic voting machines. The first of those was actually deployed in the 1970s in Illinois, but the vast expansion in the use of those machines happened after the Help America Vote Act was passed in 2002. It’s very clear [that] the authors of the Help America Vote Act anticipated that direct-recording electronic voting machines would become the new normal. But, in fact, they were extraordinarily problematic for security reasons.
A fundamental flaw of direct-recording voting machines—that is, ones where you pull the lever on an old mechanical machine or you touch the touch screen on a modern one—all of those machines end up being completely impossible to audit. There’s no way to know whether the machine was honest or not, short of taking it apart and actually being able to inspect the mechanism. We have no good way of doing that with software. The complete lack of any auditable record of the count, so that you had to completely trust programmers, was a real problem. [But] the vast majority of votes in the U.S. today are being recorded on paper ballots that are filled in by hand. That makes me feel reasonably good. And furthermore, a growing number of states have some kind of an audit law.
What other problems do we see with modern voting machines?
This is an old rule in computer security that I first learned in the 1970s, no less true today. And that is: the biggest threat to all of our systems is not the malicious outside hacker but rather the fact that there are lots of perfectly honest normal people making errors. We humans have an amazing ability to be remarkably accidentally inventive with the mistakes we make. With fill-in-the-bubble ballots, a typical error would be printing the ballot with the candidates in one order but programming the scanner with the candidates in a different order. There was a famous incident of this happening [in] Pottawattamie County, [Iowa], in 2006 in its June primary. The net result was that the numbers that came up were pretty nonsensical and bore no relationship with anyone’s expectation of the outcome of the race. The election officials noticed. They did a hand count, and that completely resolved the problem. And they could because they had paper ballots.
In-person voters can feed their paper ballots directly into a scanner to be automatically counted. But how are absentee ballots tallied up?
Late into the night on Election Night, at the election office, they’ve been counting absentee ballots all day, piling them up and putting them through high-speed scanners that scan 800 ballots per minute—speeds like that. Some jurisdictions have automatic envelope openers where you just take a whole stack of absentee ballot envelopes, stack them up neatly, put them in the machine, and it goes up and takes a sixteenth of an inch off the edge of each envelope so that the ballots can easily be shaken out of the envelopes. You have signature-verification software being used by some jurisdictions, where the envelope gets sucked into the machine, put in front of a camera, and the signature is—either by software or displayed on someone’s remote computer screen—checked. These actually resemble very closely the machinery used by the Post Office for automatically reading mail addresses, except the purpose is to verify the signature. And that’s another whole can of worms, because in many cases, none of our laws really govern how we check signatures. It turns out that the mathematics of signature acceptance and rejection ends up being horrible. If you reject any signatures, chances are you’re rejecting more signatures of honest, valid voters than you are catching invalid signatures.
Does the counting process continue after Election Day?
We have long-standing traditions of things like a postmark deadline on the eve of the election. That’s how it’s been in Iowa for as long as I’ve been here. So for the week after the election, late mail is still dribbling into the election office—and all those late envelopes are checked for their postmarks and, if the postmarks are acceptable, counted. Now there’s a problem there, as the Post Office, over the past few decades, has been reducing the frequency with which it applies postmarks of any kind to letters. Yet the Post Office does automatically bar code every envelope that goes through its scanners these days. The Post Office has the records to tell you when that bar code was applied. Its computer system is really good at this, but it’s not acceptable under some state laws. So postmark deadlines are a real problem because the Post Office has reduced the extent to which classical postmarks are still used.
There’s this period after the election during which the counts are checked and cross-checked, [a process called the canvass]. For example, in Miami, they have this giant spreadsheet showing one column for each candidate for each office; one row for each precinct. After they had all those data, then they would go through the tapes printed out by the voting machines at the precinct—the summary tapes that showed the total number of votes—and they would compare it with that spreadsheet for the purpose of ruling out any error in their central tabulating software because there have been such errors. This can take several days after the election, even if they aren’t handling late absentee ballots. At that point, the Board of Elections then signs off on the report of canvass. And the report of canvass is then forwarded to the state, which goes through the same process. A growing number of states do postelection audits before they sign the official canvass reports, and in other states, like Iowa, we do a postelection audit after signing the report of canvass. Although the Iowa law says that the audit cannot change the outcome of the election, at least you discover [if] you made a mistake. So it can take several weeks after the election to put the election to bed.