“…Amid everything they did wrong, the Iowa Democratic Party did one thing right: It required that votes be counted on paper, and then tallied electronically. To those of us who study cybersecurity carefully, that’s crucial.”
By Herbert Lin, Stanford University
As the confusion that was the Iowa caucuses unfolds, there will be a lot of questions about what happened and how to avoid it in the future.
But the results, ultimately, will be clear and undisputed because, amid everything they did wrong, the Iowa Democratic Party did one thing right: It required that votes be counted on paper, and then tallied electronically. To those of us who study cybersecurity carefully, that’s crucial.
With that paper trail, the Democrats – and the nation as a whole – will be able to regard this event as a case study in how to recover from a poorly run election. In this case, outside hackers do not appear to responsible – rather, the election was “hacked” by a bad software development and testing process.
Eventually, the party will be able to reassemble the pieces of what happened at caucuses around the state and determine who won. Without the paper trail, there would never be any clarity – just a whole lot of doubt.
Electronics are vulnerable
That may not be the case in the general election later this year. In November 2020, some voters in at least nine states including Texas, New Jersey and Indiana will cast their ballots electronically on systems that do not leave a paper trail of whom they voted for.
Even states that do keep paper trails often use vote-counting machines that are more than a decade old. In some cases, these are the computers that were introduced immediately after the Bush-Gore election in 2000, to correct the problems with balloting that had cast doubt on the actual choices of many Florida voters.
At least some of these systems are vulnerable to hacking, according to Fox News, sometimes by kids as young as 11. No one knows how secure the other machines are, because many vendors have asserted their intellectual property rights to prevent the security of their machines from being examined by independent parties.
If hacked, an electronic voting machine cannot be trusted to count votes accurately. In an election conducted with paper ballots, the ballots themselves can be examined and recounted, as is happening in Iowa right now.
With many electronic voting machines, however, there is no record of the votes cast, other than the digital information contained in the machine itself. The idea of recounting electronically cast votes is meaningless. Any problems with a paperless election would be impossible to fix, calling into public question the integrity of the whole process, and the validity of any results.
The Iowa story also speaks more broadly to the relationship between technology and elections.
First, it is not clear why the Iowa Democratic Party introduced an app at all. Accuracy is more important than speed in elections – it’s better to get the tally right in a day than to get messed-up vote counts in an hour – and more speed almost always means less accuracy.
Second, if technology must be used in elections, it needs to be introduced slowly. The idea of releasing a poorly tested app to users without app-specific training hours before it was to be used for real is the height of hubris – or naivete.
Editor’s note: This article draws on parts of an article originally published Sept. 1, 2016.
Herbert Lin, Senior Research Scholar for Cyber Policy and Security, Center for International Security and Cooperation, Stanford University
This article is republished from The Conversation under a Creative Commons license. Read the original article.