« We Take Requests! (Sam Brownback Edition) | Main | Oops! »

April 11, 2007

Comments

You have to take into account the perception of fraud as well as the reality. This is a hard proposition to acknowledge, when there's basically a propaganda campaign underway to create unjustified fears of voter fraud, but it's true nonetheless.

For example, is there a gigantic Republican conspiracy involving electronic voting machines? I've been reading Daily Kos for years and I still have no idea what's true and what's not. But widespread lack of confidence in electronic voting machines is a problem EVEN IF there's no actual fraud going on. Our entire system rests on societal acceptance of the legitimacy of election results. If the losing side thinks there wasn't a fair election, you're going to have big problems at some point.

That's not to say that we should adopt radical anti-fraud measures, or that we can appease everyone. I mean, there are people in this country who believe there were no planes on 9/11. But when a fear becomes sufficiently widespread, it's a threat to legitimacy even if it's completely unjustified.

I think it's important to get the word out about the truth behind claims of voter fraud. And hilzoy's arguments that there's no real point to voter fraud are persuasive and well stated. But I think people should be open to ideas like an ID requirement coupled with liberal provisional ballot procedures, even if they believe there's no voter fraud problem at all, simply because this is one of those rare areas where perception truly is more important than reality.

Steve: we have the luxury of dealing with perception rather than reality only if the perception of voter fraud is being advanced in ggod faith. The adminstration's attempt to suppress the evidence that there is little actual voter fraud strongly indicates that the perception of voter fraud is not being advanced in good faith. The right ought not to be able to manufacture false claims of voter fraud, then insist that we take them seriously, even if not true, because perceptions are supposedly important to legitimacy.

But I'm not talking about assuaging Karl Rove's made-up fears of voter fraud. I'm talking about the rank-and-file conservatives who, for better or for worse, buy into his bullshit. Among the older generation of Republicans, for example, there are many for whom every election is 1960 all over again, and the Democrats are supported by legions of dead voters. Their perception may be utter paranoia, but it's still a good-faith belief.

This issue is an opportunity for a general cleanup. I'm sure that some voter fraud exists, but I also think, for the same reasons hilzoy cites, that it's of little significance. I am also convinced that manipulation of voting machines is a significant factor; one need only study the Cuyahoga County, Ohio, 2004 results (for which there were convictions of election workers) to see that there really was something very suspicious about that election, and all the suspicious activity just happened to work in favor of Mr. Bush.

So why not piggyback both issues together? Let's build a grand bipartisan effort to get ALL forms of electoral fraud cleaned up. I'd be happy to have a national ID card with biometric security tied to a voting machine that's as secure as an ATM. The combination is something that everybody can agree to. Yes, it will reduce voter turnout, but it will also reduce electoral fraud. If you want to be partisan about it, the Democrats will probably come out ahead in such a deal. But the important thing about it is that it guarantees that our elections are fair.

"“there is a great deal of debate on the pervasiveness of fraud.” (...)


Replace "pervasiveness of fraud" with just about anything you want, such as "global warming", "evolution", etc, and you have the standard phrase of anything that there is little debate about but which acknowledgement of that fact would have ramifications counter to what this administration and its allies want to accomplish.

" You want to make it as hard as possible for people who aren't eligible to vote to cast a ballot, while not making it unduly difficult for people who are eligible, and these two goals are opposed to one another."

I agree with this, but in reality, I would rather 5 people who were not eligible to vote voted than 1 person who was eligible was not allowed to vote.

"A lot of measures that would prevent people who are not eligible to vote from voting would also keep people who are eligible to vote from voting. Imagine, for instance, that we required (say) that registered voters produce five forms of identification before they could vote. This would make it a lot more difficult for someone who was not eligible to vote to commit vote fraud, but it would also result in a lot of people showing up with only three or four kinds of identification and being turned away."

Of course we could start with requiring just one form of ID, which would improve the current state of things without disenfranchsing very many (I suspect approaching zero) ACTUAL voters at all. The hypothetical "person with zero forms of ID and ALSO desperately wants to vote" who is always raised in these debates seems just at least as rare as polling place voter fraud.

And looking at the reports about the reports, I have two serious methodological objections. First, many states have made polling place voter fraud almost impossible to detect. If you don't require any ID and allow same day registration with mere vouching, it isn't going to be easy to detect fraud, even if it is widespread. See for example the Washington State governor's election. Finding new unsecured ballots on nine separate occassions over a few weeks leading to a 129 vote margin in millions of votes doesn't inspire confidence.

Second, what do they mean by "widespread"? We have a 50/50 political balance right now. Lots of elections are turning on very very few votes. If 1,000 votes are fraudulant out of 1,000,000 and it turns the election, does that count as widespread?

One question I've never heard addressed adequately by proponents of stricter voter ID requirements is how you balance the harm of a fraudulent vote against the harm of an eligible voter being unnecessarily turned away from the polls. In past discussions it's been claimed that the harm is equal, since a fraudulent vote cancels out a legitimate vote.

But this isn't correct. A legitimate vote isn't canceled by an opposing fraudulent vote; it and all like votes are diluted by the fraudulent vote in much the same way that legitimate votes for one side are strengthened by the disenfranchisement of an opposing voter.

So, in one scenario (assuming a 2-way race) everyone's rights on one side are weakened a tiny bit, and someone wrongly exercises rights he does not have. In the other scenario, everyone's rights on one side are strengthened a tiny bit, and someone is wrongly stripped of rights he ought to have. Supposing we agree that the damage to the legitimacy of the outcome of the election is roughly equal in each case (i.e. the dilution and concentration of all the opposing votes more or less affects the outcome in the same way in each case), I would argue that the additional harm of stripping an individual of his rights as a citizen, of wrongly telling a voter that he cannot exercise his right to participate in the democratic process, far outweighs the harm of allowing an individual to exercise rights he does not have.

This is not to say that we have to shoot for absolute perfection, that one disenfranchised vote represents more harm than, say, ten thousand fraudulent votes. I'm just saying that the relative harm is going to be represented by a ratio much, much greater than 1:1. How much greater, I'm not entirely sure, and we can certainly debate the actual numbers, but this ratio needs to be front and center in this debate: how many fraudulent voters will a policy deter, how many legitimate voters will it bar from the polls, and just what balance are we willing to strike? Without having some actual figures to consider, it's stupid to even consider sweeping changes to our voting laws.

"Of course we could start with requiring just one form of ID, which would improve the current state of things without disenfranchsing very many (I suspect approaching zero) ACTUAL voters at all."

Actually, that's not quite accurate. For instance, in Georgia, where a bill like the one you're proposing was passed, there are < a href="http://www.pfaw.org/pfaw/general/default.aspx?oid=22223">700,000 adults without suitable ID (mainly drivers licenses), amounting to about 8% of the population. Sure, you could have the state provide them with IDs--but even this is unfair (and that's assuming the state does a competent job at searching out the people who need IDs and providing them with the cards). Consider this: you have a large group of people who already have a driver's license, and a smaller, mostly-African-American group that doesn't have a license. You propose requiring all of the second group, and none of the first, to go through a long procedure solely for the purpose of voting. That makes it harder for them to vote than it is for the people who already have ID, and this is beaucoup unfair.

Sorry, here's the link for that Georgia stat:

http://www.pfaw.org/pfaw/general/default.aspx?oid=22223

The most important fact here is that the types of fraud that allegedly concern Republicans, and therefore serve as justification for onerous voting registration/qualification at the booth provisions, simply does not occur in any manner sufficient to affect elections. As detailed by hilzoy, registering enough improper voters and getting enough in numbers to the polls to make a difference is a gargantuan task. Plus there is no way to keep such a scheme secret.

Republican voting concerns are not driven by any reasonable fear -- they are pretextual and serve as window-dressing to disenfranchise the "wrong kind" of voters. That is the record to date.

Using felon's lists in such a manner so as to get rid of many proper black voters (in Florida). Caging voters (a practice subject to a consent decree by the GOP but goes on illegally anyway). Anything and everything done by Blackwell in Ohio in 2004 -- my favorite being his attempt to strike voter registration done on the "wrong" paper stock (mostly voter registration forms printed in newspapers to help people get registered). Systematic, organized and blatantly bogus challenges to any voter on lists generated by the GOP, even though the challenger knew next to nothing about the person being challenged (this one got shut down because it put the phony challengers at personal legal risk for messing with people's right to vote without sufficient justification). Phone-jamming in New Hampshire with clear backing by senior GOP personnel, and then spending millions to defend the fraudsters from criminal liability.

There is no "perception" problem by the GOP with regard to voter fraud -- there is a systematic voter suppression effort using alleged voter fraud concerns as a pretext.

As for Democratic concerns about electronic voting machines, there is some nuttiness on the question (exit polling allegedly proves the manipulation of voting machines.......). But the concern is far more real, and also involves the type of misconduct that is much easier to perpetrate and could clearly swing elections. Also, there is simply no parallel in the Democratic Party to the scope and organization of electioneering misconduct such as that orchestrated by the GOP.

My favorite anecdote on this is the long history of outrageous voting irregularities by the College Republican organization -- it serves as a training ground for the Rove, Norquist, Abramoff types. "Republicans learn how to fight hard against Democrats by practicing on one another first. 'There are no rules in a knife fight,' Grover Norquist instructed the young conventioneers in a speech."

As if elections were knife fights -- that says it all.

[I]t isn't going to be easy to detect fraud, even if it is widespread. See for example the Washington State governor's election

You mean the one in which the Bush=-appointed US Attorney found no fraud, and was fired for his pains? That Washington State governor's election?

Sebastian:

The hypothetical "person with zero forms of ID and ALSO desperately wants to vote" who is always raised in these debates seems just at least as rare as polling place voter fraud.

This is wrong and also makes me angry, and demonstrates a typical Republican indifference to messing with people's voting rights.

As shown by the recent problems with instituting ID requirements for various forms of state medical aid, a small but significant number of people who are desperate to get the benefit are running into trouble because of these paperwork rules. It is not something trivial. And see the link above about the problem in Georgia, as if 8% is trivial.

It may only be a few percent of voters, but they are probably mostly Democratic, and hence Republicans are happy to mess with them. And for what corresponding benefit, other than suppressing the "wrong kind" of voters? There is no factual basis to the claim that the ID requirement is preventing a greater problem with fraud so as to justify knocking out a small percentage of voters. And Gromit makes a good point about the more troubling aspect of disenfranchising real voters as opposed to a few improper votes leaking in. (and as if only Democrats would abuse the system to vote improperly -- why aren't each just as likely to make use of the same improper voting techniques? Why this Republican assumption that only Democrats allegedly do this? More myth making at work).

That is the point of the post -- that efforts to document the factual numbers to demonstrate the lack of validity to the need for ID to "prevent fraud" is itself being suppressed by Republicans eager to keep the myth alive, and therefor preserve cover for blatant voter suppression plans.

"I'd be happy to have a national ID card with biometric security tied to a voting machine that's as secure as an ATM. The combination is something that everybody can agree to."

We absolutely can't. Few people with concerns about central databases, their vulnerability, and the uses they are inevitably put to, in combination with national ID cards, would ever agree that that's other than an absolutely horrible, unworkable, dreadful, proposal.

Take a look at the British national digital ID-and-database plan, and the insane problems so many people have pointed out with it. I'm afraid you have to be completely unaware of more than a decade of debate about these issues, particularly started in comp.risks back in the Nineties, to be so ignorant as to think that "The combination is something that everybody can agree to."

That's without getting into why no Democrat in their right mind would agree to methods of voter suppression as part of some grand compromise, even if the other part were a good, or at least reasonable, idea.

dmbeaster: As for Democratic concerns about electronic voting machines, there is some nuttiness on the question (exit polling allegedly proves the manipulation of voting machines.......).

It's not nutty, Dmb.

The touchscreen voting machines that have no paper trail can be rigged untraceably to deliver whatever result wanted. That doesn't in and of itself prove such rigging occurred, but it's worth pointing out that gambling machines with similiar levels of protection against fraud would be illegal to use in any licensed casino. You wouldn't have to prove that fraud had occurred, only that it could, to have those machines removed and destroyed.

Exit polls are a proven and reliable method of determining who won and by how much. They're in frequent use in many countries as a first-stop check against electoral fraud.

When the exit polls say one result, and the voting machines say another result, and the voting machines have been designed so that it is not possible to confirm whether the result they deliver is fraudulent or honest - then the exit polls are strong evidence that, in fact, the machines were rigged - and there is no evidence at all to prove that the machines weren't rigged.

Aside from the rather unconvincing claim put forward by one of the Republican officials responsible for the Ohio election in 2004: that it didn't matter that the voting machines could be rigged, because who'd bother?

"Actually, that's not quite accurate. For instance, in Georgia, where a bill like the one you're proposing was passed, there are < a href="http://www.pfaw.org/pfaw/general/default.aspx?oid=22223">700,000 adults without suitable ID (mainly drivers licenses), amounting to about 8% of the population."

And how many voters? Voters rarely hit 50% of the population, and they aren't evenly distributed among people without drivers licenses. And how many of those people would find it truly difficult to get an ID if it were required? The main problem with the Georgia statute was that it charged for the voter card, and that is rather easily remedied.

And reading the Georgia report I have to sigh at stats like "found to be fraudulent". Not to be rude, but if you have made it virtually impossible to prove fraud, it isn't shocking you don't 'find it'. I don't remember that the response to Bush's move to make it more difficult to "find global warming" by interfering with the scientific investigation was met with many warm feeling here.

And I'm completely unimpressed by stats like '8% of people don't have a currently valid ID'. Currently lacking an ID does not mean that we can't design a fairly easy system which provides such IDs--even at the state level. There is no reason in the world that has to be expensive and there is no reason why the state couldn't pay to provide one for poor voters who wanted it. That just is not a difficult problem.

The hypothetical "person with zero forms of ID and ALSO desperately wants to vote" who is always raised in these debates seems just at least as rare as polling place voter fraud.

This is wrong and also makes me angry, and demonstrates a typical Republican indifference to messing with people's voting rights.

Me, too, which is why I didn't reply. I become incoherent with rage when people are so fricking ignorant of the reality of how millions of poor people live that they can honestly and blithely say things like this.

And I think Sebastian is a good, well-meaning, basically honest, intelligent, thoughtful, person. Which just makes me that much more frustrated that so many people like him are so utterly damn clueless about what life is like for people on the bottom rungs of the ladder, for whatever reason.

"You mean the one in which the Bush=-appointed US Attorney found no fraud"

Do you mean found no rigourously proveable fraud? Once again when you design a system to make fraud almost indetectable, it isn't shocking that you can't detect it. If I pluck your eyes out, it isn't really fair of me to then ask you to describe what color I'm wearing the next day.

"And Gromit makes a good point about the more troubling aspect of disenfranchising real voters as opposed to a few improper votes leaking in. (and as if only Democrats would abuse the system to vote improperly -- why aren't each just as likely to make use of the same improper voting techniques? Why this Republican assumption that only Democrats allegedly do this? More myth making at work)."

This is not a good point. If you believe that why worry about voting fraud ever? Why worry about the kind of fraud that hilzoy actually does worry about?

"And I think Sebastian is a good, well-meaning, basically honest, intelligent, thoughtful, person. Which just makes me that much more frustrated that so many people like him are so utterly damn clueless about what life is like for people on the bottom rungs of the ladder, for whatever reason."

The problem is that I'm most certainly not clueless about it. I lived out of my car for two months for God's sake. You can get an ID if you want to get an ID. It isn't impossible, even for the hard cases like 'the birth records were destroyed'. The fact that some 8% of people in America DO NOT CURRENTLY HAVE AN ID is not the same as saying that 8% of citizens who are allowed to vote CANNOT GET AN ID.

That isn't the same AT ALL.

In addition to Gary's points, you're not going to get "a voting machine that's as secure as an ATM" that everyone will agree on. ATMs can be trusted because your bank and you both know about all your banking transactions, so you can check that the balance is correct. That's not true of voting, in which no one but the voter is supposed to know the vote.

There are theoretically ways to use cryptography to ensure that votes are being recorded properly, but the voting system needs to be transparent to the average person (and those who are far below average), not just to people with computer science degrees.

No electronic black box is going to be trusted by enough of the population. There's a reason we have election observers, and if the voting is completely electronic, there's nothing to observe.

Sebastian, assuming you are correct, and the deck is stacked against anyone looking for voter fraud, wouldn't the logical first step be to make detection easier, rather than tightening ID requirements based on a problem we don't yet know exists?

"Sebastian, assuming you are correct, and the deck is stacked against anyone looking for voter fraud, wouldn't the logical first step be to make detection easier, rather than tightening ID requirements based on a problem we don't yet know exists?"

If you can come up with a method of detecting fraudulant voters without identifying fraudulant voters, I'd love to hear about it.

Look, Sebastian, here's the thing. There is, yes, a benefit to preventing people who shouldn't be allowed to vote from voting. There's also a cost, in the form of people who should be allowed to vote but do not. The question is, is the benefit larger than the cost? I'm saying no. As Hilzoy explains, and as the suppressed report lays out in detail, any benefit is extremely low. And as the Georgia example shows, the cost is substantial. It doesn't matter whether legitimate voters CAN get IDs if they really want them--the point is that forcing this burden WILL prevent legitimate voters from exercising their franchise.

Mr. Farber writes in reference to my suggestion that we combine a national ID with a highly secure voting machine, calling my suggestion:

"an absolutely horrible, unworkable, dreadful, proposal."

That's a lot of adjectives, and they'd be much more useful if they were backed up with a few facts. Yes, there has been a lot of debate about various schemes, but the existence of bad schemes doesn't preclude the possibility of good schemes. For example, some of the computer voting machines are ridiculously easy to hack -- it really is appalling how badly they're programmed. But that doesn't mean that you can't build a secure voting machine -- we've already proven that you can build a secure ATM, and that's a trickier problem.

As to the national ID card, I'd like to remind you that we already have mountains of data on citizens: driver's license data, social security data, IRS data, passport data, and of course the nefarious FBI files. Right now we have a mess of data with different rules, all of them weak. Wouldn't it be a lot better to organize the whole mess with a clear set of rules as to who gets to access it under what conditions? We could insure that the restrictions are programmed right into the DBMS so that nobody can access data without the right authorization.

Yes, yes, I've heard the many claims that "hackers can defeat anything" -- those are based on ignorance. The fact is that the DoD and the banking system have maintained secure systems for decades now. Database systems can be made very secure. We can build it to match whatever requirements we wish to place on it. What's wrong with that?

There seems to be a judgment getting made that if you don't care enough to spend a half-day waiting in line at the DMV, if you don't care enough to fight through all the bureaucratic red tape that arises when you try to get an ID without any birth records or other documentation, then you don't deserve to vote because you don't want it badly enough, and thus we shouldn't care if you get disenfranchised. Needless to say, I'm not on board with that. An old lady who lives alone and gets Meals on Wheels because she never goes out still deserves to vote, even if she's disinclined to jump through hoops to get there.

If you can come up with a method of detecting fraudulant voters without identifying fraudulant voters, I'd love to hear about it.

I've never been able to vote without some form of ID. The new law here in Georgia would reduce the number of acceptable forms of ID, not institute a wholly novel policy of "identifying" voters. Sure, making it harder to vote makes it harder for folks to fraudulently vote (duh!). While we're at it, we can cut down on speeding by scattering nails on the nation's interstates.

Sebastian, forgive me, but I get so tired of people on the right claiming to be in possession of unprovable truth. "Unprovable truth" is simply an oxymoron. "Unprovable truth" is responsible for most of the trouble in which the country finds itself today.

If there is no credible evidence of fraud in an election, then there was no fraud in the election.

If you can come up with a method of detecting fraudulant voters without identifying fraudulant voters, I'd love to hear about it.

Let's say, hypothetically, that either you need ID to vote, or you need to fill out a provisional voter application. Maybe they even take your picture at the voting place to go with the application.

That seems to be a sufficient data trail to allow any interested partisan to determine, after the fact, whether there was voting fraud. After all, if the person listed on that provisional ballot doesn't actually live at that address, or if they're dead or whatnot, those aren't facts which are impossible to prove. And there's a lot of people who have a strong incentive to show that the other side is engaging in voting fraud, so it's not like they'll be unmotivated to go through this exercise.

i know plenty of people have already made this point, but really, the focus on individual voters voting multiple times (retail fraud) is insignificant compared to problems with the machines used to tally/record the votes (wholesale fraud). why bother organizing legions of loose-lipped criminals to gain a couple hundred votes when you can get one person to undetectably tweak a couple of electronic voting machine and move thousands?

why spend billions to prevent the minor problem while ignoring the larger problem ?

KCinDC, you raise two very different points:

1. The user friendliness of voting machines. Yes, it's appalling. Does that mean that it's impossible to design voting machines that are easy to use? No. It means that we need to get some competent software designers to tackle the problem. Years ago a commission of computer scientists made recommendations on how to build a proper voting machine. Congress ignored them.

2. The security of voting machines. Let's start with the realization that there is no secure voting system, even marking X's on paper ballots. So the question is, can a computer voting system be more reliable than a paper ballot? The answer is unquestionably yes. You can't lose computer votes in back corners of the office, as often happens with paper ballots. You can't incorrectly add up the vote counts with computer systems, as often happens with paper ballots. You can't have hanging chads or butterfly ballots with computer systems (well, you could design them to replicate these absurdities, but you'd have to be an idiot to do so.).

The fact is, we could design an open source voting machine and get enormous security and better user interface design. The fact that voting machines have been incompetently designed by cronies of the Bush Administration doesn't mean that the technology is flawed -- it means that the politics behind the technology is corrupt.

You can't lose computer votes in back corners of the office, as often happens with paper ballots.

There's all kinds of allegations in the electronic machines debate of partisans driving off with the vote count module, and the like. There's allegations of mysterious patches being uploaded to the voting machines the day before the election. I can't vouch for the truth of any of this, but obviously there's all kinds of shenanigans possible with electronic machines that would be much harder to pull off with standard voting methods.

The examples you listed have little to do with security; they're simply instances of human error. Yes, it's true, with an electronic machine you'll never accidentally drop a ballot behind the radiator. But these sorts of human error are inconsequential. What you have to worry about most is large-scale, systematic fraud, which is much easier to pull off and conceal when you're dealing solely with 1's and 0's.

I could conceive of a secure voting machine scenario - for starters, the software must be open source, it must be available for testing by partisans from both sides, and there need to be adequate security measures to ensure the software doesn't get changed between the testing and the election. It's at least possible in theory. But until such a scheme is devised, it's far better to stick with the machines people are comfortable with, since widespread public confidence in the legitimacy of an election is far more important than a miniscule increase in accuracy that comes at the expense of public confidence.

It isn't impossible, even for the hard cases like 'the birth records were destroyed'.

That seems like a good standard to me - not impossible.

"I lived out of my car for two months for God's sake."

The difference between two months and ten years (let alone more) is very large, Sebastian.

The difference between having a variety of the tools that are useful or necessary for success in our society, but having a setback for a year or three, and simply not possessing, for some reason, some of those tools, resulting in a lifetime of problems, is a difference of kind, not of degree.

I realize that generic accusations of the sort I implicitly made are difficult to defend against, and somewhat unfair. That's why I said I wasn't replying (other than to second the point about it making me angry), and said it made me incoherent. I'm afraid I don't have the patience to address stuff like this at present, or much of the time. Sorry.

"You can get an ID if you want to get an ID. It isn't impossible,"

No, it isn't, in most cases. It mostly, most of the time, just ranges from inconvenient and consuming of some time, and perhaps a bit of money -- that someone living in a one-step-from-disaster life might not be able to spare at a given time; and thus they can't vote that year -- to, in rarer cases, more difficult or problematic (problems getting a birth certificate, combined with language problems, and money problems, or health problems, or whatever).

These are not problems worth worrying about, in the view of many. Statistically inconsistent; you can get it if you just care enough. Etc.

Other views differ. Bleeding hearts, you know.

Consider this: you have a large group of people who already have a driver's license, and a smaller, mostly-African-American group that doesn't have a license. You propose requiring all of the second group, and none of the first, to go through a long procedure solely for the purpose of voting.

I got non-driver ID in New York in the '80s. It was easy & fairly quick, and other states' DMVs I've seen all look less crowded & better organized than NY's. So I doubt the procedure is all that "long." Voting takes time out of your day too -- are you going to say that having to stand in line unfairly disenfranchises busy people, or people who can't afford nannies? Asking for a minimum of effort is not per se unreasonable.

"we've already proven that you can build a secure ATM,"

No, we haven't. ATM thefts are a significant problem, much as the industry tries to limit news coverage of them.

"Right now we have a mess of data with different rules, all of them weak. Wouldn't it be a lot better to organize the whole mess with a clear set of rules as to who gets to access it under what conditions?"

No.

"Yes, yes, I've heard the many claims that 'hackers can defeat anything' -- those are based on ignorance."

Yes, yes, people like Bruce Schneier, those on comp.risks, and innumerable security experts are so ignorant of how security works: why should we listen to their impassioned warnings? Centralized databanks are good and safe and secure. Trust them, and trust corporations and government. You'll always be safe that way.

Do you mean found no rigourously proveable fraud? Once again when you design a system to make fraud almost indetectable, it isn't shocking that you can't detect it.

This statement isn't making sense to me. Aren't you presuming your conclusions before you make your case?

What I do know is that the Republican Party made efforts to challenge fradulent votes, and 30-40% of their challenges were of legal voters. One would think if there was a major problem of voter fraud, there would be a much lower case of false negatives. As it is, we're getting into what hilzoy was worried about, where efforts to combat voter fraud are actually deterring legitimate voters (and 30-40% is far too high a price to pay, in my book, to combat voter fraud).

Steve, you're right that current voting machines are a farce -- I've already stated that. And you're right that the software should be open source -- I've already stated that. You seem to think that securing computers is some sort of black magic that is extremely difficult to do and easily circumvented by clever people. That simply isn't true. It really isn't that difficult to design a secure voting machine. Game programs are much more difficult programs to write, and they're done with budgets of a few million dollars. This is no big deal.

Erasmussimo, user-friendliness of voting machines is also important, but I don't think I said anything about it. I'm talking about transparency. Regardless of how easy to use an all-electronic system is, it boils down to the user pressing something on a computer and then trusting that somewhere inside it the vote has been correctly recorded and will eventually be correctly counted. Any voter can understand the process by which paper ballots are handled and counted, and people from various parties can observe every stage of the process. That's never going to be true of a process that takes place entirely inside computers. And I say that as a computer programmer, not some sort of luddite.

Also, I don't think people design voting machines to replicate the absurdities you mention, but they happen nevertheless. Votes have been lost, totals have been added up incorrectly, and I think the problems with the electronic ballot in Florida's 13th district last year were pretty similar to the butterfly ballot problems in 2000.

Voting takes time out of your day too -- are you going to say that having to stand in line unfairly disenfranchises busy people, or people who can't afford nannies?

Well, actually, when well-off precincts have enough voting machines that you're in and out in 5 minutes, and inner-city precincts have so few machines that you have to wait in line for hours, yeah, I do think there's a big problem! So your question isn't as absurd as you imagine it to be.

There is a certain degree of effort that can be demanded, sure, and I think it hinges on your definition of what is reasonable. For the most part, we're talking about people who would encounter a great amount of difficulty in getting ID because they don't have the necessary supporting documents. There's a substantial number of people in this category and I don't think we should act like it's just a matter of standing in line for an hour no matter who you are.

Gary, your sarcasm isn't contributing to the discussion. And please don't assume that I am ignorant of technological issues -- I don't want to embarrass you. As to your specific points:

1. That ATM theft is a real problem. Yes, I already wrote that ATM security is a more difficult problem than voting machine security. There are two reasons for this: handling cash is always a tricky mechanical problem, and, more important, ATMs are open to the public 24 hours a day and can be attacked mechanically. It would be rather difficult to take a sledge hammer to a voting machine in a polling place and get away with it.

2. You prefer the current system, in which huge amounts of data on citizens are maintained by weak security, poor rules of access, and no safeguards against error? You have strange values.

3. You cite computer experts, but have these experts declared that every computer system can be hacked? No, they haven't. What they have done is point out the weaknesses in many systems -- and they do this BECAUSE THEY KNOW IT CAN BE FIXED. Yes, there are a few guys out there who are pessimistic about security issues, but most security guys are pretty sure that a properly designed system can be made secure. And if we're talking about the national database that would go with a national ID, then that system would be physically secure -- inside big buildings with armed guards and using closed communications systems. That's not the kind of system that the security guys worry about.

It really isn't that difficult to design a secure voting machine.

But you need to design a machine that is not only safe from outside hackers, but is safe from tampering by insiders as well. The challenge is not so much the security itself as providing transparency - as the poster above stated - such that voters can personally be confident in the security. Diebold, after all, stands ready to assure the world that their machines are very, very secure.

KCinDC, you assert that voters will never trust computers to count their votes correctly. Right now, millions of people carry out financial transactions on the Internet, a place far less secure than a voting machine -- don't you think they trust the system? How about all the people who use ATMs? If they're afraid that the ATM will deduct too much money from their account, why do they use it?

People are using computers all the time for all sorts of activities. This isn't the 1960s when computers were Star Trek monsters bent upon destruction, easily foiled by Captain Kirk posing a logical dilemma to them. People use computers all the time, and they're getting used to them. It's funny how the computer has penetrated all of our activities: at work, at the supermarket, playing games or surfing the web or writing up homework at home, at the bank, paying the utility bill -- voting is one of the few places where we have not applied the superior speed, convenience, and reliability of computers. I don't understand why otherwise intelligent people draw a line here when they accept computers everywhere else in their lives.

Steve, you're right that election workers can't be trusted either. That's why you can use either encrypted transmission of the results to the main computer, or encrypted data on a data module that contains encrypted verification data. This is just not that difficult to do. You could use thumb drives, for Christ' sake, and have a perfectly secure system.

I have to go away for a few hours. I'll check back in later.

"Sebastian, forgive me, but I get so tired of people on the right claiming to be in possession of unprovable truth. "Unprovable truth" is simply an oxymoron. "Unprovable truth" is responsible for most of the trouble in which the country finds itself today."

It isn't unproveable at all. The proof has been systematically suppressed and collection of the evidence has been made purposefully difficult. That is what makes it so maddening.

Erasmussimo, if someone steals money out of my bank account I'll know it, because I can keep track of how much I deposit and how much I withdraw. If someone steals my vote, I'll never know. Voting is completely different from banking.

Somehow I missed this exchange above:

dmbeaster: And Gromit makes a good point about the more troubling aspect of disenfranchising real voters as opposed to a few improper votes leaking in.

Sebastian Holsclaw: This is not a good point. If you believe that why worry about voting fraud ever? Why worry about the kind of fraud that hilzoy actually does worry about?

If I believe what, exactly? Because what I said is that a lot more value should be placed on protecting one legitimate voter's rights from being stripped away than on barring one illegitimate voter from getting to vote. This is nothing like saying no value should be placed on the latter. And I was pretty careful to point this out, too.

If you can come up with a method of detecting fraudulant voters without identifying fraudulant voters, I'd love to hear about it.

Why can't we identify fraudulant voters? AFAIK, whether someone voted in an election is public knowledge, whereas who that person voted for is not - how hard is it to find out whether those who voted properly did so?

The proof has been systematically suppressed and collection of the evidence has been made purposefully difficult.

friggin Illuminati !

Well, actually, when well-off precincts have enough voting machines that you're in and out in 5 minutes, and inner-city precincts have so few machines that you have to wait in line for hours, yeah, I do think there's a big problem!

Oh, I'm well aware of that problem, and I agree that it is a problem. The difference I see between that and the ID issue is:
With respect to ID, as I understand it we're talking about people who don't already have driver's licenses because (I hope) they don't have cars, in most cases because they can't afford cars. Those people can get state ID by, basically, making the standard trade that poor people have to make for a lot of things: extra time & trouble because they don't have the money to do things the standard way. That tradeoff sucks, but it's not IMO unfair, any more than it's unfair that they have to take the bus to shop instead of driving because they don't have that same car.

In contrast, the longer lines in poor neighborhoods are a gratuitous and quite likely racist swipe at the poor. They have fewer voting machines per capita, not as a direct consequence of lacking some resource like a car, but because they lack political power due to their poverty -- and lack of political power should not determine who gets to vote. The problem here is akin to gerrymandering.

For the most part, we're talking about people who would encounter a great amount of difficulty in getting ID because they don't have the necessary supporting documents. There's a substantial number of people in this category and I don't think we should act like it's just a matter of standing in line for an hour no matter who you are.

Fair enough, I see your point, but do you see that you're ruling out any sort of proof of identity? They can't get ID, they don't have supporting documents, ok, why SHOULD I believe that they have a right to vote in this election? If they can't prove that they live in the voting area and are citizens they shouldn't even be on the voter rolls in the first place.
Hilzoy's point, that this problem can't get very big, is well taken. But it bothers me a bit to just give up on checking identity because it might be difficult for people who are somehow getting through life entirely paperless to get ID. I have to wonder how many of those people even care about voting - if I had no ID and no way to get any, voting would not be my biggest worry.

Let's start with the realization that there is no secure voting system, even marking X's on paper ballots. So the question is, can a computer voting system be more reliable than a paper ballot? The answer is unquestionably yes.

Actually, no.

The most reliable form of tamper-proof election is one with paper ballots, which the voter fills in by hand, which the voter then places in a sealed ballot box that will not be opened until after the polls close and then in the presence of witnesses from all parties participating in the election who can confirm that the seal was unbroken, and then counted by hand, with mandated recounts for close results, and representatives from each party scrutinizing disputed ballots. You also need an independent electoral body that is not staffed or run by people who are members of any party.

It's timeconsuming. It requires training. It need dedicated people who are committed to free and honest elections.

Is the US so lacking in time, money, and dedication that it can't have the best elections and must settle for voting machines and automated counts?

trilobite: but do you see that you're ruling out any sort of proof of identity? They can't get ID, they don't have supporting documents, ok, why SHOULD I believe that they have a right to vote in this election?

Because the old lady has been a US citizen since before you were born and has voted in every election since before you were born, and can now only manage to leave her house with great difficulty, certainly not to stand in line and prove she is indeed the same voter she has been since before you were born?

See, I can see requiring voter ID to vote if the people who require it are making an effort (and paying out the necessary money) to make sure that everyone entitled to vote has the necessary ID.

As for Democratic concerns about electronic voting machines, there is some nuttiness on the question (exit polling allegedly proves the manipulation of voting machines.......).

Not so nutty.

Computer programmer Clinton Eugene Curtis testifies under oath before the U.S. House Judiciary Members in Ohio (back in 2004) [cut] A partial transcript:

Are there computer programs that can be used to secretly fix elections?

Yes.

How do you know that to be the case?

Because in October of 2000, I wrote a prototype for Congressman Tom Feeney [R-FL]...

It would rig an election?

It would flip the vote, 51-49. Whoever you wanted it to go to and whichever race you wanted to win.

I live in a simple country. Everybody with Dutch nationality who is above 18 can vote. They all get a card via snailmail and their names are on a list, but we are more administrated that the US is. How about voting rights for all, a list of names and --- purple ink on the vinger for those who have voted?

trilobyte: I have to wonder how many of those people even care about voting - if I had no ID and no way to get any, voting would not be my biggest worry.

At the bottom of this whole crusade against mythical voter fraud is the principle that if you just add enough friction then the folks at the margins -- those who feel their votes don't count for much, those who are distrustful of the government for historical reasons -- will simply drop out of the democratic process.

Oops, sorry, make that "trilobite". Not sure where that spelling came from.

In the UK, a system has been started so that homeless people can register to vote. I'm unsure how widespread it is, or how successful it's been, but I'm all for it in principle: your legal right to vote does not depend on having enough money to pay the rent, so why should your ability to vote be dependent on having a fixed address where you reside?

"The proof has been systematically suppressed and collection of the evidence has been made purposefully difficult.

friggin Illuminati"

I'm not appealing to anyone mysterious. It is in fact Democrats who want to make it almost impossible to verify that someone has a right to vote.

"Because the old lady has been a US citizen since before you were born and has voted in every election since before you were born, and can now only manage to leave her house with great difficulty, certainly not to stand in line and prove she is indeed the same voter she has been since before you were born?

See, I can see requiring voter ID to vote if the people who require it are making an effort (and paying out the necessary money) to make sure that everyone entitled to vote has the necessary ID."

How do we know the voter is actually her?

As for the second paragraph, well of course!?!? But I'm not arguing against that. If you want to make sure there is no charge, and want to try to make it fairly easy, I'm all for that. I was under the impression that I was arguing against people who didn't even want that. Am I wrong? Gary? Cleek? Gromit? KCinDC?

Sebastian, there was no fraud in the Washington election. You state that there was no "rigouously provable " fraud--exactly. Then you go on to say (paraphrasing here) that there must have been real slick operators out there who were succesful in perpetrating fraud and the proof of this is that it is unprovable.

Honestly, think this one over. There is no evidence of fraud, only claims by the head of the Washingon Republcian party which were disproved by a Republican judge, a Republican Secreeatry of State annd a Republicann prosecutor. In fact the prosecutor said thhat hhe wouuld not drag innocenntpeople in from t of grannd juries. (Ulike thhe Wisconsin prosecutor!)

It isn't ok to believe things just because you want to.

The big fault with the current Republican party is that it is infested from top to bottom withh dishonest, ruthless Norquist style people who will do anything, say anything to win. They are supported by people who will belive anything to maintain their loyalty. We are fortunate in Washington state to have some Republicans in key positions who are not ethically impaired, notably our Secretary of State and the prosecutor.

So why are you buying the party line of thhe sleezeballs who have highhjacked the Republican party instead of accepting the analysis of some of the few remainning honorable people in the party?

"That tradeoff sucks, but it's not IMO unfair, any more than it's unfair that they have to take the bus to shop instead of driving because they don't have that same car."

The distinction here is that I'm unaware of a Constitutional right to take the bus to shop.

I am extremely aware of the Constitutional right to vote.

In fact, the 14th Amendment includes this requirement (subsequently modified to also apply to female citizens, and those 18 and older, not just 21 and older):

But when the right to vote at any election for the choice of electors for President and Vice-President of the United States, Representatives in Congress, the Executive and Judicial officers of a State, or the members of the Legislature thereof, is denied to any of the male inhabitants of such State, being twenty-one years of age, and citizens of the United States, or in any way abridged, except for participation in rebellion, or other crime, the basis of representation therein shall be reduced in the proportion which the number of such male citizens shall bear to the whole number of male citizens twenty-one years of age in such State.
Nothing in the Constitution about buses, though. No more than there's anything about the need to prevent voter fraud outweighing the right of citizens to vote.

Similarly, the 24th Amendment says:

Amendment 24 - Poll Tax Barred. Ratified 1/23/1964. History

1. The right of citizens of the United States to vote in any primary or other election for President or Vice President, for electors for President or Vice President, or for Senator or Representative in Congress, shall not be denied or abridged by the United States or any State by reason of failure to pay any poll tax or other tax.

2. The Congress shall have power to enforce this article by appropriate legislation.

We've got a body of election rights laws, of course, but the sum of it is voting is a right.

Not a convenience, and not a privilege. A right.

So the "That tradeoff sucks, but it's not IMO unfair" standard doesn't apply.

"They can't get ID, they don't have supporting documents, ok, why SHOULD I believe that they have a right to vote in this election?"

Why should you believe anyone has any of the rights guaranteed in the Constitution?

The default is that we assume people are entitled to their rights, unless they can be proven legally not to be.

So the standard is that people have the right to vote unless you can prove they're not entitled.

Not vice versa. In this country, we don't have to prove that we're entitled to our rights.

At least, that's the theory.

And that's the point.

How do we know the voter is actually her?

What proof are you willing to accept?

It isn't unproveable at all. The proof has been systematically suppressed and collection of the evidence has been made purposefully difficult.

Well, Sebastian, if it's not unprovable, let's see the proof. And if it's provavle that the evidence has been wilfully destroyed, let's see the proof of that.

Recall that we're talking about a specific election for the goverorship of Washington, where the US Attorney conducted an investigation, found no basis for indicting anyone, and was dismissed by the adminstration for his pains. If you can prove actual suppression of evidence of voter fraud in this instance, well, that's big news.

Well, dutchmarbel, you still have voting machines that can be reprogrammed to play chess and a voting-machine manufacturer that's blackmailing the government (holding elections hostage to get a better deal) and pressuring it not to investigate its machines properly.

It is in fact Democrats who want to make it almost impossible to verify that someone has a right to vote.

amazingly, they ask me to verify my name and addr, and verify that i'm list on the list of voters for that voting place when i vote - in NC, a state that has had a Dem governor for 88 of the last 100 years.

Sebastian,

And looking at the reports about the reports, I have two serious methodological objections. First, many states have made polling place voter fraud almost impossible to detect. If you don't require any ID and allow same day registration with mere vouching, it isn't going to be easy to detect fraud, even if it is widespread. See for example the Washington State governor's election. Finding new unsecured ballots on nine separate occassions over a few weeks leading to a 129 vote margin in millions of votes doesn't inspire confidence.

Washington state has never to my knowledge had same day registration. This entire paragraph is a non sequitur. The real problems you note with ballots found were entirely back office problems and not voter registration problems.

There were problems with some voters registrations, but they were not proven to have altered the outcome of the election. Not because they weren't detectable, but because not enough were proven favoring Democrats and at least some of the proven errors broke in favor of the Republicans.

most security guys are pretty sure that a properly designed system can be made secure

I simply don't believe this. Link, please?

"Not a convenience, and not a privilege. A right."

Is that a right of citizens, or citizens and non-citizens alike? If the not the latter, how do you distinguish between citizens and non-citizens without identification?

Is voting more than once in an election a right? If not, how do you stop that without identifying the voter?

Applying counting statistics to voting, on a million votes you expect an error in the thousands, forget a difference of 129 being significant.

I can see requiring voter ID to vote if the people who require it are making an effort (and paying out the necessary money) to make sure that everyone entitled to vote has the necessary ID.

What documentation do I have to show in order to get an ID?
What if I don't have that documentation?
Does everyone get one for free?
If not what are the standards for getting one for free?
How do I prove I meet those standards?
Where do I have to go to get my ID?
If so, what if I can't?
Do I have to prove that I can't?
How do I prove that?
Will you deliver the ID to where I live?
Will you collect from me the documentation I need to prove I qualify for an ID and/or a free ID?
Will you come in the evenings and/or on weekends?
Do I have to make an appointment?
If so, how do I do that?
What if I miss the appointment, will you come back?
What if I miss that one?
etc. etc. etc.

Erasmussimo:

Every few days I look at my bank statement, I can track every debit and credit. I know how much i've taken out at ATMs. If there is a mistake I can challenge my bank. While its not certain that the mistake will be rectified I know it has happened.

If I vote on electronic machine the only way I have of knowing of a mistake is if a candidate I voted for receives 0 votes from my polling place. I can't easily find out if my machine was off, so my whole polling place needs to record 0 votes. Even then its just my word, and there is no historical record.

Comparing voting to ATMs is non-sensical.

Sebastian Holsclaw: Is voting more than once in an election a right? If not, how do you stop that without identifying the voter?

Again, no one is proposing that we stop identifying voters.

Gromit, I'm not sure what you mean about stopping identifying voters. In lots of places (most?), there is no identification of voters to stop (unless I misunderstand what you mean by "identify"). I see above that you say "I've never been able to vote without some form of ID", but I don't believe your experience is typical. I can't remember being asked for ID when voting in DC, Virginia, or Connecticut.

Maybe you're arguing against the specific law in Georgia, but Sebastian seems to be making a broader argument, and if you have no problem with requiring ID to vote then you might be closer to his position than you think.

"Not a convenience, and not a privilege. A right."

Is that a right of citizens, or citizens and non-citizens alike?

It's kinda silly to take this as a serious question.
If the not the latter, how do you distinguish between citizens and non-citizens without identification?
I'm not going to define the boundaries of what the Best Possible System is; it's not my field of expertise, and it's not my job to put forth positive proposals.

The point is that whatever the system for voter identification is, it should be the most minimally intrusive and troublesome system that's practical.

I'm 100% for election monitors and monitoring during an election, so long as they don't interfere with, or discourage, legal voting.

After the election, I'm 100% for investigation of any claims of voter fraud. I'm also completely fine with any and all parties, political or private, looking into, and investigating, for any evidence of voter fraud, so long as they stay within legal boundaries, and don't cross over into illegal harassment of voters.

If any credible evidence of vote fraud is found, it should certainly be brought to the attention of the proper, non-partisan, authorities, and investigated.

"Is voting more than once in an election a right?"

Another rhetorical question.

"If not, how do you stop that without identifying the voter?"

No one has ever claimed we should have anonymous voting, Sebastian. But we shouldn't be presuming that prospective voters are guilty, and we shouldn't remotely reverse that so that people have to prove their innocence of voter fraud before we allow them to vote. Allowing them to vote, and then investigating any suspicious cases should deal with most cases of real voter fraud.

If there's specific evidence of widespread fraud not being caught that way, why, then, I'm certainly open to dealing with any problems we become aware of.

But, you know, why don't we first find something like that?

Otherwise I really think we should spend a few billion on Martian-defense: who knows, it could turn out to be a big problem -- why not be safe?

It's somewhat difficult to take Erasmussimo's claims that people who disagree with him are "ignorant" and that "most security guys are pretty sure that a properly designed [computer voting] system can be made secure," when a) he brings up none of the actual problems that have been discussed in the past ten years by "most security guys," and, in fact, "most security guys" have been warning of those problems for over a decade.

There's simply been such a huge body of work and wordage produced at comp.risks/Risk Digest, alone, in the past decade, that one would barely know where to begin to introduce someone unaware of the general consensus in the security field about electronic voting.

That's not even getting into the centralized all-data government database on all citizens genius idea, or the electronic ID problems, but let's set those aside for now.

But, hey, let's start with this from Bruce in 2004, and the first part of this Crytogram from 2000.

Then one can move on to here. When Erasmussimo is done, I suggest moving on to here.

After that, we can all start on the same page.

OK, I have four challenges to respond to. First, KCinDC observes that a security failure in an ATM can be discovered, whereas a security failure in a voting machine is undetectable. (Crack makes the same observation later.) This is not true. A properly secured system includes audit trails that permit detection of alteration. Audit trails have been around for a long time and businesses trust trillions of dollars with them all the time.

Jesurgislac asserts that a paper balloting system is more secure than a computer system. The trick here is that Jesurgislac assumes a perfectly executed paper ballot system. It is true that a perfectly executed paper balloting system is perfectly secure -- and the same thing applies to computer systems. The problem here is how resistant the system is to attack. How easily could bad people manipulate the system? It has long been demonstrated that paper ballot systems are vulnerable to attack via a great many routes. So if we're comparing real-world systems -- a computer system built with 'reasonable' levels of security and a paper system built with similar levels of security, the computer system wins hands down. You want proof of that? Look at every other high-security system that once was executed with paper. How many are still using paper?

Amos Newcombe asks for a link supporting my claim that most security guys are pretty sure that a properly designed system can be made secure. I'm sorry, Amos, but there has never been a Gallup poll of computer security experts, much less a standard definition of what credentials one needs to have one's opinion count in any such poll. I therefore cannot satisfy your request. If you want to read up on this stuff, there's plenty of material to explore. A good starting point would be the Wikipedia article on computer security, which provides plenty of links and references.

However, I will again remind you and the other skeptics here that computer security is not a new problem, that it has been addressed for decades, and that there thousands (if not millions) of operations all over the globe operating under various levels of computer security, some of which are about as secure as anything created by the hand of humans. It is remarkable that, despite all the human activities and the many huge technological strides of the last few decades, voting continues to use technologies that are hundreds of years old. (I'd say thousands, but the Greeks used pebbles, not ballots).

"I can't remember being asked for ID when voting in DC, Virginia, or Connecticut."

I'm not clear if you're saying they have same-day registration, which is done without ID of any sort, but simply taking down where someone claims to live, or with no recording of name, let alone address, at all, or whether you can vote in these places with no registration at all, because it doesn't exist, or what.

Last I looked, everywhere in the U.S. had voter registration rolls, but I'm ignorant of registration-free voting (not counting provisional ballots, of course, which are, as constituted, yet to be reported as a source of significant voter fraud, so far as I've noticed) in some places. Anyone want to point to some states that have that?

"It is remarkable that, despite all the human activities and the many huge technological strides of the last few decades, voting continues to use technologies that are hundreds of years old."

I'm one of the most technophiliac, pro-technology, people there is, but it's ludicrous to assume that just because a technology is new, it's better. (But a brand new, 1.0, computer program is always better than one you've used for years! It's newer!)

I like to walk around my neighborhood, when my health doesn't interfere. I really don't need new technology, say, a Segway Human Transporter, to do it better. It's really not at all remarkable that walking works well. And yet walking is at least some hundreds of years old! Crazy!

The securest method of computer security is to not use a computer.

If you can prove otherwise, this would be interesting.

Gary, maybe I'm misinterpreting Gromit's reference to "some form of ID". I would not describe being asked for my name and maybe my address as a "form of ID". The process I'm familiar with, which I think is pretty widespread in the US, is walking up to a table where they have a list of registered voters, giving my name and perhaps my address to the poll worker, and signing next to my entry in the list so that I can be given a ballot.

The securest method of computer security is to not use a computer.

so, the securest method of paper ballot security is... not to use paper ballots ?

Erasmussimo at 4:50 is right; a paper ballot system is far more open to attack than a computer voting system. you don't need a screwdriver, a flash card reader, a computer, a copy of Windows, a copy of Access, and the technical know-how to shred a stack of paper ballots, you only need the desire and the opportunity. assuming trustworthy software, given similar levels of human security infrastructure, a computer beats paper.

i can't think of a scenario where a computer voting system can be hacked but paper ballots are immune. if you can break into the computer, you have to be out of sight of anyone who cares. at that point, the paper ballots are 100% vulnerable. if you can throw away the flash card with the vote tallies, you can shred the paper ballots. if you can break into the computer beforehand, tamper with the software, you can tamper with the paper ballot counting mechanism.

the only issue i can see is in the computer software that runs the machines and tallies the votes from multiple machines. that should be solvable.

Gary, you are attacking a trivial point. I am not insisting that we use computers simply because computers are sexy technology. I am insisting that computers are a proven technology that is demonstrably superior to the paper ballot, yet we cling to the ancient technology in the voting field even though we have made the jump to computers in almost every other field.

Jesurgislac asserts that a paper balloting system is more secure than a computer system. The trick here is that Jesurgislac assumes a perfectly executed paper ballot system.

Oh, I wouldn't say that. Just a paper ballot system as well-executed as a mature democracy can manage it.

It has long been demonstrated that paper ballot systems are vulnerable to attack via a great many routes

True: but although computer systems haven't been around as long, it's been overwhelmingly demonstrated that they're far more vulnerable to attack than any paper ballot system.

i can't think of a scenario where a computer voting system can be hacked but paper ballots are immune. if you can break into the computer, you have to be out of sight of anyone who cares. at that point, the paper ballots are 100% vulnerable. if you can throw away the flash card with the vote tallies, you can shred the paper ballots. if you can break into the computer beforehand, tamper with the software, you can tamper with the paper ballot counting mechanism.

The difference is that computerized results can be altered more quickly and less visibly. If the computer is on a network, you don't necessarily have to be in the same place as the computer to attack it. Paper ballots are bulky and heavy -- how are you going to dispose of the shreds once you've shredded them? The amount of effort required to hide or change paper ballots is directly proportional to the number of votes affected, because they're physical objects. Not so for votes that only exist in digital form.

Erasmussimo, what long-established audit trails are you talking about in which the original inputs are kept secret from the people who perform the audits? How do you propose that average voters who want to understand how their ballots are counted can observe such a system?

One of the many problems with all-electronic voting is that it reduces greatly the pool of people who are competent to observe elections, by putting that function completely into the hands of people with extremely specialized knowledge. Most people are capable of understanding the process of counting paper ballots. Very, very few understand computer cryptography and the sorts of things you have to do to make sure that results match up while keeping votes secret.

It also reduces the pool of people who are able to keep voting going when some unexpected problem occurs, as we saw in the disaster in last year's primary in Montgomery County, Maryland, where polls were turning away voters for hours because of missing memory cards. And computers are great at allowing small glitches to cause large disruptions. When a computer-based system works, it can be very efficient, but when it doesn't everything grinds to a halt. That's not a good characteristic for a voting system, which deprives people of a basic right if it's not functioning during a window of a few hours once every couple of years.

"I would not describe being asked for my name and maybe my address as a 'form of ID'"

"ID" means "identification."

I very much would describe being required to identify my name, and maybe my address, as requiring someone to identify themselves by name, and maybe address.

What you're referring to is being required to provide something commonly taken as proof of identification; that's entirely a different concept than being required to identify yourself.

And the first step in verifying whether you are entitled to vote is to see whether the person you are identifying yourself as is on the voter registration rolls.

Obviously, if two people show up to vote, claiming to be the same people, there's a problem that must be investigated.

Also obviously, just claiming to be someone doesn't prove you're them, but, then, "proof" as it is commonly used in such situations isn't really "proof," but simply a way of heightening the odds that the claim is correct. Hell, DNA analysis can be wrong, and isn't infallible "proof" of identity. There is no infallible "proof"; there's only increasing or decreasing the odds that the claim is true.

My point is that unless there's a reason to suspect that there's significant fraud going on that simply requiring identifying one's self as the person on the voter rolls is insufficient to catch, then there's no reason to suspect that such fraud is going on.

Which is why we've gotten along reasonably well for the centuries we've been voting with this system, and not requiring retina tests, or fingerprinting, or paying a poll tax, or whatever.

Just like walking works quite well to get around a few blocks, if your health, or something else, doesn't interfere.

If it ain't broke, it don't need fixin'.

KCinDC,

Since when is a signature not considered a form of ID? It has been good enough for checks, charge slips and voting for quite a while. As long as there is a registration to verify the signature against, why shouldn't your signature be good enough?

Let's take a poll: anyone here ever shown up to vote and been told that someone else had already shown up and claimed they were them? And anyone ever shown up to vote and been told that they weren't registered?

Sebastian:

"And Gromit makes a good point about the more troubling aspect of disenfranchising real voters as opposed to a few improper votes leaking in. (and as if only Democrats would abuse the system to vote improperly -- why aren't each just as likely to make use of the same improper voting techniques? Why this Republican assumption that only Democrats allegedly do this? More myth making at work)."

This is not a good point. If you believe that why worry about voting fraud ever? Why worry about the kind of fraud that hilzoy actually does worry about?

Being hyperbolic in response misses the point.

As hilzoy discussed, the goals of making it easy to vote and thereby increase participation vs. eliminating fraudulent voting are sometimes in conflict. You have to make a balance when fashioning rules and procedures, as they frequently are at cross purposes.

In making that balance, which is more of a problem. Disenfranchising people who want to vote vs. keeping out fraudulent voters? Gromit's point is that disenfranchising voters is, at least on a one for one basis, more of a problem than keeping the fraudulent away. And I think that is right -- we have a much bigger problem with lack of citizen participation in voting than fraudulent voting. Fashioning rules that turn away people who want to vote is having a much uglier consequence than the small number of retail frauds that are allegedly happening (I think its largely a nonexistent phenomena -- there is no evidence that it is a problem anywhere).

Bottom line is that in recent years, there is little problem of the type of voting fraud that cleek accurately calls "retail fraud." To do that requires control of large municipal "machines" in which you can practice your fraud openly with large groups of people without fear of prosecution. That situation simply does not exist anymore. Karl Rove can mumble darkly about jurisdictions in New Mexico or elsewhere that look like they are run by military junta types, but its just not a real phenomena anywhere.

Part of the problem is the bogus arguments made by Republicans to suggest fraud. "There are more people registered to vote than in the County" -- a common phenomena if the system does not purge voters every so often who are inactive. People move away or die whereas new voters keep registering. Surprise! There are soon more registered than residing in the County. "Dead people are on the voting rolls!" -- a common phenomena everywhere since there is no method for purging the dead from the rolls (I doubt that any jurisdiction does this).

In California, I know they will drop you from the rolls if you go so long without voting (can't remember how long). This slowly cleans the rolls of defunct registrations, but there is no regular process to do so. And yet these simple facts repeatedly show up in Republican talking points of proof of fraud. It's complete crap.

And again, if this was such effective fraud, why aren't Republicans doing it in Red States? Do they allegedly have some higher ethical standard about such matters? Please.

"In California, I know they will drop you from the rolls if you go so long without voting (can't remember how long). This slowly cleans the rolls of defunct registrations, but there is no regular process to do so."

Now, if someone wants to propose a law that says that voters be automatically dropped from the rolls if they've not voted once in the past twenty years, or fifteen, or even ten, speaking only for myself, I'm fine with that.

And anyone ever shown up to vote and been told that they weren't registered?

I've heard of this happening in the UK, sometimes, when friends/acquaintances moved before an election and discovered they weren't registered too late to get a postal vote. (I moved three weeks before an election once, but I didn't want to break my record: I got a postal vote.)

Let's take a poll: anyone here ever shown up to vote and been told that someone else had already shown up and claimed they were them?

Never in my own personal experience (unlike the former, where friends of mine have told me about not being registered) but I have read news reports of it happening in the UK - most recently, in an election where in some constituencies as an experiment the rules for getting a postal vote (absentee ballot) were relaxed to see if this would encourage more people to vote. If the news stories were accurate, it wasn't a successful experiment, but I have no hard data or even anecdote one way or another.

I was registered to vote at my parents' address when I was 17: one or other of my parents would have filled in my name on the form when it came round, as a prospective voter who would be entitled to vote at the next election. There are penalties for providing false information, but no one has ever challenged my right to vote, though I've been registered at goodnessknowshowmany addresses since then.

Erasmussimo,

Please, I beg of you: stop. Stop now.

I cannot speak for all security experts, but I do computer security work for a living. I have computer science degrees from MIT. I've taken classes in computer security and cryptography. So I'm something of an expert. I certainly know a lot more than someone who's sole expertise comes from reading a frakking wikipedia article.

Given my expertise, I can say that your statements imply a level of ignorance that is beyond breathtaking. I simply cannot remember when I have seen so many lies and distortions packaged so tightly as I have seen in your writing today.

Please, I beg of you, stop polluting the discourse with your misinformation.

Gary, despite not being an engineer, has done an excellent job explaining the consensus in the technical community. Everyone would be well advised to read the materials he suggests.

erasmussino:

It has long been demonstrated that paper ballot systems are vulnerable to attack via a great many routes. So if we're comparing real-world systems -- a computer system built with 'reasonable' levels of security and a paper system built with similar levels of security, the computer system wins hands down.

This has never been shown to be true for computer voting technology. The paper system always wins hands down. There is a reason why the gold standard for recounts is the hand recount.

The types of bad behavior to which paper systems are prone are equally likely in any computer system. The greatest risk to voting is the inside job -- not outsiders. There is nothing unique about a computer system that makes it more secure from insider fraud. If the guys securing it a fraudulent, then its going down whether its paper or computers.

Current computer voting technology is way less secure while costing a lot more to implement. This has to do with the shoddy level of security required and the odious trade secret practices for the software that runs the things. I imagine that a computer system can be designed that is on par with the security provided by hand and paper ballots monitored by thousands of volunteers as has been historical practice, but it has not been implemented yet anywhere. Nor will it since it is a lot more expensive than the old fashioned way.

What has made the system work so well is the availability of thousands of citizen volunteers -- why eliminate that for a less secure computer system?

"I'm 100% for election monitors and monitoring during an election, so long as they don't interfere with, or discourage, legal voting.

After the election, I'm 100% for investigation of any claims of voter fraud. I'm also completely fine with any and all parties, political or private, looking into, and investigating, for any evidence of voter fraud, so long as they stay within legal boundaries, and don't cross over into illegal harassment of voters.

If any credible evidence of vote fraud is found, it should certainly be brought to the attention of the proper, non-partisan, authorities, and investigated."

But what is the 'credible evidence' now that you have removed identification?

Gary and Jay, Gromit's original statement was

I've never been able to vote without some form of ID. The new law here in Georgia would reduce the number of acceptable forms of ID, not institute a wholly novel policy of "identifying" voters.
To me, such language ("some form of ID", "acceptable forms of ID") is not something I'd use to refer to the process of being asked my name. But as I said, I may have misinterpreted Gromit.

Sebastian, what is the credible evidence if voters do have to show ID? It seems to me the evidence is pretty similar in either case. You know which registered voters (supposedly) voted. Are there people on that list who claim not to have voted or are dead or otherwise ineligible? Did people show up at the polls and find that someone had already voted in their names? What is the evidence that you keep saying the Democrats are destroying?

Wierd. I can't recall that electronic balloting was much of a Republican crusade. Possibly it's that not-paying-attention thing again, but I never thought it was a good idea.

In other words, if the bank says I need two forms of ID to open an account, I don't assume that one of them is stating my name and address. YMMV.

But what is the 'credible evidence' now that you have removed identification?

Grrr. Stop this. NOBODY said anything about removing identification. This is more about alloocating effort.

It's a bit odd:

Over in the ESCR thread, Sebastian states that we can't possibly know how many women capricially abort their babies in the last trimester, because that information is "ruthlessly suppressed."

In this thread, Sebastian states that we can't possibly know how much Democratic vote fraud there is because that information is "ruthlessly suppressed."

Are there anuy other issues, Seb, that we liberals/feminists/women have "ruthlessly suppressed" the truth about?

KCinDC,

I wasn't referring to Gromit, merely to your assertion that asking for your name address and signature was not a form of ID.

But what is the 'credible evidence' now that you have removed identification?

Well, for example, maybe when I show up to vote with no ID, I have to fill out a provisional ballot application with my name and address. In the Kingdom of Steve where I make all the rules, they'd take your picture and include it with the application.

And after the election, partisans would be free to review the provisional ballot applications and look for evidence of fraud. If "123 Parkside Lane" doesn't exist, then we have fraud. If it does exist, but there's no "Sebastian Holdsclaw" at that address, we have fraud. If "Sebastian Holdsclaw" has been dead for years, we have fraud.

This surely wouldn't be 100% foolproof, but if there's really widespread fraud going on, surely it would be found out. And in a close election like in Washington State, the parties would be strongly incentivized to hunt down this fraud by any means necessary. My sense is that it's not as impossible as you make it out to be, and all of this can happen without an absolute ID requirement.

Jesurgislac argues that a paper ballot system need only be "as well-executed as a mature democracy can manage it." in order to provide security superior to a computer system's. I will point to the 1960 Presidential election as a good example of what can happen with paper ballots in a mature democracy. Yes, problems can always arise with any system, paper or computer. But I suggest that, with the computer system, at least we can narrow down the number of attack vulnerabilities to a small set that is very difficult or expensive to pull off. Such is not the case with paper ballots; throwing ballot boxes into the river is an old trick.

Jesurglisac next asserts that "it's been overwhelmingly demonstrated that they're far more vulnerable to attack than any paper ballot system." I believe you misunderstand the nature of the problems with computer systems. It has been demonstrated that they are too difficult for election workers to operate properly, and it has also been demonstrated that voters can be confused by poorly designed software. But computer people have been screaming about these problems for years. The problem is not that it can't be done properly; the problem is that the current crop of machines is being designed by people who couldn't program their way out of a paper bag. Did you know that the Diebold machines were programmed in BASIC?!?!?! That's a hobbyist language invented in 1965, that is so obsolete that very few people use it any more. It is hopelessly antiquated, easy to hack, and lousy to program in -- and that's the language that the Diebold people chose. We're talking here about incompetence of monumental proportions. Hell, we could probably give this as an assignment to an undergraduate programmer class and get a more secure program. (Even WITH the U of Wash example!)

Again, if you read some of the material on security of voting systems, you'll see that most of the arguments are about HOW to secure the systems, not WHETHER they can be secured. And certainly when we compare the tenor of these discussions with the Mickey-Mouse programming we see in current voting machines, we can see why we have done so poorly.

The fact that voting machines these days are built by incompetent fools does not mean that reliable computer voting systems can't be built. We just need to put some talent to the problem.

KCinDC asks, "Erasmussimo, what long-established audit trails are you talking about in which the original inputs are kept secret from the people who perform the audits?" Those are called recounts. You go back through the records to see if they match up. You can do it with paper trails (as you would have in the kind of voting machine that computer scientists have been urging for years) or you can do with encrypted audit trails. That is, the same data that includes the final results also includes all the original data so that it can be checked against the final results. This is not rocket science.

KCinDC next observes that the use of computers would reduce the number of people capable of guarding the integrity of the process. That's not true. Yes, the number of people who could actually crack open the disk drive and verify that the contents are correct is very low. But you guard against this not by examining the disk drive but by insuring that nobody else gets access to the disk drive. You put the disk drive in a locked box, and then you must guard only the key to the lock -- and you don't need a PhD in computer science to understand how to insure that the key doesn't get into the wrong hands. You do the same thing with all the other potentially vulnerable parts of the process: translate the security requirement into something that can be executed at a simpler level. It's not that hard to do.

Next, KCinDC warns that a computer system can go haywire and ruin the election. Yep, it sure can. Did you know that the Space Shuttle is controlled by computer systems? The Space Shuttle doesn't fly very often, either, but it works -- and neither catastrophic failure was in any way connected to the computer system. Did you know that all new aircraft are controlled primarily by computer systems? The pilot just pushes buttons and turns dials; the computer actually makes things happen. And yet, airplanes aren't falling out of the skies. Did you know that every car made in this country in the last 15 years has tons of computer control? Could you imagine what would happen if the ignition suddenly died, or the injectors got the wrong mixture, or any of a hundred other computer glitches arose? Why, the highways would be littered with dead! And, yes, sometimes those glitches do arise -- but they're rare enough that the body count is still pretty low.

Yes, computers are fallible. Yes, computers go down. I can understand how people who use Microsoft software can be so skeptical of the reliability of computer systems. But Microsoft isn't the best software maker in the world -- just the biggest. If you want to see good software in action, try some of the other applications, such as cell phones -- or even Macs! ;-)

KCinDC: In other words, if the bank says I need two forms of ID to open an account, I don't assume that one of them is stating my name and address.

Voting is not opening and account, registration is.

When you write a check and mail it in you don't present additional id but the check is still good if your signature is valid.

Registered voters have already established an account.

erasmussino:

Let me put it to you this way: To steal an election using paper ballots, I have to either dispose of a VERY large number of paper ballots, or manufacture a very large number. (Or rig individual machines). I have to do this in precinct after precinct, in which partisan poll-watchers are eager to spot discrepencies -- and because it ends in pieces of paper, they can easily do so -- especially opti-scan ballots.

Each machine I rig, each box I stuff, each ballot I steal increases my chance of being caught. To steal a state-wide election is so close to impossible as to be dismissable. There's simply no way a party or conspiracy can get that sort of control over that many physical ballots and machines.

With electronic voting, the process is entirely different. I don't need access to countless machines. I just need access to one -- the central server. I can hack the vote months before it occurs. I can hack it in real time. I can make it smart enough to hack itself in ways that are totally believable.

And even if someone figures out the votes were tampered with -- I can make sure there's no way to tell what exactly happened. And there's no way to catch me, if I'm even marginally clever.

"But what is the 'credible evidence' now that you have removed identification?"

I've never said voters shouldn't identify themselves, Sebastian, and have specifically said otherwise, as well as having discussed the non-obscure practice we have of having voting rolls and voter registration.

In other words, we commonly require people to identify themselves. And we check it against the records, as a rule (with variant practices, such as provisional ballots for special situations, and so on, making complete descriptions a bit more complicated).

So what's your beef? Since when is requiring even a hint of a clue of evidence of a crime, before presuming a crime, been a problem in America? Has at least filing some affidavits claiming witnessing fraud been eliminated from our justice system?

We've had lots of voting fraud in the past, in various cities and places, using these methods of voter registration rolls, and, you know, lotsa practice -- but mostly the will to eliminate voter fraud -- has taught us how to deal with it, and it's been mostly eliminated in recent decades.

I'm sorry, but "the fact that I have no evidence only proves how successful the conspiracy is!" isn't acceptable reasoning.

What sort of voter fraud do you specifically allege is going on, and where?

Have people been showing up to vote, and told they already voted? Where?

Have we had widespread cases of hundreds of people not entitled to vote being bused in somewhere to fraudulently vote?

I mean, what's even the allegation here?

"To me, such language ('some form of ID', 'acceptable forms of ID') is not something I'd use to refer to the process of being asked my name."

And signature. Is there anywhere in the country where (handicapped voters aside), one isn't required to provide a signature before voting?

The comments to this entry are closed.