Pages

Friday, June 24, 2022

It's time to rethink computer voting


Wyofile’s Maggie Mullen recently reported that, “all four candidates [for secretary of state] have made election integrity their No. 1 priority.” That is welcome news to Wyoming voters. One does not need reckless allegations of wrongdoing to have legitimate concerns about Wyoming’s voting law.

The 2000 presidential election traumatized American voters by opening the possibility that the highest office in the land might be decided by judges rather than voters. The danger to the American republic was obvious enough that congress overwhelmingly passed legislation called the “Help America Vote Act.” This act ushered in the age of computerized elections.

At the time, it seemed like a reasonable response. The world was enamored with the speed and accuracy of computer technology. Harnessing all that power to assist in the voting process seemed like a no-brainer. But that was two decades ago. The internet was barely a decade old, and smart phones not yet invented


Election activities that used to take seconds and could be observed with the naked eye now happen at the speed of light, in the unobservable recesses of a metal box. Meaningful observation is impossible. Security that could once be insured by locking a door or sealing a box now requires highly specialized knowledge of machine language and wireless technology. The years have seen an exponential rise in the sophistication of hacking. Even the thumb drives used to update software and transfer votes are capable of infecting a machine with hidden and malicious code.

County clerks and secretaries of state cannot be expected to be experts in cybersecurity. Therefore, to assist them, the Election Assistance Commission (EAC) outsourced the creation of Voluntary Voting System Guidelines (VVSGs) to the Technical Guidelines Development Committee (TGDC), chaired by the director of the National Institute of Standards and Technology (NIST).

This dizzying array of acronyms produce an evolving set of guidelines that require highly-skilled technicians. Elected officials are unable to examine the hardware and software of our computerized election machines, not only due to lack of expertise but because every contract between voting machine manufacturers and the states that lease them forbids state officials from personally performing the inspection (Wyoming Contract, Section 13.B, pp. 7-8).

Instead, the EAC has certified two Voter System Test Laboratories (VSTLs) to do the inspection. These VSTLs are selected and paid by the machine manufacturers to tell the states whether or not the hardware and software meet VVSG standards. You read that right. Wyoming voters are absolutely dependent on the expertise and integrity of third-party technicians paid by Election Systems & Software (ES&S) to certify its machines.

Wyoming signed a contract with ES&S in March 2020 which included three attachments. “Attachment B-Statement of Work,” which presumably details the “who, when, and where” of the VSTL certification, is deemed “confidential” and withheld from a public records request. 

Thus, Wyoming voters are required to trust that the certification contract between ES&S and an anonymous VSTL is on the up-and-up (Section 8, p. 5). Not only so, but the details of that contract are considered “trade secrets and confidential commercial data.” This lack of transparency requires an inordinate amount of trust from Wyoming’s voters.


Wyoming’s contract with ES&S also stipulates (Section 13.E, pp. 8-9) that it retains full rights to update the machine software—apparently even after the VSTL certification. However this updating is done, it calls for a recertification of the machines; but this is not provided for. As the Cybersecurity and Infrastructure Security Agency (CISA) recently admitted, a thumb drive infected with malicious software can change the machine code merely by being plugged into the machine.

The confidence of Wyoming voters in the integrity of our voting machines depends upon the faithful performance of duty of a great many persons unknown and unaccountable to them. This is a far cry from the simplicity of the method mandated by our Constitution (Art. 1, Sec. 27, and Art. 6, Sec. 11). This is not illegal. But neither is it right. It is high time to reconsider our unwarranted faith in the supposedly neutral and efficient computer. 

None of this is an indictment of Wyoming’s election officials. They are doing their best to implement laws that were hastily written in the aftermath of the 2000 election. The passage of time has revealed that the laws, themselves, are flawed. 

If election law permitted a stack of ballots to be left unguarded on the side of the road, voters would rightly be upset. County clerks and secretaries of state would be the first to call for a law to tighten security. And the legislature would pass such bills unanimously. Nobody would require prior proof that the sloppy practice actually changed vote totals.

In exactly the same way, Wyoming’s electronic voting system has insecurities that leave it vulnerable to outside interference. The legislature can address the vulnerabilities without waiting for proof that they have been exploited. Tens of thousands of Wyoming voters are eager for the secretary of state to lead the way.

No comments:

Post a Comment