Avi Rubin

The e-voting critic talks about the inherent weakness of software, the critical need for audit trails and the 'perfect storm' of the 2000 election.

For more than a decade, Avi Rubin has been a vocal critic of e-voting systems across the nation. In 2006, he wrote Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting, which heavily criticized e-voting machines for security and reliability shortcomings.

How do you think e-voting went this primary election season? You can run an election and say that it appears to have gone fine, but we don't really know.

E-voting advocates and vendors say that security concerns are the stuff of conspiracy theorists. I would ask those people if they would be willing to allow their bank accounts to be unauditable. And if they would give up on getting any confirmation of their ATM transactions.

We need to have a system [we can] audit to be sure that the machines got the right result. People who have a lot of experience with computers and security know that it's not always a good idea to trust the machines.

Are there systems today that you would be comfortable with? Definitely. I've seen designs of voting systems that I'd be happy with. I don't think anything is totally secure. Ultimately, I think the goal is to do the best we can.

What needs to be done differently? The National Institute of Standards and Technology identified what I think is a breakthrough property in an e-voting machine, which is the idea of making it software-independent. That means a software failure does not have any possible impact on the accuracy and integrity of the election.

How would that work? Voters use a touch screen to make their selections, and the machine prints a paper ballot that has all the choices that they made. If the software on that system fails, they wouldn't get a printed ballot that they could approve. The voter then takes the printed ballot and puts it into a scanner. The scanner tallies the ballots.

After the election, you pick a bunch of scanners randomly and audit them. You compare the totals. In any stage of the process, a flaw in the software will prevent you from proceeding.

Now compare that to an existing direct recording electronic touch-screen machine. The voter comes in and marks his or her choices, and they are stored on a magnetic card on the inside of the machine, and at the end of the day, the voting officials get the card, and it has all the tallies.

Any flaw in the software could potentially change all the tallies or record the votes incorrectly, and there would be no checks against that because there is no paper record of the actual choices made by the voters.

Based on your concerns, can we be sure that the right people won this year's primaries? I don't doubt that the right people won. I use several factors for that. One is that we seem to be getting the results that are indicated by all the polls. If [Dennis] Kucinich won the Democratic primary race, then I would say something went wrong.

But isn't using paper ballots again, even as just a backup, going backward? No. You don't need to audit that large a sample to get confidence about the whole result, as long as you sample randomly.

Is this something we can do now? We can do it now. The system that I described has achieved software independence. It's like you have a high wire and you put a net under it. You're using the high wire, but you're not relying on it for your security.

So IT should still play an important role in making our election system more secure and reliable in this country? Yes, I wouldn't want to try to build a voting system without technology. I think if you take a different philosophy toward building systems, where you say, "We're going to use software as much as we can, but we're not going to rely on it for security," you will actually design a pretty good voting system.

Do you recommend that any changes be made now, before the November elections? You don't want to start changing your voting systems [now]. I think we can put audits and observation in place and gather statistics and do good exit polling. I think the odds of a disaster are actually higher if we try to switch voting systems now than if we just go with what we have.

So are we better now than we were in Florida in 2000, where the winner of the race eventually had to be determined by the U.S. Supreme Court? Much better. Most states have switched to paper records. That was the perfect storm of problems. They were using punch cards that were poorly designed. Every technology can be designed well or badly. And it can be used well or badly.

I think we also learned a lot about voting, and election officials have learned more about technology. So I think we are through the hardest part.

And now most states have switched to paper-based optical-scan systems? Right. There are only a few that are still all-electronic, including Tennessee and Maryland. But both have laws to switch in 2010.

So maybe we aren't that far away from making the system safer and more secure. Yeah, I'm much more optimistic than I was a few years ago.

Do you have advice for Americans to help make their elections more secure and reliable? I would say get involved. Become an election worker. I've found it to be extremely satisfying. I've been doing it since 2004. The best way to ensure that whatever system we do have is properly used and properly audited is to be part of that.

This version of the story originally appeared in Computerworld's print edition.

Got something to add? Let us know in the article comments.

Copyright © 2008 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon