Last week's Republican primary in South Carolina was the latest in a long string of elections these past seven years which have been plagued by trouble with computerized voting machines. In fact, in at least two counties in SC, hundreds of people may have been turned away from the polls because machines would not boot-up and not enough paper "emergency" ballots were available. Can someone please remind me again why we wanted computerized voting in the first place? Or, rather, who it was who decided that, in order to "fix" our voting system after the 2000 Florida debacle, computers were the answer?
Because I'll tell you who it wasn't: it wasn't computer professionals.
By "computer professionals," I don't mean computer salesmen, or big corporations pushing their "revolutionary" computerized voting machines. I mean those of us individuals (myself included) who spend all day, every (working) day, developing the latest and greatest computing hardware and software across a wide range of fields from gaming to B2B. An informal poll of the folks I work with (and friends who work at other computing companies) gives anecdotal proof: while most of us are in love with technology, and spend a large amount of time on our computers at home, despite the fact we spend all day on them at work, and have homes filled with an amazing array of PCs, laptops, servers, gaming consoles and PDAs, no one I talked to thought it was a good idea to computerize voting, especially not using the model which Diebold and others have chosen: individual, non-networked PCs, mostly running Windows, which record votes to a hard drive or flash drive. For anyone who works in software or hardware, especially those of us who deal with recording and storing sensitive data, the reasons are simple:
- Ease of Use
Despite great advances in the past two decades in computer usability and the ease with which kids zip around the internet, computers are still notoriously hard to use, especially for people over a certain age (let us not forget, depending upon the survey, estimates place the percentage of the voting populace over 45 between 50% and 70%). Even many young people, who use their computers regularly, have initial trouble completing new or non-regular tasks on their computers, especially first-time tasks (typically, task-level success increases with three or more iterations in a short time period). Since voting is a one-time task (no do-overs) every year (or less frequently) for most of us, there is never an opportunity to become "familiar" with the task. What's more, because poll-workers tend to skew toward the older populations, they are less likely to be able to help a struggling voter with his or her problem (even if that voter decides to brave possible humiliation and ask for help).
Even those of us who love our computers, who are "power-users" and can no longer even imagine doing everyday tasks like making grocery lists or finding phone numbers without them (myself included), are frustrated with the plague of glitches, abnormalities and just plain unexplained bizarre behavior which on a near-daily basis force us to reboot our machines, or at least close down and restart the misbehaving tasks. Why should we believe that computers and software tasked with receiving and cataloging our votes, computers which sit idle most of the time and then, once or twice a year, are bombarded with a startling task volume, should be any different that the machines we have on our desktops, the machines we spend some two to ten percent of what would be productive time watching while they reboot? Point of fact: in most cases, these voting machines, despite customized enclosures, are for all intents and purposes the exact same machines we curse at every day, running the exact same operating systems.
A lot of people will say that we've been using computers (optical scanners, etc.) for years to count votes without worries about reliability -- why shouldn't we then use them to cast votes? The answer is simple: counting votes is an asynchronous task. That is, counting votes happens after the voting is complete, and, if there are problems, can be re-started, re-done and trouble-shot without significant impact to the outcome of that count (when it finally happens). Vote casting, on the other hand, is a synchronous activity. That is, it happens in real-time, not later: a voter must be able to complete his or her voting while in that booth. If a problem occurs, a machine fails, etc., it is very difficult to re-do or start over without significantly impacting that voter and every other voter waiting in line. Even worse, if a problem goes undetected while several people cast votes, the overall outcome of the election could be damaged irreparably. If you detect a problem in a vote count with, say, paper ballots, you can always re-count those ballots days or even weeks later. If you detect a problem with vote casting days or weeks later, you're simply screwed.
- Data Safety and Security
Those of us in industries where large amounts of critical data are collected and stored in order for our software to be effective (again, I count myself here) are hawks when it comes to data redundancy and back-ups. When data is input into our systems, it is imperative to us that we store it in redundant copies in its raw form, in a normalized form (if applicable), that we snapshot processes affected by that data along the way, and that we back that data up as soon as possible. Diebold, to its credit, has made a gesture toward this by using RAID arrays in some of its machines, increasing data reliability through redundancy. But since these machines cannot be networked for fear of external attacks from hackers (or Cylons, one supposes), they cannot therefore back-up externally. This leaves a very real possibility that a single machine failure could result in the partial or complete loss of thousands of votes. In other industries, we spend millions of dollars securing the safety of our precious data. And, in most cases, what we are storing is not nearly as important as those votes.
Data safety issues, of course, go hand in hand with system security issues. While I won't dwell on the details, test after test conducted by security experts shows that, almost without exception, these machines are eminently hackable.
The last major problem I see with computerized voting is the one most often talked about in the media: the lack of a human-readable confirmation that a vote was recorded properly (and, by extension, the lack of a physical human-countable vote). A lot of time has been wasted trying to mandate that a print-out accompany every successfully cast vote, so a voter can confirm his or her vote was cast as he or she wished, and, during a dispute or a re-count, those physical receipts could be examined. However, unless those paper print-outs are the primary source of tallying, the print-out is a false fix. It seems like a good idea, one likely to placate folks who charge that a machine could be rigged to accept votes one way, but record them differently, especially people who don't deeply understand computers. But one has only to think a few steps beyond the superficial to realize that if a computer can be rigged to show one thing on a screen and yet, unbeknownst to the user, record another, it can also be rigged to show one thing on a print-out but still record another. A print-out is no more proof of the data inside a computer than the on-screen display. The only way to prove what data has been recorded is for a person or machine which understands the data schema to read that data directly from the disks (basically, counting the electronic votes). But by the time that is done, the voter is no longer there to confirm that they indeed voted as the machine recorded. And voting in this country is anonymous, so even if we wanted to confirm each vote during counting, logistics aside, we couldn't because we, by design, don't know who cast each vote.
In short, electronic voting can never be truly confirmed, even with print-outs, because the voter cannot actually read the data recorded at the source.
Of course, problems like those outlined above can be leveled at almost all of the voting mechanisms we employ in America today, paper as well as computerized. Punch-outs, ink-a-votes, etc., while producing a single, physical, countable vote, are subject to tampering, damage or loss, and are not human readable. We do need a better system that the one in Florida (and elsewhere) which may have set these last devastating seven years in motion. We need a simple, unified, physical, human-readable, human-countable ballot. We can use our robust technological and functional know-how to create it. As an interaction designer, I believe that, frankly, it won't even be that hard. We just have to decided to do it.
But computerized voting is not the answer. Almost any geek will tell you: it's just not safe or reliable and,well into the foreseeable future anyway, it will not be.