Inside Risks 93 CACM 36, 11, November 1993, p. 122

Corrupted Polling

Rebecca Mercuri

Traditionally, the November off-year elections draw little attention, as only a handful of federal positions are filled. Voter turnouts of 30% or less are common in many municipalities. But these elections are far from insignificant, because local posts won in odd-numbered years frequently provide office-holders with the power to make procurements and appointments.  Through the grass-roots election process, Boards of Elections are staffed at city, county and state levels, and these Board members are currently the key decision-makers in the ongoing conversion from lever and manual voting systems to electronic ballot tabulation in the U.S.A.

As vast metropolises adopt computer ballot-counting methods (including punch-card, mark-sense and direct-entry systems), the question arises whether a national or local election can be "thrown" via internal or external manipulation of hardware, software and/or data. Proponents of electronic voting systems say sufficient controls are being exercised, such that attempts to subvert an election would be detectable. But speakers at a recent session on security and auditability of electronic vote-tabulation systems [1] pointed out that the Federal Election Commission has provided only voluntary voting system standards that may not be adequate to ensure election integrity. Numerous incidents of electronic voting difficulties have come to the attention of the press, although to date there have been no convictions for vote-fraud by computer.

One of the more interesting recent cases occurred during the March 23, 1993, city election in St. Petersburg, Florida. Two systems for ballot tabulation were being used on a trial basis. For an industrial precinct in which there were no registered voters, the vote summary showed 1,429 votes for the incumbent mayor (who incidentally won the election by 1,425 votes). Officials explained under oath that this precinct was used to merge regions counted by the two computer systems, but were unable to identify precisely how the 1,429 vote total was produced. Investigation by the Pinellas Circuit Court revealed sufficient procedural anomalies to authorize a costly manual recount, which certified the results. The Florida Business Council continues to look into this matter.

Equipment-related problems are a source of concern to Election Boards, especially when time-critical operations must be performed. The Columbus Dispatch reported (June 12, 1992) that 40 of the 758 electronic machines used in Franklin County's June primary required service on election day. Noted is the fact that only 13 of the County's 1500 older mechanical lever machines needed repair during the election. Of the defective electronic machines, 7 of the voter ballot cartridges were not able to be loaded into the tallying computers so those precincts' results had to be hand-keypunched; power boards in 10 of the machines had blown fuses; 18 had malfunctions with the paper tape on which the results were printed. Difficulties with the central software for merging the electronic and mechanical tallies created further delays in reporting results. Officials decided to withhold the final payment of $1.7M of their $3.82M contract until greater reliability is assured.

If Franklin County did not have enough trouble already, two electronic ballot tabulation vendors are presently contesting the contract award. MicroVote Corporation is suing the R.F. Shoup Corp., Franklin County, and others in U.S. District Court for the Southern District of Ohio, Columbus Division, for over $10M in damages, claiming conspiracy and fraud in the bidding process. This matter is, as yet, unresolved.

In another region of Ohio, in the same primary, the Cleveland Plain Dealer (June 11, 1992) reported that Kenneth J. Fisher, member of the Cuyahoga County Board of Elections, allowed an employee to feed a computer a precinct identification card that was not accompanied by that precinct's ballots, during the vote tabulation process. Apparently, the ballots cast in the Glenville region had been inadvertently misplaced, and at 1 A.M. the board members "were tired and wanted to go home" so the election official authorized the bogus procedure, despite the fact that doing so might have constituted a violation of state law. Subsequent inquiry did not lead to any indictments.

Technology alone does not eliminate the possibility of corruption and incompetence in elections; it merely changes the platform on which they may occur. The voters and the Election Boards who serve them must be made aware of the risks of adopting electronic vote-tallying systems, insisting that the checks and balances inherent to our democracy be maintained.

[1] Papers by Saltman, Mercuri, Neumann and Greenhalgh, Proc. 16th National Computer Security Conf., NIST/NCSC, Baltimore MD, Sep. 20-23, 1993. Inside Risks columns by Neumann (Nov. 1990) and Mercuri (Nov. 1992) give further background.

Rebecca Mercuri is a research fellow at the University of Pennsylvania, where she is completing her dissertation on Computational Acoustics in the Computer and Information Science Department. She frequently testifies as an expert witness on computer security and voting systems. Email : mercuri@gradient.cis.upenn.edu.