OSET Institute

View Original

Kentucky: Election Fraud and E-voting

Several election officials in Clay County, Kentucky, have been arrested and indicted on Federal charges for alleged activities that many would refer to as "election fraud" but also come under the heading of conspiracy and racketeering. If  true, it is a very unpleasant story, and one that illustrates the real (though apparently rare) risks of elections being tampered with by insiders. You can never eliminate insider threat, though you can make it harder by arranging election processes so that a larger number of people have to conspire together and keep secrets indefinitely.

But aside from being a good cautionary tale, some of the reporting is a bit misleading in that it's implied that voting machines were being hacked or exploited to perpetrate the election fraud. That's not quite true, and the difference, though subtle, is extremely important to understanding how election technology does not change the possibilities for election fraud. Techdirt's story is more balanced than some, except that the title "Kentucky Election Officials Arrested For Changing Votes On E-Voting Machines" sounds a bit like some kind of technical abuse of the systems or software. Not so, as the article goes on to say that there was no hacking or security flaws involved.

So let me explain one part of what is alleged, but in a slightly different way. Election officials are reported to have tricked voters into believing that they were finished voting on the voting machines, and after the voter's left, the officials changes the voters/ votes. To do so, they used a very much intentional feature of the e-voting systems, of a particular type known as direct record (DRE) devices, that record vote data electronically rather than on paper ballots. DRE's all have a feature where the voter first indicates that they are finished making their selection, and then they must confirm in order to actually cast the ballot. That's important because people often "hit the wrong button" and nobody wanted to see poll workers telling voters that, too bad, you fat fingered it, and ballot is cast, nothing we can do about it. So in some sense it is a good feature to prevent people from making unrecoverable errors; however, it is a shame that the user interface makes people think that after that have hit the "cast ballot" button, they have actually cast their ballot, when in fact they can still change their mind and go back and make changes to their e-ballot selections.

Part of the alleged crimes are that election officials told people that they were done after indicating "cast ballot," so that people left without confirming;l then, their ballots were changed before being cast and confirmed. That's not hacking, that's not tampering, that's just plain lying, and letting the actual voting system do its job correctly. It's not much different than lying to people about the box they are putting their paper ballot in, when in fact that box will be swapped for a pre-fab box en route to the county election office. Now, you may think that the double-confirm is a bad idea; or that it's a bad idea to use DREs at all because they require the double-confirm in order to prevent voter shoot-self-in-foot. But regardless, this was a simple case of lying to voters on an individual basis, and altering ballots one by one -- very traditional in U.S. election fraud history, and not changed by the use of electronic voting.

Now let me tell you why I am nearly sure that no technical abuse occurred. It turns out that the voting system in question also has some administrative features that are very helpful for insider election fraud -- the ability (the intentional ability built as a feature by the vendor!) to modify vote totals from voting machines (including DREs but also op-scan systems and others). If these folks in Kentucky wanted to use the technology to scale-up the fraud and automate it, they could have used that feature, never have acted suspiciously in polling places, and reduced the number of people involved in the election fraud activities. But my guess is that the alleged fraudsters are a bit technophobic and (perhaps rightfully) don't trust these election systems to work right! -- and preferred instead some tried and true old-fashioned low tech attacks on the naive use of new-fangled e-voting systems.

It would be a delicious irony, if it weren't such a shame that apparently many years of elections have been compromised.

-- EJS