The myth around electronic voting machines
As others have learnt the hard way, flashy high-tech machines don't necessarily substitute for election integrity
Those who cast the votes decide nothing. Those who count the votes decide everything. — Joseph Stalin
The ongoing election rigging scandal has sparked a conversation on the merits of using electronic voting machines (EVMs). The Election Commission of Pakistan (ECP) announced in October last year that it was considering a switch to EVMs for the next general elections. There was a brief flurry of interest. PTI Chairman Imran Khan is also on board. The rationale is that these machines will fix the glaring security defects in our electoral system and prevent a repeat of the 2013 general elections fiasco. EVMs automate the election process, considerably reducing the role of the administrative human element. They prevent individual voters from casting multiple votes, they do not rely on returning and presiding officers to tally election results, and they cannot be subverted by printing truckloads of fake ballot papers. EVMs are receiving considerable attention nowadays in the developing world: Namibia recently won accolades for becoming the first African nation to successfully implement an electronic voting system. Brazil, Paraguay, Panama, Venezuela and Mexico have all begun experimenting with EVMs. Closer to home, India has been using EVMs since 1999 and the Indian election commission personnel swear by their ‘infallible’ voting system. The enthusiasm has also infected Bangladesh, and a team of MPs recently visited India to look at the system.
Unfortunately, there is a pronounced disconnect between the shiny image of EVMs ushering in a new era of democratic progress and the cold hard facts on the ground. EVMs have been subjected to intense scrutiny in the last 15 years and the unanimous verdict in the engineering and research community is that their reliability and security is abysmal. Not average, not poor, but downright abysmal. For one, EVMs malfunction in unpredictable ways during polls. Machines have been known to flip votes, double them, subtract them, and misreport tallies for no apparent reason. A video from the 2012 US presidential election, which went viral, shows a voting machine automatically switching votes cast for Barack Obama to Mitt Romney. In the Congressional race in late 2014, some machines in Maryland assigned Republican votes to the Democrats. Voters reported machines making it difficult to cast votes for Republicans — it took several tries for the machine to recognise the vote. The same thing has been observed in machines in several states, including North Carolina, Illinois County, Arkansas and Tennessee. In one US county election, a malfunction ignored over 5,000 cast votes — roughly one-third of the total votes cast in the election. Inexplicable vote-flipping has also been observed in machines in India. There are countless such examples. And, while there are no reliable accounts of these malfunctions decisively affecting large-scale elections, there are several instances where they have altered the final outcome of small-scale elections.
The security aspect is not infallible either. There is a consensus on this position backed by mountains of research. And the problem is not simply that securing EVMs is hard. Academics and security professionals have routinely discovered, with much dismay and frustration, that the people who build and operate these machines seem to lack even basic security sensibility. The design vulnerabilities are legion and reflect a poor understanding of cryptography and security practices, which would be considered far below acceptable standards in any other application. The HBO documentary, “Hacking Democracy”, gives practical examples: for instance, voting machines store totals in a Microsoft Access database which can be easily edited by unauthorised parties. The film (nominated for an Emmy Award) also showcases the ‘Hursti Hack’, named after the Finnish computer security expert, Harri Hursti, who demonstrates that voting totals on machines can be undetectably forged by anyone simply by inserting a doctored memory card into the machine. And hacking these machines is not necessarily a specialist art. In 2012, the Popular Science magazine published a tutorial on how to go about this with just a basic knowledge of electronics and $30 worth of tools.
These facts are in line with the ECP’s own investigation on EVMs. In November, the ECP’s Director-General of Information Technology, Khizr Aziz, informed the parliamentary committee on electoral reform that EVMs are actually more susceptible to fraud than our current voting system. And in a large-scale election employing thousands of EVMs, dispersed all over the country, there is no credible way to guarantee that none of them will be tampered with.
In a country like Pakistan where corruption and incompetence seem to be the norm, the potential for disaster and outright fraud is immense. An illuminating worst-case scenario may perhaps be that of the Honduras: in 2009, President Zelaya scheduled a referendum for June 28 in support of amending the Constitution. However, Zelaya was toppled by a military coup and the planned referendum was never conducted. When observers later examined the computers that would have been used to tally the results of the referendum (which never happened), they found the system already fully populated with cast ballots. The referendum had already been conducted under cover of night, and, unsurprisingly, an overwhelming majority of the votes were in support of the then government’s position.
Paper-based voting systems, on the other hand, like the one we have, are currently the gold standard in terms of election security. In fact, researchers explicitly acknowledge that the ultimate aim of any electronic voting system would be to provide security guarantees comparable to that of paper-based systems. A paper ballot is hard tangible evidence of voting intent, whereas with EVMs a hard drive crash can lose votes forever, and the operator of the machine, if he is slightly tech-savvy, can add thousands of fake votes to the tally just by pressing a few buttons.
For this reason, even as countries like Namibia, Bangladesh, Kenya and India embrace EVMs, the US, Norway, Netherlands, France, Germany, Canada, Ireland and others, are phasing them out and returning to paper. Democracy Reporting International, a Berlin-based NGO, highlighted this contradiction in a briefing paper in 2011 addressing electoral reform in Pakistan: in countries like ours, there is a dangerous tendency to think of EVMs as ‘silver bullets’ which will magically fix all our electoral problems. Instead of diverting enormous chunks of money to procure these machines, what we should be focusing on are the fundamental systemic problems of voter coercion, vote buying and insider tampering — which, of course, these machines do not defend against.
As other countries have learnt the hard and expensive way, flashy high-tech machines do not necessarily substitute for election integrity. What is desperately needed right now is a security culture, one in which processes are transparent, there is strict accountability, and personnel who breach protocol are punished with the full force of the law. This is, of course, very hard work in a country like ours. But nothing short of this will work.
Published in The Express Tribune, April 25th, 2015.
The ongoing election rigging scandal has sparked a conversation on the merits of using electronic voting machines (EVMs). The Election Commission of Pakistan (ECP) announced in October last year that it was considering a switch to EVMs for the next general elections. There was a brief flurry of interest. PTI Chairman Imran Khan is also on board. The rationale is that these machines will fix the glaring security defects in our electoral system and prevent a repeat of the 2013 general elections fiasco. EVMs automate the election process, considerably reducing the role of the administrative human element. They prevent individual voters from casting multiple votes, they do not rely on returning and presiding officers to tally election results, and they cannot be subverted by printing truckloads of fake ballot papers. EVMs are receiving considerable attention nowadays in the developing world: Namibia recently won accolades for becoming the first African nation to successfully implement an electronic voting system. Brazil, Paraguay, Panama, Venezuela and Mexico have all begun experimenting with EVMs. Closer to home, India has been using EVMs since 1999 and the Indian election commission personnel swear by their ‘infallible’ voting system. The enthusiasm has also infected Bangladesh, and a team of MPs recently visited India to look at the system.
Unfortunately, there is a pronounced disconnect between the shiny image of EVMs ushering in a new era of democratic progress and the cold hard facts on the ground. EVMs have been subjected to intense scrutiny in the last 15 years and the unanimous verdict in the engineering and research community is that their reliability and security is abysmal. Not average, not poor, but downright abysmal. For one, EVMs malfunction in unpredictable ways during polls. Machines have been known to flip votes, double them, subtract them, and misreport tallies for no apparent reason. A video from the 2012 US presidential election, which went viral, shows a voting machine automatically switching votes cast for Barack Obama to Mitt Romney. In the Congressional race in late 2014, some machines in Maryland assigned Republican votes to the Democrats. Voters reported machines making it difficult to cast votes for Republicans — it took several tries for the machine to recognise the vote. The same thing has been observed in machines in several states, including North Carolina, Illinois County, Arkansas and Tennessee. In one US county election, a malfunction ignored over 5,000 cast votes — roughly one-third of the total votes cast in the election. Inexplicable vote-flipping has also been observed in machines in India. There are countless such examples. And, while there are no reliable accounts of these malfunctions decisively affecting large-scale elections, there are several instances where they have altered the final outcome of small-scale elections.
The security aspect is not infallible either. There is a consensus on this position backed by mountains of research. And the problem is not simply that securing EVMs is hard. Academics and security professionals have routinely discovered, with much dismay and frustration, that the people who build and operate these machines seem to lack even basic security sensibility. The design vulnerabilities are legion and reflect a poor understanding of cryptography and security practices, which would be considered far below acceptable standards in any other application. The HBO documentary, “Hacking Democracy”, gives practical examples: for instance, voting machines store totals in a Microsoft Access database which can be easily edited by unauthorised parties. The film (nominated for an Emmy Award) also showcases the ‘Hursti Hack’, named after the Finnish computer security expert, Harri Hursti, who demonstrates that voting totals on machines can be undetectably forged by anyone simply by inserting a doctored memory card into the machine. And hacking these machines is not necessarily a specialist art. In 2012, the Popular Science magazine published a tutorial on how to go about this with just a basic knowledge of electronics and $30 worth of tools.
These facts are in line with the ECP’s own investigation on EVMs. In November, the ECP’s Director-General of Information Technology, Khizr Aziz, informed the parliamentary committee on electoral reform that EVMs are actually more susceptible to fraud than our current voting system. And in a large-scale election employing thousands of EVMs, dispersed all over the country, there is no credible way to guarantee that none of them will be tampered with.
In a country like Pakistan where corruption and incompetence seem to be the norm, the potential for disaster and outright fraud is immense. An illuminating worst-case scenario may perhaps be that of the Honduras: in 2009, President Zelaya scheduled a referendum for June 28 in support of amending the Constitution. However, Zelaya was toppled by a military coup and the planned referendum was never conducted. When observers later examined the computers that would have been used to tally the results of the referendum (which never happened), they found the system already fully populated with cast ballots. The referendum had already been conducted under cover of night, and, unsurprisingly, an overwhelming majority of the votes were in support of the then government’s position.
Paper-based voting systems, on the other hand, like the one we have, are currently the gold standard in terms of election security. In fact, researchers explicitly acknowledge that the ultimate aim of any electronic voting system would be to provide security guarantees comparable to that of paper-based systems. A paper ballot is hard tangible evidence of voting intent, whereas with EVMs a hard drive crash can lose votes forever, and the operator of the machine, if he is slightly tech-savvy, can add thousands of fake votes to the tally just by pressing a few buttons.
For this reason, even as countries like Namibia, Bangladesh, Kenya and India embrace EVMs, the US, Norway, Netherlands, France, Germany, Canada, Ireland and others, are phasing them out and returning to paper. Democracy Reporting International, a Berlin-based NGO, highlighted this contradiction in a briefing paper in 2011 addressing electoral reform in Pakistan: in countries like ours, there is a dangerous tendency to think of EVMs as ‘silver bullets’ which will magically fix all our electoral problems. Instead of diverting enormous chunks of money to procure these machines, what we should be focusing on are the fundamental systemic problems of voter coercion, vote buying and insider tampering — which, of course, these machines do not defend against.
As other countries have learnt the hard and expensive way, flashy high-tech machines do not necessarily substitute for election integrity. What is desperately needed right now is a security culture, one in which processes are transparent, there is strict accountability, and personnel who breach protocol are punished with the full force of the law. This is, of course, very hard work in a country like ours. But nothing short of this will work.
Published in The Express Tribune, April 25th, 2015.