Europe Rejects Digital Voting Machines

When Ireland embarked on an ambitious e-voting scheme in 2006 that would dispense with "stupid old pencils," as then–prime minister Bertie Ahern put it, in favor of fancy touchscreen voting machines, it seemed that the nation was embracing its technological future. Three years and €51 million later, in April, the government scrapped the entire initiative. High costs were one concern—finishing the project would take another €28 million. But what doomed the effort was a lack of trust: the electorate just didn't like that the machines would record their votes as mere electronic blips, with no tangible record.

One doesn't have to be a conspiracy theorist or a Luddite to understand the fallibility of electronic voting machines. As most PC users by now know, computers have bugs, and can be hacked. We take on this security risk in banking, shopping and e-mailing, but the ballot box must be perfectly sealed. At least that's what European voters seem to be saying. Electronic voting machines do not meet this standard.

A backlash against e-voting is brewing all over the continent. After almost two years of deliberations, Germany's Supreme Court ruled in March that e-voting was unconstitutional because the average citizen could not be expected to understand the exact steps involved in the recording and tallying of votes. Political scientist Joachim Wiesner and his son Ulrich, a physicist, filed the initial lawsuit and have been instrumental in raising public awareness of the insecurity of electronic voting. In an interview with the German magazine Der Spiegel, the younger Wiesner said, with some justification, that the Dutch Nedap machines used in Germany are even less secure than mobile phones. The Dutch public-interest group Wij Vertrouwen Stemcomputers Niet (We Do Not Trust Voting Machines) produced a video showing how quickly the Nedap machines could be hacked without voters or election officials being aware (the answer: five minutes). After the clip was broadcast on national television in October 2006, the Netherlands banned all electronic voting machines.

Numerous electronic-voting inconsistencies in developing countries, where governments are often all too eager to manipulate votes, have only added to the controversy. After Hugo Chávez won the 2004 election in Venezuela, it came out that the government owned 28 percent of Bizta, the company that manufactured the voting machines. Similarly, the 2004 elections in India were notorious for gangs stuffing electronic ballot boxes in villages.

Why are the machines so vulnerable? Each step in the life cycle of a voting machine—from the time it is developed and installed to when the votes are recorded and the data transferred to a central repository for tallying—involves different people gaining access to the machines, often installing new software. It wouldn't be hard for, say, an election official to plant a "Trojan" program on one or many voting machines that would ensure one outcome or another, even before voters arrived at the stations. It would be just as easy to compromise the privacy of voters, identifying who voted for whom.

One way to reduce the risk of fraud is to have machines print a paper record of each vote, which voters could then deposit into a conventional ballot box. While this procedure would ensure that each vote can be verified, using paper ballots defeats the purpose of electronic voting in the first place. Using two machines produced by different manufacturers would decrease the risk of a security compromise, but wouldn't eliminate it.

A better way is to expose the software behind electronic voting machines to public scrutiny. The root problem of popular electronic machines is that the computer programs that run them are usually closely held trade secrets. (It doesn't help that the software often runs on the Microsoft Windows operating system, which is not the world's most secure.) Having the software closely examined and tested by experts not affiliated with the company would make it easier to close technical loopholes that hackers can exploit. Experience with Web servers has shown that opening software to public scrutiny can uncover potential security breaches.

The electronic-voting industry argues that openness would hurt the competitive position of the current market leaders. A report released by the Election Technology Council, a U.S. trade association, in April says that disclosing information on known vulnerabilities might help would-be attackers more than those who would defend against such attacks. Some computer scientists have proposed that computer code be disclosed only to a limited group of certified experts. Making such disclosure mandatory for all electronic voting machines would be a good first step for the Obama administration, consistent with his talk about openness in government.

He'd better hurry, though, before a wave of populism kills electronic voting. State and local governments across the United States, much like European governments, are getting increasingly impatient with e-voting. Riverside County in California is considering asking voters to choose between e-voting and paper ballots in a referendum. Voters would be justified in dispensing with e-voting altogether. At the moment, there's very little to like about it.