Opinion: New Ga. voting machines aren’t any more secure

Event participants check out Dominion Voting Systems’ electronic voting system last January. HYOSUB SHIN / HSHIN@AJC.COM

Event participants check out Dominion Voting Systems’ electronic voting system last January. HYOSUB SHIN / HSHIN@AJC.COM

On August 15, U.S. District Court Judge Amy Totenberg banned Georgia’s current untrustworthy touchscreen voting machines from public elections after 2019. This ruling came on the heels of Secretary of State Brad Raffensperger’s announced intent to purchase a new kind of voting machine, called Ballot Marking Devices (BMDs). Totenberg’s order should make it clear to all that we will not be able to trust our next electronic voting system any more than our current one.

Section III(e) of Judge Totenberg’s 153-page order is entitled “The Past is Prologue,” an apt description of why neither the current nor the planned systems should be trusted. Despite years of denial by a succession of state officials, there is a mountain of evidence that Georgia’s current system is not secure. Election officials have engaged in a decade-long campaign of misleading the public about their ability to manage computerized voting systems safely. The judge calls it “inconsistent candor.” That is another way of saying that election officials and their legislative enablers have not been truthful. These are the same officials who now ask for the public to trust them to build a new, more secure, voting system.

How have our election officials managed to avoid the kind of critical public scrutiny that has led other states to decertify vulnerable systems? Rather than address the flaws in Georgia’s voting machines directly, they painted the critics as uninformed “activists.” That was the central lie laid bare in federal court. Among those critics were the top cybersecurity experts in the world, not uninformed rock-throwers. The experts and activists were right all along.

History is poised to repeat itself. There is a growing consensus among experts that the BMDs slated to replace the current system have all the cyber vulnerabilities of the old system plus some appalling new wrinkles like forcing voters to cast bar-coded ballots that are unreadable by human beings. The lone cybersecurity expert on the governor’s own election security task force strongly urged the legislature to reject BMDs. Experts from the U.S. National Academy of Science (NAS), Verified Voting Foundation, the National Election Defense Coalition, Freedom Works, Common Cause, and many others, agreed and wrote letters urging rejection of BMDs. Conservative Republicans like national security expert Tony Shaffer joined Libertarians, Democrats, and Independents in condemning the use of BMDs.

I recently published results of a collaboration with University of California professor Philip Stark (the nation’s top expert on election auditing) and Princeton University professor Andrew Appel (an author of the NAS report) entitled “Ballot Marking Devices (BMDs) Cannot Assure the Will of Voter.”

This report identifies the essential security flaw of all commercial BMDs, including the system slated for use in Georgia. The security of a BMD rests on the ability of a voter to verify that choices made on the touchscreen match the printed ballot that is scanned and counted. Verification is nearly impossible for average voters. Unreadable bar codes are one of the barriers, but there are many others ranging from voter fatigue and inattention to fundamental cognitive limitations of human memory. As a result, few voters will notice and promptly report marking errors. Furthermore. even if a voter discovers an error, there is no action that can be taken to correct it. A hacked BMD could cheat undetectably by casting an unverified ballot.

In their haste to spend taxpayer dollars on a risky new system, officials once again are trying to marginalize and ridicule the experts.

The experts mentioned above recommend hand-marked paper ballots, scanned and checked by statistical audits to detect cheating and malfunctions. Hand marking eliminates BMD vulnerabilities and introduces no new ones. Officials claim that hand marking is error-prone, but scientific studies show otherwise. Unlike machine marking, hand marking is not some risky experiment. It is the way most U.S. elections are conducted. No voting method is 100% safe, but hand-marked paper ballots are the safest method known.

Cherry-picking soundbites and obfuscating scientific debate do not serve Georgia’s voters. I urge Secretary Raffensperger to use the judge’s order as an opportunity to abandon expensive, insecure BMDs, except as assistive devices for disabled voters. The court ordered a pilot for hand-marked paper ballots, the most secure and transparent voting method. The Secretary should seize that opportunity so Georgians can join the 70% of all Americans who cast their ballots in a secure and auditable manner by hand-marking their votes on paper ballots.

Richard DeMillo is the Charlotte B. and Roger C. Warren Professor of Computing, former dean of the College of Computing and Director of the Center for Information Security Research at Georgia Tech. He was previously Chief Technology Officer at Hewlett-Packard.