"The first principle of republicanism is that the lex majoris partis is the fundamental law of every society of individuals of equal rights; to consider the will of the society enounced by the majority of a single vote as sacred as if unanimous is the first of all lessons in importance, yet the last which is thoroughly learnt." Thomas Jefferson to Alexander von Humboldt, 1817
- House Passes Election Security and Paper Ballot Bill: The House of Representatives has passed the SAFE Act, an election security bill establishing cybersecurity safeguards for election equipment, prohibiting wireless modems in voting machines, and requiring paper ballots. The bill would also provide for grants to states that perform risk-limiting audits. EPIC, along with the U.S. Technology Policy Committee of the Association for Computing Machinery, recently filed comments to the Election Assistance Commission. The groups urged the Commission to ban internet-connected voting machinery, citing the risks to voting integrity and democratic institutions. "The EAC should ban the use of internet-connected voting machines and protect ballot secrecy," EPIC and USTPC said. EPIC has a long history of working to protect voter privacy and election integrity. (Jun. 28, 2019)
- EPIC Files Suit to Block Census Citizenship Question: EPIC has filed a lawsuit to block the addition of a citizenship question to the 2020 Census. EPIC charged that the Census Bureau failed to complete multiple Privacy Impact Assessments, as required by law. The Bureau abruptly added the citizenship question earlier this year but did not assess the privacy impact on census respondents, who are legally obligated to answer all questions. As EPIC's lawsuit reveals, the Bureau recently indicated—for the first time—that personal data provided to the Census Bureau could be used "for criminal law enforcement activities." The Bureau's admission raises new questions about whether citizenship information will be transmitted to the Department of Justice. EPIC has filed numerous successful lawsuits seeking to enforce federal agencies' obligation to publish Privacy Impact Assessments. Earlier this year, the Presidential Advisory Commission on Election Integrity was shut down after EPIC filed a lawsuit to block the collection of state voter data and challenging the Commission's failure to complete a Privacy Impact Assessment. (Nov. 20, 2018) More top news »
EPIC has a long history of working on voter privacy and vote integrity issues, which E-voting directly affects.
In April 2015, as the result of a Freedom of Information Act lawsuit, EPIC obtained a September 2011 report about online voting from the Department of Defense. The report, produced in response to EPIC's July 2014 FOIA request, summarizes a pilot test of e-voting system. The report recommends several changes, including accessibility and user interface, but does little to address privacy and security concerns except for recommending "visible security features" to "give users greater confidence in the privacy and security of their ballots." EPIC will continue to pursue the documents that have been withheld from the public about the risks of online voting.
In 2010, EPIC released an update to its "E-Deceptive Campaign Practices: Technology and Democracy 2.0" report, first published in 2008. The report reviewed the potential for abuse of Internet-based technology in the election context, and made recommendations on steps that should be taken by Election Administrators, voters, and those involved in Election Protection efforts. E-Deceptive campaigns are internet-based attempts to misdirect targeted voters regarding the voting process, and include false statements about poll place hours, election dates, voter identification rules, or voter eligibility requirements.
In 2009, EPIC recommended greater transparency on the standards development process to the Election Assistance Commission ("EAC"). The agency sought public comments on a draft of the agency's Voluntary Voting System Guidelines. In its comments, EPIC requested that the EAC follow President Obama's directive to all federal government agencies that they take affirmative steps to make their activities regarding standards development more transparent to the public, make ballot secrecy a critical component of federal voting technology standards, and maintain software independence in the next iteration of voting technology standards.
In 2008, EPIC submitted comments to the Election Assistance Commission on the proposed Voluntary Voting System Guidelines. EPIC proposed new guidance on privacy protection in the casting of ballots. EPIC also recommended more transparency for the privacy protections provided by federally certified voting systems.
Additionally, EPIC testified before the Election Assistance Commission on the 2007 Voting System Guidelines. EPIC urged the Commission to "offer clear and effective guidance to states on issues of functional capability, hardware, software, telecommunication, security, quality assurance, and configuration of voting systems."
The secrecy and the security of the vote are integral to America's voting system, and both are threatened by online voting. Cyber security experts at the National Institute of Standards and Technology have stated that "additional research and development is needed... before secure Internet voting will be feasible." In 2012, a top cybersecurity official at the Department of Homeland Security stated that "it's premature to deploy Internet voting in real elections at this time." Internet voting systems cannot be properly fully secured and create the possibility of undetectable alteration of ballots. Because of ballot secrecy, individual voters are unable to verify that their votes were properly cast. Online voting is thereby particularly susceptible to undetectable hacking and tampering.
Additionally, anonymity is a fundamental aspect of voting rights in the United States. Online voting, however, makes simultaneous audit ability and anonymity in the voting process extremely difficult to implement.
Finally, online voting requires the use of databases which are likely to include sensitive personal information, the security of which is untested and unclear.
The 2000 Election
The 2000 election brought the systemic problems in our nation's electoral process that had existed for decades to the attention of the mainstream media, a majority of voters, policy makers, and international observers. A confluence of the perfect political storm occurred when the margin of electoral votes between the top two candidates was only five votes. There were only two other states with more electoral votes than Florida, California with 54 and Texas with 32. Because of the narrow margin separating the candidates in the Florida 2000 Presidential Election, the winner of that electoral rich state would be declared the next President of the United States. The post-election battle for the White House began in Florida and eventually was decided by the United States Supreme Court. The impact of this Supreme Court decision changed the resource allocation of candidates in post 2000 elections to include the retaining of attorneys.
In 2000, the focus was on Florida, but the problems in that state were repeated in many others. That presidential year was like any other except for one fact-the deciding margin of victory was only 537 votes. This number is dwarfed by the number of voters disenfranchised according to the CalTech MIT Study "Voting: What Is What Could Be," which records that between 4 and 6 million votes were lost in the 2000 election.6 The study attributed the loss to problems with voter registration or polling place practices and problems with ballots. As a consequence, voters received a rude introduction to the reality of elections in the United States-not every vote cast was counted.
In reply to the crisis of the Presidential Election of 2000, the federal government attempted to clarify and codify voting rights in the United States for the 2004 election through the enactment and implementation of the Help America Vote Act (HAVA) Law. However, this law was in many ways too little too late. HAVA, for the first time in the nation's history, established a role for the federal government in public elections held to fill federal elected offices. The establishment of the U.S. Election Assistance Commission (EAC) in statute did not translate into expedited action on the part of policymakers to appoint the EAC leadership. The four Commissioners, two Democrats Gracia Hillman and Ray Martinez and two Republicans, DeForest B. Soaries and Paul DeGregorio who were selected to serve as the first EAC Commission were not sworn into office until December 12, 2003.
The EAC Commissioners received only $1.2 million in funding for Fiscal year 2004 and did not move into their own offices until April 1, 2004 seven months prior to the election. The new law included a directive to states to create statewide voter registration databases, identification, and new requirements for first time-registered voters. To accomplish these objectives the law provided over $3 billion in federal funds to be allocated to states under the guidance of the EAC. However, the EAC lacked the time and funding recourses necessary to ensure that the goals of election reform outlined in HAVA were accomplished. EAC's late start did not allow them the time that was necessary to develop federal standards that would guide the states in the use of the funds made available. In particular, the Technical Guidelines Development Committee (TGDC), a technical advisory body to the EAC charged with the development of voluntary standards for voting technology met for the first time on July 9, 2004.
Under HAVA, states retain control of the election process, but they must meet minimum standards set forth in HAVA. HAVA was generally popular among members of Congress, yet received some criticism because it required more stringent voter identification procedures. HAVA passed 92 to 2 in the Senate and 357 to 48 in the House with bi-partisan support. HAVA also required voters to provide either a state driver's license number or the last four digits of their Social Security Number (SSN) if they did not have driver's licenses.9 HAVA also required election officials to verify voters' identification with administrative agencies (i.e., comparing driver's licenses with local Departments of Motor Vehicles and SSNs with the Social Security Administration.) Dissenters feared that the new requirements would "raise hurdles to registration and voting by poor people and members of minority groups, especially Hispanics."
In particular, Senator Hillary Rodham Clinton remarked that HAVA "would probably 'repress voter participation' by recently naturalized American citizens, homeless people and millions of New Yorkers who have no driver's license." Supporters of the stricter identification requirements countered that the measures were important because "illegal votes dilute the value of legally cast votes." According to Senator Bond of Missouri, "If your vote is canceled by the vote of a dog or a dead person, it's as if you did not have a right to vote." While attempting to strengthen the integrity of the electoral process by requiring stronger voter identification requirements, HAVA did little to address the potential problems of skewed election outcomes if the electronic voting machines are faulty or rigged.
The transactions associated with voting unlike other exchanges in society, require privacy for individual voters and transparency of the overall voting system.19 The conundrum presented by paperless DRE voting technology further complicates this transaction of voter choice and privacy in a populous self-governing matrix of nearly 200 million potential participants by not producing a physical audit instrument that is verified by each voter at his or her choice. It appears to be a daunting challenge, which will require strong Federal support for research and development as new generations of voting technology emerge.
Poll Workers and Voter Privacy
According to the CalTech MIT Study "Voting: What Is What Could Be," between 4 and 6 million votes were lost in the 2000 election. The study attributed the loss to problems with voter registration or polling place practices and problems with ballots.
Elections systems rely on voluntary participation of poll workers and voters. The major challenge of election systems is to create ease of use in a process that is done very infrequently. At most, the greatest voter participation is seen during presidential election years, which occur once every four years.
Problems with the DRE machines
- Lack of transparency. DRE makers such as Diebold, Sequoia and ES&S refuse to make their software code available to the public to assess, nor are they willing to publicize the kind of testing they do.
- Inadequate testing of software. Voting machines are currently certified by states through a Qualification Process overseen by the National Organization of State Election Directors and based on 2002 Federal Election Commission guidelines. The method of testing has not been released to the public, but it is known that the process allows for the inclusion of secret code and the use of commercial software products without certification, and has been criticized by computer scientists and engineers, including the California Touch Screen Task Force and Computer Professionals for Social Responsibility, as extremely inadequte.
- Prone to defects and errors. It is nearly impossible to write bug-free software, and studies conducted by Princeton University researchers, Johns Hopkins researchers, Science Application International Corp, and the Voting Systems Technology Assessment Advisory Board have indeed found that the DRE machines currently on the market are vulnerable to software bugs that could affect election results. Hardware defects also occur with alarming frequency. Lax testing standards fail to catch many of these system errors.
- Vulnerability to fraud. The Johns Hopkins study found that DRE machine security safeguards are "far below even the most minimal security standards applicable in other contexts." As a result, these systems are vulnerable to both insider and outsider attacks. One of the most glaring examples of a security vulnerability is the study's finding that voters can program their own "smartcards" - which are used to certify identity at the voting terminals - and then use them to cast multiple ballots. The study also found that voters can hack into voting records, view partial election results, and cause elections to terminate early. Insiders, including election officials and poll workers, were also found to be capable of manipulating the system. While improved use of cryptography and security measures could improve some of these flaws, even thorough testing cannot reveal some types of malicious code.
- Lack of audit ability. The threat of bugs and security failures are magnified by the fact that none of the DRE machines currently on the market create a hard copy of voters' results, also known as a "paper trail." The lack of a paper record of one's vote makes it impossible to verify if the computer has, indeed, recorded your vote in the system as it is shown on the screen. Furthermore, lack of a paper record makes meaningful recounts or audits impossible because any recount would simply corroborate the same count the computer made the first time and would not catch any errors.
The secrecy and the security of the vote are integral to America's voting system, and both are in jeopardy when DRE machines are used in elections. In addition to the discussion above, two related issues arise from DRE voting systems and the Help America Vote Act.
- Anonymity vs. Audit ablity. Anonymity is a fundamental aspect of voting rights in the U.S. DRE machines make it difficult to have both audit ability and anonymity in the voting process. In the current system, to make voting results anonymous, these machines randomize the voting sequence, which also makes it impossible to track their accuracy.
- Voter Database. HAVA requires states to have "a single, uniform, official, centralized, interactive computerized statewide voter registration list" which includes the name and registration information (including driver's license number or last 4 digits of social security number) of every voter, will be available to "all election officials in the State." It does not stipulate security standards to protect this information, only stating that "state or local official shall provide adequate technological security measures to prevent the unauthorized access to the computerized list." The law does state that the information "shall be considered strictly confidential and shall be used only for the purposes" of voting and that violating said confidentiality constitutes a felony.
Other Voting Systems
- Optical scan voting systems. An optical scan system use ballots similar to multiple-choice tests, where voters fill in bubbles (aka "scan targets") for corresponding candidates. It is by definition voter-verifiable. Problems arise, however, when voters do not correctly mark their choices. Ballots also become unwieldy in voting venues with large numbers of offices, candidates and propositions, and with multi-lingual requirements. However, one company, Vogue Election Systems, is working on a touch-screen voting machine that would mark an optical-scan sheet of the voters choices. This system appears to remedy the most pressing problems with both the DRE and optical scan systems, but it has not yet been tested or certified.
- Internet voting. The U.S. government is currently experimenting with the practice of internet voting. In April 2015, as the result of a Freedom of Information Act lawsuit, EPIC obtained a September 2011 report about online voting from the Department of Defense. The report, produced in response to EPIC's July 2014 FOIA request, summarizes a pilot test of e-voting system. The report recommends several changes, including accessibility and user interface, but does little to address privacy and security concerns except for recommending "visible security features" to "give users greater confidence in the privacy and security of their ballots." Security experts say that Internet voting is vulnerable to disruption from viruses and server-based attacks.
In March 2018, an EPIC Freedom of Information Act request revealed that officials from four federal agencies had discussed joint efforts to "clean" state voter rolls in 2017. The records obtained by EPIC show that the Election Assistance Commission (EAC), the Presidential Advisory Commission on Election Integrity (PACEI), the Voting Section of the DOJ's Civil Rights Division, and the Department of Homeland Security (DHS) explored ways to cooperate on "cleaning" and "maintenance" of state voter registration databases.
Notably, these interagency discussions took place during the same period of 2017 that the PACEI and the DOJ were seeking vast amounts of election data from state election officials. Many states refused to provide the requested information, citing the privacy rights of their voters and the states' power to administer their own elections.
After EPIC brought suit against the PACEI in July 2017 to halt its unlawful gathering of personal voter data, the Commission temporarily suspended its data collection, discontinued the use of an unsafe computer server, deleted voter information that was illegally obtained, and ultimately disbanded. Meanwhile, EPIC also sought records from the DOJ about the agency's separate request for voter information.
In one set of emails disclosed to EPIC, Christy McCormick—an Election Assistance Commissioner and member of the PACEI—dismissed concerns about the federal government's sweeping demands for state voter information as "conspiracy theories." Writing to John Gore, a top voting rights attorney at DOJ, McCormick said she hoped the DOJ and the PACEI could "clean up the voter rolls" together:
I've been reading the stories/conspiracy theories about your NVRA [National Voter Registration Act] letter and the Commission's letter going out to the States on the same day and am amused at all the speculation and conclusions in them. Hopefully between DOJ and the Commission we can clean up the voter rolls. For the life of me, I don't know why people should be against cleaning the rolls up.
But a different email obtained by EPIC shows that the PACEI and the DOJ's Voting Section discussed "election integrity" just two weeks before the agencies sent out their simultaneous requests for voter information.
Another set of emails between McCormick and DOJ voting rights attorney Maureen Riordan show the ways in which federal officials sought to collaborate on voting roll "maintenance." Officials from the EAC, the DOJ, and the DHS appear to have conducted two meetings in February 2017 to discuss possible coordination between the agencies.
In one message, McCormick recapped an interagency meeting for Riordan: "Good discussion on elections including EAC, DOJ and DHS. Was told Senator McConnell is very interested in elections." In another message, McCormick sent Riordan possible topics for a subsequent interagency meeting—topics which the DOJ redacted from the records disclosed to EPIC. "I hope this is a helpful starting point on several areas in which we could cooperate," McCormick told Riordan. In a third email, McCormick shared EAC documents with Riordan about "NVRA list maintenance."
- EPIC: Veasey v. Abbott (Texas Voter ID)
- EPIC: National Federation for the Blind v. Lamone. Case regarding online absentee voting in Maryland currently on appeal to the Fourth Circuit.
- EPIC v. DOD (E-voting Security Tests)
- EPIC: Crawford v. Marion County Indiana
- U.S. Vote Foundation: The Future of Voting: End-To-End Verifiable Internet Voting. (July 2015)
- Hagai Bar-El on Security: Why secure e-voting is so hard to get (July 2015)
- Heritage Foundation: The Dangers of Internet Voting. (July 2015)
- National Conference of State Legislatures: Electronic Transmission of Ballots
- The American Voting Experience: Report and Recommendations of the Presidential Commission on Election Administration (January 2014)
- TED Talk: Barbara Simons: Why can't we vote online? (February 2013)
- National Conference of State Legislatures "The Canvass" newsletter: Internet Voting—Not Ready for Prime Time? (February 2013)
- The U.S. Election Assistance Commission's A Survey of Internet Voting (September 2011)
- National Institute of Standards and Technology: Security Considerations for Remote Electronic UOCAVA Voting. (February 2011)
- EPIC: "E-Deceptive Campaign Practices: Technology and Democracy 2.0" (2010)
- EPIC, Comments to the Election Assistance Commission regarding the 2009 Voluntary Voting System Guidelines Version 1.1 (Sept. 28, 2009)
- EPIC Audit of Takoma Park Municipal Election, November 3, 2009
- Caltech/MIT Voting Technology Project: Voting - What Is, What Could Be (June 2008)
- VerifiedVoting.org. Web site maintained by Stanford computer science professor David Dill to provide information about the dangers of electronic voting systems and encourage activism to protect voter rights.
- E-Voting Certification Gets Security Completely Backward by Bruce Schneier. (August 2007)
- EPIC, Comments to the Election Assistance Commission concerning Federal General Election Voter Registration Information Collection (Feb. 25, 2005)
- Rebecca Mercuri's Electronic Voting page. Mercuri, an e-voting expert, has compiled a site full of academic research, writing, and references on electronic voting.
- Federal Elections Commission government web site.
- BlackBoxVoting.org. A research and activism web site coordinated by Bev Harris, author of Black Box Voting: Ballot Tampering in the 21st Century.
- The Center for Voting and Democracy web site. A non-profit organization dedicated to fair elections where every vote counts and all voters are represented.
- Voting Technology page of the California Voter Foundation.
- Miami-Dade Election Reform Coalition web site.
- ACLU of Florida report on disenfranchisement in Miami-Dade County. ACLU study shows voting errors in 2002 Florida election disproportionately affected minorities.
- Voting Rights Fact Sheet from the Leadership Conference on Civil Rights.
- EPIC Advisory Board Member Ed Felten: Internet Voting: How Far Can We Go Safely? (June 2009)
- USACM Policy Brief - E-Voting Technology and Standards. U.S. Public Policy Committee of the Association for Computing Machinery page on electronic voting issues.
- New York Times Magazine: Can You Count on Voting Machines?
- Report of the Ad Hoc Touch Screen Taskforce of California.
- Comments on the California Touch Screen Task Force Report by Computer Professionals for Social Responsibility.
- Bruce Schneier: The Problem with Electronic Voting Machines
- Declaration of Peter Neumann before a U.S. District Court regarding electronic voting.
- Voting and Technology: Who Gets to Count Your Vote? by David L. Dill, Bruce Schneier, and Barbara Simons
- The Diebold AccuVote TS Should be Decertified: And what this tells us about the certification process. Paper by Dr. Doug Jones, University of Iowa, Computer Science Department.
- The History of the Voting Machine at About.com.
- Editorial: Internet balloting too risky, Washington Times (July 2015)
- Maryland going back to paper voting in 2016, Herald Mail Media (January 2015)
- Online voting rife with hazards: Column by Barbara Simons. USA TODAY (November 4, 2014).
- Internet voting "not ready for prime time", USA TODAY (November 3, 2014)
- States ditch electronic voting, The Hill (November 2, 2014)
- Court case: Voting via the Internet is a civil rights issue for disabled, Al Jazeera America (July 2014)
- Absentee ballots moving online causes security concerns, Maryland Reporter (April 2014)
- Smartcampaign: It's the Data, Stupid!, Karthika Muthukumaraswamy, Huffington Post, November 5, 2012 More news items »
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.