"The first principle of republicanism is that the lex majoris partis is the fundamental law of every society of individuals of equal rights; to consider the will of the society enounced by the majority of a single vote as sacred as if unanimous is the first of all lessons in importance, yet the last which is thoroughly learnt." Thomas Jefferson to Alexander von Humboldt, 1817
- In Voter Privacy Case, EPIC Urges Court to Issue TRO: In a court filing on Tuesday, EPIC urged a federal court to issue a temporary restraining order to block the collection of voter data by the Presidential Election Commission. "The Commission may not play 'hide the ball' with the nation's voter records," EPIC wrote. "With such vast demands for personal information come commensurate responsibilities to provide security and privacy, and to comply with all legal obligations. Surely that is fundamental for an organization charged with promoting 'election integrity.'" On Monday, the Commission suspended the collection of voter data in response to EPIC's suit. The case is EPIC v. Commission, No. 17-1320 (D.D.C. filed July 3, 2017). (Jul. 11, 2017)
- Civil Rights Groups Join EPIC in Challenge to Election Commission: Several civil rights organizations have filed lawsuits challenging the Presidential Election Commission, which EPIC sued last week. The groups include the American Civil Liberties Union, the Lawyers Committee for Civil Rights Under Law, and Public Citizen. The organizations raised several challenges similar to those in EPIC v. Commission. In response to the EPIC lawsuit, the Commission has suspended the collection of voter data from the states. (Jul. 11, 2017) More top news »
EPIC has a long history of working on voter privacy and vote integrity issues, which E-voting directly affects.
In April 2015, as the result of a Freedom of Information Act lawsuit, EPIC obtained a September 2011 report about online voting from the Department of Defense. The report, produced in response to EPIC's July 2014 FOIA request, summarizes a pilot test of e-voting system. The report recommends several changes, including accessibility and user interface, but does little to address privacy and security concerns except for recommending "visible security features" to "give users greater confidence in the privacy and security of their ballots." EPIC will continue to pursue the documents that have been withheld from the public about the risks of online voting.
In 2010, EPIC released an update to its "E-Deceptive Campaign Practices: Technology and Democracy 2.0" report, first published in 2008. The report reviewed the potential for abuse of Internet-based technology in the election context, and made recommendations on steps that should be taken by Election Administrators, voters, and those involved in Election Protection efforts. E-Deceptive campaigns are internet-based attempts to misdirect targeted voters regarding the voting process, and include false statements about poll place hours, election dates, voter identification rules, or voter eligibility requirements.
In 2009, EPIC recommended greater transparency on the standards development process to the Election Assistance Commission ("EAC"). The agency sought public comments on a draft of the agency's Voluntary Voting System Guidelines. In its comments, EPIC requested that the EAC follow President Obama's directive to all federal government agencies that they take affirmative steps to make their activities regarding standards development more transparent to the public, make ballot secrecy a critical component of federal voting technology standards, and maintain software independence in the next iteration of voting technology standards.
In 2008, EPIC submitted comments to the Election Assistance Commission on the proposed Voluntary Voting System Guidelines. EPIC proposed new guidance on privacy protection in the casting of ballots. EPIC also recommended more transparency for the privacy protections provided by federally certified voting systems.
Additionally, EPIC testified before the Election Assistance Commission on the 2007 Voting System Guidelines. EPIC urged the Commission to "offer clear and effective guidance to states on issues of functional capability, hardware, software, telecommunication, security, quality assurance, and configuration of voting systems."
The secrecy and the security of the vote are integral to America's voting system, and both are threatened by online voting. Cyber security experts at the National Institute of Standards and Technology have stated that "additional research and development is needed... before secure Internet voting will be feasible." In 2012, a top cybersecurity official at the Department of Homeland Security stated that "it's premature to deploy Internet voting in real elections at this time." Internet voting systems cannot be properly fully secured and create the possibility of undetectable alteration of ballots. Because of ballot secrecy, individual voters are unable to verify that their votes were properly cast. Online voting is thereby particularly susceptible to undetectable hacking and tampering.
Additionally, anonymity is a fundamental aspect of voting rights in the United States. Online voting, however, makes simultaneous audit ability and anonymity in the voting process extremely difficult to implement.
Finally, online voting requires the use of databases which are likely to include sensitive personal information, the security of which is untested and unclear.
The 2000 Election
The 2000 election brought the systemic problems in our nation's electoral process that had existed for decades to the attention of the mainstream media, a majority of voters, policy makers, and international observers. A confluence of the perfect political storm occurred when the margin of electoral votes between the top two candidates was only five votes. There were only two other states with more electoral votes than Florida, California with 54 and Texas with 32. Because of the narrow margin separating the candidates in the Florida 2000 Presidential Election, the winner of that electoral rich state would be declared the next President of the United States. The post-election battle for the White House began in Florida and eventually was decided by the United States Supreme Court. The impact of this Supreme Court decision changed the resource allocation of candidates in post 2000 elections to include the retaining of attorneys.
In 2000, the focus was on Florida, but the problems in that state were repeated in many others. That presidential year was like any other except for one fact-the deciding margin of victory was only 537 votes. This number is dwarfed by the number of voters disenfranchised according to the CalTech MIT Study "Voting: What Is What Could Be," which records that between 4 and 6 million votes were lost in the 2000 election.6 The study attributed the loss to problems with voter registration or polling place practices and problems with ballots. As a consequence, voters received a rude introduction to the reality of elections in the United States-not every vote cast was counted.
In reply to the crisis of the Presidential Election of 2000, the federal government attempted to clarify and codify voting rights in the United States for the 2004 election through the enactment and implementation of the Help America Vote Act (HAVA) Law. However, this law was in many ways too little too late. HAVA, for the first time in the nation's history, established a role for the federal government in public elections held to fill federal elected offices. The establishment of the U.S. Election Assistance Commission (EAC) in statute did not translate into expedited action on the part of policymakers to appoint the EAC leadership. The four Commissioners, two Democrats Gracia Hillman and Ray Martinez and two Republicans, DeForest B. Soaries and Paul DeGregorio who were selected to serve as the first EAC Commission were not sworn into office until December 12, 2003.
The EAC Commissioners received only $1.2 million in funding for Fiscal year 2004 and did not move into their own offices until April 1, 2004 seven months prior to the election. The new law included a directive to states to create statewide voter registration databases, identification, and new requirements for first time-registered voters. To accomplish these objectives the law provided over $3 billion in federal funds to be allocated to states under the guidance of the EAC. However, the EAC lacked the time and funding recourses necessary to ensure that the goals of election reform outlined in HAVA were accomplished. EAC's late start did not allow them the time that was necessary to develop federal standards that would guide the states in the use of the funds made available. In particular, the Technical Guidelines Development Committee (TGDC), a technical advisory body to the EAC charged with the development of voluntary standards for voting technology met for the first time on July 9, 2004.
Under HAVA, states retain control of the election process, but they must meet minimum standards set forth in HAVA. HAVA was generally popular among members of Congress, yet received some criticism because it required more stringent voter identification procedures. HAVA passed 92 to 2 in the Senate and 357 to 48 in the House with bi-partisan support. HAVA also required voters to provide either a state driver's license number or the last four digits of their Social Security Number (SSN) if they did not have driver's licenses.9 HAVA also required election officials to verify voters' identification with administrative agencies (i.e., comparing driver's licenses with local Departments of Motor Vehicles and SSNs with the Social Security Administration.) Dissenters feared that the new requirements would "raise hurdles to registration and voting by poor people and members of minority groups, especially Hispanics."
In particular, Senator Hillary Rodham Clinton remarked that HAVA "would probably 'repress voter participation' by recently naturalized American citizens, homeless people and millions of New Yorkers who have no driver's license." Supporters of the stricter identification requirements countered that the measures were important because "illegal votes dilute the value of legally cast votes." According to Senator Bond of Missouri, "If your vote is canceled by the vote of a dog or a dead person, it's as if you did not have a right to vote." While attempting to strengthen the integrity of the electoral process by requiring stronger voter identification requirements, HAVA did little to address the potential problems of skewed election outcomes if the electronic voting machines are faulty or rigged.
The transactions associated with voting unlike other exchanges in society, require privacy for individual voters and transparency of the overall voting system.19 The conundrum presented by paperless DRE voting technology further complicates this transaction of voter choice and privacy in a populous self-governing matrix of nearly 200 million potential participants by not producing a physical audit instrument that is verified by each voter at his or her choice. It appears to be a daunting challenge, which will require strong Federal support for research and development as new generations of voting technology emerge.
Poll Workers and Voter Privacy
According to the CalTech MIT Study "Voting: What Is What Could Be," between 4 and 6 million votes were lost in the 2000 election. The study attributed the loss to problems with voter registration or polling place practices and problems with ballots.
Elections systems rely on voluntary participation of poll workers and voters. The major challenge of election systems is to create ease of use in a process that is done very infrequently. At most, the greatest voter participation is seen during presidential election years, which occur once every four years.
Problems with the DRE machines
- Lack of transparency. DRE makers such as Diebold, Sequoia and ES&S refuse to make their software code available to the public to assess, nor are they willing to publicize the kind of testing they do.
- Inadequate testing of software. Voting machines are currently certified by states through a Qualification Process overseen by the National Organization of State Election Directors and based on 2002 Federal Election Commission guidelines. The method of testing has not been released to the public, but it is known that the process allows for the inclusion of secret code and the use of commercial software products without certification, and has been criticized by computer scientists and engineers, including the California Touch Screen Task Force and Computer Professionals for Social Responsibility, as extremely inadequte.
- Prone to defects and errors. It is nearly impossible to write bug-free software, and studies conducted by Princeton University researchers, Johns Hopkins researchers, Science Application International Corp, and the Voting Systems Technology Assessment Advisory Board have indeed found that the DRE machines currently on the market are vulnerable to software bugs that could affect election results. Hardware defects also occur with alarming frequency. Lax testing standards fail to catch many of these system errors.
- Vulnerability to fraud. The Johns Hopkins study found that DRE machine security safeguards are "far below even the most minimal security standards applicable in other contexts." As a result, these systems are vulnerable to both insider and outsider attacks. One of the most glaring examples of a security vulnerability is the study's finding that voters can program their own "smartcards" - which are used to certify identity at the voting terminals - and then use them to cast multiple ballots. The study also found that voters can hack into voting records, view partial election results, and cause elections to terminate early. Insiders, including election officials and poll workers, were also found to be capable of manipulating the system. While improved use of cryptography and security measures could improve some of these flaws, even thorough testing cannot reveal some types of malicious code.
- Lack of audit ability. The threat of bugs and security failures are magnified by the fact that none of the DRE machines currently on the market create a hard copy of voters' results, also known as a "paper trail." The lack of a paper record of one's vote makes it impossible to verify if the computer has, indeed, recorded your vote in the system as it is shown on the screen. Furthermore, lack of a paper record makes meaningful recounts or audits impossible because any recount would simply corroborate the same count the computer made the first time and would not catch any errors.
The secrecy and the security of the vote are integral to America's voting system, and both are in jeopardy when DRE machines are used in elections. In addition to the discussion above, two related issues arise from DRE voting systems and the Help America Vote Act.
- Anonymity vs. Audit ablity. Anonymity is a fundamental aspect of voting rights in the U.S. DRE machines make it difficult to have both audit ability and anonymity in the voting process. In the current system, to make voting results anonymous, these machines randomize the voting sequence, which also makes it impossible to track their accuracy.
- Voter Database. HAVA requires states to have "a single, uniform, official, centralized, interactive computerized statewide voter registration list" which includes the name and registration information (including driver's license number or last 4 digits of social security number) of every voter, will be available to "all election officials in the State." It does not stipulate security standards to protect this information, only stating that "state or local official shall provide adequate technological security measures to prevent the unauthorized access to the computerized list." The law does state that the information "shall be considered strictly confidential and shall be used only for the purposes" of voting and that violating said confidentiality constitutes a felony.
Other Voting Systems
- Optical scan voting systems. An optical scan system use ballots similar to multiple-choice tests, where voters fill in bubbles (aka "scan targets") for corresponding candidates. It is by definition voter-verifiable. Problems arise, however, when voters do not correctly mark their choices. Ballots also become unwieldy in voting venues with large numbers of offices, candidates and propositions, and with multi-lingual requirements. However, one company, Vogue Election Systems, is working on a touch-screen voting machine that would mark an optical-scan sheet of the voters choices. This system appears to remedy the most pressing problems with both the DRE and optical scan systems, but it has not yet been tested or certified.
- Internet voting. The U.S. government is currently experimenting with the practice of internet voting. In April 2015, as the result of a Freedom of Information Act lawsuit, EPIC obtained a September 2011 report about online voting from the Department of Defense. The report, produced in response to EPIC's July 2014 FOIA request, summarizes a pilot test of e-voting system. The report recommends several changes, including accessibility and user interface, but does little to address privacy and security concerns except for recommending "visible security features" to "give users greater confidence in the privacy and security of their ballots." Security experts say that Internet voting is vulnerable to disruption from viruses and server-based attacks.
- EPIC: Veasey v. Abbott (Texas Voter ID)
- EPIC: National Federation for the Blind v. Lamone. Case regarding online absentee voting in Maryland currently on appeal to the Fourth Circuit.
- EPIC v. DOD (E-voting Security Tests)
- EPIC: Crawford v. Marion County Indiana
- U.S. Vote Foundation: The Future of Voting: End-To-End Verifiable Internet Voting. (July 2015)
- Hagai Bar-El on Security: Why secure e-voting is so hard to get (July 2015)
- Heritage Foundation: The Dangers of Internet Voting. (July 2015)
- National Conference of State Legislatures: Electronic Transmission of Ballots
- The American Voting Experience: Report and Recommendations of the Presidential Commission on Election Administration (January 2014)
- TED Talk: Barbara Simons: Why can't we vote online? (February 2013)
- National Conference of State Legislatures "The Canvass" newsletter: Internet Voting—Not Ready for Prime Time? (February 2013)
- The U.S. Election Assistance Commission's A Survey of Internet Voting (September 2011)
- National Institute of Standards and Technology: Security Considerations for Remote Electronic UOCAVA Voting. (February 2011)
- EPIC: "E-Deceptive Campaign Practices: Technology and Democracy 2.0" (2010)
- EPIC, Comments to the Election Assistance Commission regarding the 2009 Voluntary Voting System Guidelines Version 1.1 (Sept. 28, 2009)
- EPIC Audit of Takoma Park Municipal Election, November 3, 2009
- Caltech/MIT Voting Technology Project: Voting - What Is, What Could Be (June 2008)
- VerifiedVoting.org. Web site maintained by Stanford computer science professor David Dill to provide information about the dangers of electronic voting systems and encourage activism to protect voter rights.
- E-Voting Certification Gets Security Completely Backward by Bruce Schneier. (August 2007)
- EPIC, Comments to the Election Assistance Commission concerning Federal General Election Voter Registration Information Collection (Feb. 25, 2005)
- Rebecca Mercuri's Electronic Voting page. Mercuri, an e-voting expert, has compiled a site full of academic research, writing, and references on electronic voting.
- Federal Elections Commission government web site.
- BlackBoxVoting.org. A research and activism web site coordinated by Bev Harris, author of Black Box Voting: Ballot Tampering in the 21st Century.
- The Center for Voting and Democracy web site. A non-profit organization dedicated to fair elections where every vote counts and all voters are represented.
- Voting Technology page of the California Voter Foundation.
- Miami-Dade Election Reform Coalition web site.
- ACLU of Florida report on disenfranchisement in Miami-Dade County. ACLU study shows voting errors in 2002 Florida election disproportionately affected minorities.
- Voting Rights Fact Sheet from the Leadership Conference on Civil Rights.
- EPIC Advisory Board Member Ed Felten: Internet Voting: How Far Can We Go Safely? (June 2009)
- USACM Policy Brief - E-Voting Technology and Standards. U.S. Public Policy Committee of the Association for Computing Machinery page on electronic voting issues.
- New York Times Magazine: Can You Count on Voting Machines?
- Report of the Ad Hoc Touch Screen Taskforce of California.
- Comments on the California Touch Screen Task Force Report by Computer Professionals for Social Responsibility.
- Bruce Schneier: The Problem with Electronic Voting Machines
- Declaration of Peter Neumann before a U.S. District Court regarding electronic voting.
- Voting and Technology: Who Gets to Count Your Vote? by David L. Dill, Bruce Schneier, and Barbara Simons
- The Diebold AccuVote TS Should be Decertified: And what this tells us about the certification process. Paper by Dr. Doug Jones, University of Iowa, Computer Science Department.
- The History of the Voting Machine at About.com.
- Editorial: Internet balloting too risky, Washington Times (July 2015)
- Maryland going back to paper voting in 2016, Herald Mail Media (January 2015)
- Online voting rife with hazards: Column by Barbara Simons. USA TODAY (November 4, 2014).
- Internet voting "not ready for prime time", USA TODAY (November 3, 2014)
- States ditch electronic voting, The Hill (November 2, 2014)
- Court case: Voting via the Internet is a civil rights issue for disabled, Al Jazeera America (July 2014)
- Absentee ballots moving online causes security concerns, Maryland Reporter (April 2014)
- Smartcampaign: It's the Data, Stupid!, Karthika Muthukumaraswamy, Huffington Post, November 5, 2012 More news items »
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
by Ryan Calo, A. Michael Froomkin,