How open source voting machines could boost trust in US elections
While the vendors pitched their latest voting machines in Concord, New Hampshire, this past August, the election officials in the room gasped. They whispered, No way." They nodded their heads and filled out the scorecards in their laps. Interrupting if they had to, they asked every kind of question: How much does the new scanner weigh? Are any of its parts made in China? Does it use the JSON data format?
The answers weren't trivial. Based in part on these presentations, many would be making a once-in-a-decade decision.
These New Hampshire officials currently use AccuVote machines, which were made by a company that's now part of Dominion Voting Systems. First introduced in 1989, they run on an operating system no longer supported by Microsoft, and some have suffered extreme malfunctions; in 2022, the same model of AccuVote partially melted during an especially warm summer election in Connecticut.
Many towns in New Hampshire want to replace the AccuVote. But with what? Based on past history, the new machines would likely have to last decades - while also being secure enough to satisfy the state's election skeptics. Outside the event, those skeptics held signs like Ban Voting Machines." Though they were relatively small in number that day, they're part of a nationwide movement to eliminate voting technology and instead hand count every ballot - an option election administrators say is simply not feasible.
Against this backdrop, more than 130 election officials packed into the conference rooms on the second floor of Concord's Legislative Office Building. Ultimately, they faced a choice between two radically different futures.
The first was to continue with a legacy vendor. Three companies - Dominion, ES&S, and Hart InterCivic - control roughly 90 percent of the U.S. voting technology market. All three are privately held, meaning they're required to reveal little about their financial workings and they're also committed to keeping their source code from becoming fully public.
The second future was to gamble on VotingWorks, a nonprofit with only 17 employees and voting machine contracts in just five small counties, all in Mississippi. The company has taken the opposite approach to the Big Three. Its financial statements are posted on its website, and every line of code powering its machines is published on GitHub, available for anyone to inspect.
Why in 2023 are we counting votes with any proprietary software at all?"
At the Concord event, a representative for ES&S suggested that this open-source approach could be dangerous. If the FBI was building a new building, they're not going to put the blueprints out online," he said. But VotingWorks co-founder Ben Adida says it's fundamental to rebuilding trust in voting equipment and combatting the nationwide push to hand count ballots. An open-source voting system is one where there are no secrets about how this works," Adida told the audience. All the source code is public for the world to see, because why in 2023 are we counting votes with any proprietary software at all?"
Others agree. Ten states currently use VotingWorks' open-source audit software, including Georgia during its hand count audit in 2020. Other groups are exploring open-source voting technology, including Microsoft, which recently piloted voting software in Franklin County, Idaho. Bills requiring or allowing for open-source voting technology have recently been introduced in at least six states; a bill has also been introduced at the federal level to study the issue further. In New Hampshire, the idea has support from election officials, the secretary of state, and even diehard machine skeptics.
VotingWorks is at the forefront of the movement to make elections more transparent. Although the voting equipment that we've been using for the last 20, 30 years is not responsible for this crisis," Adida said, it's also not the equipment that's going to get us out of this crisis." But can an idealist nonprofit really unseat industry juggernauts - and restore faith in democracy along the way?
For years, officials have feared that America's voting machines are vulnerable to attack. During the 2016 election, Russian hackers targeted election systems in all 50 states, according to the Senate Intelligence Committee. The committee found no evidence that any votes were changed, but it did suggest that Russia could be cataloging options for use at a later date."
In 2017, the Department of Homeland Security designated election infrastructure as critical infrastructure," noting that bad cyber actors - ranging from nation states, cyber criminals, and hacktivists - are becoming more sophisticated and dangerous."
Some conservative activists have suggested simply avoiding machines altogether and hand-counting ballots. But doing so is prohibitively slow and expensive, not to mention more error-prone. Last year, for example, one county in Arizona estimated that counting all 105,000 ballots from the 2020 election would require at least 245 people working every day, including holidays, for almost three weeks.
That leaves election administrators dependent on machines to tally up votes. That August day in Concord, VotingWorks and two of the legacy vendors, Dominion and ES&S, were offering the same kind of product: an optical scanner, which is essentially just a counting machine. After a New Hampshire voter fills in a paper ballot by hand, it's most likely inserted into an optical scanner, which interprets and tallies the marks. This process is how roughly two-thirds of the country votes. A quarter of voters mark their ballots using machines (aptly named ballot-marking devices"), which are then fed into an optical scanner as well. About 5 percent use direct recording electronic systems, or DREs, which allows votes to be cast and stored directly on the machine. Only 0.2 percent of voters have their ballots counted by hand.
Workers in Hinsdale, New Hampshire count each of the 1799 ballots cast after the polls closed on election day in 2016. Hand counts of ballots are prohibitively slow and expensive, and less accurate than machines. KRISTOPHER RADDER/THE BRATTLEBORO REFORMER VIA APSince the 2020 election, the companies that make these machines have been the subject of intense scrutiny from people who deny the election results. Those companies have also come under fire for what critics on both sides of the political aisle describe as their secrecy, lack of innovation, and obstructionist tendencies.
None of the three companies publicly disclose basic information, including their investors and their financial health. It can also be difficult to even get the prices of their machines. Often, jurisdictions come to depend on these firms. Two-thirds of the industry's revenue comes from support, maintenance, and services for the machines.
Legacy vendors also fight to maintain their market share. In 2017, Hart InterCivic sued Texas to prevent counties from replacing its machines, which don't produce a paper trail, with machines that did. For a vendor to sue to prevent auditable paper records from being used in voting shows that market dynamics can be starkly misaligned with the public interest," concluded a report by researchers at the University of Pennsylvania in collaboration with Verified Voting, a nonprofit that, according to its mission statement, works to promote the responsible use of technology in elections."
The companies tell a different story, pointing out that they do disclose their code to certain entities, including third-party firms and independent labs that work on behalf of the federal government to test for vulnerabilities in the software that could be exploited by hackers. In a statement to Undark, ES&S also said it discloses certain financial information to jurisdictions when requested" and the company shared approximate prices for its voting machines, although it noted that final pricing depends on individual customer requirements."
In Concord, officials from some small towns where ballots are still hand-counted were considering switching to machines. Others were considering whether to stick with Dominion and LHS - the New Hampshire-based company that services the machines - or switch to VotingWorks. It would likely be one of the most expensive, consequential decisions of their careers.
For a vendor to sue to prevent auditable paper records from being used in voting shows that market dynamics can be starkly misaligned with the public interest."
Throughout his pitch, the representative for LHS emphasized the continuity between the old AccuVote machines and the new Dominion scanner. Wearing a blazer and a dress shirt unbuttoned at the collar, Jeff Silvestro knew the crowd well. LHS is the only authorized service provider for the entire state's AccuVote machines, and it's responsible for offering training for the towns' staff, delivering memory cards for each election, and weathering a blizzard to come to their poll site and service a broken scanner.
Don't worry, Silvestro reassured the crowd: The voter experience is the same. Similarities," Silvestro told the crowd. That's what we're looking for."
Just down the hall from Silvestro, Ben Adida laid out a different vision of what voting technology could be. He opened by addressing the elephant in the room": the substantial number of people who distrust the elections. VotingWorks could do so, he said, by offering three things: security, simplicity, and transparency.
Adida first started working on election technology in 1997, as a computer science undergraduate at MIT, where he built a voting system for student council elections. After earning a Ph.D. from MIT in 2006, with a specialty in cryptography and information security, he did a few more years of election work as a post-doc at Harvard University and then transitioned to data security and privacy for medical data. Later, he served as director of engineering at Mozilla and Square and vice president of engineering at Clever, a digital learning platform for K-12 schools.
In 2016, Adida considered leaving Clever to do election work again, and he followed the progress of STAR-Vote, an open-source election system proposed by Travis County, Texas, that ultimately didn't move forward. He decided to stay put, but he couldn't shake the thought of voting technology. Adida knew it was rare for someone to have his background in both product design and election security. This is kind of a calling," he said.
Ben Adida, who holds a Ph.D. in computer science, with a specialty in cryptography and information security, is the co-founder of VotingWorks, a nonprofit that builds open-source election technology.The voting machine built by VotingWorks is made from off-the-shelf electronics and open-source software that the company posted on GitHub.Adida launched VotingWorks in December 2018, with some funding from individuals and Y Combinator, a renowned startup accelerator. The nonprofit is now unique among the legacy voting technology vendors: The group has disclosed everything, from its donors to the prices of its machines. VotingWorks machines are made from off-the-shelf electronics, and in the long-run, according to Adida, are cheaper than their competitors.
The day of the Concord event, Adida wore a T-shirt tucked into his khakis, and sported a thick brown mustache. When he started discussing the specs of his machine, he spoke quickly, bounding around the room and even tripping on an errant wire. At one point, he showed off his machine's end-of-night election report, printed on an 8 by 11 piece of paper, a far cry from the long strips of paper that are currently used. You don't have to have these long CVS receipts." The room laughed.
Adida and his team are staking out a position in a debate that stretches back to the early days of computing: Is the route to computer security through secrecy, or through total transparency?
Some of the most widely used software today is open-source software, or OSS, meaning anyone can read, modify, and reuse the code. OSS has powered popular products like the operating system Linux and the internet browser Firefox from Mozilla. It's also used extensively by the Department of Defense.
Proponents of OSS offer three main arguments for why it's more secure than a locked box model. First, publicly available source code can be scrutinized by anyone, not just a relatively small group of engineers within a company, increasing the chances of catching flaws. Second, because coders know that they can be scrutinized by anyone, they're incentivized to produce better work and to explain their approach. You can go and look at exactly why it's being done this way, who wrote it, who approved it, and all of that," said Adida.
Third, OSS proponents say that trying to hide source code will ultimately fail, because attackers can acquire it from the supplier or reverse engineer it themselves. Hackers don't need perfect source code, just enough to analyze for patterns that may suggest a vulnerability. Breaking is easier than building.
Already, there are indications that bad actors have acquired proprietary voting machine code. In 2021, an election official in Colorado allegedly allowed a conspiracy theorist to access county machines, copy sensitive data, and photograph system passwords - the kind of insider attack that, experts warn, could compromise the security of the coming presidential election.
Adida and his team are staking out a position in a debate that stretches back to the early days of computing: Is the route to computer security through secrecy, or through total transparency?
Not everyone is convinced that open-source code alone is enough to ensure a secure voting machine. You could have had open-source software, and you might not have found all of the problems or errors or issues," said Pamela Smith, the president of Verified Voting, citing the numerous lines of code that would need to be examined in a limited amount of time.
Adida doesn't expect anyone to go through the hundreds of thousands of lines of code on the VotingWorks GitHub. But if they're curious about a specific aspect, like how the scanner handles paper that's askew, it's much more manageable: only a few hundred lines of code. Already, a small number of coders from outside the company have made suggestions on how to improve the software, some of which have been accepted. Then, to fully guard against vulnerabilities, the company relies on its own procedures, third-party reviews, and certification testing at the federal level, said Adida.
Miami-Dade election workers check voting machines for accuracy by reviewing scrolls of paper that Adida likened to long CVS receipts."JOE RAEDLE/GETTY IMAGESIn addition to security, any new machine also needs to be easy for poll workers to operate - and able to perform reliably under the high-stakes conditions of an election day. In interviews, election officials who use the technology in Mississippi raved about its ease of use.
Some also love how responsive the company is to feedback. They come to us and say, Tell us in the field what's going on,'" said Sara Dionne, chairman of the election commission in Warren County, Mississippi, which started using VotingWorks in 2020. We certainly never had that kind of conversation with ES&S ever."
To expand VotingWorks' reach, though, Adida must pitch it in places like New Hampshire, where election officials are navigating tight budgets, fallout from the 2020 election, and misperceptions about voting technology.
New Hampshire is a swing state, and, after the 2020 election, it has a small but vocal faction of election deniers. At the same time, Republican Secretary of State David Scanlan has done little to marshal resources for new machines. Last year, Scanlan opposed a bill that would have allowed New Hampshire towns and cities to apply for funding from a $12 million federal grant for new voting machines; Republicans in the legislature killed the bill. (Asked what cash-strapped jurisdictions should do if they can't afford new scanners, Scanlan told Undark they could cannibalize parts from old AccuVote machines.)
Some critics also say Scanlan has done little to dispel some conservative activists' beliefs that New Hampshire can dispense with machines altogether. At the Concord event, a woman told Undark that Manchester, a city with 68,000 registered voters, could hand count all of its ballots in just four hours. Speaking with Undark, Scanlan acknowledged that this estimate wasn't correct, and that hand counting is less accurate than machines. However, his office hasn't communicated this message to the public in any formal way. I definitely think that he is complicit in allowing [misinformation] to continue to flourish," said Liz Wester, co-founder of 603 Forward, which encourages civic participation in the state.
The VotingWorks model won over some machine skeptics at the Concord event, like Tim Cahill, a Republican in the New Hampshire House of Representatives. Cahill said he'd prefer that all ballots in the state be hand counted but would choose VotingWorks over the other vendors. Why would you trust something you can't put your eyes on?" he told Undark. We have a lot of smart people in this country and people want open source, they want transparency."
Poll workers use the Accu-Vote machines to scan absentee ballots in Fairbanks, Alaska.ERIC ENGMAN/GETTY IMAGESOpen source has found fans in other states, too. Kevin Cavanaugh is a county supervisor in Pinal, Arizona's third most populous county. He says he started to doubt voting machines after watching a documentary, funded by the election denier Mike Lindell, claiming that the devices have unauthorized software that could change vote totals without detection. In November 2022, Cavanaugh introduced a motion to increase the number of ballots counted by hand in the county, and he told Undark he'd like a full hand count. But, if we're using machines," he added, then I think it's important that the source code is available for inspection to experts."
Back in Concord, Adida appeared to be persuasive to the public at large - or at least those invested enough to attend the event. Of the 201 attendees who filled out a scorecard, VotingWorks was the most popular first choice. But among election officials, the clear preference was Dominion. Some officials were skeptical that open-source technology would mean much to people in their towns. Your average voter doesn't care about open source," said one town clerk.
Still, five towns in New Hampshire have already purchased VotingWorks machines, some of which will be used in upcoming March local elections.
Two main factors determine whether someone has faith in an election, said Charles Stewart III, a political scientist at MIT who has written extensively about trust in elections. The first, which affects roughly 5 to 10 percent of voters, is a negative personal experience at the polls, like long lines, rude poll workers, and problems with machines, which can make the public less willing to trust an election's outcome.
The second, more influential factor affecting trust is if a voter's candidate won. That makes it supremely difficult to restore confidence, said Tammy Patrick, a former election official in Maricopa County and the current CEO for programs at the National Association of Election Officials. The answer on election administration - it's complex, it's wonky, it's not pithy," she said in a recent press conference. It's hard to come back to those emotional pleas with what the reality is."
Adida agrees with Stewart that VotingWorks alone isn't going to eliminate election denialism - nor, he said, is that his goal. Instead, he hopes to reach the people who are susceptible to misinformation but haven't necessarily made up their minds yet, a group he describes as the middle 80 percent." Even if they never visit the company's GitHub, he says, the fact that we're putting it all out in the open builds trust." And when someone says something patently false about the company, Adida can at least ask them to identify the incriminating lines of source code.
Are those two things - rhetorical power and a commitment to transparency - really a match for the disinformation machinery pushing lies across the country? Adida mentioned the myths about legacy vendors' machines being mis-programmed or incorrectly counting ballots during the 2020 election. What was the counterpoint to that?" he asked. It was, Trust us. These machines have been tested.' I want the counterpoint to be, Hey folks, all the source code is open.'"
Spenser Mestel is a poll worker and independent journalist. His bylines include The New York Times, The Atlantic, The Guardian, and The Intercept.
This article was originally published on Undark. Read the original article.