Review of "Broken Ballots: Will Your Vote Count"

“Broken Ballots: Will Your Vote Count?,” by Douglas W. Jones and Barbara Simons, is a tour de force review of the history and current state of voting technology security. The authors (who were key players in security reviews of a number of electronic voting systems, as well as in voting technology policy discussions at the local and national level) provide us with unique insights into the technical, procedural, policy, and even political difficulties of assuring election integrity.

The central challenge in voting systems, from a security perspective, is the absolute requirement for ballot secrecy (to prevent coercion or vote-buying) while ensuring that all eligible voters are allowed to vote, but no more than once per election. The notion of an eligible voter implies some sort of authentication system, while secrecy demands that in spite of authentication, ballots not be linkable to individual voters. Requirements for massive scalability, efficient vote tabulation, usability, accessibility for voters with a range of disabilities, ballots containing multiple races, and cost-effectiveness impose additional complexity on voting systems. This book explores how technology has attempted to achieve these conflicting goals, and how the complexity has often created vulnerabilities that threaten election integrity, which in turn, has required technology to evolve.

“Broken Ballots” documents a large number of case studies of security concerns on a variety of electronic voting technologies, including Direct Recording Electronic (DRE) and Internet-based systems. An entire chapter is devoted to the missteps of Diebold, “the poster child of much that is wrong with DREs”, including overt partisanship suggesting vote rigging, hiding poor coding and deployment practices behind a screen of “trade secrecy”, circumventing the voting software Independent Testing Authority and certification process, use of programmers who had previously been convicted of computer-based fraud, and harassment of independent researchers who disclosed the existence of vulnerabilities. Another chapter is devoted to risks associated with Internet voting, quite similar to those characteristic of e-commerce, including server-based attacks, client-side malware, phishing, counterfeit sites, man-in-the-middle attacks, DDoS, the loss of ballot secrecy (a risk specific to voting).

Lest we be tempted to return to simpler times before touch screens and the Internet, the authors provide a fascinating history of voting technologies and attacks on them, from voice vote to ballot boxes to punch cards. (Who knew that lever voting machines were susceptible to jammed gears?)

The authors describe the challenges associated with developing meaningful voting standards and critique a number of failed attempts (such as the 2002 Help America Vote Act and several of its revisions.) They leave us with a number of concrete recommendations for improving the integrity and transparency of elections, including:
• Development of uniform election standards (technological as well as procedural requirements)
• Technological support for audits and mandatory post-election audits
• Greater vendor accountability
• Revamping voter enfranchisement laws
• Explicitly forbidding Internet (as well as fax and phone) voting until significant security breakthroughs have been achieved

“Broken Ballots” should be largely accessible to a non-technical audience, but those with IT experience will respond more viscerally to the cringe-worthy practices it documents. The CISSP will appreciate the thoroughness of the analysis, as it touches on practically every domain of the CBK, from physical security to secure coding practices to governance. The case studies it cites are primarily (though not exclusively) US-based, but the principles these illustrate are universal. It is not a quick read, and at times feels a bit shopping-listy, but it is well-worth working through it, and should be of interest to every adult citizen of any country that conducts elections.

This review appears on the ISC2 book review section.