Hack-A-Vote: Security Issues with Electronic Voting Systems

Total Page:16

File Type:pdf, Size:1020Kb

Hack-A-Vote: Security Issues with Electronic Voting Systems E-Voting Hack-a-Vote: Security Issues with Electronic Voting Systems In a quest for election legitimacy, officials are increasingly deploying direct recording electronic (DRE) voting systems. A project to assess their trustworthiness revealed both the ease of introducing bugs into such systems and the difficulty of detecting them during audits. JONATHAN he democratic process rests on a fair, universally According to BANNET, DAVID accessible voting system through which all citi- analysts, this flawed W. PRICE, zens can easily and accurately cast a vote. With state is the result of undisciplined software development and ALGIS RUDYS, T the 2000 US presidential election, however, the a process that failed to encourage developers to anticipate or JUSTIN SINGER, country got a firsthand look at the results of a flawed vot- fix security holes. The closed-source approach to software AND DAN S. ing system, which fueled renewed public interest in vot- development, which shielded the source code from public WALLACH ing system reliability. People became especially en- review and comment, only served to delay the necessary Rice chanted by the computer’s siren song, so election officials scrutiny. Of course, as daily headlines demonstrate, neither a University have increasingly examined and adopted voting systems commitment to software security nor an open-source ap- that rely primarily on computers to record and tabulate proach to software development prevents software security votes. Much of their attention has centered on direct holes. (For example, see www.cert.org/advisories, which recording electronic (DRE) voting systems, which com- lists security holes that have been discovered in the past year.) pletely eliminate paper ballots. Software developers and auditors who follow standard soft- DRE voting systems have some inherent advantages ware engineering practices have proven unable to ship bug- over paper-based voting schemes, including a decrease free software. In general, producing software free from all se- in voter error. If the system’s interface has been well de- curity holes is significantly harder than an attacker’s goal: to signed, for example, it seeks confirmation if the voter find and exploit a single bug. fails to cast a vote in a particular race and disallows mul- We recently conducted a project to demonstrate that tiple votes in the same race. DREs also make it possible electronic voting software is not immune from these secu- to accommodate people with different disabilities, help- rity concerns. Here, we describe Hack-a-Vote, a simplified ing them vote without human assistance. Unfortu- DRE voting system that we initially developed to demon- nately, recent analyses of one popular vendor’s DRE strate how easy it might be to insert a Trojan horse into a voting system indicated numerous security over- voting system. Having accomplished this, we used Hack-a- sights,1,2 including Vote in an associated course project, in which student teams implemented their own Trojan horses, then searched the • Voters can cast multiple votes without leaving a trace. source code for their classmates’ malicious code. The Hack- • Anyone with access to a voting machine can perform a-Vote project revealed the potential damage individuals administrative actions, including viewing partial results can cause with electronic voting systems, the feasibility of and terminating an election early. finding system weaknesses (deliberate or otherwise), and • Communications between voting terminals and the some solutions to mitigate the damage. Hack-a-Vote and central server are not properly encrypted, making it our course assignment are freely available online at www. possible for a malicious “man in the middle” to alter cs.rice.edu/~dwallach/courses/comp527_f2003/vote communication content. project.html. 32 PUBLISHED BY THE IEEE COMPUTER SOCIETY I 1540-7993/04/$20.00 © 2004 IEEE I IEEE SECURITY & PRIVACY E-Voting The Hack-a-Vote system Our demonstration voting machine is a relatively simple Java Swing application that weighs in at about 2,000 lines of code. It has a GUI front end for user interaction, a back end for reading-in election configurations and writing- out ballot images, and voting logic that drives the GUI and records votes. Hack-a-Vote first authenticates the user with a simple PIN authentication scheme inspired by Hart Intercivic’s eSlate (www.hartintercivic.com/solutions/eslate.html), which is used for elections in Houston, Texas, among (a) (b) other places. With eSlate, voters first sign in at their local voting precinct. Every group of eSlate voting terminals is Figure 1. The initial Hack-a-Vote screens. (a) The PIN login screen. connected via a wired network to an election manage- Once a voter enters a PIN, the system invalidates it for future use. ment console. The user approaches the console, and an (b) Following authentication, the system displays selection screens election official prints him or her a four-digit PIN; the containing a series of races. user then goes to any available voting terminal and enters this PIN. Once eSlate validates the PIN, the user can vote. Similarly, in the Hack-a-Vote implementation, the server maintains a list of a few valid PINs that are displayed to the election administrator (we didn’t bother to print the PINs, although it would be an easy extension to add). Once a voter uses a PIN, the system invalidates it and ran- domly generates a new one. Figure 1a shows the PIN login screen. Following authentication, users are presented with voting screens containing a series of races (see Figure 1b). Once they’ve cast a vote in every race, they can view and confirm a summary of their votes (see Figure 2a). When (a) (b) the user confirms the selected candidates, the machine cycles back to the PIN entry screen for the next voter. Figure 2. Additional screens. (a) The Hack-a-Vote confirmation Otherwise, the machine returns to the first ballot and lets screen offers a summary after users have voted. (b) The final tally users change their selections. Once the election closes, screen. the system randomly shuffles and tallies all votes and writes them out to disk. The machine then displays the final tally, as Figure 2b shows. asked students to consider the security threats of running In Hack-a-Vote’s original implementation, we added a national lottery.3 a Trojan horse to the code that prepares votes for writing For Hack-a-Vote, we split students in Comp527, a out to disk. By adding a few extra command-line options, graduate-level computer security course, into groups of we made it possible for the user to indicate a candidate or two for a three-part assignment. For the project’s first political party that should receive extra votes. With a con- phase, the groups assumed the role of Hack-a-Vote devel- figurable probability, the system would modify votes for opers who were paid off by a nefarious organization to rig other candidates before writing them to disk and count- an election without getting caught. We placed no require- ing them. In the student version, we removed the cheat- ments on the type of malicious hack, so long as students ing code (about 150 lines in one file). could justify how it could be used to ruin or bias an elec- tion without being detected. Solutions could thus run the The Hack-a-Vote assignment gamut from denial-of-service attacks to arbitrary biases in The Hack-a-Vote project introduces students to some of the final election tally. The groups spent two weeks pep- the many faces of security, from the malicious hacker’s de- pering their voting machines with Trojans horses. sign of subtle system attacks, to the auditing required to In the second phase, each group received modified uncover those attacks, to the higher level challenges of se- voting systems from two other randomly selected groups cure system design. The project also raises policy implica- in their class. They now assumed the role of independent tions for how governments might regulate voting sys- auditors, with one week to find any security-critical flaws tems. The Hack-a-Vote project was inspired in part by in the altered code. In this phase, we prohibited any direct Ross Anderson’s UK lottery experiment, in which he comparison with the original code, requiring students to www.computer.org/security/ I IEEE SECURITY & PRIVACY 33 E-Voting rely solely on their memory of the voting machine and its class’s hashCode() and equals() methods, the group functionality—a requirement enforced by the university’s made it appear to the hash table that two candidates were honor code. (Otherwise, students could easily locate the same if one’s name was a prefix of the other. As a re- changes using the UNIX diff tool, giving them greater sult, one of the candidates would get all of the other can- powers than a genuine auditor might have when studying didate’s votes, and the other candidate would not appear a voting system.) in the tally at all. Such subtle changes, which can signifi- In the final phase, the focus shifted: We gave students cantly influence an election’s outcome, would go unde- two and a half weeks to fix a problem discovered in the tected by most forms of testing. Diebold voting machine’s smartcard authentication pro- tocol.2 Students first had to consider what security threats Broken authentication a voting system faces. They then designed an improved Groups used several techniques to break Hack-a-Vote’s authentication protocol and used Cryptyc, a crypto- authentication scheme. Among the most common were graphic protocol type checker,4 to model and verify the using back doors to vote without a PIN.
Recommended publications
  • Electoral Systems, Direct Recording Electronic Voting Machines
    Abstract This article explores the assemblage of voting: electoral systems, Direct Recording Electronic voting machines (DREs), ballots and ballot booths, and the central role of secrecy. Its aim is to argue that the contemporary political subjectivity of deliberation is intimately tied up with this assem- blage. Based on ethnographic research, this article shows how controversies around DREs can reveal the ways in which the very possibility for delibera- tion is tied to the structure and implementation of these machines. It argues for a new approach to deliberation that includes debate, participation and co-construction of the technical systems whereby we vote, as well as those where we express opinions. Towards an Anthropology of Deliberation Christopher M. Kelty 1 October 2008 1University of California, Los Angeles, Department of Information Studies and the Center for Society and Genetics) introduction A political scientist, a cognitive scientist, and a computer scientist walk into a room. What sounds like the beginning of a bad joke|something about the anxiety of requiring the word \science" in the job title|was actually a class that I participated in, in the Fall of 2006, called \Election Systems, Technologies and Administration" (see Fig 1). The class combined approaches from cognitive science, political science and computer science{but it wasn't necessarily an attempt to combine them into a coherent approach. Rather voting and elections were subjected to an array of approaches, as the course description made clear: \how individuals interact with technology," \how technologies are engineered to be secure and accurate" and \how the social aspects of voting fulfill democratic goals for elections." These approaches covered human factors engineering, human- computer interaction and cognitive models of information processing, com- puter security research, election outcomes analysis, voting behavior and so on.
    [Show full text]
  • Black Box Voting Ballot Tampering in the 21St Century
    This free internet version is available at www.BlackBoxVoting.org Black Box Voting — © 2004 Bev Harris Rights reserved to Talion Publishing/ Black Box Voting ISBN 1-890916-90-0. You can purchase copies of this book at www.Amazon.com. Black Box Voting Ballot Tampering in the 21st Century By Bev Harris Talion Publishing / Black Box Voting This free internet version is available at www.BlackBoxVoting.org Contents © 2004 by Bev Harris ISBN 1-890916-90-0 Jan. 2004 All rights reserved. No part of this book may be reproduced in any form whatsoever except as provided for by U.S. copyright law. For information on this book and the investigation into the voting machine industry, please go to: www.blackboxvoting.org Black Box Voting 330 SW 43rd St PMB K-547 • Renton, WA • 98055 Fax: 425-228-3965 • [email protected] • Tel. 425-228-7131 This free internet version is available at www.BlackBoxVoting.org Black Box Voting © 2004 Bev Harris • ISBN 1-890916-90-0 Dedication First of all, thank you Lord. I dedicate this work to my husband, Sonny, my rock and my mentor, who tolerated being ignored and bored and galled by this thing every day for a year, and without fail, stood fast with affection and support and encouragement. He must be nuts. And to my father, who fought and took a hit in Germany, who lived through Hitler and saw first-hand what can happen when a country gets suckered out of democracy. And to my sweet mother, whose an- cestors hosted a stop on the Underground Railroad, who gets that disapproving look on her face when people don’t do the right thing.
    [Show full text]
  • How Electronic Voting Companies' Proprietary Code Ruins Elections Andrew Massey
    Hastings Communications and Entertainment Law Journal Volume 27 | Number 1 Article 6 1-1-2004 But We Have to Protect Our Source: How Electronic Voting Companies' Proprietary Code Ruins Elections Andrew Massey Follow this and additional works at: https://repository.uchastings.edu/ hastings_comm_ent_law_journal Part of the Communications Law Commons, Entertainment, Arts, and Sports Law Commons, and the Intellectual Property Law Commons Recommended Citation Andrew Massey, But We Have to Protect Our Source: How Electronic Voting Companies' Proprietary Code Ruins Elections, 27 Hastings Comm. & Ent. L.J. 233 (2004). Available at: https://repository.uchastings.edu/hastings_comm_ent_law_journal/vol27/iss1/6 This Note is brought to you for free and open access by the Law Journals at UC Hastings Scholarship Repository. It has been accepted for inclusion in Hastings Communications and Entertainment Law Journal by an authorized editor of UC Hastings Scholarship Repository. For more information, please contact [email protected]. "But we have to protect our source!": How Electronic Voting Companies' Proprietary Code Ruins Elections by ANDREW MASSEY* I. Introduction .................................................................................. 234 II. Voting Systems and Open Source Code .................................... 236 A . V oting System s ............................................................................. 236 B . O pen Source C ode ....................................................................... 238 III. Proprietary
    [Show full text]
  • Chapter 08-Talion
    Company Information 63 This free internet version is available at www.BlackBoxVoting.org Black Box Voting — © 2004 Bev Harris Rights reserved. ISBN 1-890916-90-0. Paperback version can be purchased at www.Amazon.com 8 Company Information (What you won’t find on the company Web sites) If anything should remain part of the public commons, it is voting. Yet as we have progressed through a series of new voting methods, control of our voting systems, and even our understanding of how they work, has come under new ownership. “It’s a shell game, with money, companies and corporate brands switching in a blur of buy-outs and bogus fronts. It’s a sink- hole, where mobbed-up operators, paid-off public servants, crazed Christian fascists, CIA shadow-jobbers, war-pimping arms dealers — and presidential family members — lie down together in the slime. It’s a hacker’s dream, with pork-funded, half-finished, secretly-programmed computer systems installed without basic security standards by politically-partisan private firms, and pro- tected by law from public scrutiny.” 1 The previous quote, printed in a Russian publication, leads an article which mixes inaccuracies with disturbing truths. Should we assume crooks are in control? Is it a shell game? Whatever it is, it has certainly deviated from community-based counting of votes by the local citizenry. We began buying voting machines in the 1890s, choosing clunky mechanical-lever machines, in part to reduce the shenanigans going This free internet version is available at www.BlackBoxVoting.org 64 Black Box Voting on with manipulating paper-ballot counts.
    [Show full text]
  • Black Box Voting Report
    330 SW 43rd St Suite K PMB-547 Renton WA 98055 425-793-1030 – [email protected] http://www.blackboxvoting.org The Black Box Report SECURITY ALERT: July 4, 2005 Critical Security Issues with Diebold Optical Scan Design Prepared by: Harri Hursti [email protected] Special thanks to Kalle Kaukonen for pre-publication review On behalf of Black Box Voting, Inc. A nonprofit, nonpartisan, 501c(3) consumer protection group for elections Executive Summary The findings of this study indicate that the architecture of the Diebold Precinct-Based Optical Scan 1.94w voting system inherently supports the alteration of its basic functionality, and thus the alteration of the produced results each time an election is prepared. The fundamental design of the Diebold Precinct-Based Optical Scan 1.94w system (AV OS) includes the optical scan machine, with an embedded system containing firmware, and the removable media (memory card), which should contain only the ballot box, the ballot design and the race definitions, but also contains a living thing – an executable program which acts on the vote data. Changing this executable program on the memory card can change the way the optical scan machine functions and the way the votes are reported. The system won’t work without this program on the memory card. Whereas we would expect to see vote data in a sealed, passive environment, this system places votes into an open active environment. With this architecture, every time an election is conducted it is necessary to reinstall part of the functionality into the Optical Scan system via memory card, making it possible to introduce program functions (either authorized or unauthorized), either wholesale or in a targeted manner, with no way to verify that the certified or even standard functionality is maintained from one voting machine to the next.
    [Show full text]
  • Firmware Manipulations on an Optical Scan Voting Terminal
    Taking Total Control of Voting Systems: Firmware Manipulations on an Optical Scan Voting Terminal Seda Davtyan Sotiris Kentros Aggelos Kiayias Laurent Michel Nicolas Nicolaou Alexander Russell Andrew See Narasimha Shashidhar Alexander A. Shvartsman Voting Technology Research Center and Computer Science and Engineering Department University of Connecticut, Storrs, CT 06269, USA fseda,skentros,aggelos,ldm,nicolas,acr,andysee,karpoor,[email protected] ABSTRACT chines by presenting a detailed case study focusing on the The firmware of an electronic voting machine is typically AccuVote Optical Scan Terminal (AV-OS) that is widely treated as a \trusted" component of the system. Conse- used in the US elections. Our investigation demonstrates quently, it is misconstrued to be vulnerable only to an insider the possibility of an array of firmware manipulation attacks attack by someone with an in-depth knowledge of the sys- against the AV-OS that are characterized by their low cost tem and access to the source code. This case study focuses (<$300) and the fact that they were developed without on the Diebold/Premier AccuVote Optical Scan voting ter- any access to hardware specifications or the source code of minal (AV-OS) that is widely used in the USA elections. We any software running in this system. By virtue of being a present three low level manipulations of the above voting ter- firmware modification, our attacks are totally immune to minal's firmware resulting in divergence from its prescribed cryptographic integrity checks or any other type of auditing operation: (i) the first bestows the terminal with a powerful procedure (aside from an auditing procedure that inspects memory card dumping functionality, (ii) the second enables the firmware itself, which is a type of audit whose impor- the terminal to leak the ballot details through its serial port tance is strongly underscored by our work).
    [Show full text]
  • Security Evaluation of ES&S Voting Machines and Election
    Security Evaluation of ES&S Voting Machines and Election Management System Adam Aviv Pavol Cernˇ y´ Sandy Clark Eric Cronin Gaurav Shah Micah Sherr Matt Blaze faviv,cernyp,saender,ecronin,gauravsh,msherr,[email protected] Department of Computer and Information Science University of Pennsylvania Abstract EVEREST was the first major study of ES&S voting sys- tems, despite the system’s popularity (ES&S claims to be This paper summarizes a security analysis of the DRE the world’s largest e-voting systems vendor [1], support- and optical scan voting systems manufactured by Election ing more than 67 million voter registrations with 97,000 Systems and Software (ES&S), as used in Ohio (and many touchscreen voting machines installed in 20 states and other jurisdictions inside and outside the US). We found 30,000 optical ballot readers present in 43 states [4]), and numerous exploitable vulnerabilities in nearly every com- only the second comprehensive study that examined all ponent of the ES&S system. These vulnerabilities enable components – from backend registration systems to fron- attacks that could alter or forge precinct results, install tend ballot casting – of any electronic voting system. In a corrupt firmware, and erase audit records. Our analysis ten week period, our seven-member team was tasked with focused on architectural issues in which the interactions analyzing the nearly 670,000 lines of source code that between various software and hardware modules leads to comprise the ES&S system, encompassing twelve pro- systemic vulnerabilities that do not appear to be easily gramming languages and five hardware platforms1.
    [Show full text]
  • Voting System Failures: a Database Solution
    B R E N N A N CENTER FOR JUSTICE voting system failures: a database solution Lawrence Norden Brennan Center for Justice at New York University School of Law about the brennan center for justice The Brennan Center for Justice at New York University School of Law is a non-partisan public policy and law institute that focuses on fundamental issues of democracy and justice. Our work ranges from voting rights to campaign finance reform, from racial justice in criminal law to presidential power in the fight against terrorism. A singular institution – part think tank, part public interest law firm, part advocacy group – the Brennan Center combines scholarship, legislative and legal advocacy, and communication to win meaningful, measurable change in the public sector. about the brennan center’s voting rights and elections project The Brennan Center promotes policies that protect rights, equal electoral access, and increased political participation on the national, state and local levels. The Voting Rights and Elections Project works to expend the franchise, to make it as simple as possible for every eligible American to vote, and to ensure that every vote cast is accurately recorded and counted. The Center’s staff provides top-flight legal and policy assistance on a broad range of election administration issues, including voter registration systems, voting technology, voter identification, statewide voter registration list maintenance, and provisional ballots. The Help America Vote Act in 2002 required states to replace antiquated voting machines with new electronic voting systems, but jurisdictions had little guidance on how to evaluate new voting technology. The Center convened four panels of experts, who conducted the first comprehensive analyses of electronic voting systems.
    [Show full text]
  • SYNOPSIS Black Box Voting Has Filed a Formal Letter of Complaint and Request for Investigation with the United States Dept
    330 SW 43 rd St Suite K – PMB 547 Renton WA 98057 A national 501c(3) nonpartisan nonprofit SYNOPSIS Black Box Voting has filed a formal letter of complaint and request for investigation with the United States Dept. of Justice Office of Antitrust and with the Federal Trade Commission. CONTENTS: 1. THE COMPANIES 2. MONOPOLY MAP 3. HORIZONTAL MONOPOLY: HERFINDAHL INDEX 4. VERTICAL MONOPOLY: a. MONOPOLIZATION AND CONCEALMENT OF ESSENTIAL PROCESSES FROM END TO END b. VERTICAL MONOPOLIZATION THROUGH LOCK-INS FOR SERVICES AND PRODUCTS 5. OUR RESEARCH SHOWS A PAST HISTORY OF ANTICOMPETITIVE BEHAVIOR 6. REGULATORY AND COST OF CERTIFICATION STRUCTURE AFFECTS ANTICOMPETITIVE ENVIRONMENT 7. THE ELECTION ASSISTANCE COMMISSION, THE TECHNICAL GUIDELINES DEVELOPMENT COMMITTEE, AND PROPOSED FEDERAL LEGISLATION 8. REVOLVING DOOR BETWEEN REGULATORS, PUBLIC OFFICIALS AND VENDOR PERSONNEL 9. ACTUAL OWNERSHIP NEEDS TO BE INVESTIGATED AND DISCLOSED 10. HISTORY OF ANTI-COMPETITIVE PRACTICES: EXAMPLES 12. HISTORY OF THE EFFECT OF LACK OF COMPETITION: LOW QUALITY, SLOWDOWNS, POTENTIAL SHUTDOWN OF ELECTIONS 13. COMPLAINT THAT THIS ACQUISITION IS A MONOPOLY, SHOULD BE PROHIBITED UNDER THE CLAYTON ACT, TITLE 15 U.S.C. § 1-27 et. al. APPENDIX A: PARTIAL UNRAVELING OF OWNERSHIP TRAIL ON ES&S This research is the culmination of seven years of work by Bev Harris and the Black Box Voting team. We also collaborated with Florida Fair Elections Coalition, a former DoJ investigator, voting rights scholar Paul Lehto, the Election Defense Alliance and others in preparing the evidence. The Honorable Eric Holder Attorney General United States Department of Justice 950 Pennsylvania Avenue Washington D.C. 20530 Letter of Complaint - Request for Investigation Re: Federal antitrust concerns Asserted under the Clayton Act, Title 15 U.S.C.
    [Show full text]
  • Black Box Voting Report
    330 SW 43rd St Suite K PMB-547 Renton WA 98055 425-793-1030 – [email protected] http://www.blackboxvoting.org The Black Box Report SECURITY ALERT: July 4, 2005 Critical Security Issues with Diebold Optical Scan Design Prepared by: Harri Hursti [email protected] Special thanks to Kalle Kaukonen for pre-publication review On behalf of Black Box Voting, Inc. A nonprofit, nonpartisan, 501c(3) consumer protection group for elections Executive Summary The findings of this study indicate that the architecture of the Diebold Precinct-Based Optical Scan 1.94w voting system inherently supports the alteration of its basic functionality, and thus the alteration of the produced results each time an election is prepared. The fundamental design of the Diebold Precinct-Based Optical Scan 1.94w system (AV OS) includes the optical scan machine, with an embedded system containing firmware, and the removable media (memory card), which should contain only the ballot box, the ballot design and the race definitions, but also contains a living thing – an executable program which acts on the vote data. Changing this executable program on the memory card can change the way the optical scan machine functions and the way the votes are reported. The system won’t work without this program on the memory card. Whereas we would expect to see vote data in a sealed, passive environment, this system places votes into an open active environment. With this architecture, every time an election is conducted it is necessary to reinstall part of the functionality into the Optical Scan system via memory card, making it possible to introduce program functions (either authorized or unauthorized), either wholesale or in a targeted manner, with no way to verify that the certified or even standard functionality is maintained from one voting machine to the next.
    [Show full text]
  • Appendix a I Appendix A: Compendium Of
    Appendix A i Appendix A: Compendium of problems, continued from Chapter 2 (Footnotes for this section located in “Footnotes: Chapter 2”) September 1986, Dallas, Texas: The number of voters changed on various report printouts, but votes for individual candidates remained the same. The problem was attributed to a computer-programming error. Note the date on this report: Officials have been expressing concerns about computerized vote- counting for nearly two decades. “With paper ballots, I can make the numbers add up ...” said Assistant Texas Attorney General Bob Lemens. “We are running into much tougher problems here.” Texas Attorney General Jim Mattox said the computerized vote-counting clearly has the potential for fraud. “I can’t send a reasonably good programmer to look at this system and determine that it is properly tabulating the ballots,” Mattox said. 72 November 1988, Hillsborough, Broward and Dade counties, Florida: A dropoff was observed in Senate votes from the previous general election, but only in counties that used computerized vote-counting machines. Counties without computerized vote-counting showed a 1 percent dropoff, while counties with computerized voting showed a dropoff of 8 percent. “Something stands out there like a sore thumb,” said Michael Hamby, executive director of the Florida Democratic Party. 73 November 1989, Lima, Ohio: Representatives of Sequoia Pacific, makers of the voting machine software for Lima, failed to appear as requested, and election results were delayed until someone could work out the programming error and recount the votes. Nobody was quite sure how many races were affected, but the mayoral race and the school board races were in question for nearly a week after the election.
    [Show full text]
  • Trust Between the Electorate, the Establishment, and Voting
    85 T h e J o u r n a l o f T e c h n o l o g y S t u d i e s One Man One Vote: Trust between the Electorate, the Establishment, and Voting Technology Laurie Robertson Election Day 2004: A voter arrives in per- token with an official who escorts the voter to son to a polling location, which although a tem- the hallowed machine with allows him to per- porary setup projects an image of impartial form the holy rite of democracy – voting. integrity. Bland signage, temporary tables, vot- Ordained election officials protect the integrity ing machines and other election paraphernalia and sanctity of the machines and space through- turn a school gymnasium or a civic center into a out the day and it is these officials who perform sacred space. Upon entering the polls a voter the all-important, but private ceremony, of the approaches a table where a series of rituals tally and report of the votes. After this official (e.g., appropriate identification, verbal affirma- sanctification, the results are publicly ordained tion of name and residence) verify his or her and once again the “voice of democracy has registration and identity. After the officials per- spoken.” form a mysterious rite with the poll book, the voter is provided with a sacred token, be it a Of course, voting realities are much messier paper polling pass or a DRE smart card, and is than this idealized account promulgated by the admitted to vote. The voter exchanges the sacred electoral establishment.
    [Show full text]