What if I told you that it would take only one person—one highly motivated, but only moderately skilled bad apple, with either authorized or unauthorized access to the right company's internal computer network—to steal a statewide election? You might think I was crazy, or alarmist, or just talking about something that's only a remote, highly theoretical possibility. You also probably would think I was being really over-the-top if I told you that, without sweeping and very costly changes to the American electoral process, this scenario is almost certain to play out at some point in the future in some county or state in America, and that after it happens not only will we not have a clue as to what has taken place, but if we do get suspicious there will be no way to prove anything. You certainly wouldn't want to believe me, and I don't blame you.
Over the course of almost eight years of reporting for Ars Technica, I've followed the merging of the areas of election security and information security, a merging that was accelerated much too rapidly in the wake of the 2000 presidential election. In all this time, I've yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are, six years after the Florida recount. So now it's time to hit the panic button: In this article, I'm going to show you how to steal an election.
Regardless of whether any elections ever have been stolen by electronic voting machines or not, it's insane to have a voting system that is this easy to corrupt.
I'm all for making election officials' and voters lives easier by using touch-screen voting machines. The problem is not that you can tap a picture of the candidate who you want to vote for - the problem is that there's no way to tell for sure after the fact whose picture you actually tapped! We have a failure here of the "back office"; in effect, we've refused to put a lock on our ballot-boxes. And that's good for nobody and no party.
Furthermore, the fixes are not difficult. We already know what we have to do in order make successful tampering much, much harder. All we have to do is A) acknowledge that, yes, we have a problem! then B) have the political willpower to smash the bad machines produced so far, and finally C) this time make security, verifiability and tamper-resistance a priority from the very first second we start thinking about how to make voting machines and vote-counting systems. Bruce Schneier and Ron Rivest have both come up with a lot of excellent ideas about how to do this, so we're not shooting in the dark here. We have the roadmap on how to fix this - are we smart enough to follow it?
(See also, http://neon.polkaroo.net/~mhoye/snapshot-pics/Spider_Jerusalem_-_Voting.jpg)