`Scalable' Ballot Fraud:
Why One Tech Maven
Fears Computer Voting
By Thomas E. Weber
The Wall Street Journal
(Copyright (c) 2001, Dow Jones & Company, Inc.)
PRINCETON, N.J. -- Rebecca Mercuri loves computers. But when it comes to counting votes in an election, she favors plain old paper. Computers, she says, just can't be trusted with our democracy.
"I fear for what's happening," says Ms. Mercuri, a 46-year-old authority on voting systems whose expertise is suddenly in great demand. Ms. Mercuri is no Luddite. She has programmed for decades and teaches computer science at Bryn Mawr College. Nonetheless, she says, "the idea of running an election on the Internet is totally horrifying."
With Florida post-mortems in full swing and a scant 20 months to go until the next major U.S. election, pressure to mend broken ballot systems is mounting. It seems only natural to sweep away clunky levers and the now-notorious chads and replace them with gleaming computer screens. But Ms. Mercuri and other respected scientists caution against that.
Their warnings are important for the voting-system debate. But they are also remarkable for the way they challenge stereotypes about technology mavens. In our offices, schools and even our homes, it often seems that computer people are forever trying to drag the rest of us along with them into the wired future. Here, though, some of technology's best minds are telling us to slow down.
ELEVEN DAYS before Americans went to the polls last fall, Ms. Mercuri was ensconced in the University of Pennsylvania's Moore Building, five floors above the historic ENIAC computer. She was defending her doctoral dissertation, "Electronic Vote Tabulation Checks & Balances," in which she argues that fully electronic ballot systems can't sufficiently guard against mistakes or tampering.
Ms. Mercuri delves into such esoterica as non-deterministic polynomial time functions to prove her case. Complicated math aside, the crux of her argument is this: Completely computerized voting systems can give us accountable ballots or anonymous ballots, but not both. Any system that can be audited to assure that votes were captured and counted correctly will jeopardize the privacy of the ballot. Measures that protect voter anonymity make it difficult to verify an election's accuracy.
Consider the ever-growing complexity of computer systems. It isn't enough to inspect software for hiccups that might miscount votes (or, worse, trapdoors that might give a villain the means to fix an election). What about the operating system used to run the software? The compiler used to turn the raw computer code into a finished program? Even computer chips themselves could harbor a time bomb in their built-in microcode.
Other voting methods aren't flawless. Lever machines can be pried open, and paper-ballot boxes can be stuffed. But tampering with them on a nationwide scale would be a formidable task. Programmers like to talk about making systems scalable, or easy to extend. Scalability can help a Web store serving thousands of customers eventually cater to millions. But a computer bug in the wrong place could undermine a national election.
As for anonymity, voting-systems companies usually turn to crack-proof codes to ensure that information remains private. But no matter how good the encryption, you still need to worry about how the information could be altered or misread before and after it is encoded.
A PHILADELPHIA NATIVE, Ms. Mercuri grew up around computer technology thanks to her father, a science teacher. She's also a trained classical guitarist and has long been active in local politics. She has served as a Democratic committeewoman in Pennsylvania, and more recently in central New Jersey where she now resides. (Despite her party affiliation, Ms. Mercuri has advised Republicans, too.)
In 1989 her interests in technology and activism merged when Bucks County, Pa., considered buying electronic voting devices. She plunged into the arcane world of ballot technology, became hooked and eventually turned to it as her dissertation topic. Following her defense in October, she's working on some final tweaks and hopes to publish the work. Peter Neumann, a respected expert on computer risks who served as Ms. Mercuri's outside adviser, believes it should be required reading. "It's really remarkable," he says.
So what does she suggest? Electronic voting systems are fine, she says -- as long as they produce a paper record that can serve as the true ballot. Voters could enter their choices on a computer, which could then print out a slip of paper. The voter would then inspect the paper record to make sure it was accurate and put it in the counting box.
The computer systems could then be used for the instant results demanded by impatient Americans. But the paper would remain as a permanent record, always available for a recount. "Paper is somehow seen as old technology," Ms. Mercuri says. "But the great thing about it is that it's tangible." You can't, she adds, audit an electron. Read more about her research on her Web site, www.seas.upenn.edu/mercuri/index.html.
I asked Ms. Mercuri who she thought would have won the presidential election if every Florida ballot had been counted accurately. Her answer was mind-bending. "My gut feeling is it was too close to call," she says. Despite our democratic belief that every vote counts, she explains, all ballot systems have a margin of error. She thinks the Florida vote was so narrow it fell within that margin. In other words, she says, we simply can't know.
Join me for a live online chat with Rebecca Mercuri at 2 p.m. EST at WSJ.com/voices or e-mail me at email@example.com.