A better ballot?

When voters head to the polls Tuesday, those using punch-card ballots - notorious for their role in the 2000 presidential election recount - may do so with a lingering unease that their votes could go uncounted. Others will enter sleek new electronic voting booths bought at great price by a patchwork of states and counties trying to guard against butterfly ballots and hanging chads.

But a growing number of computer scientists are now warning that the new technology, far from solving America's voting problems, may actually make things worse. Electronic ballots can be miscounted too, they say - or the machines that tally them tampered with and traces of sabotage erased.

"If you look at the consequences for democracy, it's terrifying," says David Dill, a Stanford University computer-science professor who has led the charge to raise awareness about the machines' potential security flaws. "If we had a way to make [computerized voting] safe, believe me, we would. There's no way to run a reliable election without a verifiable paper trail - that's what these machines don't have."

Others, including makers of the electronic systems and politicians who tout them, argue that democracy always has been a messy process and that no technology is foolproof. As long as there's been a vote, they say, there have been ballots destroyed, misread, and counterfeited; machines worn out or sabotaged; officials bribed; voters bullied or denied their rights. Some disabled citizens have been unable to vote privately, illiterates have been unable to vote knowingly, and voters with limited English have not understood how to cast ballots that count. Electronic voting is the latest in a long line of imperfect solutions, its proponents say, but it's the best option there is.

Voting was a matter of assessing shouts and shows of hands back in Colonial days. In the 1770s, these unverifiable counts were replaced by ballots written longhand, which left a paper trail but took a long time to tally. In 1892, self-tallying lever machines sped up the process, but again left no paper record. When punch-card ballots hit the scene in the 1960s, jurisdictions began to replace the old lever machines. But the punch-card system had its own weaknesses. Even before the 2000 Florida fiasco, some states had switched to the mark-sense or optical-scan ballots, which are much like fill-in-the-bubble standardized tests.

After the recount debacle, officials scrambled to ensure that no future chads would be left hanging. Congress passed the Help America Vote Act of 2002 (HAVA), but has so far supplied only $664.5 million to fund it. So solutions have come in fits and starts, with counties adopting a hodgepodge of systems (see map). Last November, Georgia became the first state to install touch-screen machines at all its polling stations, under a $54 million contract with Diebold Election Systems, a supplier of Direct Recording Electronic voting systems (DREs).

Many Georgia voters were impressed. Kim Hullett, who used a new model in Fayette County's latest election, says the machines - which work much like automatic teller machines - were easy to understand, kept lines moving, and meant she and her husband could track election results on the Web as they heard about them on the TV news.

But Professor Dill, at Stanford, had doubts. A concerned activist had sent him a copy of the Diebold system's source code - the road map to its computer voting software - which the company had been storing on a publicly accessible server. Diebold says this code was partial and outdated. Dill gave the code to a team of computer security experts led by Avi Rubin, technical director of the Information Security Institute at Johns Hopkins University.

The team's report, released in July, marked the first time any company's voting-system software has been publicly evaluated by an academic team. Over 24 pages, it details what Dr. Rubin describes as system-security flaws the average teenager today would be computer-savvy enough to exploit.

1 | 2

Next