Electronic Reliability
Voting and Finance Technologies
Fault Tolerance and Error Detection Techniques
Novelty Bias: Does Newer Always Mean Better?
Al Gore became the first Presidential candidate since 1888 to win the popular vote but lose the election.
These events damaged public confidence in the US electoral process; officials focused blame on the technology.
A proposed solution to these problems was the installation of modern electronic voting machines. The 2000 presidential election spurred the debate about election and voting reform but did not end it.
In the aftermath of the election, the Help America Vote Act (HAVA) was passed to help states upgrade their election technology in the hopes of preventing similar problems in future elections. But the electronic voting systems that many states purchased to comply with HAVA actually caused problems in the 2004 presidential election.
After 2000, many countries experimented with computerized voting systems, but they were not a perfect solution.
Belgium votes are by party.
In 2003, one individual candidate got more votes than the party list, implying a machine error.
Possible explanations:
An audit found no evidence of fraud or programming mistakes, so…
The Belgian error was most likely caused by an electronic fault – called a soft error or single event upset (SEU) – deep in the system’s circuitry.
Computers are built from tiny semiconductor devices. They are particularly sensitive to
These phenomena constantly create momentary errors in computers. Usually the errors have little consequence and we don’t notice them.
Scientists concluded that a cosmic ray most likely caused the Belgian error.
Candidate Maria received 514 votes. In a computer, this number is split into “bits” which work sort of like an abacus.
Each “bit” is either 0 or 1, but the value of a bit increases with its position.
A bit’s value doubles with each successive position.
In this example, bits are “1” at positions 1 and 9, so we add the corresponding values, 2+512, to get the total 514.
Suppose an error occurs in a single position – position 12 in the figure – then the total value is altered.
In this case, the vote tally is increased by 4,096, for a total of 4,610.
A single nano-scopic glitch can have major consequences for the system.
DRE machines typically use:
A DRE is a computer, so it can have electronic errors like single-event upsets.
Problems specific to DREs:
For heavily used public interfaces, a resistive touch screen is typically used.
It has two transparent sheets separated by a small gap.
A voltage gradient is applied to the top sheet.
A voltage meter is connected to the back sheet.
When the screen is pressed, the sheets touch. The voltage from the top sheet is measured twice at the back sheet to get the horizontal and vertical position.
Measuring the X (horizontal) position:
Measuring the Y (vertical) position:
Alignment: the touch sensor is attached over a screen, but they are separate devices. Software calibration is supposed to compensate for the geometry offset between the layers.
Good calibration
Bad calibration
The electrical offset can also drift over time due to:
Some changes can be fixed by periodic re-calibration.
In the Presidential election of 2004, polling data suggested that John Kerry would likely win, yet George W. Bush was elected by a sizeable margin, more than 3 million votes.
Some activists claimed there were irregularities in DRE voting:
From the study abstract (emphasis added):
an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab.
While there was no specific evidence that malicious hacking occurred in 2004, these findings further undermined trust in DRE machines and fueled conspiracy speculation into the next election.
An estimated 30 percent of the Election Systems & Software ExpressVote XL machines were improperly calibrated by the company, leading to “hypersensitivity” problems in registering some voter choices. In addition, problems with the ballot layout – also blamed on the manufacturer – led to problems electronically tabulating votes the night of the election, Nov. 5.
“I want to make clear that this was human error, and ES&S takes full accountability,” Adam Carbullido, ES&S senior vice president of product development, said during a news conference alongside county Executive Lamont McClure at the county courthouse in Easton.
He apologized to the county administration, which recommended to county council the purchase of 320 of the new machines earlier this year to comply with a state mandate to begin creating a paper-ballot trail of votes. The $2.88 million contract includes hardware, software, maintenance and support and firmware licensing.
Optical scan ballots are widely used in vote-by-mail systems.
Prior to the 2020 election, Utah instituted universal vote-by-mail.
Benefits of Optical Scan Technology:
Drawbacks:
In spite of the drawbacks, mail voting is probably the most secure and reliable approach available.
Since 2000, election challenges have become routine.
The dubious field of “election forensics” emerged.
Conspiracy theories reached an apex in 2020 (we hope).
Voting machine errors have always been present, but now…
So many bug reports would be great, except that people see them as evidence of coordinated wrongdoing.
Conspiracy theories have targeted every type of voting process.
This blog post promotes the Dominion conspiracy theory (it has nothing to do with Utah):
A classic problem in game theory called The Prisoner’s Dilemma:
Usually someone confesses, gets a personal reward at the expense of all the others.
For an example, see the January 6 Hearings where much of Trump’s own administration testified against him.
Conspiracies do occur, but they are unlikely to stay secret.
Election conspiracies creeped out of the fringes after 2000, partly because of surprise election results.
Back in 1996…
In 2000, cell phones had become commonplace. By 2004, land lines were vanishing. By 2008, smart phones were on the market.
When election results deviate from poll predictions, people are surprised, and they spin conspiracy theories.
There’s a lot of commonality
Bank errors do happen.
What do banks do differently?
Tandem Computers, Inc. was the dominant manufacturer of fault-tolerant computer systems for ATM networks, banks, stock exchanges, telephone switching centers, and other similar commercial transaction processing applications requiring maximum uptime and zero data loss….
…Tandem’s NonStop systems use a number of independent identical processors and redundant storage devices and controllers to provide automatic high-speed “failover” in the case of a hardware or software failure. To contain the scope of failures and of corrupted data, these multi-computer systems have no shared central components, not even main memory.
The NonStop system advertises “100% Fault Tolerance”.
There are many approaches to fault tolerant design. Here are some (that may or may not be in the NonStop system):
Suppose we want to protect a number with several digits, like 37269.
As a checksum function, we can repeatedly add together the digits like so, always adding digits until we reduce the sum to a single digit:
3 + 7 2 + 6 + 9
= 10 + 8 + 9
= 18 + 9
= 1 + 8 + 9
= 9 + 9
= 18
= 1 + 8
--------------------------
= 9
Now append the result to our number, so it becomes 37269,9.
Now if any single digit is altered, a recalculation of the checksum will not match up.
The easiest way to visualize an error correcting code is with the English language.
Say we have a word, like “neighbor”.
I change one letter: “nejhbor”.
We can tell which letter is wrong. This is because the word “neighbor” has more letters than it needs. The extra letters are redundant, they allow us to detect and correct spelling errors. We could spell it “nbr”, but then a single error would make it unreadable.
In essence, ECC uses “spelling rules” for numerical data so that faults can be corrected.
To represent currency amounts, financial systems often use a modified form of binary called “Binary Coded Decimal”.
This is done for a simple reason:
It turns out there’s no way to write “0.1” in binary!
BCD represents decimal numbers using 4 “bits” for each digit (see the table at right).
So if the number is 42.15, the BCD representation is:
4 2 . 1 5
0100 0010 . 0001 0101
Digit | BCD
-------|------
0 | 0000
1 | 0001
2 | 0010
3 | 0011
4 | 0100
5 | 0101
6 | 0110
7 | 0111
8 | 1000
9 | 1001
The “Common Business Oriented Language” (COBOL) is a unique programming language.
Comparing voting systems with financial systems, we see two trajectories:
There is no right answer or best practice, there are hard tradeoffs and value judgements in every part of this problem.
Electronic systems fail all the time. They are not politically motivated. We should not blindly trust our computers, but we should try and give the benefit of the doubt to our human neighbors, institutions, election officials and volunteers.
Social Media and “Information Bubbles”
Today, people arrange their informational lives around their prior beliefs.
It can seem that their personal opinions represent the majority.
When reality doesn’t match, it can be hard to process.
A Utah County candidate speculated about fraud in last month’s primary: