voting (Alexandru Nika/Shutterstock.com)

Iowa caucuses did one thing right: Require paper ballots

The ConversationAs the confusion that was the Iowa caucuses unfolds, there will be a lot of questions about what happened and how to avoid it in the future.

MORE INFO

The Iowa caucuses app had another problem: It could have been hacked

While there is no evidence hackers intercepted or tampered with the results, a security firm consulted by ProPublica found that the app lacks key safeguards. Read more.

Confusion reigned in Iowa caucus -- even before the chaotic results

While Iowans had access to more caucusing locations, confusion about the system kept some from being counted and left advocates for the disability community frustrated with remaining barriers. Read more.

US could learn how to improve election protection from other nations

The problem is of protecting democracy and securing voting machines is global, and would benefit from an internationally coordinated solution among both advanced and emerging democracies. Read more.

But the results, ultimately, will be clear and undisputed because, amid everything they did wrong, the Iowa Democratic Party did one thing right: It required that votes be counted on paper, and then tallied electronically. To those of us who study cybersecurity carefully, that’s crucial.

With that paper trail, the Democrats – and the nation as a whole – will be able to regard this event as a case study in how to recover from a poorly run election. In this case, outside hackers do not appear to responsible – rather, the election was “hacked” by a bad software development and testing process.

Eventually, the party will be able to reassemble the pieces of what happened at caucuses around the state and determine who won. Without the paper trail, there would never be any clarity – just a whole lot of doubt.

Electronics are vulnerable

That may not be the case in the general election later this year. In November 2020, some voters in at least nine states including Texas, New Jersey and Indiana will cast their ballots electronically on systems that do not leave a paper trail of whom they voted for.

Even states that do keep paper trails often use vote-counting machines that are more than a decade old. In some cases, these are the computers that were introduced immediately after the Bush-Gore election in 2000, to correct the problems with balloting that had cast doubt on the actual choices of many Florida voters.

At least some of these systems are vulnerable to hacking, according to Fox News, sometimes by kids as young as 11. No one knows how secure the other machines are, because many vendors have asserted their intellectual property rights to prevent the security of their machines from being examined by independent parties.

If hacked, an electronic voting machine cannot be trusted to count votes accurately. In an election conducted with paper ballots, the ballots themselves can be examined and recounted, as is happening in Iowa right now.

With many electronic voting machines, however, there is no record of the votes cast, other than the digital information contained in the machine itself. The idea of recounting electronically cast votes is meaningless. Any problems with a paperless election would be impossible to fix, calling into public question the integrity of the whole process, and the validity of any results.

The Iowa story also speaks more broadly to the relationship between technology and elections.

First, it is not clear why the Iowa Democratic Party introduced an app at all. Accuracy is more important than speed in elections – it’s better to get the tally right in a day than to get messed-up vote counts in an hour – and more speed almost always means less accuracy.

Second, if technology must be used in elections, it needs to be introduced slowly. The idea of releasing a poorly tested app to users without app-specific training hours before it was to be used for real is the height of hubris – or naivete.

This article was first posted on The Conversation and draws on parts of an article originally published Sept. 1, 2016.

About the Author

Herbert Lin is a senior research scholar for cyber policy and security with the Center for International Security and Cooperation at Stanford University.

Featured

  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.