This report identifies the essential security flaw of all commercial BMDs, including the system slated for use in Georgia. The security of a BMD rests on the ability of a voter to verify that choices made on the touchscreen match the printed ballot that is scanned and counted. Verification is nearly impossible for average voters. Unreadable bar codes are one of the barriers, but there are many others ranging from voter fatigue and inattention to fundamental cognitive limitations of human memory. As a result, few voters will notice and promptly report marking errors. Furthermore. even if a voter discovers an error, there is no action that can be taken to correct it. A hacked BMD could cheat undetectably by casting an unverified ballot.
In their haste to spend taxpayer dollars on a risky new system, officials once again are trying to marginalize and ridicule the experts.
The experts mentioned above recommend hand-marked paper ballots, scanned and checked by statistical audits to detect cheating and malfunctions. Hand marking eliminates BMD vulnerabilities and introduces no new ones. Officials claim that hand marking is error-prone, but scientific studies show otherwise. Unlike machine marking, hand marking is not some risky experiment. It is the way most U.S. elections are conducted. No voting method is 100% safe, but hand-marked paper ballots are the safest method known.
Cherry-picking soundbites and obfuscating scientific debate do not serve Georgia’s voters. I urge Secretary Raffensperger to use the judge’s order as an opportunity to abandon expensive, insecure BMDs, except as assistive devices for disabled voters. The court ordered a pilot for hand-marked paper ballots, the most secure and transparent voting method. The Secretary should seize that opportunity so Georgians can join the 70% of all Americans who cast their ballots in a secure and auditable manner by hand-marking their votes on paper ballots.
Richard DeMillo is the Charlotte B. and Roger C. Warren Professor of Computing, former dean of the College of Computing and Director of the Center for Information Security Research at Georgia Tech. He was previously Chief Technology Officer at Hewlett-Packard.