This is a very understandable and legitimate question that must be answered. If there were significant problems with ATM’s we would know about them because banks or consumers would be losing money, it would be reported all over the news, and there would be investigations by regulators. The guilty would be punished, the losses restored, ATMs banned, or fixed. Computer experts need to explain the apparent inconsistency.
Two too simple answers are: We are computer experts, voting machines have unique risks, trust us. We are voting equipment vendors and election officials, we know more about voting computers and running elections than computer experts.
An accurate simple answer is that voting machines are different from ATMs in several ways, especially in their programming, usage, and implementation which are based on the different requirements of voting vs consumer banking.
Note: ATMs look and function similar to Direct Record Electronic voting machines (DREs), however, the discussion that follows applies to all voting computers including optical scan machines.
We cannot follow the votes as we follow the money:
A consumer withdraws $100 from an ATM. The ATM provides $100 and a receipt. At the end of the day the bank must reconcile its books; the ATM service person must account for the cash; the customer gets a statement at the month. If a single machine failed and shorted or enriched many customers it would easily be detected and corrected. It is possible the machine could occasionally short the cash dispensed to the benefit of an unscrupulous servtice person, however, only a very small % of the money can be stolen. The money, the checks and balances prevent significant errors that could bankrupt a bank, improve a bottom line, or enrich a banker.
A voter cannot take a receipt from the polling place (because we have a secret vote and want to prevent votes from being purchased and voters from being intimidated). Even if a paper record or paper ballot is created it most likely will never be recounted in an audit or recount. The voter does not get a statement at home showing their votes and would have no proof but their memory to compare it to or use as evidence. There is no money to be accounted for in double entry bookeeping, only the total votes can be checked and can legitimately total any number less than the total number of voters. Significant errors on a single or several machines may never be detected.
An analogy: One could hardly imagine an ATM that was programmed to give no cash on every 10th withdrawl going unnoticed for even a single day. A voting machine moving the vote of one in 10 voters to another candidate could go undetected unless audited – this would be the ATM the equivalent of giving every 10th customer no money and placint their money in another account.
Programming and testing voting machines is a bigger challenge:
Each election, each race, and each district is programmed differently. In Connecticut we have 769 polling places and 169 towns. In municipal elections we have more than 169 different ballots with a large total number of unique races and questions to be programmed. In state wide elections we other variations based on municipal offices and questions as well as State House, State Senate, and U.S. House districts that vary by districts within towns.
All of these races must be programmed and tested within a short time, with tight deadlines, while primary races are being programmed, and with changes based on those primaries.
ATM’s for a bank generally all run the same programs. Small software and programming changes are thoroughly tested in real-life simulated environments, closely monitored by trained and experienced staff when they are rolled-out to ATMs used by the public. Major software and programming changes are thoroughly tested and usually rolled out to a few ATMs first which are very carefully monitored.
The programming of ATMs has much less variation, more variables, and is done under much less imposed time constraints. The greater the variation in programming of elections, the more opportunity for programming errors, the more opportunity for interaction with existing errors in the system, and the greater the need for testing.
Human nature seems to be biased toward avoiding and overlooking problems, especially those one is responsible for:
This is true of bankers and programmers as well as election officials. This is why corporations use and governments impose strong programming, security, and auditing practices. These include standard programming practices, security practices, separation of responsibility, and several levels and dimensions of auditing. This is why consumers, governments, share holders, and banks demand ATM receipts, account statements, double entry bookkeeping, internal auditing, and stiff banking regulations.
Voting is subject to the same limitations of human nature, without the levels of controls employed in banking. Looking at the recent history of elections in the United States, since 2000, we see little effort by many election officials to investigate problems with elections, even when faced with highly convincing evidence eroding public confidence. The common response is denying problems and withholding evidence. In Ohio 56 of 88 counties criminally destroyed documents from the 2004 election.
Just as significant is the reluctence of courts and election officials to correct problems when the intent of voters clearly reversed by fraud or error. Lets avoid the work of costly and embarrassing recounts and revotes no matter what it costs democracy. And to tout small band-aid steps to reduce some future problems.
Here in Connecticut we have the recent example of 27 voters not noticing that their lever machine had the wrong state representative race – with the good result of appropriate action being taken after the error was noticed by the 28th voter. We also have the example of the bad counter on a lever machine, unnoticed, until after a 4th election malfunction evident in the 1st three from a review of the past election machine totals – followed by an appropriate court order of a full revote of the 4th election. And the cautionary example of a corporations stubborn ongoing reluctance to believe customers over the trusted machine.
Bottom Line:
Voting and voting machines are inherently different than banking and ATMs. There are theoretical, technical, legal, and practical reasons for these differences. They all make computer voting a more difficult and challenging task.
History, ongoing current events , computer science, and human nature all provide solid evidence that computer voting is not safe without effective, enforced procedures and post-election audits sufficient to detect errors, deter fraud, and correct unverifiable results.
