Explore Harvard's Nieman network Nieman Fellowships Nieman Lab Nieman Reports Nieman Storyboard

How much do localities spend on elections?

ASK THIS | February 16, 2006

Estimated costs: $10 per voter (in year 2000); of every dollar 35 cents is for voter registration, 35 cents for equipment and Election Day expenses, and 30 cents for administration.


By Roy G. Saltman
roygsaltman@msn.com

Q. How much do elections cost cities and counties, and what does the breakdown look like?

The analysis of election costs is a difficult process because the information needed is not readily available. The Voting Technology Project (VTP) of the California Institute of Technology (Caltech) and Massachusetts Institute of Technology (MIT) undertook a study of election costs and provided information about what they found in their 2001 report Voting: What Is, What Could Be (pages 48-54).

They stated that “there is no ready answer” to the question of how much elections cost in this country. The reason is that “election expenditures are sufficiently small that they do not make the list of important activities… in the annual report by the [US Bureau of the Census in its Statistical Abstract] about what state and local governments spend on their functions.” The smallest expenditure reported in 2000 was $14 billion for solid waste management.

It was estimated by the VTP that just $1 billion was spent by local governments in 2000 on election-related functions, excluding some large procurements of new equipment. The states themselves spent considerably less. With about 100 million voters in the 2000 general election, the cost was about $10 per voter. The largest percent of that expenditure was for voter registration functions, and that was about 35% of the total. Voter registration is a continuing function, as voters may die, move in, move out, or come of age on any day, although activity peaks in the several weeks before registration closes in anticipation of an election.

Equipment purchases and maintenance, plus Election Day expenditures, were also about 35% of the total, split roughly equally. If additional functions needed to be added to equipment already purchased, such as for printing receipts from equipment originally intended to be paper-free, the additions would probably cost about 10% of the original purchase price.

The remaining 30% of total costs were for general administration. Under the Help America Vote Act (HAVA), passed by Congress in October 2002, an additional $3 billion or so was made available as a one-time incentive payment to be divided among the states for upgrading their equipment and/or information systems.

There has been some analyses (not done by the VTP) comparing costs between the use of paperless direct-recording electronic (DRE) voting systems and ballot-using optical-scan voting systems. These analyses purport to demonstrate that while DRE systems are more expensive initially, in the long-run they are less expensive because the use of paper with optical scan equipment must be paid with each election. However, in the view of this author, the real question is the achievement of public confidence in the system being used. If a slightly more expensive system (including maintenance and reliability considerations) will generate considerably more public confidence without disadvantaging minorities, then that psychic benefit must be included in the cost trade-off. Hopefully, procurement decisions that must satisfy requirements as being “least costly” can accommodate qualitative features that are intangible but otherwise necessary for public acceptance and confidence.

The costs of elections have changed their nature over the past century. Before the adoption of the truly secret (Australian) ballot by the states, one-by-one, beginning with Massachusetts in 1888, parties and their candidates were required to pay for the production of their own ballots and for their distribution by individuals offering them to perspective voters at polling locations. Riotous conditions ensued at polling stations, with voters being offered competitive ballots and with some voters known to support the opposition interfered with or attacked to keep them from voting. With the adoption of the Australian ballot by most states between 1888 and 1896, these costs were assumed by local governments that printed the non-partisan, all-party ballots that were given to each voter by government-paid poll workers at polling stations. Violent situations at polling stations generally ended.

Also at that time (in 1888), the mechanical lever machine was invented and its use slowly diffused throughout the nation until, in 1964, nearly 2/3 of all voters throughout the nation were using them. As with the Australian ballot, costs were typically assumed by the local governments who wished to have their voters employ them. Typically, machines were adoptable by a local government if permission was given by its state. Thus, in both cases, i.e., use of the secret ballot or lever machines, administrative costs of voting were more completely assumed by local governments. In a small number of states, lever machines were provided by the states themselves.

With paper ballots, new ones needed to be supplied for each election. Counting of ballots was very slow, there were a myriad of possibilities for fraud, and there were disputes about “intent of the voter.” Lever machines could be reused, as they could be re-configured for a new election by maintenance technicians. Although the benefits of the non-ballot machines were that there were no paper ballots that needed to be handed out, voted, collected and counted, warehouses were needed for storage of the devices, transportation of the machines to and from polling stations was required, and a knowledgeable maintenance staff was needed. However, reading the results off the machines’ counters was quick and, without ballots, no controversies about “intent of the voter” could arise.

One advantage of the lever machines was that they became obsolete very slowly. Machines that were produced in the 1920s look very much like machines produced in the 1960s. Thus, capital costs were low and could be amortized over a long period of time. Although all production of the devices ended by 1982, unused machines could be cannibalized for spare parts. In 2004, New York and Connecticut were still using them, despite the availability of HAVA funds for replacements.

With machines of the past few decades, whether they are fully electronic or partly electronic and partly electro-mechanical, obsolescence has come much quicker. The pace of innovation seems to continually accelerate. Government comptrollers and finance committees of legislatures must re-evaluate how such equipment should be financed. For example, while computers acquired in the 1960s were considered capital goods to be paid for over several years, the newer desktop and laptop models may be considered office devices that can be written off in one year. It may be advantageous not to purchase election equipment at all, but to lease it.

No general statement about how states are paying for election equipment can be made. The reason is that we have 51 separate elections for national offices, one in each state and the District of Columbia. Each state manages its own finances in its own way. Following the administrative disaster of the 2000 Presidential election, some states reacquired equipment funding responsibilities from their local governments. Furthermore, HAVA arranges funding directly with the states, not with local governments. Some states use bond issues to pay for new equipment; others may purchase or lease them out of operating funds or have some combination of lease and purchase arrangement.

If new state laws have demanded paper trails or other features not possessed by equipment currently installed, then the issue of how to update or replace the now-obsolete equipment must be faced. When Georgia purchased its statewide DRE system in 2001, no one could have predicted the backlash against such systems. The solution to such a problem, if and when it arises, will have a political component as well as a financial component. The question of what the public wants, as expressed through its state legislature, is often tempered by what it is willing to pay for.

[Editor’s note: On Feb. 24th, 2004, Roy Saltman added the following information:]

I have been informed that a study of election costs in Florida, done by Rosemarie Myerson and Richard Myerson, has shown that costs for direct recording electronic (DRE) systems were greater than costs for optical scan systems, even over the long run, using data from that state. 

This conclusion is different than the conclusion of the studies that I cited, which were from southern California. The different conclusions may be due to factors not specifically identified in either study. I suggest that size of precinct could be a major factor. If the typical size of a precinct is large, in terms of the number of people who vote there, then it would require many more DRE units than the single optical scan reader to assure that there were no waiting lines. (DRE units, as with mechanical lever machines before them, tend to create waiting lines because each voter dominates the machine while using it. Voters filling out optical scan ballots may do that in parallel in separate booths.)

If the number of voters in a precinct is smaller, fewer DRE units would be needed to substitute for an optical scan reader, and the equipment differential would be less. In any event, as I stated in my original text, the issue is public confidence, not a small differential in costs, that should drive the selection decision.



PROBLEM OF ELECTION RIGGING NOT TAKEN SERIOUSLY ENOUGH
Posted by Arlene Montemarano -
02/17/2006, 05:14 PM

On the subject of our election system and what has happened to it in recent years, here is a magnificent article by Cheryl Gerber that shows what we are facing:

Arlene Montemarano
Silver Spring, Maryland
===============

Imagine this: A Trojan Horse unleashes thousands of illegitimate votes and disappears without a trace, election commissioners bypass laws, uninvestigated computer glitches and easily picked locks in voting systems, no federal oversight holding e-voting vendors accountable—yes folks, elections can be stolen.
Since the 2000 Presidential election, problems stemming from the use of electronic voting machines have called into question the foundation of American democracy—the US voting system. At the forefront of concerns are security issues surrounding the use of Direct Recording Electronics [DREs], better known as touch screen computer voting machines, and their lack of a paper trail in the form of an auditable paper ballot. Widely reported irregularities from voting districts around the US have alarmed many and opened claims of stolen elections. Some even doubt the legitimacy of the outcome of recent US elections. A team of top computer scientists has been working diligently to resolve the many underlying design problems in the e-voting system that leave it open to cheating. Stalled by the federal government, and with doubts about e-voting continuing to spread, these scientists have instead turned to state governments and the National Science Foundation for help.

"Maryland, where I live, uses Diebold DREs, which are an ideal opportunity for cheating," said Dr. Avi Rubin, Technical Director, Information Security Institute, Johns Hopkins University. "In fact, you couldn't come up with a better opportunity for cheating. There's no ability to audit or recount, and the entire process takes place inside the computer, which is not transparent."

In May 2004, Rubin co-authored an analysis of electronic voting systems, raising concerns about lack of security, for the Institute of Electrical and Electronics Engineers (IEEE), the world's largest professional organization for technical standards. He also served in 2004 as a poll worker and election judge in Baltimore County, Maryland, where he lives. These and other experiences have only served to raise his concerns about the possibility for cheating via the use of electronic voting machines.

Efforts to Secure E-voting Stalled
Apprehension about the lack of security in Diebold's DREs and other touch screen computer voting machines spurred David Dill, a Stanford University computer science professor, to establish the Verified Voting Foundation in November 2004. According to Dill, when federal legislators tried to create a law that would address e-voting security problems, it was "blocked by a committee chairman, so we focused on state legislation."

Since then, the group has been advising states on e-voting security problems and the need, at a bare minimum, for a verified voting paper audit trail.

Earlier this year, Congressman Rush Holt (D-NJ) submitted a bill, The Voter Confidence and Increased Accessibility Act of 2005 (HR 550), to the House Administration Committee. The bill requires a paper audit trail at the federal level. But Holt has not been able to get the chairman of the committee, Congressman Robert Ney (R-OH), to schedule a hearing on it all year long.

"Congressman Ney will not schedule a hearing on the bill, so it remains in limbo," confirmed Pat Eddington, Holt's press secretary.

Even the bi-partisan federal Carter-Baker Commission Report could not nudge Ney. Set up to review the entire electoral process and co-chaired by former president Jimmy Carter and former Secretary of State James Baker, the report strongly endorses the need for a paper audit trail. (Congressman Ney's office did not return repeated calls.)

In lieu of the refusal of some at the federal level of government to address the issues surrounding the legitimacy of electronic voting procedures and work toward safeguarding American elections, Verified Voting turned to state governments. Since its founding, Verified Voting has helped 26 states establish state legislation that requires a paper audit trail in e-voting machines, and 14 states have requirements pending, according to verifiedvoting.org.

However, paper receipts only begin to address the complexity of electronic voting problems. The most serious concern among computer scientists studying the problems is the "Trojan Horse," a computer code that can be programmed to hide inside voting software, emerge in less than one second to change an election, then destroy itself immediately afterwards, going undetected.

"Anyone who has access to the software—an insider—could easily insert a Trojan Horse into the software," said Barbara Simons, a past president of the Association for Computing Machinery and a retired IBM researcher who is co-authoring a book on the risks of computerized voting. The problem is that the Trojan Horse cannot be detected unless the software is inspected continuously—as in every second—for its presence.

No Oversight of E-voting Legitimacy
Three-voting vendors—Diebold, Election Systems and Software (ESS), and Sequoia—dominate the market. Since e-voting is unprecedented in the history of elections and law tends to lag behind technology development, there is no federal oversight body holding these companies accountable for the security and reliability of their electronic voting systems. Their machines are supposedly tested by independent testing authorities. "But it turns out that the vendors pay the independent testing authorities and the vendors keep the results confidential," said Simons. "So you have a huge conflict of interest right there."

In addition, said Simons, "There is no requirement to make any problems public or even to reveal them to election officials because this information is proprietary for the vendors. Also, the testers are only required to test for things on a list and aren't required to test for things that aren't on the list. If you are going to subvert software, you are not going to do something that will be found by a checklist. So it's easy to insert a Trojan Horse into the software because the testing won't find it. And even if they did find it, there are no requirements to report it." Vendors are the ones who decide what goes on the list and what doesn't.

The privatization of the US voting process means the public lacks access to, or the ability to inspect, election software, as well as information about or even the names of the computer programmers who created it. Private companies and e-voting vendors flatly state that their election systems must be kept confidential as exclusive property right products, and therefore refuse to release their software source code for inspection by independent third parties. They claim that to do so would violate their right to copyright secrecy and would open the door to rivals who could steal their products. But some wonder what else vendors might be trying to hide. For instance, according to information reported on www.blackboxvoting.org, ...a non-partisan, nonprofit consumer protection group that is conducting fraud audits on the 2004 elections, Diebold, one of the e-voting vendors, hired ex-felons, who were convicted in Canada of computer fraud, to program election systems software.

"I don't want to malign ex-felons," said Simons, "but you want to know the names of the people who are programming the machines that will be recording and counting our votes." On the other hand, it is not uncommon for major companies to hire, as programmers, former hackers who have proven themselves to be advanced enough to hack into even the most sophisticated and safeguarded systems. In some cases, to successfully gain entry into an ultra-secured system can guarantee a hacker a job.

E-voting machine companies like Diebold are, in essence, funded to the tune of $3.9 billion by a 2002 federal law, entitled the Help America Vote Act (HAVA) which appropriates these funds as only an initial amount to the states to purchase e-voting for all national elections. States are required to phase out punch-card ballots and other systems that seemingly were problematic in the 2002 presidential election in Florida and to standardize on electronic voting systems for national elections by January 1, 2006. The problem is that this does not give the states enough time to deal with the complexity of electronic voting systems. And HAVA does not require e-voting companies to provide the kind of good security in those systems that would prevent chances of cheating.

Concerns about the many anomalies in the November 2004 election and about the gross lack of security in touch screen computer voting machines, spurred Dr. Rubin to apply for funding from the National Science Foundation to research solutions to the problems. In August 2005, the NSF's Cyber Trust program responded by awarding Rubin and his team of computer science researchers $7.5 million to investigate ways to build trustworthy e-voting systems. Rubin is now the director of the NSF project ACCURATE (A Center for Correct, Usable, Reliable, Auditable and Transparent Elections). ACCURATE involves six institutions that will collaborate to investigate how public policy and technology can safeguard e-voting nationwide.

"The NSF recognized that this is a problem of tremendous significance to the country," said Rubin. "It's a deep-rooted, scientific problem."

The funded researchers are Prof. Avi Rubin, Drs. Drew Dean and Peter Neumann of SRI International; Prof. Doug Jones of the University of Iowa; Profs. Dan Wallach and Michael Byrne of Rice University; Profs. Deirdre Mulligan and David Wagner of the University of California at Berkeley; and Profs. Dan Boneh and David Dill at Stanford University, along with numerous affiliates.

However, scientists and academics can only partly address the complexity of e-voting problems, leaving many of the battles to be fought at the state legislative level.

Bypassing the Law
One especially salient example (as recorded on www.verifiedvoting.org), ...shows that in response to numerous and varied voting system malfunctions that occurred in the November 2004 elections, North Carolina passed tougher requirements for election systems in its Public Confidence in Elections Act in early 2005. Under the new law, manufacturers must place in escrow the source code, the blueprint that runs the software, and "all software that is relevant to functionality, setup, configuration, and operation of the voting system" as well as a list of all computer programmers responsible for creating the software.

However, implementation of this law has been stymied by an interesting turn of events fueling the belief of some e-voting critics that Board of Election officials are too partisan for a job that requires objectivity, or who feel that election commissioners have relationships with e-voting vendors that seem far too cozy. The events in North Carolina involve Diebold—the e-voting vendor whose bid was selected by North Carolina's Board of Elections—and the very same Board of Elections.

Diebold responded to the new requirements by asking to be exempt from them, but a North Carolina Superior Court judge refused to grant the exemption. After losing in court, Diebold withdrew from their bid to provide elections systems in November 2005. However, in a surprising turnaround in December 2005, the North Carolina Board of Elections certified Diebold Elections Systems to sell electronic voting equipment in the state, despite Diebold's admissions that it could not comply with the state's election law.

The Board was able to do so because its election commissioners—not judges or computer science experts—are the ones who have the ultimate authority to certify election systems in the state. Instead of rejecting the vendor's applications and issuing a new call for bids that complied with the law, the Board of Elections certified all of the vendors' systems. The Electronic Frontier Foundation (EEF), a nonprofit consumer advocacy group of technologists and lawyers formed in 1990 to protect digital rights in our increasingly networked world, took issue with the North Carolina Board of Elections, which certified the three elections systems companies: Diebold, Election Systems and Software, and Sequoia Voting Systems. Citing the Board's action as an example of election commissioners having too much authority, Keith Long, EFF advisor to the Board, who was formerly employed by both Diebold and Sequoia, stated that none of the vendors meet the statutory requirement to place their system code in escrow.

"The Board of Elections has simply flouted the law," said EFF staff attorney Matt Zimmerman in a release he issued on December 2, 2005. "In August, the state passed new rules that were designed to ensure transparency in the election process and the Board simply decided to take it upon itself to overrule the legislature. The Board's job is to protect voters, not corporations who want to obtain multi-million dollar contracts with the state."

An ESS spokeswoman stated that ESS computer systems are secure, owing to a back-up system. However, as Simons pointed out, that does not address the problem. "If the machine doesn't record the votes correctly to begin with, it does not matter how many copies of that original incorrect recording you have." ESS' spokeswoman countered by assuring that the company's systems are accurate.

How New York Measures Up
New York State amended its Election Reform and Modernization Act of 2005 to include a provision for escrow requirements, which all election systems vendors must comply with in order to have an e-voting system certified in the state. The provision requires programming, source code, and voting machine software to be placed in escrow with the state Board of Elections, and requires the election systems vendors to waive all rights to assert intellectual property or trade secret rights. The amendment also requires that elections systems be tested by independent experts under court supervision.

Putting software source code in escrow provides an opportunity to inspect the code when there are anomalies in the election. It is already difficult to track down malicious code like a Trojan Horse; however, as researcher Simons pointed out, "there's no chance you will find it if you can't look at it."

New York also passed a series of bills, including a voter verified paper trail requirement that is an addition to HAVA, since the federal law does not require it.

But New York's election law omits the requirement to turn over the names of all computer programmers who are responsible for creating the software code. Since programmers are the ones who would be able to create and insert a Trojan Horse code, they are the ones who could ultimately rig a national election. If you don't know who the programmers are, you can't find out who created the problem, or who asked them to do it. Not to mention that a Trojan Horse program is set up to erase evidence of itself once it has done its job.

"Having the software source code doesn't guarantee that you will detect critical software bugs or malicious code," said Simons. "Anyone with access to the election software of a major voting machine vendor can change the outcome of a national election and determine which party will control Congress. Election fraud can now be committed on a national, not just a local, basis."

Yes Folks, the Election Can Be Stolen
With the old lever machine method of voting, election fraud could only be committed on a local, or possibly a regional basis without high risk of getting caught. But now it would take only one well-placed programmer creating malicious code to rig a national election. "How do you know what software is running on Election Day?" asked Simons. "You could easily add a last-minute software patch to do something on Election Day, [and that would] then immediately erase itself."

Software bugs can also be programmed undetected. "Buggy software is an important problem in computer security," said Stanford University's Dill. "A huge number of problems we have are due to computer software buffer overflows, which overwrite computer functions to get control of the machine." Computer buffer overflows are a standard way for Trojan Horses to take control of a computer and make changes to it, while leaving no evidence behind.

The GAO report concluded that national initiatives to improve voting systems lack plans for implementation or are not expected to be completed until after the 2006 election, stating: "Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, operated, or managed in accordance with rigorous security and reliability standards."
Reiterating the reality that there is no such thing as software without bugs, Dill explains, "Eliminating bugs from programs has been an unsolved problem since computers were invented. The problem grows harder every year, as the systems get more complicated. Anyone who says they can generate large software without bugs is not telling the truth. We don't know yet how to make computer programs perfectly secure. That is why you always have to have independent reliable ways to check the results. The election can be stolen, nobody can tell, and it's easy to do."

Another opportunity for election fraud is in software patches, which are the routine fixes to software bugs that work the same way a repair patch is put on a flat tire. A programmer can deliver a patch to a bug that is an election rig instead of a fix and, again, it would not be detected unless it was inspected.

"There's a tendency for people to regard computers as the epitome of accuracy," said Dill, highlighting the fact that the lack of security in the source code is fundamentally a human problem. "This is why computer scientists have gotten involved—because they understand the limitations of technology."

Dill and other computer science professionals have been trying to educate people about the current, serious limitations of using computers for voting. "People just don't believe it when we say computer voting machines are insecure since they don't understand how deeply complicated software can be. Because these are computers, you need much more security with them than you do with old-fashioned paper-based systems," he explained.

"The hardest people to convince are those who have signed multi-million dollar contracts to buy e-voting machines before they were made secure," added Dill, alluding to election officials who thought they were buying the latest, greatest technology in the DRE or touch screen machines and therefore later become defensive when computer scientists inform them that their purchase is unreliable and insecure. "They are understandably reluctant to admit that they made a mistake."

And some complain that the January 1, 2006 HAVA standardization requirement, and the vagaries within the law that omit major areas of concern, has set unrealistic goals for election officials and backed them into a corner. Given the complexity of these machines, it can be argued that officials need more time for discovery and resolution to the problems.

"If we find out after the purchase of these machines that they are not secure and Congress is given evidence that they are not secure, will they make a new set of regulations, which will cost X millions of dollars?" asked Lee Daghlian, public information officer of the NYS Board of Elections.

Cozy Relationships and Huge Profits
However, zooming in on the election commission business also reveals a close-knit community. As in the example mentioned earlier in which North Carolina's Board of Elections went ahead and certified Diebold systems despite the Superior Court judge's ruling, many see the close relationships between election commissioners and election systems vendors as overstepping certain ethical boundary lines. Huge profits are to be made by election-system vendors and they court election officials accordingly. "They wine them and dine them," said Dill. "Election officials have known the election systems vendors longer than they've known the computer scientists. And there's a revolving door. A good career path for an election official is to go work for a vendor."

In October 2005, the General Accounting Office (GAO), the nonpartisan independent investigative arm of the federal government, issued an illuminating report that raised a multitude of concerns about electronic voting security and reliability. The report found that cast ballots, ballot definition files in the voting software, memory cards, and computer audit files all could be modified. Election systems had easily picked locks and power switches that were exposed and unprotected.

The GAO report showed that voting-machine vendors have weak security practices, including the failure to conduct background checks on programmers and system developers and a failure to establish clear chain-of-custody procedures for handling voting software. It also found that voting system failures have already occurred during elections, identifying a number of cases in California, for instance, where a county presented voters with an incorrect electronic ballot, which meant they could not vote in certain races. And in Pennsylvania, where a county made a ballot error on an electronic voting system that resulted in the county's undervote percentage—that is when a candidate is given fewer votes that he or she actually won—reaching 80 percent in some precincts. And in North Carolina, where electronic voting machines continued to accept votes after their memories were full, causing more than 4,000 votes to be lost.

And these are only a few examples out of thousands that were reported but not investigated.

In addition, the GAO discovered that standards for electronic voting adopted in 2002 by the Federal Election Commission contain vague and incomplete security provisions for commercial products and inadequate documentation requirements; and that tests currently performed by independent testing authorities and state and local election officials do not adequately assess electronic voting system security and reliability.

The GAO report concluded that national initiatives to improve voting systems lack plans for implementation or are not expected to be completed until after the 2006 election, stating: "Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, operated, or managed in accordance with rigorous security and reliability standards—potentially affecting the reliability of future elections and voter confidence in the accuracy of the vote count."

In response to the release of the GAO report, members of the House Committee on Government Reform issued a statement that highlighted a long list of voting system vulnerabilities, also reported by Dill's Verified Voting Foundation. But the reality behind the GAO laundry list is that electronic election systems are grossly inadequate and that vendors are not being held accountable by election commissioners to provide security in their election systems or, as in the case of the North Carolina Board of Elections, even to comply with the law.

Not to mention, "They have none of the security levels that computer scientists have been asking for," added Simons.

If election systems vendors are not required both by law and by state election commissioners to place their software source code in escrow, then voters will have no way of knowing whether the software contains malicious, election-rigging code or not.

But as the technical director of Johns Hopkins' Information Security Institute, Dr. Avi Rubin believes it is only a matter of time before the vendors are forced by legislators to give it up. "I think they will be forced by law to share their source code. But they will do it kicking and screaming."

Despite the steadfast work of the leading computer science experts and grassroots activists, it seems the problem of election rigging is still not taken seriously enough. That means it is still easy to rig an election via e-voting in the United States, and it will continue to be easy until election fraud is considered a priority.
==





The NiemanWatchdog.org website is no longer being updated. Watchdog stories have a new home in Nieman Reports.