Voting Machine Flaws Persist 17 Years After Discovery

In 2006, software engineer Michal Pospieszalski uncovered significant flaws in U.S. voting machines while working for the Election Science Institute. His analysis of the iVotronic voting system by Election Systems & Software (ES&S) revealed issues such as poor coding practices, backdoors, static passwords, and a lack of end-to-end cryptographic proofs. These vulnerabilities, he argues, still pose a threat to the integrity of American elections today.

Pospieszalski, now the CEO of blockchain security and identity software company, highlighted that the absence of end-to-end cryptographic proofs means that voting machines cannot verify the legitimacy of ballots or detect if a ballot has been counted multiple times. This vulnerability is easily exploitable by anyone with access to the voting machines and voter registration systems, allowing for the same ballot to be counted multiple times without detection.

The separation of ballot and voter record systems often makes reconciliation impossible without referring to original paper records, further complicating the detection of fraud. Pospieszalski proposes a solution that involves software upgrades rather than hardware changes, building on cryptographic techniques developed in the 1980s by David Chaum. Chaum's work on digital cash and blind signatures laid the foundation for secure e-voting and modern cryptocurrencies like Bitcoin.

In Pospieszalski's proposed model, each ballot would have a unique serial number that does not identify the voter but ensures that each ballot is counted only once. This would involve three counts: the paper ballots, the conventional digital tally, and a third cryptographic count. Any discrepancy between the digital count and the cryptographic count would indicate tampering, providing a clear and verifiable way to detect fraud.

Pospieszalski's experience in Antrim County, Michigan, during the 2020 elections further underscored the need for such safeguards. A brief vote-counting error in the county triggered widespread speculation and public suspicion. While the error was technical and not the result of a hostile attack, the optics of the situation highlighted the importance of end-to-end cryptographic proofs in preventing such confusion and restoring public trust.

Despite identifying these vulnerabilities as early as 2006, Pospieszalski notes that vendors have been reluctant to implement changes without legal pressure or updated election laws. He suggests that legislation or mandates from jurisdictions overseeing elections could push for the adoption of end-to-end cryptographic proofs, ensuring clarity and trust in future elections, especially in heated contests where trust is fragile.

Pospieszalski's solution does not require the complexity of blockchain technology, which has been promoted as a solution for secure voting. Instead, his approach works with current machines and can be implemented as a software upgrade, making it a practical and feasible solution for improving election security and trust.