Simply put
- Former voting machine auditors assert that the US election system lacks fundamental cryptographic safeguards to identify vote tampering or duplication.
- One suggestion is to incorporate end-to-end encryption methods without blockchain to enhance future election security and rebuild public confidence.
- According to a software engineer who uncovered these issues in 2006, vendors are reluctant to act without legal mandates or updated election regulations.
Back in 2006, software engineer Michal Pospieszalski found a significant flaw in US voting machines.
Working for the Institute of Election Science as the Chief Technology Officer, Pospieszalski traveled to the headquarters of Election Systems & Software (ES&S) in Omaha, Nebraska, to evaluate their Ivotronic voting system.
During a week-long analysis, he identified various problems including “poor coding practices, backdoors, and static passwords.”
“The biggest absence was proof of end-to-end encryption,” Pospieszalski mentioned in an interview. “Even comprehensive external security can’t confirm whether a machine is functioning legally, or if it’s counting a vote multiple times—10 or even 1,000 times.”
What’s missing from today’s voting machines
The CEO of Matterfi, a blockchain security and identity software company, pointed out that the vulnerabilities are not just theoretical; they can be exploited by anyone with access to voting machines and registration systems.
“You could, hypothetically, run the same vote ten times, and today, that would still count as ten votes,” he explained. “The scanners and tabulators wouldn’t differentiate it, treating it simply as 10 votes.”
Pospieszalski added that the separation of voters’ record systems can often lead to confusion without referring back to the original paper ballots.
“There’s a lack of anonymous serialization for each vote, which means the system can’t confirm that every serialized vote is counted just once,” he said.
He proposed a solution based on encryption tech developed in the 1980s, utilizing software instead of hardware. David Chaum, a cryptographer known for his work on digital cash, also introduced blind signatures allowing verification of transactions without disclosing their details.
Chaum’s contributions laid the groundwork for both secure electronic voting and modern cryptocurrencies. “Essentially, what you need is just the final machine—the central tabulator—to recognize votes, where each vote has a unique serial number tied to it,” he explained. “This wouldn’t identify the voter but would designate it as a unique vote.”
“It’s a little disconcerting seeing people fooled by the process,” he added. “Especially when it’s witnessed by a group.”
Pospieszalski’s framework suggests three verification methods: paper ballots, traditional digital tallying, and a third encryption layer.
“If you’ve got 100 digital counts when you should only have 90 cryptographic counts, you’ve uncovered some injected votes,” he stated.
Lessons from Antrim County
In 2020, he conducted a forensic review in Antrim County, Michigan, where results showed a discrepancy in votes, flipping from 2,000 for Biden to another 2,000 for Trump. “The real issue was a misunderstanding within the vote definition, leading to an erroneous interpretation,” he recalled.
Once they reran the vote with a clearer definition, everything seemed to fall into place. However, Pospieszalski emphasized that the situation caused public skepticism despite the factual nature of the error.
“There weren’t any serious external threats, but people wanted clarity, especially since media coverage stirred emotions on both sides,” he observed.
While he found no signs of remote hacking, he noted signs of potential manipulation during his examination. “Seeing 100 votes all filled the same way among 42 choices raises some flags,” he commented.
When asked why cryptographic serialization hasn’t been embraced, he suggested that it would necessitate substantial changes that companies are resistant to accept. “They keep proposing these overly complicated plans… for voting machine manufacturers, it just doesn’t make sense,” he remarked.
Some technologies aim to bolster election integrity; notably, New York State Sen. Clyde Vannell proposed legislation utilizing blockchain for securing voter data. Yet, Pospieszalski contends that the fundamental problems don’t require such an intricate solution.
“The main goal is very straightforward: accurately count votes,” he added. “There’s no need for unnecessary complications. Many push for blockchain just because it’s a buzzword, but it’s quite excessive for what’s needed.”
In comparison, Pospieszalski believes his method can be implemented on existing machines. “I’m suggesting a straightforward upgrade, collaborating with Dominion or ES&S,” he stated.
Regarding how to see adoption, he indicated it would likely require legislative action or mandates from election authorities.
“Voting machine manufacturers and their county clients will need substantial impetus to drive change,” he explained. “If laws dictate that by 2028 or 2032 we must integrate end-to-end cryptographic proofs, we will be set to go.”
He believes that the advantages will become increasingly visible in future elections, particularly in tight races where trust is essential.
