Main point: Wisconsin's elections officials have been telling themselves a simple story--"The only threat to election results is Internet hacking, so we can keep elections safe just by keeping the voting machines unconnected."
There's an equally simple--but more true--story they could be telling themselves: "We don't have the power to prevent every type of miscount, but we can keep elections safe anyway, just by using the paper ballots and the canvass to detect and correct miscounts, regardless of cause."
In a recent newspaper article, I wrote that election officials should check the accuracy of our computer-tabulated election results as routinely as city treasurers check our computer-tabulated property tax bills.
That proposal is uncontroversial. Every national election expert promotes routine audits. So do other authorities, such as the US Department of Homeland Security. When presented with the idea that election clerks should verify the right winners before they declare election results final, every voter responds with either “Well, duh” or a wide-eyed “You mean they don’t do that now?!?!”
Wisconsin election officials, however, think that all of us are wrong about that. In response to my article, I received the following email from the county clerk in a mid-sized Wisconsin county:
"Good afternoon, Ms. McKim: Please tell me if a piece of Wisconsin certified equipment has ever been hacked, or how one could even attempt to hack said equipment. The equipment used in my county is never connected to the Internet. It's not even connected to our county network. Unless someone has figured out a way to hack through the unit's power cord, our equipment is basically unhackable."
Except for that last word, my correspondent’s few facts are correct. It's the same argument that county clerks have used for years: “You cannot prove we've been hacked, and we don’t need to check because we never connect the voting machines to the Internet.”
Let’s review a few additional facts. You won’t need to be an IT security expert or a Russian hacker to see the possibilities...
First, my correspondent and his colleagues know that voters don't want their votes to be miscounted for any reason--not just hacking--and that human error and machine malfunction are probabilities, not risks.
Our elections are run by a lightly trained and lightly supervised temporary workforce. None get more than four days of on-the-job experience every year. Even the election managers—the municipal and county clerks—work only part-time on that task. The 2016 presidential recount—for most election officials, a once-in-a-career opportunity to check their work—revealed that more than 1 in every 170 votes were incorrectly certified in the original canvass—mostly because of human error.
My correspondent and his fellow clerks also know that electronic malfunctions have already miscounted Wisconsin votes. They know voting machines are manufactured to be affordable for local government budgets. Many are old. Among all the businesses and government offices you enter in a year, the polling place is where you are most likely to encounter a 10- or even 20-year-old computer. They know that just last year, the Wisconsin Elections Commission had to decertify one model of voting machine because it was so unreliable it failed to detect up to 30% of the valid votes in individual precincts--in an actual election, not a test.
And when it comes to tampering, they know that many insiders have both means and opportunity—even without an Internet connection. Private companies manufacture Wisconsin’s vote-counting computers, and independent service companies maintain them. Those companies do not allow anyone to inspect the software, updates, and patches they install.
And no one has the ability to enforce good security practices. No state or federal official oversees either the local officials' or the companies’ internal security. If the computers used by the private companies to update the voting-counting software had poor security, no one but the companies and hackers would know.
Between elections, the voting machines themselves reside in storage rooms all around the county. They are also off limits to inspection. I once asked another county clerk if he had ever inspected them for unauthorized wireless communications chips—something professionals warn about. That clerk told me that such an inspection would void the machines’ warranty. (Update: See the first comment below. The day after I wrote this blog post, the New York Times reported that county clerks in Pennsylvania--who DID have their elections technology independently inspected--discovered that ES&S technicians had installed unauthorized remote communications capacity.)
My correspondent knows all that. And yet he proclaims, on faith, that the vote-counting software exists in a state of virginal purity as each Election Day dawns.
I don’t believe this county clerk is stupid. I’d bet my mortgage he would know better than to patronize a bank where managers employ only temporary staff; rely on antiquated equipment; refuse to audit unless a customer pays the cost of a full recount; and proclaim the ATMs are always accurate merely because they are not connected directly to the Internet.
And aside from his resistance to rigorous auditing, I see no signs he is corrupt. So what is he thinking?
Like most other normal human beings, he might not be thinking anything.
Walter Fisher, of the Annenberg School for Communication, has studied the question: Why does thinking explain so little of our behavior? He concluded we are guided more by narratives—stories we tell ourselves—than by logical reasoning.
The human brain is a marvelous organ, but continuously encounters more twists and turns than it can process with its reasoning faculties.
So it invents stories. Some are true, some are false. But all are oversimplified because that’s their function—to help our brains make simple sense of complexity, to help us feel we’re in control.
My correspondent’s story fits that description: “Only one thing can produce incorrect vote totals: Internet hacking. So if we just keep voting machines offline on Election Day, our elections will be safe from hackers.”
Human error, malfunction, and insider corruption would complicate this narrative, so they are excluded. Not mentioned. Not seen.
County clerks have reason to embrace that narrative. Election administration is only one of their jobs, and they have only a few staff. The workforce on which they depend consists mainly of people who are hired by and report to someone else: municipal clerks; temps hired by the municipal clerks; and county canvassers sent by the two major political parties.
The county clerks’ own education and experience tends to be clerical or political, not managerial or technological. And because the State Constitution assigns certain duties only to them—no one else—they’re on their own. They are elected officials without a manager who can train and coach them, or share the blame when something goes wrong.
Sensible voters need to help our election managers switch to a new narrative. It needs to be simple. It needs to be clear.
It needs to give them courage to face up to their responsibilities as prudent managers of elections technology. I propose this one: