June 07, 2015 at 10:55pm -- This weekend, the Wisconsin Grassroots Network allowed Wisconsin Election Integrity to use part of its booth at the annual state Democratic Convention. With a colorful pamphlet titled “How to Steal Wisconsin Elections” on one side, and “How to Protect Wisconsin Elections” on the other, I was able to start good conversations with more than 100 people, a large number of them involved in local elections administration in some capacity—mostly as poll workers or board of canvass members.
In general, the Democrats were skeptical whenever I offered the pamphlet with the “How to Steal” side up asking, “Want to know how to hack voting machines? The Republicans know, so you should, too.”
But when I turned the pamphlet over to reveal the “How to Protect” side, they were receptive, confirming my sense that people are tired of being told about problems they cannot solve, while they are ready to welcome constructive information about solutions.
Their reactions, after I’d given them the election-integrity elevator speech, confirmed that politically active people, like everyone else, typically assume our election results are routinely checked for accuracy and are shocked to learn they are not. Like all other sensible digital-age people, they immediately grasp the carelessness of that practice.
During the entire two days I staffed the booth, all but one of the conversations went very well, often ending with the person asking for more literature and promising to talk to their county clerk when they got home.
I ran into only one person who vigorously argued with me, and I hope you’re as disturbed as I was by who it was—or might have been.
After taking the pamphlet with a frown, one man listened to my short speech and flatly told me I was wrong. Voting machines are reliably accurate, he said, and he should know: Before he retired, he tested voting machines for the Wisconsin Government Accountability Board and for the State Elections Board before that.
I realize he could have been misrepresenting himself, but he might not have been. I recognized the GAB staff attitude toward citizen input and the talking points.
As he argued, he revealed either that he was painfully ill-informed about voting machines and IT security, or that he thought I was and could be distracted with misinformation. It was hard to tell.
For example, when I explained that the hacking information in the pamphlet was based on the findings of a national panel of voting-machine security experts, he said something along the lines of “The national experts’ findings are not applicable to Wisconsin. Wisconsin’s voting machines are programmed individually for each county—no hacker could get to all of them.”
I gently laid out the obvious logic for him: “A hack wouldn't need to affect all the machines everywhere. Mathematically, you could change a statewide outcome merely by making one big county already likely to go for your candidate go even more decisively. Pundits will simply say, "Oh, wow. That party did a great get-out-the-vote effort in that county!"
"And besides, the national experts says that the most likely, most dangerous hack would affect the source code, not the set-up for each election. It's the set-up that is done separately for each county--mostly by a few vendors. And the source code is programmed exclusively by the vendors.”
But he doubled down and insisted the source code is programmed individually into each voting machine by the counties.
We had drawn a few witnesses by now, so even though I suspected he knew it, I gave the basic explanation of the difference between programming the voting machine and setting it up for each election. (“When you get a new cell phone, it comes with lots of programming deep inside that neither you nor the salesperson touch as you set the phone up with your phone number and contacts.”)
I reminded him that the source code must be tested by independent laboratories and approved by the federal government and that once it is approved, no one is allowed to make changes. If the voting machines’ source code is being “programmed individually,” as he claimed, someone is breaking the law. The speed with which he gave up that line of argument indicated to me he knew that all along.
He then tried the recount defense—claiming that if anyone suspects election results are wrong, they can demand a recount. Again, not knowing whether he was genuinely naïve or was hoping I was, I explained Wisconsin recount law to him. He finally conceded, “Well, yes, they would have to pay for the recount.”
When I asked, “Would you trust a bank that refused to audit until someone suspected a problem, and even then, demanded that the person who suspected a problem paid for the audit?”, he moved on to his next point. We then danced through a set of well-worn arguments.
He: Local election officials store their machines securely.
Me: Local election officials have no control over the security of the software while it is with ES&S, Dominion, and Command Central, where it is most at risk.
He: But those companies have wonderful, effective security.
Me: Wisconsin election officials have no way to know what sorts of security those companies maintain. We do know they would be in the IT-security consulting business if they could do IT security better than Anthem, eBay, Target, and Sony.
He: There are no miscounts.
He: Well, those should have been caught in pre-election voting machine tests.
Me: Correct, but they were not. That’s why every human language has a word for ‘mistake,’ and why we need routinely to check Election-Day output for accuracy.
He: But it makes no sense to assume the computers are miscounting.
Me: Correct, in the same way that it makes no sense to assume they are counting accurately. And if we decide it's not a good idea to assume, we need to verify. Your municipal treasurer does not assume she’ll find errors when she routinely spot checks the computer-generated property-tax bills before putting them in the mail. But she does it anyway because that’s what prudent managers do.
He: There’s not enough time or money for full recounts.
Me: No one is talking about full recounts. If you’ll stop arguing for a moment, I can tell you about sampling and risk-limiting auditing.
He: But you cannot assume any sample is representative.
Me: Correct. That's why you calculate probability.
Of course, the conversation ended before he accepted the common-sense national consensus on routine verification of voting-machine output—but that was what I expected. You can tell when someone is engaging in sincere let’s-share-what-we-know conversation and when they are simply staking out a defensive position and reflexively contradicting everything you say. He was clearly doing the latter, so I let him leave when he ran out of breath. Who knows—maybe he went to his hotel room that night, gave the matter some sober thought, and moved slightly toward acceptance.
After he left, the handful of people who had been entertained by the exchange asked a few sincere questions and stayed for more information, so it turned out to be a useful exchange even if my antagonist never finds his way to common sense.
He might have been lying about having formerly tested voting machines for GAB, but I’m not lying when I say this sort of reaction is common (though far from universal) among Wisconsin elections officials from the state level on down. I had a very similar encounter with a municipal clerk just about a week before.
There’ s no need to condemn elections officials for this intellectual obstinacy, because psychological denial is a universal human foible. These men and women have likely certified dozens of elections without verifying accuracy, so it must be a real kick in the gut when they first realize how dangerous that is. When you introduce the notion they might have inadvertently certified hacked voting-machine output, I’m sure it feels to them as if you just suggested their spouse might be unfaithful.
In all but extraordinary human beings, that sort of unwelcome news creates an intolerable amount of cognitive dissonance and pretty much shuts down logical processing, at least for a while. None of us can process new information when our brain is fully occupied generating any possible excuse why the information might not be true.
So we need to be patient, to a point. I suggest that point will arrive sometime before November 2016, when we will need to insist on the resolution of our own cognitive dissonance, which comes from being forced to trust our sacred right to self-government to unaudited computer output.