Why California Secretary of State Debra Bowen Pulled the Plug on E-Voting

Bowen, a long-time IT advocate, saw too many security flaws in touch-screen voting machines.

by / July 29, 2008

Earlier this year, California Secretary of State Debra Bowen received the John F. Kennedy Profile in Courage Award for her decision to sharply limit electronic voting machine use in her state. The award, presented by the John F. Kennedy Library Foundation, recognizes public officials who make tough decisions without regard to personal or professional consequences.

In August 2007, Bowen set strict limits on the use of e-voting technology known as direct-recording electronic (DRE) voting machines, citing troubling security flaws in the systems. The move angered e-voting machine vendors and sent California counties - which had invested $450 million in new voting hardware - scrambling to prepare for the state's Feb. 5, 2008, presidential primary election.

At first glance, Bowen is an unlikely opponent of DREs, which typically allow citizens to vote via touchscreen. Since being elected to the California state Legislature in 1992, Bowen has helped pioneer the use of Web technology to interact with voters and promote government transparency. She was elected secretary of state in 2006.

Bowen talked to Government Technology about her e-voting decision and the future of electronic voting. She also discussed some of the other technology challenges facing California.


GT: How did you arrive at your e-voting decision?

Bowen: When I took office, I commissioned a top-to-bottom review of all our voting systems: paper-based optical scan systems, as well as the e-voting or touchscreen systems. The University of California took the lead, and it involved universities and private-sector people from around the country. I have about 700 pages of documentation that are publicly available on my Web site, and I had another private security report that was released only to me and the people involved because it has secrecy issues. It was really clear that there was no way we could guarantee existing equipment in the field had not already been compromised, and that we could not prevent compromises from affecting future elections. It was also clear that there was no [method] people felt was trustworthy to audit something where the vote was stored electronically. So we simply went to an older, tested technology that we've had billions of pages of experience with: the optical scan system.

GT: What's the status of e-voting for the November general election?

Bowen: The touchscreen machines, which I think are what people think of as e-voting machines, were recertified, but only to allow one per precinct in counties where that was the means of providing access to disabled voters, and for early voting with a 100 percent count against the paper trail. Counties that were using exclusively electronic voting machines have switched back to optical scan. Every county in California has optical scan capability because 41 percent of our voters in the last election voted by mail. The only way you can handle a vote-by-mail election of that size is with high-speed optical scanners. It was critical to make these decisions before the February primary because we didn't want county elections officials or voters having to change voting equipment between the February primary, the June primary and the November general election.

GT: As a California state lawmaker, you had a reputation for understanding and using technology. How did that experience color your approach to the e-voting issue?

Bowen: I found that the more time someone has spent on the inside of the software and computer industry, the more likely they are to express to me their concerns about relying on computers for tallying and recording the vote. People who have been inside know all the things that can go wrong.

GT: Without that experience, you may not have spotted deficiencies in e-voting?

Bowen: There's no question. When I first read the initial reports on security and

electronic voting, I was very disturbed. This was before I ever even thought about running [for secretary of state]. I read them, and I knew that technologically what I was reading was real and that you could hide your tracks pretty readily if you had the ability to tamper with systems. People have focused on voters tampering. The bigger concern is insiders, either in the company that makes the systems or in an election. We don't background test. We don't have any independent means of verifying the software, and that's the reason I have chosen to beef up California's post-election auditing standards. We now have the original record that the voter created, but unless we know when we should go back to that and use it, it's just so much paper sitting in a warehouse.

GT: The current presidential race seems to be capturing more interest from young voters. Are you using technology to engage those voters?

Bowen: The candidates this year are doing a greater job of raising the interest in voting than any secretary of state could do. I do have a Facebook page and have worked to look for new means of engaging younger voters. I have an advisory group - we call them the "edgy group." They're looking at what the future will be, not just of voting, but of engagement and how young people will get information about candidates and how they will get active. Facebook is one way that they do that with the groups and events.

I think the generation that spends all of its time texting each other will likely take on the challenge of finding a more convenient way to vote. It will be a challenge because you have the problem of verifying who's actually voting. In most of the technology that we have right now that allows someone to vote remotely, they're given an access code, which could easily be sold. So that's not a technological problem, but it is an issue. The other problem is suitability because the vote, unlike any other transaction on a normal basis, has to be private. So the minute we sign a voter in, from there on we can't know anything about what it is they have done. That's what makes auditing from a system perspective so challenging.

GT: Ten years ago you said it was unlikely that people would be voting over the Internet. A lot has changed since then, but you still can't foresee the day people will vote on cell phones or online?

Bowen: I can't foresee it, but that doesn't mean it won't happen. Right now the challenges of identifying who is actually voting and making sure there hasn't been a compromise in the system is too great. I think most people think, "I'd love to be able to vote from my home computer." But then they think about all the spam they get, and then they think about their antivirus software and how hard they have to work to keep something nasty from coming in. So I think we're just not there at this point.

GT: Internet voting is happening in some countries. How do they handle it?

Bowen: The number is fairly small. I do know that in Switzerland, which has Internet voting, the vote is not private. So if you aren't voting privately, you eliminate a lot of concerns because you personally can check if your vote is recorded correctly, but so can your neighbor, boss, spouse or grandma. We in this country have valued our ability to walk into the voting booth and not have anyone know how we voted.

GT: Government IT professionals complain that many legislators don't understand technology issues. As a former state lawmaker,

what's your opinion?

Bowen: I'm probably not the right person to ask that question, because I've spent so much time on the inside of the technology questions. The difficulty is that you really need a fair amount of technical background to understand project architecture and the basic kinds of things CIOs deal with. It's not a sexy subject-matter area for a legislator. Your constituents don't say, "I'm so glad you spent all of those hours making sure the Department of Corrections health-care automation system is on track."

GT: What's the biggest technology issue you're dealing with now?

Bowen: In the Secretary of State's Office, we have a lot of basics to do still. Most of the business filing system is still done on paper. I was fairly horrified after I took office to learn that my public access counter consisted of six microfilm readers - there's almost nothing I can provide to people remotely. That will change over the next few years.

We just went through a major challenge with the Uniform Commercial Code [UCC] filing system where we learned again, to our dismay, we had Social Security numbers on about a third of the UCC filings. We had to pull the Web site down and provide access manually for a while. We just completed the redaction; I don't believe we have any Social Security numbers [online]. We probably still have one or two someplace creative, but I think going forward peoples' expectations about privacy and what's on public documents are also changing.

 

Watch related video: Connected Government, Part 3 from the Conference on California's Future.