On Election Day, I was privileged to serve as an adviser to NBC News as part of the team from the Open Source Election Technology Institute. We provided election-technology monitoring, problem analysis, and related subject-matter expertise on the air and off air. My role was to serve as a senior election-policy analyst, helping analyze voter-submitted reports of issues on Election Day by leveraging my experience as a cybersecurity staffer in Congress and my training as a Ph.D. cognitive engineer specializing in the design of complex human-technology systems. And issues there were. The OSET Institute logged more than 900 individual reports of voting issues, according to the TrustTheVote Project’s first PollWatch campaign. But the problems weren’t the anticipated cyberattacks.
Voters in several states experienced a chaotic array of vote-casting problems: reports in Ohio that electronic pollbooks mistakenly showed voters as having already voted by absentee ballot; aging touch-screen voting machines in South Carolina “mismarking” ballots—that is, switching voters’ selections to other candidates; and voting tabulators in North Carolina rejecting legitimate but oversize ballots swollen by moisture from the humidity of unseasonably wet weather. Toss in a few trending stories showing how it can be literal child’s play to manipulate voter registration on state election websites, and sprinkle with high-profile candidates claiming their state’s registration information was hacked by the opposing party, and you have a recipe for no one trusting election results.
In their preliminary review of Election Day, officials from the Department of Homeland Security reported vote-casting problems in Alabama, Georgia, Illinois, Indiana, Maine, North Carolina, Texas, and Virginia. But they said they did not detect “an outright hack of voting systems.” Good news, of course. Yet our antiquated election infrastructure remains, on the whole, so unusable that even if voting machines were more secure, voters would still be acutely vulnerable to misinformation. This failure of “usability” means voters aren’t in a position to properly detect irregularities on the front lines, a role that security specialists depend on from their end users.
There is, of course, plenty of reason to worry about the cyber insecurity of our voting systems. In the months before the 2016 election, Russian operatives targeted 39 state voter-registration databases and software systems. As a result, Congress provided an infusion of money—$380 million—for states to update and enhance the security of state and local voting infrastructure. Moreover, President Donald Trump signed an executive order in September authorizing sanctions against those found interfering in U.S. elections.
But are we sure that this year’s voting experience—late polling-place openings, long lines, and malfunctioning machines—are the typical problems voters see in any election anyway, or are the Russians just using new tactics, techniques, and procedures?
And if Russian operatives were not active this Election Day, then what might explain the embarrassment of glitches that seemed to make it substantially more difficult for people to vote?
As it turns out, the focus on “rigged,” “tampered,” and “hacked” elections is incomplete. Instead of the anticipated foreign cyberattacks, what we witnessed on Election Day was an American-made failure of usability. Usability is a technical term for “ease of use” or “user-friendliness” and measures the extent to which users can achieve their goals effectively, efficiently, and with satisfaction. Despite usability’s prominent place in the U.S. Election Assistance Commission’s Voluntary Voting System Guidelines, the experience of too many Americans with electronic voting systems this year failed those tests.
Throughout Election Day, reporters would contact the OSET Institute team with the latest news of rejected or mismarked ballots and ask whether that represented evidence of security issues. Time and again, our election-technology experts would quickly diagnose the root cause and, more often than not, conclude that the problem most likely was not a security issue but a technical one. The OSET Institute team had seen these frustratingly unresolved issues over and over again during the life cycle of these aging machines—this year, elections officials in 41 states reported machines over a decade old. However, to voters now used to far more responsive technology in their smartphones, these usability flaws are becoming increasingly egregious.
Take, for example, the well-known “calibration” issue afflicting touch-screen voting machines, the kind of problem that “horrified” Stephanie Grubert, a voter in Luzerne County, Pennsylvania, when she tried multiple times to carefully select the name of Republican U.S. Senate candidate Lou Barletta but the machine repeatedly highlighted the name of his opponent, Democratic incumbent U.S. Sen. Bob Casey—an instance of “vote flipping.” It turns out the problem was a typical one of miscalibration.
Voting machines can become miscalibrated when they are moved, or jostled, or simply used for long periods without being recalibrated. This is not a new problem; documented calibration issues stretch as far back as the 2006 and 2008 federal elections, and the majority of our voting machines date to the same time frame. Calibration issues were inherent in these first-generation touch-screen voting machines that dominate the election landscape, and designers did not account for the problem at the time. Now, despite worsening usability, with the machines perilously close to the end of their life span, they still have not been replaced, the problems having been seen more as an inconvenience than a serious security issue.
Similarly, the high-profile U.S. Senate race in Texas between Republican incumbent Ted Cruz and Democratic challenger Beto O’Rourke was cast into doubt by poorly designed software, compounded by public suspicion, as voters shared images of machines switching their votes from O’Rourke to Cruz.
In this case, the vote flipping occurred when Texans used the “straight ballot” option to attempt to cast their votes for a single party on the Hart InterCivic eSlate voting machine. According to the Texas secretary of state’s election advisory, if voters used the keyboard while the page was loading their “straight ticket” selection, the Senate candidate they selected would switch to the other party. Some experts attributed vote flipping to a “software bug,” but the Texas Civil Rights Project described it more accurately as an issue caused by the “confusing and antiquated way the voting machine operates—not a conspiracy to change votes.”
And the explanation from the election-machine vendor and election officials who procured these machines? “User error.”
“The same story has happened in multiple elections,” Steven Sockwell, Hart InterCivic’s vice president of marketing, told NBC News. “There was no flipping then, and there’s not any now,” because the issue is due to user error not a design error. The Texas secretary of state’s office backed up Hart InterCivic. “The Hart eSlate machines are not malfunctioning,” the office said to NBC News. “The problems being reported are a result of user error—usually voters hitting a button or using the selection wheel before the screen is finished rendering.”
From a cognitive engineer’s point of view, “user error” and “human error” are excuses that vendors and election officials use when they’ve ignored how people will actually use technology and the technology, unsurprisingly, fails. The real source of “human error” is the voting-machine vendors who fail to conduct rigorous usability testing by actual voters, under various conditions, during the product design and development stages. The fact is that the American electorate is extremely diverse in its usability and accessibility needs due to a host of factors including age, literacy, and disability, and to not account for that diversity is to reject reality.
Moreover, most voters, regardless of their specific needs, are apt to ignore detailed or arcane instructions about a machine they use (at most) for a few minutes once every two years. Voters are especially unlikely to patiently read through the instructions after waiting for hours, as was the case in many electoral jurisdictions. Those same voters are just as unlikely to check their voting paper record (if they receive one at all) as any shopper would be to check their paper receipt after waiting for hours in a cashier’s line—they just want to leave.
When voters have a bad usability experience, like vote flipping, they don’t know who is responsible—malicious cyberattackers, voting-machine manufacturers, or election administrators. And candidly, they should not have to care. Voters should only have to care that their ballot is counted as cast—what should be a foregone conclusion in America.
With the specter of foreign malicious interference in the 2016 general election all too fresh in the minds of voters, the ubiquitous machine malfunctions in the 2018 midterm elections were viewed unsurprisingly by many people as more than a “glitch.” It is cold comfort, if not an insult, to hear vendors and election officials claim publicly the equivalent of “the machines were not hacked; you, the voters, just didn’t use them correctly.”
There is no need for this insult against voters; security and usability can, and should, go hand in hand. Election officials should want to assure voters of the ease and efficiency of voting, how to select and correct their voting choices, and how to confirm their ballots were cast as intended. In fact, it is already well-accepted in security best practices, that when systems are user-friendly so that users have correct expectations of how their systems should (and should not) be operating, they can become security assets, a front line for detecting true irregularities.
To achieve the requisite usability for security, designers should be following the EAC guidelines, which explicitly require “a high level of usability for voters.” However, from the embarrassment of voting issues experienced this election, maybe there needs to be a clearer standard for designers.
I propose that voting-machine usability should be on par with smartphones. After all, smartphones are the default touch screen in most people’s lives, they are designed to be usable by the same broad electorate, and they are what most voters are expecting when they see a touch-screen voting machine.
Mobile-interface design methods like optimizing screen real estate with a responsive design are part of a vast and growing discipline, so here are two simple usability remedies for the type of vote flipping experienced in Pennsylvania and Texas:
1. Design finger-friendly tap targets. Just like the apps on your phone’s home screen, keep the selection boxes for voting options far enough apart that voter’s fingers cannot mistakenly select an option they aren’t intending to select. Furthermore, keep the boxes far enough apart to account for the typical amount of miscalibration throughout a voting day (though as a matter of design and engineering, if voting technology for ballot marking actually utilized current state-of-the-art touch-screen technology, the calibration issue would all but disappear). Voters still having trouble with selecting options would then be potential evidence of something beyond miscalibration.
2. Request confirmation when selections change. Users should be constantly aware of the status of their ballot selections and any changes from prior choices should require direct interaction. When the system records that the voter intends to switch selections, the standard are-you-sure confirmation dialog should be displayed. For example, “Are you sure you want to switch your Senate candidate selection from Beto O’Rourke (Democrat) to Ted Cruz (Republican)?” Any switched selections in the final submission screen would then be potential evidence of deeper issues.
When discussing the future of voting in the United States, it is absolutely right to call for verifiable, accurate, secure, and transparent voting systems. But in a world where “hacked,” “tampered,” and “rigged” are on the lips of many voters, we must provide the most important election stakeholders—the voters—with an easy, convenient, and intuitive voting experience. To voters, any usability failure of voting machines is indistinguishable from hacking—they simply can’t tell.