What Voters are Asked to Verify Affects Ballot Verification: A Quantitative Analysis of Voters' Memories of Their Ballots
23 Pages Posted: 6 Dec 2018 Last revised: 13 Apr 2019
Date Written: November 23, 2018
As a new generation of voting system technology is deployed in response to concerns about the security of American election infrastructure, the role of voter verification of paper audit trails (VVPAT) has re-emerged as central to insuring election integrity. A key step in many electronic voting systems relies on the ability of a voter to carry out what seems at first blush like a simple task: review a computer-generated record of ballot choices made moments before to verify that those choices have been fully and accurately recorded. Prior studies have not addressed what appears to us to be the fundamental question to be resolved if VVPAT is to be a cornerstone of voting technology: can electors verify their votes by reviewing a paper ballot summary? If so, then the paper records are relatively secure evidence of voter intent that can be used to conduct audits and recounts. If not, then adversaries who are able to compromise voting systems can change votes with impunity. The experiments described in this paper, conducted in 2018 during the May 1 and August 2 Tennessee primary elections, suggest that the answer may be “No.”
In asking this question we are not concerned so much about the practical problems associated with VVPAT as whether there are fundamental cognitive limitations on the act of verification itself. We present preliminary evidence suggesting that, in actual polling place settings, most voters will not attempt to verify paper ballot summary cards, even when directed to do so. Furthermore, polling place exit interviews of voters who attempt to review their ballots reveal that a statistically significant fraction is unable to recall important details of ballots cast only moments before. Voters either fail to recognize errors in ballots presented to them for verification or fail to recognize that the ballots presented for verification were not the ones they cast. These results are broadly consistent with other recent studies that cast doubt on the reliability and accuracy of memory recall and are evidence of voter memory errors that would make a verified ballot summary card impossible to rely upon as a reliable source record for a post-election audit.
This study differs from prior studies on VVPATs used with DRE (“Direct Recording Electronic”) machines, as this study is limited to more recent electronic ballot marking device (“BMD”) technology. Such technology involves a voter making choices on a touchscreen machine that produces a ballot summary card (not the full ballot contents). The ballot summary card is inserted into a separate mark sense scanner to complete the vote casting process. A consequence of the results presented here is that voters who cast ballots on compromised ballot marking devices in which votes have been changed but who have not securely registered their ballot choices by, for example, hand-marking paper ballots, are generally unable to detect vote manipulation. The implications for future voting system design are also discussed.
Keywords: election security, cyber security, voting systems, HAVA, voter verification, memory, cognition
Suggested Citation: Suggested Citation