Angelenos! I'll be at the Los Angeles Festival of Books TOMORROW (Apr 19) for a panel called "Nature or Nurture: How Humans and AI Are Changing Each Other" with Adam Becker, Joanne McNeil, and Lucas Cantor Santiago.
Nearly 25 years ago, in the aftermath of Bush v Gore, I got involved in a bunch of ugly tech policy fights over voting machines. The hanging chad debacle in Florida prompted Congress to appropriate funds for states to purchase new touchscreen voting machines based on a robust, open standard. The problem was, those machines didn't exist.
The voting machine industry in those days was already very consolidated (it's far more consolidated today). They went shopping for a standards body that would publish a spec for a "standard" voting machine that could soak up those federal dollars in time for the 2004 election. The only taker was the IEEE, who unwisely offered to serve as host for this impossible rush job.
Once the voting machine reps were around a table at IEEE — largely sheltered from antitrust scrutiny thanks to the broad latitude enjoyed by firms engaged in standardization, which is otherwise uncomfortably close to collusion — they admitted what everyone already knew: there was zero chance they were going to develop a new standard in time for the election.
Instead, they decided they were going to publish a "descriptive standard." Rather than designing a new standard, they'd write down the specs of their own products — the same products that were considered so defective they needed to be replaced before the election — and call that the standard.
That was my first encounter with this issue as an activist. I had just started at EFF and a lot of our supporters were IEEE members, who were appalled to see their professional association being used to launder this incredibly politically salient, technically incoherent scam. We got a ton of IEEE members to write to the board, who shut down the standards committee and kicked the voting machine companies to the curb.
The voting machine companies weren't done, though. Diebold — one of the leaders in the cartel — knew that its voting machines were defective. They'd crash, lose their vote-counts and malfunction in other ways that were equally damaging to election integrity.
This was an alarming piece of news, but perhaps just as alarming is the way it came to light. A Diebold employee described this situation in a memo that was subsequently hacked and dumped by parties unknown. That memo, along with the accompanying tranche of extremely alarming revelations about Diebold's voting machine division, was the subject of one of the first mass-censorship copyright campaigns in internet history.
Diebold didn't dispute the veracity of these damning revelations: rather, it claimed that since the memos detailing its gross democracy-endangering misconduct had been prepared by an employee, that they were therefore works-made-for-hire whose copyright was held by Diebold, and thus anyone who reproduced the memo was infringing on the company's copyright.
Under Section 512 of the then-new Digital Millennium Copyright Act, Diebold was empowered to send "takedown notices" to the web hosting providers whose users had posted the memos, and if the web hosts didn't remove the content "expeditiously," they would be jointly liable for any eventual copyright damages, which are statutorily set at $150,000 per infringement.
Every web host folded. No one wanted to take the risk of tens of millions of dollars in statutory damages.
(Incidentally: anyone who tells you that "online safety" requires us to make online platforms liable for their users' speech needs to explain how this wouldn't empower every crooked company whose dirty laundry had ended up online wouldn't just do what Diebold did. It's not technically insanity to do the same thing over again in expectation of a different outcome, but it is awfully stupid and reckless.)
That might have been the end of things, except for the kids at Swarthmore, a small liberal arts college in Pennsylvania. Two students, Nelson Pavlosky and Luke Smith, were outraged by Diebold and they had accounts on Swarthmore's webserver. So they uploaded thousands of copies of the leaked memos, but linked to just one of them from a page about the leak. As soon as that copy was deleted by Swarthmore's webmasters in response to a DMCA takedown from Diebold, the students updated the link to point to another copy. And another. And another.
That's where EFF got involved. We repped the Online Policy Group, whose page linking to the Swarthmore resources was taken down by a Diebold notice. We won. The memos became a matter of public record. The Swarthmore kids started a nationwide network called "Students for Free Culture." It was pretty danged cool.
That wasn't the end of the Diebold story, though. Diebold was and is a very diversified conglomerate that made a lot of tabulating machines: ATMs, cash-registers, medical monitoring devices…and voting machines. Every one of these machines produced a paper-tape of its tabulations as an audit trail that could be used to reconstruct its calculations if it crashed…except the voting machines. The voting machines that kept crashing, and whose crashes presented a serious risk to the legitimacy of US elections in the wake of the worst electoral crisis in the country's history.
Diebold's stated reason for this was that adding a paper tape was haaaard (even though all its other machines had paper audit tapes). Not only was this a very unconvincing excuse, it was downright alarming in light of the promise of Walden O'Dell (Diebold CEO and prominent Bush fundraiser) to help "Ohio deliver its electoral votes to the president":
https://fairvote.org/diebold-partisanship-and-public-interest-elections/
Now, to be clear, I don't think that O'Dell was going to steal the election for Bush (that's the Supreme Court's job). Rather, he was just a loudmouth asshole CEO who supported the (up to that point) worst president in American history, and who also made garbage products that were not fit for purpose.
In the decades since, voting machines have been the subject of lots of scrutiny by the information security community, because they suck. Time after time, the most sphincter-puckering defects in widely used machines have come to light:
https://blog.citp.princeton.edu/2006/05/11/report-claims-very-serious-diebold-voting-machine-flaws/
The hits just kept on coming:
At Defcon, the amazing Matt Green has presided over the Voting Village, where it's an annual tradition for hackers to probe voting machines. This exercise has produced a string of terrifying revelations that precisely described how these machines suck:
https://www.votingvillage.org/cfp
Pretty much everyone I knew thought that voting machines were garbage technology…right up to the moment that the My Pillow guy, Tucker Carlson, and a whole menagerie of conspiratorial Trumpland mutants started peddling a bizarre story about how Hugo Chavez colluded with the Canadian voting machine company Dominion Voting Systems (who bought Diebold's voting machine business when they finally dumped the division) to rig the 2020 election for Joe Biden. They told so many outlandish lies about this that Fox ended up paying Dominion $787.5 million to settle the case:
https://en.wikipedia.org/wiki/Dominion_Voting_Systems#Dominion_Voting_Systems_v._Fox_News_Network
That's when something very weird happened. A bunch of people who had been skeptical of voting machines since the Brooks Brothers Riot suddenly became history's most ardent defenders of those same garbage voting machines. The cartel of voting machine companies — who had a long track record of using bullshit legal threats to silence their (mostly progressive) critics — were drafted into The Resistance(TM), and anyone who thought voting machines were trash was dismissed as a crazy person who has been totally mypillowpilled:
There's a name for this: it's called "schismogenesis": when one group of people define themselves in opposition to someone else. If the other team does X, then your team has to oppose X, even if you all liked X until a couple minutes ago:
https://pluralistic.net/2021/12/18/schizmogenesis/
This schismogenic reversal persists to this very day. Every time Trump promotes another election denier to his cabinet, a federal agency, or a judgeship, the idea that voting machines are garbage becomes more Stop the Steal-coded, even though voting machines are, objectively, garbage.
Which is bad. It's bad because we are going into another election season where the stakes are — incredibly — even higher than Bush v Gore, and electoral authorities and state legislatures are making the world's most unforced errors in their voting machine procurement decisions, and if you've conditioned yourself to reflexively dismiss voting machine criticisms as conspiratorial nonsense, then you are part of the problem.
Just because some voting machine criticism is conspiratorial nonsense, it doesn't follow that voting machines are good, nor does it follow that every voting machine critic is a swivel-eyed loon or ratfucking Roger Stone protege.
Take, for example, Princeton's Andrew Appel, a computer scientist who's been publishing well-informed, well-documented warnings about defects in voting machines for years and years. Appel's latest is an alarming note about Georgia's new plan to "tabulate" ballots using OCR software:
The Georgia legislature has wisely banned the use of QR codes on the paper ballots generated by touchscreen voting machines. We have, at long last, progressed to the point where we use "ballot marking devices" (BMDs) that produce a paper record that can be hand-counted. The problem is that voters barely ever glance at these paper ballots before dropping them in the box to make sure the choices they made on the touchscreen are correctly reflected on the ballot — only 7% of voters carefully inspect their ballots!
This problem is greatly exacerbated if these ballot papers are tabulated by a machine that reads a QR code or barcode, rather than interpreting the human-readable information on the ballot. People are even less likely to pull out their phones and scan the QR code to ensure it matches the words on the paper. That means that a BMD could output different choices in the QR code than it prints in the human-readable part — and the Dominion BMD machines they use in Georgia run outdated software that's super-hackable:
So Georgia's state leg passed Senate Bill 189, which establishes that "The text portion of the paper ballot marked and printed by the electronic ballot marker indicating the elector's selection shall constitute the official ballot and shall constitute the official vote for purposes of vote tabulation." In other words, you can't count by scanning QR codes, you have to actually interpret the human-readable text on these ballots.
These machines still suck, to be clear (the fact that they don't suck for the mypillovian reasons that Tucker Carlson believes doesn't mean they're good) — but thanks to SB189, they are way less dangerous to democracy than they might be.
But not if Secretary of State Brad Raffensperger gets his way. Raffensperger is another guy who was drafted into The Resistance(TM) after he refused to commit election fraud for Trump, but he's also not good. He can still be terrible in other ways — and he is.
Raffensperger has announced his plan to circumvent the Georgia legislature by using Dominion ICX touchscreens to produce ballots with QR codes, which will then be tabulated in Dominion ICP scanners — but then he's going to "verify" the tabulation by running those same ballots through optical character recognition (OCR) software.
As Appel points out, this is the same stupid plan that Raffensperger tried in 2024, where he called the OCR step an "audit" of the QR tabulation. Back then, he grabbed 200dpi "ballot image files" from the Dominion BMDs and ran them through OCR software run by a company called Enhanced Voting. Appel sums up the fundamental incoherence of this approach.
First, the BMDs are super-hackable, so we don't trust them to print the same info in the QR code as they print in the human-readable text (which no one looks at anyway). If we don't trust them to print accurate info in the QR code, then why would we trust them to accurately generate that 200dpi QR code that's generated for the audit? As Appel writes, "it would be fairly easy for an unsophisticated attacker to alter ballot-image files–just replace the ballots they don't like with copies of the ones they do like."
Then there's the step where these files are zipped up and transferred to the outside vendor for the audit — a step that Raffensperger has not explained. And even if the files make it to the outside contractor safely, that contractor could "change the inputs (ballot images) or outputs (tabulations)."
So this is very bad. Voting machines suck. Raffensperger sucks.
And here's the stupidest part: as Appel explains, there is a much more secure way to do this, and it's very cheap:
Just use their existing Dominion ICP (polling-place) scanners to count preprinted, hand-marked optical-scan "bubble ballots" that the voter has marked with a pen.
This is what other states are doing. As Appel writes, "This doesn't even require a software upgrade of any kind. Although it would be a fine idea to install a software upgrade that addresses known security vulnerabilities in the ICX and ICP, the ICP can count hand-marked ballots with or without the upgrade."
This is a purely unforced error, in other words. As such, it's part of a series of shitty vote-tech choices that politicians and officials have been making since Bush v Gore. Truly, we live in the stupidest timeline.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2026/04/18/dominion-sucks-actually/#just-peachy