National security experts say hackers backed by foreign governments are trying to influence the U.S. election, and the nation's voting infrastructure is dangerously vulnerable.
Time for an overhaul, they say.
But when county officials in Austin, the capital of Texas, wanted to replace their voting equipment in 2012, they didn't like what they saw.
Electronic machines on the market had security problems. Voter-marked paper ballots can leave room for interpretation.
So County Clerk Dana DeBeauvoir called Rice University computer science professor Dan Wallach, who has been poking holes in voting-machine security for years. He's testified before Congress on the subject.
Now DeBeauvoir wanted him to design a new one.
"Wow," he says. "That doesn't happen very often."
Florida fallout
The last time voting technology went through a major design change was after the disastrous Florida recount in the 2000 presidential election. Confusion over badly designed and incompletely punched paper ballots threw the results into chaos.
In 2002, Congress passed the Help America Vote Act, committing $4 billion to help localities buy new electronic voting machines.
"All of these machines, we understand now, are wildly insecure," Wallach says. "Even though the vendors made claims that they were great, those claims have turned out to be false. And we're now dealing with that problem."
But replacing them costs money that many localities don't have, and it's not clear that Congress will pony up again.
So Wallach's new system would have to be cheaper than what's on the market now.
One more wrinkle
"It really doesn't matter how secure a voting system is. If voters can't vote with it and easily cast their ballot, then the security is a moot point," says Wallach's colleague, Claudia Ziegler Acemyan, a postdoctoral researcher in psychology at Rice.
Usability would have to be designed in from the start. So when DeBeauvoir called, Wallach says, "I said, 'Can I invite some friends?' She said, 'Sure.' "
A STAR is born
The system that the team of cybersecurity and usability experts came up with is called STAR-Vote, for secure, transparent, auditable and reliable.
It has two parts: A kiosk containing an off-the-shelf tablet computer and a standard inkjet printer, plus a metal ballot box with a built-in scanner.
Off-the-shelf parts keep the cost down and can be easily sourced and replaced. Wallach says the metal box costs more than all the electronic components inside it. The whole system should cost half or less what current machines do, which cost about $3,000 each.
Voters make their selections on the touchscreen tablet, which is kept off the internet and stripped of all software (and potential vulnerabilities) except the voting application.
State-of-the-art cryptography protects the integrity of the vote. But it's not the only safeguard. Hard copy remains one of the most secure ways to cast a ballot.
"The crypto can do some really great tricks," Wallach says. "But if you don't trust the cryptography, that's OK. Because we also have printed paper ballots that go into a box."
Vote is cast
Voters can see who the computer says they chose. The vote is only cast when the voter puts it in the ballot box.
And if there is any question about the electronic votes, the paper ballots are the backup.
STAR-Vote is the closest to market of a handful of new voting systems under development. Researchers piloted a system called Scantegrity II in the Takoma Park, Maryland, mayoral and city council elections in 2009. Los Angeles County is also developing a new voting system with input from usability experts.
But last month, Travis County put out a call for vendors to design and build STAR-Vote commercially. It will likely be a couple years before they are in polling stations.
"Fingers crossed, 2018," Wallach says.
Watch related story: