Ernest Zirkle was puzzled. The resident of Fairfield Township in Cumberland County, NJ, ran for a seat on his local Democratic Executive Committee on June 7, 2011. The official results showed him earning only nine votes, compared to 34 votes for the winning candidate.

But at least 28 people told Zirkle they voted for him. So he and his wife—who also ran for an open seat and lost—challenged the result in court. Eventually, a county election official admitted the result was due to a programming error. A security expert from Princeton was called in to examine the machines and make sure no foul play had occurred. Unfortunately, when he examined the equipment on August 17, 2011, he found someone deleted key files the previous day, making it impossible to investigate the cause of the malfunction. A new election was held on September 27, and the Zirkles won.

A decade ago, there was a great deal of momentum toward paperless electronic voting. Spooked by the chaos of the 2000 presidential election in Florida, Congress unleashed a torrent of money to buy new high-tech machines. Today, momentum is in the opposite direction. Computer security researchers have convinced most observers that machines like the ones in Fairfield Township degrade the security and reliability of elections rather than enhancing them. Several states passed laws mandating an end to paperless elections. But bureaucratic inertia and tight budgets have slowed the pace at which these flawed machines can be retired.

Luckily, no e-voting catastrophes seem to have occurred. The irregularities that have risen to public attention since 2006 have tended to be small-scale or low-stakes incidents like the one in Fairfield Township. But lack of high-profile failure is not an argument for complacency. If an election were stolen by hackers in a state that used paperless voting machines, we wouldn't necessarily be able to detect it. Just because a major disaster hasn't happened in recent elections doesn't mean it can't happen in 2012.

The e-voting boom

Major policy changes are frequently spurred by crisis. The catalyst for America's e-voting boom was Gore v. Bush and the 2000 presidential election debacle. Haunted by tales of butterfly ballots and hanging chads, Congress appropriated an unprecedented $2.3 billion in fiscal years 2003 and 2004 to help states purchase new voting equipment. Computerized voting machines were widely regarded as the next generation of voting technology, and vendors raced to introduce new touchscreen models to capture a share of the federal largesse.

A future where votes are cast on touchscreen machines and instantly tallied by computers has a superficial appeal. But security researchers pointed out so-called direct-recording electronic (DRE) voting technology has a serious downside. When votes are recorded by a general-purpose computer, voters need to trust the software running on the computer. But there's no way to be sure a machine's software hasn't been altered once it's released in the wild. Nor is there any way to perform a meaningful audit of the results.

Voting machine vendors didn't help their own case. In 2003, Walden O'Dell was the head of the voting machine vendor Diebold and a prominent Republican fundraiser in his home state of Ohio. In a particularly boneheaded PR move, he wrote a fundraising letter declaring that he was "committed to helping Ohio deliver its electoral votes to the president," George W. Bush, in the 2004 election. There's no evidence that O'Dell abused his power as the head of Diebold. But there's a real danger of malicious parties tampering with voting machines.

The scale of this problem was highlighted by research conducted at Princeton University in 2006. A team led by Prof. Ed Felten developed a proof-of-concept voting machine virus. The virus was designed to spread from machine to machine via the removable memory cards administrators use to update the machines. That means, in principle, a hacker could infect hundreds of machines in a state by modifying a single memory card. As far as we know, no one has ever used this kind of attack to steal an election. But it's impossible to be sure.

Consider the 2006 election for Florida's 13th Congressional district. According to the official results, the Republican, Vern Buchanan, defeated the Democratic candidate, Christine Jennings, by a margin of 369 votes. But Jennings challenged the results. In a lawsuit, she claimed the official results failed to include "thousands of legal votes that were cast in Sarasota County but not counted due to the pervasive malfunctioning of electronic voting machines." The ACLU filed a lawsuit of its own, arguing that Florida election officials had "dismissed reports of problems with electronic voting machines and resisted mandating audits and other methods of ensuring that electronic voting machines are capable of performing a genuine recount."

Ultimately these arguments fell on deaf ears: Jennings and the ACLU both lost their lawsuits. Subsequent investigations suggested, ironically, the most likely explanation for the high number of voters who didn't cast a vote was a poorly designed onscreen ballot. But because the voting machines didn't produce a paper record that voters could double-check, there was no way to rule out the possibility of more serious problems.