The Flaws in U.S. Voting Machines That Just Won’t Go Away
Back in 2006, Michal Pospieszalski, a software engineer working as Chief Technology Officer for the Election Science Institute, was sent to Omaha, Nebraska, to inspect the iVotronic voting system made by Election Systems & Software (ES&S). What he found was troubling—and, he says, not much has changed since then.
The machines had glaring security holes: sloppy code, backdoors, passwords that never changed. But the biggest issue? There was no way to verify whether a ballot was legitimate or if it had been counted multiple times. “The scanner doesn’t know any better,” Pospieszalski explained. “You could run the same ballot through 10 times, and it’ll just count as 10 votes.”
Why Today’s Systems Still Fall Short
Pospieszalski, now CEO of security firm MatterFi, says the problem isn’t theoretical—it’s something anyone with access to the machines could exploit. Without a way to anonymously track each ballot, there’s no safeguard against tampering. “There’s no serialization,” he said. “No way for the system to know a ballot should only be counted once.”
The fix, in his view, isn’t about replacing hardware. It’s about software—specifically, cryptographic techniques dating back to the 1980s, when cryptographer David Chaum developed methods for verifying transactions without revealing their contents. Chaum’s work later influenced digital currencies, but it also laid the groundwork for secure voting systems.
Pospieszalski’s proposal is straightforward: Each ballot gets a unique, blinded serial number. The central tabulator would recognize duplicates instantly. “If I see two of them, somebody cheated,” he said. “Especially if I see 50.”
When Mistakes Fuel Distrust
In 2020, Pospieszalski was called to Antrim County, Michigan, after a vote-counting error briefly showed a 2,000-vote swing from Biden to Trump. The cause? A misconfigured ballot definition. Once corrected, the numbers snapped back to normal.
But the damage was done. “People were riled up,” he said. “Even without a hack, the optics were terrible.” While he found no evidence of remote tampering, he did spot signs of possible ballot stuffing—like batches of ballots filled out identically. “If you see 100 ballots with all 42 choices exactly the same, you think: *Probably not real.*”
Why Fixes Haven’t Happened
So why haven’t these vulnerabilities been addressed? Pospieszalski blames inertia and overcomplicated proposals. Some push for blockchain, but he argues that’s unnecessary. “You don’t need it,” he said. “Just a software upgrade to existing systems.”
The real hurdle, he says, is getting election officials and manufacturers on board. “If a law mandated crypto proofs by 2028, we’d be in business.” Until then, the same flaws linger—leaving elections vulnerable not just to attacks, but to the erosion of trust.
And in today’s climate, that might be the bigger risk.
