I'm not vested in the partisan debate over voting. The Republicans, for good reason, worry about voter fraud (e.g., statewide races in Washington (2004) and Minnesota (2008), not to mention Nixon's 1960 loss, especially in Illinois). The Democrats argue that voter fraud controls are racist-motivated voter suppression policies and voter fraud is a rare phenomenon. I don't belong to either party--a plague on both houses, but the GOP has a better case. It should not be the case that cashing a check requires more identification than showing up at a polling place. It's not good policy to defer qualification issues until election day; this means due process verification can't be accomplished in the time frame, and it is basically a prescription for fraud.
When I hear "experts" argue that voting fraud is rare, all that means is it can be difficult to prove and/or it went undetected. It reminds me, as I've posted before, of how I as a junior professor discovered multiple instances of student cheating at UWM and UTEP. I knew of no other professor who filed charges, at least while I was on faculty. And in the case of UWM, I ran into institutional resistance of "student privacy issues". For example, in my graduate systems analysis class, I encountered the most ludicrous example of plagiarism ever. The entire group paper from Asian students was interwoven with direct, unattributed quotes from multiple sources. I had literally found all the original sources except one, which I didn't have but was sure I had identified. I had a time limit in presenting charges. I tried to use my faculty privileges to do a recall, but the library refused (and I couldn't get it from interlibrary loan quick enough). I tried to get them to identify who had checked out the book, at least to document for my case probable cause; they refused on privacy grounds. In essence, the library was aiding and abetting academic dishonesty.
I decided to go with the evidence I had in confronting the Asian students, and a couple of them quickly confessed and pleaded for mercy. One of the students, obviously the ringleader, was defiant, terming plagiarism some cultural phony construct. The guy, probably to this day, would never admit to doing anything wrong. So what do you do? Most MBA programs have something like a 2 C rule; I could have done something to put their student status at risk. I was willing to give them the proverbial second chance, but that one asshole wasn't contrite at all.
So a few months pass by. I had a new colleague DN who inherited my cherished graduate DSS course. (Familiar readers may recall that I accepted UWM's offer because it gave me an opportunity to teach graduate classes. I made a bad decision to volunteer to teach the COBOL service course, a key reason I would end up leaving UWM.) DK one day came to me asking me to look at a student's paper, saying it sounded "too professional". It took me a split second to recognize a verbatim extract from a classic paper on group DSS by GD, a well-known U Minn professor at the time. I then looked up to see the student's name. Yup, the same defiant asshole I mentioned above. Now I was pissed. We had had a clear conversation about this. My warnings went nowhere.
So after this I went to my friend RL's office. Bob was still working on his UMinn PhD, was married to another faculty member, and teaching our graduate MIS survey course. It turns out RL had the asshole student the same semester as me. I didn't really expect him to have any work from the student but asked him anyway. He said, "Not unless he didn't pick up his paper at the end of the semester." It turned out he hadn't. I looked at it. Bob had assigned a B, saying he hadn't been impressed with it. But as I reviewed the contents, a sense of déjà vu. I had used a giant IEEE readings book in my systems analysis course. I quickly located the first few verbatim passages from the text. Bob quickly said, "The son of a bitch!", borrowed my copy, and soon located all the remaining text in the other readings.
The (business school) administration and senior faculty made it clear to DN and RL not to pursue their cases against the serial plagiarizer. I was accused of violating the student's privacy and of trying to sabotage their foreign student program. I tried to change his course grade, and the administration refused to approve it. At this point, I went to the university administration with the evidence. They took the case, said they couldn't ignore the evidence. I was pretty much out of the loop, but I got a call one day saying the student in question was no longer at the university.
I got some anecdotal support from other professors. One of them mentioned he had caught a student changing answers on a multiple-choice mark sense form (he had a xerox copy of the student original test forms).
At UTEP, the incident that sticks out was a homework problem set, and what tipped me off was a really odd although technically correct answer. I had asked a question to write a query to dump all the data from a table, e.g., select * from mytable; You could write out all fifteen column names in mytable instead of *; but why? It's not just the student had written out the 15 column names buy in a completely random fashion, which made it a pain in the ass to grade because I had to explicitly ensure exactly all 15 names were there. So when several papers later, I saw the same batshit crazy response, including the SAME random listing of column names, I had them caught.
Now could I catch everyone? Probably not. Someone could have copied the query listed above vs. answered on his own, but it's a standard response. It reminds me of an MBA student who shared my doctoral student office back at UH. He had my old management finance professor who gave out brutal multiple-choice tests. I was trying to help the guy, but he couldn't solve the easiest net present value problem. The next thing I knew, he's telling me that he scored a 96 and finished the exam in 15 minutes. He would later admit he purposefully marked a couple of answers wrong to throw off the prof and waited another 15 minutes to turn in his exam. Hell, I have 2 math degrees and I didn't finish in 15 minutes. He would eventually tell me the prof reused his exams from prior semester and bought them from a small group of students who knowingly circulated only a small number of copies to maintain their edge. I didn't say anything, but I was pissed. I had earned my A the old-fashioned way.
I wasn't going to fink on my friend, but I thought I would tip off my former prof. I confronted him one day with the fact his old exams were being sold. He initially had a flippant response, like "How industrious of them!" I suggested changing things up and/or having high-scoring students show their solutions on the board in front of the class. A few weeks later he stopped me in the hall and said, "I now see what you were trying to say." I don't know the aftermath, but I assumed he made some changes.
Now the reader might think, "This is all very interesting, but what the hell does this have to do with voting?" Granted, the contexts are different, but you have all sorts of conceptual relationships with security constructs like vouching and tracing (e.g., does a cast vote make it to the final tally; can you verify the results came from valid voters (only)?), internal controls (e.g., separation of duties, chain of custody, role-based access and need to know), multi-factor authentication (things you have (e.g., a drivers license or voter card), things you know (DOB, SSN, etc.), and/or things you are (e.g., facial recognition, fingerprints, voice recognition, eye scans, etc.).
The White House identifies the following proven examples of voter fraud:
Types of Voter Fraud
IMPERSONATION FRAUD AT THE POLLS: Voting in the name
of other legitimate voters and voters who have died, moved away, or
lost their right to vote because they are felons, but remain registered.
FALSE REGISTRATIONS: Voting under fraudulent voter
registrations that either use a phony name and a real or fake address
or claim residence in a particular jurisdiction where the registered
voter does not actually live and is not entitled to vote.
DUPLICATE VOTING: Registering in multiple locations and voting
in the same election in more than one jurisdiction or state.
FRAUDULENT USE OF ABSENTEE BALLOTS: Requesting
absentee ballots and voting without the knowledge of the actual
voter; or obtaining the absentee ballot from a voter and either filling
it in directly and forging the voter’s signature or illegally telling the
voter who to vote for.
BUYING VOTES: Paying voters to cast either an in-person or
absentee ballot for a particular candidate.
ILLEGAL “ASSISTANCE” AT THE POLLS: Forcing or
intimidating voters—particularly the elderly, disabled, illiterate, and
those for whom English is a second language—to vote for particular
candidates while supposedly providing them with “assistance.”
INELIGIBLE VOTING: Illegal registration and voting by individuals
who are not U.S. citizens, are convicted felons, or are otherwise not
eligible to vote.
ALTERING THE VOTE COUNT: Changing the actual vote
count either in a precinct or at the central location where votes
are counted.
BALLOT PETITION FRAUD: Forging the signatures of registeredHow often does it happen? It's difficult to say. Like the cheaters in the finance class I described above, people who cheat generally don't publicize what they're doing; they are vested in its continued success. The one thing in common with all the cheaters I dealt with as a professor were all obsessed with how I found out, the obvious point being so they could could devise a scheme to get past it and wouldn't get caught next time. One thing is certain; I didn't catch everyone, and some students thoug ht I should have caught them (but refused to go on the record). We live in a litigious society; I pretty much needed to have a smoking gun. Mere suspicion was not enough. I did what I could to minimize cheating, say, on exams. I wrote programs to reorder exam questions to minimize students cheating off each other's exams. Was it worth my time and effort? Probably not.
voters on the ballot petitions that must be filed with election officials
in some states for a candidate or issue to be listed on the official ballot
Why was I one of the few professors to catch cheaters? Well, in part, I was lousy at office politics. The administration and senior professors warned me my career was at risk. Second, whereas I don't have a photographic memory, I was an active researcher who had read literally thousands of scholarly papers and had a knack for remembering arcane details. Clearly I was working under a School of Business Administration which did not value academic honesty. Are you kidding me? This Asian student had cheated in all 3 classes I knew he took; were we the exceptions to the rule or part of a pattern of behavior that morally required the SBA to expand its audit of the cheater?
What does this have to voting? Think of the incentives at play (public choice theory). I doubt that state election officials are rewarded for pointing out vulnerabilities in existing infrastructure and procedures. Since internal controls probably vary by state, it's probably impossible to provide a universal critique; we should be suspicious e.g., when voters appear in alphabetic sequence by surname, are suddenly voting for the first time in years, or 101 other unlikely statistical pattern anomalies.
What about elections in the age of COVID-19? Keep in mind that we have a set of controls at polling places that aren't in place in, say, in voting by mail scenarios. We have election observers, ballot contols, etc. One of the obvious issues in voting by mail vs. absentee ballots is the latter's validation against absentee applications. Second, with voting records frequently in flux (people moving, dying, incarcerated, etc.), mass (early) mailing of ballots exacerbates the risk of illicit ballot harvesting and forged ballots. One of our guiding principles should be a bias in favor of improved internal controls.
What about voting by Internet? There's a certain appeal, e.g., to issuing voter smartcards (things we have vs. things we know). We could use, say, PKI authentication to email secure PDF ballots with nonrepudiation. After all, we routinely run secure credit card or banking transactions. In fact, I have online accounts to check my social security account and to deposit taxes on self-employment income. Why can't we deploy state of the art technology to make our voting systems faster, more convenient, more accurate and valid? (Most devices aren't equipped with card readers, which might require, say, an additional $30-40 for USB connection.)
As an MIS academic, also Security+ certified, I love the question. For a good readable discussion of the issues, see here. Basically, the government voting infrastructure is not ready for prime time. (We can expect things like denial of service attacks, among other things.) Also, your devices can be infected with malware, say, recording your keystrokes, vs. attempting to decrypt your secure connections to the bank or other secure website. Is it possible for your infected device to corrupt a government information system?
The Democrats are right in questioning a general transition to Internet voting at this time but not in the Luddite arguing the superiority of dated paper-based technology (as if we don't recall the hanging chads of the 2000 election). Fear-mongering over the Wisconsin primary as a COVID-19 death trap turned out to be a giant nothing burger. America would be well-advised to reject more corruptible voting by mail systems vs. our current mix of polling places/absentee ballot setups.