Things I learned from working a primary election

After more than 15 years of writing about voting-machine security, I finally got some hands-on experience in the field–by waking up at 4 a.m. and working a 16-hour day.

I’d had the idea in my head for a while, thanks to frequent reminders from such election-security experts as Georgetown Law’s Matt Blaze that the best way to learn how elections work is to work one yourself. And I finally realized in January that I’d be in town for the March 3 Democratic primary and, as a self-employed type, could take the whole day off.

I applied at Arlington’s site by filling out a short form, and about two hours later got a confirmation of my appointment as an election officer. (My wife works for Arlington’s Department of Technology Services but has no role in election administration.) A training class Feb. 11 outlined the basics of the work and sent me home with a thick binder of documentation–yes, I actually read it–and on March 3, I woke up two minutes before my 4 a.m. alarm.

After packing myself a lunch and snacks, as if I were going to grade school, and powering through some cereal, I arrived at my assigned polling place just before the instructed start time of 5 a.m. I left a little before 9 p.m. Here are the big things I learned over those 16 hours:

  • Yes, having people fill out paper ballots and scan them in works. I saw 500-plus voters do that while I tended the scanner in the morning, and none had the machine reject their ballot. There was confusion over which way to insert that ballot, but the scanner accommodated that by reading them whether they were inserted upside down, right-side up, forwards or backwards. (I wish more machines were that tolerant of human variances in input.) And at the end of the day, we had a box full of ballots that will be kept for a year.
  • The technology overall appeared to be of higher quality than the grotesquely insecure, Windows-based Winvote touchscreen machines on which I voted for too many years. This scanner was an offline model running a build of Linux, while the poll-book apps ran on a set of iPads.
  • The “vote fraud” rationale for imposing photo ID requirements is not only fraudulent, but photo IDs themselves are overrated. The state allows a really broad selection of public- and private-sector IDs—unavoidable unless you want to make it obvious that you’re restricting the franchise to older and wealthier voters—and our instructions required us to be liberal in accepting those. I didn’t see or hear of anybody getting rejected for an ID mismatch. (The one surprise was how many people showed up with passports; I quickly grew to appreciate their larger color photos over the tiny black-and-white thumbnails on drivers’ licenses.)
  • Asking people to state their name and address, then matching that against voter-registration records, does work. That also happens to be how voter check-in used to work in Virginia before Republicans in the General Assembly shoved through the photo-ID requirement that’s now been reversed by the new Democratic majority in Richmond.
  • You know who really loves high turnout? Election officers who otherwise have some pretty dull hours in mid-morning and then mid-afternoon. At one point, the person in charge of the ballot scanner busied himself by arranging stickers into a bitmapped outline of Virginia, then added a layer of stickers on top of that to represent I-95 and I-66. Fortunately, precinct 44 blew away past primary-turnout records with a total of 1,046 in-person votes.
  • The attention to detail I saw was almost liturgical. Every hour, the precinct chief did a count of voters checked in and votes cast to ensure the numbers matched; every record was done in at least duplicate; every piece of paper was signed by at least two election officers, and the overall SOR (statement of results) bore the signatures of all eight of us. We closed out the night by putting documents and records in specified, numbered envelopes, each locked with a numbered zip-tie lock; each number was recorded on a piece of paper on the outside of each envelope that was itself signed by two election officers.
  • Serving as an election officer isn’t physically demanding work, but it does make for a long day. We did have coffee delivered, but it didn’t arrive until 9 a.m., and nobody had time for dinner during the rush to close out things after the polls closed.
  • It’s also not the most lucrative work ever. My paycheck arrived Friday: $175, amounting to an hourly wage of $10.94. The value of seeing the attention paid to make democracy work and then watching more than a thousand people show up to exercise their rights: priceless.

Updated 3/23/2020 to fix some formatting glitches.

Weekly output: network security (x2), election security, Google finding Apple’s bugs

Now it can be told: I spent all of the last two weeks on the West Coast, with my stay in Las Vegas for Black Hat and DEF CON sandwiched inside time with my in-laws in California. That let me have a much shorter trip to and from Vegas and then segue from WiFi security to a little wine tasting and, more important, a lot of napping.

8/12/2019: WiFi can be a free-for-all for hackers. Here’s how to stop them from taking your data, USA Today

I e-mailed this to my editor with the following note: “I’m sending this over the DEF CON conference WiFi, so if you only see pirate-flag emoji I trust you’ll call or text to warn me.” If you don’t want to read all 600-ish words in this piece, the top three are “encryption is your friend.”

8/12/2019: This tech could secure voting machines, but not before 2020, Yahoo Finance

One of the big reasons I decided to stick around Vegas for DEF CON–even though it meant I’d have to pay $300 in cash for that conference badge–was the chance to see the exhibits and presentations at its Voting Village. The proceedings did not disappoint, even if a DARPA demo from a project with the delightful acronym of SSITH is far from yielding shipping voting hardware.

8/12/2019: Google got Apple to fix 10 security flaws in the iPhone, Yahoo Finance

Black Hat offered a two-course serving of Apple-security news. Its first day featured a briefing from Google Project Zero researcher Natalie Silvanovich about how her team uncovered 10 serious iOS vulnerabilities, and then its second day brought a talk from Apple security-engineering head Ivan Krstić that ended with news of a much more open bug-bounty program.

8/14/2019: This Morning with Gordon Deal August 13, 2019, This Morning with Gordon Deal

I talked about my USAT column on this business-news radio program; my spot starts just after the 13th minute.

Weekly output: new Macs, online absentee voting, Tech Night Owl, DuckDuckGo

LISBON–I’m here for my fourth Web Summit, which is also my third in a row to have me moderating panels and away from the U.S. during election day. I like this conference, but I’m missing the experience of casting a ballot in person on the big day. American citizens reading this: You will be doing just that Tuesday if you haven’t already voted early or absentee, right? Because if you don’t, you’re inviting the dumbest person in your precinct to vote in your place.

10/29/2018: Why it’s a big deal that Apple is finally updating its computers, Yahoo Finance

When I wrote this curtain-raiser post for Apple’s news this week, I didn’t factor in Apple charging so much more for memory and storage upgrades. I will try to revisit that topic sometime soon.

11/1/2018: Experts disagree on how to secure absentee votes, The Parallax

This article started as questions I had left over after writing a post about the Voatz blockchain absentee-voting app a few weeks ago.

11/3/2018: November 3, 2018 — Rob Pegoraro and Jeff Gamet, Tech Night Owl

I talked to host Gene Steinberg about some puzzling aspects of Apple’s finally-updated computer lineup, along with its decision to stop revealing unit-sales numbers in future earnings releases.

11/4/2018: What it’s like to use a search engine that’s more private than Google, Yahoo Finance

Not for the first time, a topic I tried out as a post here became a separate story for a paying client. Did that piece get you to set the default search in one of your browsers to the privacy-optimized DuckDuckGo? I’ll take your answer in the comments.

Weekly output: John Brennan on election security, Saudi Arabia’s Twitter operations (x3)

For most of this past week, the conference badge was on the other lanyard: My wife was out of town for work.That brief spell of solo parenting ended with the house miraculously not much messier than before and me needing a nap more than usual.

10/17/2018: Ex-CIA chief’s take on election security: Don’t panic, do stay paranoid, Yahoo Finance

When I filed a first draft of my interview with former CIA director John Brennan two weeks ago, my editor said it read more like two posts and asked if I wouldn’t mind turning it into a pair of stories. This covers the second half of our conversation, folding in some quotes from some subsequent election-security events around D.C.

10/20/2018: Saudi Arabia’s Twitter mole, Al Jazeera

The New York Times reported Saturday that Saudi Arabia’s attempts to suppress dissidents like murdered Washington Post contributor Jamal Khashoggi extended to recruiting a Twitter insider. Several hours later, I told viewers–as overdubbed into Arabic–that this development represented a serious departure from Silicon Valley’s traditional definition of espionage as “an employee takes trade secrets to a competitor.”

10/21/2018: Saudi Twitter operations Al Jazeera

As part of what looks like the same kind of flood-the-zone coverage strategy I usually associate with Apple events, AJ had me on two more times Sunday to talk about this Twitter mole and Riyadh’s other attempts to change the social-media conversation.