Citing security concerns, Colorado has become the first state to stop counting ballots with printed barcodes.
The state’s secretary of state told CNN she felt it was a necessary step to ensure Colorado maintains its position as a national leader on election security.
The decision is a further step toward prioritizing the role of human eye, rather than computers to count votes.
In recent years — after researchers have repeatedly demonstrated it’s possible to hack many voting machines in particular circumstances and the US intelligence community detailed Russia’s interference in the 2016 election — both government and industry leaders have reached a general consensus that the US needs to use paper ballots so that elections can be properly audited.
But some states have purchased voting machines that print out a paper receipt with either a QR (short for “quick response”) or a more traditional barcode — something a computer can read, but a human cannot — which can then be easily scanned and tallied to represent a voter’s choices.
But those codes are still controversial and experts warn that even though they’re on paper, elections still need to be audited before results are certified.
“A voter can verify the ovals, the candidates they chose, but how it gets tabulated is actually through an encrypted QR code,” Colorado Secretary of State Jena Griswold told CNN. “Is it really a voter verified paper trail if a voter cannot verify the encrypted QR code?”
To that end, from 2021, Colorado will no longer certify machines that count votes by QR or barcode. Under a pending deal with Dominion, the vendor that currently supplies Colorado’s voting equipment, a newly engineered software upgrade will instead print out ballots with choices picked marked with darkened ovals, identical to how a hand-marked ballot would look. Dominion’s scanners already are designed to record hand-marked ballots, “so no change is necessary,” spokeswoman Kay Stinson said.
The argument for paper ballots isn’t that they create a system that’s unhackable — that’s a term security experts take pains to avoid — it’s that using them to double-check a count is the best way to ensure confidence that it’s accurate.
Most ballot-marking devices print a voter’s choice twice: both the QR code or barcode for computers and in written text so that people can verify it. In the hypothetical scenario where that machine is hacked, the argument against barcode voting goes, a voter would see their intended choice printed out, but that QR or barcode could show a different candidate if the machine had been hacked.
Will other states follow?
Some election security hardliners have called for every state to follow Colorado, like Sen. Ron Wyden, an Oregon Democrat who’s introduced legislation to make barcode voting illegal.
“It’s great to see that Colorado is yet again leading the nation on election security by trashing its hackable barcode ballot-marking machines,” Wyden told CNN. “These machines are a ripe target for hackers.”
“Given the serious, credible threat that Russia and other governments will interfere in the 2020 election, it is vital that all states follow Colorado’s example by prioritizing cybersecurity over the special interest voting machine lobby,” Wyden said.
Colorado’s choice stands in stark contrast to Georgia, which recently signed a $107 million contract — also with Dominion — to replace its paperless machines with a system that includes QR code marking devices.
Not all election security experts agree that QR codes on ballots are such a problem. An ideal voting scenario includes both a quick automated tally as well as a subsequent statistically significant audit of the paper ballots. The real concern isn’t using QR codes for the first part, because it’s still going to be converted to code for a computer to tabulate. Instead, it’s whether the vote will then be audited — something only a handful of states do.