Barbara Simons has been fighting for secure elections for two decades. But the award-winning computer scientist, who’s also well-versed in voting technology and its security vulnerabilities, doesn’t consider herself a security expert. Everything she’s learned about election security, she says, came from hanging out with security experts.
“My job had nothing to do with security. My training is in computer science,” she says. “I’ve never hacked [a] machine … [but] I think I could learn [how to],” she says.
Simons, 79, has been a major and influential player in the movement to institute paper-ballot backups for electronic voting systems and in warning about the security risks of Internet voting. She and many other computer scientists argue that computers and software alone can’t properly handle the task of tallying votes.
“You can’t trust computers to work properly [with voting systems],” says Simons, who has served on multiple projects and task forces on election security. “You need paper as a check on the computers.”
In 2000, online voting in US elections had sounded like an exciting and promising prospect to Simons when she joined the Internet voting study task force convened by then-President Bill Clinton.
“In those early days looking at Internet voting, it was, of course, why not? I thought it was a good idea,” recalls Simons.
But her enthusiasm quickly waned. Security experts from academia and government labs shared grim assessments of the major security risks in online voting, so the final report published by Simons and other members of the National Workshop on Internet Voting flatly rejected the notion of shifting to online voting in the new millennium.
“It basically said, ‘No, not right now,” she says. “It was a pretty negative report.”
But soon after, new calls for Internet voting and expanded electronic-voting technology began to escalate in the wake of the punch-card “hanging and dimpled chads” fiasco of the 2000 presidential election. Some punch-card ballots had not properly detached the perforated paper in the casting of votes. As a result, they were unreadable, causing more confusion and consternation in the already extremely tight race in Florida between Al Gore and George W. Bush.
Suddenly, paper became the bane of vote-count accuracy, which helped usher in a new generation of electronic-voting systems, such as direct recording electronic (DRE) voting systems. These systems had no paper trail to protect vote counts – but unfortunately, plenty of security holes.
Thanks to high-profile hacks of voting equipment at DEF CON, as well as pressure from experts like Simons and policymakers in the wake of Russian election-meddling and data breaches in the 2016 election, old-school paper is now experiencing a comeback in the voting process, and DRE systems are gradually disappearing from polls due to security issues. Simons, her colleagues at Verified Voting (where Simon serves as Board Chair), and other election security experts are also pushing hard for adoption of so-called risk-limiting audits to be widely deployed.
It hasn’t been an easy sell, Simons admits.
“A lot of people are put off by that,” says Simons, who’s officially retired but currently performs full-time pro bono work for both Verified Voting and the Association for Computing Machinery (ACM), where she also had served as president. “They don’t realize scanners are computers that can be hacked.”
A risk-limiting audit randomly selects ballots that are then manually checked against electronic machine results to basically provide an integrity check of vote counts. A statistical sampling of paper ballots are compared with the electronic records, and the vote counts are checked.
Ask Simons about the recent mobile voting experiments in states such as Washington, Utah, and West Virginia, where votes are cast by smartphone and processed over a blockchain infrastructure, and she argues that it’s a nonstarter. It’s just Internet voting by a different name, and “it’s a terrible idea,” she says.
‘Ahead of the Game’
Simons blazed a path from mathematics to a Ph.D. in computer science in 1981 from the University of California, Berkeley, at a time when computing was new and there were few women to follow in the technology profession. Her dissertation solved an open problem in the so-called scheduling theory in computing, and she joined IBM Research in 1980, where she worked as a computer scientist.
Simons today is considered not only a computer science pioneer, but also one of the most influential women in technology. And as she describes it, she “fell into” the field. Simons never finished her undergraduate degree: After starting at Wellesley College as a mathematics major and then transferring to Berkeley, she got married and later dropped out to raise her children.
“I went back to school when my marriage was breaking up. I was out of school for nine years,” she says. “My father, whose advice I hardly ever took, suggested that I learn how to program because as a mathematician he thought that would mean I would find programming easy.”
(That’s a fallacy, Simons says. Computer programming doesn’t necessarily require math chops – something she says she and her dad didn’t realize at the time.)
“I enjoyed programming and continued to aim slightly higher than where I currently was. One thing led to another, and I ended up getting a Ph.D. in computer science. If I had started off with the goal of getting a Ph.D. … well, I never would have started off. It would have seemed impossible,” she notes. “Instead, each time I set a new goal, I could say to myself that even if I fail, I’m already ahead of the game. That made me feel less intimidated than I might have felt otherwise.”
Computer programming was still a new field when Simons entered it, and in launching a new career after taking time off with her family, she was well aware of the challenges faced by women in the same situation. So she co-founded the University of California Computer Science Department Reentry Program for Women and Minorities at Berkeley to help women join the field, and also served on diversity group boards at Berkeley and the national Coalition to Diversify Computing.
Women were among the pioneers in computer programming in the early days, she recalls.
“The first programmers were women and they were totally written out of history,” she says, pointing to women such as the late Fran Allen, who in 2006 became the first woman to receive the prestigious Turing Award from ACM.
Programming “wasn’t poorly paid” as a field at the time, but it also wasn’t initially as highly regarded as it is today, she says. It wasn’t until men started entering the field in numbers that salaries rose and women got squeezed out, Simons says.
“They started requiring calculus, which has nothing to do with programming [and] a lot of girls in high school weren’t taking,” she notes. “The doors were closing for women, and that’s one of the reasons we started” the reentry program at Berkeley.
To this day, Simon remains the only woman to have won the Distinguished Engineering Alumni Award from Berkeley.
“Our goal was to produce more women and minority leaders, and we wanted them to get Ph.Ds,” she says.
The reentry program gave women and minorities the opportunity to take regular computer science classes at Berkeley so they could apply to graduate school, but the passage of Proposition 209 in California – which banned educational benefit programs based solely on gender or ethnicity – ultimately killed the program, she says.
Paper and Patience
James Hendler, chair of ACM’s US Technology Policy Committee, describes Simons’ expertise as a unique blend of knowledge in computing technology and its policy implications that she has used to help forge election security policy. ACM recently awarded Simons its ACM Policy Award for her leadership of the organization and her work on election security issues.
“She realized before most others that the cybersecurity risks of electronic voting machines and, later, online voting could have implications that most politicians and the public were not aware of,” Hendler says. “She realized there had to be a paper-based record to back up electronic voting machines and/or some kind of risk-based auditing for monitoring any kind of online election. Without these safeguards, an election would be virtually impossible to secure.”
Simons sees the shift away from paperless voting technology as a positive development for the upcoming election in November, but she worries about efforts to fast-track mobile voting if the move to mail-in paper ballots falters in some areas.
Mail-in voting is good for post-election audits, she says, and “hand-marked ballots are the best kind.”
Even so, she says the potential for a protracted vote count given the increase in mail-in ballots amid the pandemic could cause confusion and even sow distrust in the outcome.
“Americans are going to have to learn a little patience” in learning the outcome of the election, she says.
Simons’ biggest worries about election security: Just about everything. I’m especially worried about an attack on our voting technology: the electronic poll books, the voting machines, and the scanners that tabulate the ballots. If folks share the concerns of our intelligence community – and they should – that Russia wants to mess with our election, then allowing Internet voting, which is the most insecure form of voting possible, would be a gift to Russia, or China, or Iran, or North Korea, or indeed any nation/state or organization that wants to steal our elections.
‘Aha’ moment as a mathematician-turned-coder: I remember thinking, ‘Wow, in math you’re given a problem that you don’t necessarily know has a solution. Is this theorem true or false?’ You don’t know. But with programming, you’re asked to write software for a problem you know you can solve. This was pretty cool.
Retirement: I’m working really hard. I’m just not getting paid.
Favorite hangout before COVID-19: Bowen Island [British Columbia]
Comfort food: Sushi
Netflix pick right now: At the moment we’re into Korean shows. We’ve seen “Crash Landing on You” and “Rookie Historian,” both of which I recommend. We’re now watching a show called “Vagabond.”
Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio