### Election Fraud Nonsense

Everyone who thought the election mishegas would be over after the election, raise your hand. C'mon, don't be shy. I certainly thought things would calm down a day or two after the election.

So I was wrong. Starting with election night, when Hillary was apparently too crushed, or -- dare I say it -- too drunk to make her own concession speech, quickly followed by one legacy media anchor after another obviously near tears or in tears over Clinton's loss, followed by recriminations about how the polls had misled them. Then we had the furor about auditing or recounting the votes in several states that Clinton lost, then the ignorant rants about the popular vote, then the "Russians hacked the election" cries, and finally the attempt to suborn enough electors to at least throw the election into the House. How did we get into this mess?

The polls were not wrong.

Now, those of you who were around in 2012 will recall that I've had my own disappointments with polls. There's a reasonable explanation of how polls work in those articles, but to summarize: A poll is done by choosing a relatively few people randomly and asking them for whom they plan to vote. If we really have managed to choose randomly, and the pool of all voters is large compared to the number of our sample, then we can assume that the number of votes for one candidate or the other will be roughly in the same proportion of our sample.

To make this a little clearer, assume all the votes were counted using marbles, with red marbles for Trump and blue marbles for Clinton. After the voting is done, we'll count all the marbles to get a precise number, but for now we're more concerned with speed than exact accuracy, so we're going to take a sample of some small number of marbles and assume that's representative of the whole.

Since we know that our sample can't be perfectly representative of the whole, we compute a margin of error. Without going into the technicalities, the margin of error is basically a bet, just like most everything else in probability. In this case, if I say the poll is Clinton 45, Trump 41, with a 3 percent margin of error, I'm really saying there's 1 chance in 20 that Clinton will get above 48 percent or below 42 percent; contrariwise, there's 1 chance in 20 that Trump will get more than 44 percent or less than 38 percent.

And that's all it says.

Of course, we have to make guesses about the election in the future based on what people say, and people cussedly refuse to behave like marbles -- they change their minds, they have a sick kid, they can't get time away from work, any number of things. So pollsters also create something called a turnout model, which predicts how many people with certain characteristics will actually vote, and then fudge the percentages based on that. (Again, there's lots more detail in these 2012 articles.)

The turnout model is where things went astray in both these elections. In 2012 I put down a marker on Romney winning based on the polls and what looked like an outrageous oversampling of Democrats.

Of course, it didn't turn out that way; the legacy pollsters' turnout models were right, with much heavier Democrat turnout than Republican. It was only later that we discovered there had been a massive voter-suppression campaign run out of the IRS.

In 2016, the same thing happened in reverse: the turnout models were estimating that more Democrats would vote than actually did; what's more, there seemed to have been a significant Dinkins Effect, where people were unwilling to tell some stranger on the phone that they were going to vote for Trump.

But, even when we add in the turnout models, all those predictions say is "it's 1 chance in 20 that the votes will fall outside the margin of error, assuming turnout is the way we modeled it."

In this case, if we look, for example, at the RealClearPolitics polls and poll averages, what we see is that Trump and Clinton were within their margins of error in most polls (and the outlier came down on the Clinton side anyway.)

The upshot of all this is that the polls were actually right -- but an awful lot of journalists don't understand what the polls are actually saying.

It's very unlikely the actual voting machines were hacked.

The notion that the Clinton campaign was seriously looking for Russian hacking of the actual vote seems to have started with an article in New York Magazine. The author of the article -- Gabriel Sherman -- is clearly not very technical; he took a Medium post by J. Alex Halderman and misread it badly to say it seemed likely that voting machines had been hacked against Clinton's interests.

Interestingly, when Halderman added a note to his Medium post to say the article misstated his opinion, Sherman added a note mentioning the change -- but not that Halderman had disagreed with his article.

Halderman, in his Medium post, makes the point that he doesn't really think hacking had anything to do with the results either.

But we shouldn't trust them anyway.

In any case, Halderman and Ron Rivest both had written recently about the risks involved with computerized voting. (For non-geeks, Ron Rivest is the R in RSA encryption, which is behind most modern cryptographic approaches. Very smart guy.) Their point was that since we know voting machines have vulnerabilities, we should take steps to audit their results, especially in machines that don't keep a separate paper trail. But these audits would be expensive if every vote had to be recounted manually and compared with the machine tally, so they suggested a risk-driven approach. They suggested some states that Clinton lost by a small margin that might be ripe for an audit.

Halderman and Rivest are right about voting machines by the way. Given access, someone with the appropriate skills can modify it to change votes, change the visible ballot, or play Yankee Doodle.

Russian "fake news" didn't cheat Clinton out of her turn.

This is one of those "oh, get serious" points. Look, there's no doubt whatsoever that the Russians have an advanced cyberwar capability and the will to use it. They just softened up Ukraine by hacking their power grid and turning off the lights. (Didn't hear much about that, did you? And they think Trump is giving Putin a pass.) There's no doubt that this is a real threat, and I understand from sources that phrases like "another Pearl Harbor" are going around among the people who know things.

But what happened with the DNC hacks, as opposed to the cyberattacks on Ukraine, is that real emails -- with real evidence of corruption, conspiracy, and real election rigging in the primaries -- got revealed.

If that was part of why the Democrats got pretty well trounced, and the Russians helped, we should probably thank them and ask why our press wasn't looking into the same things.

Voter fraud does exist and it is a problem: Detroit proved it.

The press to audit or recount the votes did have one interesting effect, though. By choosing to recount Michigan, it forced a recount of Detroit and Wayne County, major Democrat strongholds, a Democrat machine operation really. And -- insert Gomer Pyle clip here -- surprise, surprise: two-thirds of the districts couldn't be recounted, because the recorded votes and totals could not be reconciled with the ballots, with the voter rolls, or apparently with reality. One district, it was reported, totaled 306 votes, but only had 50 ballots. Other districts registered more votes than they recorded voters signing in.

Thanks to a peculiarity of Michigan law, the districts in which these irregularities were noted had their original vote counts stand. Election officials discounted these, citing errors, poor training, any number of things. But ... seriously? The city administration in Detroit is so incompetent that fully two thirds of their districts made disqualifying errors by accident? Is that really the simplest hypothesis? We'll never know the truth, since by law these mysterious districts can't be recounted.

No one who was even slightly cynical and half awake should have found this tremendously surprising. Voting mysteries in Democrat machine towns have been around for a long time. I had my own experience with voting mysteries when I was an election judge in Pueblo County, Colorado, and saw a rare GOP lead in an election reverse exactly after a computer crash.

Dead people voting in Chicago is so commonplace it's a joke; districts in Cleveland in 2012 with astounding turnout (over 100 percent of registered voters) that go 100.000 percent for the Democrat candidate were mentioned in hushed whispers by the legacy media, and then quickly forgotten; close statewide elections in Washington state have been decided by repeated discoveries of uncounted absentee ballots in Kings County that just happen to finally turn the election to the Democrat candidate.

It seems, however, that there was a strategic error this time. By raising the Russian hacking ruckus, the Clinton side made a recount of Detroit a national issue, and once it was a national issue, everyone saw there was something deeply wrong.

So that's the question, isn't it? When you sort out all the self-serving outrage, finger pointing, and denial, we really have learned some useful things through the "OMG the wrong guy won!" furor.

The first one is that there is a real computer security crisis in this country. This is not a surprise -- we saw it coming when I was an active computer security researcher in the '80s and '90s when the Internet was just a baby and the Web hadn't been invented.

It was obviously coming when Windows viruses became a major problem, and that problem arose because Windows has basic architectural flaws. (So did the Macintosh operating system then, OS/9. Apple handled that by building OS/X, a complete replacement based on a much more secure platform. Microsoft handled it by keeping Windows.)

It was glaringly obvious when we had a succession of very successful attacks -- Target, the Office of Personnel Management, Yahoo, and of course the successful unauthorized disclosure of DNC emails. (Some of it is even due to the architecture of the Internet itself -- the original internet, ARPAnet, wasn't built to be secure, it was built to be able to survive atomic war.) Now, though, the crisis is real and immediate. Just ask Ukraine, where Russian cyberattacks turned off the lights as a tactic in the Russian war against Ukraine.

Nearly 30 years since the Internet started and more than 20 since the World Wide Web was invented, we have a massive backlog of insecure software. It's not going to be easy to fix, and it's not going to be cheap. We would have been better off if we'd paid more attention in 1985. But we're stuck -- it has to be done.

How? That's for another time.

Second, we can no longer deny that our election system -- sometimes, and in some places -- is corrupt. I'm a great believer in Heinlein's Razor: all things being equal, stupidity is a better explanation than malice. It's possible that all the flaws we've seen in the Detroit recount were simple incompetence. The scale of the problems has got to be accounted for as at least gross negligence, and it's hard not to think that it was awfully convenient gross negligence.

Some of the rest of this can't be dismissed as mere negligence. One example? The number of dead people who have been discovered to have voted multiple times since they died. If people are on the rolls after death, that can be incompetence or negligence. There is no way they can actually vote without fraud.

Long term, this can be solved with audits and universal use of voting machines that can be trusted, and that are certified by an independent, non-partisan organization like Underwriters Laboratories. But that will take a long time and a lot of changes.

In the meantime, we need to go back to the sort of voting practices we impose on third-world countries: physical paper ballots, counted in public with representatives of all parties on hand. Voter IDs and identities checked at the time of voting against death certificates and criminal records. The indelible-ink trick, and maybe we make Election Day a national holiday, along with a PR campaign to make "I Voted!" with an upraised, stained index finger into a badge of honor.

As I said, I hoped the political craziness would settle down after the election, and I was mistaken. But the craziness, annoying as it has been, revealed real issues. Maybe the craziness is our chance to actually solve some of these problems.