Pluralistic: Georgia's voting technology blunder (18 Apr 2026)

Today's links Georgia's voting technology blunder: It's possible for Dominion machines to suck, but not in the way that Tucker Carlson says they do. Hey look at this: Delights to delectate. Object permanence: GWB's illegal iPod; McDonald's breakfast sandwich fanfic; Technofeudal debt; "The Everything Box"; $100m deli. Upcoming appearances: Los Angeles, San Francisco, London, Berlin, NYC, Barcelona, Hay-on-Wye, London, NYC. Recent appearances: Where I've been. Latest books: You keep readin' em, I'll keep writin' 'em. Upcoming books: Like I said, I'll keep writin' 'em. Colophon: All the rest. Georgia's voting technology blunder (permalink) Nearly 25 years ago, in the aftermath of Bush v Gore, I got involved in a bunch of ugly tech policy fights over voting machines. The hanging chad debacle in Florida prompted Congress to appropriate funds for states to purchase new touchscreen voting machines based on a robust, open standard. The problem was, those machines didn't exist. The voting machine industry in those days was already very consolidated (it's far more consolidated today). They went shopping for a standards body that would publish a spec for a "standard" voting machine that could soak up those federal dollars in time for the 2004 election. The only taker was the IEEE, who unwisely offered to serve as host for this impossible rush job. Once the voting machine reps were around a table at IEEE – largely sheltered from antitrust scrutiny thanks to the broad latitude enjoyed by firms engaged in standardization, which is otherwise uncomfortably close to collusion – they admitted what everyone already knew: there was zero chance they were going to develop a new standard in time for the election. Instead, they decided they were going to publish a "descriptive standard." Rather than designing a new standard, they'd write down the specs of their own products – the same products that were considered so defective they needed to be replaced before the election – and call that the standard. That was my first encounter with this issue as an activist. I had just started at EFF and a lot of our supporters were IEEE members, who were appalled to see their professional association being used to launder this incredibly politically salient, technically incoherent scam. We got a ton of IEEE members to write to the board, who shut down the standards committee and kicked the voting machine companies to the curb. The voting machine companies weren't done, though. Diebold – one of the leaders in the cartel – knew that its voting machines were defective. They'd crash, lose their vote-counts and malfunction in other ways that were equally damaging to election integrity. This was an alarming piece of news, but perhaps just as alarming is the way it came to light. A Diebold employee described this situation in a memo that was subsequently hacked and dumped by parties unknown. That memo, along with the accompanying tranche of extremely alarming revelations about Diebold's voting machine division, was the subject of one of the first mass-censorship copyright campaigns in internet history. Diebold didn't dispute the veracity of these damning revelations: rather, it claimed that since the memos detailing its gross democracy-endangering misconduct had been prepared by an employee, that they were therefore works-made-for-hire whose copyright was held by Diebold, and thus anyone who reproduced the memo was infringing on the company's copyright. Under Section 512 of the then-new Digital Millennium Copyright Act, Diebold was empowered to send "takedown notices" to the web hosting providers whose users had posted the memos, and if the web hosts didn't remove the content "expeditiously," they would be jointly liable for any eventual copyright damages, which are statutorily set at $150,000 per infringement. Every web host folded. No one wanted to take the risk of tens of millions of dollars in statutory damages. (Incidentally: anyone who tells you that "online safety" requires us to make online platforms liable for their users' speech needs to explain how this wouldn't empower every crooked company whose dirty laundry had ended up online wouldn't just do what Diebold did. It's not technically insanity to do the same thing over again in expectation of a different outcome, but it is awfully stupid and reckless.) That might have been the end of things, except for the kids at Swarthmore, a small liberal arts college in Pennsylvania. Two students, Nelson Pavlosky and Luke Smith, were outraged by Diebold and they had accounts on Swarthmore's webserver. So they uploaded thousands of copies of the leaked memos, but linked to just one of them from a page about the leak. As soon as that copy was deleted by Swarthmore's webmasters in response to a DMCA takedown from Diebold, the students updated the link to point to another copy. And another. And another. That's where EFF got involved. We repped the Online Policy Group, whose page linking to the Swarthmore resources was taken down by a Diebold notice. We won. The memos became a matter of public record. The Swarthmore kids started a nationwide network called "Students for Free Culture." It was pretty danged cool. That wasn't the end of the Diebold story, though. Diebold was and is a very diversified conglomerate that made a lot of tabulating machines: ATMs, cash-registers, medical monitoring devices…and voting machines. Every one of these machines produced a paper-tape of its tabulations as an audit trail that could be used to reconstruct its calculations if it crashed…except the voting machines. The voting machines that kept crashing, and whose crashes presented a serious risk to the legitimacy of US elections in the wake of the worst electoral crisis in the country's history. Diebold's stated reason for this was that adding a paper tape was haaaard (even though all its other machines had paper audit tapes). Not only was this a very unconvincing excuse, it was downright alarming in light of the promise of Walden O’Dell (Diebold CEO and prominent Bush fundraiser) to help "Ohio deliver its electoral votes to the president": https://fairvote.org/diebold-partisanship-and-public-interest-elections/ Now, to be clear, I don't think that O'Dell was going to steal the election for Bush (that's the Supreme Court's job). Rather, he was just a loudmouth asshole CEO who supported the (up to that point) worst president in American history, and who also made garbage products that were not fit for purpose. In the decades since, voting machines have been the subject of lots of scrutiny by the information security community, because they suck. Time after time, the most sphincter-puckering defects in widely used machines have come to light: https://blog.citp.princeton.edu/2006/05/11/report-claims-very-serious-diebold-voting-machine-flaws/ The hits just kept on coming: https://web.archive.org/web/20061007120655/http://openvotingfoundation.org/tiki-index.php?page_ref_id=1 At Defcon, the amazing Matt Green has presided over the Voting Village, where it's an annual tradition for hackers to probe voting machines. This exercise has produced a string of terrifying revelations that precisely described how these machines suck: https://www.votingvillage.org/cfp Pretty much everyone I knew thought that voting machines were garbage technology…right up to the moment that the My Pillow guy, Tucker Carlson, and a whole menagerie of conspiratorial Trumpland mutants started peddling a bizarre story about how Hugo Chavez colluded with the Canadian voting machine company Dominion Voting Systems (who bought Diebold's voting machine business when they finally dumped the division) to rig the 2020 election for Joe Biden. They told so many outlandish lies about this that Fox ended up paying Dominion $787.5 million to settle the case: https://en.wikipedia.org/wiki/Dominion_Voting_Systems#Dominion_Voting_Systems_v._Fox_News_Network That's when something very weird happened. A bunch of people who had been skeptical of voting machines since the Brooks Brothers Riot suddenly became history's most ardent defenders of those same garbage voting machines. The cartel of voting machine companies – who had a long track record of using bullshit legal threats to silence their (mostly progressive) critics – were drafted into The Resistance(TM), and anyone who thought voting machines were trash was dismissed as a crazy person who has been totally mypillowpilled: https://web.archive.org/web/20210203113531/https://www.washingtonpost.com/outlook/2021/02/03/voting-machines-election-steal-conspiracy-flaws/ There's a name for this: it's called "schismogenesis": when one group of people define themselves in opposition to someone else. If the other team does X, then your team has to oppose X, even if you all liked X until a couple minutes ago: https://pluralistic.net/2021/12/18/schizmogenesis/ This schismogenic reversal persists to this very day. Every time Trump promotes another election denier to his cabinet, a federal agency, or a judgeship, the idea that voting machines are garbage becomes more Stop the Steal-coded, even though voting machines are, objectively, garbage. Which is bad. It's bad because we are going into another election season where the stakes are – incredibly – even higher than Bush v Gore, and electoral authorities and state legislatures are making the world's most unforced errors in their voting machine procurement decisions, and if you've conditioned yourself to reflexively dismiss voting machine criticisms as conspiratorial nonsense, then you are part of the problem. Just because some voting machine criticism is conspiratorial nonsense, it doesn't follow that voting machines are good, nor does it follow that every voting machine critic is a swivel-eyed loon or ratfucking Roger Stone protege. Take, for example, Princeton's Andrew Appel, a computer scientist who's been publishing well-informed, well-documented warnings about defects in voting machines for years and years. Appel's latest is an alarming note about Georgia's new plan to "tabulate" ballots using OCR software: https://blog.citp.princeton.edu/2026/04/10/ballot-tabulation-by-uploading-scanned-images-for-ocr-is-quite-insecure/ The Georgia legislature has wisely banned the use of QR codes on the paper ballots generated by touchscreen voting machines. We have, at long last, progressed to the point where we use "ballot marking devices" (BMDs) that produce a paper record that can be hand-counted. The problem is that voters barely ever glance at these paper ballots before dropping them in the box to make sure the choices they made on the touchscreen are correctly reflected on the ballot – only 7% of voters carefully inspect their ballots! This problem is greatly exacerbated if these ballot papers are tabulated by a machine that reads a QR code or barcode, rather than interpreting the human-readable information on the ballot. People are even less likely to pull out their phones and scan the QR code to ensure it matches the words on the paper. That means that a BMD could output different choices in the QR code than it prints in the human-readable part – and the Dominion BMD machines they use in Georgia run outdated software that's super-hackable: https://blog.citp.princeton.edu/2026/02/24/georgia-still-using-tragicomically-insecure-voting-system/ So Georgia's state leg passed Senate Bill 189, which establishes that "The text portion of the paper ballot marked and printed by the electronic ballot marker indicating the elector’s selection shall constitute the official ballot and shall constitute the official vote for purposes of vote tabulation." In other words, you can't count by scanning QR codes, you have to actually interpret the human-readable text on these ballots. These machines still suck, to be clear (the fact that they don't suck for the mypillovian reasons that Tucker Carlson believes doesn't mean they're good) – but thanks to SB189, they are way less dangerous to democracy than they might be. But not if Secretary of State Brad Raffensperger gets his way. Raffensperger is another guy who was drafted into The Resistance(TM) after he refused to commit election fraud for Trump, but he's also not good. He can still be terrible in other ways – and he is. Raffensperger has announced his plan to circumvent the Georgia legislature by using Dominion ICX touchscreens to produce ballots with QR codes, which will then be tabulated in Dominion ICP scanners – but then he's going to "verify" the tabulation by running those same ballots through optical character recognition (OCR) software. As Appel points out, this is the same stupid plan that Raffensperger tried in 2024, where he called the OCR step an "audit" of the QR tabulation. Back then, he grabbed 200dpi "ballot image files" from the Dominion BMDs and ran them through OCR software run by a company called Enhanced Voting. Appel sums up the fundamental incoherence of this approach. First, the BMDs are super-hackable, so we don't trust them to print the same info in the QR code as they print in the human-readable text (which no one looks at anyway). If we don't trust them to print accurate info in the QR code, then why would we trust them to accurately generate that 200dpi QR code that's generated for the audit? As Appel writes, "it would be fairly easy for an unsophisticated attacker to alter ballot-image files–just replace the ballots they don’t like with copies of the ones they do like." Then there's the step where these files are zipped up and transferred to the outside vendor for the audit – a step that Raffensperger has not explained. And even if the files make it to the outside contractor safely, that contractor could "change the inputs (ballot images) or outputs (tabulations)." So this is very bad. Voting machines suck. Raffensperger sucks. And here's the stupidest part: as Appel explains, there is a much more secure way to do this, and it's very cheap: Just use their existing Dominion ICP (polling-place) scanners to count preprinted, hand-marked optical-scan "bubble ballots" that the voter has marked with a pen. This is what other states are doing. As Appel writes, "This doesn’t even require a software upgrade of any kind. Although it would be a fine idea to install a software upgrade that addresses known security vulnerabilities in the ICX and ICP, the ICP can count hand-marked ballots with or without the upgrade." This is a purely unforced error, in other words. As such, it's part of a series of shitty vote-tech choices that politicians and officials have been making since Bush v Gore. Truly, we live in the stupidest timeline. Hey look at this (permalink) Announcing EFF's Public Resource Fellowship https://www.eff.org/deeplinks/2026/04/announcing-effs-public-resource-fellowship Wrench – Side Table A by Iyo Hasegawa https://adorno.design/pieces/wrench-side-table-a/ BOOM: Ticketmaster GUILTY of Monopolization https://www.thebignewsletter.com/p/boom-ticketmaster-guilty-of-monopolization I Was an Enthusiastic Early Adopter of AI Scribes. Here’s Why I Stopped https://benngooch.substack.com/p/i-was-an-enthusiastic-early-adopter Mayhem’s Legacy: Why MetaBrainz Matters More Than Ever, and Why We’re Looking for Someone to Lead It https://compassmapandkey.com/2026/04/18/mayhems-legacy-why-metabrainz-matters-more-than-ever-and-why-were-looking-for-someone-to-lead-it/ Object permanence (permalink) #20yrsago GW Bush’s iPod contains “illegal” (according to RIAA) music https://memex.craphound.com/2006/04/16/gw-bushs-ipod-contains-illegal-according-to-riaa-music/ #20yrsago Fan fiction community for McDonald’s breakfast sandwiches https://web.archive.org/web/20120112221730/https://mcgriddlefanfic.livejournal.com/profile/ #10yrsago High tech/high debt: the feudal future of technology makes us all into lesser lessors https://web.archive.org/web/20160415150308/https://www.theatlantic.com/technology/archive/2016/04/rental-company-control/478365/ #10yrsago Three pieces of statistical “bullshit” about the UK EU referendum https://timharford.com/2016/04/three-pieces-of-brexit-bullshit/ #10yrsago Southwest Air kicks Muslim woman off plane for switching seats https://web.archive.org/web/20160416041342/http://www.independent.co.uk/news/world/americas/muslim-woman-kicked-off-plane-as-flight-attendant-said-she-did-not-feel-comfortable-with-the-a6986661.html #10yrsago China’s Internet censors order ban on video of toddler threatening brutal cops https://chinadigitaltimes.net/2016/04/minitrue-4/ #10yrsago Tiny South Pacific island to lose free/universal Internet lifeline https://www.rnz.co.nz/news/pacific/299017/niue-to-get-better-internet-service-at-a-cost #10yrsago The Everything Box: demonological comedy from Richard “Sandman Slim” Kadrey https://memex.craphound.com/2016/04/16/the-everything-box-demonological-comedy-from-richard-sandman-slim-kadrey/ #5yrsago People's Choice Communications https://pluralistic.net/2021/04/16/where-it-hurts/#charter-hires-scabs #5yrsago "Anti-voter-suppression" companies are lobbying to kill HR1 https://pluralistic.net/2021/04/16/where-it-hurts/#tissue-thin #5yrsago $100m deli made $35k in 2019/20 https://pluralistic.net/2021/04/16/where-it-hurts/#hometown #5yrsago Mass-action lawsuit against Facebook https://pluralistic.net/2021/04/16/where-it-hurts/#sue-facebook #1yrago Trump fought the law and Trump won https://pluralistic.net/2025/04/16/weaponized-admin-incompetence/#kill-all-the-lawyers Upcoming appearances (permalink) Los Angeles: LA Times Festival of Books, Apr 19 https://www.latimes.com/events/festival-of-books San Francisco: 2026 Berkeley Spring Forum on M&A and the Boardroom, Apr 23 https://www.theberkeleyforum.com/#agenda London: Resisting Big Tech Empires (LSBU), Apr 25 https://www.tickettailor.com/events/globaljusticenow/2042691 NYC: Enshittification at Commonweal Ventures, Apr 29 https://luma.com/ssgfvqz8 NYC: Techidemic with Sarah Jeong, Tochi Onyibuchi and Alia Dastagir (PEN World Voices), Apr 30 https://worldvoices.pen.org/event/techidemic/ Barcelona: Internet no tiene que ser un vertedero (Global Digital Rights Forum), May 13 https://encuentroderechosdigitales.com/en/ Berlin: Re:publica, May 18-20 https://re-publica.com/de/news/rp26-sprecher-cory-doctorow Berlin: Enshittification at Otherland Books, May 19 https://www.otherland-berlin.de/de/event-details/cory-doctorow.html Hay-on-Wye: HowTheLightGetsIn, May 22-25 https://howthelightgetsin.org/festivals/hay/big-ideas-2 SXSW London, Jun 2 https://www.sxswlondon.com/session/how-big-tech-broke-the-internet-b3c4a901 NYC: The Reverse Centaur's Guide to Life After AI (The Strand), Jun 24 https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html Recent appearances (permalink) When Do Platforms Stop Innovating and Start Extracting? (InnovEU) https://www.youtube.com/watch?v=cccDR0YaMt8 Pete "Mayor" Buttigieg (No Gods No Mayors) https://www.patreon.com/posts/pete-mayor-with-155614612 The internet is getting worse (CBC The National) https://youtu.be/dCVUCdg3Uqc?si=FMcA0EI_Mi13Lw-P Do you feel screwed over by big tech? (Ontario Today) https://www.cbc.ca/listen/live-radio/1-45-ontario-today/clip/16203024-do-feel-screwed-big-tech Launch for Cindy's Cohn's "Privacy's Defender" (City Lights) https://www.youtube.com/watch?v=WuVCm2PUalU Latest books (permalink) "Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce "Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025 https://us.macmillan.com/books/9780374619329/enshittification/ "Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels). "The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org). "The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org). "The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245). "Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. "Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com Upcoming books (permalink) "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/) "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026 "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027 "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027 "The Memex Method," Farrar, Straus, Giroux, 2027 Colophon (permalink) Today's top sources: Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor. "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE. "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING. A Little Brother short story about DIY insulin PLANNING This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net. https://creativecommons.org/licenses/by/4.0/ Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution. How to get Pluralistic: Blog (no ads, tracking, or data-collection): Pluralistic.net Newsletter (no ads, tracking, or data-collection): https://pluralistic.net/plura-list Mastodon (no ads, tracking, or data-collection): https://mamot.fr/@pluralistic Bluesky (no ads, possible tracking and data-collection): https://bsky.app/profile/doctorow.pluralistic.net Medium (no ads, paywalled): https://doctorow.medium.com/ Tumblr (mass-scale, unrestricted, third-party surveillance and advertising): https://mostlysignssomeportents.tumblr.com/tagged/pluralistic "When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer. ISSN: 3066-764X