E-Voting: The Next Florida?

[Ladewig]

Kevin_Lowe

It's just insane to have voting in the hands of private companies with proprietary software. The fact that the companies involved look shady is just the icing on the cake.

This aspect of the problem is the most important. When the private companies tell the state boards of election that the machines are ready and the state official ask to test the code or even look at the code, the companies say, "no, the contract you signed does not include the right to look at source code - after all, this stuff is a trade secret - just trust us."

We are talking about untested, uncertified code that will be put in use for one day (meaning all glitches have to be fixed immediately).

As for the posters implying that Subgenius is Chicken Little, keep in mind that Fortune magazine called paperless voting "the worst technology of 2003."

 

[subgenius]

Fortune magazine, that liberal rag?
Let me anticipate the response to the assertion that it was the worst tech of '03: "its been fixed since then."

 

[HerNibs]

I have to put in my two cents here.

First, let me state that I agree that DRE’s have several problems. A guarantee of an accurate recount definitely being one of them. My county does not currently use DRE’s but we do use a Diebold AccuVote ballot reader.

One of the concerns of the election officials was stated earlier. What guarantee is there that the paper vote verification slip accurately displays the elector’s intention? None.

Another concern that we have is what is to prevent vote selling. Once we issue a paper receipt what is to stop an elector from walking out of the polling place with PROOF of what they voted. Elector – “Here representative of candidate X, proof of how I voted. Give me my $1,000.” The slips could be collected but then we face the fact that a secret vote just flew out the window.

I am reasonably sure that if someone was to open up a DRE’s in a polling place one of our poll workers or a member of the public would notice. Without a paper trail yes a recount would be difficult. But the DRE’s would not be the only item verifying the process.

Voting fraud can certainly happen in the polling places with DRE’s but the real concern for voter fraud is in the registration process itself. In my state you can register to vote and cast a vote without ever coming in contact with any election official.

The root of the problem is not what is being addressed. It is possible to have some type of receipt or something that is given to the elector but the real voter fraud potential is not in the polling place. Heck, very few violations are ever prosecuted. The fixes coming from the legislature are NOT going to help. Just cost more, cause more confusion, more work, delay certifying results and turn more people away from voting.

 

[Luciana]

Don't you think that all of those objections regarding security weren't raised and discussed to death?

In the days of the elections there was major hacker activity and DOS in many servers. Because the voting system is decentralized, those attacks amounted to nothing except clogging our internet.

Universities, the armed forces, international consulting companies and even hackers were hired to contribute and evaluate the system.

For the conspiracy theorists - this whole system was developed under the presidency of Fernando Henrique Cardoso. His candidate lost by a wide margin, and so did his party throughout the country.

Also, in all elections (president, senator (2), state and federal deputies), the results were consistent (in some cases, spookly similar) to those forecasted by poll institutes. Don't you think that there would be discrepancies if there had been fraud?
If we are to consider that the ballots were tampered with, we have to include all of the poll institutes (private, universities) in the conspiracy. We're talking about hundreds of people everywhere who had to know the results of the fraudulent elections before it even started. What's the likelihoood? This is moon hoax material.

Yep, if Brazil could do it, the US can, of course.

 

[HerNibs]

I haven't seen a concern posted that I haven't heard addressed in committee sessions. Experienced election officials have voiced all these (and more) concerns to the committee(s) pushing various bills.

A DRE that spits out a ballot that would then be counted by another machine doesn't exist today (as far as I know). The cost to each county would be astronomical. The cost would then fall on the tax payer.

I agree that it is quite easy to determine if there is something fishy going on when results are viewed. At a quick glance at results I can tell if something strange has occurred in a polling place.

I still state that the problem is the registration process and the enforcement of the election laws. A person who votes twice should be prosecuted. Instead we spend time trying to figure out ways to keep them from doing it again. Educating the elector is also a key way to improve the process.

Just a note, prior to any election there is a Logic and Accuracy Test that is done by the election official with party representatives and representatives of ballot issues and candidates. No election takes place unless everyone who attends the testing signs off on the accuracy of the machine(s).

It's just sad when less than half of the interested parties show up for the testing.

I agree that this is the moon hoax all over again but I hate to say that black helecopter paranoids are the ones being listened to in the legislature.

 

[Luciana]

Just a note, prior to any election there is a Logic and Accuracy Test that is done by the election official with party representatives and representatives of ballot issues and candidates. No election takes place unless everyone who attends the testing signs off on the accuracy of the machine(s).

It's just sad when less than half of the interested parties show up for the testing.

Yep, we did have that too. I don't know how many attended - I don't think candidates did - but party representatives were certainly. Each thinking that the other candidate would be taking advantage of that.

 

[subgenius]

I like that: "Yep, if Brazil could do it, the US can, of course."

 

[HerNibs]

Ladewig brought up the point that there is question about the testing of the software/hardware for vote tallying. Let me state, I do not fully understand source codes or the policing of source codes but I do know that any system undergoes testing by NASED’s Independent Test Authorities (Wyle Labratories, Systest Labs). If there is any variation in the system that is tested and the system that is delivered it may be rejected. The ITA may also test the source code.

Now, I do not take part in the testing nor do I have any bias towards any ITA, I am just familiar with the two listed.

I may not understand Ladewig’s point and if I have it wrong or I seem to be assuming something I apologize and please correct me.

 

[Luciana]

I like that: "Yep, if Brazil could do it, the US can, of course."

Brazil is exporting that know-how as we speak. The elections were deemed fraud-free by the international community. We're poor, and we did it. So why couldn't the US, much richer, do the same or even better?

I was skeptic about the efficiency of the system at first. But after reading about the process, back in 2001, and considering the raving reviews by people with authority to do so, I was convinced it would work. It did even better than predicted. The logistics of it was astoundingly complicated (think a huge country with isolated areas, time zones and the elections taking place for the duration of a day, from 9 to 6pm) and yet it worked marvellously.

 

[Ladewig]

Misfeasance trumps certification

HerNibs
I do not fully understand source codes or the policing of source codes but I do know that any system undergoes testing by NASED’s Independent Test Authorities (Wyle Labratories, Systest Labs). If there is any variation in the system that is tested and the system that is delivered it may be rejected. The ITA may also test the source code.

My bad. Although after doing more research, I discovered that certification can still be trumped by misfeasance. Story from Wired.com

SACRAMENTO, California -- An audit of Diebold Election Systems voting machines in California has revealed that the company installed uncertified software in all 17 counties that use its electronic voting equipment. While 14 counties used software that had been qualified by federal authorities but not certified by state authorities, three counties, including Los Angeles, used software that had never been certified by the state or qualified by federal authorities for use in any election.

Here's a story describing flaws with the current certification system in general and with Diebold in particular.

As it turns out, the states typically do not examine the computer code at all, relying instead on a "Logic and Accuracy" test which will not catch fraud and has frequently missed software programming errors that cause the machines to miscount.

A Diebold message board has been used since 1999 to help technicians in the field interact with programmers to solve problems. The contents of this message board were quietly sent to reporters and activists around the world, most likely by a Diebold employee. In a letter to WiredNews, Diebold has acknowledged that these memos are from its own staff message boards.

Here's the Maryland Department of Budget and Management website which includes a report ("State of Maryland Risk Assessment Report Diebold AccuVote-TS Voting System") describing the Diebold AccuView TS voting system as "not compliant with the State of Maryland Information Security Policy and Standards"

This Risk Assessment has identified several high-risk vulnerabilities in the implementation of the managerial, operational, and technical controls for AccuVote-TS voting system. If these vulnerabilities are exploited, significant impact could occur on the accuracy, integrity, and availability of election results. In addition, successful exploitation of these vulnerabilities could also damage the reputation and interests of the SBE and the LBEs.

I do not have faith in a software company that delivers code for testing that includes bugs that generate "several high-risk vulnerabilities." I would prefer a company that does not deliver a product that uses a "FTP server to distribute the approved ballots."




As for overseeing the qualification process:

The NASED site notes that the most official list of qualified products falls under the domain of the Federal Election Assistance Commission. Unfortuantely, that agency actually began operations only 34 days ago despite legislation requiring it to be in place 12 months ago. The agency is responsible for developing voluntary voting machine standards, certifying voting systems, auditing grant recipients, studying a number of issues in election administration, and most importantly, distributing more than $2 billion to states for the purchase of new voting machines and new voter education programs. Information about the EAC can be found on the Federal Election Commission site.

 

[HerNibs]

I agree that certification can still be trumped by misfeasance. I believe that would be true to any system. The problems in those counties in California seem to be the fault of the election officials. Those counties should not have used uncertified systems. The officials should be called on the carpet and held responsible for their actions or inactions. The system should never have been used.

Counties do depend a great deal on the “Logic and Accuracy Tests” and it may not be the best defense if it was the only defense against fraud. The tests are only one step in many. The steps range from verifying that the number of signatures in a poll book match the number of votes cast to a certification of votes cast process done after the election. No county should be allowed to hold elections with out a comprehensive plan that details actions to deal with equipment failure, potential fraud or even acts of nature.

Thank you for the link to the Maryland Dept. Risk Management document, I had not seen it before. I have just read a portion of it and will continue reading but from what I have read so far the high-risk vulnerabilities again seem to be procedural rather than functional. I don’t know of any county in my state that has their tallying system on a network. As for distributing an approved ballot to an FTP server, I’m not sure I understand to what that is referring. I would never distribute our ballots that way, not to a polling place, not to a printer, not to anyone. I cannot say that other counties do not use an FTP upload.

You are correct in stating that the FEAC is new but state certification and having software/hardware certified by Wyle Labs etc. is not. Even before the FEAC and NASED, election equipment has been certified by the Secretary of State and Wyle Labs (in my state). The new HAVA laws really don’t help the situation. The legislation that is referred to also allows a county to delay any implementation until the year 2006. Election officials have been hounding the FEC for guidelines for quite some time.

I just don’t see how having a paper receipt can fix all or any of these problems. It just isn’t that simple of a fix. The counties need to enforce the current election laws and educate the public. If you have an incompetent election official get rid of them.

Any voting process has a potential for fraud. I don’t believe that requiring a DRE to give receipt will substantially reduce the potential for fraud. Throwing more legislation at an already convoluted process is just making it worse.

 

[subgenius]

Her Nibs:
Any voting process has a potential for fraud. I don’t believe that requiring a DRE to give receipt will substantially reduce the potential for fraud. Throwing more legislation at an already convoluted process is just making it worse.

____________

Spoken like someone who has a certain evaluation of the power and necessity of a vote. Brazil can do it, we can too.
All depends on who's ox is getting gored.
Yes, this is also the greatest country on earth. That is hardly the equivalent of saying " we are perfect and cant improve."
Could you be wrong about your opinion that a form of verification may reduce the potential for error (I didn't suggest fraud)? And if so, is that not an important thing to accomplish? In terms of civil (non-violent) society?
Especially in lignt of the fact that Brazil has acheived it with not so much problem.
If you can't be wrong about your opinion, then there's no use in talking fujrther, right?

 

[subgenius]

The administration has put to death any plan that would
allow you to have some type of backup paper ballot or
receipt. Which is pretty strange when you think about it. You
get a Slurpee from a 7-Eleven; you get a receipt. You vote for
President of the United States, and you get no record to
prove exactly how you voted.
....
Who owns and manufactures these machines?
PALAST: iVotronics is owned by a company called ES&S
[Election Systems and Software], founded by Senator Chuck
Hagel, the Republican senator from Nebraska. Hagel
became senator after Nebraska installed his voting
machine. It was quite extraordinary, because you ended up
with a Republican candidate winning in black districts in
Nebraska. So obviously Chuck took his voting machine out
for a test spin and did quite well.
Hustler: He owns part of this company?
PALAST: He’s out of it now, but he founded it.
Hustler: What about Diebold?
PALAST: Diebold is another Republican-connected
company.
.......

http://www.larryflynt.com/notebook.php?id=27


I'm now taking any bet, at any odds, that if there is a question in the next election, it has something to do with these receiptless machines. Not a reason in the world they can't have paper back-up.
Any takers?

 

[RCNelson]

A bit more from the interview with Greg Palast:

PALAST: . . . We just had an election in Texas in
which three Republicans won with exactly 18,181 votes.
Hustler: All three won with the exact same number of votes?
PALAST: The Republican elections officials thought that was
quite an interesting coincidence. These were done on
iVotronics machines, but the Democratic officials were
actually able to go back and reset the machine to re-tally the
votes and, lo and behold, suddenly the Democrats won. So
if you think that this is a tamper-proof system, I’ve got a
bridge to sell you in Brooklyn.

. . . .

Hustler: Recently Walden O’Dell, the CEO of Diebold voting
machines, promised to deliver votes to Bush.
PALAST: The CEO of Diebold, who has become one of
Bush’s big donors, promised at a fund-raiser to help deliver
the vote to Bush in Ohio. I hope that it gives someone pause
about using his machines, but apparently not.

I think I'll be voting absentee this year.

BTW: Greg Palast has an excellent web site at The Writings of Greg Palast.

 

[HerNibs]

If the machines are or have been pre-set or tampered with, what would make me think that the receipt that is issued would display a valid vote? It may display what I voted but how would anyone know if that is what the machine is recording?

I don’t really have a problem with a receipt being issued. People want receipts, ok, then a receipt can be created. I stated some concerns that are facing election officials. Measures can be put in place to keep the receipts confidential and keep them from leaving the polling place. Probably not a big deal to institute.

A DRE that is not correctly tallying votes should not make it to a polling place. Any responsible election official would have these machines certified and then tested again in the office. Regardless of who builds them and who owns the company, it is up to the election official to verify that the machine is functioning correctly. Malfunctioning machines or tampered with machines that are being used in any election are the fault of the election official running the election.

I am most certainly open for suggestions and discussion. I think the system has a huge potential for improvement. One improvement or change that I would like to see is having more public education about the entire process. People should walk into their election office and ask to see the process, from beginning to end, ask questions.

 

[subgenius]

Any non verifiable voting method weakens faith in the system which is the whole point of voting in the first place.

 

[Bjorn]

If the machines are or have been pre-set or tampered with, what would make me think that the receipt that is issued would display a valid vote? It may display what I voted but how would anyone know if that is what the machine is recording?

We wouldn't, unless you put your 'receipt' in a ballot box, allowing us to counter-check all or some districts - is the result from the computer the same as what we manually count? You need a bit of a conspiracy theory to believe that the 'receipts' would also be tampered with.

If the existing companies cannot deliver such a system, why don't we start a company ourselves? The NOCHEAT system would make us rich!

(New Original 'Can Have Elections All Trust')

 

[HerNibs]

Subgenius, I agree. I believe any non verifiable voting method is a mistake.

Bjorn, yes, putting the receipt through another ballot box would verify your vote. I would have to be a conspiracy theorist to believe that there would be tampering with the receipts. From your statement I see the “fix” is procedural with a check and balances kind of solution.

As for your other statement, the NOCHEAT system would fit in nicely with an idea that a few of us have been giggling about – elections-r-us. We would travel about and do elections, now we would have a system to offer as well!! Just need a catchy slogan.

 

[subgenius]

One example of weird things happening with e-voting machines:
Texas
Date: 2002
Area: Comal County
System: touch-screen
Problem: three Republican candidates each won with exactly 18,181 votes, called weird (alphabetical equivalent: ahaha)
Outcome: no audit; according to County Clerk "just a big coincidence"
Many others found at:
http://www.stimson.homestead.com/states.html

This is a non-partisan issue:

FOR IMMEDIATE RELEASE
January 15, 2004
CONTACT: Eddie Page 703-766-4467

FAIRFAX GOP POSTS VOTING MACHINE INTEGRITY REPORT ON WEB SITE

Report Calls for an Independent Review of the New Voter Technology

Fairfax County, VA - The Fairfax County Republican Committee has posted Operation Ballot Integrity, a report outlining technological and systemic failures associated with the County's new Direct Recording Equipment used on Election Day.

Eddie Page, Chairman of the Fairfax County Republican Committee said, "this report reveals to the public that, no matter how advanced the technology, ballot integrity and voter confidence should never be compromised. Unfortunately, on November 4, 2003, the new Fairfax County Digital Voting Equipment raised questions about our most basic voting assumptions."

"Voters want to make a difference, and they also want to know that their vote counts. However, the new technology, although promising at first, appears to leave too many unanswered questions. We can only hope that the county and state will resolve these important issues in the future," Page said.
http://www.fairfaxco-gop.org/press.html#ballot

Go here to find out more, and how to help:
http://www.verifiedvoting.org/

 

[Bjorn]

One example of weird things happening with e-voting machines:
Texas
Date: 2002
Area: Comal County
System: touch-screen
Problem: three Republican candidates each won with exactly 18,181 votes, called weird (alphabetical equivalent: ahaha)
Outcome: no audit; according to County Clerk "just a big coincidence"
Many others found at:
http://www.stimson.homestead.com/states.html

Ahem, from 5 posts above this:

These (the three 18,181 victories) were done on iVotronics machines, but the Democratic officials were actually able to go back and reset the machine to re-tally the votes and, lo and behold, suddenly the Democrats won.

It seems like there was an audit after all.