CO-04 (Special Election) See Full Big Line

(R) Greg Lopez

(R) Trisha Calvarese



President (To Win Colorado) See Full Big Line

(D) Joe Biden*

(R) Donald Trump



CO-01 (Denver) See Full Big Line

(D) Diana DeGette*


CO-02 (Boulder-ish) See Full Big Line

(D) Joe Neguse*


CO-03 (West & Southern CO) See Full Big Line

(D) Adam Frisch

(R) Jeff Hurd

(R) Ron Hanks




CO-04 (Northeast-ish Colorado) See Full Big Line

(R) Lauren Boebert

(R) Deborah Flora

(R) J. Sonnenberg




CO-05 (Colorado Springs) See Full Big Line

(R) Jeff Crank

(R) Dave Williams



CO-06 (Aurora) See Full Big Line

(D) Jason Crow*


CO-07 (Jefferson County) See Full Big Line

(D) Brittany Pettersen



CO-08 (Northern Colo.) See Full Big Line

(D) Yadira Caraveo

(R) Gabe Evans

(R) Janak Joshi




State Senate Majority See Full Big Line





State House Majority See Full Big Line





Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
December 08, 2011 12:37 AM UTC

Gessler Wants to Lower Voting Machine Security Standards

  • by: Alexei

Has he lost his freaking mind!?!?!

Full story here: Denver Post story


25 thoughts on “Gessler Wants to Lower Voting Machine Security Standards

  1. Election machines in Colorado are held to standards that are above and beyond national standards and those of most other states. You may think that is a good thing, but not so in some cases.

    I never thought I would say these words, but, some of Gessler’s suggestions make sense. A little background, though, for context.

    One of the SOS’s jobs is to certify election machines in Colorado. We use three different vendors and counties use a variety of different machines across the state (optical scanners, for example, vary by county). As I mentioned, the legislature believed that the more stringent the security requirements, the better the security; however, some vendors weren’t able to meet the requirements (paper receipts, DREs…) and consequently, Coffman had to decertify all machines in Colorado (even though the same machines were in use and certified under federal (HAVA) and state standards in other states around the country).

    Needless to say having no certified machines in the state and no way to get them into compliance (even with millions of dollars of investment by counties and the state) by the ’06 election, was a bit of a clusterfuck. Coffman was allowed to conditionally certify the machines until 2014, effectively kicking the can down the road. The deal was Colorado would move away from voting machines and DREs and instead rely on a paper based voting system (undefined in statute but could refer to paper receipts from machines or punch cards or mail in ballots for all elections).

    Time flies when you’re having fun and now it is getting to be that time of re-certification. The counties and the state are looking around saying, “Shit, the vendors still don’t have some of the required technology we say we need and no one has the funding to buy and upgrade the voting machines! We’re hosed.”

    I don’t know of each security requirement that Gessler is speaking to, but the ones listed in the article make sense. Some of the Colorado regulations are based on paranoia of election advocates and black box conspiracy theorists, rather than sound public policy.

    Unfortunately when we have such a partisan ass clown in the SOS chair, recommendations that his office makes and he announces get drowned out in the resulting partisan backlash.

        1. essentially, whatever number of seals it takes to ensure the security of the device.

          If placing one security seal on each of four seams is good, then do that.  If putting the seals over the screws that hold the thing together is sufficient, then do that.

          This sounds reasonable, at least on the surface.  What’s the point of specifying the need to put seals on the four edge seams of a device if there’s an access panel on the bottom or a removable keyboard panel for which there’s no standard of security?

          The worry is that someone will say “we don’t need a seal on that fourth side, because one of the other seals would break…” – and then finding some enterprising soul who is able to pry just the right section of the device apart to reach an SD card containing votes or code for the device.

        1. but voting machines, for sure. They’re unreliable and hackable, all of them. It’s a joke. Without a paper trail, elections are unverifiable and recounts impossible.

          *FWIW, they’re also private-sector products. Accountability is low and corruption charges have dogged their use ever since they began replacing ye old hand cast paper ballots a decade ago.  

          1. Voters get the paper receipt copy of the ballot they voted electronically, and then it’s out the door.  No way in hell all the folks that voted at a particular place or a particular machine are going to be notified, contacted, and return their paper ballots for polling verification.

            Does anyone really think that the machine(s) that screwed up, or was hacked, or whatever, when prompted to reprint paper ballots for reverification is not going to produce equally glitched reprinted paper ballots verifying 100% of the results of the glitched accounting program?

            1. I meant that the voter fills out or generates a paper ballot, verifies that is their vote, and turns it in. And that is collected and held securely.

              While there’s always the chance for errors in the voting systems, my worry is much more intentional fraud by replacing the software. And no amount of seal, video cameras, etc. can cover all the ways to swap out the code.

              1. Paper ballot?  Seems awfully damn buggy-whipish; what year are we living in?  Did Dean Singleton put you up to this?

                You’re telling us that we should trust our lives to pilotless airline programs, but it’s impossible to create a machine that accurately counts ballots?  Effing priceless?

                1. It’s not impossible to create a machine that accurately counts ballots, but it is difficult at best to create a machine that stores ballot results as verified by a voter, securely and unalterably.

                  A paper ballot presented to the voter and then stored securely in e.g. a ballot box ensures a record that the voter has physically reviewed and was not tampered with in software between the voter’s selection and vote counting.

                2. Writing a program that can count ballots better than people – yes that can be done today.

                  Securing that program so that it is impossible for someone to inject their own code in it – that’s the part that’s impossible today.

                  1. Writing a program that can count ballots better than people – yes that can be done today.

                    The standard is “voter intent.”

                    I don’t think a machine is capable of discerning voter intent, particularly when someone spills coffee on their ballot but sends it in anyway.  It happens lots more often than you think.  Those kinds of ballots are kicked out by the scanners and require hand inspection to discern voter intent, which is generally pretty easy to the human election judges.

                    1. With DRE equipment, whether it outputs a VVPAT or an optical ballot, voter intent can be made clear and unambiguous.

                      If I fill out an optical ballot by hand, I could make stray marks, or erase a choice, or use a pencil that’s too light, or fill out two choices instead of one, or…  But if I fill out the same ballot using DRE equipment, none of those things are true – the ballot the equipment prints out is my vote, pre-checked for errors and consistently printed, ready for accurate counting by the vote tallying system.

                      So it most definitely is possible for a machine-based system to be more accurate in counting than a completely human-based system.  The problem lies in ensuring that the machine based system and its ballots are not tampered with.  That is where human review in the form of VVPAT requirements, audits, etc. come in.

                    2. There are more components to an election system than hardware and software.  Other key components are procedures, people, and training.

            2. The VVPAT paper stays with the machine.  The voter can look at it to verify that the machine properly recorded how they voted, but it stays with the machine and is available for an audit or recount.

              It is somewhat of a level of protection against hacked machines because it is printed in real time as the voter votes.

              1. I hadn’t personally seen that system in use myself (damn mail-in ballots) — makes sense.

                One question, are the machine results on the VVPAT system automatically reverified against the paper receipts at the end of the (every) vote?  If not, what would trigger a review of the VVPAT paper ballots?  How would someone, not your run-of-the-mill delusional paranoid, have any legitimate indication that the electronic results from any particular machine or group of machines had miscounted the voting?

                1. Audit summary – 5% of all machines (including at least one of each type of machine) must be audited to ensure no machine-based discrepancies between VVPAT records and machine tallies.

                  In addition, during a recount, a sample set of VVPAT ballots and machine tallies are compared, and if a discrepancy exists, the VVPAT records are considered the only source of balloting data to be used during the recount.  

  2. People are very paranoid about the security of their vote on voting machines, yet are willing to allow any Tom, Dick or Harry have access to their ballot under a CORA request.

    If legislators are serious about protecting a person’s vote, they’ll deny, or put stringent sideboards on, the ability for the public to gain CORA access to votes, and require CO become an all mail in ballot state.

    Only in this way will anonymity be protected and a verifiable paper trail established.

    1. A paper ballot is supposed to be anonymous.  It shouldn’t (theoretically) matter who sees the ballots, and CORA access to the ballots is one way to provide independent validation of the vote count.

      Key word ‘theoretically’.  Due to the oddities of local special districts (more a problem here in Colorado than in many states), there appear to be circumstances where some small number of ballots may be personally identifiable for some elections.  And of course there are problems with being able to reconstruct voter check-in records against roll paper VVPAT records, and with machines that put numbers on paper ballots which can be correlated to check-ins.

      When done properly, both paper and electronic ballot records should be safe for CORA release, and we should fight for that ability to increase the security of our voting rights.  What we must fight for first is the anonymity of those records via technological changes, more sane political boundaries, and when all else fails, for some method of anonymization to obscure those political boundaries that might result in personal identification of votes.

      1. I agree with you, theoretically neither of these should be an issue.

        And you are spot on:

        What we must fight for first is the anonymity of those records via technological changes, more sane political boundaries, and when all else fails, for some method of anonymization to obscure those political boundaries that might result in personal identification of votes.


        Not sure how we achieve the political boundaries objective, but we can  definately find ways to ensure that ballots cast, electronically or by paper, are protected from those who wish to use the system for partisan or personal reasons.

        1. Then it should be possible to respond to a records request with some kind of redacted copy of the ballot, separating out the identifying information.

          Fixing political boundaries is difficult given the current organization of the state and lack of synchronization between districts at different levels.  E.g. if the State Senate and State House were changed such that it was possible to fit House districts inside of Senate districts, we could reduce or remove those oddities.  If counties re-arranged their precincts based on state and federal district lines – i.e. after those lines were finalized – then we could likewise minimize differences within the county.  Other states do this.

Leave a Comment

Recent Comments

Posts about

Donald Trump

Posts about

Rep. Lauren Boebert

Posts about

Rep. Yadira Caraveo

Posts about

Colorado House

Posts about

Colorado Senate

64 readers online now


Subscribe to our monthly newsletter to stay in the loop with regular updates!