Who's behind complaints about computerized voting?

10 thoughts on “Who’s behind complaints about computerized voting?”

1. I’ve given my credentials here in the past on this issue, and I won’t bother repeating them, but IMNSHO, the current crop of electronic voting machines are not only inadequate, they’re unacceptable.

   Paper ballots have problems, true.  They also have safeguards.  When you go to the polling place, you are validated as a voter who hasn’t yet voted.  Your name is checked off of a list.  Someone else gives you a ballot.  They tear off a stub, or cross off a number, or something – to keep track of the ballots they’ve distributed – no name attached.  You vote on the ballot, and a second stub is removed and stored to indicate which ballots were actually voted.  Your ballot, sans any identifiers, goes into a locked ballot box for which none of the election judges has a key.  The ballot boxes are sent to a central counting location where, under supervision of representatives from all parties, they are opened and the ballots counted.  In order to subvert the system, you have to have multiple people colluding, probably from at both major parties.  Or you have to have a system where people ignore the warning signs of a broken election.

   Under our current electronic systems, you don’t have some of those redundant controls.  The machine itself is an unknown, audited in most cases only by a company hired by the vendor.  The State doesn’t have access to the source code or hardware specs in order to validate the machine; neither do the parties.  Assuming someone accepts these ridculous caveats to the initial integrety of the machines themselves, we then move to the voting process.  The vendors often program the machines, and there are documented cases in the short history of these systems where vendors made unauthorized, uncertified updates to the machines – sometimes at the last minute.

   Diebold machines in particular are also vulnerable to someone sticking in a memory card with vote modifications which are completely invisible to a high-level audit.  Diebold counting software runs on an insecure database which can be accessed and altered in a “double-counting” scheme where audits appear correct but vote totals are rigged.  On most electronic DRV or ballot programs, ballot ID numbers are printed in such a way as to provide possible association of ballots to voters – contrasted to normal paper ballots, where numbered stubs are removed prior to putting the ballot in the box…  On most DRV systems, ballots are kept on a constant paper strip, which also makes associating votes to voters easier.  The Hart eScan machines require opening of the ballot box when machines jam.  Further, touchscreen electronic systems are prone to miscalibration and have been proven to be much more expensive to maintain than predicted.

   I’m a computer professional; I’m certainly not anti-computer.  But I recognize a system that’s not ready for prime time when I see it.  I might trust one of these machines to run the election for the local chess club, but I wouldn’t trust them to run our democracy.

   Ken Gordon has fought to correct these shortcomings.  His original 2005 bill included provisions for full auditability of the software and hardware on these machines.  He wanted a stronger random audit procedure for vote results.  He understands voting and the potential pitfalls around both paper and electronic voting practices.

   So when you ask what kind of candidate it will take to strengthen our elections, the answer is simple: Ken Gordon gets it.  If you can’t trust the election system, you really can’t trust government or democracy.  This is the heart of our country; anything less than our best is selling our country short.

   Log in to Reply

   1. It would be absurd to say that paper ballots can’t be manipulated.  Just ask LBJ, the elder Daley, and others.  But considering the recent election fiasco in Maryland, it has to be said that electronic methods are vulnerable to many of the same manipulations – and then some.

      Log in to Reply

   2. Thanks for the detailed and thoughtful response. Very interesting, and what you say makes sense to me.

      Is it possible to list the qualifications of a potential consultant on voting machines and processes?  What are they?

      Is it possible to list the things electronic voting machines must be able to do, and not do? What are they?

      Is there a detailed article on this topic and related to these questions that you can link us to?

      tia

      Log in to Reply

      1. Here’s a link to the Princeton Center for Information Technology. They hacked the Diebold and published a paper on the hack plus Diebold’s reply and their reply to Diebold.

         Log in to Reply

         1. This 2004 blog is from Schneier on Security.

            He has a followup May 2006 blog on Diebold here.

            Now I have to read this stuff.

            Log in to Reply

         2. The Princeton experiment was done in a cntroled environment. There were not things like election judges, County Clerk staff memebres, etc to watch out for.

            In real life, vote machine have numbered seals on them. If a seal is broken, something is wrong and the machine should not be used.

            No system, whether paper or machine is 100% full proof. Machines could, with much difficulty, be altered. Paper ballots, with less, but still substantial, difficulty could be stolen, detroyed, replaced, etc.

            Again, I say: If you are more comfortable voting on paper, then do so, either by absentee or provisional ballot. If you are comfortable with machine voting, see you on election day.

            Log in to Reply

         3. After reading the Princeton paper and related materials, the blogs by security experts and comments made on those blogs, it appears to me that:

            1. The voting machine companies aren’t playing straight with the people who buy or use their equipment. All voting machines and software should be federally certified by an Underwriters Laboratory or Consumer Reports type of testing and evaluation firm or agency.
            2. Public officials who buy voting equipment are in way over their heads, and they don’t even know how to hire consultants who can write good RFPs, evaluate them and help buy machines that work.
            3. As Deming says about quality, it’s the system stupid, that makes people look stupid. The legislators who wrote the election laws look really stupid, because they wrote laws that would make anyone look stupid.
            4. The estimated 5% error rate with electronic voting systems now in use is unacceptable.
            5. Computerized voting is more prone to errors because there are more steps in all-computer voting than in paper ballot voting.
            6. Election officials should require that all software be open source so that it can be examined and improved by any voting and security experts who care to look at it. Keeping code secret hurts accuracy and security.
            7. Paper trails need to be created that allow voters to cast their votes on the computer, get a print out of their completed ballots, confirm the accuracy of their ballots and then deposit their ballots in a ballot box for recounting if necessary. Don’t let people take their competed ballots home, because that will lead to fraud, vote buying, intimidation and abuse.
            8. Society has to determine what kind of error rate is acceptable, if any. In 2000, we said none and legislators tried to give us risk free voting.  Security experts claim 100% accuracy is almost impossible when all-computer voting machines are used.
            9. Probably the biggest problem is that all people involved in politics and elections are paranoid and risk averse, which makes getting anything accomplished very difficult.
            10. By mandating all-computer voting, Congress has created a whole new consulting industry that will be forever fully employed evaluating and auditing expensive equipment and software. If I were young and starting out, I’d specialize in elections consulting, security, hardware and software.

              Big bucks are just waiting to be wasted by public officials.

            What else is new?

            Log in to Reply

   3. Before the election, a test is done on a sample of machines by representatives of the parties and in view of anyone from the public/media who wants to be there. The machines to be tested are selected by the testers, not by anyone who would have access to the programming. The testers at no point are given access to the programming.

      After the election, an audit is done on admittedly too few randomly selected machines. The random selection is done by computer in the Sec. of State’s office. The software that does this is not made by any of the manufacturers of the voting machines. The audit checks several components but most importantly it checks the results recorded by the machine against the results printed on the VVPAT. So far, and yes the uses have been limited in number so far, there has not been an instance in Colorado of the VVPAT and the electronic recorded vote being different. To the best of my knowledge there has not been any instance of a difference elsewhere in the US either, but I have not researched thoroughly to say that definitively.

      If a hacker were to somehow miraculously get past all election, security, and warehouse personnel, and all security precautions at the manufacturer, they would need to alter a significant number of machines to be assured they would throw an election. If they only hacked say 5, there would be a reasonable chance those 5 may not even be used on election day or have enough votes cast on them to make a difference in the outcome. Let’s face it: if someone is going to go to all this trouble, they are going to make certain they have thrown the election one way or the other, so they will need to hack a significant percentage of the machines.

      With that many machines hacked, it would be absurd to believe that NONE of the bad machines would be picked by the testing panel before the election or for the audit afterwards. It is numerically possible that could happen, but the odds would not be in the hacker’s favor.

      I will say again: no system is perfect. But there ARE measures in place to prevent fraud. Can there be more? Always. Do I let the remote chance of a vast conspiracy stop me from voting? Not on your life.

      Log in to Reply

      1. Perhaps you aren’t aware, but the Diebold machines can be hacked both at the voting machine and tabulating machine levels in a way that bypasses the audits.  The Diebold machines essentially have “double booking”; an audit can return a “valid” result and the machines can still have an “invalid” total!  It’s not good.

         The testing process doesn’t test the final machines – it tests the machines as they are when tested.  It has been proven in several cases that voting machine manufacturers have “updated” their code after the tests.  It’s not good procedure, but it’s valid at least in some states (not sure about here…)

         There have not, to my knowledge, been reports of audit failures, but that might be because most states don’t have audits on these machines!  We’re one of the few – we’re leading the pack thanks to Ken Gordon and others – and we only got this law in 2005, so we haven’t ourselves had a chance to see how it works.

         In most scenarios of electronic election fraud, the “hackers” are election workers or equipment vendors.  The hacks of these machines are not difficult; they’re known and repeatable.  Due to “interesting” rulings in some locations, some can be done via the Internet.  Others can be done – without removing the security seals – by infrared ports that are left active.  Still others can be done if security seal procedures are lax.  And others can be done on the central tabulating machines, which are often accessible at the clerk’s office.

         Now on the more positive side: you said that the audits were done on random machines.  Are they done on the entire result for that machine?  Or just portions?  I’ve never understood the concept of audits on the VVPATs under our laws (which specify percentage audits).  It would seem that only a complete comparison between the two results, using electronic procedures indistinguishable from regular vote tallying, would produce a valid audit; querying the machine for individual ballot comparisons means (a) leaving a human-readable ballot ID on the VVPAT ballot, and (b) doing something that could trigger the software to fake a valid audit.

         I’m not suggesting not voting.  I’m stating that the current systems do not properly meet auditing requirements under any normal definition of a reliable system.  The answer to “did my vote count” is currently “I don’t know, and no-one can tell you.”  If you still feel most comfortable voting electronically after this discussion, please do so.  If you’re uncomfortable with the security of these systems as most computer security professionals – and a growing number of voters – are, then pick up an absentee ballot or an optical ballot at the polls.

         Voting is important.  But reliable voting is *as* important, and it’s something we need to address with the vendors once Ken Gordon is in the Secretary of State’s office (before then would be nice, but I’m a realist…).  You wouldn’t trust a car whose brakes only worked 95% of the time, or was subject to someone being able to turn it off remotely.  We don’t certify computer software to run nuclear power plants unless it’s proven to be reliable through a strict audit process.  And we shouldn’t trust our voting systems – a major factor in our trust of our democracy – to anything less than a fully audited system that operates under strict and verifiable procedures at all times.

         Log in to Reply

         1. I will not begin to defend Diebold. After the problems that have occurred in other states, I was frankly appalled that Colorado allows them at all.

            My machine knowledge is pretty limited to Sequoia because that is what Denver uses. I ahve tried out other brands at trade shows etc, but have not really gotten a GOOD look at them.

            As for you question about the audit (which we actually have done one now: Aug 2006). It is a comparison on the randomly selected machines of randomly selected races. I agree this is not adequate and more thorough audits should be done.

            Log in to Reply