Honest Voting

Dorothy Fadiman’s new documentary, Stealing America: Vote By Vote, is another in a line of documentaries about the problems with America’s election process. Fadiman, an Emmy-award winning filmmaker, decided to make the movie after she worked as a volunteer at the polls in 2004, when she heard repeated complaints from voters that their votes for Kerry were switched to votes for Bush.

Michael Ordoña, writing for the San Francisco Chronicle, asked a couple of electronic voting machine manufacturers what they thought about the issues raised by this and similar movies.

Chris Riggall, a spokesperson for Premier Election Solutions (the rebranded Diebold) said this: “Sometimes the criticisms [of machines’ security vulnerabilities] are not factual because they are based on incorrect assumptions (such as networking or the presence of wireless ports on machines). On other occasions, the studies have recommended valuable improvements. … There’s no question that the emphasis on system security by voters, election officials and the industry is much greater now than it was, say, five years ago.”

Peter Lichtenheld of Hart InterCivic said, “I think the key issue right now is voter confidence.” Lichtenheld blamed controversial elections in 2000 and 2004 and the perceived misconduct of certain officials such as Katherine Harris in Florida, not faulty electronic voting systems, for generating distrust. (I have to admire Lichtenheld’s ability to glide over the role that electronic voting systems played in those controversial elections.) Lichtenheld reportedly pointed out that his company’s systems were the only ones for which California Secretary of State Debra Bowen did not require changes for use in 2007.

Oh, other people will fill that gap, Mr. Lichtenheld.

Okay, at this point the story’s been around — as it should be, because for heaven’s sake! — but I didn’t want you to think I’d missed it.

Diebold Election Solutions, which recently rebranded itself as Premier, has admitted that their software dropped “hundreds” of votes in Ohio’s March 2008 primary elections, and not because of any conflicts with antivirus software, either.

As previously mentioned here, Diebold/Premier originally blamed conflicts caused by antivirus software from McAfee Inc., but as Grant Gross writes for Computerworld, this week the company blames a logic error in the machines’ GEMS source code for the problem.

“We now have reason to believe that the logic error in the GEMS code can cause this event when no such antivirus program is installed on the server,” Premier President Dave Byrd wrote in a Tuesday letter to Ohio Secretary of State Jennifer Brunner. “We are indeed distressed that our previous analysis of this issue was in error.”

Wow, Brunner must have caught them seriously red-handed somehow.

“Numerous tests by voting authorities had failed to identify the logic error before Ohio discovered the dropped votes, Byrd wrote.” Uh-huh. What a surprising result — we all know how rigorous that testing has been.

Brunner thanked the board officials at the Butler County Board of Elections for going “above and beyond the call of duty” in tracking down the problems with the Diebold machines.

It’s not only voting activists who’ve noticed the potential bottleneck at the polls this year.  The New York Times‘ editorial board writer Adam Cohen wrote today that in Ohio “tens of thousands of votes were suppressed by something so mundane that no one thought to focus on it: long lines.”

Cohen points out that most of the decisions about polling stations and voting equipment are made by local officials, not state or national leaders. The result is that efforts to coordinate numbers of machines and ballots may sometimes be hamstrung by disjointed planning or even various kinds of bias.  (College towns may do their best to minimize votes from the college population, for example.)

Cohen, who was in Ohio for the 2004 election, says he watched tens of thousands of people give up on voting when faced with hours-long lines to reach the voting booth.  Therefore he’s cheered to learn that Ohio’s secretary of state, Jennifer Brunner (mentioned previously on this blog) — is “hyperfocused on long lines” for the coming election.  He reports that she has been pushing reluctant local election officials to have at least one voting machine for every 175 voters, and she is also directing counties that use electronic voting machines to have backup paper ballots on hand equal to 25 percent of the 2004 turnout — ballots that can also be used if lines get out of control.  Missouri’s secretary of state, Robin Carnahan, has been doing much the same; in addition she is providing funds for the hiring and training of poll workers, which will be needed in November in record numbers.

But most other states aren’t considering these issues. Let me second Cohen here: “An election in which people have to wait 10 hours to vote, or in which black voters wait in the rain for hours, while white voters zip through polling places, is unworthy of the world’s leading democracy.”

Note to Ohio:

Dear Ohio,

If the condition of electronic voting machines in your state continues to be so parlous that your state is written up in Scientific American as a bad example, wouldn’t you think it behooves you to get more of a move on? (Political play on words not really intended; it’s just a bonus.) I mean, Scientific American, folks. That’s like having your sweet old scientist grandmother pick you up at school after you were sent to the principal’s office.

I don’t really mean to lecture Ohio’s secretary of state, Jennifer Brunner, who isn’t dawdling. Along with the spot attack of suing Premier (the rebranded Diebold)*, Brunner last year commissioned Project EVEREST, a comprehensive security review of the electronic voting technology used throughout Ohio, to identify any problems that might make elections vulnerable to tampering.

Larry Greenemeier writes for Scientific American that during the 10-week project, teams of academic researchers from Pennsylvania State University, the University of Pennsylvania and WebWise Security (a security firm formed in 2005 by faculty and students from the University of California, Santa Barbara’s security research group) examined DRE touch-screen and optical-scan voting systems from Premier (the rebranded Diebold)*, Election Systems and Software (ES&S) in Omaha, Neb., and Austin, Tex.–based Hart InterCivic as well as the software that manages these systems.

Patrick McDaniel, a Penn State professor of information security, led the EVEREST testing.

A lot of the attacks that McDaniel and his team tested could be carried out at a polling place or county elections office in a matter of seconds. An example: when researchers placed a piece of white tape over part of an e-voting system’s scanner, they were able to effectively block it from reading the entire ballot. In other words, a person could put the tape in a place that kept the system from counting votes for a particular candidate. The team also found that the keys to unlock Hart’s ballot box could also be used to open the ballot boxes on the Premier systems.In a more serious attack, McDaniel found that his researchers could replace the memory card in some of the e-voting systems. “Any software you put on your card would [be] uploaded into the system’s computer,” he says.

Later, at the apocalyptically named Last HOPE conference:

University of Pennsylvania researchers who led EVEREST’s analysis of ES&S e-voting technology described exploitable security vulnerabilities in almost every hardware and software component of ES&S’s touch-screen and optical-scan systems. Some of these flaws, [EVEREST researcher Sandy] Clark said, could allow a single voter or poll worker with bad intentions to alter countywide election results, possibly without election officials ever knowing that the results had been tampered with. “There wasn’t an attack that we tried that we weren’t able to carry out,” she added. “We learned that every current e-voting system has serious exploitable vulnerabilities.”

It might not be too late to convert to paper ballots, Secretary Brunner.

_____
*I’m considering making this the standard form for referring to the beleaguered and doubtless felonious voting machine manufacturer, just as the much missed SPY magazine of the 1980s used to always refer to Donald Trump as a “short-fingered vulgarian” and Lynne Cheney as a “bosomy dirty-book writer”.

Computer scientist and founder of the Association for Computing Machinery’s U.S. Public Policy Committee (USACM) Barbara Simons has been appointed to the Election Assistance Commission (EAC) Board of Advisors, which oversees voting and technology standards. (The press release says, “She will hold a seat that is allocated for science and technology professionals.” I assume this is the empty seat on the EAC Technical Guidelines and Development Committee; neither the EAC or the USACM websites are more specific.)  The Election Assistance Commission is pitifully underfunded and understaffed considering how much it’s responsible for, but having Simons there has to be good.

Dr. Simons is an encryption and privacy expert who previously served as president of ACM. Simons was a member of the National Workshop on Internet Voting, convened at the request of President Clinton, and participated on the Security Peer Review report that resulted in the cancellation of the U.S. Department of Defense’s Internet voting project because of security concerns. Simons also co-chaired the ACM study of statewide registered voter databases, and served on a subcommittee of the President’s Export Council for Encryption. Notably, she and fellow USACM member Ed Felten testified before Congress in September 2006 about the necessity for voter-verified paper trails in the election process.

Simons was one of three computer scientists behind the “Diebold Bombshell” announcement, a denunciation of the technical flaws inherent in voting machines from Diebold (recently rebranded as Premier). She is currently co-authoring a book on voting machines with University of Iowa computer scientist Douglas W. Jones.

California’s Secretary of State Debra Bowen gave the keynote address at the Usenix security conference last week, cementing her reputation as the secretary of state who best gets IT.

In her speech, titled “Dr. Strangevote, or: How I Learned to Stop Worrying and Love the Paper Ballot,” Bowen said optical scanning was a “pretty good, although not perfect alternative” to direct-recording electronic voting.

Elinor Mills writes for CNet:

A paper ballot is a permanent record that is easy to audit, whereas electronic vote records and audit logs can be altered, she said. And many e-voting systems use Microsoft Access for tallying votes, which opens the system up to fraud, she added. “Votes can readily be moved from one column to another …. without being detectable.”

California and West Virginia are the only two states that have a statutory requirement for random manual vote tallies, according to Bowen.

“I added requirements for additional manual tallies of 10 percent of precincts in any contest where the margin of victory is less than one half of one percent,” Bowen said. If there is a problem with the scanning software for any reason additional audits can be done, she added.

It’s nice to live in a state where I feel as though the Secretary of State has our back.

The Open VotingConsortium (OVC) has been working with scientists and engineers around the world since 2001 to produce what its members consider a trustworthy open-source voting machine — on Tuesday, August 5th it will put its machine to the test with a mock election at LinuxWorld in San Francisco.

Deborah Gage writes in the San Francisco Chronicle that the new machine costs about $400, one tenth of the cost of proprietary voting machines, even less if made in quantity. OVC co-founder Alan Dechert says this is possible because the machine is simply designed and based on free, open-source software. The code that runs the voting machine is based on the work of a former UC Berkeley student, Ka-Ping Yee. A slightly more in-depth precis of the system can be found here.

People who attend the conference will vote by scanning a bar code on their badges, then selecting a candidate from a computer screen. When they’re done, they will print their ballots, which will include their bar codes. A separate machine can scan the bar codes and read their votes back to them if they choose.

This still leaves some questions of security, anonymity, and vulnerability to be answered, of course.

This group, more than several of the other groups mentioned here so far, focuses on what individuals can do to improve the voting process. I’ve been writing a lot about national groups and international issues. In the United States that’s more likely to keep concerned individuals at a distance, wringing their hands and wondering what they can do.

Here’s what you can do:

A core concept we have at EDA is that all elections are local. There is no substitute for taking action in the precincts and counties where you live and vote.

Our goal at EDA is to build local-to-national collaboration among regional election integrity groups acting locally but also with collective strategy for effecting national outcome. This collaboration we speak of is not one-way and top-down, but two-way and interactive. Local groups have invaluable direct experience that can be synthesized and applied at a national level. A national group can develop research, legal, media, and fundraising capacities that are beyond the scope of smaller local groups.

We encourage you to go get active with a local or regional election integrity group where you live — and then put that experience to work at a national level as well, by becoming an active member of an EDA Working Group. Everything that you learn and do on the local level can be leveraged for double-duty, working with EDA to build a collaborative national effort.

To find a state or regional election integrity group near you, see this directory:

http://electiondefensealliance.org/regional_election_integrity_organizations

Reading that perks me up a bit as I stare at the end of the July 4th weekend.

It’s going to be difficult not to just run to Bruce Schneier’s site whenever I’m casting about for a topic. He’s been thinking about election integrity for a long time.

Here’s something you might not have seen in Wired, though. In the July 2004 issue of Communications of the ACM, Paul Kocher and Bruce Schneier wrote a short op-ed essay called “Insider Risks in Elections.” Kocher and Schneier wondered just how many votes a purported election fraudster would have to switch while doing the most good for Political Party X. The answer is, not very damn many.

“In order to gain a clear majority of the House in 2002, Democrats would have needed to win 13 seats that went to Republicans. According to Associated Press voting data, Democrats could have added 13 seats by swinging 49,469 votes. This corresponds to changing just over 1% of the 4,310,198 votes in these races and under 1/1000 of the 70 million votes cast in contested House races. The Senate was even closer: switching 20,703 votes in Missouri and New Hampshire would have provided Democrats with the necessary two seats.

Of course, it isn’t possible to anticipate exactly how much fraud or undetected error would alter the winner of each race. It would also be suspicious if Democrats won 13 districts by exactly one vote. As a result, modestly more votes would need to be changed. In 2002, fraud that changed 2% of the votes in a few contested races (or 1/250 of the total votes) would have completely changed the balance of power in Congress.”

The authors postulate that, in the 2002 US elections, every percent of the vote added to a candidate’s victory was worth $60,000 — after examining the question more closely, they eventually concluded that swinging only ten percent of the opposition’s votes on a 250-vote machine would be worth $5,000 in a close race. In other words, vote-tampering gets you a lot of bang for your buck.

“The evidence clearly shows voting systems must be designed to counter very well-funded and sophisticated opponents,” they remind us. It’s kind of a shame that most of our electronic voting systems still lie open to anyone above the level of script kiddie.

I don’t care if she’s already elected, I want to vote for Debra Bowen for California Secretary of State again.

Bowen has focused her legislative efforts on computer privacy, spam, and security for 15 years. In 1993, her first year in elected office, she successfully passed AB 1624, landmark legislation that put all of California’s bill information on the Internet. In the years since, she has worked to protect individuals’ online privacy, and to strengthen the auditing of electronic voting equipment to ensure accuracy in voting.

A couple of years ago I was lucky enough to attend one of the panels on election and voting security that Bowen convened in Menlo Park. The stories I heard there are yet another reason this blog exists: scholars, computer scientists, and voting-rights activists pointed out over and over just how easy it was — still is, in many respects — to fix an election with current voting technology.

Within six months of Bowen’s election as Secretary of State in 2006, she’d insisted on a top to bottom review of California’s voting machines. She continues to hold voting machine vendors’ feet to the fire.

On January 16, 2008, the News Hour with Jim Lehrer aired a story on how California county election officials were responding to Bowen’s insistence on “either choose a secure voting machine or use paper ballots” — here’s the transcript of their story. Interesting that the story’s web subhead was “The State of California is racing to fix unexpected problems with its voting machines…” You know what? The problems weren’t unexpected, thanks to Bowen’s work with secure-voting experts. Too bad for the counties that didn’t want to protect the accuracy of their constituents’ votes.”

Wikipedia tells me that in March of this year she was given the Profile in Courage Award by the John F. Kennedy Presidential Library and Museum. I’m just glad to know that she’s got our back.