| Avi Rubin: My day as an election judge http://avirubin.com/judge.html Avi Rubin authored the Johns Hopkins Univ. Study on E-voting Machines I continue to believe that the Diebold voting machines represent a huge threat to our democracy. I fundamentally believe that we have thrown our trust in the outcome of our elections in the hands of a handful of companies (Diebold, Sequoia, ES&S) who are in a position to control the final outcomes of our elections. I also believe that the outcomes can be changed without any knowledge by election judges or anyone else. Furthermore, meaningful recounts are impossible with these machines. I also believe that we have great people working in the trenches and on the front lines. These are ordinary people, mostly elderly, who believe in our country and our democracy, and who work their butts off for 16 hours, starting at 6 a.m. to try to keep the mechanics of our elections running smoothly. It is a shame that the e-voting tidal wave has a near hypnotic effect on these judges and almost all voters. I believe that after today's experience, I am much better equipped to make the arguments against e-voting machines with no voter verifiability, but I also have a great appreciation for how hard it is going to be to fight them, given how much voters and election officials love them. |
| Anthony Argyriou uncovers what seems to be a serious problem
either with California voting machines or the vote tallying system: The
Secretary of State's summary of votes on the Davis recall shows three
counties--Alameda, Kern, and Plumas--that apparently had zero voters
who didn't vote on the recall. Not one. All three counties used Diebold
machines. Other counties ranged from 0.5% to 10.3% of voters not voting
on the recall. Statiscally impossible? ... 500,000 voters in Alameda county and not a single voter intentionally left it blank? More from Rick Hasen, a top election law scholar. http://electionlawblog.org/archives/000253.html November 15, 2003 More troubling voter technology evidence from California recount statistics As we know, exit polling showed a 2.6% intentional undervote rate on question 1 of the California recall. The average state final figures show an average undervote rate of 4.6%. I had been using the preliminary figures from the state to argue that the ACLU was right in challenging the punch card voting in six California counties, because of their much higher than average vote count. The final statistics vindicate the ACLU. Los Angeles, the largest county, had an 8.9% undervote figure. (Disclosure: I filed a brief supporting the ACLU in this case.) Anthony Argyriou and Eugene Volokh point out an equally disturbing trend: an underrate of 0 in three counties (Alameda, Kern, and Plumas), all of which used Diebold-made voting machines. See the Secretary of State's undervote figures here. Alameda and Plumas were the only counties to use Diebold DRE machines. Kern used Diebold-made optical scan machines. Other counties using those same types of machines as Kern had more typical undervote rates. (Here is the list of voting machines by county.) What does this tell us? First, an investigation is absolutely essential. I recall that preliminary figures gave Alameda a 0.4% undervote rate on the first question. How did this change? Are there any factors other than malfunctioning voting technology that might explain this result? One thing that anecdotal evidence suggests is that because the touch screen prompts voters to avoid unintentional undervoting, it might prompt voters who intended to undervote not to do so---perhaps in an effort to finish voting and leave the polling place. Is this an argument for the need for a voter verified paper trail? I think we need to wait to hear what the experts from NIST tell us after their conference. Most unusual is the result from Kern using the optical scan ballots. Because the result is inconsistent with the results reported from other counties using the same technology, the explanation likely is not the vote casting machinery. Perhaps there was a problem with the vote counting machinery in Kern. As I said, the most important thing is an investigation, and a quick one. If there are problems that can be identified and resolved before the 2004 elections, we would all be better off. |
| Diebold makes ATM Machines, all of which have a
paper printout. Why didn't they add a paper receipt on the voting machines from the start? WHY? Demand a public answer from Diebold: Why did you intentionally create machines without a paper receipt, when your existing machines included paper printouts. Diebold Will Add A Paper Trail... At A Huge Price 12/16/2003 12:47 I think it's now been determined exactly why Diebold is so afraid of adding a paper trail to their voting machines: they keep getting burned by paper trails. After emails exposed just how insecure their voting machines were, a set of internal Diebold communications show an employee suggesting that, should they be required to retrofit voting machines with paper trails that they charge ridiculously high fees to do so. Diebold has said that the cost of the printers included in a voting machine would run about $1,000 to $1,200, which may seem a bit high for a pretty simple printer. The internal memos, however, point out that this is just part of the strategy. Since they're going in and replacing or retrofitting machines that have already been bought, Diebold sees them as captive customers who will be forced to pay whatever Diebold wants. |
| In
the Oregon Primary, "wandlike tools used to pre-scan ballots for
problems." The mail-in ballots were then counted by Diebold software on
ES&S machines. Yesterday, I had the enlightening oportunity to Observe the Clackamas County elections office vote tallying/verifying process. The interesting point that I want to make is not regarding Clackamas County alone, but, rather, as a part of a larger whole -- of all elections offices, in all counties, in all of Oregon under the jurisdiction of the State Elections Office. The new machines we use to count our paper ballots in Oregon Elections Offices are built by ES&S and the new software in their computers is writen by DIEBOLD. I do not want to make inflamatory accusations, however, my observations (and frightfully seeing "DIEBOLD's" name on every header of every computer program and "ES&S" right on the rear panel of the large paper ballot machines) yesterday, has me asking pertinant questions about the machines and computer software that are entrusted with our Mail-In-Ballots. RIGHT HERE! RIGHT NOW! In our very own county elections offices in the towns in which we all live. The Touch Screen voting machines, perhaps, are not, yet, here... however, I (for one) am feeling very uneasy and have (my own) misgivings about these two nefariously companies and their alledged vote tampering practices and known pledged support of the Banana Republican party and the pResident Select G.W.Shrub et cabal.... The Elections Manager (Darlene) asured me that they gaurantee "equal" party representation throughout all of the PAID/volunteer staff that handle -- and (by-the-way) "guess" the "intent" of the voter -- paper Mail-In ballots. Not to forward an "age-ist" view, by they were MOST all well into retirement age. Why do I make such an insensitive observation??? How do people of our elderly populations tend to overwhelmingly lean their voting locust and descisions? I dunno? Golly, I guess, a little bit conservative? Just maybe? Does this construct in-and-of-itself sound representative of our society as a whole? Where do they hire their staff? Do you think that they might try recruiting from the colleges and universities? The activist community, perhaps? Regardless where they find their pool of help... does that pool really reflect a good representation of our society as a whole? I don't think so! I am 40 years old and I don't feel represented by a conservative pool of people that are going to decide my voter intent. If you happen to be a new 18 year old voter, in your twenties or thirties... Does this make you feel secure knowing that you are not represented at that table? http://portland.indymedia.org/en/2004/05/288790.shtml Kucinich needed 20% in Oregon to get matching funds, in the official tally he received 18% . Is it possible that the primary vote was rigged for the express purpose of creating this joke election between two skull and boners? ***************************** The primary election went smoothly, considering county workers have little experience operating the new optical scan ballot system, Newingham said. "In the first election that we used it, and there was only one issue on the ballot, we had used machines because the new ones we had ordered weren't here yet," she said. "This time we had all new ones, and it's like having a new car - there are always things that have to be tweaked before it works just right. But we had a technician here from the company, and everything went pretty well." The election office also has several wandlike tools used to pre-scan ballots for problems. One of them failed, which also hampered the processing effort, she said. The human factor also played a role, with more people than usual waiting until the last minute to turn in their ballots, which put a bit of added pressure on election workers, Newingham said. http://www.registerguard.com/news/2004/05/19/a1.prezprimwrap.0519.html How many 'problem ballots' were thrown out by the wands? One wand failed- how, why, and what happened when it 'failed'? And why was there a company technician in the vote counting room? |
| March 3, 2004 Primary Concerns By Edward Cone http://www.baselinemag.com/article2/0,1397,1542125,00.asp The early returns are in and no voter fraud has been discovered in the wake of Maryland's first statewide use of touch-screen electronic voting machines, which took place during the Democratic primary on March 2. That's a good thing...right? Maybe not, says the expert who outlined several specific steps Maryland needed to improve its security procedures—only some of which the state managed to implement before the primary. "Election officials will think that this validates the system, that now we can all see that it works just fine—but that's not the case," says Michael Wertheimer, a systems-security consultant at Columbia, Md.-based RABA Technologies, the firm charged with advising Maryland on its voting security. "In fact, what this means is that when the November election comes around—the really important election—a malicious person will have had an opportunity to do reconnaissance." Nonsense, says Linda Lamone, the state's director of elections. "This showed that our systems are secure," she said after the Super Tuesday vote ended with no major technology glitches. But can a voting system be secure without following a security recommendation as basic as installing an Internet firewall? The primary was Maryland's first statewide election since purchasing more than $55 million worth of touch-screen electronic voting machines from North Canton, Ohio-based Diebold Election Systems Inc. in 2003. The RABA report, commissioned by the state and released in mid-January, followed several critical analyses of touch-screen voting machines, including a damning report last summer from researchers at Johns Hopkins University. RABA found that Maryland's Diebold voting machines could be opened with a purloined key or simply pried open, then disabled or reprogrammed. Password protection was deemed inadequate. Researchers also found they were able to dial into the vote-tabulation server, raising the specter that hackers bent on election-tampering could do the same. Maryland state officials responded prior to the March 2 vote by securing machines with tamper-proof tape, and by creating new, randomly generated passwords for key cards, although the latter was done only at a county level, not the precinct level suggested by the report. Passwords at the precinct level would make it impossible for a few individuals to hack the vote... but they didn't do that- why? A sampling of voters at Lutherville, Md., on Super Tuesday showed that the systems worked well on the surface. "The machine was easy to use," says Charlie Mitchell, 49. "The only thing I wondered about was what I had read about these machines—were the votes getting counted or not? I don't know." Maryland failed to carry out other key recommendations as well, such as patching the Windows 2000 software used on its central computer system, and installing a firewall to protect that system. "We are disappointed," Wertheimer says. Lamone says Maryland will follow through by November on the RABA recommendations it hasn't yet implemented. The state's claim: its Global Election Management System software has choked on patches in the past, meaning any fixes and subsequent independent testing might not have been completed in time. Maryland couldn't risk a system failure, since there was no backup to the touch-screen units—the state had already gotten rid of its old, optical-scan voting machines. The risk of tampering is as old as voting itself, but technology makes it both harder to trace and possible on a larger scale, says political activist Kevin Zeese, who heads an advocacy group called Campaign for Verifiable Voting that wants stricter controls on Maryland's voting procedures. "The Republicans say the Democrats are out to steal elections, the Democrats say the Republicans are and the Greens say they're both right," he cracks. The group has focused on Web-based activism, posting tools online that allow volunteers to write legislators and newspapers, put logos on their own websites, sign resolutions and so on. About 1,000 people have taken some sort of action through the site, Zeese says. Diebold has not helped things. The company announced in January 2003 that it had accidentally revealed source code for its voting machines on the Internet, and found itself at the center of a political controversy when its chief executive wrote a letter later in the year pledging to help re-elect President George W. Bush. Meanwhile, the two groups of professionals involved—elections officials and computer scientists—are talking past each other. Where their specialties overlap, they tend to disagree on both the big picture and the details. "These are wonderful people in elections, but they are not security professionals or information-technology professionals," says Wertheimer, a veteran of the National Security Agency who adds he has witnessed repeated attempts to hack systems at military sites, power grids and phone networks. Lamone notes the machines had been extensively tested, with every unit undergoing logic and accuracy tests. But David Dill, a Stanford computer scientist who has been a high-profile critic of voting-machine security, says current logic and accuracy tests are inadequate. "They mostly consist of running scripts on the machines," Dill says. "It is incredibly easy to write malicious code that checks whether there is a script running and behaves perfectly in that case. A better test would be to run a mock election, but there are literally dozens of checks that malicious software could use to distinguish a mock election from a real election." Dill says that testing procedures at the federal level are no better. "I can't even get good information about how carefully the software is inspected by the [federal] testing labs," he says. Lamone dismisses RABA's success at physically breaking into boxes as unrealistic in the real world, given the presence of election observers, locked storage facilities and other traditional security methods. But Wertheimer says the biggest risk of tampering with electronic voting machines is from insiders—either elections staff or vendors. "If you have five minutes with a server, you can load a CD and change everything," he says. The risks grow the farther upstream you go. Compromising a single machine might involve 150 votes, the average number of votes counted by a single machine, according to Wertheimer. Cracking a server at the county level in Maryland might mean access to tens of thousands of votes, with more than three million votes at stake at the state level. "If malicious changes to the software are made before it is distributed to the individual machines, there is no way to defend against it," Dill says. "It can easily be hidden so that it is very unlikely to be detected by any amount of inspection or testing." Computer experts say that paper ballots printed by the electronic machines would reduce risks of tampering—a position taken last fall by California voting officials. "Name an electronic transaction that doesn't ask if you want a paper receipt—at the bank, the gas pump, Amazon," Wertheimer says. Indeed, Dill suggests that voting systems need tighter security, since voters' names aren't inscribed on ballots. "Compare that with banks, [which] have paper audit trails all over the place, all transactions have the names of the participants on them—and they are still subject to insider fraud," he says. "It's a cost of doing business." But many voting officials say printers are unreliable and the ongoing cost of paper ballots and storage are too high. "Paper will cause more problems than it solves," Lamone says. Nevertheless, Lutherville voter William Myers, 74, says he expected a paper trail of some sort, but acknowledges he didn't see one. "Nothing is perfect, I suppose," Myers says. Wertheimer admits that paper is "a nightmare" to store according to federal standards, but says the costs of building and upgrading security over time will be greater than those associated with paper. "Your local election judges have to be information-technology pros," he says. "Security is a process, not something you achieve. When you buy into an all-electronic solution, you are buying into a lifetime of increasing support, like patching your PC repeatedly against new viruses. You have to stay ahead of the hackers around the world." —Additional reporting by Sean Gallagher |