cananian

It's fair to say I'm not a big fan of Diebold -- even before they sent me a cease-and-desist letter over my small part in exposing some of their illegal practices (for example, using uncertified voting machines for an election). Anyway here's their latest lunacy: Massachusetts (ie, Sec. State William Galvin) wisely decided to avoid Diebold when purchasing new machines to comply with the accessibility requirements in the Help America Vote Act (HAVA)... and in response Diebold sued the state. Here's some coverage:

• Voting device pact at issue (Boston Globe)
• Firm sues Mass. over contract for voting machines for disabled (AP, by way of the Boston Herald)
• And even that paragon of journalism, Slashdot: Diebold Sues Massachusetts for "Wrongful Purchase"

The best bit of the articles, to my mind, is this:

Galvin called the lawsuit "frivolous" and "sour grapes on the part of Diebold."

"We've gone through an exhaustive process consulting with the disabled community to find out what's best for them," Galvin told The Associated Press. "We certainly don't feel like we have an obligation to help (Diebold) market their equipment."

I'd have said "a company guilty of breaking election laws" instead of "Diebold", and "insecure and buggy equipment which threatens the bedrock of our democracy" instead of plain "equipment", but I think Sec. Galvin and I are on the same page here.

Incidentally, the AP article massacres the reasons why the AutoMARK was chosen, but it's a very good choice from a technical standpoint: it's a disabled-voter-friendly touchscreen machine that emits a bog-standard optical-scan ballot, so the standard election procedures and auditability of optical scan technology are uncompromised. Further, it integrates well with existing systems, so it's cost-effective to boot. In the past I've felt that Sec. State Galvin was not doing all he could to safeguard Massachusetts elections, but good decisions like these are slowly winning me over.

• a list of some of the major irregularities reported in the 2004 election along with a discussion and partial debunking (it's wrong however to conclude (as the discussion does) that because there was no Bush bias, there was nothing wrong with the irregularities!)
• some pressure on Ohio SoS Blackwell regarding Ohio disenfranchisement
• Kerry has (belatedly) joined the Green/Libertarian recount effort in Ohio. The Bush margin stands at "about 119,000 votes" in Ohio, with 35,379 of the provisional ballots having been thrown out (23%).

The election is one of the 3 most important geopolitical events in this decade (forgive my Ameri-centrism, but this is the last superpower standing). It's worth the time to get the votes counted properly and the election done right. There are tens of thousands of people on the ground attempting to enfranchise voters. Surely a *single day* of waiting is not too much to ask for!

This is exactly why I did not vote for this man.

I'm exhausted.

According to David M. Rosenberg, "The following full-page advertisement ran on page 9 (of at least the New England edition) of the New York Times on Sunday, 22-Aug-2004:

10 Million votes cast. Zero hanging chads.
(In the Venezuelan presidential recall)

It's called the Smartmatic Automated Election System. And it guarantees 100% accuracy.

From Smartmatic comes the world's most transparent, secure and auditable electronic voting system.

In Venezuela's recent Presidential Recall Referendum, in more than 4,700 polling places, using over 20,000 voting machines, the system reliably recorded every vote electronically cast. Zero percent error margin. No hanging chads. No null votes. Then it transmitted the data over secure lines using bank-level PKI 128-bit encryption, as part of 250 layered security mechanisms, making possible quick, accurate tabulation of the results. And better yet, the system is auditable in every possible way including with a physical paper trail. It's so secure that full source code audits are allowed for election authorities and approved third parties.

Because no one should ever have to wonder if their vote will count.

Smartmatic
All things Connected

www.smartmatic.com
Boca Raton, Florida"

Now my comments on the above:

First, I think the Venezuelan government deserves a refund.

After all, Smartmatic "guarantees 100% accuracy", and even the most cursory audit of 82 machines found a discrepancy of .02%. This is a good number, but the sample is extremely small, not random (192 machines were intended to be audited, but only 82 actually were), and just compares the paper record to the electronic totals (why would there be any discrepancy at all?). It does not include errors due to voter confusion, registration problems, inability to cast votes, inaccurate summation, etc. [Source: http://www.cartercenter.org/doc1807.htm]

I react very strongly to snake-oil claims like "100% accuracy". Every real election system will have some error rate, because humans are not perfect (even if the technology by some miracle is). The goal is to make this as small as possible, and to "be more careful" (recounts, etc) when the reported results are within your best estimate of the error rate of the process. Even soap only claims to be 99.44% pure. =)

Similarly, doesn't the advertisment's claim of 'no null votes' presume an error-free voter?

We also have the classic snake-oil claim, "250 layered security mechanisms". If the security mechanisms work, why do you need 250 of them? If they don't, will 250 insecure mechanisms yield a secure mechanism? And why exactly 250? Why not 251, or 249?

Don't get me wrong -- there might be real valid security underneath this claim. But the wording of the claim unsettles me.

I applaud the use of auditable systems. But it seems the real trick here is to actually audit them. We already have claims like 'the Yes vote had been cut by more than 75 percent' in one location (Valle de la Pascua) where the voting papers were recounted (http://www.iht.com/articles/534518.html)

There were two separate organizations watching the process (the Carter Center and Sumate), and they have both endorsed the 'official' results. The Carter Center conducted another small audit of 150 machines (whose quantitative results they have not yet released). They also did exit polling in a few select locations and compared these results with the results transmitted to the central server, and found agreement within 1%. Finally, they took some results from the central server and projected a country-wide result, which apparently agreed with the final result.

In my opinion, however, not enough details have been released about this process to convince me one way or another. How were locations chosen? Was there any way that the system could be gamed? What were the real error rates of the machines? What were the actual election incidents encountered (broken machines, late openings, intimidated or confused voters, etc). There are bound to be at least some. I don't believe in perfection, and I'm suspicious of any claim to it.

I look forward to Prof Felten's statistical investigation of the 'matching vote' question soon, too. Keep your eye on Freedom To Tinker.

VT governor Howard Dean, California Secretary of State Kevin Shelley, and Representatives Holt (NJ), Kaptur (OH), and Clay (MO), and other members of Congress are holding a press conference tomorrow (Wed Jul 28) at 12:45pm (but be there by 12:30 at the latest) at the Royal Sonesta Hotel in Cambridge (http://www.sonesta.com/boston/) in its Grand Ballroom. It is open to the public, and they'd like as many people there as possible to show support.

The press conference is to celebrate the statement on accessible, "independently auditable", accurate and secure voting which was adopted for the Democratic platform, and to reaffirm that voter-verified paper ballots are the only means for "independently auditable" elections.

I hope you will be able to come, and feel free to forward this announcement to others who would like to come and show their support.

(Incidentally: Representatives Capuano (D-MA, Somerville/Cambridge) and Lynch (D-MA, South Boston) are not yet sponsors of HR2239, which mandates voter-verifiable paper ballots. If you are one of their constituents (click here to find out), this would be a good time to write your representative and let them know they should sponsor!)

"Security aside, we are better than on track," she said at a news conference, detailing the technical steps that had been taken.

The big news: California Bans E-Vote Machines. All touchscreen machines, not just the Diebold TSx. This is incredibly positive news. Some more links:

• Panel to examine vulnerability of e-voting
• E-Vote Problems Overwhelm Feds

One day too late to help, The Open Park Project announces free WiFi on the National Mall, right between the Senate and House office buildings. Which means there was probably a signal there in the few days prior, when I could have used it. If I'd only known!

The three winners of this year's EFF Pioneer Award (announced at Computers, Freedom, and Privacy 2004 on 22 Apr 2004) are Kim Alexander, David Dill, and Avi Rubin. The three were honored for their "pioneering work spearheading and nurturing a popular movement for integrity and transparency in modern elections."

Relating to the question of whether the vendors' claims that pre-testing and post-testing demonstrate that nothing can go wrong during an election, Kim Alexander's acceptance speech cited this quote: 'An extra bias routine could be added to the vote-counting program that would have certain characteristics to make it undetectable by the official "logic and accuracy" test. This routine could be arranged so as not to go into effect until a larger number of ballots had been counted than were in the logic and accuracy test sample, or could be prevented from being operative during the test and be activated by a computer operator only for the official count.'

Her speech continued as follows:

"It sounds like something Dave Dill, or Avi Rubin or David Jefferson, or Rebecca Mercuri or any number of computer scientists might have said in the past year or two. But it dates back to 1970, when computer experts, working with civil rights leader Dr. James Farmer, first sounded the alarm over computerized vote counting risks.

"When I first read this passage in a 1975 study by Roy Saltman, I had a sinking feeling. People have been warning of the potential to accidentally or deliberately alter election results through computer software for decades, ever since we started using software to count punch card ballots in the 1960's.

"This is not a new problem. It's an old problem that never got solved. But I'm optimistic we will solve it. And the reason is because we have the tools to do so. We have the Internet. We have the ability to share information, to connect with each other, and to make a public problem so apparent that it can no longer be ignored.

"The history of this country has been one long struggle for freedom. It continues today through the efforts being made by thousands of people across this country who are working to ensure we have voting systems which produce results which can be verified."

I ended up taking the overnight Amtrak. Sleeping on trains is not my idea of a good night's rest.

I'll try to write up a fuller account of my part in Verified Voting's Lobby Days Monday-Wednesday of this week, but in the interim here are some links I don't want to lose track of.

First is some coverage of the verifiedvoting.org press conference Wednesday morning. I know that CNN and other organizations were there with video cameras, but the only print writeups I can find via google news this morning are by Grant Gross from the IDG News Service. There are versions of the article in ComputerWorld, PCWorld, and ITWorld. Our press release is on PRNewsWire and directly on the verifiedvoting.org site.

It also came to my attention that Maine has passed state law requiring a voter-verified paper trail for elections. The two Republican Senators from Maine were on my target list for lobbying, but I ran out of time on Wednesday. If I'd have known of Maine's success here, I would have put them much higher on my priority list. We need more Republican support for Senate bull S.1980: these two should certainly hear from us!

California's Voting Systems Panel has just voted unanimously that the Diebold TSx paperless electronic voting system be decertified for use in California. Although the final decision is up to California Secretary of State Kevin Shelley, he is expected to follow the recommendation of the board before April 30, 2004.

The Voting Systems Panel did not recommend against continued use of the Diebold TS electronic voting machines or use of optical-scan voting machines. The GEMs software is also not affected by this decision.

This is good news, but does not (yet) go far enough: the TS machines must work correctly and the GEMS centralized vote-couting software must count properly if the overall election is to be accurate. Either (much!) tougher standards (the current standards are, according to Diebold's lawyers, unenforceable) or else mandatory voter-verified ballots (and spot checks) are needed, in California and the nation at large.

Attorneys for Diebold Election Systems Inc. warned in late November that its use of uncertified vote-counting software in Alameda County violated California election law and broke its $12.7 million contract with Alameda County. ... [They realized Diebold] also faced a threat of criminal charges and exile from California elections.

Yet despite warnings ... Diebold continued fielding poorly tested, faulty software and hardware in at least two of California's largest urban counties during the Super Tuesday primary, when e-voting temporarily broke down and voters were turned away at the polls.

Other documentation obtained by the Tribune shows that the latest approved versions of Diebold's vote-counting software in this state cast doubt on the firm's claims elsewhere that it has fixed multiple security vulnerabilities unearthed in the last year. ...

"Diebold may suffer from gross incompetence, gross negligence. I don't know whether there's any malevolence involved," said a senior California elections official who spoke on condition of anonymity. "I don't know why they've acted the way they've acted and the way they're continuing to act. Notwithstanding their rhetoric, they have not learned any lessons in terms of dealing with this secretary (of state)."

I'm, honestly, extremely surprised by this. Since Diebold's software began to get scrutiny, I've heard nothing but assurances from Diebold that all these problems were either fixed before deployment or fixed now and not present in current election machines. From all appearances they were learning from their mistakes.

We now know they were just lying.

Further, at every e-voting panel or discussion, I hear proponents claim that "testing" is the answer to any and all vulnerabilities. "Certification" is the magic word used to reassure us that "not just any" software can be slapped into voting machines.

From the article: "The memos reflect an argument that the regulations by which California approves voting equipment for elections may never have been properly codified and are unenforceable." In other words, even as they were claiming "certification" was responsible for the safety of the machines, they internally were ignoring certification requirements based on legal advice that they were unenforceable.

AT THE VERY LEAST, let's make certification stringent! Push your congresspeople to fund the NIST-certification portions of the Help America Vote Act (see blog entry below). If we can't have real improvements, like mandatory voter-verifiable ballots, at least let us give teeth to the testing and certification process. At present it's the very worst form of security: a dog-and-pony show that reassures people and takes them off their guard without providing a single bit of actual security.

It appears that voting technology is a topic that the Republican leadership wants to tightly control. It is without doubt that Republicans own most of the companies that manufacture, sell, and service voting machines. And President Bush and the Republican Congress appear determined to control and limit oversight of the elections industry. The Bush Administration has stacked the Election Assistance Commission with supporters of paperless voting technology, while the National Institute of Standards and Technology's (NIST) got walloped with a $22 million budget cut in fiscal 2004, which means that NIST will have to cut back substantially on its cyber security work, as well as completely stop all work on voting technology for the Help America Vote Act.

With no mandatory federal standards or certification in place and no funding available, the Bush Administration and Republican-controlled Congress have ensured that their friends in the elections industry maintain control of voting technology and, in effect, election results.

So, at Friday's hearing, Republican members of the Commission of Civil Rights decided that the issue of voting - the lynchpin of democracy - should take a back seat to employee contract buyouts. ... And that's when the second big disappointment of the hearing became apparent. Some of America's largest civil rights organizations have lined up with the Republicans on this subject. They support 'paperless' voting technology. No fuss, no muss. ... Only one panelist at Friday's hearing spoke out against paperless elections, Dr. Rebecca Mercuri, one of the nation's leading experts on computer voting security. ... [A]t Friday's hearing Mercuri found herself the only panelist invited in to defend the voter's right to verify their own paper ballot. ... The hearing was a replay of many meetings this writer has attended on the subject of voting machines. The focus was on regaining the voters' trust and confidence in voting machines, while blaming poll workers for machine "glitches" and malfunctions, and blaming the public for not being computer savvy. The over-all request of the panelists was for increased education of poll workers and the public.

I plan on attending Verified Voting's April Lobby Days in Washington to do my part to raise a ruckus about this. Email me if you'd like to come down and help (or just go to VerifiedVoting.org and sign up on their lists and write letters to your congress-people).

I spent yesterday observing voting in Arlington's 1st, 5th, 9th, 13th, and 15th precincts, which use Diebold optical scan machines and paper ballots. I'll post a full report in a few days.

• Australia's open-source voting software, used in state elections in 2001. The really amazing thing is that this took only 2 years from Request-for-Proposal to full operation in a live election, including all certification processes.
• David Dill's VerifiedVoting.org, which is collecting positions from all senators and representatives on the Voter Confidence Acts. Write your congress-people and find out where they stand.

• David Chaum's cryptographic receipt system
• Diebold says it won't sue (again) -- also, a link to a NY Times editorial on Diebold.
• No Confidence Vote: Why the Current Touch Screen Voting Fiasco Was Pretty Much Inevitable; Robert Cringely.
• Follow the Money: Why the Best Voting Technology May Be No Technology at All; Robert Cringely. (Follow-up article).
• Nevada chooses not to buy Diebold voting machines (and to require paper receipts!).
• Diebold Memo recommends charging Maryland "out the yin-yang" if Maryland wants paper receipts (see also the original memo referred to).
• Experts Critique SERVE Internet Voting System
• "Last fall, a group of civic-minded students at Swarthmore College received a sobering lesson in the future of political protest..."
• The Raba Report on Diebold AccuVote systems. Also, Ed Felten's commentary, and the NY Times article.
• Why I Love Diebold; Ed Felten. "The story recounts Diebold's response, in California, to the recent Raba report, which demonstrated that Diebold e-voting systems were prone to several serious security attacks."
• Will The Election Be Hacked?; Why-War.
• Voting Machine Showdown; Why-War.
• Update in OPG, Pavlosky & Smith vs. Diebold; also a link to a Salon article.
• Arlington Town Clerk's Annual Report; this is where I live (and vote). "The Town has twenty-one AccuVote machines, one for each precinct, and a main counting system located in the Town Clerk's Office. This system consists of paper ballots to be marked by the voters and inserted into the AccuVote machines, which automatically tally the votes appearing on the paper ballots. When the polls close, the precinct totals are immediately printed at the precinct, posted, announced, and then transferred to the Town Clerk's Office on a memory card, where the precinct totals are accumulated by entering the memory cards into the main counting system. Finally, the complete official town results are printed and announced."
• Arlington Election Reports; of particular note is the Nov 5, 2002 certified results, which, by looking at the "blank votes", give an idea of error rates by precinct. The top race here presumably is governor.
• California Lawsuit Against Diebold; Ed Felton. "A group of Californians has filed a lawsuit in state court against voting machine vendor Diebold, in advance of the March 2 primary election. ..."
• California Secretary of State Kevin Shelley attempts to secure his system. See also the primary source, his Feb 5 directive (also in plain-text format).

Moving from Massachusetts to Florida, Nelson Pavlosky of the SCDC pointed out that Florida is giving up on recounting touchscreen ballots, despite a legal mandate to do so. Faced with the conflict between pre-existing law mandating recounts in close elections, and dubious technology which does not permit meaningful recounts --- they've decided to side with the dubious technology. Of course.

Now if only we could get Senator Kerry to pledge his support...

(For folks in Massachusetts, here are your Senators and Congressmen and their positions on the Voter Confidence Acts. Capuano's the rep for Cambridge, and is currently undecided: send him a Valentine! My rep is Markey, also undecided. Neither of our Senators have taken a position.)

Details on this from Lawrence Lessig, Ed Felten, and Joe Hall, who also points out how the memo contents have been used so far to reform California's election law.

And today's death penalty update: the FBI allowed known innocents to be put to death to protect secret informants in Boston. [In an update to an earlier entry in this blog, the FBI has said that it's the "training camps" for anti-war protestors that worry it to the point of infiltrating constitutionally-protected demonstrations. Next up: investigating those suspicious "spring training camps" of baseball players. After all --- some of them are from Cuba!] [More FBI misdeeds: the Judi Bari case.]

Back to Diebold: Dennis Kucinich has requested that the House Judiciary Committee investigate Diebold's abuse of the DMCA to suppress its memos. And, in the historical-offenses drawer: security problems with Diebold ATMs.

"What the F.B.I. regards as potential terrorism," Mr. Romero of the A.C.L.U. said, "strikes me as civil disobedience."

On the other hand, California's secretary of state has announced that they will be requiring a voter-verified paper trail on all electronic voting machines by 2006. More details from Ed Felton, Wired news, and the LA Times. And Dennis Kucinich has now joined the Diebold protest. It's nice to say that a US Representative and presidential candidate agrees that Diebold's cease-and-desist letter to me was over the line.

"We've just done an electronic Florida. That's what it looks like to me at first blush," said Sen. Ken Cuccinelli (R-Fairfax), referring to the balloting problems in the 2000 presidential election. He added that he was "shocked" when he heard that Thompson lost and blamed the machines for taking votes from her.

"I don't think this is going to be a partisan issue. Anyone who is running as a candidate is concerned about the integrity of the process," he said.

Thompson has asked that electoral board staff members test every machine to determine the extent of such problems, and she said she is considering filing a lawsuit to force them to do so.

Ed Felton sums it up best:

And how do we know the cause was a bug, rather than fraud? Because the error was visible to voters. If this had been fraud, the "X" on the screen would never have disappeared -- but the vote would have been given, silently, to the wrong candidate.

You could hardly construct a better textbook illustration of the importance of having a voter-verifiable paper trail. The paper trail would have helped voters notice the disappearance of their votes, and it would have provided a reliable record to consult in a later recount. As it is, we'll never know who really won the election.

(in other news, Boulder County, CO also seems to have had some election troubles this Nov 4th. They seem to be doing a responsible job of auditing their results, until the very end of the article, where they say, "Many election systems vendors are telling us that minor software changes are pretty much routine and don't need certification.")

The RISKS forum has a collection of articles on voting machines in digest 23.01, 23.02, and 23.03: Grant Parish, Louisiana has an absentee ballot mixup in a close race, WinVote machines not counting one in a hundred votes (exactly what you'd expect from sophisticated ballot fraud; WinVote is run by former Diebold principals), also replaced machines in that election (earlier article) (Fairfax County, VA); the Boone County, IN overvote (MicroVote machines); a surprising risk even of voter-verified machines (Vote-Trakker machines, Southington, CT); two articles on the uncertified Diebold machines in Alameda County CA (earlier); risks of lever machines; incorrect instructions given on touchscreen machines in Pleasanton, CA; Irish Labour Party demands e-voting be suspended; and the Electronic Privacy Information Center's alert on the Congressional Research Service's report on Electronic Voting.

EPIC is also one of the sponsors of the conference, titled "Claim Democracy: Securing, Enhancing and Exercising the Power of the Right to Vote". It's in Washington, D.C. on the weekend of November 22-23.

In university round-up, we've got articles on the Diebold files from MIT (this article was on the front page of the student paper and brought me quite a bit of notoriety), Duke, UC Berkeley, and Harvard.

Gore Vidal weighs in on voting machines (scroll down).

I was also mentioned in the Washington Post on Thursday.

The EFF has archives of the Online Policy Group v. Diebold case; you should read especially their application for an injunction against Diebold.

Finally, my cease-and-desist letter from Diebold is now up on chillingeffects.org.

Kyle said the state would inventory the systems of other vendors and other counties once the Diebold investigation was complete. The state will also begin requiring all counties to maintain and submit logs of the hardware, firmware and software versions they use.

Starting in 2004, the state will also conduct random audits of voting systems to ensure that all software and hardware is certified. And in the future, the state will require CEOs of vendors to affirm under penalty of perjury that the company will not change systems without obtaining written approval from the secretary of state. Failure to do so may result in de-certification and possible criminal charges, Kyle said.

A company found violating election laws or regulations, he said, could be disbarred from certifying new equipment with the state for one year.

Kyle said the secretary of state would be announcing further proposals regarding e-voting in the near future.

It's widely believed by voting machine makers that Secretary of State Shelley, who has previously stated his preference for electronic voting machines to offer a voter-verifiable receipt with their machines, may announce plans within a week or so to require this on voting machines used in the state.

A voter receipt would allow voters to verify that their ballot has been cast correctly before depositing the receipt into a secure ballot box to be used in case of a recount.

Joseph Holder writes more about the serious security problems found with the Diebold Alameda installation. He also speculates that we might be seeing the true explanation for the -16,022 Gore votes in the 2000 Presidential election, originally speculated to be due to an unauthorized "second memory card".