What's wrong w/e-voting?

Calling on ALL PEOPLE who LOVE DEMOCRACY

Your Subtitle text

What's wrong w/e-voting?

After you read this NY Times article you may think that optical scanners and recounts and audits are the solution. Well, dig a little deeper and don't take the easy, surface solution. Watch this short video about optical scanners in NH and the SINGLE VENDOR who has custody of teh counting mechanism. http://www.youtube.com/watch?v=PiiaBqwqkXs

Just in: the New York Times on e-voting http://www.nytimes.com/2008/01/06/magazine/06Vote-t.html

what election activists are saying about this article :

see What can we do page for letter from an AZ activist.

Jonathan Simon, ElectionDefenseAlliance.org said:

GREAT that he [Clive Thompson] did the story,
BUT....
WHO IS GOING TO TAKE HIM ON FOR THIS LINE?????
"Yet here's the curious thing: Almost no credible scientific critics of touch-screen voting say they believe any machines have ever been successfully hacked."

Well, first of all, what would it look like if "any machines had been successfully hacked?" Would the machine come marching in to, say, Avi Rubin's office or the local police station and say "I've been hacked?" The whole point of computerized hacking is that it is covert; the machine doesn't look any different and, unless, you're given the access to take it apart, there won't be any hard evidence; and even if you do get that access, which "scientific critics (credible or incredible) of touch-screen voting" are universally denied, self-deleting code can easily remove all traces. So all you've got by way of evidence are consistently anomalous (there's an oxymoron for you) results, statistical footprints that we keep identifying and they keep ignoring (notice how our work never made it into this otherwise comprehensive expose?). Oh, and whistle-blowers like Clint Curtis (if he had been talking HGH in MLB they would have paid attention), obviously incredible. Which is why I can't even force myself to read crap like the Times piece--don't you see, in the best Jack Nicholson-Colonel Jessup tradition, they can't say that elections have been rigged because we can't handle the truth--way too destabilizing, downright Kenyan. Just replace "You're goddamn right I did!!" with "Code Red? What's that?" in the script. That's where we are.—Jonathan

What's going on in NH?? What's up with the memory cards, which are really little electronic ballot boxes? Here's a recent radio interview by Pokey Anderson with a long time investigator of NH memory card security (or lack or security!)

http://www.votersunite.org/info/WhoCountsNH.asp

An excellent overview of the larger problem of what is going on in this country is in a speech made recently by Mark Crispin Miller:

(Hear his whole speech on Bradblog.com (scroll down front page))

"keep publicizing, to keep spreading the word, to keep making clear that it is not just this little thing here or that little thing there, we're talking about a fringe movement that has taken over the Republican party that has been dismantling democracy, that has been destroying the voting system on every conceivable front, not just the machines. They are even messing with the census. They are preventing another census from being taken because if you have census data you can track this stuff more easily."

WHAT ABOUT the e-registration system?

It may seem like an improvement to have all the voters' names in a computer base for precinct captains to look up, BUT.... think about the vulnerabilities to fraud: data entry errors or intentional errors by partisan officials so that people likely to vote one way are deleted, by the stroke of a key. Then they have to vote provisionally which is NOT counted on election night, and may be subject to unfair discarding. CAGING, that is, the unethical practice of flagging certain voters because of their race or party for challenging at the polls, has been commonly practiced by some GOP officials. Computerized registration rolls make it easy.

Another--little known--flaw is the riggable interface between registration systems, where the voters are listed by a voter ID number, called DIMS in the Diebold computer, and the tabulation system, known as GEMs in the Diebold system. In many investigations, multiple voter ID's were discovered for many voters, one for each time they moved and re-registered. This problem is attested by Victoria Lovegren in an 05 investigation in Cuyahouga County, OH, and by Patricia Axelrod, working independently in Reno, NV, a state that uses the same system as is in Ohio. It's not the voters who are likely to vote more than once (given the physical checks at the polling site) , it is having these EXTRA voter ID numbers floating around that can be linked to phony votes from the tabulator by insiders, that is the risk. (links coming for these reports)

What is the solution? The old system where poll workers have a notebook listing all eligible voters. The list is compiled and updated back at the County, also on paper. At the poll, the head pollworker and the other ones, some of whom have worked the same neighborhood poll for years, are more likely to know and recognize someone who has been voting there also for years and realize when there is an error in the registration rolls. Let's give elections back to the neighborhoods and the voters.

What's going on in NH?? What's up with the memory cards, which are really little electronic ballot boxes? Here's a recent radio interview by Pokey Anderson with a long time investigator of NH memory card security (or lack or security!)An excellent overview of the larger problem of what is going on in this country is in a speech made recently by Mark Crispin Miller:(Hear his whole speech on (scroll down front page))

Besides failing academic and computer expert testing, what else is wrong with e-voting?

Partisan Election officials can change the final talleys AFTER all the records have been totaled, in such a way that would only be discovered by painstakingly checking the computer log. (the testing described at right indicates that hacking often does not leave a trace.)

http://www.verifiedvotingfoundation.org/article.php?id=6528

TX: Election fixes stir worries on ballot security

Some fearful computer codes are vulnerable

by Alan Bernstein, The Houston Chronicle
November 14th, 2007

Johnnie German admitted he was nervous as he used high-security codes to tap into the Harris County elections computer system last week and change some of the results manually.

The system was in good hands as the votes were counted from the sprawling Nov. 6 contests. German is the county's respected administrator of elections, and there were witnesses present as he corrected the vote totals on a sales tax referendum for a fire/ambulance district in the Cypress-Fairbanks area of northwest Harris County.

But German's late-night deed, said by officials to be a first-time event in the six years Harris County has used the eSlate voting system, has rekindled the debate about whether the newest electronic methods for counting votes should be trusted.

What German graphically demonstrated was that with the proper physical and informational access, one person can alter the results of an election in a county of 1.8 million registered voters.

The adjustments also highlighted the fact that, with multiple election boundaries snaking through precincts to separate city voters from county voters and municipal utility districts from emergency services districts, there usually are flaws that put voters in front of the wrong ballot screens.

Which is what happened in Emergency Services District No. 9, where 293 voters went to the polls early but never got to express an opinion on the issue as they voted on state and county bonds and other items because the tax vote didn't appear on their screens. (The tax proposal lost by 3,233 votes.)

The omission of the tax proposal on ballots in parts of three precincts was discovered thanks to an alert from a voter, and Harris County Clerk Beverly Kaufman's staff was able to get the tax question on the right ballots for Election Day — but it was too late to have those votes recorded on the main computer.

Instead, they were recorded separately and later added to the totals.

Voters in the emergency district, which includes 11 fire stations serving 250,000 people, never were notified that some of them missed the referendum during early voting or that Election Day votes were segregated.

Regardless, it was up to German and assistant Randy Roberts to combine the segregated totals, printed on computer paper, into the county's final electronic vote tallies after the polls closed on Election Day.

Shocking observation

The county Web site already showed that all precinct totals had been counted; three sheriff's deputies who guarded the counting process on the fourth floor of the County Administration Building in downtown Houston had been sent home.
Also in the locked, glass-walled room were Republican Kaufman and John R. Behrman, a computer expert and longtime election observer representing the Democratic Party. He said he considers Kaufman's staff the most knowledgeable election computer administrators on the continent and does not question their motives.

But Behrman said he was shocked when he saw German use a series of passwords and an "encryption key" — a series of numbers on a nail file-size computer memory storage device — to reach a computer program that said "Adjustment."

"A hundred percent of precincts reporting, and everything had been distributed to the press," he said. "Then and only then did I see how they were going to do this, and frankly I never thought it was possible.

"Basically it turns out, without regard to any ballots that have been cast, you can enter arbitrary numbers in there and report them out in such a way that, unless you go back to these giant (computer) logs and interpret the logs, you wouldn't know it has been done."

In the two hours it took to enter the 326 segregated votes, the election duo made and corrected keystroke errors, Behrman said.

Computer scientist Daniel Wallach, who started Rice University's Computer Security Lab and was on the task force that recently studied California's electronic voting systems, is skeptical about the eSlate system supplied to Harris County at a cost of $12 million by Austin-based Hart InterCivic.

The "encryption key" code could be extracted from voting equipment at each precinct, according to Wallach, who studied the company's systems in California.

County officials and Hart InterCivic, which also provides its state-certified voting equipment in Fort Bend County and Austin and Fort Worth, said the system merits public confidence because it has multiple layers of secret access codes.

Flexibility needed

"You have to have a system that is flexible enough to deal with those errors," Hart InterCivic spokesman Peter Lichtenheld said.
In the fire/ambulance sales tax election, voters first were left out because information supplied to election officials from Tax Assessor-Collector Paul Bettencourt's staff covered added streets and other changes only through 1993.

Bettencourt aides said the emergency services district never gave it updated data; the district's lawyer Howard Katz said otherwise.

Either way, county voter registration official Ed Johnson said, "There are always little bitty problems in every election."

Recent Testing Done on E-voting Machines

1. We have on video from Cleveland at a public hearing, Diebold representatives saying that vote totals can't be changed by inserting an altered memory card. But either these reps don't know their own software, or they are deliberately misrepresenting important security risks, that is, ways to rig an election.

a. The Princeton Hack on the Diebold TSx (touchscren) (used in numerous Ohio counties) Watch how vote totals can be changed by altering a memory card, in less than a minute. The paper trail is also changed. The rigged software is shown to be transferable to other machines, as a virus. Physical security is not there; readily available keys can be obtained to break into the memory card area, or screws can be easily removed for access.

9 minute video
http://www.youtube.com/watch?v=OJOyz7_sk8I

b. Harri Hursti Hack in FLA Read this interesting eye-witness report about how a computer expert from Finland used an actual Diebold optical scanner in a county election office in Florida, to prove it can be hacked by inserting an altered memory card. The tape printed the wrong results, AND the tabulator read them the same (incorrect) way. In an earlier test, Hursti showed that the poll tape can be made to be print "anything at all." There was absolutely NO EVIDENCE left behind that anything had been altered, (except, of course that the voters' votes were changed!)

http://www.votetrustusa.org/index.php?option=com_content&task=view&id=798&Itemid=51

OHIO's Everest Test (completed in Dec of 2007) Numerous wasy to change election results found.

http://www.sos.state.oh.us/sos/info/everest.aspx

We recommend that you keep reading down the above webpage to get to the link for the actual report. Also you will find referenced the Compuware testing done in 2003 when Blackwell was SOS. The reports of vulnerabilities found seem to have been ignored.

From the Everest report SOS Brunner recommended getting rid of DRE's (touchscreens) in Ohio. and going to OS's with a hand-counted audit. Activists have reacted most strongly to the centralized (at the BOE) tabulation of OS results, instead of precinct tabulation and precinct posting of results. The further "downstream" the vote tallies go, the easier it is to change results en masse.

an Ohio activist responds to the Everest tsting:
the TRUTH about E-Voting
http://www.opednews.com/articles/opedne_teresa_b_080106_everest_3a_the_truth_a.htm

CALIFORNIA TOP to BOTTOM REVIEW this past summer of e-voting machines (Diebold, Hart and Sequoia) caused SOS Bowen to decertify most of the machines, recertifying with the stipulation that drastic security measures be put in place, such as hand-counts to compare against the machine counts. Synopsis of findings ( http://urban.csuohio.edu/cei/TTBR_Summary-Voting_Tech.pdfby) the Center for Election Integrity at Cleveland State University: "The most troubling security flaws are at the level of baseline, elementary computer security;"… these are not "sophisticated or contested security principles on which scientists might disagree…All systems failed to follow standard security principles."

Viruses can be introduced from many sources and can "flip votes, scramble tabulation data, delete voting data, and cause system programming to fail." Viruses can infect the central computer and be spread to all the machines, via the memory cards. Audit logs can be overwritten or erased, deleting access to change vote totals.

Malicious code could be introduced by a voter, in under a minute, while the voter was voting. Both OS's and touchscreens are vulnerable. The vote recorded in the machine could be different from the record on the paper trial. The paper trail can be damaged covertly by poll workers after the voter has verified their vote, (so that the audit trail is worthless).

Despite all the problems found, all the team members who did the testing said "they lacked sufficient time to conduct a thorough examination, and consequently may have missed other serious vulnerabilities."

KENTUCKY E-MACHINE ANALYSIS
As a result of the CA testing, Kentucky hired a computer expert, Jeremy Epstein, to study the e-voting machine recertification, presented by three vendors for the Kentucky board: Diebold, ES&S, and Hart. (Ohio uses Diebold and ES&S.)

http://tinyurl.com/39we52

Some of his findings submitted to AG Stumbo: The ITA (Independent Testing Authorities) do not adequately perform the role of testing the machines for accuracy and security for conformance to the voluntary Federal guidelines (Voting System Standards 2002). "NONE of the ITA's identified the flaws found by the CA or FLA source code review teams."

"Ciber (the primary ITA used for software testing) was suspended from its testing role by the US National Institute of Standards ad Technology (NIST) due to it inability to show it actually performed the required test."

The machines are tested for function, but not under stress, or for security.

The machines were not tested for wireless technologies. The vendors said they did not use WiFi networking ( though no inspection was made or wireless scanners used to verify this statement), AND no mention was made of infrared, RFID, or Buetooth. "any of which might be points of attack." ES&S and Hart said their DRE's had no network among the machines, but did not mention tabulators.

Except for ES&S Automark, all the printers use thermal paper which fades after a short lifetime. Federal law requires the retention of the records for 22 months in some cases (Presidential election, for one!)

With a continuous paper roll, as is on the touchscreens, voter privacy can be compromised if votes are compared to voter sign-in, or a time log, and the same machine is used.

This was Kentucky recertification, but would these same vendors do it differently in another state?

For the certification by the Kentucky officials at the presentation of the vendors, there was no demonstration of screen calibration, which function is what causes the voter's touch to select the candidate intended.

Central programming and tallying (tabulators) were not included in the certification process.

(my note: It is more efficient to rig a tabulator count than the count from each voting machine!)

Only a handful of votes were cast in the demonstration for recertification, whereas problems might appear in real elections due to time the machines run, and larger numbers of ballots.

The board members were not allowed to use the machine without the presence of vendor staff.

This expert also recommended: Moving away from DRE's (touchscreens) to Optical Scanners, with a random audit of the paper ballots or paper trail. Recounts also should NOT rely on machine totals but on the paper count.

NOTE: What's wrong with optical scanners and hand-counted audits of a percentage of the paper ballots? Well, for one, the OS's are still computers and subject to hacking/rigging. While activists in many states with paperless DRE's (touchscreens) have advocated for optical scanners, because they at least have a paper ballot filled out by the voter, and a possibility of recounts, which the touchscreen with its flimsy, often mangled "paper roll" does not provide reliably, note that one of the Hursti Hacks was of an optical scanner. Hacking/rigging can also occur at the tabulation level at the Boards of Elections. Optical scanners use a memory card also, subject to being lost, replaced, or manipulated. The only reliable system of voting MUST have citizens able to watch and verify the counting, which computer systems preclude.

On the third hand, some have proposed a hybrid system of optical scanners and hand-counts, of some percentage between 3% and 100%. The benefits to keeping the optical scanners, according to these activists, is to read ballots printed in multiple languages, and to act as a check and balance to the hand-count. It is usually recommended that the hand-count take precedence and that the election results not be certified until the hand count and machine count match, to a degree that satisfies the candidates and the citizens.

The vote is IN on computerized electronic voting:

Why doesn't our Government trust us to hand-count our own votes?