Verified Voting Logo
Edit Your PreferencesContact VerifiedVoting.orgAbout VerifiedVoting.org
Verified Voting HomeJoin - Help us do this work!Donate - Help us do this work!Take Action Today!Endorse the resolution!
Printer Friendly Version
Site Map

See information for:

VerifiedVoting.org engages in lobbying activities permitted by IRC Section 501(c)(4). Please visit the Verified Voting Foundation for info about 501(c)(3) educational activities. You can also visit Vote Trust USA, a project of the Verified Voting Foundation. Also, check out our blog and twitter feed.

E-Mail This Page
Home   »  News  »  Newsletters  »  July 23, 2003


July 23, 2003


Voter Verification Newsletter Vol 1, Number 7

David L. Dill (elections@chicory.stanford.edu)
July 23, 2003
http://www.verifiedvoting.org

The more news there is, the less time I have to work on newsletters. So I'll just send what I have.

News Flash: Gross Security Flaws
Found in Diebold Touch-Screen !

Since I entered the fray in January, I've been constantly challenged to "prove that DREs can be hacked." My answer was usually something like the following:

"It is very hard to find out enough details about these systems to determine what security flaws they have. However, we know it is practically impossible to stop tampering by insiders. Furthermore, any system that has not been designed and thoroughly scrutinized by top-flight computer security professionals is guaranteed to have major security holes."

I believe this to be obvious to anyone with a casual acquaintance with computer security (such as me).

Now I can "prove that the machines can be hacked" by citing the following paper which just appeared on the web. Computer security researchers an Johns Hopkins and Rice Universities have inspected the Diebold code that appeared on a web site in New Zealand a few weeks ago. The report appears at http://avirubin.com/vote.pdf

My understanding is that this analysis took about a week. Very serious security blunders were discovered in a matter of hours. While I still believe that insider attacks are still the hardest to stop and potentially the most damaging, it is now clear that there are serious security holes that can be exploited by election workers and even voters. Unlike insider tampering, most of these problems could have been easily avoided had competent computer security people been involved in the system design and implementation.

For, example, it appears that it is easy to make counterfeit "voter cards," which can be used to vote as often as you like. One can easily make a fake "administrator" card. Hackers could rearrange the candidate order on the ballot so that votes are credited to the wrong candidates.

We've been told by voting machine vendors, regulators, and election officials that "hacking" DREs is almost impossible because the machines are designed carefully, use cryptography, and have proprietary software; that there are stringent Federal regulations; that Independent Testing Authorities (ITAs) scrutinize every line of code; that states have exhaustive certification processes; and localities do extensive Logic and Accuracy Tests.

It's just not true. That was obvious before the report, but now it should be undeniable.

There is no reason to believe that Diebold's system is less secure than other vendors. Their code just happened to be available. All the other vendors are implementing the same indadequate security requirements and satisfying the same inadequate reviews.

There is also no reason to assume that the worst problems have been found. The authors felt that it was important to get the information out quickly. Additional weeks or months of review might reveal even worse problems.

I hope this settles the debate on DRE security. They're not secure. There needs to be an independent audit trail.

New Web Site

Thanks to the efforts of some hard-working volunteers, we have a much improved web site: www.verifiedvoting.org

There is a huge amount of work to be done on content, and the site is still evolving, but it is vastly better than the web pages I was trying to maintain at the old site.

Please check it out!

LCCR Policy Analysis

The most recent negative development was that the Leadership Conference on Civil Rights produced a policy analysis arguing against a voter verifiable paper trail requirement. The Leadership Conference on Civil Rights is a coalition of 180 civil rights organizations, including (for example) the ACLU, Common Cause, and the NAACP.

A "policy analysis" is not a "position", I hope. Indeed, few of the member organizations of the LCCR have take an official position one way or the other on voter verifiable audit trail issue. At least one, the Southern Christian Leadership Conference, is circulating a petition through "ActforChange" expressing concern about "fault-prone and fraud-susceptible touch-screen voting machines" which has garnered more than 39,000 signatures (To add your signature, see http://www.workingforchange.com/activism/petition.cfm?itemid=14993 )

The LCCR policy analysis is at http://www.civilrights.org/issues/voting/details.cfm?id=14878

We disagree with this policy analysis. In fact, we believe that the LCCR and it's member organizations should be asking for a voter verifiable audit trail, to protect the rights of all voters. Our response is at http://www.verifiedvoting.org/lccr-response.html

I don't know what political reasoning is behind the LCCR analysis and the similar position taken by the League of Women Voters of the U.S. a few weeks ago. However, I do know that this is a difficult issue for major civil rights organizations because they have worked through complex negotiations on the Help America Vote Act and other legislation and they are not eager to re-open the issue. The current plans to upgrade DREs will replace problematic voting equipment and will increase access for many voters.

Unfortunately, the computer risks are real and must be dealt with. We need to be able to work with these organizations to solve the problem with a minimum of disruption to other plans.

If you are a member of one of the LCCR organizations, it might help to express your views on this issue. I know that a number of these organizations are trying to figure out what to do.

Diebold Scoop

Recently, a report appeared on the tabloid web site "scoop" claiming to deconstruct some of the Diebold system http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm It was accompanied with some over-hyped prose (It's not "Bigger than Watergate", at least yet.) At worst, what is described is a security hole, not actual wrong-doing or election fixing. At best, it is harmless.

The technical discussion appears to me to be sound (although some readers will know more about this than I do). However, the implications are unclear to me.

The discussion is about the process of adding up vote counts at a central office. For example, a county has many precincts. Vote totals for each candidate are calculated at the precincts and sent in to the main office, where they are tallied, along with absentee votes to get vote totals for the county. From the discussion, it seems clear that a malicious user could modify vote totals.

How bad is an insecure tally system? It depends on what election procedures are in place. In California, the parties get precinct data before the election is certified and analyze it to death (I just talked to the guy who does this for the Democratic party). They feel confident that they would catch any problems in the tally system. This illustrates the advantage of having an independent audit trail: the vote totals can be reconstructed from the original precinct data, independently of whatever happens in the central office.

On the other hand, I have also heard that candidates do NOT have access to timely precinct totals in some parts of the country, and cannot compute their own vote totals. If this is true, it is a very bad situation because tally systems probably have lots of other holes.

What does this have to do with voter verifiable audit trails? It is independent, but illustrates some points: For a system to be trustworthy, you have to have meaningful audit trails, and you have to use them. If similar problems were found in the DRE software (for example, if someone could modify the recorded votes in the DRE), it would be a fatal flaw, because there is no independent audit trail.

I'd like to hear from people who know how things really work whether candidates have timely access to trustworthy precinct data.

USACM Sponsored Voter Verified Election Systems Workshop

USACM sponsored Workshop on Voter-Verifiable Election Systems July 28­29, 2003, Denver Colorado Adams Mark Hotel

This will be an informal workshop to discuss voter verifiable election systems: Security issues in DREs, possible solutions, and related topics. Quite a few interesting people have registered, including people with many different viewpoints.

There will be a session Monday afternoon 1 PM - 5 PM and another session Tuesday morning 9 AM - Noon.

We would like people to register online, so we know who is coming and how many will be coming. The workshop is free and open to the public. We have room for 75 people.

The oroginal workshop announcement and registration form are available at www.verifiedvoting.org

We don't have any money available for travel reimbursement, and we don't have a conference with the Adams Mark (although you should definitely find out about AAA rates). There are other hotels nearby that may have good rates.

http://www.verifiedvoting.org/forms/DenverWorkshop/default.asp

CLARIFICATION: The workshop has no organizational connection with the IACREOT conference. We have scheduled it near IACREOT for the convenience of people attending IACREOT.

Internet Voting

When I wrote the "Resolution on Electronic Voting," I didn't explicitly address Internet voting, because I knew that every technical study had said it wasn't safe now, or possibly ever. Especially when you have people voting on everyday PCs, there are multiple unsolvable problems, including viruses and denial of service attacks. Even people we've been arguing with about DREs, like R. Doug Lewis of the Election Center, have denounced internet voting.

Unfortunately, the idea just won't die! Several European countries are embracing Internet voting on an experimental basis. The Michigan Democratic party is planning to use it in a primary. The most disastrous proposal is the SERVE program, which makes it possible for Americans overseas, especially military voters, to vote over the Internet. To make it worse, the contractors for the program are election.com, which was recently bought by mysterious Saudi investors, and Accenture (via it's new "eDemocracy business unit"), which was recently accused of violating the Corrupt Practices Act (which bans bribing foreign officials). And do we really want the Department of Defense running elections? There must be a better way to facilitate overseas voting (for example, mailing in ballots that are printed on demand, with electronic ballots for unofficial early counts if we need them).

The program is initially for 200,000 overseas Americans (enough to have an impact on election results). But the big threat is that it will be the foot in the door for more widespread adoption of Internet voting.

HR 2239 The Voter Confidence and
Increased Accessibility Act of 2003.

The paper trail bill introduced by Rep. Rush Holt now has 26 cosponsors, which is great! If one of your representatives is listed here, please take a moment to let them know you are pleased with their action.

If your representative is NOT on the list, please contact him or her and asking them to do so and please send me an email (elections@chicory.stanford.edu) letting me know what their position is.

  • Rep Baird, Brian - 6/17/2003 [WA-3]
  • Rep Brown, Corrine - 7/9/2003 [FL-3]
  • Rep Brown, Sherrod - 6/24/2003 [OH-13]
  • Rep Case, Ed - 7/21/2003 [HI-2]
  • Rep Conyers, John, Jr. - 6/17/2003 [MI-14]
  • Rep Davis, Danny K. - 7/21/2003 [IL-7]
  • Rep Eshoo, Anna G. - 6/24/2003 [CA-14]
  • Rep Farr, Sam - 7/21/2003 [CA-17]
  • Rep Fattah, Chaka - 7/21/2003 [PA-2]
  • Rep Filner, Bob - 7/9/2003 [CA-51]
  • Rep Frank, Barney - 6/24/2003 [MA-4]
  • Rep Hinchey, Maurice D. - 6/17/2003 [NY-22]
  • Rep Hoeffel, Joseph M. - 6/24/2003 [PA-13]
  • Rep Jones, Stephanie Tubbs - 7/21/2003 [OH-11]
  • Rep Kaptur, Marcy - 6/17/2003 [OH-9]
  • Rep Lantos, Tom - 7/9/2003 [CA-12]
  • Rep Lee, Barbara - 6/17/2003 [CA-9]
  • Rep Owens, Major R. - 6/24/2003 [NY-11]
  • Rep Rothman, Steve R. - 7/9/2003 [NJ-9]
  • Rep Schakowsky, Janice D. - 6/24/2003 [IL-9]
  • Rep Scott, Robert C. - 6/24/2003 [VA-3]
  • Rep Strickland, Ted - 6/24/2003 [OH-6]
  • Rep Van Hollen, Chris - 6/17/2003 [MD-8]
  • Rep Wexler, Robert - 6/17/2003 [FL-19]
  • Rep Woolsey, Lynn C. - 6/17/2003 [CA-6]
  • Rep Wynn, Albert Russell - 7/21/2003 [MD-4]

New York Paper Trail Bill

Commissioner of the New York Board of Elections Douglas Kellner writes:

The New York State Assembly has passed A-8847 "The Voting Systems Standards Act of 2003."

The bill authorizes procurement of new electronic voting machines that will comply with HAVA.

Most significantly, the law specifically requires that the new machines "produce and retain a voter verified permanent paper record with a manual audit capacity which shall record each vote to be cast and which shall be presented to the voter from behind a window or other device before the ballot is cast."

You can get the full text of the bill at: http://assembly.state.ny.us/leg/?bn=3DA08847&sh=3Dt

The bill memo and status are at: http://assembly.state.ny.us/leg/?bn=3DA08847

The Legislature is scheduled to adjourn Friday or Saturday and it is unclear whether the Senate will take up the bill before then. There is discussion, however, of a special session in September to iron out any legislation necessary to implement HAVA. The Assembly has clearly defined its position on this issue.

Florida

From the Palm Beach Post, Thursday, July 10:

Florida Representative Robert Wexler has called on the state to spend federal dollars on voter verifiable printers.

"Without the ballot, we will place unfounded trust in touch-screen voting machines to properly record each ballot correctly," he wrote Tuesday in a letter to Secretary of State Glenda Hood. "Florida cannot afford another election fiasco."

http://www.palmbeachpost.com/localnews/content/auto/epaper/editions/thursday/local_news_f3c04d0b168b319c009e.html

Diesel Engines

A few years ago, I read in the newspaper that diesel engine manufacturers had to pay a huge fine for lying about the pollution generated by their engines.

It turns out that the details of the story are interesting, and relevant to voting machines (surprisingly).

The engines are computer-controlled, and the computers were programmed to produce low emissions, at lower efficiency, under test conditions. However, the computer control could sense when the engines were NOT being tested and increase efficiency at the cost of higher emissions on the open road.

http://www.dieselnet.com/news/9810epa.html

I've heard of similar fraud with gasoline pumps. The weights and measures people would test the pumps by pumping exactly a gallon of gasoline. So, the computer-controlled pumps would measure the first gallon exactly and a little less for subsequent gallons. (Sorry, I have no reference. Maybe someone can send me one.)

But no one would ever consider doing something like this with voting machines.
The Verifier Map

How do Americans cast their ballots? See the Verifier Map for detailed information on voting systems used in each state and county in recent elections.

voting equipment used in earlier elections (2004/2006)


Get E-Mail Alerts




Announcements

July 27, 2010
State Election Officials: Recountable Process A Must for Overseas Voters
July 20, 2010
Online Voting: All That Glitters Is Not Gold (Unless You're a Vendor)
June 21, 2010
Voting Without A Net In South Carolina
June 17, 2010
Voting results in New Jersey should not be mysterious
June 16, 2010
Verified Voting Calls for Recountable, Auditable Voting Systems Following South Carolina Primary
June 16, 2010
Voting integrity groups call for investigation of South Carolina voting systems in wake of unexpected primary results in Democratic US Senate race
June 15, 2010
On the South Carolina Primary
May 23, 2010
Benefits, risks of e-mail ballots weighed
May 4, 2010
PA - Team 4: Security Concerns About Voting Machines Remain
April 26, 2010
California Assembly committee endorses UC Berkeley statistician's election auditing method
March 8, 2010
Feds Move to Break Voting-Machine Monopoly
March 2, 2010
Is the Internet the Right Place for Our Ballots? Election Administration and Voting Rights Thought Leaders Weigh in on the Future of Overseas Voting at Summit 2010
February 25, 2010
Minnesota Civic Groups Refute Recount Claims
February 17, 2010
Groups and Election Officials Warn Department of Justice that Voting Machine Vendor Merger will Inflate Costs to Taxpayers, Threaten Election Accuracy and National Security
February 11, 2010
Fla. justices uphold local election law
February 3, 2010
NJ Judge Issues Mixed Order on Use of E-voting Machines
February 1, 2010
Ruling Issued in Rutgers–Newark Law School’s Constitutional Litigation Clinic Challenge to NJ's Electronic Voting Machines
February 1, 2010
Holt Statement on NJ Court Decision on Paper Ballots
January 28, 2010
Internet Voting, Still in Beta
January 28, 2010
MD: State elections head says new voting system costly, not effective

Important Links

  • VVBlog: Check out the latest news and commentary at our blog.
  • Election Day Problems?
    Call 1-866-OUR-VOTE
  • Find Your Polling Place: Vote411.org
  • Questions? Contact Us
  • Vote Trust USA - national resource for state-based organizations supporting verifiable elections, a Verified Voting Foundation project


    • "The core of our American democracy is the right to vote. Implicit in that right is the notion that that vote be private, that vote be secure, and that vote be counted as it was intended when it was cast by the voter. And I think what we're encountering is a pivotal moment in our democracy where all of that is being called into question." (more here)

    Kevin Shelley, former
    California Sec. of State



    VerifiedVoting.org, Inc., is a 501(c)(4) nonprofit corporation.

    © Copyright 2008, VerifiedVoting.org, Inc. All rights reserved, although reprint permission granted for nonprofit purposes with attribution to VerifiedVoting.org.


    Privacy    Site Map