The Verified Voting Blog

This blog contains posts authored by the Verified Voting Team and by members of the Verified Voting Board of Advisors.

Mail Your Ballot Back: Why Voting Online Puts Your Vote and Privacy at Risk

Twenty-three states plus the District of Columbia allow military and overseas voters (not domestic voters) to return voted ballots by email, facsimile and/or other Internet transmission; six allow  internet return in  military in zones of “hostile fire.” Alaska allows it for all absentee voters. But these methods of casting ballots over the Internet are very insecure; ballots returned this way are at risk for manipulation, loss or deletion.

According to the National Institute for Standards and Technology, the agency charged with reviewing the security of internet voting systems, even the most sophisticated cyber security protections cannot secure voted ballots sent over the Internet and that secure Internet voting is not feasible at this time.[1] Even if ballots are returned electronically over online balloting systems that employ security tools such as encryption or virtual private networks, the privacy, integrity or the reliable delivery of the ballot can’t be guaranteed.[2]

Just as important, ballots sent by electronic transmission cannot be kept private.[3]  Most States which accept electronically transmitted ballots require voters to sign a waiver forfeiting the right to a secret ballot.  In some cases this waiver conflicts with State law or constitution which guarantees the right to a secret ballot.

Read More

New Voting Systems Standards Committee Steps into Election Data Void

What does the Institute of Electrical and Electronic Engineers (IEEE) have to do with elections? Glad you asked. IEEE, or the Institute of Electrical and Electronics Engineers, is the world’s largest professional association for the advancement of technology. Along with its major educational and publishing activities, IEEE is one of the leading standards-making organizations in the world. IEEE standards affect a wide range of industries including: power and energy, biomedical and healthcare, Information Technology (IT), telecommunications, transportation, nanotechnology, information assurance, and many more. In 2013, IEEE had over 900 active standards, with over 500 standards under development.

IEEE has many subgroups that establish standards for various industry areas. and one of these is IEEE Project 1622 (or P1622). This group has been active lately working on setting common standards for important election related practices, including things like distributing blank ballots (for voters who are overseas, e.g.). With Congress’ stalemate on appointing new members to the Election Assistance Commission (EAC), development and adoption of U.S. election data standards seems to be shifting from the EAC’s Voluntary Voting Systems Guidelines (VSSG) Technical Development Committee to the IEEE VSSC. Brian Hancock, EAC Director of Voting System Testing and Certification, spoke positively about this development at the recent conference of the Election Verification Network (EVN) in San Diego.

Following adoption of its initial proposed standard for electronic distribution of blank ballot information (1622-2011, published in January 2012), the IEEE Project 1622 for Voting Systems Electronic Data Interchange has been authorized to become the IEEE Voting Systems Standards Committee (VSSC).

Read More

KeyboardVoting-300x225

Hack the Vote: The Perils of the Online Ballot Box

While most voters will cast their ballots at polling stations in November, online voting has been quietly and rapidly expanding in the United States over the last decade. Over 30 states and territories allow some form of Internet voting (such as by email or through a direct portal) for some classes of voters, including members of the military or absentees.

Utah just passed a law allowing disabled voters to vote online; and Alaska allows anyone to cast their ballots online. And there were recent news reports that Democratic and Republican national committees are contemplating holding primaries and caucuses online. We estimate that over three million voters now are eligible to vote online in the U.S.

But online voting is fraught with danger. Hackers could manipulate enough votes to change the results of local and national elections. And a skilled hacker can do so without leaving any evidence.

Read More

Hot State Update! What’s happening in Virginia, Oregon, Connecticut and more… and what Verified Voting is doing to help.

At Verified Voting we work to establish relationships in the states with policy makers and elections officials, in order to ensure they are educated on how to keep our votes secure. We’ve started 2014 with lots of activity around the country, building on a very strong and determined energy around voting issues, much of it unfolding on the state level. We have a great network of people in place and continue to work to make our voices heard. The following is a quick look at some of the Hot States on which we are focusing.

Virginia: This session, House and Senate bills sought to initiate electronic return of voted ballots over the Internet by overseas military voters. Amendments made to the bills called for security protocols to be examined and review of the feasibility and costs involved prior to initiating actual ballot return, thanks to intense outreach with our allies Virginians for Verified Voting, a lot of letters from VA supporters (thank you!), and an op-ed penned by Justin Moore (who is on VV’s advisory board) in the Richmond Times Dispatch.  The amended version of HB 759/SB 11 was conferenced and passed, with these crucial stop-gaps and a clause requiring that the provision be re-approved in 2016 before any ballots are sent over the Internet. As the review process takes place over the coming 18 months, we will be participating actively.  Ensuring that technologists are at the table as the conversation moves forward is critical, as is feedback from Virginia voters.  See the Bill summary here.

Read More

A Valuable Resource for Election Recounts

Last week Citizens for Election Integrity Minnesota released Recount Principles and Best Practices, a document providing recommendations on key recount matters such as counting methods, transparency, voter intent and challengers. The document is especially welcome as it was produced through the cooperation of election officials and citizen activists and it is the first comprehensive set of best practices for recounts. It compliments CEIMN’s earlier documents on audits and their database of state audit and recount laws.

In addition to the four authors, the report benefitted from review by a blue-ribbon panel of advisors, including election officials, election integrity advocates, journalists, and academics.  “Accurate and verifiable elections are essential for our democracy,” said Minnesota Secretary of State Ritchie, one of the reports authors. “This document and its recommendations will improve the way state and local election officials conduct recounts.”

Read More

Post Election Audits for New Hampshire

No voting system is perfect. Nearly all elections in New Hampshire, as in most of the nation, are counted using electronic vote counting systems. Such systems have produced result-changing errors through problems with hardware, software and procedures. Error can also occur when compiling results. Even serious error can go undetected if results are not audited effectively.

In a municipal election in Palm Beach County, Florida in 2012 a “synchronization” problem with the election management software allotted votes to both the wrong candidate and the wrong contest; this was uncovered during a post-election audit. The results were officially changed after a public hand count of the votes. Particularly noteworthy about that example is the fact that Florida has one of the nation’s weakest audit provisions; even so, it enabled the discovery of this critical error. In another state, a software malfunction caused thousands of votes to be added to the total. A manual audit revealed the mistake and officials were able to correct the results and avoid a costly run-off election. In a Republican primary in Iowa, a manual check of the physical ballots revealed a programming error that was attributing votes to the wrong candidates. Thanks to the manual audit, the correct person was seated in office.

Read More

PCEA

Verified Voting Applauds Findings in Presidential Commission Report on Elections

Today’s landmark report by the Presidential Commission on Election Administration (PCEA), The American Voting Experience: Report and Recommendations of the Presidential Commission on Election Administration, recognizes many of the obstacles and opportunities in today’s election administration universe, and proposes several excellent approaches to solving some of those challenges. “We applaud the bi-partisan Commission’s substantial work, balancing the need for secure elections with positive ways to improve voting for all,” said Pamela Smith, President of Verified Voting.  “We strongly agree that military and overseas voters can be supported by providing access to online registration and distribution of information including blank ballots online, and appreciate that the Commission also notes that ‘the internet is not yet secure enough for voting.’” (p. 60)

Read More

Verified Voting Recommendations to the Presidential Commission on Election Administration

On Election Day, long lines were produced in many cases due to voting systems that malfunctioned in multiple locations across the country. As stated in a joint letter we signed sent to President Obama last November, “While insufficient voting equipment was not the only cause for long wait times, it no doubt contributed to the problems we saw on Election Day. The need to improve our voting systems is urgent. Much of the voting equipment in use today is nearing the end of its life cycle, making equipment attrition and obsolescence a serious and growing threat.”[1. http://www.calvoter.org/issues/votingtech/pub/Election_verification_letter_to_Obama_11-20-]

In our “Counting Votes 2012: A State By State Look At Election Preparedness” report[2. http://countingvotes.org], about the 50 states’ preparedness for this major election cycle, we identified key areas of concern. We predicted many states could have problems due to:

• aging voting systems,
• dependence on machine interface for voting for the majority of voters, and
• thoroughness of policies and regulations for emergency back-up provisions in case polling place problems occur and lines start to form.

There were few surprises. As one of our technology expert recruits for the OurVoteLive (OVL) Election Protection hotline indicated:

What’s most interesting is that if you divide things into “easy to solve” and “hard to solve”, the “easy to solve” ones tend to be in places using optical scan [ballots], and the “hard to solve” in places using machines [DREs].

Read More

Matt-Weaver-Koalo-CSUSM

The California College Vote Hack

I just read Doug Chapin’s article on the vote rigging at Cal State San Marcos, and I would add several observations. Had this been a public election conducted via Internet voting, it would have been much more difficult to identify any problem or to capture the perpetrator, Matthew Weaver. Mr. Weaver was captured because he was voting from school-owned computers. This was networked voting but not really Internet voting. The IT staff was able to notice “unusual activity” on those computers, and via remote access they were able to “watch the user cast vote after vote”. But in a public online election people would vote from their own private PCs, and through the Internet, not on a network controlled by the IT staff of election officials. There will likely be no “unusual activity” to notice in real time, and no possibility of “remote access” to allow them to monitor activity on a voter’s computer.  Note also that university IT staff were able to monitor him while he was voting, showing that they were able to completely violate voting privacy, something we cannot tolerate in a public election.

In the Cal State San Marcos election votes apparently had to be cast from computers on the university’s own network, and not from just anywhere on the Internet. I infer this because it makes good security sense, and because I cannot think of any other reason Mr. Weaver would cast his phony votes from a university computer rather than from an anonymous place like a public library. If this is correct, it is a huge security advantage not possible in public elections, where the perpetrator could be anywhere in the world. Even if public officials somehow did notice an unusual voting pattern that made them suspicious after the fact that phony votes were cast, there would be no evidence to indicate who it was, and no police on the spot to pick him up red handed.

Read More

stark

Leave Election Integrity to Chance

How do we know whether the reported winners of an election really won?

There’s no perfect way to count votes. To paraphrase Ulysses S. Grant and Richard M. Nixon, “Mistakes will be made.” Voters don’t always follow instructions. Voting systems can be mis-programmed, as they were last year in Palm Beach, Florida. Ballots can be misplaced, as they were last year in Palm Beach, Florida, and in Sacramento, California. And election fraud is not entirely unknown in the U.S.

Computers can increase the efficiency of elections and make voting easier for people who cannot read English or who have disabilities. But the more elections depend on technology, the more vulnerable they are to failures, bugs, and hacking. Foreign attacks on elections also may be a real threat.

Even if we count votes by hand, there will be mistakes. How can we have confidence in the results?

Read More