California’s record low turnout for November’s elections is indeed worrisome, and incoming Secretary of State Alex Padilla’s promises to increase the voter rolls are laudable. However, the editorial board’s desire to see online voting as the natural evolution of our voting systems is misplaced. Yes, we do bank, shop and communicate online, but a quick review of the latest headlines proves these transactions aren’t secure. Cybercrime is estimated to cost businesses billions every year. Elections are unlike financial transactions because they’re extremely vulnerable to undetectable hacking. Because we vote by secret ballot, there is no way to reconcile the votes recorded and the marks the voter actually makes with technology currently available.
The Verified Voting Blog
This blog contains posts authored by the Verified Voting Team and by members of the Verified Voting Board of Advisors.
Twenty-three states plus the District of Columbia allow military and overseas voters (not domestic voters) to return voted ballots by email, facsimile and/or other Internet transmission; six allow internet return in military in zones of “hostile fire.” Alaska allows it for all absentee voters. But these methods of casting ballots over the Internet are very insecure; ballots returned this way are at risk for manipulation, loss or deletion.
According to the National Institute for Standards and Technology, the agency charged with reviewing the security of internet voting systems, even the most sophisticated cyber security protections cannot secure voted ballots sent over the Internet and that secure Internet voting is not feasible at this time. Even if ballots are returned electronically over online balloting systems that employ security tools such as encryption or virtual private networks, the privacy, integrity or the reliable delivery of the ballot can’t be guaranteed.
Just as important, ballots sent by electronic transmission cannot be kept private. Most States which accept electronically transmitted ballots require voters to sign a waiver forfeiting the right to a secret ballot. In some cases this waiver conflicts with State law or constitution which guarantees the right to a secret ballot.
What does the Institute of Electrical and Electronic Engineers (IEEE) have to do with elections? Glad you asked. IEEE, or the Institute of Electrical and Electronics Engineers, is the world’s largest professional association for the advancement of technology. Along with its major educational and publishing activities, IEEE is one of the leading standards-making organizations in the world. IEEE standards affect a wide range of industries including: power and energy, biomedical and healthcare, Information Technology (IT), telecommunications, transportation, nanotechnology, information assurance, and many more. In 2013, IEEE had over 900 active standards, with over 500 standards under development.
IEEE has many subgroups that establish standards for various industry areas. and one of these is IEEE Project 1622 (or P1622). This group has been active lately working on setting common standards for important election related practices, including things like distributing blank ballots (for voters who are overseas, e.g.). With Congress’ stalemate on appointing new members to the Election Assistance Commission (EAC), development and adoption of U.S. election data standards seems to be shifting from the EAC’s Voluntary Voting Systems Guidelines (VSSG) Technical Development Committee to the IEEE VSSC. Brian Hancock, EAC Director of Voting System Testing and Certification, spoke positively about this development at the recent conference of the Election Verification Network (EVN) in San Diego.
Following adoption of its initial proposed standard for electronic distribution of blank ballot information (1622-2011, published in January 2012), the IEEE Project 1622 for Voting Systems Electronic Data Interchange has been authorized to become the IEEE Voting Systems Standards Committee (VSSC).
While most voters will cast their ballots at polling stations in November, online voting has been quietly and rapidly expanding in the United States over the last decade. Over 30 states and territories allow some form of Internet voting (such as by email or through a direct portal) for some classes of voters, including members of the military or absentees.
Utah just passed a law allowing disabled voters to vote online; and Alaska allows anyone to cast their ballots online. And there were recent news reports that Democratic and Republican national committees are contemplating holding primaries and caucuses online. We estimate that over three million voters now are eligible to vote online in the U.S.
But online voting is fraught with danger. Hackers could manipulate enough votes to change the results of local and national elections. And a skilled hacker can do so without leaving any evidence.
Hot State Update! What’s happening in Virginia, Oregon, Connecticut and more… and what Verified Voting is doing to help.
At Verified Voting we work to establish relationships in the states with policy makers and elections officials, in order to ensure they are educated on how to keep our votes secure. We’ve started 2014 with lots of activity around the country, building on a very strong and determined energy around voting issues, much of it unfolding on the state level. We have a great network of people in place and continue to work to make our voices heard. The following is a quick look at some of the Hot States on which we are focusing.
Virginia: This session, House and Senate bills sought to initiate electronic return of voted ballots over the Internet by overseas military voters. Amendments made to the bills called for security protocols to be examined and review of the feasibility and costs involved prior to initiating actual ballot return, thanks to intense outreach with our allies Virginians for Verified Voting, a lot of letters from VA supporters (thank you!), and an op-ed penned by Justin Moore (who is on VV’s advisory board) in the Richmond Times Dispatch. The amended version of HB 759/SB 11 was conferenced and passed, with these crucial stop-gaps and a clause requiring that the provision be re-approved in 2016 before any ballots are sent over the Internet. As the review process takes place over the coming 18 months, we will be participating actively. Ensuring that technologists are at the table as the conversation moves forward is critical, as is feedback from Virginia voters. See the Bill summary here.
Last week Citizens for Election Integrity Minnesota released Recount Principles and Best Practices, a document providing recommendations on key recount matters such as counting methods, transparency, voter intent and challengers. The document is especially welcome as it was produced through the cooperation of election officials and citizen activists and it is the first comprehensive set of best practices for recounts. It compliments CEIMN’s earlier documents on audits and their database of state audit and recount laws.
In addition to the four authors, the report benefitted from review by a blue-ribbon panel of advisors, including election officials, election integrity advocates, journalists, and academics. “Accurate and verifiable elections are essential for our democracy,” said Minnesota Secretary of State Ritchie, one of the reports authors. “This document and its recommendations will improve the way state and local election officials conduct recounts.”
No voting system is perfect. Nearly all elections in New Hampshire, as in most of the nation, are counted using electronic vote counting systems. Such systems have produced result-changing errors through problems with hardware, software and procedures. Error can also occur when compiling results. Even serious error can go undetected if results are not audited effectively.
In a municipal election in Palm Beach County, Florida in 2012 a “synchronization” problem with the election management software allotted votes to both the wrong candidate and the wrong contest; this was uncovered during a post-election audit. The results were officially changed after a public hand count of the votes. Particularly noteworthy about that example is the fact that Florida has one of the nation’s weakest audit provisions; even so, it enabled the discovery of this critical error. In another state, a software malfunction caused thousands of votes to be added to the total. A manual audit revealed the mistake and officials were able to correct the results and avoid a costly run-off election. In a Republican primary in Iowa, a manual check of the physical ballots revealed a programming error that was attributing votes to the wrong candidates. Thanks to the manual audit, the correct person was seated in office.
Today’s landmark report by the Presidential Commission on Election Administration (PCEA), The American Voting Experience: Report and Recommendations of the Presidential Commission on Election Administration, recognizes many of the obstacles and opportunities in today’s election administration universe, and proposes several excellent approaches to solving some of those challenges. “We applaud the bi-partisan Commission’s substantial work, balancing the need for secure elections with positive ways to improve voting for all,” said Pamela Smith, President of Verified Voting. “We strongly agree that military and overseas voters can be supported by providing access to online registration and distribution of information including blank ballots online, and appreciate that the Commission also notes that ‘the internet is not yet secure enough for voting.’” (p. 60)
On Election Day, long lines were produced in many cases due to voting systems that malfunctioned in multiple locations across the country. As stated in a joint letter we signed sent to President Obama last November, “While insufficient voting equipment was not the only cause for long wait times, it no doubt contributed to the problems we saw on Election Day. The need to improve our voting systems is urgent. Much of the voting equipment in use today is nearing the end of its life cycle, making equipment attrition and obsolescence a serious and growing threat.”[1. http://www.calvoter.org/issues/votingtech/pub/Election_verification_letter_to_Obama_11-20-]
In our “Counting Votes 2012: A State By State Look At Election Preparedness” report[2. http://countingvotes.org], about the 50 states’ preparedness for this major election cycle, we identified key areas of concern. We predicted many states could have problems due to:
• aging voting systems,
• dependence on machine interface for voting for the majority of voters, and
• thoroughness of policies and regulations for emergency back-up provisions in case polling place problems occur and lines start to form.
There were few surprises. As one of our technology expert recruits for the OurVoteLive (OVL) Election Protection hotline indicated:
What’s most interesting is that if you divide things into “easy to solve” and “hard to solve”, the “easy to solve” ones tend to be in places using optical scan [ballots], and the “hard to solve” in places using machines [DREs].
I just read Doug Chapin’s article on the vote rigging at Cal State San Marcos, and I would add several observations. Had this been a public election conducted via Internet voting, it would have been much more difficult to identify any problem or to capture the perpetrator, Matthew Weaver. Mr. Weaver was captured because he was voting from school-owned computers. This was networked voting but not really Internet voting. The IT staff was able to notice “unusual activity” on those computers, and via remote access they were able to “watch the user cast vote after vote”. But in a public online election people would vote from their own private PCs, and through the Internet, not on a network controlled by the IT staff of election officials. There will likely be no “unusual activity” to notice in real time, and no possibility of “remote access” to allow them to monitor activity on a voter’s computer. Note also that university IT staff were able to monitor him while he was voting, showing that they were able to completely violate voting privacy, something we cannot tolerate in a public election.
In the Cal State San Marcos election votes apparently had to be cast from computers on the university’s own network, and not from just anywhere on the Internet. I infer this because it makes good security sense, and because I cannot think of any other reason Mr. Weaver would cast his phony votes from a university computer rather than from an anonymous place like a public library. If this is correct, it is a huge security advantage not possible in public elections, where the perpetrator could be anywhere in the world. Even if public officials somehow did notice an unusual voting pattern that made them suspicious after the fact that phony votes were cast, there would be no evidence to indicate who it was, and no police on the spot to pick him up red handed.