The Verified Voting Blog

This blog contains posts authored by the Verified Voting Team and by members of the Verified Voting Board of Advisors.

Hot State Update! What’s happening in Virginia, Oregon, Connecticut and more… and what Verified Voting is doing to help.

At Verified Voting we work to establish relationships in the states with policy makers and elections officials, in order to ensure they are educated on how to keep our votes secure. We’ve started 2014 with lots of activity around the country, building on a very strong and determined energy around voting issues, much of it unfolding on the state level. We have a great network of people in place and continue to work to make our voices heard. The following is a quick look at some of the Hot States on which we are focusing.

Virginia: This session, House and Senate bills sought to initiate electronic return of voted ballots over the Internet by overseas military voters. Amendments made to the bills called for security protocols to be examined and review of the feasibility and costs involved prior to initiating actual ballot return, thanks to intense outreach with our allies Virginians for Verified Voting, a lot of letters from VA supporters (thank you!), and an op-ed penned by Justin Moore (who is on VV’s advisory board) in the Richmond Times Dispatch.  The amended version of HB 759/SB 11 was conferenced and passed, with these crucial stop-gaps and a clause requiring that the provision be re-approved in 2016 before any ballots are sent over the Internet. As the review process takes place over the coming 18 months, we will be participating actively.  Ensuring that technologists are at the table as the conversation moves forward is critical, as is feedback from Virginia voters.  See the Bill summary here.

Read More

Share

A Valuable Resource for Election Recounts

Last week Citizens for Election Integrity Minnesota released Recount Principles and Best Practices, a document providing recommendations on key recount matters such as counting methods, transparency, voter intent and challengers. The document is especially welcome as it was produced through the cooperation of election officials and citizen activists and it is the first comprehensive set of best practices for recounts. It compliments CEIMN’s earlier documents on audits and their database of state audit and recount laws.

In addition to the four authors, the report benefitted from review by a blue-ribbon panel of advisors, including election officials, election integrity advocates, journalists, and academics.  “Accurate and verifiable elections are essential for our democracy,” said Minnesota Secretary of State Ritchie, one of the reports authors. “This document and its recommendations will improve the way state and local election officials conduct recounts.”

Read More

Share

Post Election Audits for New Hampshire

No voting system is perfect. Nearly all elections in New Hampshire, as in most of the nation, are counted using electronic vote counting systems. Such systems have produced result-changing errors through problems with hardware, software and procedures. Error can also occur when compiling results. Even serious error can go undetected if results are not audited effectively.

In a municipal election in Palm Beach County, Florida in 2012 a “synchronization” problem with the election management software allotted votes to both the wrong candidate and the wrong contest; this was uncovered during a post-election audit. The results were officially changed after a public hand count of the votes. Particularly noteworthy about that example is the fact that Florida has one of the nation’s weakest audit provisions; even so, it enabled the discovery of this critical error. In another state, a software malfunction caused thousands of votes to be added to the total. A manual audit revealed the mistake and officials were able to correct the results and avoid a costly run-off election. In a Republican primary in Iowa, a manual check of the physical ballots revealed a programming error that was attributing votes to the wrong candidates. Thanks to the manual audit, the correct person was seated in office.

Read More

Share
PCEA

Verified Voting Applauds Findings in Presidential Commission Report on Elections

Today’s landmark report by the Presidential Commission on Election Administration (PCEA), The American Voting Experience: Report and Recommendations of the Presidential Commission on Election Administration, recognizes many of the obstacles and opportunities in today’s election administration universe, and proposes several excellent approaches to solving some of those challenges. “We applaud the bi-partisan Commission’s substantial work, balancing the need for secure elections with positive ways to improve voting for all,” said Pamela Smith, President of Verified Voting.  “We strongly agree that military and overseas voters can be supported by providing access to online registration and distribution of information including blank ballots online, and appreciate that the Commission also notes that ‘the internet is not yet secure enough for voting.’” (p. 60)

Read More

Share

Verified Voting Recommendations to the Presidential Commission on Election Administration

On Election Day, long lines were produced in many cases due to voting systems that malfunctioned in multiple locations across the country. As stated in a joint letter we signed sent to President Obama last November, “While insufficient voting equipment was not the only cause for long wait times, it no doubt contributed to the problems we saw on Election Day. The need to improve our voting systems is urgent. Much of the voting equipment in use today is nearing the end of its life cycle, making equipment attrition and obsolescence a serious and growing threat.”[1. http://www.calvoter.org/issues/votingtech/pub/Election_verification_letter_to_Obama_11-20-]

In our “Counting Votes 2012: A State By State Look At Election Preparedness” report[2. http://countingvotes.org], about the 50 states’ preparedness for this major election cycle, we identified key areas of concern. We predicted many states could have problems due to:

• aging voting systems,
• dependence on machine interface for voting for the majority of voters, and
• thoroughness of policies and regulations for emergency back-up provisions in case polling place problems occur and lines start to form.

There were few surprises. As one of our technology expert recruits for the OurVoteLive (OVL) Election Protection hotline indicated:

What’s most interesting is that if you divide things into “easy to solve” and “hard to solve”, the “easy to solve” ones tend to be in places using optical scan [ballots], and the “hard to solve” in places using machines [DREs].

Read More

Share
Matt-Weaver-Koalo-CSUSM

The California College Vote Hack

I just read Doug Chapin’s article on the vote rigging at Cal State San Marcos, and I would add several observations. Had this been a public election conducted via Internet voting, it would have been much more difficult to identify any problem or to capture the perpetrator, Matthew Weaver. Mr. Weaver was captured because he was voting from school-owned computers. This was networked voting but not really Internet voting. The IT staff was able to notice “unusual activity” on those computers, and via remote access they were able to “watch the user cast vote after vote”. But in a public online election people would vote from their own private PCs, and through the Internet, not on a network controlled by the IT staff of election officials. There will likely be no “unusual activity” to notice in real time, and no possibility of “remote access” to allow them to monitor activity on a voter’s computer.  Note also that university IT staff were able to monitor him while he was voting, showing that they were able to completely violate voting privacy, something we cannot tolerate in a public election.

In the Cal State San Marcos election votes apparently had to be cast from computers on the university’s own network, and not from just anywhere on the Internet. I infer this because it makes good security sense, and because I cannot think of any other reason Mr. Weaver would cast his phony votes from a university computer rather than from an anonymous place like a public library. If this is correct, it is a huge security advantage not possible in public elections, where the perpetrator could be anywhere in the world. Even if public officials somehow did notice an unusual voting pattern that made them suspicious after the fact that phony votes were cast, there would be no evidence to indicate who it was, and no police on the spot to pick him up red handed.

Read More

Share
stark

Leave Election Integrity to Chance

How do we know whether the reported winners of an election really won?

There’s no perfect way to count votes. To paraphrase Ulysses S. Grant and Richard M. Nixon, “Mistakes will be made.” Voters don’t always follow instructions. Voting systems can be mis-programmed, as they were last year in Palm Beach, Florida. Ballots can be misplaced, as they were last year in Palm Beach, Florida, and in Sacramento, California. And election fraud is not entirely unknown in the U.S.

Computers can increase the efficiency of elections and make voting easier for people who cannot read English or who have disabilities. But the more elections depend on technology, the more vulnerable they are to failures, bugs, and hacking. Foreign attacks on elections also may be a real threat.

Even if we count votes by hand, there will be mistakes. How can we have confidence in the results?

Read More

Share

Developing a Framework to Improve Critical Infrastructure Cybersecurity

Under Executive Order 13636 [2] (“Executive Order”), the Secretary of Commerce is tasked to direct the Director of NIST to develop a framework for reducing cyber risks to critical infrastructure (the “Cybersecurity Framework” or “Framework”). The Framework will consist of standards, methodologies, procedures and processes that align policy, business, and technological approaches to address cyber risks. The Department of Homeland Security, in coordination with sector-specific agencies, will then establish a voluntary program to support the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure and any other interested entities.

NIST has issued a Request for Information (RFI) in the Federal Register. It is to this RFI that our response pertains. The undersigned persons and organizations include experts on matters relating to election technology, election practices, encryption, Internet security, and/or privacy. We appreciate the opportunity to provide input on this RFI entitled “Developing a Framework to Improve Critical Infrastructure Cybersecurity”.

Our response focuses on the discussion of specific practices as they pertain to elections practices and systems as part of the nation’s critical infrastructure. (Download the Full Response as a PDF)

Read More

Share

Helping LA County Build a Voting System

This past week I was at the kick-off meeting of the LA County Voting System Assessment Project’s (VSAP) Technical Advisory Committee. The VSAP is Registrar/ClerkDean Logan’s intense and groundbreaking effort to design, develop, procure and implement a publicly owned voting system. I am honored to be asked to serve on such an important body.

LA County is the largest election jurisdiction in the US, with 5 million registered voters, 10 languages, 5,000 precincts and a very large physical area. The county currently uses the InkaVote Plus voting system (with Audio Ballot Booth for accessibility), which is essentially an overhaul of former punchcard equipment to use inked styluses for marking and to provide in-precint checks for the voter in case they make mistakes.

Read More

Share

Internet voting for overseas military puts election security at risk

Connecticut lawmakers are considering legislation to allow military voters to cast ballots over the Internet. The intention of this legislation is well-meaning — Connecticut does need to improve the voting process for military voters — but Internet voting is not the answer. Every day, headlines reveal just how vulnerable and insecure any online network really is, and how sophisticated, tenacious and skilled today’s attackers are. Just last week, we learned that the U.S. has already experienced our first-ever documented attack on an election system, when a grand jury report revealed that someone hacked into the Miami-Dade primary elections system in August 2012. A chilling account in The Washington Post recently reported that most government entities in Washington, including congressional offices, federal agencies, government contractors, embassies, news organizations, think tanks and law firms, have been penetrated by Chinese hackers. They join a long list that includes the CIAFBIDepartment of DefenseBank of America, and on and on. These organizations have huge cybersecurity budgets and the most robust security tools available, and they have been unable to prevent hacking. Contrary to popular belief, online voting systems would not be any more secure.

Read More

Share