The Verified Voting Blog

This blog contains posts authored by the Verified Voting Team and by members of the Verified Voting Board of Advisors.

Even Scott’s critics praise him for signing voter registration bill | The Gainesville Sun

In 2011, Gov. Rick Scott drew criticism for backing legislation that opponents said restricted the ability of Floridians to vote, including reducing the time that early voting would be allowed. After the 2012 presidential election — when Florida again attracted national attention for voting problems, including long lines in some major counties and the inability to finish a final vote count along with the other states — Scott backed legislation that pulled back some of those 2011 changes and implemented other reforms. On Friday, Scott went even further by signing legislation (SB 228) that would let Florida voters register online by 2017 — making Florida the 25th state that has online registration or is in the process of implementing it. Scott's latest move — seen as a major expansion of voting rights – is drawing praise from some of his harshest critics.

Just Ducky

If it looks like a duck, walks like a duck, and quacks like a duck, it’s a duck.  It is not a seagull.  People will, understandably, refer to it as a duck.  Deciding to call it a seagull does not cause it to cease being a duck and does not transform it into a seagull.  With me so far?  An election held by a California city is an “advisory election” if its purpose is to enable only the city’s registered voters to voice their opinions on substantive issues in a non-binding manner.  City advisory elections are subject to the California Election Code’s general requirements and prohibitions.

Now consider the following scenario.  A small California city’s leaders, and the elections system vendor they hire, plan an election that in all respects is described by California Elections Code section 9603.  The city leaders and vendor publicly and consistently refer to the planned activity as an “advisory vote” and “advisory election.”  The city is notified that the election will be illegal, both because it will use an Internet voting system, prohibited by the Elections Code, and because the system is not state-certified, as required by the Elections Code.   With just two weeks to go, the city’s leaders and vendor respond by re-labeling the planned activity a “poll” or “community poll” but make no other changes.

Principles for New Voting Systems

Many jurisdictions will need to replace their voting systems in the next few years. Commercial voting systems currently in the marketplace are expensive to acquire and maintain and difficult to audit effectively. Elections may be verifiable in principle--if they generate a voter-verifiable paper trail that is curated well--but current systems make it hard or impractical to verify elections in practice.

Recent experience with open-source tabulation systems in risk-limiting audits in California and Colorado, and voting system projects in Los Angeles County, CA, and Travis County, TX, suggest that the US could have voting systems that are accurate, usable, verifiable, efficiently auditable, reliable, secure, modular, and transparent, for a fraction of the cost of systems currently on the market.

The key to reducing costs is to use commodity off-the-shelf hardware, open-source software, and open data standards.  Usability and auditability need to be designed into new systems from the start. The US could have the best possible voting systems, instead of just the best voting systems money can buy, if new systems adhere to the Principles enunciated below. (Download PDF)

ieee

New Standards for Election Data

Examining election results to confirm winners and losers for very close elections can be problematic for contests that span multiple jurisdictions using different equipment and diverse data formats for reporting those results. Such differences have been a significant barrier to conducting post-election risk-limiting audits in time to change preliminary election results if necessary. To address problems caused by incompatible election reporting formats, the IEEE has developed a new standard for election results reporting (1622-2). This standard marks the culmination of over ten years of efforts by many individuals and organizations (including Verified Voting), with crucial technical staff support from the National Institute of Standards and Technology (NIST). In the recently completed 2014 elections, the Ohio Secretary of State’s office successfully used a draft version of the standard to report and export election results and the Associated Press Election Services used the same draft standard to import Ohio’s election results and incorporate it into their national election reporting for television, radio, and newspaper clients across the country. You are invited to weigh in: to see the proposed reporting standard and submit your comments and suggestions for improvement here.

Verified Voting has been actively working for a number of years to develop and promote adoption of national data standards for to support inter-operability, transparent reporting, and post-election audits comparing hand-eye manual counts of voter-verified records with electronic tabulation results.  In 2008 and 2009, we submitted formal comments on the draft 2007 Voluntary Voting Systems Guidelines (VVSG) proposed by the U.S. Election Assistance Commission (EAC)’s Technical Guidelines Development Committee (TGDC). While the draft 2007 VVSG "encourages" adoption of a standard data exchange format to facilitate interoperability between different hardware components, Verified Voting and other groups and experts urged that voting systems be required to input and output data using a common standard format for election data import, export and exchange. As we pointed out, requiring standard data exchange formats can also help facilitate another important VVSG goal -- interoperability of election hardware and software components from different vendors.

Security not yet available for online voting

California’s record low turnout for November’s elections is indeed worrisome, and incoming Secretary of State Alex Padilla’s promises to increase the voter rolls are laudable. However, the editorial board’s desire to see online voting as the natural evolution of our voting systems is misplaced.  Yes, we do bank, shop and communicate online, but a quick review of the latest headlines proves these transactions aren’t secure. Cybercrime is estimated to cost businesses billions every year. Elections are unlike financial transactions because they’re extremely vulnerable to undetectable hacking. Because we vote by secret ballot, there is no way to reconcile the votes recorded and the marks the voter actually makes with technology currently available.

Mail Your Ballot Back: Why Voting Online Puts Your Vote and Privacy at Risk

Twenty-three states plus the District of Columbia allow military and overseas voters (not domestic voters) to return voted ballots by email, facsimile and/or other Internet transmission; six allow  internet return in  military in zones of “hostile fire.” Alaska allows it for all absentee voters. But these methods of casting ballots over the Internet are very insecure; ballots returned this way are at risk for manipulation, loss or deletion.

According to the National Institute for Standards and Technology, the agency charged with reviewing the security of internet voting systems, even the most sophisticated cyber security protections cannot secure voted ballots sent over the Internet and that secure Internet voting is not feasible at this time.[1] Even if ballots are returned electronically over online balloting systems that employ security tools such as encryption or virtual private networks, the privacy, integrity or the reliable delivery of the ballot can’t be guaranteed.[2]

Just as important, ballots sent by electronic transmission cannot be kept private.[3]  Most States which accept electronically transmitted ballots require voters to sign a waiver forfeiting the right to a secret ballot.  In some cases this waiver conflicts with State law or constitution which guarantees the right to a secret ballot.

New Voting Systems Standards Committee Steps into Election Data Void

What does the Institute of Electrical and Electronic Engineers (IEEE) have to do with elections? Glad you asked. IEEE, or the Institute of Electrical and Electronics Engineers, is the world's largest professional association for the advancement of technology. Along with its major educational and publishing activities, IEEE is one of the leading standards-making organizations in the world. IEEE standards affect a wide range of industries including: power and energy, biomedical and healthcare, Information Technology (IT), telecommunications, transportation, nanotechnology, information assurance, and many more. In 2013, IEEE had over 900 active standards, with over 500 standards under development.

IEEE has many subgroups that establish standards for various industry areas. and one of these is IEEE Project 1622 (or P1622). This group has been active lately working on setting common standards for important election related practices, including things like distributing blank ballots (for voters who are overseas, e.g.). With Congress’ stalemate on appointing new members to the Election Assistance Commission (EAC), development and adoption of U.S. election data standards seems to be shifting from the EAC’s Voluntary Voting Systems Guidelines (VSSG) Technical Development Committee to the IEEE VSSC. Brian Hancock, EAC Director of Voting System Testing and Certification, spoke positively about this development at the recent conference of the Election Verification Network (EVN) in San Diego.

Following adoption of its initial proposed standard for electronic distribution of blank ballot information (1622-2011, published in January 2012), the IEEE Project 1622 for Voting Systems Electronic Data Interchange has been authorized to become the IEEE Voting Systems Standards Committee (VSSC).

KeyboardVoting-300x225

Hack the Vote: The Perils of the Online Ballot Box

While most voters will cast their ballots at polling stations in November, online voting has been quietly and rapidly expanding in the United States over the last decade. Over 30 states and territories allow some form of Internet voting (such as by email or through a direct portal) for some classes of voters, including members of the military or absentees.

Utah just passed a law allowing disabled voters to vote online; and Alaska allows anyone to cast their ballots online. And there were recent news reports that Democratic and Republican national committees are contemplating holding primaries and caucuses online. We estimate that over three million voters now are eligible to vote online in the U.S.

But online voting is fraught with danger. Hackers could manipulate enough votes to change the results of local and national elections. And a skilled hacker can do so without leaving any evidence.

Hot State Update! What’s happening in Virginia, Oregon, Connecticut and more… and what Verified Voting is doing to help.

At Verified Voting we work to establish relationships in the states with policy makers and elections officials, in order to ensure they are educated on how to keep our votes secure. We’ve started 2014 with lots of activity around the country, building on a very strong and determined energy around voting issues, much of it unfolding on the state level. We have a great network of people in place and continue to work to make our voices heard. The following is a quick look at some of the Hot States on which we are focusing.

Virginia: This session, House and Senate bills sought to initiate electronic return of voted ballots over the Internet by overseas military voters. Amendments made to the bills called for security protocols to be examined and review of the feasibility and costs involved prior to initiating actual ballot return, thanks to intense outreach with our allies Virginians for Verified Voting, a lot of letters from VA supporters (thank you!), and an op-ed penned by Justin Moore (who is on VV’s advisory board) in the Richmond Times Dispatch.  The amended version of HB 759/SB 11 was conferenced and passed, with these crucial stop-gaps and a clause requiring that the provision be re-approved in 2016 before any ballots are sent over the Internet. As the review process takes place over the coming 18 months, we will be participating actively.  Ensuring that technologists are at the table as the conversation moves forward is critical, as is feedback from Virginia voters.  See the Bill summary here.

A Valuable Resource for Election Recounts

Last week Citizens for Election Integrity Minnesota released Recount Principles and Best Practices, a document providing recommendations on key recount matters such as counting methods, transparency, voter intent and challengers. The document is especially welcome as it was produced through the cooperation of election officials and citizen activists and it is the first comprehensive set of best practices for recounts. It compliments CEIMN’s earlier documents on audits and their database of state audit and recount laws.

In addition to the four authors, the report benefitted from review by a blue-ribbon panel of advisors, including election officials, election integrity advocates, journalists, and academics.  “Accurate and verifiable elections are essential for our democracy,” said Minnesota Secretary of State Ritchie, one of the reports authors. “This document and its recommendations will improve the way state and local election officials conduct recounts.”