Verified Voting Blog: Candice Hoke Comments to the FCC on Internet Voting

In her response to an FCC’s question about what can we learn from pilot projects that have tested online voting, Verified Voting Foundation Board of Advisors member Candice Hoke observed that none of the domestic internet voting pilot projects have been properly structured to test for and approximate the risks that would be posed to domestic US elections. Specifically, she noted that these pilots are especially remiss in conceptualizing the risks for elections to Federal and Statewide office, where the fiscal control over billions of dollars is concerned, and the direction of military powers and foreign policy/aid.

Hoke continued: “The Internet voting pilot programs were structured by for-profit vendors, who also reported on their “success” without any independent evaluation and transparency on some critical dimensions. In Hawai’i, the project did report a dramatic drop in the reported rate of voter participation. The pilot, however, did not include any structures by which an assessment could be conducted of whether technical attacks had occurred to intercept, modify or otherwise block voted ballots from reaching the election processing location. Nor did it offer any auditing assessments that the ballots as tabulated matched the ballots as cast by voters. Thus, no conclusions can be drawn about the pilot’s success, and it bears little relation to a Federal or Statewide election context. Read More

Verified Voting Blog: Comments to the FCC on Internet Voting

It is likely that no one in the country has studied the subject of internet voting more intensely than David Jefferson, senior scientist at Lawrence Livermore National Laboratory. Part of his job is to help devise strategies to defend against the relentless attacks we see every hour of every day against U.S. networks, both government and corporate, from sources ranging from self aggrandizing students to foreign intelligence and cyber warfare agencies. He has also been deeply involved in voting and election security for over a decade as a voting technology advisor to five successive Secretaries of State in California, and is a coauthor of most of the best known peer-reviewed scientific publication on Internet voting, the SERVE Security Report.

“The integrity of a general election is as important as the integrity of many of our national defense secrets.

In his comments to the FCC, Jefferson emphasizes that election security is an aspect of U.S. national security. He observes that, “few people have any idea how tiny is the fraction of votes that, if selectively lost or switched, could swing a presidential election, or swing the balance of power in a house of Congress. The controversial 2000 presidential election that was decided by a few hundred votes in one state was only the most extreme object lesson, but other elections such as the recent Minnesota senatorial election, have been as close. This is all the more true in these times in which the electorate is nearly evenly divided on several key national issues. It is vital that we protect the security of every vote, or the legitimacy of our government will be rightly called into question–a situation that is very damaging in a democracy.”  Read More

Verified Voting Blog: Verified Voting Comments to FCC on Internet Voting

In the American Recovery and Reinvestment Act of 2009 (Recovery Act), Congress directed the Federal Communications Commission (FCC), as part of its development of a National Broadband Plan, to include “a plan for the use of broadband infrastructure and services in advancing …civic participation.” On December 10, 2010 the Federal Communications Commission issued a request for public comments “…on how broadband can help to bring democratic processes—including elections, public hearings and town hall meetings—into the digital age…” Verified Voting, in submitted comments, answered the question – “With existing technology, is it possible to enable and ensure safe and secure voting online today?”, simply – “In a word, no.” As a recent report from the National Institute of Standards and Technology (NIST) indicates, “…The security challenges associated with e-mail return of voted ballots are difficult to overcome using technology widely deployed today.” And “…Technology that is widely deployed today is not able to mitigate many of the threats to casting ballots via the web.

Despite the short window allowed for public comment, numerous organizations and individuals, including Verified Voting submitted comments. Much of Verified Voting’s commentary was informed by the “Computer Technologists’ Statement on Internet Voting”, published last year and signed by dozens of leading technology professionals and computer security experts. This post is the first in a series that will highlight the commentary submitted to the FCC on the issue of the role of the internet in the electoral process. In answer to the question “With existing technology, is it possible to enable and ensure safe and secure voting online today?”, Verified Voting responded, “in a word, no.”

Read More

Editorials: Tennessee Voters Need Confidence in the Electoral Process | The Tennessean

The Tennessee Voter Confidence Act requires replacement of paperless touchscreen voting machines with optical ballot scanners by November 2010. Optical-scan voting systems read marked paper ballots and tally results, providing a tangible record of the voter’s intent. They are now the most widely employed voting systems in the nation, used by 60 percent of voters in other states. The act was adopted nearly unanimously by the Tennessee legislature — by both Democrats and Republicans — and in 2008 enthusiastically signed into law by Gov. Phil Bredesen. But implementation of the law has been ensnared in legalities and technicalities. Tennessee’s secretary of state and coordinator of elections have argued that the new law requires scanners be federally certified to 2005 standards, and because no machines have yet been certified to that standard, the law cannot be put into effect in time for 2010 elections.

Read More

Verified Voting Blog: Polling Place Burglary Raises Specter of Fraud

The burglary at one of Houston’s early voting locations (“Computers stolen at early polling location; Ballot board to check electronic voting machines for tampering,” Page B2, Tuesday) raises the specter of election fraud. Some computers were stolen, and as far as we know, the voting machines stored at Hester House were untouched. But if the burglars wanted to tamper with the election outcome, what could they have accomplished? In 2007, California Secretary of State Debra Bowen put together a team to conduct a security analysis of the state’s electronic voting systems. I was part of the team analyzing the Hart InterCivic voting system — the same type we use here in Harris County. Our report concluded that the Hart system has a wide variety of security flaws and that it can be attacked in a manner that makes it hard to detect and correct. We further concluded that these attacks can be carried out by a single individual without extensive effort and without long-term access to the equipment. Our results were corroborated by a follow-up study conducted by the Ohio secretary of state.

Did the Houston burglars tamper with the voting machines? I hope not. Could they have tampered with the voting machines? Absolutely. Could we determine if tampering had occurred? Only if we got lucky and found clearly incriminating evidence, such as the burglar’s fingerprints near the connectors on the backs of the voting machines. Read More

Verified Voting Blog: My Vote on NY Voting Machine Certification

During the week of December 7, 2009, the New York State Citizen Election Modernization Advisory Committee met and reviewed certification test data results from the state’s testing program, and to vote on recommending approval of the two voting systems to the four Commissioners of the State Board of Election. The Commissioners will vote on final certification at their December 15, 2009 meeting. On December 10, 2009, the Advisory Committee approved recommendation by a vote of 10 For and 1 Against. I was the only vote opposing the recommendation. Below is the statement I made prior to the committee vote.

I believe in New York State’s certification process. It is rightfully called the best in the nation. We have required vendors to conform to a higher standard than ever before, we have conducted extensive testing with independent oversight, and as a result we have a huge trove of data upon which we can base our decision on whether these new voting systems are ready to be certified. Just the fact that we even have this substantial set of test results against a large number of very specific standards is a credit to New York’s process. Arguably, we have more data available to us about these systems than has ever been made available to a public body such this Advisory Committee before. It is because of this comprehensive approach that we can even be talking about some of the test findings, which never would have been revealed in a typical voting system certification program. Read More

Verified Voting Blog: Statement on New York Voting System Certification

This is my opening statement for today’s meeting of New York’s Citizen Election Modernization Advisory Committee, which was created by the State Legislature to advise the Board of Elections on adoption of the new systems. Testing is now completed and results are being evaluated, with the State Board of Elections scheduled to make a determination on certifying systems on December 15th. We have come to an important moment in New York’s saga in adopting HAVA compliant voting systems. The long and rigorous testing required by New York State’s laws and regulations, arguably the best in the nation, has now been completed. Remaining is the difficult part – determining whether the systems have met the high standards required by New York State.

We have been presented with a huge amount of data to evaluate, and have only an extremely short time in which to do so. I’m pleased the Board staff has set aside this day to answer all our questions, but I am concerned that even the long, intense session we are embarking on may be insufficient to thoroughly assess the volume of data before us. Nevertheless, I look forward to today’s session and getting answers to the literally hundreds of questions I have about the test results. Read More

Verified Voting Blog: Tinkering with Disclosed Source Voting Systems

In October, Sequoia Voting Systems, Inc. (“Sequoia”) announced that it intended to publish the source code of their voting system software, called “Frontier”, currently under development. (Also see EKR‘s post: “Contrarianism on Sequoia’s Disclosed Source Voting System”.) Yesterday, Sequoia made good on this promise and you can now pull the source code they’ve made available from their Subversion repository here. Sequoia refers to this move in it’s release as “the first public disclosure of source code from a voting systems manufacturer”. Carefully parsed, that’s probably correct: there have been unintentional disclosures of source code (e.g., Diebold in 2003) and I know of two other voting industry companies that have disclosed source code (VoteHere, now out of business, and Everyone Counts), but these were either not “voting systems manufacturers” or the disclosures were not available publicly. Of course, almost all of the research systems (like VoteBox and Helios) have been truly open source. Groups like OSDV and OVC have released or will soon release voting system source code under open source licenses.

I wrote a paper ages ago (2006) on the use of open and disclosed source code for voting systems and I’m surprised at how well that analysis and set of recommendations has held up (the original paper is here, an updated version is in pages 11–41 of my PhD thesis). The purpose of my post here is to highlight one point of that paper in a bit of detail: disclosed source software licenses need to have a few specific features to be useful to potential voting system evaluators. I’ll start by describing three examples of disclosed source software licenses and then talk about what I’d like to see, as a tinkerer, in these agreements. The definition of an open source software product is relatively simple: for all practical purposes, anything released under an OSI-approved software license is open source, especially in the sense that one who downloads the source code will have wide latitude to copy, distribute, modify, perform, etc. the source code. What we refer to as disclosed source software is publicly released under a more restrictive license. Read More