Verified Voting Blog: Best Practices for Voting Systems Supporting Military and Overseas Voters

Given the current focus on UOCAVA implementation, the NIST draft Information System Security Best Practices for UOCAVA-Supporting Systems (referred to here as the Draft) is a timely and important document. A summary of security standards and guidelines “deemed most applicable for jurisdictions using IT systems to support UOCAVA voting” is indeed necessary at a time when many states are moving forward with Internet based voting, too often with insufficient thought to the security implications of casting votes online. The Draft acknowledges the urgency of proper security:

“…security compromise could carry severe consequences for the integrity of the election, or the confidentiality of sensitive voter information. Failure to adequately address threats to these systems could prevent voters from casting ballots, expose individuals to identity fraud, or even compromise the results of an election.” 1

Unfortunately, the Draft falls short of providing the comprehensive analysis of security practices implied by the title. While the limitations and scope of topics are clearly laid out, the remaining gaps, particularly those related to online return of voted ballots, are too large and too important to ignore. Even with disclaimers, the Draft may encourage many in the target audience, the election officials and IT staff implementing UOCAVA voting 2, to believe that the controls outlined in the Draft are adequate to address all types of online voting, including return of voted ballots via Email. Read More

Verified Voting Blog: Voting results in New Jersey should not be mysterious

Last week in South Carolina, an unknown, unemployed veteran (recently indicted on felony obscenity charges) who did not even campaign, beat a well-financed political veteran in the Democratic Senate primary election. Even the White House called the results “mysterious.” Allegations have been made that South Carolina’s touch-screen computerized voting machines were hacked. It’s a possibility. Study after study has shown that computerized voting systems, like all computers, can be programmed to do what you want them to do — including steal votes. The hacking allegation is speculative. The truth is that we don’t know whether anyone tampered with the voting machines in South Carolina. And that is the problem. Why is this relevant to New Jersey voters? The answer is simple: It can happen here, too. We know that the 11,000 Sequoia Advantage DRE computerized voting machines used in all but three counties in New Jersey can be hacked. Princeton University computer science department chairman Andrew Appel and an international team of computer security experts spent the summer of 2008 examining the Sequoia DREs. They produced a comprehensive report documenting the many ways in which they are vulnerable. Read More

Verified Voting Blog: On the South Carolina Primary – A call for recountable, auditable voting systems

Last week’s surprising outcome in a party primary in South Carolina for United States Senate was accompanied by anecdotal reports of voting problems on election day, and many questions about the accuracy of the vote count. Whether specific reports of irregularities in this election are confirmed, the most important fact about South Carolina’s voting system is that most ballots cannot be effectively audited or recounted. Serious concerns about the integrity of the primary (and of other elections conducted using the same technology) are inevitable, and legitimate. South Carolina uses paperless touch-screen electronic voting machines for all but absentee voting, which is done using paper ballots. Thus for the vast majority of votes, voters cannot check to be sure their votes were recorded as intended, and election officials cannot conduct legitimate recounts or audits to prove that the machines were counting the votes correctly. When there is no reliable hard-copy record of the voters’ intent to fall back on, election officials, candidates and the public are at the mercy of the counting software, which may or may not function correctly.   Absent a “do-over” election using a system that can be recounted or audited, there is simply no way to know if the outcome was correct. In our 2008 joint report report “Is America Ready to Vote,” Common Cause, Verified Voting, and the Brennan Center for Justice rated South Carolina inadequate for failing to offer the basics of a verified election: an auditable system, and manual audits of the system to check electronic counts. Read More