E-Voting News and Analysis, from the Experts

Monday November 01, 2004

Ohio litigation baffles the mind…

Filed under: — Joseph Lorenzo Hall @ 9:23 pm PST

Today saw an amazing flurry of litigation in Ohio… Dan Tokaji of the Moritz College School of Law is following the fray with superhuman abilities. He has had to stop posting individual entries and has one consolidated post of election litigation news.

60 Minutes segment on e-voting

Filed under: — Rubin @ 7:28 pm PST

On October 27, 2004, the CBS show 60 Minutes - Wednesday, featured the topic of electronic voting. The segment features Connie McCormick, the Registrar of Voters for Los Angeles, stating that people want recounts to match the original vote tally, even if it means that an electronic voting machine just repeats the result it had before. She says that people do not want a recount that produces a different result.

Click here to view the streaming video of the segment (about 14 minutes, tested on a Mac - not sure how well it works with Windows).

Optical scan complexities…

Filed under: — Joseph Lorenzo Hall @ 7:26 pm PST

An interesting case just came up as election incident number 024055 in Tulsa, OK in the EIRS. The data merely says, “Smear on ballot next to Republican name, makes all democrat votes register as overvotes, optical scan.”

While futher corroboration is necessary, this points out that the right kind of smudge can mean that seemingly blank ballots are not, in fact, blank. As Doug Jones points out in his wonderful tutorial on optical scan technology, stray marks can affect the resolution of optical scanning. This case is particularly interesting as it biases a particular constituency; that is, the smudge doesn’t affect ballots where the voter chooses a Republican candidate. Further, Democratic ballots will register as having two votes in a race where only one choice is allowed which will invalidate the ballot for that race.

Tips for voters

Filed under: — Dill @ 6:09 pm PST

Based on the problems being reported in early voting in some parts of
the country (see voteprotect.org), I have the following simple
recommendations for voters. I hope that everyone can help spread the word.

  1. Prepare before going to the polls. Mark your votes in advance on
    the sample ballot that was mailed to you.

    Why?

    • We’re getting reports of long lines during early voting. This
      will make voting faster.

    • A few voters have reported that some offices were not on their
      screens, and that they didn’t discover it until they had returned
      to their home or car. If they had the list with them, any problem
      could have been detected immediately, in time to save their votes
      and perhpas get a witness to the problem.
  2. Check the review screen carefully before casting your vote.

    Why?

    • Some voters have reported votes being registered that they
      didn’t select. In the cases we’ve heard about, this seems to
      be the result of confusing machine design.

      If you check carefully, you can catch these problems before casting
      your ballot.

  3. Make sure you’ve cast your ballot! The last step is to touch a
    box on the touch-screen to cast your vote.

    Why?

    • Some voters have forgotten to do this. Depending on local
      procedures and how well they are followed, poll workers may
      finish casting your vote for you, or they may cancel your vote.
      If you make sure to finish the voting process, you can make sure
      your vote will be stored and counted.
  4. If a machine appears to be working properly, ask a poll worker.
    If the problem is not resolved, write down the name of the poll
    worker and call 1-866-OUR-VOTE when you can to report the problem.

    Why?

    • Maybe they can help you make sure your vote is counted.
    • If the problem is not resolved, there will be a witness. This
      may be important for making sure the problem is taken seriously
      and gets fixed.

Designing for DoS in Elections

Filed under: — Joseph Lorenzo Hall @ 5:53 pm PST

Along with all the benefits of using networked technology in election administration and politics, come all the bugaboos.

Specifically, we’ve seen intentional and unintentional denial-of-service (DoS). At the time of this writing, the wonderful mypollingplace.com has been brought to its knees by the heightened attention of voters trying to find their polling place (no word on the possibility that this is malicious). We’ve also seen DoS problems in Georgia, , Tennessee, Florida and Texas with the failure of electronic “poll books” in polling places connected with central registration databases. (Note: Here is a complete list of poll-book problems courtesy of VotersUnite! and their database of problems reported in the news for this election.)

In fact, the gracious Rob Malda allowed the VVF/EFF folks to plant a story on Slashdot in order to test the resiliency of a few critical web services and contingency plans that will be used by the massive Election Protection Coalition in tomorrow’s election. You might think that all of this is a tad paranoid, but there’s current litigation in New Hampshire involving a plot in the November 2002 election where one partisan group hired a telemarketing firm to keep the voter protection hotline of another group busy for most of E-Day.

California Counties Keep Paper-Voting Option Quiet

Filed under: — Felten @ 4:34 pm PST

The Tri-Valley Herald reports on a California Voter Foundation survey saying that most California counties that use paperless e-voting will not inform voters that they have the option of requesting a paper ballot.

To Disclose Or Not?

Filed under: — Felten @ 3:48 pm PST

Suppose, hypothetically, that I knew of a vulnerability that would allow someone to corrupt vote counts or interfere with voting on some e-voting system being used in tomorrow’s election. And suppose further that it was too late to get the vulnerability fixed. What should I do?

This is a special case of a more general issue that arises in computer security, regarding when it is proper to disclose vulnerability information. Most independent experts tend to be pro-disclosure, having learned by experience that vendors behave more responsibly when disclosure is the norm. But every situation is different, and it is often possible to withhold a little information while still getting the advantages (for the public) of disclosure.

In our hypothetical case, I think I would publish the vulnerability information once it could no longer do harm in this election. Depending on the nature of the vulnerability, that might be after the polls close in affected states, or it might be at some other time. Doing this would ensure that public officials and vendors have as long as possible to fix the problem before the next election, but that the information would be withheld during the brief window when it would help the bad guys more than the good guys.

I might want (still speaking hypothetically) to put a stake in the ground so I could prove later that I knew the vulnerability information before the election. One way to do that would be to write a short file or document describing the vulnerability, to compute the cryptographic hash of that file, which is a unique number that can be verified later but that conveys no useful information about the contents of the file, and then to publish the hash.

Perhaps I, or one of my colleagues, will publish the hash of a vulnerability report here, before the election is over.

NYT story on vote fraud allegations

Filed under: — Rubin @ 1:56 pm PST

A story in today’s New York Times alleges some pretty scary vote fraud already ocurring in swing states.

Some excerpts:

  • In Pennsylvania, an official of the state Republican Party said it sent out 130,000 letters congratulating newly registered voters but that 10,000 were returned, indicating that the people had died or that the address was nonexistent.
  • And in Michigan, Secretary of State Terri Lynn Land said she had to put out a statement in mid-October about where to send absentee ballots after voters in the Ann Arbor area received calls telling them to mail the ballots to the wrong address.

Wired Story on Certification

Filed under: — Felten @ 1:36 pm PST

The Federally mandated certification of e-voting systems does little to ensure their accuracy and security, according to a Wired News story by Kim Zetter.

Here’s a sample:

In 1996, a federal testing lab responsible for evaluating voting systems in the United States examined the software for a new electronic voting machine made by I-Mark Systems of Omaha, Nebraska.

The tester included a note in the lab’s report praising the system for having the best voting software he had ever seen, particularly the security and use of encryption.

Doug Jones, Iowa’s chief examiner of voting equipment and a computer scientist at the University of Iowa, was struck by this note. Usually testers are careful to be impartial.

But Jones was not impressed with the system. Instead, he found poor design that used an outdated encryption scheme proven to be insecure. He later wrote that such a primitive system “should never have come to market.”

But come to market it did. By 1997, I-Mark had been purchased by Global Election Systems of McKinney, Texas, which in turn was purchased by Diebold in 2002. Diebold marketed the I-Mark machine as the AccuVote-TS and subsequently signed an exclusive $54 million contract to supply Georgia with the touch-screen machines statewide. In 2003, Maryland signed a similar agreement.

Last year, computer scientists found that the Diebold system still possessed the same flaws Jones had flagged six years earlier, despite subsequent rounds of testing.

What should a poll watcher watch?

Filed under: — Wallach @ 1:34 pm PST

I’m speaking tonight to some local citizens who want to be poll watchers tomorrow, so I wrote a detailed list of things to which they should pay attention. My advice is tailored to Harris County (Houston), Texas, although much of it should apply anywhere else with electronic voting systems. Needless to say, I’d appreciate any feedback others might have on my advice.

Biased vs. Unbiased Errors

Filed under: — Felten @ 10:59 am PST

Eric Rescorla at Educated Guesswork has an interesting discussion of how seemingly unbiased errors in voting machines can have a biased effect on election results.

Touchscreen Problems in New Mexico

Filed under: — Felten @ 10:08 am PST

Early voters in New Mexico report that when they choose one candidate, the voting machine sometimes displays a vote for a different candidate. This is reminiscent of the Texas problems Dan Wallach wrote about below.

Here’s a quote from Jim Ludwick’s story in the Albuquerque Journal:

[Kim Griffith] went to Valle Del Norte Community Center in Albuquerque, planning to vote for John Kerry. “I pushed his name, but a green check mark appeared before President Bush’s name,” she said.

Griffith erased the vote by touching the check mark at Bush’s name. That’s how a voter can alter a touch-screen ballot.

She again tried to vote for Kerry, but the screen again said she had voted for Bush. The third time, the screen agreed that her vote should go to Kerry.

She faced the same problem repeatedly as she filled out the rest of the ballot. On one item, “I had to vote five or six times,” she said.

Michael Cadigan, president of the Albuquerque City Council, had a similar experience when he voted at City Hall.

“I cast my vote for president. I voted for Kerry and a check mark for Bush appeared,” he said.

He reported the problem immediately and was shown how to alter the ballot.

Cadigan said he doesn’t think he made a mistake the first time. “I was extremely careful to accurately touch the button for my choice for president,” but the check mark appeared by the wrong name, he said.

In Sandoval County, three Rio Rancho residents said they had a similar problem, with opposite results. They said a touch-screen machine switched their presidential votes from Bush to Kerry.

This sounds like a problem with the touch sensors on the machine’s screens. Touchscreens use one mechanism to paint images onto the screen, and a separate mechanism to measure where the screen has been touched. Many touch sensors react oddly when the screen is touched in more than one place at the same time: they report a single touch between the actual touch points. If a voter rests his hand on the frame around the edge of the machine’s screen, the edge of that hand may accidentally trigger the touch sensor. If the voter then uses his other hand to choose a candidate, the touch sensor may interpret these two simultaneous touches (one at the edge of the screen, and one on the desired candidate) as a touch somewhere in between. And that may be read as a vote for the wrong candidate.

Though the detailed explanation looks different from the Texas problems Dan discussed, the big picture is the same – computerized touchscreen systems don’t behave as reasonable voters expect them to, so some votes are read for the wrong candidate. It’s like an electronic version of the infamous Palm Beach County butterfly ballot from four years ago.

Voters: remember to watch your voting machine carefully to make sure it isn’t accidentally misreading your input.

Go out and Vote!

Filed under: — Rubin @ 7:44 am PST

Despite the concerns about electronic voting, it is important for everybody to vote. The only way to guarantee without any doubt that your vote will not be counted is not to vote. Once the election is over, we can protest if we feel the machines did not work correctly or that they may have cheated. There are many ways to protest the use of paperless DREs. But, avoiding the polls out of protest is self defeating. I encourage everybody who is registered to go to the polls and vote, and then starting Wednesday, to voice your opinions to your representatives about these machines that threaten our democracy.

Powered by WordPress