Like I said, this is a long article. Toward the end, the Times gets around to talking about the secrecy of electronic voting systems:
But the truth is that it's hard for computer scientists to figure out just how well or poorly the machines are made, because the vendors who make them keep the details of their manufacture tightly held. Like most software firms, they regard their "source code" - the computer programs that run on their machines - as a trade secret. The public is not allowed to see the code, so computer experts who wish to assess it for flaws and reliability can't get access to it. Felten and voter rights groups argue that this "black box" culture of secrecy is the biggest single problem with voting machines. Because the machines are not transparent, their reliability cannot be trusted.
Secrecy is indeed at the heart of the issue, but not because the lack of transparency makes the machines untrustworthy. Again, it is because trust is not an appropriate part of the equation. This is the most basic element of the election integrity message.
If the machines are tested and officials are able to examine the source code, you might wonder why machines with so many flaws and bugs have gotten through. It is, critics insist, because the testing is nowhere near dilligent enough, and the federal regulators are too sympathetic and cozy with the vendors. The 2002 federal guidelines, the latest under which machines currently in use were qualified, were vague about how much security testing the labs ought to do. The labs were also not required to test any machine's underlying operating system, like Windows, for weaknesses.
Vendors paid for the tests themselves, and the results were considered proprietary, so the public couldn't find out how they were conducted. The nation's largest tester of voting machines, Ciber Inc., was temporarily suspended after federal officials found that the company could not properly document the tests it claimed to have performed.
Testing, like trust, is a red herring. A test on one machine is not indicative of the performance of any other machine, even if they are the same make and model. Further, testing of any given machine is not proof of how that same machine will perform in an actual election. Yet more context:
The upshot is a regulatory environment in which, effectively, no one assumes final responsibility for whether the machines function reliably. The vendors point to the federal and state governments, the federal agency points to the states, the states rely on the federal testing lab and the local officials are frequently hapless.
This has created an environment, critics maintain, in which the people who make and sell machines are now central to running elections. Elections officials simply do not know enough about how the machines work to maintain or fix them. When a machine crashes or behaves erratically on Election Day, many county elections officials must rely on the vendors - accepting their assurances that the problem is fixed and, crucially, that no votes were altered.
In essence, elections now face a similar outsourcing issue to that seen in the Iraq war, where the government has ceded so many core military responsibilities to firms like Halliburton and Blackwater that Washington can no longer fire the contractor. Vendors do not merely sell machines to elections departments. In many cases, they are also paid to train poll workers, design ballots and repair broken machines, for years on end.
"This is a crazy world," complained Ion Sancho, the elections supervisor of Leon County in Florida. "The process is so under control by the vendor. The primary source of information comes only from the vendor, and the vendor has a conflict of interest in telling you the truth. The vendor isn't going to tell me that his buggy software is why I can't get the right time on my audit logs."
The Times article makes further Florida reference, finally connecting the dots between Dan Rather's HDNet report, known problems with ES&S voting machines reported by the vendor but ignored by election administrators, and the 18,000 undervotes in the November 2006 Jennings/Buchanan election for Florida's 13th district Congressional seat. Smoothly segueing to Pennsylvania...
But what's notable about Centre County is that it uses the iVotronic - the very same star-crossed machine from Sarasota [County, FL]. Given the concerns about the lack of a paper trail on the iVotronics, why didn't Centre County instead buy a machine that produces a paper record? Because Pennsylvania state law will not permit any machine that would theoretically make it possible to figure out how someone voted. And if a Diebold AccuVote-TSX, for instance, were used in a precinct where only, say, a dozen people voted - a not-uncommon occurrence in small towns - then an election worker could conceivably watch who votes, in what order, and unspool the tape to figure out how they voted. (And there are no alternatives; all touch-screen machines with paper trails use spools.) As a result, nearly 40 percent of Pennsylvania's counties bought iVotronics.
Unverifiable conditions in any location leave no basis for confidence in federal election results, which therefore justify protest and rejection of results in every location. Finally bringing the article to a close, optical scanners are mentioned with barely a perfunctory caution for their known flaws.
GIVEN THAT THERE IS NO perfect voting system, is there at least an optimal one? Critics of touch-screen machines say that the best choice is "optical scan" technology. With this system, the voter pencils in her vote on a paper ballot, filling in bubbles to indicate which candidates she prefers. The vote is immediately tangible to the voters; they see it with their own eyes, because they personally record it. The tallying is done rapidly, because the ballots are fed into a computerized scanner. And if there's a recount, the elections officials can simply take out the paper ballots and do it by hand.
...
Still, optical scanning is hardly a flawless system. If someone doesn't mark a ballot clearly, a recount can wind up back in the morass of arguing over "voter intent." The machines also need to be carefully calibrated so they don't miscount ballots. Blind people may need an extra device installed to help them vote. Poorly trained poll workers could simply lose ballots. And the machines do, in fact, run software that can be hacked: Sancho himself has used computer scientists to hack his machines. It's also possible that any complex software isn't well suited for running elections. Most software firms deal with the inevitable bugs in their product by patching them; Microsoft still patches its seven-year-old Windows XP several times a month. But vendors of electronic voting machines do not have this luxury, because any update must be federally tested for months.
That may be the letter of the law, but there may be no such vendor compliance. In 2004, a CA Secretary of State investigation of Diebold revealed the company had illegally installed uncertified software in all 17 CA counties using its machines.
There are also serious logistical problems for the states that are switching to optical scan machines this election cycle. Experts estimate that it takes at least two years to retrain poll workers and employees on a new system; Cuyahoga County is planning to do it only three months. Even the local activists who fought to bring in optical scanning say this shift is recklessly fast - and likely to cause problems worse than the touch-screen machines would. Indeed, this whipsawing from one voting system to the next is another danger in our modern electoral wars. Public crises of confidence in voting machines used to come along rarely, every few decades. But now every single election cycle seems to provoke a crisis, a thirst for a new technological fix. The troubles of voting machines may subside as optical scanning comes in, but they're unlikely to ever go away.
This just plainly leaves a false impression. Optical scanners have been proven every bit as vulnerable to tampering as touch-screen machines and operate in just as much secrecy. Further, no mention is made of touch-screen opponents who also reject optical scanners and prefer instead to count paper ballots by hand.
As I mentioned last night, this lengthy article, while offering some reasonable context for newbies to election integrity issues, serves only to reinforce the inherent uncertainty of election results produced under current election conditions. We have no reason to expect anything different from a newspaper that lead the cheerleading for war in Iraq, suppressed its own reports of criminal activity in the White House, and continues daily to treat the horse race of political theater as a legitimate campaign for votes that can never be tallied with certainty. Perhaps the final nail in the coffin of credibility for the Times was the recent announcement that neocon spokesliar Bill Kristol has been hired as an opinion columnist. Backlash commentary is widespread.
Fed Certification Labs NEVER conducted "penetration" tests
Great article, Dave; and thanks for linking minewhich complements the ideas raised in yours.
When speaking of federal certification labs, you note the Times article reports:
If the machines are tested and officials are able to examine the source code, you might wonder why machines with so many flaws and bugs have gotten through. It is, critics insist, because the testing is nowhere near diligent enough, and the federal regulators are too sympathetic and cozy with the vendors. The 2002 federal guidelines, the latest under which machines currently in use were qualified, were vague about how much security testing the labs ought to do. The labs were also not required to test any machine's underlying operating system, like Windows, for weaknesses.
Vendors paid for the tests themselves, and the results were considered proprietary, so the public couldn't find out how they were conducted. The nation's largest tester of voting machines, Ciber Inc., was temporarily suspended after federal officials found that the company could not properly document the tests it claimed to have performed.
Here, Thompson reported a significant feature of current election conditions. As Kentucky computer expert, Jeremy Epstein, pointed outto the KY Attorney General:
The review relies on the completeness and accuracy of the testing by the Independent Testing Authorities (ITA) for conformance to voluntary Federal guidelines (Voting systems Standards 2002). However, it has been well established that the ITAs do not adequately perform this role.
The ITA reports used for Federal certification and included in the review packages used by the SBE certifiers are cursory…. (as) reinforced by the fact that none of the ITAs identified the flaws found by the California or Florida source code review teams.
Because the ITA reports are of limited value, the quality examination of the machines as part of the certification processes is crucial, but it too can best be described as cursory.
The security of all of the machines appears to be extremely dependent on their never coming in contact with malicious code, as once that occurs there are few defenses or recovery mechanisms. This is sometimes referred to as the M&M model of security: there is a hard crunchy exterior that protects a soft chewy interior.
These details, however, miss the point you make that trust has no place in free and fair elections conducted in a democracy.
by
Rady Ananda (87 articles, 225 quicklinks, 18 diaries, 622 comments)
on Sunday, January 6, 2008 at 3:11:45 PM
JFK lost his life for daring to shine the light on the stage. He was removed. The truth gave power no choice, for power, the truth IS THE ENEMY.
From all centers of power there is a long arduous slow cooking design that seduces with bribery, uses and then removes its own after usefulness is drained, rewrites its own history and points to a future of dread if not allowed continued alligence. Secrecy is its mandate. Those that choose secrecy have but one goal. To control the known. They are closing doors as we speak.
Paper ballots are the only way to secure fair representation. Period.
When enough people care, there will be a rebellion. Not if, but when.
Spread the word. Power hates truth. Their hate for the truth will be their end.
peace
by
mikel paul (8 articles, 1 quicklinks, 7 diaries, 335 comments)
on Sunday, January 6, 2008 at 2:49:03 PM
I say in the general election once you enter the booth demand a verifiable ballot that can be recounted by an eighth grader who would come up with the same number time after time. There is no time limit to cast your ballot. Also ,through letters to the editor before the election make known your intention that you will not leave the booth of any electronic voting machine for thirteen hours.
Hand counted paper ballots can be rigged but no where near the possible extent of a black box vote count which can start with negative vote counts. I believe that we elected a veto proof congress last election and that can also be included in the things that have been taken from us by the government that is supposed to serve us. Try and prove that the senate has the people actually elected last election in office, you can't.
And if any Republican complains, quote Saint Ronnie "trust but verify."
by
tjb (0 articles, 0 quicklinks, 0 diaries, 194 comments)
on Sunday, January 6, 2008 at 3:36:38 PM
Props for all-paper, no lines, Oregon's Vote-by-Mail
Every ballot an absentee ballot.
In voters' hands two weeks before Election Day. Take your time, look, talk, and think it over.
No waiting at a polling place, no discord or suppression by unfair distribution of voting machines.
Greater participation percentage and voted ballots, (seems that, in eligible voters, there are 10 -to- 15 percent of people who 'avoid' appearing in public ... such as voting at a polling place).
Reduced election expenses for voting machines, elections personnel, and such.
Equal open records and process of tabulating paper ballots in a optical scanner.
All around good results since Oregon's universal Vote-by-Mail began, 1996, and on track for coming soon in Colorado.
by
meremark (1 articles, 3 quicklinks, 23 diaries, 461 comments)
on Monday, January 7, 2008 at 10:11:01 AM
Votes are still counted in secret by discredited scanners, and on top of that you have chain of custody issues when relinquishing your ballot to the postal service. I'm not buying.
by
Dave Berman (37 articles, 0 quicklinks, 6 diaries, 29 comments)
on Monday, January 7, 2008 at 10:25:40 AM
