HR 811 Rush Holt's Bill To Clean Up E-Voting perpetuates major blunders of the past. Radical surgery to simplify it can salvage it, particularly by removing the provisions that will line the pockets of the "I.T" experts who will benefit from it as-is.
Over the past several decades, the entire end-to-end election process has been allowed to break down - and it's in many people's best interests to keep it that way.
The low point in this long, shameful story was surely the "Help America Vote Act" of 2002 (HAVA). Passed in the aftermath of the presidential coup in 2000, HAVA was intended to improve the process of voting in America. But as a direct result of its enactment, computer voting technology known to be wide-open to insider manipulation has taken almost total control of American elections, with little or no public input and without the most rudimentary of meaningful checks and balances. After thousands of reported problems nationwide affecting newly-deployed electronic voting equipment in the subsequent elections of 2002, 2004 and 2006, it is clear that HAVA has had precisely the opposite effect to its stated intention.
The proposed "Voter Confidence and Increased Accessibility Act of 2007" (HR 811) is one response to the disastrous side-effects of HAVA. But to avoid reprising HAVA's failures - and to truly have a chance of restoring public trust and confidence in our electoral system - we need to look much more closely at how HR 811 perpetuates the "Top Ten" voting technology blunders.
Blunder #10: We can shut off remote access to voting equipment HR 811 recognizes the extreme risks when voting equipment is exposed to the internet via built-in wireless devices, network connections or telephone modems. While it is clearly a good idea to ban such devices in principle, in practice it's a bit more tricky.
Voting is very geographically-dispersed; voting hardware is deployed at more than 170,000 precincts and in more than three thousand counties. The physical logistics of moving all that equipment out to the field, and then getting election results back to the central tabulators for the official canvass is challenging, to say the least. There really are only two options for transmission of results - courier and electronic remote transmission. HR 811 appears to ban electronic remote transmission and mandate hand-delivery of results, presumably on some kind of electronic media. But the means to ensure that this process is secure are not defined. But let's assume that everything can be safely transmitted by couriers as they wander to and fro... surely that's an improvement.
But... how will we know there are no wireless capabilities in the voting equipment, other than by trusting the vendor? As one excellent study has pointed out, it is by no means difficult to conceal a long-range wireless receiver within a chip inside a voting machine. Sounds far fetched? Such a custom chip would not only be relatively inexpensive to fabricate, it would be almost impossible to detect, and would, of course, provide an essentially unlimited return on investment. In fact, such a device would have so many ... shall we say ... interesting capabilities beyond subversion of voting equipment that I would not be surprised if something like it already exists. Care to bet your family's freedom I'm wrong?
Blunder #9: We need computers for ADA accommodation The accessibility requirements of HAVA were widely interpreted as to mandating universal conversion to DRE equipment, which, via magnification of text, special input-output attachments for the mobility impaired, and provision of text-to-audio capabilities were touted as a major advance. Yet some states like Minnesota chose instead to deploy one touch-screen ballot printer in each precinct for accessibility compliance while retaining its existing suite of optical scan equipment. The ballots printed by the touchscreen equipment and the ballots marked by hand are tallied using the same precinct-based optical scan equipment. HR 811 is consistent with this approach, but it does not go far enough.
I won't stand in the way if a visually impaired voter wishes to use such touch-screen technology to cast their ballot in privacy. But my profession should also disclose to those voters that that for all the reasons that I describe below, if they cannot see their paper ballot record, they will be unable to know with certainty whether their choices were printed as cast.
There are non-computerized alternatives which might help a visually-impaired voter to know with greater certainty that his or her vote is recorded as intended. Ballot template technology, such as the Voting on Paper Assistive Device (VotePAD) is a low-tech alternative already in use in many venues, including Wisconsin and Rhode Island in the US. Of course such inexpensive, low-tech but appropriate paper-based alternatives tend to be automatically ruled out by many of my IT colleagues -including some of those who make their living from the e-voting industry - but others are more open to the option.
Blunder #8: Voting systems don't deserve the strongest protections Perfect security of any manual or automated system, is, of course, impossible. But many of my colleagues are content to set the bar rather low when it comes to protecting voting systems. For example, Michael Shamos, a noted expert in the field, advocate of computerized voting, and a long-time consultant to states on the certification of their electronic voting systems has stated:
"The fact that banks can be robbed is not a valid justification for keeping your money in a shoebox. The reasons are that (1) the chance of a robbery is low; (2) even if money is stolen you will not necessarily suffer a loss; and (3) the bank keeps only a small portion of its assets in the form of cash. Why should voting systems be held to a standard of perfection when nothing else in society is? Nonetheless, electronic voting watchdogs insist that election equipment must be perfect or it is totally unusable. The analogy between voting systems and the bank is particularly apt because (1) the chance of a system being tampered with successfully is low; (2) even successful tampering does not necessarily result in the wrong candidate being elected; and (3) only a small portion of the vote is cast on one machine."
This is a misstatement of the views on security held by "electronic voting watchdogs", of course, and he also glosses over the inconvenient fact that 70% of losses due to fraud in banks are perpetrated by knowledgeable and malicious insiders, who are ideally situated to bypass any security measures. It is certainly naïve to seriously state that exploits would be limited to one machine. But fundamentally it is a delightfully circular argument, since by definition, successful tampering would go undetected - and, thanks in part to Shamos, would be almost certainly impossible to detect.
Many of my colleagues (perhaps more so, for those gaining financially by their involvement with electronic voting industry) seem to utterly miss the essential point. Computerized voting systems are actually national defense systems deserving a much higher standard of protection than conventional applications, such as mere banking software. Undetected widespread covert manipulation of computerized voting systems is the functional equivalent of invasion and occupation by a foreign power. In either case, the American people lose control of their destinies, perhaps permanently. Covert manipulation of voting systems could even be worse in one key way than mere invasion, since the "electoral coup" would appear to occur with the illusion of the manufactured consent of the governed, and there would be no "tanks in the street" to galvanize resistance.
Voting systems used in American federal elections grant regulatory powers over the world's largest economy, disbursement authority for the federal procurement budget, control of the composition of the Supreme Court and federal judiciary, and command of the world's only superpower military. Yet despite the fact that our computerized voting systems represent the most irresistible target for insider manipulation in the history of the world, they are not currently given even the level of protection of systems I'm familiar with in banking and financial services. Shamos agrees:
What auditing an election really means is verifying that the software was working correctly, that no unauthorized acts or steps occurred during the election (such as resetting the counters to zero) and maintaining intermediate records so that votes will not be lost in case of an equipment or power failure. Auditing does not, and cannot, mean the ability to rebuild each individual ballot after the polls have closed.
These logical impossibilities do not prevent states from imposing the audit requirement, vendors from attempting to satisfy it, and examiners from certifying the systems anyway. On many occasions I have recommended certification of a system that had an imperfect auditing mechanism. The reason is that I felt the audit trail was adequate under the circumstances. (my emphasis)
Bruce O'Dell is a self-employed information technology consultant with more than twenty five years experience who applies his broad technical expertise to his work as an election integrity activist.
His current consulting practice centers on e-Commerce security and the performance and design of very large-scale computer systems for Fortune 100 clients. He recently spent a year as the chief technical architect in a company-wide security project at one of the top twenty public companies in America, led a multiple client projects for compliance with new credit card data security standards, and has designed secure "virtual cash" e-commerce protocols. In 2007 he was invited to testify on computer voting security issues to the Texas and New Hampshire legislatures.
He lives just outside Minneapolis, Minnesota, and shares a love of good books with his wife - and her beautiful garden, with their talkative cat.
I repeat, paper ballots, hand counted, easily recounted. Canada does it, many nations do it, why can we not do it?
There is always this one question that comes to mind whenever this subject is raised. The Democrats have possibly been the victims in two Presidential elections and at least one mid term election since these egregious machines have come to the fore, and since this even more egregious administration has used the constitution as so much toilet paper. Exit poll irregularities certainly at least suggest the possibility of machination with cast ballots.
One might think that these democrats would be at least interested in entering this debate about honest elections, or in calling for a return to an auditable form of election mechanics. Yet one hears nary a word from them, with the work being done by folks like BBV and other real patriots in the private sector. Why, I wonder, is this the case?
by
ardee D. (6 articles, 4 quicklinks, 1 diaries, 2377 comments)
on Wednesday, February 21, 2007 at 6:13:05 PM
Bruce, you said that "HR 811 appears to ban electronic remote transmission and mandate hand-delivery of results, presumably on some kind of electronic media."
Actually HR811 does not ban electronic transmission of election results via Internet connections on the central tabulators and it only bans Internet or wireless transmission on the voting machines.
Even if all Internet and wireless connections to both central tabulators and voting machines were banned (as they should be), this would not constitute a ban on electronic transmission of election results, which could be moved via physical removable media to other computers connected to the Internet.
---
I appreciate your bringing up the topics of how limited the usefulness of voting machine testing or software disclosure truly is. The fact that the US EAC is putting so much stock in testing voting machines, only shows the EAC's lack of technical competence in thinking testing would prevent problems or fraud; and software disclosure and verification, I totally agree with you, is not a realistic solution especially given today's shoddy voting machines; and the lack of resources available.
Thanks for explaining these concepts in your area of expertise.
by
Kathy Dopp (31 articles, 0 quicklinks, 0 diaries, 49 comments)
on Thursday, February 22, 2007 at 4:58:37 PM
It's inappropriate to quote someone out of context. The full quote from Dr. Shamos is:
"In short, I am unable to discern any engineering difference that allows us to entrust our lives to aircraft but would impel us to avoid voting machines. Not to endorse questionable voting systems or trivialize the possibility of chicanery, but I believe I and the republic will survive if a president is elected who was not entitled to the office, but I will not survive if a software error causes my plane to go down."
He meant literally survive and no one in the election integrity community benefits from your disingenuous interpretation. I add that some might argue that this has already occurred.
by
MWhittle (0 articles, 0 quicklinks, 0 diaries, 1 comments)
on Thursday, February 22, 2007 at 10:01:00 PM
I don't see how your quoting Dr Shamus more fully than Bruce O'Dell did makes any difference. Ipso facto, the Republic cannot survive if someone is elected to the President who is not entitled to it by being actually elected, since being a Republic means that the voters intent is what determines the selection of the President and other elected officials. Since the overwhelming evidence indicates that someone who was not entitled to the office was elected in both 2000 and 2004, the Republic HAS not survived and is now only a historical memory, Speaking bluntly, the elections were stolen. Thus the Republic cannot be saved but only restored -- by whatever means are necessary.
Robert Halfhill rhalfhill@juno.com
by
rhalfhill (3 articles, 0 quicklinks, 0 diaries, 283 comments)
on Friday, February 23, 2007 at 4:28:02 AM
The comment entitled "Let's keep the "integrity" in election integrity" confirms precisely what Bruce described in his intelligent and thoughtful latest submission: the commenter's response-- the passionate attack on what is clearly a considered and honest analysis. And what drives the attack? What is being defended? What would be lost if tomorrow all the DREs were dumped in Boston Harbor?
There was nothing inappropriate about quoting the single line and not the full paragraph because the distinction between literally surviving with one's life and the survival of the republic is meaningless in the context it was intended.
In fact, it's the analogy Mr. Shamos employs in the fuller quote that is inappropriate and misleading. We're not just talking software error- we're talking about the ability to manipulate the software and that will take us down; whether we've lost the right to have our votes counted or we're flying in a plane. It is Mr. Shamos' analogy that is disingenuous. It is an insult both to those who have indeed not survived engineered plane crashes due to manipulation of the software (some of which may even be related to our elections) as well as to the hundreds of thousands of people who would be alive today but for the software manipulation which assisted in the theft of the American presidency.
Andi Novick
by
andi novick (52 articles, 0 quicklinks, 0 diaries, 14 comments)
on Friday, February 23, 2007 at 2:22:46 PM
5 comments
How would you rate this?
You must be logged in (if signed up) to do ratings.
It's free to signup! And easy. And takes just a minute or two....
Must Read (
Well Said (
News (
Touching (
Funny (
Supported (
Interesting (
Inspiring (
Valuable (
