What Are These People Doing Wrong?
Here is Ohio's new post-election audit so you can read it for yourself. click here It is a result of much work by our SOS office and by citizen activists dedicated to an audit in Ohio. I did not help with the creation of this audit, though I made recommendations early on, to the SOS office and to activists interested in audits. I was a citizen observer of the audit in two counties in December of 08.
These election workers, one Democrat and one Republican, are people who usually work in the office of the elections board in one of Ohio's small counties. It doesn't matter which one; it could be any of the 88, or rather of the 53 that have voting on touch screen, also called Direct Recording Electronic, or DRE, voting machines. The pile of cash-register-like tape they are counting the votes on, is the "paper trail," or VVPAT, Voter Verified Paper Audit Trail.
By Ohio law this tape has the voters' actual "ballots," although no voter actually wrote, or made a check for any candidate on any part of this
But they could verify their ballot choices, so why don't they? When I was a poll worker in 2006 in Licking County, many people, I'd say as many as half, didn't know they could lift up the solid plastic door to view the tape as it went by. Under that opaque cover, on the Diebold/Premier touch screen machine, is a second cover over the paper tape, this time more or less clear, that is supposed to serve as a magnifier. Several people commented that they could not see the whole ballot though this plastic cover. When voters asked me as a poll worker, I told them the magnifier could also be opened up to reveal the tape under a much clearer glass. This was new information to the voters and they commented on how much better they could then see the choices the tape reported that they had made.
Many others said they didn't need to check the paper tape because they had checked the summary screen, and that would be the same, wouldn't it?
But why assume it would be? Numerous security tests by independent investigators from both major universities and industrial security firms have shown the same thing over and over: There is no proof that what the voter touches on the screen is what the machine records inside on its memory card, or in its internal memory, or is what the tape records. Sounds too conspiratorial?
Ohio, under the direction of Secretary of State Brunner conducted the "Everest Test" (click here ) in 2007, shortly after she took office. In very partisan attack she was blamed for wasting 1.9 million dollars of the taxpayers' money. The results that were published in the Columbus Dispatch said that the voting machines--both touch screens and optical scanners were tested--could be "hacked into by someone with a magnet or a hand-held [Blackberry-type device]," or the like. No particular worries there, the voting machine manufacturers and partisan election officials said, "We have physical security. No one will be able to get close to our voting machines with magnets or Blackberries." Here is just a small sample of the results of the Everest Report. This one is from MicroSolved, Inc, a corporation that is a leader in computer security:
"The second key finding of the review was the lack of integrity controls that have been applied to the systems and their components. Some systems were missing properly implemented encryption of the election files, allowing them to be edited or destroyed by an attacker or malware. Some systems failed to identify even trivial manipulations of the components or the data, including attacks ranging from write protection of the memory cards and other media to direct modification of the voting databases. Many components lacked basic security controls such as firewalls, antivirus and other mechanisms for providing protection for system integrity. "
It was reported that Secretary Brunner said she wanted to throw up after reading all the reports which make up the Everest Report.
Of course no one really wanted to read thirteen multi-paged technical reports of all the other ways the machines could be hacked. Or rigged.
Where and how does the software get rigged? Just about anywhere along the line: from manufacture of the guts of the machines, to uncertified "patches" from the manufacturer that might contain additional instructions, to someone slipping in a rigged "memory card" when the machines tabulate, to switching memory cards after the first tally is made at the precinct, or rigging the tabulation machines at the county level. This is why it is so important to make the machines run a tally of the contests at the precinct and post the results at the precincts, so that anyone and everyone can write them down and make sure they are not changed later--except for absentees and provisionals added in, which also need to be accounted for and overseen by citizens. The Ohio Secretary of State also directed that every polling location post the machine tallies, but some poll judges still did not comply.
It isn't just the Everest Test that showed these vulnerabilities. The 2006 California Top-to-Bottom review came up with basically the same ways to rig voting machines, as did the Princeton Hack, Harri Hursti's hack of both touch screen and optical scan machines, our government's GAO report in 2005, and several reviews in other states. The wonders of Google will give the reader You-Tubes and written reports and commentary on all of these studies. They all say basically the same thing: "Electronic voting machines can be rigged without leaving a trace."