In May of this year, the National Science Foundation's ACCURATE Center advised the U.S. Election Assistance Commission (EAC): 

"Of course, numerous studies have shown that currently deployed voting systems are susceptible to undetectable malicious attacks..." 

Various states propose to compensate for this huge 'black hole' of unpreventable computer fraud by hand counting some of the ballots – and, in the case of New York, within 15 days after the election.   But this newly discovered ballet-stuffing hole will foil the manual audit.  Ballot stuffing can disrupt a post-election audit, trigger an expanded audit when count discrepancies are discovered, and then produce a fraudulent recount of all the ballots. 

Regardless of how the ballots are stored, a post-election manual audit of the machine count is fatally flawed because we simply cannot know whether anyone tampered with the post-election ballots.  Once the ballots leave the poll site, who's to say someone didn't alter, substitute or destroy them?  How will anyone know which ballots were scanned and which ballots were illegally stuffed at some point prior to the hand count?  Legitimate ballots cannot be discerned from fraudulent ones. 

Dependence on mutable software is precisely what the post-election audit is intended to prevent.  A ballot box that can be stuffed defeats this faux safeguard, rendering the entire electoral system unreliable.  New York courts have always comprehended why post election ballots can never be sufficiently protected from tampering.  A ballot stuffing hole right into the ballot box is the perfect metaphor for these unsecurable, shoddy voting machines and precisely why such theft-enabling systems must be banned from counting our ballots. 

When asked on August 7th about the slotted hole enabling ballot stuffing, a Dutchess County election worker advised, "Yeah, we noticed that.  We'll have to address that."  

Perhaps the best response is to wholly reject theft-enabling voting systems.   

2. Illegal Network and Internet Access Capability 

SysTest has identified a risk regarding Sequoia/Dominion's documentation, which is written for installation to a network server.  The installation to a standalone system is different, and will require updates to the installation documentation. 

This illegal feature facilitates network and wireless internet access.  It also allows portable hard drive access through which malicious code can be inserted to subvert the vote count in what is called a "sneakernet" attack.  Hackers can easily corrupt the software that counts the votes. 

Perhaps Sequoia/Dominion simply doesn't care that New York bans network capability, and ordered standalone voting systems.  Maybe it hopes to lobby a change in the laws.  Maybe they thought network capability would escape notice.  Or maybe they believe eight Phillips screws can secure the system from network or wireless access.  

3. Shoddy Product

"The voting industry sells crap, and that is the problem," explained frustrated SBOE Co-Chair Douglass Kellner.  On July 1st, we reported that 85% of Sequoia's BMDs delivered to Nassau County failed to operate or were damaged beyond use.  Two weeks later, Wired reported a 50% statewide failure rate for the 1,500 machines delivered to date.  Printer failures, printer jams, failure to boot up, broken monitors, misaligned printer covers, and easily broken seals comprise most of the failures. 

In its August 8th report to the court, the SBOE advised that printer jams continue to occur with the new BMDs, and counties continue to report printer failures after being approved by the State.  Bear in mind – the main function of this $12,000 device is to print a ballot. How do these machines continue to pass inspection?    

In the February 2008 New Jersey primary, 60 Sequoia machines reported conflicting vote totals.  When Union County sought to have Princeton University computer security experts Ed Felten and Andrew Appel review the machines, Sequoia threatened suit.  In this video interview by Jacob Soboroff of www.WhyTuesday.org, Felten explains what happened (starting at about 4:23):

Now, if a piece of publicly owned equipment doesn't work, why would the vendor threaten suit if election officials wanted an independent test?  Why would election officials back down?  It's only our sovereignty at stake, here.

5. Can't Document the Software 

Now that Sequoia/Dominion has shown it can't make a physically secure ballot box, how can we trust the software it wrote?  We can't.  Not only do its machines fail to add correctly, but New York's testing of the Sequoia/Dominion ImageCast revealed hundreds of source code and documentation discrepancies.  In discussing the standards software driven voting systems must meet, Commissioner Kellner explained on July 23rd: 

"The industry and the Department of Justice will argue that if every other state is using equipment that does not comply with current federal standards, why should New York be the exception? I believe that there is still strong bi-partisan consensus within New York that we should stick to our policy that newly purchased voting equipment meet all of the currently applicable standards."  

"This is a classic computer security problem.  Whoever gets into the machine first wins.  So if the Trojan horse software is in there first, you ask it to test itself, it will always lie to you and tell you everything is fine.  And no matter what testing code you try to add after the fact, it's too late.  It can now create a world where the testing software can't tell that the machine has been compromised, even though it has..."

During our investigation, we came upon another horrifying discovery.  When Dominion showcased its ImageCast system in Florida in 2007, Pam Haengel and Dan McCrea of Florida Voters Coalition (FVC) posted a video of the demonstration.  Haengel recently shared her impressions of this all-in-one voting system:

"In thinking about that mini-touchscreen, I distinctly recall them saying you could correct errors on your ballot with the touchscreen OR have the machine reject your ballot and do the whole thing over." 

FVC President Dan McCrea concurs:  

"It certainly could be a DRE integrated into an optical scanner - i.e. a TABULATING ballot marking device.  We were given no assurance that was not the case and of course any isolation between the ballot marking features and the tabulating features would have to be explicitly required by spec and regulation and tested for in certification, in my opinion."  

Quis custodiet ipsos custodies? 

In SysTest Labs under Fire, we detail an ongoing investigation into this federally accredited voting systems certification lab responsible for certifying the Sequoia/Dominion BMD in New York.  The lab is accused of failing to document and validate its test methods, and of using unqualified personnel. Emails from the lab also indicate possible collusion with another voting system vendor, ES&S, whereby SysTest's "test approach takes into consideration" actions that will "ensure certification."  The EAC cites a situation where SysTest may be:

'allowing and inviting manufacturers to play an inappropriate role in the development of test plans' which 'would be a significant violation" of ISO and NIST rules, 'and as such could affect SysTest's accreditation status.'  

On August 11th, SysTest assured the New York SBOE that all allegations are unfounded.  Meanwhile, the EAC and NIST have placed SysTest on administrative oversight and are currently reviewing all future testing plans.  These violations, if true, could result in revocation of SysTest's accreditation as a federal voting system certification lab.   

But Americans should note that the guidelines being used to certify our nation's voting systems are worthless according to many experts.  David Wagner testified in 2007 before the Committee on Oversight and Government Reform, Subcommittee on Information Policy, Census, and National Archives, U.S. House of Representatives: 

"In my research into electronic voting, I have come to the conclusion that the federal certification process is not adequate.  The testing labs are failing to weed out insecure and unreliable voting systems.  The federal certification process has approved systems that have lost thousands of votes, systems with reliability problems, and systems with serious security vulnerabilities.  Over the past four years, independent researchers have discovered security vulnerabilities in voting machines used throughout the country-vulnerabilities that were not detected by state and federal certification processes."

This situation certainly begs the question, how can states rely on SysTest's independence and competency in testing voting systems?  How can we rely on any of the federal testing labs? 

We Deserve the Best 

Computerized voting system experts have been decrying these systems for years.  The solution offered by most experts is software independence – in other words, do not rely on software-calculated results.  And if we can't rely on software driven results, why bother using these systems?  They are outrageously expensive and their very presence invites massive fraud.   

Whatever election system is adopted, it must be designed to detect and prevent fraud.  We should not contract with a vendor that can't build a system that complies with state laws, can't produce a product that works more than half the time, can't accurately document its product, and can't even build a secure ballot box.  We are entitled to the best system we can design for something as sacred as public elections, on which our very sovereignty rests.

Joanne Lukacher contributed to this article.