The Outsourced State

Last week we covered a significant report by VotersUnite.org, Vendors are Undermining the Structure of U.S. Elections. The report describes the multiple ways that states have become dependent on vendors for elections, how Federal laws and actions have placed election officials in an impossible bind, how arrogant vendors take advantage of the situation, that elections are at risk, and democracy in peril. It also highlights some states that are completely dependent on vendors for almost every phase of every election.

Looking at Connecticut, we outsource less than the states that are highlighted in the VotersUnite report. You could conclude that we are much better off, our elections much less at risk. You might be wrong.

The VotersUnite report uses the theme of outsourcing being a tunnel that undermines elections. Here are the major outsourced elements covered by the report. Like most states, Connecticut does not outsource them all (here we cross out those not completely outsourced by Connecticut):

• Equipment
• Software
• Installation
• Training/Troubleshooting
• Ballot Programming
• Pre-Election Testing
• Maintenance/Repairs
• Election Day Assistance
• Results Retrieval
• Trouble Shooting/Investigation
• Recount Management

We prefer a different theme: “A chain is only as strong as its weakest link(s)”.

Two of these elements represent a significant risk to Connecticut elections:

1. Ballot Programming – Before each election memory cards are programmed by a vendor, LHS Associates, in Massachusetts, by people over which we have no supervision.
2. Maintenance/Repairs – Over this last summer each of our optical scanners was subject to mandatory maintenance planned and performed by LHS Associates.

This summer’s maintenance was to be performed under the observation of election officials but not the public – how hard would it be for a busy, untrained, non-technical election official to look away for a few seconds while a scanner was open, giving the vendor time to replace the permanent program chip in the machine with one with the same external label but with a rogue program inside? What guarantee is there that the original chip had the approved program when the scanners were originally delivered?

“Oh” you say, “this is so far fetched and local officials perform pre-election testing before each election.”

A recent paper by the University of Connecticut clearly demonstrates the ways in which clever coding in the permanent memory of our AccuVote-OS optical scanners can defeat pre-election testing. The report title almost says it all: Tampering with Special Purpose Trusted Computing Devices: A Case Study in Optical Scan E-Voting <read>

Also a memory card test by UConn commissioned by the Secretary of the State surprisingly revealed that less than half of local election officials were able to fully follow pre-election testing procedures.

Reports by UConn and those commissioned by the Secretaries of State of CA and OH also demonstrate the risks of the memory cards and their vulnerability to insiders.

The companies we keep:

• The AccuVote-OS manufacturer Diebold Premier – recently, reluctantly admitted to errors that cause votes to be dropped. (this particular problem does not apply to Connecticut, yet the problem and the initial denial are indicative of the company’s quality control and attitude)
• The AccuVote-OS New England Distributor, LHS, – where its President claims no computer expertise?

Recall that our State’s chief election official incorrectly believes that LHS invented the AccuVote-OS