Author: Luther Weeks

Georgia, Pennsylvania, New Jersey…on my mind

Story in Atlanta Journal-Constitution outlines what keeps election integrity awake all night: Georgia prepares to move from electronic to paper ballots .

State lawmakers broadly agree that it’s time to replace Georgia’s 27,000 direct-recording electronic voting machines with a system that leaves a verifiable paper trail.

With a paper ballot, recounts and audits could verify the accuracy of electronic tabulations.

But there’s disagreement about what kind of paper-based voting system Georgia should use and how much taxpayer money to spend on it…

It would be a sad shame if state and Federal money is spent to buy such risky equipment at triple the cost of voter marked paper ballots.

Story in Atlanta Journal-Constitution outlines what keeps election integrity awake all night: Georgia prepares to move from electronic to paper ballots <read>

State lawmakers broadly agree that it’s time to replace Georgia’s 27,000 direct-recording electronic voting machines with a system that leaves a verifiable paper trail.

With a paper ballot, recounts and audits could verify the accuracy of electronic tabulations.

But there’s disagreement about what kind of paper-based voting system Georgia should use and how much taxpayer money to spend on it…

One option calls for voters to complete paper ballots by hand, filling in bubbles with a pen and then inserting their ballots into optical scanners for tabulation.

Under another type of system, voters would choose their candidates on touchscreens — similar to those currently in use across the state — and then machines would print paper ballots reflecting their selections. Voters could then review their ballots and insert them into optical scanners…

Many election integrity advocates favor hand-marked paper ballots, saying they most closely reflect voters’ intentions. Election officials would be able to review how voters filled out their ballots, and they wouldn’t have to trust that a computer printed out their choices correctly.

Some county and state election officials prefer ballot-marking devices, which are more familiar to Georgia voters who are accustomed to casting their ballots on touchscreens. Ballot-marking devices can accommodate the disabled and elderly by adjusting type size or providing audio, and they help avoid mismarked ballots by preventing voters from circling candidates’ names or scratching out their choices.

There’s also a third potential option. Georgia could switch to hand-marked paper ballots and also provide at least one ballot-marking device at each precinct to accommodate the disabled…

Replacing the state’s voting machines won’t be cheap.

It could cost the public about $30 million to move Georgia to hand-marked paper ballots and over $100 million for ballot-marking devices.

Editorial

We favor the third option. Most voters filling out paper ballots by hand, with ballot marking devices available to accommodate those with disabilities. There is no guarantee voters actually check ballots created by ballot marking devices (see: Handmarked paper ballots more verifiable than ballot marking devices ), no guarantee they would consider it a machine error rather than their own mistake, and no reason for officials to believe or to verify voters that claim that the machine made an error. Worse many forms of those marking devices and their forms of ballot are much more difficult (expensive) to audit and recount.

It would be a sad shame if state and Federal money is spent to buy such risky equipment at triple the cost of voter marked paper ballots.

Handmarked paper ballots more verifiable than ballot marking devices

New study The study What Voters are Asked to Verify Affects Ballot Verification: A Quantitative Analysis of Voters’ Memories of Their Ballots

As a practical matter, do voters verify their BMD-printed ballot cards, and are they even capable of it?  Until now, there hasn’t been much scientific research on that question…

  1. In a real polling place, half the voters don’t inspect their ballot cards, and the other half inspect for an average of 3.9 seconds (for a ballot with 18 contests!).

  2. When asked, immediately after depositing their ballot, to review an unvoted copy of the ballot they just voted on, most won’t detect that the wrong contests are presented, or that some are missing.

New study summarized by Andrew Appel: Why voters should mark ballots by hand <read>

Because voting machines contain computers that can be hacked to make them cheat, “Elections should be conducted with human-readable paper ballots. These may be marked by hand or by machine (using a ballot-marking device); they may be counted by hand or by machine (using an optical scanner).  Recounts and audits should be conducted by human inspection of the human-readable portion of the paper ballots.”

Ballot-marking devices (BMD) contain computers too, and those can also be hacked to make them cheat.  But the principle of voter verifiability is that when the BMD prints out a summary card of the voter’s choices, which the voter can hold in hand before depositing it for scanning and counting, then the voter has verified the printout that can later be recounted by human inspection.

But really?  As a practical matter, do voters verify their BMD-printed ballot cards, and are they even capable of it?  Until now, there hasn’t been much scientific research on that question.

A new study by Richard DeMillo, Robert Kadel, and Marilyn Marks now answers that question with hard evidence:

  1. In a real polling place, half the voters don’t inspect their ballot cards, and the other half inspect for an average of 3.9 seconds (for a ballot with 18 contests!).

  2. When asked, immediately after depositing their ballot, to review an unvoted copy of the ballot they just voted on, most won’t detect that the wrong contests are presented, or that some are missing.

The study What Voters are Asked to Verify Affects Ballot Verification: A Quantitative Analysis of Voters’ Memories of Their Ballots <read>

Recognize that ballot marking devices, like the IVS used in Connecticut, are a valuable vehicle for those with disabilities. Voters without disabilities should avoid them. Leave them for those that need them. There are two other reasons to encourage the vast majority of voters to use hand-marked paper ballots. Ballot marking devices are much more expensive than voting booths for marking paper ballots and can lead to long lines.

Blockchain a technology with great claims, without documented success

Blockchain has been wildly mis-sold, but underneath it is a database with performance and scalability issues and a lot of baggage. Any claim made for blockchain could be made for databases, or simply publishing contractual or transactional data gathered in another form.

A new study finds no actual successes behind claims, also a lack of transparency:  Blockchain study finds 0.00% success rate and vendors don’t call back when asked for evidence <read>

Though Blockchain has been touted as the answer to everything, a study of 43 solutions advanced in the international development sector has found exactly no evidence of success…

Blockchain vendors were keen to puff the merits of the technology, but when the three asked for proof of success in the field, it all went very quiet…

Blockchain has been wildly mis-sold, but underneath it is a database with performance and scalability issues and a lot of baggage. Any claim made for blockchain could be made for databases, or simply publishing contractual or transactional data gathered in another form.

Its adoption by non-technical advocates is faith-based, with vendors’ and consultants’ claims being taken at face value…

As with every bubble, whether it’s Tulip Mania or the Californian Gold Rush, most investors lose their shirts while a fortune is being made by associated services – the advisors and marketeers can bank their cash, even if there’s no gold in the river.

Well maybe those advisors and marketeers are successful.  As they say “Where are the users’ yachts”.

 

76 Bad ballots, followed by unfortunate decision for election integrity

Rep. Philip Young, D-Stratford, won re-election to a second term on Nov. 6, defeating Republican Jim Feehan by 13 votes in the 120th District. But Feehan says as many as 76 voters at Bunnell High School were given ballots for the 122nd District, which uses the same polling place.

Ruling from the bench, Superior Court Judge Barbara Bellis dismissed Feehan’s request for a new election, agreeing with the attorney general’s office that she had no jurisdiction to do so under the Connecticut Constitution, lawyers for Feehan and Young said.

“That power has been committed exclusively to the House of Representatives, and this Court therefore lacks jurisdiction to grant the relief that Feehan requests,” the attorney general’s office said in a brief filed Thursday.

 

From the CTMirror: Trial judge dismisses call for new House election in Stratford <read>
The facts are simple, the law is apparently clear, yet the decision in our opinion is unfortunate for democracy.

Rep. Philip Young, D-Stratford, won re-election to a second term on Nov. 6, defeating Republican Jim Feehan by 13 votes in the 120th District. But Feehan says as many as 76 voters at Bunnell High School were given ballots for the 122nd District, which uses the same polling place.

Ruling from the bench, Superior Court Judge Barbara Bellis dismissed Feehan’s request for a new election, agreeing with the attorney general’s office that she had no jurisdiction to do so under the Connecticut Constitution, lawyers for Feehan and Young said.

“That power has been committed exclusively to the House of Representatives, and this Court therefore lacks jurisdiction to grant the relief that Feehan requests,” the attorney general’s office said in a brief filed Thursday.

I am not a lawyer, yet here we are, waiting at least until January for the General Assembly to decide. The correct decision for democracy seems to us to award a new election. It was a simple mistake that led to an unfair election where the result has moderate odds of being incorrect. It is not good for democracy when a partisan body is making a decision with political results. The odds of partisan decision is a bit less when made by a judicial body, especially when it is such a straight-forward application of other precedents.

Overall, the U.S. has a poor system of deciding close elections. History shows over and over partisan bodies making partisan decisions indistinguishable from those their party affiliations would predict: <Read Book Review: Ballot Battles>

 

Courant Editorial Misses the Mark on At Least Three of Five Points

On Sunday the Hartford Courant lead Editorial proposed fixes to its perceived problems with Connecticut’s election system: 5 Fixes For State’s Broken Election System. Note that all the statewide races were decided by 8:00am on Wednesday morning after the election.

To the Courant’s credit, for the second time in a row, they published a letter of mine criticizing an editorial.

Proposed Fixes Could Make Problems Worse

The editorial “Five Fixes for State’s Broken Election System” misses the mark on at least three of its five proposals

On Sunday the Hartford Courant lead Editorial proposed fixes to its perceived problems with Connecticut’s election system: 5 Fixes For State’s Broken Election System <read>

We say perceived problem, since the newspaper’s concern is for quicker results to feed the Courant and other impatient media:

Connecticut is a slowpoke on election results compared to other states. This will not do. Voters need to know on election night who their new governor is. They shouldn’t have to wait till the next morning.
Here are a few ways for the state to catch up with the rest of the nation…

1. Take humans out of it… 2. Stop using pens and rulers… 3. Send in state help… 4. Appoint professionals… 5. Vote Earlier.

Note that all the statewide races were decided by 8:00am on Wednesday morning after the election.

To the Courant’s credit, for the second time in a row, they published a letter of mine criticizing an editorial. The letter is slightly modified from the one I sent after extensive fact checking by Carolyn Lumsden, Opinion Editor, and a couple of emails back and forth. It makes the same points as the original. I would only quibble with a bit of grammar. I said as much as I could in keeping the letter within the size that the Courant usually publishes.

Proposed Fixes Could Make Problems Worse

The editorial “Five Fixes for State’s Broken Election System” misses the mark on at least three of its five proposals [courant.com, Nov. 11].

It suggests that early voting would provide quicker results. Is The Courant aware that California, Colorado, Georgia and Florida all have early voting and were still counting mail-in votes on Saturday? In fact, California counts mail-in votes for weeks after each election.

The Courant proposes following Philadelphia by using memory cards to accumulate results. Philadelphia is one of the notorious areas of the country with paperless direct-recording electronic voting machine, or DRE. Using memory cards to total results in Connecticut in any reasonable time frame would entail connecting memory cards to the internet, which would risk hacking, a risk that Secretary of the State Denise Merrill has steadfastly and appropriately avoided.

There are some benefits to electronic poll books, yet there are also risks that must be mitigated. Electronic poll books have proved in some places to slow down check-ins, requiring more lines; there must be paper backup and effective contingency plans when poll books fail, as they did in a North Carolina county in 2016.

Professionalization may be part of a solution, yet any solution brings its own challenges. I would support professionalization as part of regionalization of elections, so that professionals are not appointed and funded by partisan local government. A part-time or individual professional would be insufficient to conduct professional elections in our small towns. There are real challenges, money can help, yet we need a thorough, rational top-to-bottom review that considers best practices from other states and countries.

There was also an excellent letter on Tuesday from Fred DeCaro III, Republican Registrar of Voters from Greenwich. DeCaro expands on the reasons why replacing two registrars in a town by a single town appointed official is not a good idea.

Bipartisan Registrar System Is Fairer

Every election season, The Hartford Courant likes to complain because writers don’t have the results in time to get their beauty sleep [editorial, Nov. 6, “Editorial: Governor Results Take Too Long”].

The logical leap for Courant editorialists is that we need to get rid of our system of two registrars per town, one from each of the two major parties, and replace it with “one professional nonpartisan registrar per town.”

Because things would go faster and with fewer errors if one person typed in the numbers instead of two? I suppose the news would get printed faster if The Courant didn’t use fact-checkers, too.

I’m sure Bridgeport Mayor Joe Ganim would love to be able to appoint his own personal registrar. And if his appointee doesn’t get him the results he wants, he can swap the registrar out. Kind of like President Trump and the head of the FBI. Eventually both will find a candidate sufficiently “nonpartisan.”

Having two individuals of different viewpoints checking each other is common sense. Financial institutions are required to have dual control. Most states have boards of elections, which are bipartisan. Having a Democratic and a Republican registrar in every municipality is Connecticut’s method of making certain that all actions with regard to an election are measured.

The fastest election results can be found in Brazil, which uses an all-electronic system with no paper ballots, electronic transmission and the added benefit of recording your fingerprints before you vote. No public watchdogs are allowed to examine the proprietary code. You vote or you pay a fee.

I’ll stick with paper ballots and wait a little longer for the results. And I’ll sleep more restfully as a result.

I also had a short, related Facebook exchange with Essie Labrot, Town Clerk of West Hartford, which clarifies my concerns with undue haste and expanded absentee balloting:

Essie Labrot As a Town Clerk, my office issued over 3,000 absentee ballots. We need to change the statutes to allow counting of them earlier than 10 am on election day. Also, streamline the application process for AB’s (including acceptance of electronic signatures). Reliance on mail system leaves ballot errors and late applications missed votes.

Luther Weeks or change the law like CA, CO, FL, GA … to allow counts to go on days or weeks after Election Day. That would also entail adjusting recancass dates.

Essie Labrot I don’t think candidates would want to wait weeks for final results..our state is much smaller than those who have all mail voting..and county based.

Luther Weeks I was not suggesting weeks. Maybe 2 days. The law already provides 48 hours for polling places, except for reporting the tape [which is supposed to be completed on election night]. There are other risks and issues with the law in starting [counting absentee ballots] before Election Day. Many states give voters time to cast in person on Election Day to override their AB. For different reasons we give them until 10:00am [on election day]. Also the dead voter rule [which requires pulling of absentee ballots for voters not alive on election day]. Lots of choices and associated issues to consider with any change!

Essie Labrot absolutely! Looking forward to seeing you at the Capitol..

One real problem in this election was the civil rights violation that is our Election Day Registration system’s 8:00 cutoff, see: <Connecticut dodges EDR bullet. How long will EDR dodge the Civil Rights bullet?>

 

See a problem, propose a solution you want that might make the problem worse

There were long lines for Election Day Registration (EDR) and it took a whole 10 hours to count enough votes to determine the Governor in Connecticut. Our EDR is a problem, but waiting ten hours for result is just a concern hyped up by a overly impatient press and used as a opportunity by advocates to promote early voting as a solution.

As of this time the states of California, Colorado, Florida, and Georgia are still counting votes. They all have mail-in early voting.  California has a Friday deadline to receive mail-in ballots postmarked by election day and counts them for weeks after election day.  As of Friday all those other states were still counting.

There real are problems and there are reasonable solutions.

There were long lines for Election Day Registration (EDR) and it took a whole 10 hours to count enough votes to determine the Governor in Connecticut. Our EDR is a problem, but waiting ten hours for result is just a concern hyped up by a overly impatient press and used as a opportunity by advocates to promote early voting as a solution.

An example is this article in the CTPost: Changes to Connecticut’s voting laws could streamline elections<read>

It took nearly 10 hours after the polls closed for Connecticut voters to learn who won the hard-fought race for governor, and by the time Ned Lamont was named the next governor, voters were beginning a new day.

It’s not the first time election results have been delayed — Connecticut’s cities have developed a reputation for holding up the process — but with a broader majority in the state Legislature, Secretary of the State Denise Merrill hopes changes in the state’s voting laws could be on the horizon.

Merrill plans to again propose a change to allow early voting, as well as create no-excuses absentee voting. She also plans to propose automatic registration for 16-year-olds, who could be registered when they visit the state Department of Motor Vehicles for their learners permits.

“There’s more optimism for passing early voting,” said Gabe Rosenberg, a spokesman for Merrill’s office. “I think that there’s a real hunger for early voting. So many people want to vote early, especially when they see how many people in other states do it.”

Thirty-three states and the District of Columbia allow early voting in person, which cuts down lines on Election Day, especially in highly populated cities, and helps results come in faster. A record 36 million people across the nation voted ahead of Election Day.

That last statement is blatantly untrue. As of this time the states of California, Colorado, Florida, and Georgia are still counting votes. They all have mail-in early voting.  California has a Friday deadline to receive mail-in ballots postmarked by election day and counts them for weeks after election day.  As of Friday all those other states were still counting.

It seems that whenever there is an apparent problem, the Connecticut response is to claim that the cure is whatever you have been proposing all along. There real are problems and there are reasonable solutions:

EDR is a problem caused by a too restrictive process unique to Connecticut.  And by the Secretary of the State unilaterally declaring that persons in line at 8:00pm for EDR have no right to an opportunity to register and vote. <see our coverage and opinions>

Yes, New Haven and many towns in Connecticut should spend more on staffing polling places and EDR for these large elections.

However, New Haven should be applauded for taking the necessary time to count votes by hand that could not be counted by machine. Perhaps they should even have given their pollworkers more time to rest and resume counting, extending the time to get accurate results to maybe 24 hours.

Compare New Haven 2018 to Bridgeport in 2010 where, under pressure, they rushed hand counting and missed many votes in a somewhat comparable emergency. Those votes were counted by the CTPost and the Citizen Audit – yet were never counted or recognized by the Official system. <read>

Connecticut dodges EDR bullet. How long will EDR dodge the Civil Rights bullet?

In this election as in recent elections, we issued our Election Day Registration Warning to voters. We have been issuing warnings to the General Assembly for several years as well. We have warned that it is a “Civil Rights violation waiting to happen.” since the Secretary of State declared that voters in line at 8:00pm could not have the opportunity to register and vote unless officials completed their registration by 8:00pm.

Yesterday, there was great concern when for the third time in three even year elections, voters were deprived of registering and voting due to Secretary Merrill’s ruling and inadequate work by registrars. Read the New Haven Independent’s story: Ballot Pandemonium: Machines Break All Over Town; Voters Wait Hours; Stefanowski Seeks Injunction

By day’s end it appeared that hundreds of the people in line — mostly Yale students — wouldn’t be able to register in time (8 p.m.) to cast ballots. “Let us vote!” they chanted.

Sadly, our history with election concerns is to quickly move on from concerns, once a clear winner has been determined.

 

In this election as in recent elections, we issued our Election Day Registration Warning to voters. We have been issuing warnings to the General Assembly for several years as well. We have warned that it is a “Civil Rights violation waiting to happen.” since the Secretary of State declared that voters in line at 8:00pm could not have the opportunity to register and vote unless officials completed their registration by 8:00pm.

Here is our latest testimony to the General Assembly: <read> And that of Fairfield Registrar Matt Waggner’s which I support <read>

Yesterday, there was great concern when for the third time in three even year elections, voters were deprived of registering and voting due to Secretary Merrill’s ruling and inadequate work by registrars. Read the New Haven Independent’s story: Ballot Pandemonium: Machines Break All Over Town; Voters Wait Hours; Stefanowski Seeks Injunction <read>

Meanwhile, the city was overwhelmed by hundreds of voters at a time who wanted to register and vote Tuesday under the state’s Election Day Registration (EDR) program. It was the third straight year that people waited in line to register and vote.

People waited four hours to vote.

By day’s end it appeared that hundreds of the people in line — mostly Yale students — wouldn’t be able to register in time (8 p.m.) to cast ballots. “Let us vote!” they chanted.

The secretary of the state’s office — which was aware that New Haven had had the same crisis in the last two even-year elections — dispatched “every volunteer attorney we had down there to help them,” said the office’s spokesperson, Gabe Rosenberg.

The attorneys advised New Haven to separate first-time voters from the rest of the line. Under the law, those first-time voters were allowed to attest en masse that they’d never voted before in Connecticut, and move right ahead to step three. Officials had those students attest all at once by voice. That got rid of the back-up.

“Out of an abundance of caution,” officials had set aside that special group’s votes in case questions get raised later.

Republican gubernatorial candidate Bob Stefanowski’s gubernatorial campaign filed an injunction in Hartford Superior Court to make sure ballots cast after 8 p.m. by voters who registered that day were segregated from the totals.

Stefanowski’s campaign hired Herb Shephardson to file the injunction to make sure New Haven and Mansfield [where the Secretary also sent help] segregated those ballots.

While some might applaud the Secretary sending help, it also adds to the charges of a civil rights violation if there were other towns with voters in line, where similar help was not offered.

The General Assembly has been concerned with this issue for the last three years, but likely due to pressure from our 340 Registrars, no bill has come close to consideration for a vote in either chamber.

After this third debacle, associated publicity, and finally some concern by the state ACLU, perhaps there will be a change.  Do not count on it, since by morning it was clear that the EDR votes would not matter as there was a clear winner in the Governor’s race followed by a prompt concession by the other candidate. sadly, our history with election concerns is to quickly move on from concerns, once a clear winner has been determined.

 

 

Georgia voter registration system crisis touches Connecticut

Georgia Secretary of State, Brian Kemp, just launched an investigation of the Democratic Party of Georgia, after their consultant pointed out a serious vulnerability in Georgia’s voter registration system/database: Kemp’s Aggressive Gambit to Distract From Election Security Crisis

This touches Connecticut because the vendor for Georgia’s system, PCC, is located in Bloomfield Connecticut and supplies Connecticut’s voter registration and election night reporting systems. It is not certain that the reports so far accurately portray PCC’s role in Georgia and if any of the same vulnerabilities apply to the Connecticut’s system. From our understanding Connecticut has paid a lot of attention to the security of our voter registration system and that PCC supplies the software by is not involved in its operation. We have reached out to the Secretary of the State’s Office suggesting that they address the relevance of the Georgia report to Connecticut.

Georgia Secretary of State, Brian Kemp, just launched an investigation of the Democratic Party of Georgia, after their consultant pointed out a serious vulnerability in Georgia’s voter registration system/database: Kemp’s Aggressive Gambit to Distract From Election Security Crisis <read>

This touches Connecticut because the vendor for Georgia’s system, PCC, is located in Bloomfield Connecticut and supplies Connecticut’s voter registration and election night reporting systems. It is not certain that the reports so far accurately portray PCC’s role in Georgia and if any of the same vulnerabilities apply to the Connecticut’s system. From our understanding Connecticut has paid a lot of attention to the security of our voter registration system and that PCC supplies the software by is not involved in its operation. We have reached out to the Secretary of the State’s Office suggesting that they address the relevance of the Georgia report to Connecticut.

The beginning of the article points to the weakness discovered in the Georgia system and the attempted political deflection of the issue from Brian Kemp’s responsibilities as Secretary of State to the Democratic Party:

When Georgia Democrats were alerted to what they believe to be major vulnerabilities in the state’s voter registration system Saturday, they contacted computer security experts who verified the problems. They then notified Secretary of State Brian Kemp’s lawyers and national intelligence officials in the hope of getting the problems fixed.

Instead of addressing the security issues, Kemp’s office put out a statement Sunday saying he had opened an investigation that targets the Democrats for hacking…

WhoWhatWhy, which exclusively reported on these vulnerabilities Sunday morning, had consulted with five computer security experts on Saturday to verify the seriousness of the situation. They confirmed that these security gaps would allow even a low-skilled hacker to compromise Georgia’s voter registration system and, in turn, the election itself. It is not known how long these vulnerabilities have existed or whether they have been exploited…

“What is particularly outrageous about this, is that I gave this information in confidence to Kemp’s lawyers so that something could be done about it without exposing the vulnerability to the public,” Brown told WhoWhatWhy. “Putting his own political agenda over the security of the election, Kemp is ignoring his responsibility to the people of Georgia.”…

“It’s so juvenile from an information security perspective that it’s crazy this is part of a live system,” Constable said.

It’s Georgia and Brian Kemp’s responsibility but the article also implicates PCC:

A Connecticut-based private contractor, PCC Technologies Inc., has contracts to manage voter registration systems for Georgia and 14 other states. PCC also runs online voter registration for six of them, including Georgia. If these vulnerabilities exist in Georgia, they could also be present in other states where PCC operates.

Matt Bernhard, a Ph.D. student in computer science at the University of Michigan focusing on voting technology, found that personally identifiable information could also be accessed through North Carolina’s voter page, which PCC also manages.

As Georgia’s system has not been audited — if it had, these problems would have been found and fixed, presumably — there are likely other vulnerabilities that could impact the midterm election, according to Constable.

PCC also runs the ElectioNet system, which is used by every county in Georgia to manage the state’s voter rolls. If voter registration data was changed, it would show up in the ElectioNet system. In a declaration as part of a recent lawsuit against the state, Colin McRae, chair of the Chatham County Board of Registrars, disclosed that the ElectioNet system is also responsible for populating the data in the pollbooks of every state.

Our understanding is that PCC just supplies software to Connecticut and does not manage our voter registration system.

Connecticut does not officially use ePollbooks. We use printed paper checkin lists, although some registrars have purchased and use ePollbooks for redundant record keeping. We presume it is PCC code that is used to print the paper checkin lists we use and to load the ePollbooks purchased by some towns.  Any significant errors in either of those could cause chaos and dramatically effect elections.  Once again, there is a strong possibility that vulnerabilities in Georgia may not apply to Connecticut.

 

 

The front line of election security in Connecticut has about 169 weak points

Last week, West Haven paid a $2,000 ransom to hackers to unlock its computer systems. In a statement from the city, the ransom was characterized as a “one-time fee.” The word-choice here reveals an oversimplified view of the reality of ransomware, a cyberattack in which hackers lock data and demand payment.

First, West Haven was lucky to regain access to its systems after paying the ransom. Fewer than a quarter of ransomware victims actually get their files back after paying up. More often, hackers pocket the money and leave the data scrambled.

The notion of a “one-time fee” also fails to account for reputation damage and loss of trust. A city like West Haven — which is already navigating difficult financial straights — needs to rally community support. A blunder like this undermines the momentum it was building…

 

Excellent op-ed in the Courant today, explaining the risks of ransomeware. Cities Must Pay For Cybersecurity, Not Ransoms <read>

Last week, West Haven paid a $2,000 ransom to hackers to unlock its computer systems. In a statement from the city, the ransom was characterized as a “one-time fee.” The word-choice here reveals an oversimplified view of the reality of ransomware, a cyberattack in which hackers lock data and demand payment.

First, West Haven was lucky to regain access to its systems after paying the ransom. Fewer than a quarter of ransomware victims actually get their files back after paying up. More often, hackers pocket the money and leave the data scrambled.

The notion of a “one-time fee” also fails to account for reputation damage and loss of trust. A city like West Haven — which is already navigating difficult financial straights — needs to rally community support. A blunder like this undermines the momentum it was building…

However, the fact is that remediating a cyberattack comes at a much greater cost than preventing one in the first place. While the $2,000 ransom may seem relatively low, tracking how the attack happened, assessing the damage and shoring up defenses quickly is an expensive proposition. Just ask Lansing, Mich., which, even with insurance, paid $500,000 out of pocket for remediation after a 2016 ransomware attack (total cost: $2.4 million).

The best way to bounce back from ransomware is to have a strong backup system, something every organization needs for a number of reasons. The fact that West Haven paid the ransom suggests that there was no effective backup system in place. If that is the case, the city truly did not have a lot of options once the ransomware attack occurred.

Our Editorial

When it comes to elections the problem starts with cybersecurity, yet also requires physical security of voting equipment and voted paper ballots. In most towns in Connecticut ballots and voting equipment are “protected” by a single key, often accessible by multiple single individuals, keys often associated with weak locks and storage closets, all providing access available single individuals for hours, undetected.

The solution is strong security of equipment and especially voted paper ballots, with strong, sufficient recount and audit laws, well followed, with transparency and public verifiability.