Category: Electronic Vulnerability

The Outsourced State

Last week we covered a significant report by VotersUnite.org, Vendors are Undermining the Structure of U.S. Elections. The report describes the multiple ways that states have become dependent on vendors for elections, how Federal laws and actions have placed election officials in an impossible bind, how arrogant vendors take advantage of the situation, that elections are at risk, and democracy in peril. It also highlights some states that are completely dependent on vendors for almost every phase of every election.

Looking at Connecticut, we outsource less than the states that are highlighted in the VotersUnite report. You could conclude that we are much better off, our elections much less at risk. You might be wrong.

The VotersUnite report uses the theme of outsourcing being a tunnel that undermines elections. Here are the major outsourced elements covered by the report. Like most states, Connecticut does not outsource them all (here we cross out those not completely outsourced by Connecticut):

  • Equipment
  • Software
  • Installation
  • Training/Troubleshooting
  • Ballot Programming
  • Pre-Election Testing
  • Maintenance/Repairs
  • Election Day Assistance
  • Results Retrieval
  • Trouble Shooting/Investigation
  • Recount Management

We prefer a different theme: “A chain is only as strong as its weakest link(s)”.

Two of these elements represent a significant risk to Connecticut elections:

  1. Ballot Programming – Before each election memory cards are programmed by a vendor, LHS Associates, in Massachusetts, by people over which we have no supervision.
  2. Maintenance/Repairs – Over this last summer each of our optical scanners was subject to mandatory maintenance planned and performed by LHS Associates.

This summer’s maintenance was to be performed under the observation of election officials but not the public – how hard would it be for a busy, untrained, non-technical election official to look away for a few seconds while a scanner was open, giving the vendor time to replace the permanent program chip in the machine with one with the same external label but with a rogue program inside? What guarantee is there that the original chip had the approved program when the scanners were originally delivered?

“Oh” you say, “this is so far fetched and local officials perform pre-election testing before each election.”

A recent paper by the University of Connecticut clearly demonstrates the ways in which clever coding in the permanent memory of our AccuVote-OS optical scanners can defeat pre-election testing. The report title almost says it all: Tampering with Special Purpose Trusted Computing Devices: A Case Study in Optical Scan E-Voting <read>

Also a memory card test by UConn commissioned by the Secretary of the State surprisingly revealed that less than half of local election officials were able to fully follow pre-election testing procedures.

Reports by UConn and those commissioned by the Secretaries of State of CA and OH also demonstrate the risks of the memory cards and their vulnerability to insiders.

The companies we keep:

Recall that our State’s chief election official incorrectly believes that LHS invented the AccuVote-OS

via Outsourcing: Democracy is Lost

A report this week from VotersUnite.org describes the devastating damage caused by outsourcing our elections and giving over complete control to vendors:

Vendors are Undermining the Structure of U.S. Elections
A VotersUnite report on the current situation and
how to reclaim elecitons — in 2008 and beyond

The report comes with an Executive Summary
A fourty page Full Report
And a Lou Dobbs video interview with the author

This report is sad, devastating, important, and very readable. You can and should read the whole report. The summary or a few quotes cannot do it justice. Here are a few quotes to encourage you to read the entire report:

As we approach the 2008 general election, the structure of elections in the United States – once reliant on local representatives accountable to the public – has become almost wholly dependent on large corporations, which are not accountable to the public. Most local officials charged with running elections are now unable to administer elections without the equipment, services, and trade-secret software of a small number of corporations.

If the vendors withdrew their support for elections now, our election structure would collapse. However, some states and localities are recognizing the threat that vendor-dependency poses to elections. They are using ingenuity and determination to begin reversing the direction…

Such dependency has allowed vendors to:

  • Coerce election officials into risk-riddled agreements, as occurred in Angelina County, Texas in May 2008.
  • Endanger election officials’ ability to comply with federal court orders, as occurred in Nassau County, New York in July 2008.
  • Escape criminal penalties for knowingly violating state laws and causing election debacles,
    as occurred in San Diego, California in 2004.

Analysis of the impact of laws and decisions at all levels of government demonstrates that lawmakers and officials have facilitated the dependence of local elections on private corporations. This report explores:

  • How the mandates of the Help America Vote Act of 2002 (HAVA) and the inaction of the federal government left the states and localities with nowhere to turn but to the vendors.
  • How state laws, passed by ill-informed representatives, limited the options of local officials to the voting systems developed by big corporations.

Voting system vendors’ contracts, communications, and histories explored in this report reveal that vendors exploit the local jurisdictions’ dependency by charging exorbitant fees, violating laws and ethics, exerting proprietary control over the machinery of elections, and disclaiming unaccountability…

Continue reading “via Outsourcing: Democracy is Lost”

In Memoriam: Rep. Stephanie Tubbs Jones

She was the leader in moving that the 2004 vote be examined by congress.

Here she is in “Help America Vote…On Paper” (about 4min 40sec in and 8min20 sec) <video>

This whole video is also a good 18 minute primer on electronic voting issues: The risks of electronic voting, the perils of outsourcing, the advantages of optical scan, the need for optical scan audits, and the taxpayer costs.

Official Statement: Continue reading “In Memoriam: Rep. Stephanie Tubbs Jones”

Times: Blames the Messinger

We have been complementary of late of the New York Times Editorials that have gotten it right: Nailed Problems With Federal Bill, Three Lessons Learned, and Strongly Favoring Post-Election Audits.

However a story on Saturday gets it wrong and blames the Election Assistance Commission for being slow in approving voting machines – but the problem is that the vendors are not supplying products that are acceptable <read>

Flaws in voting machines used by millions of people will not be fixed in time for the presidential election because of a government backlog in testing the machines’ hardware and software, officials say.

The flaws, which have cast doubt on the ability of some machines to provide a consistent and reliable vote count, were supposed to be addressed by the Election Assistance Commission, the federal agency that oversees voting. But commission officials say they will not be able to certify that flawed machines are repaired by the November election, or provide software fixes or upgrades, because of a backlog at the testing laboratories the commission uses.

“We simply are not going to sacrifice the integrity of the certification process for expediency,” said Rosemary E. Rodriguez, the chairwoman of the commission.

Thanks to John Gideon for articulating the details in the flawed products and the flawed article: <read>

The New York Times has again given a platform to the voting machine vendors to voice their displeasure with a system that is forcing them to actually provide voting systems that are fully tested and certified. The vendors, and some election officials, seem to want to continue the old system of poorly tested and rubber-stamped voting systems counting our votes…

If Diebold/Premier had not presented a voting system that had 79 flaws found during testing and 2 of those being fatal flaws, they might have one of their newer systems certified right now. All of the vendors seem to be having the same issues. Product certification testing is not supposed to be a system of doing alpha and beta testing for the vendors, yet that is what is clearly happening…

The fact is, as Urbina reports, the Government Accountability Office (GAO) has “said the current system left states on their own to discover voting machine problems. The report calls for Congress to revise the Help America Vote Act and provide the commission with the authority and resources it needs to resolve problems with machines that were certified before the commission took over the process.”

EVEREST Reports Devistating

Earlier I had promised more on the USENIX/ACCURATE Conference in San Jose. In addition to the panels, the presentations on the Ohio EVEREST studies provided information that we have not covered here at CTVotersCount.org. Released in mid December, following the California Top-To-Bottom review the Ohio reports have gotten less attention by many, including me. Two presentations on EVEREST at the conference grabbed my attention – they not only confirmed the CA reports but added additional vulnerabilities and devastating conclusions.

Links:
Ohio One Page EVEREST Summary
Ohio Secretary of the State’s Executive Report
USENIX Hart and Premier [Diebold] Paper
USENIX ES&S Paper
HOPE Conf ES&S Video Presentation

From the Ohio Secretary of State’s summary:

Ohio’s electronic voting systems have “critical security failures” which could impact the integrity of elections in the Buckeye State, according to a review of the systems commissioned by Secretary of State Jennifer Brunner.

“The results underscore the need for a fundamental change in the structure of Ohio’s election system to ensure ballot and voting system security while still making voting convenient and accessible to all Ohio voters, “ Secretary Brunner said Friday in unveiling the report…

“To put it in every-day terms, the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant,” Brunner said.

(Note: Since Connecticut uses Premier [Diebold] equipment that report’s findings are most relevant. Note, however, that all the findings do not apply to Premier and that Connecticut uses a subset of their products – yet all the findings indicate the state of the industry, our vendor, and the general qualities and security of our electronic election equipment.)

From the Hart/Premier report:

As in previous studies, we found the election systems to be critically flawed in ways that are practically and easily exploitable. Such exploits could effect election results, prevent legitimate votes from being cast, or simply cast doubt on the legitimacy of the election itself. In this

effort we identified new areas of concern including novel exploitable failures of software and election data integrity protection and the discovery of dangerous hidden software features

there were several important failures detailed by this study that were not known prior to the release of this study. Several important discoveries include:
Continue reading “EVEREST Reports Devistating”

New York – Test/Think Before You Buy

New York has an extensive testing and review program to test voting machines before they purchase them. Of course that means, given the information we have from various reports in California, Ohio, and Connecticut, its quite predictable that none will pass reasonable tests and review <read>


New York State’s new voting systems are failing certification testing. The two systems undergoing testing for use in 2009 are showing large numbers of defects against New York requirements, have as yet unresolved design and manufacturing issues, and during the initial stages of my source code review I found a software back door that would allow a rogue program to load from an inserted memory card. What’s not to like?

Now, you may be thinking that these all sound like bad things. And of course, on one level they absolutely are. As I’ve written about in earlier posts, what gall vendors have providing New York’s voters with such flawed equipment, sold at astronomical prices, and which have apparently not undergone basic quality assurance testing before being shipped. So what’s the good news? The good news is that we’re identifying problems prior to use in an election – the machines are failing New York’s tests.

Unlike the situation in so many other states, where inadequately tested machines are approved by private companies working for system vendors with no independent review, New York State has changed the rules of the game. Here, we require rigorous testing to the highest standards. Here, we have independent review of not only the machine vendors, but of the vendor performing the testing. Here, we have a Citizens Advisory Committee which has access to the systems and provides advice and analysis to the State Board. Because of this, New York State will not use these machines until such time as they meet the standards required by law and regulation. In other words, the process is working.

Read the full report for more details.

EVT ’08 Electronic Voting Technology Workshop

Last week I attended EVT ’08, 2008 USENIX/ACCURATE Electronic Voting Technology Workship, in San Jose. <program and papers>

It was pleasing to see a UConn paper on memory card testing accepted and presented. Their work has been previously covered here. Over the next few days I will cover a couple of the other papers presented.

This year the program expanded from one day to almost two days, complementing the papers with a keynote and panels including computer scientists, election officials, and federal election officials. Missing from the panels, for the most part were activists although they did include some computer scientists and election officials that could be considered activists.

Today the panels: Continue reading “EVT ’08 Electronic Voting Technology Workshop”

Times: Feinstein Bill is Bad – First, do no harm!

Update: Senator Feinstein replies to The Times with letter to the editor – that is, with excuses to counter the substance of objections to the bill <read>

Another right on editorial from the New York Times, A Bad Electronic Voting Bill <read>

Some have faith in the “‘hearings” held last week, that were packed with those who may well have written the bill. At least one paper agrees with us and VerifiedVoting.org. From the Times:

Congress has stood idly by while states have done the hard work of trying to make electronic voting more reliable. Now the Senate is taking up a dangerous bill introduced by Senators Dianne Feinstein, Democrat of California, and Robert Bennett, Republican of Utah, that would make things worse in the name of reform. If Congress will not pass a strong bill, it should apply the medical maxim: first, do no harm.

Voters cannot trust the totals reported by electronic voting machines; they are too prone to glitches and too easy to hack. In the last few years, concerned citizens have persuaded states to pass bills requiring electronic voting machines to use paper ballots or produce voter-verifiable paper records of every vote. More than half of the states now have such laws.

There is still a need for a federal law, so voting is reliable in every state. A good law would require that every vote in a federal election produce a voter-verifiable paper record, and it would mandate that the paper records be the official ballots. It would impose careful standards for how these paper ballots must be “audited,” to verify that the tallies on the electronic machines are correct.

The Feinstein-Bennett bill does none of these. It would permit states to verify electronic voting machines’ results using electronic records rather than paper. Verifying by electronic records — having one piece of software attest that another piece of software is honest — is not verifying at all. The bill is also vague about rules for audits, leaving considerable room for mischief. The timeline also is unacceptable. States might be able to use unreliable machines through 2014 or longer.

This bill goes out of its way to placate voting machine manufacturers and local election officials, two groups that have consistently been on the wrong side of electronic voting integrity. Reform groups like Verified Voting, which have done critical work in the states, say they were not allowed to provide input.

The bill would do some good things, including reducing the conflicts of interest that plague the process for certifying voting machines. But the damage it would do is much greater.

Ms. Feinstein introduced a better bill last year, which would have required a paper record of every vote, but she could not get enough support to pass it. If Congress cannot pass a good bill, it should let the states continue to do the hard work — and be prepared to explain to voters why it cannot muster the will to protect the integrity of American elections.

There is still time to call and e-mail our senators. Remember Dodd is on the Committee <e-mail action>

Lou Dobbs Gets It – Deseret News Does Not

We don’t always agree with Lou Dobbs, but he has nailed it on electronic voting and the Feinstein/Bennett bill. Amazingly the Senator goes against her state and also claims she really cannot do anything but this “compromise” bill. She could do nothing, it would be much much better than this bill.

Video: <watch>

Meanwhile in a story we should expect more of by Deseret News <read>

Civil rights groups, state voting officials and computer experts all praised Wednesday a bill

This is hand-picked computer experts out of the mainstream and some advocates accepting large donations from voting machine vendors. Watch Lou Dobbs for a summary that fits more with what mainstream computer experts would all say, if any were invited to the hearing.

“The legislation allows for innovation and experimentation. The legislation sets objectives but does not dictate how the objective is to be achieved,” he said.

This is a star-wars like program of technology that does not exist being funded, aiming cash at vendors, destined to destroy democracy. Be skeptical very skeptical.

More details in our recent post.

The Times, they are a Learning

A new editorial on the New York Times lays out the case for election integrity and credibility in: A Tale of Three (Electronic Voting) Elections <read>

Electronic voting has made great strides in reliability, but it has a long way to go. When reformers push for greater safeguards, they often argue that future elections could produce the wrong result because of a computer glitch or be stolen through malicious software. That’s being too nice.

There have already been elections in which it is impossible to be certain that the right candidate was declared the winner. Here are three such races. It is not just remarkable that these elections were run so badly, but also that the flaws are still common — and could easily create havoc in this fall’s voting.

They provide three examples and three lessons. The first and third of which we have not learned well enough in Connecticut

Lesson: Electronic voting makes large-scale vote theft easy. A patch slipped onto voting machines or centralized vote tabulators can change an election’s outcome. Every piece of software must be scrutinized by neutral experts. If there is not enough time, election officials need a backup plan, such as conducting voting entirely on paper ballots…

Lesson: Electronic voting machines must produce a voter-verifiable paper trail for each vote so voters can see that their choices register properly. In a disputed election, the paper, not the machine tallies, should decide who wins…

Lesson: Paper ballots alone are not enough. There must be strong audit laws that mandate comprehensive hand recounts when an election is close.

After the 2000 election debacle, Americans demanded a better system of voting. What we have gotten is new technology with different flaws. If the presidential race is close, this year’s “hanging chad” could be a questionable result on electronic voting machines that cannot be adequately investigated.