Are Larry Wilkerson’s concerns justified? Without sufficient audits and recounts, we can never be certain. As he tells us, history tends toward cheating whenever it is possible.
Our position is that paper ballots and optical scanning followed by sufficient security, audits, and recounts is the optimum system available. Yet, in Connecticut we need stronger security, audits, and recounts to achieve justified integrity and confidence in our elections.
Are Larry Wilkerson’s concerns justified? Without sufficient audits and recounts, we can never be certain. As he tells us, history tends toward cheating whenever it is possible.
Our position is that paper ballots and optical scanning followed by sufficient security, audits, and recounts is the optimum system available. Yet, in Connecticut we need stronger security, audits, and recounts to achieve justified integrity and confidence in our elections.
What could be more patriotic in our narcissistic social-media age than posting a picture of yourself on Facebook with your marked ballot for president? Show off your support for former Secretary of State Hillary Clinton, Donald Trump, Senator Bernie Sanders (D-Vt.) or former Florida Governor Jeb Bush. Last week, a federal court in New Hampshire struck down that state’s ban on ballot selfies as a violation of the First Amendment right of free-speech expression.
That might seem like a victory for the American Way. But the judge made a huge mistake because without the ballot-selfie ban, we could see the reemergence of the buying and selling of votes — and even potential coercion from employers, union bosses and others…
From Reuters, by Richard L. Hansen Why the selfie is a threat to democracy <read>
What could be more patriotic in our narcissistic social-media age than posting a picture of yourself on Facebook with your marked ballot for president? Show off your support for former Secretary of State Hillary Clinton, Donald Trump, Senator Bernie Sanders (D-Vt.) or former Florida Governor Jeb Bush. Last week, a federal court in New Hampshire struck down that state’s ban on ballot selfies as a violation of the First Amendment right of free-speech expression.
That might seem like a victory for the American Way. But the judge made a huge mistake because without the ballot-selfie ban, we could see the reemergence of the buying and selling of votes — and even potential coercion from employers, union bosses and others…
In his 42-page opinion, Federal District Court Judge Paul Barbadoro offered an erudite and thoughtful discussion of the history of vote buying in the United States. You would think his analysis would have led him to uphold the ban. But it didn’t. Instead, his analysis fell apart in its legal reasoning…
Barbadoro also said the law was not narrowly tailored, given that nothing would stop someone from posting on Facebook, or elsewhere, information about how he or she voted. What this analysis misses is that a picture of a valid voted ballot, unlike a simple expression of how someone voted, is unique in being able to prove how someone voted…
The social-media age gives people plenty of tools for political self-expression. New Hampshire’s law is a modest way to make sure that this patriotic expression does not give anyone the tools to corrupt the voting process.
We agree 1000%. See our earlier post: Common Sense: The good, bad, and ugly secret ballot
***** Update 8/25/2015
More from the New York Times <read>
An independent report by the state auditor general found Florida’s voter registration database flawed.
Susanna Randolph, one of the candidates running for Alan Grayson’s 9th district congressional seat, sent a letter today asking Attorney General Loretta Lynch to launch a Department of Justice probe into the state’s voter system.
Report from Florida station, WMFE: Randolph Calls on DOJ Probe into Florida’s Voter Registration System <read>
An independent report by the state auditor general found Florida’s voter registration database flawed.
Susanna Randolph, one of the candidates running for Alan Grayson’s 9th district congressional seat, sent a letter today asking Attorney General Loretta Lynch to launch a Department of Justice probe into the state’s voter system. The request comes less than one month after an independent report by the state auditor general found flaws with the nine-year-old registration database.
The audit found the system at risk of a security breach, citing unauthorized access to voter data by Department of State employees. It also labeled the system overdue for upgrades and a disaster recovery plan evaluation.
Department of State officials said they have changed the system’s software and plan to train staff before voters prepare to cast their ballots in the 2016 elections.
This is one of several ways of hacking a voting system. Records could be altered, deleted, the system taken down, or simply fail. As we said, last month:
Just this week we understand that the Connecticut voter registration system was down for a day – a day when registrars were attempting to print party voter lists on the last legal day for party caucuses. This year the Legislature said that same system could be used for voters to register during Election Day Registration (EDR) – if we got used to relying on that system and it failed on its own or with a little help from hackers – in a large turnout election, it could result in long lines and turned away/turned off voters!
The election system is particularly vulnerable because it involves a combination of state, local, and federal government agencies with their own systems, software, hardware, and security protocols. Often, government departments are running old “legacy” computer systems that are extremely vulnerable to malware and hacking; and even if they have new systems, these are often put into place without a comprehensive security audit and performance review.
Who exactly is in charge of securing these overlapping networks isn’t always clear in government either.
From the Huffington Post: Top Six Ways Hackers Could Disrupt an Election <read>
Our own headline emphasizes that we have no reason to believe that these risks only apply to future elections. There is no reason to believe that some or all have not been used in past elections. From the article:
Hacking just a few electoral districts could allow an attacker to swing an election in a close race. The U.S. has had close elections multiple times in the past. In 1960, John F. Kennedy squeaked out a victory over Richard Nixon by just 0.1%. In the 2000 presidential election, the decision came down to just a few votes in Florida. In the end, the Supreme Court had to determine the winner.
The election system is particularly vulnerable because it involves a combination of state, local, and federal government agencies with their own systems, software, hardware, and security protocols. Often, government departments are running old “legacy” computer systems that are extremely vulnerable to malware and hacking; and even if they have new systems, these are often put into place without a comprehensive security audit and performance review.
Who exactly is in charge of securing these overlapping networks isn’t always clear in government either…
- According to Verizon’s 2015 Data Breach Investigations report, the public sector has the highest rate of “crimeware” infections of any industry sector…
If foreign governments can hack into U.S. government and defense systems, why would anyone think that foreign interests couldn’t also hack into U.S. elections? It’s important that we start talking about these risks because a “hack attack” could happen sooner than we think. Fixing this won’t be easy which is why we need to start preparing/safeguarding now!
The author lists his top six risks:
Hack a voting machine
Shut down the voting system or election agencies
Delete or change election records
Hijack a candidate’s website
Doxing a candidate
Target campaign donors
Just this week we understand that the Connecticut voter registration system was down for a day – a day when registrars were attempting to print party voter lists on the last legal day for party caucuses. This year the Legislature said that same system could be used for voters to register during Election Day Registration (EDR) – if we got used to relying on that system and it failed on its own or with a little help from hackers – in a large turnout election, it could result in long lines and turned away/turned off voters! In fact, that system is used today by officials on election day for EDR and for checking voter registrations when issues arise with the lists in pollbooks.
Another potential hack not mentioned would be attacking a local elections website. A hacker could change polling place locations, switch polling places and streets between polling places. Or simply knock out the web, preventing voters from obtaining polling place information on election day.
Of course, all these risks also apply, even more strongly to Internet voting where there are no paper backups to survive system failures, for audits, and for recounts.
Wisconsin Governor Scott Walker wants to replace their election watch dog agency, apparently because it investigated his campaign.
Yet Wisconsin’s Governor may not be that far ahead of Connecticut’s. Like Wisconsin our watch dog agencies were joined and weakened several years ago by Governor Malloy to “cut costs”. How is that going for us? It seems that the Governor is not out to do away with them, yet there has been some questionable attacks, just as the watchdog is working on investigating the Governor’s last campaign,
Wisconsin Governor Scott Walker wants to replace their election watch dog agency, apparently because it investigated his campaign: Don’t replace Wisconsin’s elections watchdog agency <read>
On Monday, Gov. Scott Walker piled on with the other Republicans who are attacking the state Government Accountability Board, arguing that it should be replaced by something more accountable. The GAB is the nonpartisan state elections and ethics watchdog agency Republicans are mad at because it did its job and dared investigate Walker’s election campaign. What some of these Republicans really mean by “more accountable” is more subservient to their partisan interests. What these folks would love to do with this watchdog is pull all its teeth and keep it on a very short leash. The people of Wisconsin should tell their legislators that’s unacceptable, just as citizens did a couple of weeks ago when 12 GOP legislators tried to shut down public access to certain records.
To be sure, the GAB isn’t perfect, as an audit last year showed. But the answer is to fix the agency and give it the resources it needs to do its job, not shut it down and replace it with a group of partisans who would report to their masters in the Legislature, as some have suggested.
In arguing for replacement, Walker didn’t rule out the possibility that the judges now on the board would be replaced by partisan appointees in a replacement agency. “It’s appropriate to just get rid of it and replace it with something that’s ultimately accountable and fair to the people of the state of Wisconsin,” Walker said.
But Assembly Minority Leader Peter Barca (D-Kenosha) had the clearer vision on motive here: “Clearly they want to have not election watchdogs. They want to have election lap dogs,” Barca said.
Yet Wisconsin’s Governor may not be that far ahead of Connecticut’s. Like Wisconsin our watch dog agencies were joined and weakened several years ago by Governor Malloy to “cut costs”. How is that going for us? It seems that the Governor is not out to do away with them, yet there has been some questionable attacks, just as the watchdog is working on investigating the Governor’s last campaign, as reported last week by Jon Lender in the Hartford Courant: Official Accuses Malloy Appointee Of
‘Incompetent’ Handling Of Computer Case <read>
The executive director of the State Elections Enforcement Commission has charged an appointee of Gov. Dannel P. Malloy with incompetence, as part of a festering controversy that began with the seizure of a computer from the commission’s office in early March…
Brandi also alleged that Brown has overreached her legal authority by trying to prevent the SEEC from re-hiring a key information-technology official who left the elections agency in 2014 after working there for seven years; the ex-employee soon sought to return by applying for a vacant position of IT manager, and Brandi wants to hire him…
The SEEC is currently investigating an allegation that Malloy’s 2014 re-election benefited from illegal funding through a state Democratic Party account intend
ed for candidates for federal office.The Democratic Party has refused to comply with an SEEC investigative subpoena seeking documents that include communications between Malloy and top campaign aides. The SEEC recently voted to have the state attorney general go to Superior Court to enforce compliance with the subpoena, but no such action has yet been filed.
“Paper receipts are the obvious answer,Florida gave recounts a bad name. But there is something much worse than a recount: the utter inability to recount votes, and reconstruct voters’ true intent, in light of a serious computer error.”
Actually slightly worse and even more suspicious might be having paper ballots and being barred from using them to verify elections.
“Paper receipts are the obvious answer,” Ramasastry [associate professor at the University of Washington School of Law] said. “Florida gave recounts a bad name. But there is something much worse than a recount: the utter inability to recount votes, and reconstruct voters’ true intent, in light of a serious computer error.”
Actually slightly worse and even more suspicious might be having paper ballots and being barred from using them to verify elections.
A recent article in LJWorld.com [Lawrence Kansas] highlights the barriers put in front of a statistician looking to check election results by reviewing the paper record of the election: Kansas statistician battles government to determine whether vote count is flawed <read>
Wichita State University mathematician Beth Clarkson has seen enough odd patterns in some election returns that she thinks it’s time to check the accuracy of some Kansas voting machines.
She’s finding out government officials don’t make such testing easy to do.
When Clarkson initially decided to check the accuracy of voting machines, she thought the easy part would be getting the paper records produced by the machines, and the hard part would be conducting the audit. It’s turned out to be just the opposite.
“I really did not expect to have a lot of problems getting these (records),” Clarkson said. But Sedgwick County election officials “refused to allow the computer records to be part of a recount. They said that wasn’t allowed.”
Instead, Clarkson was told that in order to get the paper recordings of votes, she would have to go to court and fight for them…
Of course we are not in Kansas, we in Connecticut, where so far, nobody has gone to court and fully tested if ballots are actually public records open to public inspection. As we said in Myth #9
Myth #9 – If there is ever a concern we can always count the paper.
Reality
The law limits when the paper can be counted.
- Audits can protect against error or fraud only if enough of the paper is counted and discrepancies in the vote are investigated and acted upon in time to impact the outcome of the election. See myths #1 and #2.
- An automatic recanvass (recount) occurs when the winning vote margin is within 0.5%. The local Head Moderator moderator or the Secretary of the State can call for a recanvass, but even candidates must convince a court that there is sufficient reason for an actual recount.
- Recounting by hand is not required by law. In early 2008 the Secretary of the State revised her policy of hand recanvasses. We now recanvass by optical scanner.
- In 2010, the Citizen Recount showed huge discrepancies in Bridgeport, never recognized by the ‘system’.
The U.S. Vote Foundation has released a report on the feasibility and requirements for Internet voting. This is the result of about eighteen months of work by computer scientists, security experts, and election officials. The goal was to answer definitively once and for all if Internet voting was feasible today or in the future.
The short version is the Internet voting is not ready for prime time, not ready for democracy. Yet, it is possible in the future that a system may be developed which could provide safe Internet voting. The paper lays out the requirements and testing criteria for such a system.
(Internet voting includes online voting, email voting, and fax voting).
The U.S. Vote Foundation has released a report on the feasibility and requirements for Internet voting: <press release> <report summary> <full report> This is the result of about eighteen months of work by computer scientists, security experts, and election officials. The goal was to answer definitively once and for all if Internet voting was feasible today or in the future.
The short version is the Internet voting is not ready for prime time, not ready for democracy. Yet, it is possible in the future that a system may be developed which could provide safe Internet voting. The paper lays out the requirements and testing criteria for such a system.
(Internet voting includes online voting, email voting, and fax voting).
From the press release:
Developed by a team of the nation’s leading experts in election integrity, election administration, high-assurance systems engineering, and cryptography, the report starts from the premise that public elections in the U.S. are a matter of national security. The authors assert that Internet voting systems must be transparent and designed to run in a manner that embraces the constructs of end-to-end verifiability – a property missing from existing Internet voting systems…
As election technology evolves and more states evaluate Internet voting, caution on compromises to integrity and security is warranted, and according to the report, should be particularly avoided by the premature deployment of Internet voting. The report aims to list the security challenges that exist with Internet voting and emphasizes that research should continue as the threat landscape continues to shift. Existing proprietary systems that meet only a subset of the requirements cannot be considered secure enough for use in the U.S.
Key recommendations in the report to make Internet voting more secure and transparent include:
Any public elections conducted over the Internet must be end-to-end verifiable
End-to-End Verifiable systems must be in-person and supervised first
End-to-End Verifiable Internet Voting systems must be high assurance
End-to-End Verifiable Internet Voting systems must be usable and accessible to all voters
Maintain aggressive election R&D efforts
I would recommend that anyone supporting Internet voting read the Press Release, Summary, and Full Report and then recruit experts of equal credibility to do the work and make an equally compelling case refuting this report
Comey’s problem is the nearly universal agreement among cryptographers, technologists and security experts that there is no way to give the government access to encrypted communications without poking an exploitable hole that would put confidential data, as well as entities like banks and power grids, at risk.
We are used to climate change deniers ignoring science and ridiculing scientists. Like frogs in slowly warming water, we are no longer surprised when members of Congress deny science, or members of the public and election officials tout “safe” Internet voting, despite the science showing impossibility of security and the almost daily headlines of serious security failures.
Now we have the Director of the FBI directly contradicting top security scientists – when his job actually requires him to be an informed champion of actual security. This NonScience Nonsense is best summed up in an article this week in The Intercept: FBI Director Says Scientists Are Wrong, Pitches Imaginary Solution to Encryption Dilemma <read>
Testifying before two Senate committees on Wednesday about the threat he says strong encryption presents to law enforcement, FBI Director James Comey didn’t so much propose a solution as wish for one.
Comey said he needs some way to read and listen to any communication for which he’s gotten a court order. Modern end-to-end encryption — increasingly common following the revelations of mass surveillance by NSA whistleblower Edward Snowden — doesn’t allow for that. Only the parties on either end can do the decoding.Comey’s problem is the nearly universal agreement among cryptographers, technologists and security experts that there is no way to give the government access to encrypted communications without poking an exploitable hole that would put confidential data, as well as entities like banks and power grids, at risk.
In my early teens, a friend who did not do well in school smoked. It was a time when the dangers of smoking were just becoming public, with heavy and obviously false denial by the tobacco companies. My friend said “If they are right, by the time I would get cancer, the scientists will have come up with a cure.” At that time there was a lot of blind faith in science, cheered on by the media, that anything was possible – like curing cancer, going to the moon, or flying cars in cities of the future. Science frequently surprises us with miraculous developments, yet there are no miracles. We have no cities of the future, we have not gone to the moon, hunger has not been cured, leisure and the middle class are endangered along with the planet. Yet, we have miraculous cell phones and the Internet, along with inaccurate and distorted ideas of risks and fears. Some fears are overblown and unjustified, while in other areas we have a false sense of security.
Director Comey runs an agency which for years has claimed unquestioned expertise in matching fingerprints, blood samples, and hair samples, all of which have proven highly inaccurate, with little proof of accuracy in practice or in theory.
Sadly and dangerously, Comey’s blind faith combined in scientists coupled with distrust of those same scientists is matched by many in Congress:
Comey said American technologists are so brilliant that they surely could come up with a solution if properly incentivized.
Julian Sanchez, a senior fellow at the Cato Institute, was incredulous about Comey’s insistence that experts are wrong: “How does his head not explode from cognitive dissonance when he repeats he has no tech expertise, then insists everyone who does is wrong?” he tweeted during the hearing.
Prior to the committee hearings, a group of the world’s foremost cryptographers and scientists wrote a paper including complex technical analysis concluding that mandated backdoor keys for the government would only be dangerous for national security. This is the first time the group has gotten back together since 1997, the previous instance in which the FBI asked for a technical backdoor into communications.
But no experts were invited to testify, a fact that several intelligence committee members brought up, demanding a second hearing to hear from them.
Hopefully Congress will hear from scientists – scientists who represent objective, predominant security expertise – and Congress will listen to them.
Direct from the Dominion web, a marketing video featuring Denver election officials.services from Dominion.
We recommend caution for election officials, along with concern and skepticism for voters and taxpayers.
https://www.youtube.com/watch?v=Zyqg-LcAkC0
Direct from the Dominion web, a marketing video featuring Denver election officials. The apparently intended message from the officials is “See how great we are. See all the great things we are doing for you voters, with your money.” The apparently intended message from Dominion is “See how happy we can make officials. We can make you look good for your voters too. If you play with us we will promote you.”
Yet, I hope the questions raised for voters in Denver and elsewhere are:
Reminds us of those travel promotion ads featuring Connecticut Governors that somehow tend to be shown during election season, touting the benefits of vacationing in Connecticut to residents of Connecticut. Or those register and vote billboards in that same season prominently featuring the Secretary of the State.
We recommend caution for election officials, along with concern and skepticism for voters and taxpayers.
Over the last few years, we have provided many posts on the real risks of Internet voting. A new report and article highlighting that report, remind us all of the risks of voting machines in use several years ago: Hack the vote: Cyber experts say ballot machines easy targets
Reminder: We are still using those machines.
Over the last few years, we have provided many posts on the real risks of Internet voting. A new report and article highlighting that report, remind us all of the risks of voting machines in use several years ago: Hack the vote: Cyber experts say ballot machines easy targets <read>
Reminder: We are still using those machines.
Voter fraud is nearly as old as elections themselves, and different states and precincts use different voting systems and machines. But in many cases, even the electronic ballots could be manipulated remotely, according to a new report by the Commonwealth Security and Risk Management for the Virginia Information Technologies Agency. That report found that the AVS WINVote machines Virginia has used since 2002 have such flimsy security that an amateur hacker could change votes from outside a polling location.
“This means anyone could have broken into the machines from the parking lot,” said Cris Thomas, a strategist with the Columbia, Md.-based Tenable Network Security, one of the nation’s leading cyber and enterprise security firms. “…
“Anyone who thinks that there are not folks out there – from lone hackers to foreign governments – who are willing to exploit the security vulnerabilities of our election system is living in a fantasy world,” said [Hans] von Spakovsky…
[Chris] Thomas said. Manufacturers are not sufficiently testing systems before selling them to municipalities, often using off-the-shelf hardware and software with minimal security; and local government certification agencies seldom have the time, resources or knowledge to properly test machines for vulnerabilities and often just accept the manufacturer’s claims for security…