Update: Bysiewicz, Blumenthal Violate Federal Ban

Update: July 12, 2008 Other States Join Connecticut <read>

Bysiewicz and Washington Secretary of State Sam Reed, a Republican, have launched a national effort to overturn the directive. They’ve been joined by secretaries of state from Ohio, Montana, Vermont, Rhode Island, Minnesota, Kansas, New Hampshire and Maine.

Original Story and Update July 1, 2008

Continue reading “Update: Bysiewicz, Blumenthal Violate Federal Ban”

French Study: More Errors With Electronic Voting

ComputerWorld article on French study <read>

There were discrepancies between the number of signatures and the number of votes at around 29.8% of polling stations studied using electronic voting machines, compared with just 5.3% of those using paper ballots, and those discrepancies were larger in the stations using voting machines, Enguehard found. It’s unlikely that voters’ unfamiliarity with the machines is to blame, for two reasons, said Enguehard. The ratio of discrepancies between electronic and traditional stations got worse, rather than better, with time, and there was no correlation between the bureaus with discrepancies and the bureaus that received the most complaints about difficulties with the voting machines.

Continue reading “French Study: More Errors With Electronic Voting”

FAQ: Why Bother Auditing Referendums & Questions?

The Connecticut post-election audit exempts, among other things, all referendums and questions. This is a mistake.

Referendums and questions may be the most vulnerable election items open to human attack via programming – often all the elected officials of both parties want the referendums passed – they may go through multiple, failed, low turn-out, budget referendums and say to themselves “if the majority of the voters turned out it would pass” and be tempted to make sure it passes. Or one tax-averse ballot programmer, a high asset individual, or even a single election official may want to make sure a new or higher tax does not pass.

Now we have an example from Puma County, AZ of a potentially corrupt election, possibly changed by the actions of a single individual ordered by an election official. Via BradBlog since the underlying link to the original article seems broken <read>

According to Osmolski’s affidavit :

During that conversation Bryan Crane told me he “fixed” the RTA, or Regional Transportation Authority election on the instructions of his bosses and he did what he was told to do. Mr. Crane expressed his concern about being indicted and said he would like to talk but couldn’t trust anyone.

The affidavit is the latest in a series of red flags concerning the RTA election. Other red flags include: (1) This was a sales tax increase, the type of vote that usually fails, and it looked like it was going down in the days prior to the election; (2) The database on the vote counting computer was erased and replaced a day into the early ballot scanning; (3) Unauthorized vote total summary reports were printed during the counting; (4) A tape of the original ballot layout stored with the Secretary of State — which could have indicated if the vote was flipped — was sent back to the County, which lost it; (5) An investigation into the election completed by the Attorney General’s office was cursory and inconclusive.

I’ll hold judgement on the merits of this particular case at least until the votes are counted, the chain-of-custody broken, or the ballots destroyed, whichever comes first.

Panel In Fairfield – What Do You Want?

Last night I was on a panel in Fairfield with Deputy Secretary of the State Lesley Mara, Dr. Alex Shvartsman from the UConn VoTeR Center, and Michael Kozik of the Secretary of the State’s Office. The event was video taped by the sponsors. If possible I will make the video availabe here. For now, here are my opening remarks, my topic was “What Do You Want”:

Fairfield Panel

Introduction

Thanks to Jody Eiseman for creating this event and to the Fairfield Democratic Town Committee for hosting it. Thanks to everyone of you in the audience for coming tonight.

I want to thank Dr. Shvartsman, Mike Kozik, and Deputy Mara for being here tonight. A bit over three years ago I was on a panel with the previous Deputy Secretary of the State. That panel directly precipitated actions that were instrumental in the passage of the paper ballot bill in 2005 and the eventual rejection of Touch Screen (DRE) voting equipment in early 2007.

CTVotersCount is committed to voting integrity and that our democracy flourishes.

Lest we forget, democracy is dependent on the voting integrity of every district in your town; dependent on the voting integrity of every district in the state; and indeed every district in the nation.

My Topic Tonight
Continue reading “Panel In Fairfield – What Do You Want?”

Truth Under Assault In Texas Hearing

Since its release last August we have covered the California Top-To-Bottom Review and its implications for Connecticut <here> <here> <here> it is an outstanding collection of reports based on research and evidence. It helped earn a deserved “Profile In Courage” award to its sponsor, Debra Bowen, Secretary of State of California.

How far will those patriotic voting machine vendors go to stretch the truth? How far to discredit a report demonstrating massive flaws in their voting systems? We have the answer. It seems that they stretch it beyond the breaking point. Dan Wallach was testifying last week about the California Top-To-Bottom Review to the Texas Legislature. <read his report>

Wow, was I disappointed. Here’s a quote from Peter Lichtenheld, speaking on behalf of Hart InterCivic:

Security reviews of the Hart system as tested in California, Colorado, and Ohio were conducted by people who were given unfettered access to code, equipment, tools and time and they had no threat model. While this may provide some information about system architecture in a way that casts light on questions of security, it should not be mistaken for a realistic approximation of what happens in an election environment. In a realistic election environment, the technology is enhanced by elections professionals and procedures, and those professionals safeguard equipment and passwords, and physical barriers are there to inhibit tampering. Additionally, jurisdiction ballot count, audit, and reconciliation processes safeguard against voter fraud.

..Did our work cast light on questions of security? Our work found a wide variety of flaws, most notably the possibility of  “viral” attacks, where a single corrupted voting machine could spread that corruption, as part of regular processes and procedures, to every other voting system. In effect, one attacker, corrupting one machine, could arrange for every voting system in the county to be corrupt in the subsequent election…

Were we given unfettered access? The big difference between what we had and what an attacker might have is that we had some (but not nearly all) source code to the system. An attacker who arranged for some equipment to “fall off the back of a truck” would be able to extract all of the software, in binary form, and then would need to go through a tedious process of reverse engineering before reaching parity with the access we had. The lack of source code has demonstrably failed to do much to slow down attackers who find holes in other commercial software products. Debugging and decompilation tools are really quite sophisticated these days. All this means is that an attacker would need additional time to do the same work that we did.

Did we have a threat model? Absolutely! See chapter three of our report, conveniently titled “Threat Model.”  The different teams working on the top to bottom report collaborated together to draft this chapter. It talks about attackers’ goals, levels of access, and different variations on how sophisticated an attacker might be. It is hard to accept that the vendors can get away with claiming that the reports did not have a threat model, when a simple check of the table of contents of the reports disproves their claim.