Category: Electronic Vulnerability

Missing the point on solving Bridgeport elections problems

All sorts of elections proposals to solve the Bridgeport elections problems from increasing penalties to a minimum of a year in jail to a 17 member committee under the Secretary of the State to take over elections in municipalities.

They are all missing the point. What we need is …

All sorts of elections proposals to solve the Bridgeport elections problems from increasing penalties to a minimum of a year in jail to a 17 member committee under the Secretary of the State to take over elections in municipalities.

They are all missing the point. What we need is enforcement!

The penalties already are high enough but there all but no enforcement. As allegations rise, not just in Bridgeport, but all over the state, including campaign finance violations by candidates and other political entities the size of the staff for State Elections Enforcement Commission has slowly been eroded over the years. There are all sorts of allegations in Bridgeport. If even each violation were merely fined $5oo (let alone penalties are much higher including jail time) then several criminals would be facing fines of several thousands of dollars. Soon they and their actual and would-be associates would be completely deterred.

The SEEC has five investigators, one pulled back from retirement, with four of them full time on Bridgeport.  That is not enough for timely investigations and a deterrent. There are previous cases referred to the U.S. Justice Department awaiting results for years. The chief culprit in Bridgeport is awaiting any action on allegations from 2019.

Nobody seems to be advocating for more staff for the SEEC. In comparison the Attorney General, admittedly with much more responsibility, has 200 attorneys plus investigators. Could it be that the General Assembly is reluctant to see investigations accelerated on campaign finance violations?

Meanwhile, maybe there should be some municipalities where the registrars responsibilities should be taken over by the State. Yet that will be quite a job for a 17 person committee which as about twice the size of the Secretary of the State’s elections staff. Who will fund the take overs?  And what good would it do for a Bridgeport when the responsibility for absentee ballots lies mostly with the municipal clerk’s office? And even in Bridgeport the kind of fraud alleged in recent elections is mostly beyond the registrars and clerks control.

 

 

 

Report: Security Analysis of the Dominion ImageCast X

Report released this week on vulnerabilities of the Dominion ImageCast, used for the vast majority of the votes in Georgia <Report>

The report was actually submitted to a court on July 1, 2021 – the court considered the information so dangerous to elections that is has largely been suppressed until now!

However in two years, Dominion has made several fixes, yet Georgia Secretary of State Brad Raffensperger is in no hurry to update Georgia machines at least until after the 2024 election.

Note: After planning for a couple of months, I launched CTVoters Count in late 2007, Little did I know that the California Top To Bottom Review would be release at that time! Many are claiming that this report may rival the impact of that California report.

Report released this week on vulnerabilities of the Dominion ImageCast, used for the vast majority of the votes in Georgia <Report>

The report was actually submitted to a court on July 1, 2021 – the court considered the information so dangerous to elections that is has largely been suppressed until now!

However in two years, Dominion has made several fixes, yet Georgia Secretary of State Brad Raffensperger is in no hurry to update Georgia machines at least until after the 2024 election.

Note: After planning for a couple of months, I launched CTVoters Count in late 2007, Little did I know that the California Top To Bottom Review would be release at that time! Many are claiming that this report may rival the impact of that California report.

You do not need to read the whole report. Better to start with a summary from the author, Prof. Alex Halderman. <Summary Report>

…we discovered vulnerabilities in nearly every part of the system that is exposed to potential attackers. The most critical problem we found is an arbitrary-code-execution vulnerability that can be exploited to spread malware from a county’s central election management system (EMS) to every BMD in the jurisdiction. This makes it possible to attack the BMDs at scale, over a wide area, without needing physical access to any of them…

The report was filed under seal on July 1, 2021 and remained confidential until today, but last year the Court allowed us to share it with CISA—the arm of DHS responsible for election infrastructure—through the agency’s coordinated vulnerability disclosure (CVD) program. CISA released a security advisory in June 2022 confirming the vulnerabilities, and Dominion subsequently created updated software in response to the problems. Georgia Secretary of State Brad Raffensperger has been aware of our findings for nearly two years, but—astonishingly—he recently announced that the state will not install Dominion’s security update until after the 2024 Presidential election, giving would-be adversaries another 18 months to develop and execute attacks that exploit the known-vulnerable machines…

The right solution is Voter-Verified-Paper-Ballots and sufficient post-election audits, recounts, and sufficient ballot security. Then even with election systems subject to errors and fraud, election results can be verified and corrected.

Reminder: Ballot Marking Devices (BMDs) beyond redemption

A new article by Andrew Appel reminds us: Magical thinking about Ballot-Marking-Device contingency plans .

The Center for Democracy and Technology recently published a report, “No Simple Answers: A Primer on Ballot Marking Device Security”, by William T. Adler.   Overall, it’s well-informed, clearly presents the problems as of 2022, and it’s definitely worth reading.  After explaining the issues and controversies, the report presents recommendations, most of which make a lot of sense, and indeed the states should act upon them.  But there’s one key recommendation in which Dr. Adler tries to provide a simple answer, and unfortunately his answer invokes a bit of magical thinking…

This the magical thinking:  “election officials should have a contingency plan.”  The problem is, when you try to write down such a plan, there’s nothing that actually works!  .

Fortunately Connecticut uses Hand Marked Paper Ballots except that it allows the IVS BMD to serve those with disabilities.

A new article by Andrew Appel reminds us: Magical thinking about Ballot-Marking-Device contingency plans <read>

The Center for Democracy and Technology recently published a report, “No Simple Answers: A Primer on Ballot Marking Device Security”, by William T. Adler.   Overall, it’s well-informed, clearly presents the problems as of 2022, and it’s definitely worth reading.  After explaining the issues and controversies, the report presents recommendations, most of which make a lot of sense, and indeed the states should act upon them.  But there’s one key recommendation in which Dr. Adler tries to provide a simple answer, and unfortunately his answer invokes a bit of magical thinking.  This seriously compromises the conclusions of his report.  By asking but not answering the question of “what should an election official do if there are reports of BMDs printing wrong votes?”, Dr. Adler avoids having to make the inevitable conclusion that BMDs-for-all-voters is a hopelessly flawed, insecurable method of voting.  Because the answer to that question is, unfortunately, there’s nothing that election officials could usefully do in that case…

This the magical thinking:  “election officials should have a contingency plan.”  The problem is, when you try to write down such a plan, there’s nothing that actually works!  Suppose the election officials rely on voter reports (or on the rate of spoiled ballots); suppose the “contingency plan” says (for example) says “if x percent of the voters report malfunctioning BMDs, or y percent of voters spoil their ballots, then we will . . .”   Then we will what?  Remove those BMDs from service in the middle of the day?  But then all the votes already cast on those BMDs will have been affected by the hack; that could be thousands of votes.  Or what else?  Discard all the paper ballots that were cast on those BMDs?  Clearly you can’t do that without holding an entirely new election.  And what if those x% or y% of voters were fraudulently reporting BMD malfunction or fraudulently spoiling their ballots to trigger the contingency plan?  There’s no plan that actually works.

Fortunately Connecticut uses Hand Marked Paper Ballots except that it allows the IVS BMD to serve those with disabilities.

Dead Men Don’t Vote (New Podcast)

My friends at OSET (Open Source Election Technology just officially launched a new podcast yesterday: Dead Men Don’t vote. Its goal it to explain all that officials do under the covers to run our elections. The 1st episode, Do Dead People Actually Vote?, lived up to that goal. They packed a lot into 33 minutes. <link>

 

My friends at OSET (Open Source Election Technology just officially launched a new podcast yesterday: Dead Men Don’t vote. Its goal it to explain all that officials do under the covers to run our elections.  The 1st episode, Do Dead People Actually Vote?, lived up to that goal. They packed a lot into 33 minutes. <link>

 

What’s the matter with BMDs?

Free Speech for People recently held a forum on Ballot Marking Devices (BMD)’s: An Examination of the Use and Security of Ballot Marking Devices

I recommend watching at least the 1st panel and;
If you are considering purchasing BMDs for all voters then you owe it to your jurisdiction to watch the whole forum;
If you are a voter and your jurisdiction is considering such a purchase of BMDs, you should also watch the whole thing and let your legislators and election officials know what you think.

Our Editorial:

…How much better to purchase the minimum number of BMDs today, fund research, and replace them every five years or so with improved designs.

Free Speech for People recently held a forum on Ballot Marking Devices (BMD)’s: An Examination of the Use and Security of Ballot Marking Devices <view>

There are several panels, you can see the topics and panelists <here>

I recommend watching at least the 1st panel and;
If you are considering purchasing BMDs for all voters then you owe it to your jurisdiction to watch the whole forum;
If you are a voter and your jurisdiction is considering such a purchase of BMDs, you should also watch the whole thing and let your legislators and election officials know what you think.

Our Editorial:

BMDs for all voters is a very bad idea. They will cost at least double paper ballots filled out by most voters followed by scanning. As the videos show they cannot be trusted, they will not be verified by enough voters, they will not be accurately verified by voters, and for good reason officials will not trust voters who claim the machines did not accurately record their votes.

BMDs for only a few voters with disabilities is a reasonable idea. A better idea. Many voters with disabilities are better served with voter completed paper ballots. Today’s BMDs do not serve or serve well the remaining voters with disabilities. More research and development is needed to produce better methods and equipment so that voters with disabilities can vote independently, privately, and securely.

How much better to purchase the minimum number of BMDs today, fund research, and replace them every five years or so with improved designs.

To trust our elections we need evidence, enough evidence

A recent article in Barons by respected scientists: Elections Should be Grounded in Evidence, Not Blind Trust 

Here’s what an evidence-based election would look like:

  • Voters hand-mark paper ballots to create a trustworthy, durable paper vote record. Voters who cannot hand-mark a ballot independently are provided assistive technologies, such as electronic ballot marking devices. But because these devices are subject to hacking, bugs, and software misconfiguration, the use of such ballot-marking devices should be limited.

  • Election officials protect the paper ballots to ensure no ballot has been added, removed, or altered…

A recent article in Barons by respected scientists: Elections Should be Grounded in Evidence, Not Blind Trust  <read>

Here’s what an evidence-based election would look like:

  • Voters hand-mark paper ballots to create a trustworthy, durable paper vote record. Voters who cannot hand-mark a ballot independently are provided assistive technologies, such as electronic ballot marking devices. But because these devices are subject to hacking, bugs, and software misconfiguration, the use of such ballot-marking devices should be limited.
  • Election officials protect the paper ballots to ensure no ballot has been added, removed, or altered. This requires stringent physical security protocols and ballot accounting, among other things.
  • Election officials count the votes, using technology if they choose. If the technology altered the outcome, that will (with high confidence) be corrected by the steps below.
  • Election officials reconcile and verify the number of ballots and the number of voters, with a complete canvass to ensure that every validly cast ballot is included in the count.
  • Election officials check whether the paper trail is trustworthy using a transparent “compliance audit,” reviewing chain-of-custody logs and security video, verifying voter eligibility, reconciling numbers of ballots of each style against poll book signatures and other records, and accounting for every ballot that was issued.
  • Election officials check the results with an audit that has a known, large probability of catching and correcting wrong reported outcomes—and no chance of altering correct outcomes. The inventory of paper ballots used in the audit must be complete and the audit must inspect the original hand-marked ballots, not images or copies.

None of these steps stands alone. An unexamined set of paper ballots, no matter how trustworthy, provides no evidence. Conversely, no matter how rigorous, audits and recounts of an untrustworthy paper trail provide no evidence that the reported winners won. Auditing or recounting machine-marked ballots or hand-marked ballots that have not been kept secure can check whether the reported outcome reflects that paper trail, but cannot provide evidence that the reported winners won.

We completely and enthusiastically agree.

One more time: Hand Marked Paper Ballots, protected and exploited

Our Longtime Editorial Opinion

We hear a lot about protecting voting equipment and paper ballots. We talk a lot about both as well. They are not equal!…

Today an article in Freedom to Tinker echoing our opinion: ESS voting machine company sends threats

Our Longtime Editorial Opinion

We hear a lot about protecting voting equipment and paper ballots. We talk a lot about both as well. They are not equal!

It is good to protect machines from tampering; good to test machines; and good to preserve them for post-election forensic analysis; yet, ultimately they cannot be fully protected and error free. They cannot be preserved for extended periods, they are needed for the next election.

Paper ballots are also ‘hackable’ by good old fashioned replacement, destruction, or alteration; yet they can be well protected by strong security measures and audits of security compliance. They must be exploited by sufficient, transparent, publicly verifiable audits and recounts.

Today an article in Freedom to Tinker echoing our opinion: ESS voting machine company sends threats  <read>

The ExpressVote XL, if hacked, can add, delete, or change votes on individual ballots — and no voting machine is immune from hacking. That’s why optical-scan voting machines are the way to go, because they can’t change what’s printed on the ballot. And let me explain some more: The ExpressVote XL, if adopted, will deteriorate our security and our ability to have confidence in our elections, and indeed it is a bad voting machine. And expensive, too!

The main point of the article is that ES&S is using false claims made against Dominion to intimidate others, making accurate, indisputable, scientific claims:

Apparently, ES&S must think that amongst all that confusion, the time is right to send threatening Cease & Desist letters to the legitimate critics of their ExpressVote XL voting machine. Their lawyers sent this letter to the leaders of SMART Elections, a journalism+advocacy organization in New York State who have been communicating to the New York State Board of Elections, explaining to the Board why it’s a bad idea to use the ExpressVote XL in New York (or in any state).

ES&S  machines, as far as we know, are no more or less vulnerable than other brands, however, the company exposes its lack of integrity by its unfounded intimidation.

Elections Should be Grounded in Evidence, Not Blind Trust

Commentary in Barron’s this week Elections Should be Grounded in Evidence, Not Blind Trust <read>

Even though there is no compelling evidence the 2020 vote was rigged, U.S. elections are insufficiently equipped to counter such claims because of a flaw in American voting. The way we conduct elections does not routinely produce public evidence that outcomes are correct.

Commentary in Barron’s this week Elections Should be Grounded in Evidence, Not Blind Trust <read>

Even though there is no compelling evidence the 2020 vote was rigged, U.S. elections are insufficiently equipped to counter such claims because of a flaw in American voting. The way we conduct elections does not routinely produce public evidence that outcomes are correct.

Furthermore, despite large investments since 2016, voting technology remains vulnerable to hacking, bugs, and human error. A report by the National Academies into the 2016 election process concluded that “there is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats.” The existence of vulnerabilities is not evidence that any particular election outcome is wrong, but the big-picture lesson from 2020 is that ensuring an accurate result is not enough. Elections also have to be able to prove to a skeptical public that the result really was accurate.

We need evidence-based elections: processes that create strong public evidence that the reported winners really won and the reported losers really lost, despite any problems that might have occurred. Every step in election administration—from technology choices to voter eligibility checks, physical security, the canvass, and audits—should flow from that requirement…

Here’s what an evidence-based election would look like:

  •  Voters hand-mark paper ballots to create a trustworthy, durable paper vote record. Voters who cannot hand-mark a ballot independently are provided assistive technologies, such as electronic ballot marking devices. But because these devices are subject to hacking, bugs, and software misconfiguration, the use of such ballot-marking devices should be limited.
  • Election officials protect the paper ballots to ensure no ballot has been added, removed, or altered. This requires stringent physical security protocols and ballot accounting, among other things.
  • Election officials count the votes, using technology if they choose. If the technology altered the outcome, that will (with high confidence) be corrected by the steps below.
  • Election officials reconcile and verify the number of ballots and the number of voters, with a complete canvass to ensure that every validly cast ballot is included in the count.
  • Election officials check whether the paper trail is trustworthy using a transparent “compliance audit,” reviewing chain-of-custody logs and security video, verifying voter eligibility, reconciling numbers of ballots of each style against poll book signatures and other records, and accounting for every ballot that was issued.
  • Election officials check the results with an audit that has a known, large probability of catching and correcting wrong reported outcomes—and no chance of altering correct outcomes. The inventory of paper ballots used in the audit must be complete and the audit must inspect the original hand-marked ballots, not images or copies.

None of these steps stands alone. An unexamined set of paper ballots, no matter how trustworthy, provides no evidence. Conversely, no matter how rigorous, audits and recounts of an untrustworthy paper trail provide no evidence that the reported winners won. Auditing or recounting machine-marked ballots or hand-marked ballots that have not been kept secure can check whether the reported outcome reflects that paper trail, but cannot provide evidence that the reported winners won…

outsourcing audits, as Georgia did after the November vote, may prevent such process improvements. It is the responsibility of election officials (and not a third party) to ensure and demonstrate that the paper trail includes no more and no less than every validly cast ballot, and that the reported result is what those ballots show.

We note that, to us, ‘Outsourcing’ audits is a distinct concept from ‘Independent’ audits. Outsourcing implies turning all responsibly over to a hired vendor or entity dependent on election officials for funding. Independent auditing means assigning responsibility for the audit, or at least assessment and oversight of the audit to an entity independent of election officials.

Paper Ballots Integral to Connecticut Election Security – ANNOTATED

A recent article in the Journal Inquirer is at best misleading:  Paper Ballots Integral to Connecticut Election Security <read>

Connecticut has some good election integrity practices, yet there are gaps and vulnerabilities.

Full disclosure, I am a resident of Glastonbury and have been a poll-worker here since 2013 and prior to that from 2008 in Vernon, Connecticut. I take no pleasure in writing this post. Yet, even when people you know and appreciate provide, in your opinion, inaccurate or uninformed information to the public, it is not appropriate to ignore it. There is some good information in this article, yet it is not entirely accurate.

I absolutely agree that Voter Marked Paper Ballots like we have in Connecticut are the widely recognized basis of election security and integrity. Yet they are just a start.

A recent article in the Journal Inquirer is at best misleading:  Paper Ballots Integral to Connecticut Election Security <read>

Connecticut has some good election integrity practices, yet there are gaps and vulnerabilities.

Full disclosure, I am a resident of Glastonbury and have been a poll-worker here since 2013 and prior to that from 2008 in Vernon, Connecticut. I take no pleasure in writing this post. Yet, even when people you know and appreciate provide, in your opinion, inaccurate or uninformed information to the public, it is not appropriate to ignore it. There is some good information in this article, yet it is not entirely accurate.

Below is my annotation in blue:

Paper Ballots Integral to Connecticut Election Security
Election officials in the state are pointing to the benefits of physical ballots as the national conversation around election security continues to draw focus.

I absolutely agree that Voter Marked Paper Ballots like we have in Connecticut are the widely recognized basis of election security and integrity. Yet they are just a start.

by Alex Wood, Journal Inquirer / January 4, 2021  
 
(TNS) — With election officials around the country under very public attack, Mark Dobbins, the Democratic registrar of voters in Glastonbury, wants Connecticut residents to know more about the procedures election officials here use to make sure that all legal votes — and only legal votes — are counted.

It is a sad consequence in the atmosphere of this election that officials are under attack. Anyone who threatens an official and makes false or uninformed claims should be ashamed. And, in the most blatant cases where physical harm is threatened, prosecuted.

One is the old-fashioned paper trail, which Connecticut election officials use for many records, including ballots.

“We use a lot of paper, and you can’t hack paper,” Dobbins says.

Not exactly, even though paper ballots are a good start at election security and auditability, anyone with access to the storage of voted paper ballots can hack them, better still, with access to blank ballots as well, hacking is pretty straightforward. As we have pointed out over and over, Connecticut has very weak ballot security. In the majority of towns a single official may access ballot storage undetected for hours. polling place voted ballots are normally sealed with numbered seals which scientists have demonstrated offer little protection from skilled experts and amateurs alike.

Security experts also point out that over confidence in security by officials is a warning sign of lack of security. <See Do Connecticut’s Tamper-“Evident” Seals Protect Our Ballots?>

In addition, the tabulating machines that count ballots aren’t connected to the Internet and can’t be hacked into, he says.

It is of course important that scanners are not connected to the Internet, however, Hari Hursti long ago demonstrated how the machines used in Connecticut can easily be hacked  <The Hursti Hack> by anyone who has physical access to them. In Connecticut scanners are subject to that same weak security as voted ballots. Even computers not connected to the Internet can be hacked by Foreign actors <for example the STUXNET Attack>.

He adds that the tabulating machines are useless without memory cards. When the cards aren’t in use, he says, LHS Associates, an election services company based in Salem, New Hampshire, holds them securely.

First, the machines themselves can be hacked. They have software which could easily be changed by changing the chips, especially by a rogue service person form LHS Associates. LHS employs a number of people who program the memory cards. There is no audit or observation of LHS programming or security. At least none has been publicly disclosed. Unlike Connecticut, many states require that all programming of memory cards be accomplished by officials and not outsourced as Connecticut does. Here is a UConn papers describing additional vulnerabilities <here> <and here>.

Gabe Rosenberg, general counsel to Secretary of the State Denise W. Merrill, says the University of Connecticut’s Center for Voting Technology Research, or VoTeR Center, takes the memory cards before and after the election to make sure there are no problems.

 Actually, UConn takes a sample of memory cards. Its not a scientific sample. Registrars choose the cards to send to UConn after the election and don’t send all that are asked for. UConn is a little slow in providing reports.  The memory card audit report was for the 2014 elections. Here it is latest report, we suggest reading the summary <2014> <all reports>   It’s hard to trust an audit that is not random and publicly verifiable. There are some problems reported in those audits.

Officials audit 5% of the state’s voting precincts, Rosenberg says. The results exactly matched the machine counts this year, and the historical error rate is less than 1%, he says.

Connecticut does an audit of 5% of the voting districts, yet excluded from the audit are Election Day Registration ballots and centrally counted absentee ballots. In this COVID year of increased mail-in voting there are clearly gaps in the audit. Looking at the UConn reports, the last report of the audit completed was for 2016, which was completed about 19 months after the election, so at best we may have to wait a long while for official confirmation of that claim. It might be a really long wait since the previously completed report was for the 2011 election. UConn excludes large differences between machine counts and audit counts, with the aid of the Secretary of the State’s Office attributing all significant differences to human error in the counting process.

Another security measure widely used in Connecticut elections is to have “many eyes watching everything,” Dobbins says.

ELECTION SECURITY

Against hacking: Use of paper ballots and other paper records, vote tabulating machines not connected to the Internet, audits of vote counts

Monitoring: “Many eyes watching everything”

Physical secuirty: Locked rooms for blank ballots and other election supplies, completed absentee ballots stored in “cages” within vaults, police escorts

I am sure all of these practices are in place in some towns in Connecticut. Perhaps most Absentee Ballots are in vaults. It is different for polling place voted ballots: Most towns hold them in locked rooms or cabinets that have single key locks, with keys available to several officials providing individual access. Few towns have cages for polling place ballots Few use vaults for polling place ballots. Serving in several polling places in Glastonbury I have never had or seen a police escort. From my experience police escorts are not prevalent for the custody of voted ballots.

For example, vote tabulating machines are tested before the election, and members of the public “are welcome to come and look over our shoulder and watch us do it,” he says. Likewise, the public can watch as ballots are counted, he adds.

Yes testing is important to find ballot programming errors. Public observation of testing is also important. However, no level of testing can prevent errors and fraud. Every computer is subject error and fraud. For instance, your laptop and smartphone were tested before you received them, there is no assurance that they did not contain errors or supply-chain fraud. Voting machines are no different.

Dobbins says election equipment — from blank ballots to office supplies to the personal protective equipment that election workers needed this year — is kept in “blue bins” in a locked room around election time.

Once again, the rooms in many towns can be accessed by single officials for hours undetected.  Those blue bins which are from the same manufacturer all have the same keys.

He says he and Lisbeth Becker, Glastonbury’s Republican registrar, are the only people with keys to the room — and that no one is allowed to go in alone. Any time he goes in, Dobbins says, he must be accompanied by a Republican or an unaffiliated voter.

My understanding is that such access by two individuals is not monitored, only procedure prevents an individual from lone access. In fact, just a few years ago, prior to the current registrars, I reviewed a couple of pages of the access log and noted a single individual, a Deputy Registrar, had signed in alone several times. He and others could have easily done that even without signing in. (That same deputy was later arrested by the town for computer security violations).

On Election Day, Dobbins says, the number of ballots at each polling place is noted at the start of the day — and every ballot has to be accounted for at the end of the day.

Due to the vastly increased demand for absentee ballots amid the COVID-19 pandemic, the secretary of the state’s office had absentee ballot applications mailed to every registered voter this year.

Some have wondered whether a new resident of an address could send in an application in the old resident’s name, then vote by absentee ballot under that name while also voting under their own name.

But if the impersonated voter were to vote elsewhere, Rosenberg says, the fraudster would be caught. He adds that state law makes such fraud punishable by up to five years in prison and a $5,000 fine — and that several federal laws prohibit it as well — putting a high price on casting a single fraudulent vote.

Responsibilities for Connecticut elections are divided between registrars of voters and town clerks. The clerks’ responsibilities include sending out blank absentee ballots to voters who request them, receiving the completed ballots back, and storing them until it is time for the registrars to count them.

Manchester Town Clerk Joseph V. Camposeo says his office had to add part-time staff members to handle the increased workload, including data entry when ballots were sent out and when they were returned. He says the ballots were stored in a “cage” in his office’s vault for extra security.

My experience is that Manchester has security practices that are well above average in Connecticut.

Manchester had absentee ballot “drop boxes” behind Town Hall and at the police station this year. When he collected more than one or two ballots from the police station box, Camposeo says, he would have a police escort on the way back.

©2021 Journal Inquirer, Distributed by Tribune Content Agency, LLC.

In summary, many of these practices are good ones, if followed by every official in every town. Yet, they are insufficient and especially vulnerable to insider attack, including vendors and a variety of town employees, not just election officials. Elections are more vulnerable to outsiders when the insiders are over confident.

Security is difficult. Connecticut has a good basis with Voter Marked Paper Ballots, no Internet connections, and no Internet voting. Security practices are much more difficult given the nature of a state with 169 towns each with two registrars from opposing parties expected to be knowledgeable in all aspects of elections, including election security. Many are understaffed and underpaid. It’s a lot to expect that each official can understand, implement, and monitor security, while following the best practices of other states with larger election jurisdictions. Many Municipal Clerks are in the same boat. Yet surfacing issues can be the beginning of improvement. On the other hand, the distributed nature of Connecticut elections makes it difficult for localized errors and fraud to result in an inaccurate state-wide result, yet local elections remain more vulnerable.

We need stronger uniform, enforceable, and enforced security procedures across the state. Among other things Connecticut needs stronger tabulation audits, audits of ballot and scanner security.

 

No, its not the time for more electronics in Connecticut’s voting

An Op-Ed in the CT Mirror: It’s time to modernize the way Connecticut votes.

The main trust is that we should do more electronic automation of the election process in Connecticut such as electronic transmission of results and electronic pollbooks, and alluding to less pens and paper in voting.

Perhaps we can forgive the author for accepting at face value the claims of vendors and their customers that have sunk unnecessary millions into questionable technology. Sometimes it works well and saves time and effort, sometimes it doesn’t!

  • Lets start with electronic submission of results. That idea has a couple of basic flaws…

Our bottom line: Never change from Voter Marked Paper Ballots unless there is some dramatic technological breakthrough. Avoid connectivity for voting machines. Cautiously consider electronic pollbooks, with mandatory paper backup systems. Keep using our current AccuVoteOS until they really need replacing – perhaps better more economical alternatives will become available, perhaps they will comply with the new Federal standards expected soon.

 

An Op-Ed in the CT Mirror: It’s time to modernize the way Connecticut votes <read>We disagree.

The main trust is that we should do more electronic automation of the election process in Connecticut such as electronic transmission of results and electronic pollbooks, and alluding to less pens and paper in voting.

Perhaps we can forgive the author for accepting at face value the claims of vendors and their customers that have sunk unnecessary millions into questionable technology. Sometimes it works well and saves time and effort, sometimes it doesn’t!

  • Lets start with electronic submission of results. That idea has a couple of basic flaws.
    • First its risky. No voting system should ever be connected to the Internet, have wireless connectivity, or be connected to phone lines. All that risks hacking of the voting machine itself. Experts have cautioned election officials against any such capabilities. The leading voting system vendor, ES&S has been caught lying to officials, a government agency, and the public trying to hide that they had that capability.  CT helped develop and uses a data collection system where tapes of results from machines are data entered into a system not connected to our voting machines – it may seem like a lot of work to Head Moderator’s like the author. Yet overall its not that big a deal e.g.  it my town it takes a few hours work by two officials, not that much in comparison to the 60 or so that work 17+ hours on election day.
    • Second, many CT votes are not counted electronically.  Votes on hand counted ballots and write-in votes are not counted by machines but the data must in any case be entered and reported. In other states some of this data is counted electronically by copying unscannable ballots onto other ballots for scanning – this is a labor intensive, slow, and error-prone process.
  • On to electronic poll books. Once again, risky, expensive and not all they are claimed to be.
    • The University of Connecticut tested them and found all those offered by vendors to be lacking in security. The analysis is confidential due to (unfortunate, undemocratic) agreements with the vendors that allowed the testing.
    • They are not as fast as and they are as error prone as manual lookup and voter checkoff on paper lists.
    • Many tout the advantages of not having to print all that paper, yet every expert warns that a paper backup is necessary to keep voting going in the face of power outages, Internet outages, and software or hardware failures.
    • Like everything connected to the Internet they are vulnerable to hacking. In 2016 there was a huge failure in an entire county in NC. There is no evidence of hacking, yet that is only because there was no credible investigation of a trail that my well have lead to Russia.
    • Once again, a little time on the part of election officials doing data entry saves millions in hardware and software acquisition and maintenance – and could provide jobs to Connecticut residents.
  • Several years ago the Secretary of the State got bonding of $6,000,000 to buy electronic pollbooks and a scheme for wireless transmission of results. She wisely turned it back to the State.
  • When it comes less paper and pens, we agree with the author that our current system is secure and accurate. The alternative, pictured with the Op-Ed seems to be and electronic Ballot Marking Devise (BMD). They are risky and expensive.
    • Life time costs for acquisition and programming are at least double, perhaps triple that of optically scanners and paper ballots. One of our current scanners handles the volume of ballots in all but a couple of polling places in the State. A couple handle most central count absentee ballot locations. We originally bought two per polling place, with consolidation there are a number of extras around, they can be purchased very reasonably used online. In fact, the Secretary of the State purchase a number of spares a couple of years ago.
    • BMDs cost lots more because you need many more per polling place. Each must be acquired initially, maintained, programmed, and tested for each election.
    • BMDs and their more risky predecessor technology, DREs, are the cause of lines and polling places. Not scanners in Connecticut and in most jurisdictions.
    • BMDs are subject to hardware and power failures. To continue in spite of power failures there needs to be a sufficient supply of paper ballots in every polling place (that would presumably need to be counted by hand).
    • Finally, BMDs are risky. Research shows that voters do not and cannot reliably check the paper “ballot” they produce, and have a hard time convincing officials the BMD made errors, not the voter.
  • We agree that our scanners are old.
    • Unlike the author, the CTEletionAudit.org surveys of registrars after every election have not indicated any rise in scanner failures.
    • Newer technology scanners available today are marginally better then the AccuVoteOS scanners we have now. The create ballot images and files containing Cast Vote Records, both of which support more comprehensive, less  expensive audits.
    • Yet, the new systems are each more expensive and slower. Many more polling places would need multiple machines to process the volumes of votes we have in Connecticut. They are just as vulnerable to hacking and thus should never be connected to the Internet, phone lines, or wireless for electronic communication of results. And still those hand counted and write-in votes need to be reported manually.
    • Many more will be required for more central count absentee locations. ES&S provides high speed scanners. Two count all the absentee ballots in Rhode Island. But Rhode Island is not Connecticut. They count all there absentees centrally and also program and warehouse all their scanners centrally in one place in Providence. We count and manage everything in each of 169 towns. Those high-speed scanners are too expensive to deploy for local AB counting.

Our bottom line: Never change from Voter Marked Paper Ballots unless there is some dramatic technological breakthrough. Avoid connectivity for voting machines. Cautiously consider electronic pollbooks, with mandatory paper backup systems. Keep using our current AccuVoteOS until they really need replacing – perhaps better more economical alternatives will become available, perhaps they will comply with the new Federal standards expected soon.