Recent weeks and months have seen increasing activity in voting machine security and statistical analysis for auditing elections. Expect more news in the near term: A report is anticipated from the Brennan Center for Justice and several papers at the USENIX Accurate Electronic Voting Technology Workshop in
Boston on August 6th.
Author: Luther Weeks
CA, Post-Election Audit Standards Working Group, Report
Post-Election Audit Standards Working Group, Report, Evaluation of Audit Sampling Models and Options for Strengthening California’s Manual Count
This report moves the technical and political conversation to a whole new level.
“ The literature does not frame the statistical problem in the best way: Most of the papers address essentially this question: ‘If the machine count named the wrong winner, what is the chance we will see at least one error in the sample?’ However, the Working Group believes the right question to ask is: ‘If the machine count named the wrong winner, what is the chance we would have seen more errors in the sample than we actually saw in the sample?’â€
“If audits are effective, then the public can have confidence in the outcome of elections even if the voting systems used are imperfect, because the audit can detect and be used as the basis to help correct human and voting system errors…
The complexity of these systems means there are many more ways in which voting systems can fail to capture votes correctly, lose votes, miscount votes, and be manipulated to yield incorrect results…
Auditing a small percentage of precincts is not effective for finding problems that affect only a few precincts. Moreover, no fixed percentage (short of 100%) suffices to give high confidence that the apparent outcome of the election is correct. For that goal, the number of precincts that should be tallied manually depends on the margin in each precinct, the number of ballots cast in each precinct, and other factors, including the number of discrepancies found in the precincts that are manually counted.â€
University of California Red Team Reports to the Secretary of State
This confirms earlier reports on Diebold Optical Scan equipment, including the University of Connecticut report.
The vulnerabilities identified in this report should be regarded as a minimal set of vulnerabilities. We have pursued the attack vectors that seemed most likely to be successful. Other attack vectors not described here may also be successful and worth pursuing. This work should be seen as a first step in the ongoing examination of the systems, All members of the team strongly believe that more remains to be done in this field and, more specifically, on these systems
The Red Team was able to verify the findings of some previous studies on the AV-OS unit; the impact of these was to alter vote totals in order to change the vote results on that machine
…the attacker launches a low-tech attack that can be discreetly executed at a Precinct Count AV-OS under the watch of a moderately attentive poll worker. The tools for completing the attack are small and easily concealed, and they can be obtained in a typical office
…we were able to discover attacks for the Diebold system that could compromise the accuracy, secrecy, and availability of the voting systems and their auditing mechanisms. That is, the Red Team has developed exploits that absent procedural mitigation strategies can alter vote totals, violate the privacy of individual voters, make systems unavailable, and delete audit trails.
University of Connecticut, Security Assessment of the Diebold Optical Scan Voting Terminal
In July, 2007 a similar report was released on the Diebold TSX, which demonstrated that that the state’s choice of Diebold Optical Scan was far superior to the Diebold DRE option, however, the October 2006 report is the one that applies to our voting systems.
We identify a number of new vulnerabilities of this system which, if exploited maliciously, can invalidate the results of an election process utilizing the terminal. Furthermore, based on our findings an AV-OS can be compromised with off-the-shelf equipment in a matter of minutes even if the machine has its removable memory card sealed in place…Such vote tabulation corruptions can lay dormant until the election day, thus avoiding detection through pre-election tests
The vulnerability assessment provided in this paper is based only on experimentation with the system. At no point in time had we used, or had access to, internal documentation from the manufacturer we conclude that attackers with access to the components of the AV-OS
system can reverse-engineer it in ways that critically compromise its security, discover the vulnerabilities presented here in and develop the attacks that exploit them.
Unfortunately, presumably the secret programming of each election by Diebold allows access to the memory cards by those with all the documentation.
VerifiedVoting.org, Percentage-based vs. SAFE Vote Tabulation Auditing: A Graphic Comparison
This is a complete case for variable audit percentages.
Several pending electoral-integrity bills specify hand audits of 2% to 10% of all precincts. However, percentage-based audits are usually inefficient… Percentage based audits can also be ineffective, since close races may require auditing a large fraction of the total –even a 100% hand recount to provide confidence in the outcome. This paper presents the SAFE (Statistically Accurate, Fair and Efficient) alternative¦based on the same statistical principles that inform audits in business and finance…However, SAFE audits ensure high confidence in all electoral outcomes by using auditing resources more efficiently and employing large samples only when necessary.