Author: Luther Weeks

Report: Secret Ballot At Risk

A new report from the Electronic Privacy Information Center, articulates some of the risks of losing the the Secret Ballot: Secret Ballot At Risk: Recommendations for Protecting Democracy <Exec Summary> <Report>

We recommend reading the Executive Summary and at least the section of the report covering the history of and the need for the secret ballot, pages 4-9 and the section for your state, e.g. Connecticut pages 54-55.

Our only criticism is that the report does not cover the risks to the secret ballot and democracy posed by photos, most often seen in selfies of voters with the voted ballot taken in the voting booth.  Nor does it cover the risks  to the secret ballot posed by absentee voting.

A new report from the Electronic Privacy Information Center, articulates some of the risks of losing the the Secret Ballot: Secret Ballot At Risk: Recommendations for Protecting Democracy <Exec Summary> <Report>

We recommend reading the Executive Summary and at least the section of the report covering the history of and the need for the secret ballot, pages 4-9 and the section for your state, e.g. Connecticut pages 54-55.

Our only criticism is that the report does not cover the risks to the secret ballot and democracy posed by photos, most often seen in selfies of voters with the voted ballot taken in the voting booth.  Nor does it cover the risks  to the secret ballot posed by absentee voting.

From the Executive Summary:

The right to cast a secret ballot in a public election is a core value in the United States’ system of self-governance. Secrecy and privacy in elections guard against coercion and are essential to integrity in the electoral process. Secrecy of the ballot is guaranteed in state constitutions and statutes nationwide. However, as states permit the marking and transmitting of marked ballots over the Internet, the right to a secret ballot is eroded and the integrity of our elections is put at risk…

Our findings show that the vast majority of states (44) have constitutional provisions guaranteeing secrecy in voting, while the remaining states have statutory provisions referencing secrecy in voting. Despite that, 32 states allow some voters to transmit their ballots via the Internet which, given the limitations of current technology, eliminates the secrecy of the ballot. Twenty-eight of these states require the voter to sign a waiver of his or her right to a secret ballot. The remainder fail to acknowledge the issue.

From the Report:

The secret ballot reduces the threat of coercion, vote buying and selling, and tampering. For individual voters, it provides the ability to exercise their right to vote without intimidation or retaliation. The secret ballot is a cornerstone of modern democracies. Prior to the adoption of the secret ballot in the United States in the late 19th century, coercion was common place. It was particularly strong in the military…

The establishment of the secret ballot helped prevent that type of coercion in the military. It also changed coercive practices in the workplace. But has our society evolved so much that we no longer need the secret ballot?

The answer is, simply, no. The secret ballot also protects individuals from harassment as a result of their vote. In February 2009, The New York Times reported that “some donors to groups supporting [California’s “Proposition 8” re: same-sex marriage] have received death threats and envelopes containing a powdery white substance, and their businesses have been boycotted.” The Times reported that a website called “eightmaps.com” collected names and ZIP codes of people who donated to the ballot measure and overlaid the data on a map, contributing to the harassment and threats of violence.

Further, employer-employee political coercion is alive and well in the United States. A recent article in The American Prospectdocumented a number of instances of political coercion in the workplace, including:

  • An Ohio coal mining company required its workers to attend
    a Presidential candidate’s rally – and did not pay them for their time.
  • Executives at Georgia-Pacific, a subsidiary of Koch Industries which employs approximately 35,000 people, distributed a flyer and a letter indicating which candidates the firm endorsed. “The letters warned that workers might ‘suffer the consequences’ if the company’s favored candidates were not elected.”

Thanks to the secret ballot, employers cannot lawfully go so far as to “check” on how an employee actually voted. But if ballots were no longer secret, many employees would risk losing their jobs if they voted against the recommendations of management. Our democracy would no longer be free and fair. Our need for privacy protections is just as strong today as it was when the secret ballot was adopted

Connecticut Constitution and statutes:

Constitutional provision re: right to secret ballot Conn. Const. Art. 6 § 5
In all elections of officers of the state, or members of the general assembly, the votes of the  electors shall be by ballot, either written or printed, except that voting machines or other mechanical devices for voting may be used in all elections in the state, under such regulations  as may be prescribed by law. No voting machine or device used at any state or local election  shall be equipped with a straight ticket device. The right of secret voting shall be preserved

”’

Conn. Gen. Stat. Ann. § 9-366
Any person who […]does any act which invades or interferes with the secrecy of the voting
or causes the same to be invaded or interfered with, shall be guilty of a class D felony.

Book Review: Countdown to Zero Day (Stuxnet)

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, by Kim Zetter covers in detail the discovery, exposure, and detailing of the Stuxnet virus.  It is a fascinating, educational, and important read.  Relevant to anyone interested in cyber security, war, foreign affairs, and election integrity.  There is also a new documentary, ZER0DAYS.

I read the book and then watched the movie.  I recommend the book over the documentary, although it is complementary.  The book covers Stuxnet and its discovery in much more detail.  Yet, the book is accessible to everyone. After reading the book, even the non-technical reader, will have an understanding of what Stuxnet could do, its wider implications for security, and foreign affairs.  I am not convinced those that watch the movie will have an anywhere equivalent understanding.

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, by Kim Zetter covers in detail the discovery, exposure, and detailing of the Stuxnet virus.  It is a fascinating, educational, and important read.  Relevant to anyone interested in cyber security, war, foreign affairs, and election integrity.  There is also a new documentary, ZER0DAYS.

I read the book and then watched the movie.  I recommend the book over the documentary, although it is complementary.  The book covers Stuxnet and its discovery in much more detail.  Yet, the book is accessible to everyone. After reading the book, even the non-technical reader, will have an understanding of what Stuxnet could do, its wider implications for security, and foreign affairs.  I am not convinced those that watch the movie will have an anywhere equivalent understanding. Here are some of the highlights and implications:

  • Stuxnet represents the 1st documented act of cyber aggression by one nation against another.  The U.S. has unlocked Pandora’s Box as we did with nuclear weapons in 1945.  It is an actual attack, distinct from cyber spying and information theft.
  • Stuxnet was used, undetected to randomly destroy Iran’s nuclear centrifuges.  It demonstrated the capability for almost any system controlled by software to be incapacitated or destroyed by software virus alone:  Power systems, the power grid, manufacturing systems, gas lines, banking systems, refineries, elections etc.
  • At the time of Stuxnet, Iran was at minimum playing cat-and-mouse with their nuclear activities, likely they were attempting to hide their aggressive program to prepare for creating nuclear weapons. It is quite possible that is no longer true or a possibility.  Part of the U.S. goal was to hold Israel off from an actual and risky attack on Iran of questionable value.
  • Zero Day refers to holes in software/hardware security which are unknown to software vendors and anti-virus security firms.  Knowing and exploiting a zero day hole gives a powerful capability to exploit systems of those with the latest and most extensive security measures, such as sensitive/strategic government programs.
  • Stuxnet is clearly attributed to a joint effort of the U.S. and Israel.  It was very sophisticated with several zero days, complex attack mechanisms, complex virus spreading, and targeted/limited to avoid detection.  The movie does a fine job of driving this point home with insider and outsider interviews.
  • Stuxnet attacked and spread without the requirement that any equipment be connected to the Internet. Disconnected systems are safer, yet far from safe from virus or insider attack.
  • Stuxent was intended to wipe itself out and remove itself making detection more difficult. Its apparent failure to focus its spread as much as intended led to its discovery.
  • If a foreign power 0r hackers had discovered Suxtnet they could have been a long way toward attacking almost any control system.  They could attack any target, U.S., worldwide, or random; they could have easily made an error that caused a much wider, much more dangerous attack than they intended.
  • When the Government withholds publication of zero days from vendors and virus protection firms, it leaves our government and business systems open to attack through those holes.  Through disclosure to foreign governments and criminals through attack on our government and its vendors.  (Sound impossible?  The U.S. government is still at it and the World is exposed.  See <NSA hacked, exposing new hacking tools> Partially like Stuxnet this was an attack via vendor/contractor facilities. Unlike Stuxnet it could be classified as spying, not aggression.)

What this means for elections:

  • Elections can be hacked.  Any election equipment can be hacked, including proprietary equipment and equipment not connected to the Internet.
  • Hacking can go on undetected or undetected for months and years.
  • We can worry about Russia, yet we need to worry about all governments (including U.S. agencies), partisans, and insiders everywhere.
  • Elections are managed by local governments and local officials with orders of magnitude less cable, less funded, and less knowledgeable than super sensitive corporate, government, and military operations (can you say Sitting Ducks?)
  • It is more important than ever that we not remain complacent  and assume that just because we know most local officials are of high integrity that nothing can go awry.
  • We need paper ballots and sufficient ballot security, recounts. and audits of the entire election process.

NPV Note: Trump and Hillary visit Connecticut

Donald Trump is visiting Connecticut tonight at Sacred Heart University in Fairfield, while Hillary is visiting Greenwich on Monday for a fundraiser <read>

This provides a great opportunity to discuss a couple of points often touted in favor of the National Popular Vote.

  • That presidential candidates will never campaign in Connecticut until we have a national popular vote.
  • That candidates only come to Connecticut to take money out of the state.
  • And apparently we would benefit from the money they would spend here.

Donald Trump is visiting Connecticut tonight at Sacred Heart University in Fairfield, while Hillary is visiting Greenwich on Monday for a fundraiser <read>

This provides a great opportunity to discuss a couple of points often touted in favor of the National Popular Vote.

  • That presidential candidates will never campaign in Connecticut until we have a national popular vote.
  • That candidates only come to Connecticut to take money out of the state.
  • And apparently we would benefit from the money they would spend here.

We have long opposed, not because we are against the idea in theory, but because imposing a popular vote on our current unequal and risky state-by-state system would make presidential elections much more risky.  <See our posts here>

Overall we do not think campaigning in a state or the money issue is that relevant in choosing for or against the National Popular vote. Yet, since the proponents tout it so strongly, we point out:

  • Obviously a candidate is campaigning here in spite of their claims.  (We also had several candidates here during the presidential primary season)
  • Many of those same legislators and advocates for the National Popular Vote are arguing Trump should not come.
  • Rather than bringing money to the state it may cost the Town of Fairfield $37,000 in security <read>
  • Ask yourself if this visit or the visits during the primary campaign changed the minds of many who could have watched similar rallies on TV or the Internet?
  • We note it is a myth that campaigns bring huge amounts of money to states where they campaign.  The big money goes to media conglomerates, national headquarters staff, and consultants.
  • Presumably Hillary will take some huge donations from Greenwich, where apparently financial barons live to enjoy New England and avoid NYC taxes, while threatening to leave Connecticut for some sunbelt tax haven.
  • Yet the amounts are peanuts compared to the money those people spend in Connecticut. Which in-turn, is peanuts compared to their investments around the country and in offshore tax havens. In any case they would still donate that money no matter where they lived and where the candidates campaigned.
  • There is a problem with money in campaigns that demands reform directly, a National Popular Vote would not change that, if anything it would make it worse creating the demand for more of those television and web political ads that we all would rather avoid.

Remember this is not a reason to be for or against the National Popular Vote. It is an example of supporters grabbing at straws to make their case.

Update 8/19/2016**********

This week Hillary Clinton campaigned in NY, a very safe state for her campaign.

What Could Elections Officials Learn From the Delta Airlines Outage

  • System failures are generally explained away as accidents, usually unique and isolated ones.
  • Human systems are vulnerable to failure, especially those dependent on computer systems, especially when there is no manual backup.
  • If businesses like airlines, banks, and Federal Government agencies cannot protect their systems, how can state, county,  and local systems be expected to be reliable?

Connecticut is not the pick of the litter here, as we said last April:

We sadly await the Election Day when the Connecticut voter registration system is down, especially with no contingency plan for Election Day Registration. Don’t say “Who Could Have Imagined”, we did.

 

This week Delta Airlines was partially down, so far, for at least three days.  Because of “computer” or “power” problems according to reports, e.g. How A Computer Outage Can Take Down An Entire Airline <read>.

Just after five in the morning on Monday, Delta sent out an alert every traveler dreads. “Delta has experienced a computer outage that has affected flights scheduled for this morning.”

Two hours later, Delta added discouraging details: The outage in Atlanta had crippled its mission control center—the NASA-inspired room that keeps Delta’s global fleet running. Soon, static check-in lanes clogged airports and gate agents started writing boarding passes by hand. Passengers slept on airport floors or sat in parked planes, even as departure boards and smartphone apps wrongly told them everything was running great. The airline canceled more than 650 flights and delayed many more in the US, Japan, Italy, and the UK…

Georgia Power, which supplies electricity to Delta, says it’s working with the airline today to fix a failed switchgear—a heavy duty version of the circuit breaker panel you’ve got in your basement. That would suggest that if an update or test is the problem, it was of hardware (perhaps, ironically, something like a new power supply), rather than of software. Georgia Power says the outage affected nobody else.

This is not the first time:

No one seems to know what went wrong, exactly—Delta’s investigating—but this is hardly the first time a computer glitch has shackled an airline’s global operations to the tarmac. So how does this keep happening?…

If you’re starting to think this kind of thing happens a lot, you’re right. In July, the failure of a single data center router forced Southwest to cancel 2,300 flights across four days, costing the airline well over $10 million. CEO Gary Kelly told The Dallas Morning News the router only partially failed, so it didn’t trigger the backup systems. In May, JetBlue had to check in customers by hand when its computer system went down. American Airlines blamed connectivity issues when it had to suspend flights last September. A year ago, United blamed a glitch for 800 flight delays.

And then there are the cases that defy contingency planning. In 1991 a farmer reportedly took 20 air traffic control centers offline when he inadvertently cut through an underground fiber optic cable while burying a cow. In 2014, an FAA contractor set fire to an air traffic control center in Chicago, disrupting travel for more than two weeks.

There are three lessons we might absorb and election officials might learn from this.  (We have to admit that we are skeptical that these lessons will be learned by the public or officials.)

  • System failures are generally explained away as accidents, usually unique and isolated ones.
  • Human systems are vulnerable to failure, especially those dependent on computer systems, especially when there is no manual backup.
  • If businesses like airlines, banks, and Federal Government agencies cannot protect their systems, how can state, county,  and local systems be expected to be reliable?

System Failures Are Generally Explained Away as Accidents

How can we be sure that a system failure is an accident, not a sabotage?   How do we know that an individual, foreign power, or business competitor did not bring down the system?  This could have been a test of a surgical strike which could be used to take down multiple airlines or other critical systems.

You maybe thinking “Conspiracy Theorist” here.  That is a good way to deflect concern, without delving deeper, without considering actually learning.  Yet, such an attack has happened.  Maybe more than one or several. The U.S. Government and Israel attacked Iranian nuclear facilities, by attacking the control system responsible for nuclear centrifuges.  The attack known as Stuxnet was designed to go undetected, and it did so for several years.

The point here is not that the Delta outage was necessarily such an attack. It is that it could have been and even with diligence that may not ever be determined.  It could also have been sabotage by a single individual.  In any case, computer attack, human attack, or accident, our infrastructure is vulnerable.

Human systems are vulnerable to failure, especially those dependent on computer systems, especially when there is no manual backup.

Without their computer system, Delta, was dead in the water (actually dead in the air, stuck on the ground), completely dependent on computer systems power, and apparently a single point of failure.

But wait.  What if Delta could have had a simple manual backup?  Would it be possible to save millions, perhapss billions of dollars, and continue most flights, with most passengers, saving them many problems?

I am not an airline expert, yet my guess is that Delta’s system is largely separate from the Air Traffic Control, TSA, and Immigration Systems.  Here is an outline of a simple backup system:

  • Every couple of hours, spreadsheets of the following are sent to a personal computer at each Delta airport:  Passengers booked for each flight for the next 24 hours.  Equipment, crew, and schedule for each flight in that period.
  • In a similar emergency all those items are printed on paper and used by personnel to create boarding passes and checkin passengers.
  • Flight crews, baggage handlers, and maintenance use that information to continue operations.

Obviously it would not work perfectly, yet it would provide for most service to continue at a considerably slower pace.

If businesses like airlines, banks, and Federal Government agencies cannot protect their systems, how can state, county and local systems be expected to be reliable?

Which brings us to our election system.  To the extent we make it an electronic election system, we are similarly dependent on systems, to the extent we have no manual backup or workable pre-planned contingencies.

How about Connecticut

One area where we are very good, is that we have paper ballots.  Even if our scanners fail due to an extended power outage we can still vote on paper ballots and count them later!

But there are other potential problems.

The current voting system is partially dependent on the availability of the online Central Voter Registration System (CVRS) and the phone system. CVRS and the phone system are also generally dependent on the availability of the Internet and the power grid.  Availability required statewide and in each town in the state.

  • The CVRS must be available in the few days before an election so that paper checkin lists can be printed, so that voters can checkin at the polls.
  • On election day, Registrars are constantly checking the system to resolve voter registration issues at polling places, perhaps 5% of voters would not be able to vote if that system were unavailable.
  • Also on election day, election day registration is currently 100% dependent on the availability of the CVRS, with no model contingency plan specified by the Secretary of the State’s Office.
  • Also the whole system is highly dependent on the phone system which is used by polling place officials to call the Registrars’ Office, and for the Registrars’ Office call other towns for Election Day Registration.

When we convert to electronic checkin, we must be careful to require paper copies of  checkin lists so that polling place voting can mostly continue in the event of power, phone, and computer outages.

Finally, a reminder that it is tough for individual industries to protect themselves, harder for state and local governments, and that Connecticut is not the pick of the litter here:

As was reported in April: Connecticut Makes National Short List – Embarrassing <read>

U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday.

The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network.

Educations, telecommunications and pharmaceutical industries also ranked low, the report found. Information services, construction, food and technology were among the top performers…

Other low-performing government organizations included the U.S. Department of State and the information technology systems used by Connecticut, Pennsylvania, Washington and Maricopa County, Arizona.

As we said then:

We sadly await the Election Day when the Connecticut voter registration system is down, especially with no contingency plan for Election Day Registration. Don’t say “Who Could Have Imagined”, we did.

 

 

 

 

 

How to excite the public about electronic voting: “Russia Might Hack an Election”

Apparently Donald Trump and the media have done in a few days what computer scientists, security experts, and voting integrity advocates have failed at for at least sixteen years:  Excite the public about the dangers of electronic voting.

Apparently the threat of a sophisticated Russian hack is more threatening that an election being taken by the equivalent of amateur electronic ballot stuffing.

There are a lot of articles we could site, but one of the most comprehensive comes from Politico Magazine.  It is written from the prospective of Princeton researchers, with lots of history and articulated concerns, with relatively little red baiting.  How To Hack An Election In 7 Minutes

Apparently Donald Trump and the media have done in a few days what computer scientists, security experts, and voting integrity advocates have failed at for at least sixteen years:  Excite the public about the dangers of electronic voting.

Our bad for suggesting that partisans, insiders, or domestic hackers could do the job and not emphasizing that foreign powers, including Russia could do it. Our bad for demonstrating that smart amateurs could do it without a sophisticated expert conspiracy.  Apparently the threat of a sophisticated Russian hack is more threatening that an election being taken by the equivalent of electronic ballot stuffing.

There are a lot of articles we could site, but one of the most comprehensive comes from Politico Magazine.  It is written from the prospective of Princeton researchers, with lots of history and articulated concerns, with relatively little red baiting.  How To Hack An Election In 7 Minutes  <read orig> <text>

It is a long read.  I will summarize the concerns, with my comments in brackets []:

The powers that be seem duly convinced. Homeland Security Secretary Jeh Johnson recently conceded the “longer-term investments we need to make in the cybersecurity of our election process.” A statement by 31 security luminaries at the Aspen Institute issued a public statement: “Our electoral process could be a target for reckless foreign governments and terrorist groups.” Declared Wired: “America’s Electronic Voting Machines Are Scarily Easy Targets.”

For the Princeton group, it’s precisely the alarm they’ve been trying to sound for most of the new millennium. “Look, we could see 15 years ago that this would be perfectly possible,” Appel tells me, speaking in subdued, clipped tones. “It’s well within the capabilities of a country as sophisticated as Russia.” He pauses for a moment, as if to consider this. “Actually, it’s well within the capabilities of much less well-funded and sophisticated attackers.”…

The Princeton group has a simple message: That the machines that Americans use at the polls are less secure than the iPhones they use to navigate their way there

In American politics, an onlooker might observe that hacking an election has been less of a threat than a tradition. Ballot stuffing famously plagued statewide and some federal elections well into the twentieth century…

[Apparently we are much less concerned about a domestic hack than a foreign one.  History shows there is a lot of motivation and also a lack of a strong response to domestically stolen elections]

But the tipping point came in 2006, when a major congressional race between Vern Buchanan and Christine Jennings in Florida’s 13th district imploded over the vote counts in Sarasota County—where 18,000 votes from paperless machines essentially went missing (technically deemed an “undervote”) in a race decided by less than 400 votes. Felten drew an immediate connection to the primary suspect: The ES&S iVotronic machine, one of the many ordered in Pennsylvania after they deployed their HAVA funds. Shortly after the debacle, Governor Crist announced a deadline for paper backups in every country in Florida That year, Maryland Governor Bob Erlich urged his state’s votersto cast an absentee ballot rather than put their hands on a digital touchscreen—practically an unprecedented measure. By 2007, the touchscreens were so unpopular that two senators, Florida’s Ben Nelson and Sheldon Whitehouse form Rhode Island, had introduced legislation banning digital touchscreens in time for the 2012 election.

Precincts today that vote with an optical scan machine—another form of DRE that reads a bubble tally on a large card—tend not to have this problem; simply by filling it out, you’ve generated the receipt yourself. But that doesn’t mean the results can’t still be tampered with, and Felten’s students began writing papers that advised election officials on defending their auditing procedures from attempted manipulation.

Each state bears the scars of its own story with digital touchscreens—a parabola of havoc and mismanagement that has been the fifteen-year nightmare of state and local officials…

Today, Halderman reminds me, “the notion that a foreign state might try to interfere in American politics via some kind of cyber-attack is not far-fetched anymore.”

The Princeton group has no shortage of things that keep them up at night. Among possible targets, foreign hackers could attack the state and county computers that aggregate the precinct totals on election night—machines that are technically supposed to remain non-networked, but that Appel thinks are likely connected to the Internet, even accidentally, from time to time. They could attack digitized voter registration databases—an increasingly utilized tool, especially in Ohio, where their problems are mounting—erasing voters’ names from the polls (a measure that would either cause voters to walk away, or overload the provisional ballot system). They could infect software at the point of development, writing malicious ballot definition files that companies distribute, or do the same on a software patch. They could FedEx false software to a county clerk’s office and, with the right letterhead and convincing cover letter, get it installed. If a county clerk has the wrong laptop connected to the Internet at the wrong time, that could be a wide enough window for entry of an attack.

“No county clerk anywhere in the United States has the ability to defend themselves against advanced persistent threats,” Wallach tells me…

 [We strongly doubt that many county clerks or local registrars in Connecticut has the ability to detect or defend against unsophisticated threats]

What would be the political motivation for a state-sponsored attack? In the case of Russia hacking the Democrats, the conventional wisdom would appear that Moscow would like to see President Trump strolling the Kremlin on a state visit. But the programmers also point out that other states may be leery. “China has a huge amount to lose. They would never dare do something like that,” says Wallach, who recently finished up a term with the Air Force’s science advisory board. Still, statistical threat assessment isn’t about likelihoods, they insist; it’s about anticipating unlikelihood.

[What would be the political motivation for a single insider, corporation, or a few partisans to attack an election and install their favorite President, Senator, Governor or Mayor?.  Do we really have to answer?]

The good news is that Wallach thinks we’d smell something fishy, and fairly fast: “If tampering happens, we will find it. But you need to have a ‘then-what.’ If you detect electronic tampering, then what?”

[Where there is smoke, in the U.S. it seems there are more dire warnings of “Conspiracy Theorists”. Our track record investigating and correcting suspicious elections is worse than poor. See our <Book Review of Ballot Battles>]

No one has a straight answer, except for a uniform agreement on one thing: Chaos that would make 2000 look like child’s play. (Trump aping about “rigged elections” before the vote is even underway has certainly not helped.) The programmers suggest we ought to allow, for the purposes of imagination, the prospect of a nationwide recount. Both sides would accuse the other of corruption and sponsoring the attack. And the political response to the country of origin would prove equally difficult—the White House is reported to be gauging how best to respond to the DNC attack, a question that poses no obvious answers. What does an Election Day cyber strike warrant? Cruise missiles?

The easiest and ostensibly cheapest defense—attaching a voter verified paper receipt to every digital touchscreen—presents its own problem. It assumes states audit procedures are robust. According to Pam Smith at Verified Voting, over 20 states have auditing systems that are inadequate—not using sufficient sample sizes, or auditing only under certain parameters that could be outfoxed by a sophisticated attack—states that include Virginia, Indiana and Iowa.

[And Connecticut.  We will save for another time a list of the inadequacies in our post election audit law and its implementation. We are not sure that Verified Voting includes CT in the 20, yet we point out that only about half the states have audit laws, leaving the vast majority of that half with inadequate audits.]

“There’s a very simple and old-fashioned recipe that we use in our American democracy,” Appel says. “The vote totals in each polling place are announced at the time the polls closed, in the polling place, to all observers—the poll workers, the party challengers, any citizen that’s observing the closing of the polls.” He goes on to describe how the totals in that precinct would be written on a piece of paper—pencils do just fine—then signed by the poll workers who have been operating that polling site.

“Any citizen can independently add up the precinct by precinct totals,” he continues. “And that’s a very important check. It’s way that with our precinct-based polling systems, we can have some assurance that hacked computers could not undetectably change the results of our election.”

[That is far from feasible, considering the vast number of districts and counts to be accumulated.  Go ahead and try doing that just in  Connecticut,  from the results filed in 169 town clerks offices and balance them with the totals posted for the Presidential Primary on the Secretary of the State’s website]

There could be a greater lesson in Appel’s point. Technology didn’t create the problem. Perhaps technology is intrinsic to the problem—our lack of trust that has metastasized in a surveillance culture was bound to aggrandize the problems of voting, the most trusting civic act we know. It seems unlikely to expect a singular cure to the American presidential election, not because of the incomprehensibility of cryptography or the untrustworthiness of tech companies, but because there is no such thing as the singular election: 8,000 jurisdictions in a leaky mess of federalism and poorly spent dollars. The neat results and cable announcements on election night represent an optical illusion, like a series of ones and zeroes, whizzing beyond our apprehension.

 [As we said we are far public verification of a Presidential Election, or for that matter almost any Federal, State, or Local election.]

If Russia hacked the DNC? What me worry?

Did Russia hack the DNC, DCCC, and Hillary’s Campaign.  And does it only matter who the hackers are?

With little disclosed evidence, the prime story has been the question of who hacked the sites.  That is an important aspect of the news, yet there are other important issues obscured, perhaps intentionally by the focus on that one aspect of the hacks.

Did Russia hack the DNC, DCCC, and Hillary’s Campaign.  And does it only matter who the hackers are?

This has been quite a week with for hackers and the media coverage of hacks.  With little disclosed evidence, the prime story has been the question of who hacked the sites.  That is an important aspect of the news, yet there are other important issues obscured, perhaps intentionally by the focus on that one aspect of the hacks.  Less covered are:

  • The unfair, perhaps illegal, conduct of the DNC disclosed in the emails and voice mails.
  • The possibility that elections themselves can be manipulated directly through changing results, messing with registration systems etc.
  • Is Wikileaks extra guilty for disclosing the information when they did?  Should they have held it until after the election, like the NYTimes did with James Risen’s story of a failed CIA operation?
  • Should we feel safer if the hacks are not from the Russian government, and are actually the work of foreign amateurs? Domestic amateurs? Republicans?  Business interests?  Israel? China? The CIA? The NSA?  Political Insiders? or Vendor Insiders? Which group, if any, would you rather have manipulate our elections?
  • Would we be safer if the perpetrator(s) kept the information secret?  Why would that be preferred?  What if Trump had secret information on Hillary or her campaign?  What if Democrats or their supporters have hacked similar information on Trump or the Republicans and are not disclosing it? The information disclosed obviously hurts the DNC, yet other information could be more valuable to opponents, if it were not disclosed.
  • In whose interest is the disclosure of the information? In whose interest is blaming the attack on Russia?
  • In whose interest is focusing only on determining the perpetrators? Obviously those exposed by the emails and the actual perpetrators, if not Russia.

Some articles to consider.  Bruce Schnier in the Washington Post: By November, Russian hackers could target voting machines <read>

The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so,  we have to accept that someone is attacking our nation’s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November —  that our election systems and our voting machines could be vulnerable to a similar attack.

From The Conversation by Richard Forno: How vulnerable to hacking is the US election cyber infrastructure? <read>

Of course, the desire to interfere with another country’s internal political processes is nothing new. Global powers routinely monitor their adversaries and, when deemed necessary, will try to clandestinely undermine or influence foreign domestic politics to their own benefit. For example, the Soviet Union’s foreign intelligence service engaged in so-called “active measures” designed to influence Western opinion. Among other efforts, it spread conspiracy theories about government officials and fabricated documents intended to exploit the social tensions of the 1960s. Similarly, U.S. intelligence services have conducted their own secret activities against foreign political systems – perhaps most notably its repeated attempts to help overthrow pro-communist Fidel Castro in Cuba…

One of the most obvious, direct ways to affect a country’s election is to interfere with the way citizens actually cast votes. As the United States (and other nations) embrace electronic voting, it must take steps to ensure the security – and more importantly, the trustworthiness – of the systems. Not doing so can endanger a nation’s domestic democratic will and create general political discord – a situation that can be exploited by an adversary for its own purposes…

Democracies endure based not on the whims of a single ruler but the shared electoral responsibility of informed citizens who trust their government and its systems. That trust must not be broken by complacency, lack of resources or the intentional actions of a foreign power.

 

 

 

Warning: 15 states without paper records, half without audits

A Computer World article reminds us how much more there is to go to achieve verifiable, evidence based elections:  A hackable election? 5 things to know about e-voting <read>

Voting results are “ripe for manipulation,” [Security Researcher Joe] Kiniry added.

Hacking an election would be more of a social and political challenge than a technical one, he said. “You’d have a medium-sized conspiracy in order to achieve such a goal.”

While most states have auditable voting systems, only about half the states conduct post-election audits, added Pamela Smith, president of Verified Voting.

Let us not forget that even states, like Connecticut, with post-election audits have a long way to go in making the audits sufficient to assure that election results are correct or confidence that incorrect results would be reversed.

A Computer World article reminds us how much more there is to go to achieve verifiable, evidence based elections:  A hackable election? 5 things to know about e-voting <read>

Voting results are “ripe for manipulation,” [Security Researcher Joe] Kiniry added.

Hacking an election would be more of a social and political challenge than a technical one, he said. “You’d have a medium-sized conspiracy in order to achieve such a goal.”

While most states have auditable voting systems, only about half the states conduct post-election audits, added Pamela Smith, president of Verified Voting.

“That leaves a lot of gaps for confirming that election outcomes were correct,” she said. “In such a contentious election year, well, let’s just say it’s never a good thing to be unable to demonstrate to the public’s satisfaction that votes were counted correctly, whether in a small contest or large.”…

Twenty-three states used DREs without paper trails in the 2008 U.S. election, and 17 used them in 2012, compared to 15 states this year, according to information from the U.S. Election Assistance Commission and Verified Voting.

Let us not forget that even states, like Connecticut, with post-election audits have a long way to go in making the audits sufficient to assure that election results are correct or confidence that incorrect results would be reversed.

Online Voting Is Risky, Riskier than Online Banking

My letter to the Hartford Courant today.

To the Editor,

The article in the Sunday July, 10 Smarter Living Section, “Democracy in The Digital Age”, is a one-sided disservice to readers. The article, abbreviated from Consumer Reports original, provides a one-sided case for online voting.  The article quotes the CEO of a company selling online voting at a huge expense to governments around the world.  She touts the benefits without detailing the risks.  The system she touts as secure, has never been proven secure. It has never been subjected to a public security test.  Unlike the printed version, the original article at Consumer Reports details the risks of online voting…

My letter to the Hartford Courant today.

To the Editor,

The article in the Sunday July, 10 Smarter Living Section, “Democracy in The Digital Age”, is a one-sided disservice to readers. The article, abbreviated from Consumer Reports original, provides a one-sided case for online voting.  The article quotes the CEO of a company selling online voting at a huge expense to governments around the world.  She touts the benefits without detailing the risks.  The system she touts as secure, has never been proven secure. It has never been subjected to a public security test.  Unlike the printed version, the original article at Consumer Reports details the risks of online voting, quoting a nationally known voting integrity advocate and a recognized computer scientist specializing in electronic voting, . How ironic that the lead article in the same section, “Protecting Your Data”, points out how risky it is to do banking transactions over the internet from free wi-fi sites.  If the unedited Consumer Reports article was provided, readers would have learned why, with all its risks, Internet banking is actually much safer than online voting.

Here is the “full” abbreviated Courant Article: <read>

Original Consumer Reports article quoting Pam Smith and Aviel Rubin <read>

Skeptics Guide Part 2: Absence of Evidence is Not Evidence of Absence

A couple of weeks ago, based on claims that exit polls showed that the primary was stolen from Bernie Sanders, I said: “I stand with Carl Sagan who said, “Extraordinary claims require extraordinary evidence.”

Now we have the reverse situation from the NYTimes: Exit Polls, and Why the Primary Was Not Stolen From Bernie Sanders <read>

I seems like a pretty good case that the exit polls do not prove  the election was stolen.

Unfortunately, the Times headline is incorrect.  This evidence in this article only claims  that the exit polls do not prove that Bernie won. There is no proof that the official results are correct.  They may be, they may not be.  We still need Evidence Based Elections, providing strong evidence that the results are correct.

A couple of weeks ago, based on claims that exit polls showed that the primary was stolen from Bernie Sanders, I said: “I stand with Carl Sagan who said, “Extraordinary claims require extraordinary evidence.”

Now we have the reverse situation from the NYTimes: Exit Polls, and Why the Primary Was Not Stolen From Bernie Sanders <read>

I seems like a pretty good case that the exit polls do not prove  the election was stolen:

All of this starts with a basic misconception: that the exit polls are usually pretty good.

I have no idea where this idea comes from, because everyone who knows anything about early exit polls knows that they’re not great.

We can start in 2008, when the exit polls showed a pretty similar bias toward Barack Obama. Or in 2004, when the exit polls showed John Kerry easily winning an election he clearly lost — with both a huge error and systematic bias outside of the “margin of error.” The national exits showed Kerry ahead by three points (and keep in mind the sample size on the national exit is vastly larger than for a state primary exit poll) and leading in states like Virginia, Ohio and Florida — which all went to George W. Bush.

The story was similar in 2000. The early exit polls showed Al Gore winning Alabama, Arizona, Colorado and North Carolina. Mr. Bush won these states by between six and 15 points. The exit polls showed Mr. Gore winning Florida by six points — leading the networks to call the race before 8 p.m. in the East.

Young Voters Love Exit Polls. Old Voters Do Not.
Younger voters are more likely to complete exit polls than older voters across all interviewer ages.

Unfortunately, the Times headline is incorrect.  This evidence in this article only claims  that the exit polls do not prove that Bernie won. There is no proof that the official results are correct.  They may be, they may not be.  We still need Evidence Based Elections, providing strong evidence that the results are correct.

And the opposing case from Richard Charmin: Response to Nate Cohn of the NY Times <read>

Book Review: Down for the Count

Down for the Count: Dirty Elections and the Rotten History of Democracy in America
by Andrew Gumbel.  An updated version of Gumbel’s earlier Steal This Vote.  A lot has happened in 12 years!

I highly recommend, for an overview of the history of voting issues in the United States.. I can add a small caveat the to the description on Amazon:

Down for the Count explores the tawdry history of elections in the United States—a chronicle of votes bought, stolen, suppressed, lost, miscounted, thrown into rivers, and litigated up to the U.S. Supreme Court—and uses it to explain why we are now experiencing the biggest backslide in voting rights in more than a century…

Down for the Count: Dirty Elections and the Rotten History of Democracy in America
by Andrew Gumbel.  An updated version of Gumbel’s earlier Steal This Vote.  A lot has happened in 12 years!

I highly recommend, for an overview of the history of voting issues in the United States.. I can add a small caveat the to the description on Amazon:

Down for the Count explores the tawdry history of elections in the United States—a chronicle of votes bought, stolen, suppressed, lost, miscounted, thrown into rivers, and litigated up to the U.S. Supreme Court—and uses it to explain why we are now experiencing the biggest backslide in voting rights in more than a century. This thoroughly revised edition, first published to acclaim and some controversy in 2005 as Steal This Vote, reveals why America is unique among established Western democracies in its inability to run clean, transparent elections. And it demonstrates, in crisp, clear, accessible language, how the partisan battles now raging over voter ID, out-of-control campaign spending, and minority voting rights fit into a long, largely unspoken tradition of hostility to the very notion of representative democracy.
Andrew Gumbel has interviewed Democrats, Republicans, and a range of voting rights activists to offer a multifaceted, deeply researched, and engaging critical assessment of a system whose ostensible commitment to democratic integrity so often falls apart on contact with race, money, and power. In an age of high-stakes electoral combat, billionaire-backed candidacies, and bottom-of-the-barrel campaigning, there can be no better time to reissue this troubling and revealing book.

Some of the items that stuck out for me:

  • The problems and rigging of lever machines pp 106-108.
  • Software is not the only problem with electronic voting machines. Consider microcode.
  • Before the technical reports of the early 2000’s those suspicious of electronic voting were ‘crazies’ p155. I am not so sure that has changed in many circles.
  • Money has almost removed people from elections p 205.
  • “The less grassroots activists know, the more they think they know” p 211. Consider when that might apply to you (or to me), as well as the “others”.
  • The same set of general fixes emerge over and over p 212.

A caveat:

Near the end, the author provides a list of more detailed fixes that he recommends.  I strongly disagree with his recommendation of circumventing the Electoral College, rather than replacing it Constitutionally. Actually it requires more than a Constitutional amendment. As always I can understand that many grassroots individuals see the problems with the current system, including the Electoral College.  Yet the fixes aren’t always so clear and simple. The devil is in the details, wrapped up in the Constitution, the 12th Amendment, and the Electoral Count Act, along with the state-by-state election system we have.  The current system far from a match for a National Popular Vote scheme. They all would need to be changed significantly before we can have a National Popular vote that treats every citizen/voter equally and that can provide a trusted result.  For more on this, see past our posts <here>.

I can only suggest that this is an example for considering the book’s statement that “The less grassroots activists know, the more they think they know”.