Author: Luther Weeks

When are recounts reasonable?

The Wisconsin Supreme Court election recount started this week. The margin was a bit over 7,000 votes and the percentage just under 0.5% as required by law. John Nichols writes of past instances where the loser asked for recounts in much wider margins and of cases with relatively close margins where the original result was overturned

The Wisconsin Supreme Court election recount started this week. The margin a was bit over 7,000 votes and the percentage just under 0.5% as required by law. John Nichols writes in Recount reasonable — just ask a Republican, of past instances where the loser asked for recounts in much wider margins and of cases with relatively close margins where the original result was overturned <read>

Back in 1960, when the closest presidential race in modern American history was decided for Democrat John Kennedy, the Republican National Committee and state Republican parties sought recounts in 11 states, including Texas. Kennedy’s advantage over Republican Richard Nixon in Texas in the initial count was 46,000 votes. While Democrats objected that Kennedy’s margin was too large to be overturned, Republicans argued that allegations of voting irregularities in a number of Texas counties justified the demand.

Similarly, in the 1976 presidential race, after Democrat Jimmy Carter beat Republican Gerald Ford in Ohio by more than 9,000, Republicans sought a recount of the votes in that state.

And just last year in Minnesota’s gubernatorial race, Democrat Mark Dayton led Republican Tom Emmer by a little less than 9,000 votes. A hand recount of the state’s ballots confirmed Dayton’s winning margin was 8,770 votes. Emmer’s campaign and the state Republican Party continued to wage court fights and challenge ballots until more than a month after the election, when Emmer finally conceded.

In all three cases, Republicans made reasonable requests for recounts, even if those requests failed to overturn the results.

But Wisconsinites know that recounts can alter results.

In 1970, it appeared that Les Aspin had lost a Democratic primary to Doug La Follette in southeastern Wisconsin’s 1st Congressional District. But after the official canvass, the margin of victory for La Follette — now Wisconsin’s secretary of state — was less than 0.5 percent of the vote. That enabled the former Pentagon aide to seek a recount paid for by the state. The recount found enough uncounted Aspin votes, most of them in Kenosha, to put him ahead of La Follette.

Barely a month after the primary was finally settled in his favor, Aspin defeated Republican Congressman Henry Schadeberg and began a distinguished career that would eventually see him chair the House Armed Services Committee before his appointment as President Bill Clinton’s secretary of defense.

In 1982, it appeared that Democrat Russ Feingold had lost his first political race to Republican state Sen. Everett Bidwell. But the vote in the south-central Wisconsin Senate district was close enough to entitle Feingold to a state-sanctioned recount. He pursued it and, after uncounted Feingold votes turned up in rural Sauk County and on a broken voting machine at a school in Dane County, the result was reversed. Feingold was elected to the state Senate and a decade later became a U.S. senator, serving 18 years as the chamber’s most independent and principled member.

Elections are huge endeavors, involving thousands, sometimes millions, of votes that are tabulated by poll workers and clerks who are — like all of us — imperfect human beings.

When dealing with so many variables, mistakes and missteps are to be expected.

Recounts set things right. They identify actual winners, as well as flaws in the voting and counting systems of the state.

Wisconsin law calls for machine recounts unless a candidate objects. In this case many precincts are being hand counted to preserve the memory card used in the election. They could use alternate memory cards, but their scanners are so old that the manufacturer cannot supply them. From what we have seen Wisconsin’s recount law is stronger than Connecticut’s – Wisconsin calls for each ballot to be reviewed by those representing opposing candidates to make sure they agree it can be counted by machine – Connecticut’s does not – only by procedure do we call for election officials, not candidate representatives, to check ballots. In fact, our recanvass law remains stuck in the lever age presuming that tabulators do no have ballots. Connecticut procedures but not our law may be reasonable for moderately close races, but insufficient when voter intent and absentee ballot adjudication becomes critical.

More online voting risks and opportunities for skulduggery

We have been warning of the risks of Internet voting and ignoring science since our founding. Yet, we have overlooked some of the risks, literally right in front of our nose.

Since our founding, we have been warning of the risks of Internet voting and ignoring science. We are currently amazed at our own legislators, risking military voters rights, dismissing the scientific facts and the practical evidence of the impossibility of internet voting. Yet, we have overlooked some of the risks, literally right in front of our nose.

More Risks Right In Front Of Our Nose

An ongoing story starting late last week highlights those dangers.  B. F. has a post describing intended or accidental suppression which brought those issues to my attention http://tinyurl.com/3fg2t36 (Note: We use the initials B.F. and a tinyurl intentionally and instructively, just in case you might want to bring this post to the attention of your friends through an email, post, or Facebook link.)

Here is a summary of what happened to B.F.:

If you use an AOL email address, AOL is doing you the favor of making sure you do not receive email containing any links to [B.F.’s site] in it.

Not email from a [B.F. site] address, mind you, as if I were a spammer or something (which, obviously, I’m not), but any email from anybody that has a link to this site, or to one of our news stories.

I learned this swell news early this week when someone was kind enough to let me know that their attempts at sending a link to this site to a friend bounced back to them with an error message. That error message was “HVU:B2”. What is that error?:

* 421 HVU:B2
o There is at least one URL or domain in your e-mail that is generating substantial complaints from AOL members. Resolution will require opening a support request.

That’s right, “substantial complaints” from someone, whatever that means, will result in no links to stories at [B.F.’s site] getting through to any of AOL’s millions of members. And they will never know about it.

Again, these are not even emails from [B.F’s site]. They are simply emails from anybody to any AOL email address which has my domain linked in the body of the email.

Neat, huh? I wonder what would happen if there were “substantial complaints from AOL members” about, say, FoxNews.com? Or MSNBC.com? Or NYTimes.com? Would that result in millions of members not being able to receive any email that links to anything at those sites? Sounds like a great way to [expletive verb] someone you don’t care for politically, doesn’t it?…

So far, I’ve spoken to at least 10 different AOL support people on the phone, since clicking the “support request” URL they offer in the error message seen above actually takes you to someplace on the “AOL Postmaster” that doesn’t actually give you the form you supposedly are to fill out to deal with this issue.

It took a day or two, and several more calls to more very nice AOL tech support people who told me they couldn’t help me in the slightest…

Most ironically, and so that you are open to the interpretation that these are not intended but simply the result of bureaucratic incompetence:

I finally looked up the AOL corporate website online, found the numbers for the “Corporate Media Inquiries” department, figuring I’d either get help or get an on the record comment about this mess and about the fact that AOL is censoring members emails for them, and spoke to another very nice person whom I told about the situation, explained that I was a journalist, not a spammer (and besides the notes being rejected didn’t even need to come from my address to get rejected), mentioned the irony that I even write news for Huffington Post from time to time,

But from personal experience I would call it unintentional arrogance. Over the years, I have put up with similar problems from both AOL and Google:

  • I am webmaster for a 501.c3 organization that runs annual tournaments for children.  Over the years AOL has, to my knowledge, blocked us at least twice. It took some time, each time, to realize this was happening. Both times, I did manage to get through the bureaucracy and get it fixed after some time.  Once was because a spammer used some of our email addresses.  Another time when a board member sent an email that had some key words in it that had AOL classify our site as a spammer.
  • A couple of years ago we had problems  when a couple of my WordPress sites fell victim to some WordPress vulnerabilities with  malware added from sources unknown. Malware with potential for spreading viruses.  The good news is that Google informed me and provided tools, so that it could be quickly corrected. But the bad news was that the sites were banned for several weeks from Google search results and provided users with messages that warned of the dangers of my sites.

Withing the last month, a popular news site was hacked and completely taken down such that it had to essentially be rebuilt.  And just this weekend another popular reader supported  news site sent this message to donors:

We learned that right in the middle of our spring campaign this past week that our secure credit card processor was offline for several hours on a few occasions. Donations were not processing. If you encountered this and gave up, please try again.

So what? What can we learn?

  • Incidents like these may be intentional, untended, or bureaucratic arrogance.
  • They point the way to intentional disruption.
  • They point the way to intentional disruption covered up as unintended, well meant policies. Who is against protection from spam and viruses? Asking users to report concerns?
  • In cases like AOL’s  policies, when users are able to nominate spammers, dangerous, or offensive sites, or email addresses. – these policies can be used by others to assist in their agendas. It would not take any computer expertise. Beyond the simple cases, expert unethical hackers could infect sites and use policies like Google’s to their advantage.
  • Each of these examples either went unnoticed for several days, took away capabilities for several days once they were discovered, often inadvertently.
  • No matter how noble the intention or accidental, the result can be disruption and in some cases defamation in what could be a critical time period.
  • Most of all recognize that these are common occurrences. Much more widespread than the samples that each of us is aware of or listed here.

What does this have to do with online voting and democracy?

  • Any of these problems , or similar problems, can occur to any web site, any email account, any time – including those associated with voting, campaigns, and news, all vital to democracy.
  • Voting vulnerabilities include: Online voting, online registration, campaign web sites, campaign emails etc.  The impact of such vulnerabilities varies.
  • Many solutions to speeding military and overseas voting include sending election notification and voting materials by email. These would likely come from a known url and email account, which could be blocked. Presumably any form of online voting would require notification and information be sent electronically, unless overseas voters are expected to find and keep checking the site for upcoming elections and availability of materials.
  • We all know email is unsafe, vulnerable to hacking and blocking. These vulnerabilities highlight the possibility of easier and unintentional methods of blocking email return of ballots, email used for voter registration, or email communications/questions between voters and election officials.
  • Voting itself and access by remote military and overseas voters is conducted in very short windows.  A site blocked or down for even a day can discourage/disenfranchise someone who has infrequent opportunities for internet access.

Despite the risks we remain in favor of email notification and web access to election materials for military and overseas voting, but the high risk of using the internet, email, or fax for the return of votes is unacceptable.

I agree with our current Secretary of the State, Denise Merrill in her testimony this year:

  • In the future, it is conceivable that we could move in the direction of online voting.
  • But the problem is, the technology to make sure no one can hack into an online voting system and distort the vote totals has not yet been developed.
  • We want to make voting more convenient, but not at the expense of the security or integrity of our elections…
  • …there is no on-line voting system secure enough to protect the integrity of the vote…

Military Internet voting requirement tucked into “Technical Bill”

If you accept the science that global warming is caused by human activity – you have much more reason to oppose Internet voting.

In the last couple days, the text of bills passed by the Government Administration and Elections Committee in mid March have been posted to the Connecticut General Assembly web.

One item was tucked into S.B. 939 that requires the Secretary of the State to implement Internet voting without a budget increase. The bill was intended, and mostly remains, as a “Technical Bill” to make changes to the statutes to account for the move to optical scan voting. (the bill: S.B. 939) .

1779 Sec. 60. (Effective from passage) The Secretary of the State shall, within
1780 available appropriations, establish a method to allow for on-line voting
1781 by military personnel stationed out of state. In establishing such a
1782 method, the secretary shall look at what other states have done to
1783 reduce any potential for fraud in on-line voting and determine
1784 whether any such state’s on-line voting system could be appropriate
1785 for adapted use by this state. Not later than January 1, 2012, the
1786 secretary shall, in accordance with the provisions of section 11-4a of
1787 the general statutes, report any progress made toward establishing
1788 such a method to the joint standing committee of the General
1789 Assembly having cognizance of matters relating to elections.

Although the bill  mentions that the Secretary “shall look at what other states have done to reduce any potential for fraud in on-line voting and determine whether any such state’s on-line voting system could be appropriate for adapted use by this state” it does not make success in this necessary to the requirement to provide a means for Internet voting. The Secretary has no choice, in my reading, although there is no deadline for completion.

If you accept the science that global warming is caused by human activity – you have much more reason to oppose Internet voting.

If someone believes in Global Warming and that it is caused by human activity because the vast majority of scientists say so, then there is a much much more solid case against Internet voting in any form.  I just don’t understand why people believe scientists in one case when in reality the Internet voting case is much stronger:

  • Claiming Internet voting is safe and accurate violates an undisputed a basic proof of computer science (Turing’s  Halting Problem)
  • In practice no system has been proven safe, the one system subjected to public testing failed with all votes changed. All sorts of computer systems – business, government, and defense  – are regularly compromised. <some examples>

I wonder how the Secretary is supposed to implement Internet voting for 169 towns with no budget addition. Other states have paid significantly for Internet voting, while failing or neglecting to prove it safe.

The good news is the current bill only applies to Military voters, not all overseas voters.

The bad news it applies to any Military voters stationed outside Connecticut.

Here is my testimony against the standalone bill proposed and not passed by the Committee:

We oppose online voting, internet voting, email voting, and fax voting in general, for several reasons:

  • Internet Voting Is Technically Risky: The Computer Technologists Statement on Internet Voting details five technical challenges to such voting that have never been resolved and concludes: “The internet has the potential to transform democracy in many ways, but permitting it to be used for public elections without assurance that the results are verifiability accurate is an extraordinary and unnecessary risk to democracy.”
  • Internet Voting Has Proven Risky In Practice: In September 2010, Washington D.C. opened their proposed internet voting system to ethical hackers. With very short notice, the system was compromised, changing all past and future votes. Separately, the municipal network was entered, passwords to municipal systems obtained, and the list of codes for Internet voting for all voters in the November election were obtained. Internet voting for the election was canceled. Washington D.C. should be applauded for allowing the test, since other jurisdictions have not subjected their systems to such testing.
    https://www.ctvoterscount.org/video-cure-for-internet-voting-warning-viewing-may-case-severe-permanent-einsecurity/
  • Internet voting can be expensive: West Virginia, about half the size of Connecticut, spent about $75,000 for 54 electronic votes.
    http://votingnews.blogspot.com/2010/05/wv-overseas-internet-election-54-votes.html

I oppose this bill in particular because:

  • It contains no controls, specifications, or requirements for online voting. Would there be any public testing of such systems? Would there be any attempt to address the Technologists’ concerns or prevent problems similar to those in Washington, D.C?
  • It does not specify if such voting would be the responsibility of individual municipalities or the Secretary of the State.
  • It provides no funds either for the State or Municipalities to implement.
  • Could Connecticut accomplish centrally what Washington D.C. has not? Would it be constitutional?
  • Would each of Connecticut’s 169 municipalities be able to afford such systems and accomplish what Washington D.C. has not?
  • Would the system be optional by municipality? Different in each municipality? If implemented in only some, would it be unfair, violating Federal civil rights and voting laws?

Please join me and other technologists nationwide in opposing Internet voting.

Technologists’ Statement on Internet Voting <read>

PS: I have some other less serious concerns with this bill and another technical bill. In a few days I plan to review and comment on those concerns.

GAE Committee changed title and substance of bill

A “Technical” change to existing statutes becomes a National Popular Vote Agreement.

Earlier this year, the Government Administration and Elections Committee held hearings on a bill, H.B. 6331

Here is how it looked as originally submitted and still showing as the “Raised Bill” on the General Assembly Web <Raised Bill>:

AN ACT CONCERNING TECHNICAL AMENDMENTS TO CERTAIN ELECTION-RELATED STATUTES REGARDING TABULATORS.

Be it enacted by the Senate and House of Representatives in General Assembly convened:

Section 1. Subsections (a) and (b) of section 9-168a of the general statutes are repealed and the following is substituted in lieu thereof…

This bill was the subject of a public hearing on February 10, 2011 <Agenda>

And here is the “Substitute Bill” that was passed by the committee on April 1st <Agenda> Note the change in the name of the bill on the agenda.<Substitute Bill>

AN ACT CONCERNING AN AGREEMENT AMONG THE STATES TO
ELECT THE PRESIDENT OF THE UNITED STATES BY NATIONAL
POPULAR VOTE.

Be it enacted by the Senate and House of Representatives in General
Assembly convened:

Section 1. (NEW) (Effective from passage) The Agreement Among the
States to Elect the President by National Popular Vote is hereby
enacted into law…

It looks a lot like a bill H.B. 6163 where a public hearing was held on March 11, 2011 <Agenda>

I attended both hearings and the meeting on April 1st.  The Committee did debate the National Popular Vote, yet no member noticed/mentioned that they were passing a completely different bill than the bill number on the agenda.

As a final note, currently the Bill Status page remains confused as to the name and the purpose of the bill <read>

AN ACT CONCERNING AN AGREEMENT AMONG THE STATES TO ELECT THE PRESIDENT OF THE UNITED STATES BY NATIONAL POPULAR VOTE.

To make technical corrections to the elections statutes, including updating the statutes to reflect the current use of voting tabulators.

According to the rules of the General Assembly:

[15.] (b) Hearing Requirement for Favorable Report. Except as provided in Rule 32 (2)(A), no bill and no resolution proposing an amendment to the constitution or other substantive resolution shall be reported favorably by a committee unless a public hearing has been held as provided in Rule 6, but no further public hearing shall be required for a favorable report on a substitute for such bill or resolution, provided the substitute is based on or is germane to the subject matter of the original bill or resolution, or for a bill or resolution petitioned under Rule 11 on which a subject matter public hearing has been held.

I suppose it all depends on how inclusive a definition of “germane” is implied. I understand that similar changes happen regularly.

Courant Op-Ed: Daniel Patrick Moynihan warned of national popular vote risks

We have learned more about voting integrity since the time of Senator Moynihan. It would be even worse than he imagined.

Courant Op-Ed by Chris DeSanctis: NO: Electoral College Votes Should Represent State Voters’ Choice <read>

The op-ed quotes the late New York Democratic Senator Daniel Patrick Moynihan:

With a national vote differential of only 500,000 (less than a 0.5 percent) between the two candidates, a national popular vote Electoral College compact would have caused Florida’s problems to appear minor in comparison. Both campaigns would have contested votes state by state, precinct by precinct, looking for a few thousand here and a few thousand there. That struggle would have taken place across America, rather than just in Florida.

The late Democratic senator from New York, Daniel Patrick Moynihan, once remarked about such a circumstance under a national popular vote agreement: “There would be genuine pressures to fraud and abuse. It would be an election no one understood until the next day or the day after, with recounts that go on forever, and in any event, with no conclusion, and a runoff to come. The drama, the dignity, the decisiveness and finality of the American political system are drained away in an endless sequence of contests, disputed outcomes and more contests to resolve outcomes already disputed. That is how legitimacy is lost.” Close presidential races are managed more effectively with the Electoral College.

We have learned more about voting integrity since the time of Senator Moynihan. It would be even worse than he imagined. There would and could be no recount.

Unlike the the op-ed writer, I am theoretically in favor of one person, one vote and the popular election of the President. However, given the current unequal state by state franchise and voting arrangements, votes are not equal and cannot be made so by the Compact or a simple Constitutional amendment.

As a computer scientist and voting integrity activist I find there are extreme risks in the National Popular Vote Compact’s mismatch with our existing state by state voting system. The Compact would aggravate an already weak electoral accounting system.

There is no official national popular vote number compiled in time, such that it could be used to officially and accurately determine the winner in any close election.

Even if there were such a number, it would aggravate the flaws in the system. The Electoral College limits the risk and the damage to a few swing states in each election. With a national popular vote, errors, voter suppression, and fraud in all states would count against the national totals.

There is no national recount available for close elections, to establish an accurate number. Only in some individual states, if close numbers happened to occur in those states, would there be even a fraction of a national recount.

With the Compact there is every reason to believe that any close election would be decided the Congress or the Supreme Court – the same Court that ruled in Gore v. Bush, that not having a uniform recount law in Florida was grounds to stop the recount to avoid harm to the apparent winner. Citizens and candidates can be expected to bring court challenges of Governors and Secretaries of State for relying on and providing inaccurate results in awarding Electoral College votes.

Reference  testimony on the National Popular Vote vs. the Electoral College

Photo ID: “Birther Bills” For All?

  • This year’s proposals are the strictest voter identification proposals ever considered by states. Most severely limit forms of acceptable identification voters may show and make scant allowances for those unable to obtain the specific form of identification required by the law, even if they have other forms of ID that can verify their identities at the polls.
  • Photo ID proposals will cost cash-strapped states up to $20 million to implement.

Advancement Project: <read>

According to Advancement Project, this reactionary trend is part of the largest legislative effort to scale back voting rights since Reconstruction: nearly two-thirds of state across the nation introduced onerous voter identification bills this year. The report looks to the implications of this broad effort.

Among the report’s key findings:

  • Proposals to require strict forms of photo ID to vote have been introduced in 32 states.
  • This year’s proposals are the strictest voter identification proposals ever considered by states. Most severely limit forms of acceptable identification voters may show and make scant allowances for those unable to obtain the specific form of identification required by the law, even if they have other forms of ID that can verify their identities at the polls.
  • The photo ID proposals are part of larger coordinated efforts by conservative and Tea-Party backers, designed to reduce the voting strength of voters of color who saw record turnout in 2008, in advance of the 2012 elections.
  • Voter impersonation, the only voting irregularity that could be addressed with photo ID, is exceedingly rare. The proposals do nothing to address other voting problems that are known to occur.
  • Studies show that approximately 11 percent of voters – about 21 million people – lack or cannot obtain a current state-specific photo ID. African American voters are twice as likely to lack current state ID.
  • Photo ID proposals will cost cash-strapped states up to $20 million to implement.
  • Many of the proposals may be legally flawed and constitute a “poll tax” by imposing undue costs and burdens on voters.

We are reminded of the Presidential “Birther Bills” based on the rejection of alternative forms of ID that have been accepted for years.  We also note the strong support of the Tea Party despite the cost.  As we have said before “When we favor something, we ignore the costs“.

Wisconsin: Democracy In The Gap: Between Impatience And Incompetence

The best outcome of a recount would be to determine the correct winner of the election, leading to an improved system in Wisconsin, and serving as an example to other states. Yet, Democrats should not get their hopes up for a change in the result.

Let us hope that something good comes from the election error and concern in Wisconsin.

Most CTVotersCount readers have been reading various stories of the recent Wisconsin election, for example <here> or <here>

Overall the situation points out the weak underbelly of elections in many of our states, including Wisconsin and Connecticut. There is little reason to have confidence in the accuracy of election results reported on election night and marginally little additional reason to trust the certified results which usually conform closely to the original reported results.

The underlying causes are our media fueled goal to get results immediately from tired officials, regardless of their accuracy; followed by officials wish to get it over-with, avoiding any any questions of accuracy or if every vote was in fact counted;  playing a role is the lack of public attention and budget necessary for trusted, accurate elections; and the initially apparent winner claiming victory along with the real or imagined risks to the initial looser in being labeled a sore looser. We are aware that many Republicans continue claiming irregularities in the Minnesota 2008 recount while they accuse Democrats of not getting over Florida in 2000.

I agree and caution those that are calling for a complete recount in Wisconsin:

  • A thorough recount may expose the weak underbelly of the system in Wisconsin. It may show many small errors; uncounted votes; inappropriately adjudicated absentee ballots; slight changes due to machines and people missing voters’ intent; and even uncover some system flaws like those found in Humboldt County and in Ohio in after the 2008 election.
  • Democrats should not get their hopes up unless they find additional suspicious results in other precincts and counties. Chances are that a recount would uncover many small differences but unlikely that they would add up to enough to overturn an election. Everyone should avoid pushing unfounded or highly speculative theories.
  • The best outcome of a recount would be to determine the correct winner of the election, leading to an improved system in Wisconsin, and serving as an example to other states. A transparent, credible recount of integrity would serve to provide confidence in this one election to the ultimate looser and the majority of voters in Wisconsin. I expect it would uncover additional problems with the system beyond the “lone wolf” spreadsheet accounting in one county which could lead to an improved system. Admittedly this is an optimistic view, yet there are often at least positive incremental improvements after election vulnerabilities are discovered, with unfortunately the risk of expensive, knee-jerk reactions of questionable impact (see 2000, HAVA, vendor “help”).

Waukesha County, Wisconsin vs. Bridgeport Connecticut

  • Connecticut has little to offer Wisconsin as an example of accurate accounting. We do have some “lone wolfs” that use spreadsheet accounting, but many others use the old fashioned system of human transcription and accounting. As one Representative characterized our election system, it is a bit of the “Wild West”. In general, by hand or spreadsheet it is a three step process of manual transcription and accounting with a record of errors and omissions.
  • We have no idea what a recanvass would show in a statewide Connecticut Election. In the recent race for Governor we understand that about eight towns (nobody knows, there was no requirement to report it) ran out of preprinted ballots and produced copied ballots that would be counted by hand. At least two of those ran out of ballots in polling places. The state recounted none of those towns.  The Connecticut Post newspaper and citizens recounted one of those towns demonstrating extensive counting and accounting errors along with wide discrepancies in ballot counts vs. check-off lists. Ten percent of districts were subject to post-election audits of district machine counted audits. No official report is yet available, however, the Coalition audit observation report demonstrated the usual level of significant differences that indicate inaccurate counting and the possibility of machine errors. The audits do not check hand counted ballots or centrally counted absentee ballots. As far as we know, five towns have yet to supply official audit report to the Secretary of the State for the audits which would have been completed by November 22nd 2010.
  • Connecticut has little to offer Wisconsin in the area of recounting. Like Wisconsin, our recanvasses are primarily a modified recount by similar machines and memory cards. Unlike Wisconsin, we have no provision in our recanvasses for our adjusting vote counts if check-off lists counts do not match.  In fact, Connecticut recanvass do not check check-off lists.  Recounts in Connecticut are possible via a court order. Procedures are not defined in our state law.

We also recommend that citizens of Wisconsin with concerns under take a thorough review of all posted results and confirm election documents to uncover any other potential specific questionable counts. To his credit, the well supported and financed losing candidate in Connecticut in November 2010 did that to satisfy himself that the result was accurate enough to select the actual winner.

We also note that the Connecticut Legislature and Secretary of the State are proposing steps that would reduce the possibility of similar ballot shortages in the future, yet we have much more work to provide election integrity and credibility equal to the promise of democracy.

Let us take no comfort in the election error in Wisconsin.  Let us hope that something good comes from the concerns.

Update. More reasons to Investigate:

Worth checking the source of numbers reported and the accounting details. Alleged history of some questionable results in the county: 20,000 more votes than ballots (Waukesha, 2006) <read> <read>

Also Democrat refutes earlier impression that she endorsed/understood revised result <read>

Losing democracy in cyberspace

Voting computers, like heads of state, must be held accountable to the people they serve.

As we have said, many times, with regard our audits in Connecticut: “If we dismiss all differences as human counting errors, if there ever was error or fraud it would not be recognized.”

Editorial by voting integrity advocated Penny Venetis in NorthJersey.com: Losing democracy in cyberspace – Voting computers, like heads of state, must be held accountable to the people they serve. <read>

What nobody is talking about is how votes will be cast in emerging democracies. For elections to be legitimate in such countries, it is critical to use voting technology that counts votes accurately. In the 21st century, chances are high that computers will be used in some form in the coming elections in Egypt and Tunisia. But voting computers, like heads of state, must be held accountable to the people they serve.

It is a tenet of computer science that computers can be programmed to do anything, including play “Jeopardy!” and steal votes…

The Princeton hacks are not unique. Studies commissioned by the secretaries of state of California, Ohio, Maryland and Connecticut outline in great detail the many vulnerabilities of various computerized voting systems.

The University of Connecticut and Professor Appel in New Jersey have produced several excellent reports on the vulnerabilities of voting machines and the lack of physical security provided by “tamper evident” seals in common use. Yet, as Professor Venetis points out, having paper ballots and knowing the risks is not enough:

But voter verified paper ballots, in and of themselves, cannot detect fraud. To fully ensure that the voting computers are not cheating, it is necessary to audit a certain percentage of voting machines in each election precinct by manually counting the paper ballots and comparing the hand-counted results with the computer-generated results. This system worked marvelously in Minnesota, when millions of voter verified paper ballots had to be hand-counted to determine the winner of the 2008 Senate race. Studies showed that the tally was 99.99 percent accurate.

Finally, to ensure that votes are counted accurately, it is imperative that totals be counted and announced at the precinct level. This protects against tampering with voting machines and paper ballots while they are being transported to centralized tabulation locations.

New Jersey falls short because they do not have paper ballots or paper records. Connecticut has paper ballot and audits, yet our audits fall far short. Our law has several glaring exemptions and flaws, including: Only polling place optical scanned ballots are audited – omitting most absentee ballots and hand counted ballots, like those copied ballots in Bridgeport; exemptions for districts that have recanvasses or contested elections; results audited against are not published; there is no deadline for publishing results of the audits which are not binding on the election; random drawings have not met the requirements of the law; audits showing differences that have been investigated behind closed doors; and the audit reports have dismissed all differences as human counting errors. <See: Inadequate Counting, Reporting,  and Reporting Continue>

As we have said, many times, with regard our audits in Connecticut: “If we dismiss all differences as human counting errors, if there ever was error or fraud it would not be recognized.”

Virtual war a real threat…to water and democracy

LATimes reports on cyber threats to a Southern California water system. This is why we have been testifying against “online” voting and highlighting that even good size cities cannot protect their systems. Clearly each of Connecticut’s 169 towns could not afford even the expense of threat assessment of online voting systems. A good start would be vulnerability assessment of our existing paper ballot and voting machine security.

LATimes reports on cyber threats to a Southern California water system.  This is why we have been testifying against “online” voting and highlighting that even good size cities cannot protect their systems.  Clearly each of Connecticut’s 169 towns could not afford even the expense of threat assessment of online voting systems. A good start would be vulnerability assessment of our existing paper ballot and voting machine security. Virtual war a real threat <read>

When a large Southern California water system wanted to probe the vulnerabilities of its computer networks, it hired Los Angeles-based hacker Marc Maiffret to test them. His team seized control of the equipment that added chemical treatments to drinking water — in one day…

“There’s always a way in,” said Maiffret, who declined to identify the water system for its own protection.

The weaknesses that he found in California exist in crucial facilities nationwide, U.S. officials and private experts say.

The same industrial control systems Maiffret’s team was able to commandeer also run electrical grids, pipelines, chemical plants and other infrastructure. Those systems, many designed without security in mind, are vulnerable to cyber attacks that have the potential to blow up city blocks, erase bank data, crash planes and cut power to large sections of the country.

Update: New York Times post reviews several recent attacks on businesses by individuals. Clearly no reason to be assured by the by the above article’s assertion that “Terrorist groups such as Al Qaeda don’t yet have the capability to mount such attacks”. The Asymmetrical Online War <read>

“It’s a completely surreal realization that nation states can be seriously confronted by teenagers, but that’s where we’re at,” said John Perry Barlow, the Grateful Dead lyricist who co-founded the Electronic Frontier Foundation in 1990 to help defend young computer hackers. “One very smart person can take on an entire nation state.”

One can take on the security apparatus of the Web as well. In the space of a little more than a month, two computer security firms have been publicly humiliated, one by an anonymous computer hacker who claimed in an e-mail interview with a Forbes columnist to be a 16-year-old girl and a second by someone who is apparently a 21-year-old Iranian…

Hardly a week passes when there isn’t some new incident underscoring the fundamental imbalance of power in cyberspace between attacker and defender, where a highly motivated and reasonably skilled intruder, operating in secrecy from almost anywhere in the world, can with apparent ease unravel digital fortifications intended to offer banking-grade security.

In February, an executive at HBGary, a Sacramento, Calif., security software and consulting firm, made the mistake of publicly boasting that he had unmasked the identities of the members of Anonymous, a secretive collection of cyber-vigilantes who had attracted attention by launching Internet denial-of-service attacks in defense of Wikileaks. The security company, which was engaged in a series dubious business propositions, soon found that the details of its business were exposed to the world. Anonymous, whose ringleader was possibly a teenager, tricked one of the company’s systems administrators into giving them password information, making it possible to steal more than 50,000 of HBGary’s e-mail messages and placing them on a Russian web site.

Update: Man hacks Federal Reserve and other financial institutions <read>

According to court documents, Poo found a security vulnerability in the Federal Reserve’s network in June 2010, resulting in thousands of dollars worth of damages. However, it is believed that he stole the huge booty of credit card numbers and other account information from other financial institutions.

The American government claims to have also obtained extensive evidence of how Poo’s alleged criminal hacking activity targeted the US’s national security, military and financial sectors.

Security Theater: Scary! Expert Outlines Physical Security Limitations

Connecticut’s ballots and voting machines are vulnerable. We are subject to many of the characteristics of “Security Theater” outlined by Dr. Roger Johnston of Argonne Lab’s Vulnerability Assessments Team. “Security” seals can be compromised, undetected in seconds. That is only the tip of the iceberg. Forget those Dracula movies. Contemplate the value of ballots to our democracy while watching the video.

Back in January, we covered reports on six failed attempts by New Jersey to successfully secure voting machines with “security” seals – seals like those used in Connecticut to “protect” our ballots and voting machines. A computer expert and a security expert provided reports outlining the ease with which those seals can be compromised by an amateur and an expert.

“Security” seals can be compromised, undetected in seconds. That is only the tip of the iceberg. Full security often involves a lot more, locks, vaults, chain-of-custody, alarms, video surveillance, and guards. Unfortunately, most physical security can also be easily defeated, according to one of the experts, Roger Johnston of the Argonne National Lab Vulnerability Assessments Team.

Last week I was fortunate to hear Dr. Johnston speak at a voting integrity conference in Chicago. Although I don’t have his slides or a video from that conference, I do have video’s of a short appearance on NBC and a longer talk he gave last year:

  • Getting paid to break into things: Argonne’s Roger Johnston on NBC <watch 4min>
  • Proving Voltaire Right: Security Blunders Dumber Than Dog Snot <watch 127min>

What I found most enlightening last week was a slide showing fifteen characteristic attributes of “Security Theater” (you can see it at about 5 min into the second video). Some of the attributes we often observe in Connecticut ballot security are:

  • “Sense of urgency”
    Urgency can be seen and felt on election night as officials are rushing to finalize results, complete paperwork, and complete a seventeen hour day. Is the seal applied correctly to prevent access without tampering? Do two officials check the seal number on the ballot case and the moderator’s return? Is the return completed in ink or pencil? Are the ballots under observation by at least two officials until they are locked in town hall?  Is the seal number on the bag checked against the moderator’s return when the ballots are locked in town hall? Officials complain that may take days for both registrars to be available to checking ballots and sealed paper work after an election.
  • A very difficult security problem
    Budgets are tight. Very few towns keep their ballots in vaults or securely locked facilities. We observe weak single locks or padlocks, ballots stored in isolated storage rooms with weak building security. Or no locks at all.
  • Involves fad and/or pet technology
    We have seen seals made by with office printer labels with no numbers and seals that are entirely written by hand.
  • Questions, concerns, & dissent are not welcome or tolerated
    Any suggestion that someone might compromise security is instead defensively interpreted as an accusation against the integrity of a registrar or all registrars. We are told that Connecticut towns cannot afford to improve security. Security does cost money, yet there are economical alternatives to dramatically increase ballot security. Can we afford to leave our democracy conveniently vulnerable?
  • Strong emotion, over confidence, arrogance, ego, and/or pride related to security
    (see above)
  • Conflicts of Interest
    Most registrars and election officials are closely aligned with parties – that is why we have at least two registrars in each town, of opposing interests. Everyone in town hall is dependent on the outcome of budget referendums and the plans of those elected. (as a counter example, the owner of a jewelry store, bank president, or jail guard normally has little conflict of interest in security)
  • No well-defined adversary
    Most individuals, election officials, candidates, candidate supporters, and town employees are honest. Yet, almost every person, agency, or business has stakes in election outcomes.
  • No well-defined use protocol
    Our statutes are on ballot security are weak and ambiguous, it is unlikely that the pending technical bills will change that. Towns follow (or don’t follow) a variety of procedures, mostly unpublished, vulnerable, and unverifiable.
  • No effective [vulnerability assessments]; no devil’s advocate
    You could say that CTVotersCount and the Coalition have been devil’s advocates, yet so far to little avail.
  • People who know little about security or the technology are in charge
    Many of our registrars and their staff demonstrate and will admit lack of knowledge of our voting technology. How many actually understand security? How many understand security technology such as the vulnerability of seals, locks, and the lack of security in a chain-of-custody filled out using an “honor system”? What security is there when most towns provide access with a single key and many provide access to that key for anyone working in the registrars office? How secure is access to the key or to the ballot storage by other means?

Forget those Dracula movies. Contemplate the value of ballots to our democracy while watching the Dog Snot video.

Not up for a scary movie? Here is a recent interview of Dr. Johnston on Op-News.  He provides suggestions for improving voting security. <read> Here the context is voting machines but the same considerations also apply to ballots. How many of these are in effect in your town?

Suggestions for better election security:

1.  Let’s try to separate concerns, questions, and criticisms about election security from political attacks on election officials (who are often elected themselves).  Security should be controversial and we need to listen to all input about it.

2.  Election officials need to think like the bad guy.  How would you cheat?

3.  Establish a health security culture and climate, where security is constantly on everybody’s mind and open for discussion and debate and review and outside analysis.

4.  Ironically (and counter-intuitively), the best security is usually transparent.

5.  Security is hard work, so expect to put in hard work.

6.  Do periodic background checks on people who move and maintain the voting machines.

7.  Somebody has to sign for the machines when they reach the polling place prior to the election (there can’t be a delay in delivery), and at least semi-watch them.  Use custodians, teachers, secretaries, and school kids (a great civics lesson!) to keep an eye on the machines if you can’t lock them up.

8.  Consider escorting the machines to and from the polling places.

9.  Lean on manufacturers of voting machines to get serious about security.

10.  Have a real, secure chain of custody, not bureaucratic forms to sign or initial purporting to be a chain of custody.

11.  Try bribing your people, then make them public heroes and let them keep the money if they decline.  (Wait at least one day, though.)  Word will get around it isn’t a good idea to accept a bribe.

12.  Form a pro bono citizens panel with local security experts to provide guidance.

13.  You must randomly select some machines before, during, and after the election to completely tear apart, examine, and reverse engineer.  Just seeing if they appear to run correctly is not good enough!  It’s too easy to turn cheating on and off.

14.  If you are going to use seals, provide at least a few hours of training in how to spot attacked seals.  Give lots of examples of attacked seals.  Discuss how the seals will likely be attacked.