Category: Legislature2013

Voting as safe as the big banks. Hypocrisy to go around.

Another installment in our observations of Cognitive Dissonance in Connecticut, especially the Legislature. The latest dissonance/hypocrisy involves the breech of personal information by state contractor JP Morgan Chase.
All we are left with is that Internet Voting is no more safe than Internet banking. Actually less so because vote fraud, without double entry bookkeeping is harder to detect and prove.

Another installment in our observations of Cognitive Dissonance in Connecticut, especially the Legislature. The latest dissonance/hypocrisy involves the breech of personal information by state contractor JP Morgan Chase. From the Courant: Tax Refund, Other Debit Card Data Exposed In Computer Breach <read>

When the state suddenly ended its longstanding practice of sending paper checks for tax refunds nearly two years ago, some taxpayers criticized the decision to provide refunds via debit cards.

Now, the state is scrambling as some data on those tax-refund cards may have been exposed to potential identity theft.

State Treasurer Denise Nappier announced Thursday that the personal information on some prepaid debit cards was exposed during an attack on the computer servers of JP Morgan Chase, the international banking giant that oversees the debit card program for Connecticut.

The computer breach covers multiple states, and 14,335 accounts were exposed in Connecticut, Nappier said. Nearly 7,000 of those accounts involved taxpayers seeking refunds, and the remainder covered items like unemployment benefits and child-support payments that are now issued on debit cards. Those included more than 4,400 accounts at the state Department of Social Services, nearly 3,000 accounts at the Department of Labor, and seven at the Department of Children and Families.

Actually sounds like pretty standard stuff these days. Company servers are breached or somebody steals a State laptop with data that should or should not be there etc. The public effected will be offered a number of months or years of free credit monitoring. But this is an election year and politicians are running for Governor.

Last year Senate Republican leader John McKinney of Fairfield raised concerns when his constituents complained about the switchover on tax refunds, saying the decision had been made unilaterally without notifying the state legislature beforehand.

When told Thursday about the security breach, McKinney said, “You gotta be kidding me!”

McKinney, who is running for the Republican nomination for governor, immediately called for a public hearing to obtain a full explanation of the details of the breach. He had sought a similar hearing nearly two years ago to answer questions about security and why JP Morgan Chase was

chosen for the job. The Democratic-controlled legislature, however, rejected the idea of a hearing and said the switch was a decision by Gov. Dannel P. Malloy’s administration.

“We were told this was a perfect solution,” McKinney said in an interview Thursday. “We were told this was foolproof and secure, and obviously the administration was wrong.”

State tax Commissioner Kevin B. Sullivan, a former lawmaker who served in the state Senate with McKinney for nearly six years, started laughing when he heard that McKinney was calling for a new hearing.

“Sen. McKinney wants to have a hearing on everything, and I appreciate that his gubernatorial campaign needs” publicity, Sullivan said. “His response to everything is to have a hearing.”

Sullivan said that no hearing is necessary and that state officials are working with the bank to resolve the issue.

So where is the hypocrisy?

CTVotersCount.org readers will recall that the Legislature did have hearings on Internet Voting this year, and clearly received information that the Internet voting was unsafe for voting. We provided testimony and documentation that computer and security experts, including Federal Government experts agree the Internet is unsafe for voting.

Where was Rep McKinney on that?  He voted for it, as did every other Representative and Senator, democrat and republican.

In 2012 Internet voting was put into an unrelated campaign finance disclosure bill by parties unknown. Such a provision, without hearings, is known as a “rat’. The bill itself had no hearings either and passed both houses, only stopped from becoming a law by the Governor’s veto.

There is no shortage of hypocrisy to spread around since the Governor signed this year’s bill despite his veto message from last year.

All we are left with is more proof that Internet Voting is no more safe than Internet banking. Actually less so because vote fraud, without double entry bookkeeping is harder to detect and prove. We also have, yet another, lesson on human nature, driven to believe what we would want.

Cognitive Dissonance? Not in Connecticut when it comes to the Internet

In psychology, cognitive dissonance is the discomfort experienced when simultaneously holding two or more conflicting cognitions: ideas, beliefs, values or emotional reactions. In a state of dissonance, people may sometimes feel “disequilibrium”: frustration, hunger, dread, guilt, anger, embarrassment, anxiety, etc – Wikipedia

The state fails at protecting data, legislators to get lesson in Internet security, N.I.S.T experts say unsafe the Internet is not safe for voting, the N.S.A. and others can look at practically anything, yet local registrars, the Secretary of the State, and the State Military Department can protect Internet voting by Legislative decree.

In psychology, cognitive dissonance is the discomfort experienced when simultaneously holding two or more conflicting cognitions: ideas, beliefs, values or emotional reactions. In a state of dissonance, people may sometimes feel “disequilibrium”: frustration, hunger, dread, guilt, anger, embarrassment, anxiety, etc – Wikipedia

The state fails at protecting data, legislators to get lesson in Internet security, N.I.S.T experts say unsafe the Internet is not safe for voting, the N.S.A. and others can look at practically anything, yet local registrars, the Secretary of the State, and the State Military Department can protect Internet voting by Legislative decree.

As CTVotersCount readers know, the Legislature passed Internet voting over the objections of the Secretary of the State. Choosing not to define it but to leave it up the Secretary and Military Department to define a secure way to accomplish it. Despite the concerns of virtually every Computer Scientist and experts from the National Institute of Standards. Who will implement the actual voting? 169 local municipalities, many with (very) part-time registrars? The Secretary of the State with the help of the State IT function?  Two more interesting events this week:

The Motor Vehicle Department inadvertently released the names of job applicants on its web site, making hacking into their computers unnecessary. Courant:  DMV Snafu Posts 400 Job Applicants’ Personal Info On State Website <read>

The state Department of Motor Vehicles’ commissioner has sent individual letters of apology to about 400 job applicants whose names, home addresses, phone numbers, email addresses and exam scores were posted on the DMV’s official website by mistake…

The DMV had intended to post a job announcement on its website about 1 p.m. on Aug. 27 for the position of “Information Technology Analyst 2.” But the following morning, someone from the DMV’s human resources unit discovered that instead of the job-vacancy posting, “a file with a spreadsheet containing the names and other information of candidates who had passed the examination for this title had been posted,” [Commissioner Melody A.] Currey said in the letter.

Wednesday at 1:00pm, in the Legislative Office Building: State Capitol Police Dept.: Internet Safety for Legislators & Staff. Apparently consisting of:

An “Internet Safety” training program available to all legislators and legislative employees. This comprehensive program is designed to heighten awareness on protecting yourself and your family from internet and technology crimes.

Sounds like a good idea. But would a similar training be available or even feasible for military and their dependents eligible for Internet voting, across the counter, the world, under the sea, and in combat situations?  Let alone election officials in 169 towns, if they become responsible for Internet voting?

For more read some of your past posts on Internet Voting or Internet Security

 

Electronic voting as safe as electricity and nuclear power?

In a recent Hartford Courant Op-Ed, Arthur House, chair of the Connecticut Public Utilities Regulatory Authority and previous Director of Communications of the Director of National Intelligence addressed cyber threats to public utilities. We cannot help but compare the concern of Mr. House for our utilities ability to protect the infrastructure, with the sure confidence of our Governor and Legislature in the ability of the Secretary of the State and local election officials to develop systems, at no cost, to make the Internet safe for online voting. Democracy is at least as important as the infrastructure.

In a recent Hartford Courant Op-Ed, Arthur House, chair of the Connecticut Public Utilities Regulatory Authority and previous Director of Communications of the Director of National Intelligence addressed cyber threats to public utilities: State Utilities Girding Their Cyber Defenses <read>

Cyber offense and defense are rapidly evolving forms of warfare. Our public utilities are among the target s foreign powers have penetrated. Our vital public services are vulnerable. U.S. national security leadership has seen the exercise of cyber probes and weaponry, some in overt military action and others, including foreign actions in the United States, more exploratory — “battlefield preparation,” in military terms.

For public utilities and the states that regulate them, cyber threats risk denial of electricity, water, natural gas and telecommunications. Our state emergency managers include cyber threats in their portfolio of hurricanes, ice storms, other natural disasters and physical sabotage. Cyber threats present a new dimension to emergency management with potentially devastating consequences and without the certainty of adequate defenses…

.Connecticut is intensifying its work with its public utilities, which long ago started their cyber defense programs and initiated planni ng for dealing with disruption. Several strengthening steps are possible, such as requiring utilities annually publish a statement from a reputable security company affirming (or not) that the company takes reasonable steps to ensure cyber security.

The most difficult adjustment lies with all of us — understanding and accepting the reality of cyber vulnerability and its unpredictable consequences. In the past, Americans have been able to take action, find reasonable solutions and do what makes sense without giving up the essential. We can do it with cyber, but it’s time to kick into gear.. The threat is real, and the work will be demanding.

We cannot help but compare the concern of Mr. House for our utilities ability to protect the infrastructure, with the sure confidence of our Governor and Legislature in the ability of the Secretary of the State and local election officials to develop systems, at no cost, to make the Internet safe for online voting. Democracy is at least as important as the infrastructure.

Student hijacks election, case highlights internet voting vulnerability

Another challenge for Secretary of the State Denise Merrill and the state Military Department in creating a safe online voting system for Connecticut. We would add that one of the key (pun intended) vulnerabilities in online voting is in the user id’s and passwords required for voting.

A former Cal State student was sentenced to one year in jail for hacking a student election, to gain positions which pay much better than most town council positions in Connecticut. Two excellent articles by Doug Chapin: Cautionary Tale: Student Gets Jail Time for Stealing Online School Election <read> and a follow-up by David Jefferson: <read>

The gist of the story from Chapin:

Technically, this isn’t the kind of election news I usually blog about (because it doesn’t involve a public election) but I thought it was worth sharing … From UTSanDiego:

A former Cal State San Marcos student who rigged a campus election by stealing nearly 750 student passwords to cast votes for himself and friends was sentenced Monday in federal court to a year in prison …Weaver, 22, of Huntington Beach was a third-year business student when he carried out the elaborate plan to win election as president of the school’s student council in March 2012. He pleaded guilty this year to three federal charges, including wire fraud and unauthorized access to a computer …

The plan to steal the election was months in the making.

On Weaver’s computer, authorities found a PowerPoint presentation from early 2012, proposing that he run for campus president and that four of his fraternity brothers run for the four vice president spots in the student government. The presentation noted that the president’s job came with an $8,000 stipend and the vice presidents each got a $7,000 stipend.

Weaver also had done a bit of research, with computer queries such as “how to rig an election” and “jail time for keylogger.”

A month before the election, Weaver purchased three keyloggers — small electronic devices that secretly record a computer user’s keystrokes [pictured above – ed.].

Authorities said Weaver installed keyloggers on 19 school computers, stole passwords from 745 students and cast ballots from the accounts of more than 630 of those victims.

The plot was discovered, however, when technicians spotted unusual activity on the last day of the election period:

Using remote access, technicians watched the computer user cast vote after vote. They also watched as the user logged into the account of a university official and read an email from a student complaining that the system would not let her vote.Weaver had already cast a ballot from the student’s account, which was why she couldn’t vote.

The techs called campus police, who found Weaver at the school computer. He had keyloggers with him and was arrested.

The student didn’t help himself when he engaged in an elaborate cover-up afterwards

Jefferson adds several cautionary concerns that the hacker could have been a bit smarter and been less likely to be caught or the hack discovered, and that a similar public election hack would have been more difficult to discover, concluding:

In the many debates on the subject of Internet voting it is important not to allow anyone to use this Cal State San Marcos student election experience to argue that online public elections can be made safe because those who would cast phony votes will be caught. Mr. Weaver’s actions were detected because he was voting from computers controlled by the university IT staff, and he was identified and caught because he was not even minimally technically skilled in the techniques that could have distanced him from the crime. In a high stakes public election we will not be so lucky.

What would we add?

We would add that one of the key (pun intended) vulnerabilities in online voting is in the user id’s and passwords required for voting.

What if Matthew Weaver had spent his time getting a job in the computer lab and obtained the list of passwords from a central server and then made some timely changes to alter logs of the ip addresses used for voting?

The now famous D.C. Hack among other things demonstrated that even outsiders have the possibility of gaining a list of voters and their passwords.

One of those pesky details that would confront Connecticut Secretary of the State, Denise Merrill and the Sswtate Military Department when they design a safe online voting system for Connecticut.  If they choose web based voting, how in the age of Bradley Manning access can they insure that military computers and individuals’ computers are safe for internet voting? How can they assure that passwords sent through the mail arrive in time, to the intended recipient, and uncompromised?

Gov Malloy signs bill similar to one he said was risky and unconstitutional last year

Last year in 2012, after several weeks of consideration, Governor Malloy vetoed H.B. 5556 writing in his veto message:

Upon close examination, however, I find that some portions of this bill likely violate the United States Constitution…I cannot support the bill before me given its many legal and practical problems…First, as a matter of policy, I do not support any mechanism of voting that would require an individual to waive his or her constitutional rights in order to cast a timely, secret ballot, even if such waiver is voluntary. Second, as the Secretary of the State has pointed out, allowing an individual to email or fax an absentee ballot has not been proven to be secure. In 2011, the United States Department of Commerce, National Institute of Standards and Technology, issued a report on remote electronic voting. The report concluded that remote electronic voting is fraught with problems associated with software bugs and potential attacks through malicious software, difficulties with voter authentication, and lack of protocol for ballot accountability. None of these issues are addressed in this bill.

Last year in 2012, after several weeks of consideration, Governor Malloy vetoed H.B. 5556 (see Pages 51-55) writing in his veto message:

Upon close examination, however, I find that some portions of this bill likely violate the United States Constitution…I cannot support the bill before me given its many legal and practical problems…
HB 5556 also contains a provision allowing deployed service members to return an absentee ballot by email or fax if the service member waives his or her constitutional right to a secret ballot. I agree with Secretary of the State Denise Merrill that this provision raises a number of serious concerns. First, as a matter of policy, I do not support any mechanism of voting that would require an individual to waive his or her constitutional rights in order to cast a timely, secret ballot, even if such waiver is voluntary. Second, as the Secretary of the State has pointed out, allowing an individual to email or fax an absentee ballot has not been proven to be secure. In 2011, the United States Department of Commerce, National Institute of Standards and Technology, issued a report on remote electronic voting. The report concluded that remote electronic voting is fraught with problems associated with software bugs and potential attacks through malicious software, difficulties with voter authentication, and lack of protocol for ballot accountability. None of these issues are addressed in this bill. To be clear, I am not opposed to the use of technology to make the voting process easier and more accessible to our citizens. However, I believe that these legitimate problems have to be carefully studied and considered before enacting such a provision.

Last year the fax and email voting provisions were a glaring ‘rat’ stuffed into an unrelated emergency bill. Some said the Governor was against the underlying bill, but wanted more cover for the veto. We hoped, that even if that were the case, the accurate analysis of that ‘rat’ would still prevail this year. Apparently not.

There is a distinction without a difference in this year’s bill, S.B. 647, with regard to the elements of the veto message. Last year’s bill specified email or fax return of ballots. This year’s bill requires the Secretary of the State and the CT Military Department to determine a safe method of Internet voting. But all known methods have the same security risks and they all violate the Connecticut and U.S. Constitutions.

We could argue that this year’s bill is worse in at least three regards, requiring two impossible feats by the Secretary of the State, although she will have the help of the CT Military Department the three feats. One which the U.S. Defense Department has found impossible:

  • Develop a secure electronic voting system which does not violate the Constitutions.
  • Have that system transmit results immediately to the appropriate town hall.
  • Develop , implement, and operate such a system at no cost to the state and towns.

Summary Of The Problems With The Bill

  • This bill is a threat to the security, accuracy, and secrecy of the votes of our military members and their dependents, and thus to the certified outcomes of our elections.
  • It is unconstitutional since it violates the Connecticut Constitution, which states: “The right of secret voting shall be preserved.”
  • It requires the Secretary of the State and the Connecticut Military Department to develop a system for secure and private online voting by October 1st. A task that security experts, computer scientists, and experts at Homeland Security, and NIST (The National Institutes of Standards and Technology) believe is technically impossible.
  • It is further complicated by provisions for voting by deployed military dependents. It also is not restricted to deployed military, not even restricted to military actually on duty.
  • It sets a requirement for guaranteed receipt immediately in each voter’s municipality. This cannot be accomplished by either fax or email return.
  • While online voting through a web page might be developed to meet the guaranteed return requirement, it is also insecure, risks the secret vote, and would be very expensive.
  • All known methods of Internet voting would likely violate Connecticut’s Voter Verified Paper Records law established in 2005.

The Requirements of the Bill*
[Our comments in brackets]

  • On or before October 1, 2013, the Secretary of the State, in consultation with the Military Department, shall select a method for use in any election or primary held after September 1, 2014 [After the August 2014 Primary]
  • may be used by any elector or applicant for admission as an elector who is a  member of the armed forces and expects to be living or traveling outside the several states of the United States and the District of Columbia before and on election day, [Any travel or living change would apply, duty related or not. A National Guard member not deployed but on vacation or a business trip could presumably vote under this act]
  • or such member’s spouse or dependent if living where such member is stationed, [It includes spouses and dependents but not those on vacation, at college, or on business trips]
  • gives due consideration to the interests of maintaining the security of such ballot and the privacy of information contained on such ballot, [due consideration’ should include assuring the Constitutional requirement of a secret vote be strictly maintained. It should include evaluation by computer security experts, and effective security testing]
  • and…ensures receipt, prior to the closing of the polls on the day of the election or primary, of such ballot by the municipality in which the member or member’s spouse or dependent is enrolled or has applied for admission as an elector, if such method is properly utilized by such  member or such member’s spouse or dependent prior to the closing of  the polls on the day of the election or primary. [Thus, it must be guaranteed to be received by some official, inbox, or machine in the appropriate municipality by 8:00pm EST, if voted by 8:00pm EST (i.e. this is immediately). And 8:00pm EST could be almost any hour of the 24 hours in a day, depending on the deployment, business, or vacation location(*)]
  • Not later than January 1, 2014, the Secretary of the State shall submit a report, in accordance  with section 11-4a of the general statutes, to the joint standing committees of the General Assembly having cognizance of matters relating to elections and veterans’ and military affairs describing such  method and any legislative changes necessary for its implementation. [But necessary legislation enacted or not, implementation is required by this bill]

* After the bill was passed by the CT House and Senate we sent a letter to Governor Malloy asking for a veto, reminding him of his veto last year.  We made one mistake in that letter – using an older version of the bill, we misinterpreted the time requirement, stating that the bill did not require ‘immediate’ transmittal, but transmittal in four hours, by the close of election day, not the close of the polls. The actual bill creates a tougher, much more difficult barrier to implementation. This post updates portions of the details in that letter to conform to our corrected interpretation.

Analysis of the three known options: Email, Fax, and Online Voting

  1. Email is (1) of course, not secure with the NSA listening in, interceptable by bad external actors, and directly accessible by insiders such as email vendors, insiders at data centers all along the way from personal computers or military computers, state computers, local town computers, and every stop along the way. (2) Email cannot meet the mandated fimmediate delivery requirement – often emails take much longer to traverse the Internet, presumably especially from remote locations the military must protect (3) Email frequently is not delivered at all. Several times a year we become aware of emails sent to us that never arrive. (4) Email schemes we are aware of, in other states, all require that an individual in an elections office or town hall receive and print the “ballot” for counting – a clear violation of the secret vote. (5) Email would have to cover personal computers for spouses and dependents, not military computers. And the military member might be on vacation or business in an area where no military computer access is available.
  2. Fax, (1) like email is subject to interception in transmission (2) and like mail is subject to individuals in town hall or state government viewing the fax as it is received. (3) Subject to viewing and potential viewing by multiple members of the military as it is passed up the chain-of-command and to the Voting Assistance Officer, as articulated by Representative Alexander. (4) We cannot expect the chain-of-command to pass votes and wake Voting Assistance Officers to pass votes along at all hours and within four hours, nor to provide services to dependents – Note the deployed military chain-of-command also has a war to fight and enemies that might not avoid attacking during that critical four-hour period.
  3. Online Voting – By online voting we mean some interactive means of voting on a web page or sending a .pdf ballot under the control of a webpage, not via email. (1) Online voting can be more secure that email or fax voting, yet is still not secure as confirmed by NIST and Homeland Security. And no online voting system has proven secure by sufficient evaluation and testing – in fact, the only system subject to some public testing quickly failed spectacularly and another was broken by an average citizen, while vendors refuse to open their systems to scrutiny.  (2) Online voting may be difficult to administer and use, when the system is too hard to use vendors often blame the voters. (3) Online voting is expensive! Will the state and local officials making home-grown solutions, do better than highly funded vendors or turn to the vendors expensive, ineffective solutions? Such a system would have cost just Edmonton, Alberta $400,000. (4) Online systems entail emailing or paper mailing IDs to the voters – email can be compromised, and avoiding especially slow and unreliable outgoing mail to deployed military is a major motivation for this bill. (5) Once again, online voting cannot be restricted to military computers and serve dependents or serve soldiers away from home, not on Military business.

Another Miracle for the Secretary, Military Department, and Local Officials

The Legislature requires that the report, voting implemented, and run at no cost! It was passed with a note from the Office of Fiscal Analysis stating: “NO FISCAL IMPACT”. Note: A similar, yet less challenging task for the Secretary of the State to evaluate in another proposed bill this year, was estimated at $150,000. (See the Fiscal Note for S.B. 777).

Additional Documentation

Bruce McConnell Expert from the Department of Homeland Security
NPR: Online Voting ‘Premature,’ Warns Government Cybersecurity Expert
http://tinyurl.com/BMDHSNPR

Warnings about the dangers of Internet voting have been growing as the 2012 election nears, and an especially noteworthy one came Thursday from a top cybersecurity official at the U.S. Department of Homeland Security.

Bruce McConnell told a group of election officials, academics and advocacy groups meeting in Santa Fe, N.M., that he believes “it’s premature to deploy Internet voting in real elections at this time.”

McConnell said voting systems are vulnerable and, “when you connect them to the Internet, that vulnerability increases.” He called security around Internet voting “immature and underresourced.”

McConnell’s comments echo those of a number of computer scientists who say there’s no way to protect votes cast over the Internet from outside manipulation.

NIST: Internet Voting Not Yet Feasible http://tinyurl.com/NISTeVote

Internet voting is not yet feasible, researchers from the National Institute of Standards and Technology have concluded. ”Malware on voters’ personal computers poses a serious threat that could compromise the secrecy or integrity of voters’ ballots,” said Belinda Collins, senior advisor for voting standards within NIST’s information technology laboratory, in an May 18 statement. ”And, the United States currently lacks an infrastructure for secure electronic voter authentication,” she added. Collins released the statement in response to an inquiry from Common Cause, a Washington, D.C. nonprofit active in campaign finance and election reform.

“This statement should serve as a blunt warning that we just aren’t ready yet and proves that we can’t trust the empty promises of ‘secure Internet voting’ from the for-profit vendors,” said Susannah Goodman, head of Common Cause’s Voting Integrity Project. ”We urge election officials and state and federal lawmakers to heed NIST’s warning and step back, support further research and STOP online voting programs until they can be made secure,” Goodman added…

Secretary of the State’s Symposium on Online Voting

An exceptional panel of experts on voting technology and the challenges of overseas voting. Credit is due to the panelists, the Secretary, and those who contributed behind the scenes in making this event possible. John Dankowski, of Connecticut Public Broadcasting did an exemplary job of moderating a very civil, thorough debate. Video: http://tinyurl.com/SOTSOVS

Secretary of the State Denise Merrill’s testimony on S.B. 283, 2/22/2013:

Now, Senate Bill 283 concerning — AN ACT CONCERNING ON-LINE VOTING FOR MILITARY PERSONNEL SERVING OUT OF STATE. Again, I think everyone in this room supports the ability of our brave men and women in uniform, especially those serving overseas in places like Afghanistan, to vote and have their ballot counted.

I still have two, major concerns with this bill that prevent me from supporting it at this time. I mean, first, it talks about on-line voting. There — you should be aware, there’s a lot of different versions of what that actually means. So I’m presuming here it would mean developing an on-line application where the Soldier, Sailor, Airman or Airwoman or Marine can, again, have a secure log-in and — and actually select their ballot choices on the computer through a web-based application, which is different than some other proposals that have been made with electronic transmission.

This system, again, would be very costly, very expensive; and I’m talking millions of dollars to develop. My main objection to this, besides the cost which is significant — and, again, I’d like to make sure we have a problem before we spend that kind of money — but my main objection is that we simply — I don’t think we have the technology to guarantee the security, integrity of that ballot and prevent tampering or hacking these votes that are submitted on-line. It’s the same objection we have to any ballot submitted on-line at this time.

We had a — we convened a public forum on this topic with foremost experts in this field, last year at CCSU. The forum was televised; we have it on our web site; you can see what was said by these people. We asked one of the top computer science experts in the country what it would take to make on-line voting secure, and he said, Let me put it this way, saying you can have secure on-line voting is like saying you can have safe smoking.

Many people say, well, we can do bank on — banking on-line; why can’t we vote on-line? Again, I posed that exact question to the experts at that forum, and the answer was that the banking industry builds into their revenue forecast a two-to-three percent loss of funds every year due to fraud and hacking through on-line banking. I don’t think we can afford to have that kind of leeway, shall we say, in our election system. I don’t think we can adopt that kind of a model. And I, certainly, would never be able to accept the loss of a number of votes due to fraudulent hacking, just in the name of convenience. So I just don’t think we’re ready to go there.

Who knows; in the future, this may change. But I would just need to be assured before we came up with any system like that for any voter, that no one could tamper with the ballots. And I think right now, as you all know, if you have an e-mail system, yourself, I’m sure every one of us have had our e-mails hacked in some way or another or gotten or not received mail because it went into the wrong folder or whatever. It would be very difficult to design that kind of a system, so I’d be able to — I’d be — want to be able to look every Connecticut military person and their family in the eye and tell them that the vote is secure. And I don’t feel I can do that at this time.

From Representative Alexander’s Statement in Veterans Affairs Committee Hearing 2/19/2013:

REP. ALEXANDER: Thank you, Mr. Chair. I’ll be real quick. I appreciate the Clerk’s position in trying to make it easier to have servicemen and women vote any where deployed or — or in a unit wherever, and have a Voting Assistance Officer. I really took that to heart myself. But did you ever think of possible fraud when it comes to allowing military men and women to fax in their ballot, where, you know, as someone who — who was an Adjutant and ran an S1 in a battalion, the — the way usually squadrons and battalions work, you know, you’d have a Lance Corporal, a 19 or 20-year-old, fine, outstanding young man or woman who wanted to vote fill out the ballot, and then bring that piece of paper to the S1 office to be faxed. He or she doesn’t fax it themselves. Another clerk does.

ANTOINETTE SPINELLI: Oh, is that right?

REP. ALEXANDER: That — that would probably be the very common way this is implemented in most units, at the unit level, where you have a 19-year-old individual, a 20-year-old person, a Lance Corporal wants to vote — good on him for wanting to do that — brings that to their Platoon Sergeant up the chain. That Platoon Sergeant maybe, or a Squad Leader, facilitates the Lance Corporal to go to the S1 office. He submits that, and that will get faxed with a whole stack of other faxes that are going to go out in the office. And as someone that was an Adjutant, I was running an office like this day in and day out. And as an Adjutant, I would worry, as being sort of the person who is managing this type of office, that I would have a fellow maybe Lance Corporal faxing this information, where you might have someone that, being 19 or 20 years old, didn’t realize that, oh, changing it from, you know, Senator McCain, to President Obama is not a serious felony offense, which it is, and because of that chain of custody in — in reality, and — and the way maybe the military works in — in professional office spaces, I would just worry that during this handover to the fax, that you’re opening the door for potential fraud.

But the individual’s not, themselves, faxing it. Most likely, and most of the times in squadrons, you’re going to have a third party doing it, usually a 20, 21, 22-year-old Corporal or Lance Corporal doing that. And as an Adjutant running an S1, I’d be very concerned about this, and — and monitoring this very carefully, but — but that is something that would really concern me, and — and trouble me. Have the clerks thought of it from — from that angle at all? Where you could have potential voter fraud coming out of this?

 

If elections can be protected at no cost, what about the electric grid?

Tongue in cheek, we note that this may be a major redundancy in effort and expense by utility regulators, since the Legislature has mandated that the Secretary of the State and the Military Department come up with a plan to provide secure electronic voting to the military by October 1st. The Secretary is also mandated in that bill to not only come up with the plan but to implement it without any expenditure!

When we see everybody from the CIA to Lockheed Martin and the Bank of America being hacked, along with concerns for our grid from our utility regulators, it’s pure hubris to think that our elections could not be compromised.

An article in the Courant last week highlights the risks to our electric grid and the plans slowly moving forward to enhance its security: State Plan For Cyber Threats To Electric Grid Taking Shape – Utilities Cooperating With Regulators On Plan <read>

Dan Esty, the state’s energy commissioner, sat across a conference table from Art House, Connecticut’s head utility regulator, in the bunker of the State Armory in Hartford last July for a drill that simulated a statewide response to a major hurricane.

Esty, with other state officials and utility executives nearby, asked whether House remembered exercises like these from his days doing intelligence work for the federal government.

“There are two kinds of drills I’ve done in Washington,” House said. There’s the predictable type of emergency, like hurricanes and ice storms, that the state needs to be ready for. And then there’s the unpredictable.

“I worry more about unforeseen type, like a cyber attack,” he said.

That conversation, the two officials said, seeded a quickening and serious discussion of the state’s liability to hackers that would aim to control or damage critical facilities, like the electric grid. House, chairman of the state’s Public Utilities Regulatory Authority, is drafting a plan with utilities on how to prepare for, address and respond to cyber attacks.

“Cyber probes are a fact of life,” House said in an interview this week. “Connecticut needs to look at it in terms of defense. Are we doing everything we can?”…

Federal security officials warn that electronic attacks on these critical facilities could create “the potential for large-scale power outages or man-made environmental disasters” and cause “physical damage, loss of life and other cascading effects that could disrupt services,” the Department of Homeland Security’s deputy inspector general, Charles Edwards, said in a congressional testimony last month…

In Connecticut, House plans for a rough draft of the state’s cybersecurity plan to be finished by Labor Day, with a final version completed by January 2014. It will examine how state utilities could build up their electronic defenses against cyber attacks as well as how private and municipal emergency managers should be prepared in the event of such an attack.

A major piece of the state’s cybersecurity efforts will lean on the federal intelligence and security resources that track and investigate cyber attacks, said House, adding that his previous work for the U.S. National Geospatial-Intelligence Agency will aid in the state’s efforts. “Cyber defense is not a matter of geography. It’s a matter of national defense. It goes across state line and across industries.”

Joel Gordes, president of West Hartford energy consultancy Environmental Energy Solutions, has long called for attention to the cyber security issue. He cites testimonies attached to names like Defense Secretary Chuck Hagel, Former Defense Secretary Robert Gates and Former CIA Director Leon Panetta that raised concerns about the issue, concluding that it’s about time Connecticut takes a clear-eyed look at cyber security.

“When we see everybody from the CIA to Lockheed Martin and the Bank of America being hacked, it’s pure hubris to think that our electric grid could not be compromised,” he said…

Data sharing was one of inspector general Edwards’ concerns. He said that the Department of Homeland Security’s cyber security office needs to consolidate its information sharing efforts with other agencies and the private sector to “ensure that these stakeholders are provided with potential [industrial control systems] threats.”

A group of energy companies and public and private groups expressed concerns about the timeliness of federal assessments on cyber threats, specifically noting that they feel that “a great deal of time might elapse until stakeholders were made aware of the same of similar incident that could affect their systems.”

Tongue in cheek, we note that this may be a major redundancy in effort and expense by utility regulators, since the Legislature has mandated that the Secretary of the State and the Military Department come up with a plan to provide secure electronic voting to the military by October 1st. The Secretary is also mandated in that bill to not only come up with the plan but to implement it without any expenditure!

For the utilities “A major piece of the state’s cybersecurity efforts will lean on the federal intelligence and security resources that track and investigate cyber attacks”, however, we doubt that support would do much good since experts at Homeland Security and NIST claim that Internet voting cannot be made save.

For more details on the feats to be accomplished by the Secretary of the State and Military department, see our recent post: Governor Malloy: Please Veto Internet Voting Bill

To paraphrase Mr.House,

When we see everybody from the CIA to Lockheed Martin and the Bank of America being hacked, along with concerns for our grid from  our utility regulators, it’s pure hubris to think that our elections could not be compromised.

Governor Malloy: Please Veto Internet Voting BIll

Earlier this week we sent a letter to Governor Malloy requesting that he veto Senate Bill 647, now Public Act 13-185. It is now up to the Governor to protect voting integrity, uphold the Connecticut Constitution, and remain steadfast to the principles articulated to his veto message last year for a similar bill.

Earlier this week we sent a letter to Governor Malloy requesting that he veto Senate Bill 647, now Public Act 13-185. It is now up to the Governor to protect voting integrity, uphold the Connecticut Constitution, and  remain steadfast to the principles articulated to his veto message last year for a similar bill. <full letter>

Here is the summary from the letter articulating why a veto is appropriate:

  • This bill is a threat to the security, accuracy, and secrecy of the votes of our military members and their dependents, and thus to the certified outcomes of our elections.
  • It is unconstitutional since it violates the Connecticut Constitution, which states: “The right of secret voting shall be preserved.”
  • It requires the Secretary of the State and the Connecticut Military Department to develop a system for secure and private online voting by October 1st. A task that security experts, computer scientists, and experts at Homeland Security, and NIST (The National Institutes of Standards and Technology) believe is technically impossible.
  • It is further complicated by provisions for voting by deployed military dependents. It also is not restricted to deployed military, not even restricted to military actually on duty.
  • It sets a requirement for guaranteed receipt within four hours in each voter’s municipality. This cannot be accomplished by either fax or email return.
  • While online voting through a web page might be developed to meet the guaranteed return requirement, it is also insecure, risks the secret vote, and would be very expensive.
  • All known methods of Internet voting would likely violate Connecticut’s Voter Verified Paper Records law established in 2005.

Political Disclosure: Sausage making is clearer and cleaner

This year the disclosure bill was back with full public hearings and some of the objections mitigated, heading for a legitimate debate and vote. Yet, it has been marred again with at least three additional concepts added. At minimum these concepts/bills deserve individual debate and up and down votes. The only concept that should be adopted is a good disclosure bill.

Last year the political disclosure bill was marred by the last minute inclusion of email and fax voting and provisions crafted behind closed doors in an “emergency bill”. Drawing the Governor’s veto based partially on the risks of the Internet and the unconstitutionality of an individual waiving the secret vote <read> As we pointed out earlier this week, this year there is an even stranger Internet voting bill.

This year the disclosure bill was back with full public hearings and some of the objections mitigated, heading for a legitimate debate and vote <read>

But once again that bill is apparently being stuffed with other, unrelated, and additional controversial items. A grab-bag of items only insider politicians would love, CTNewsJunkie:  Despite Latest Evidence of Corruption, Lawmakers Consider Giving More Money to Parties, PACs <read>

Behind closed-doors Tuesday, lawmakers were crafting legislation that would help them funnel more money to political party committees, legislative leadership committees, and political action committees.

According to Rep. Ed Jutila, who co-chairs the General Administration and Elections Committee, the “essence” of the bill is an attempt to address the Citizens’ United decision that allowed unlimited amounts of money to be spent by Super PACs either for or against candidates — even if those candidates participated in the public campaign finance system. Close to $700,000 in independent expenditures from Super PACs was spent in the 2012 election cycle.

“It’s one way to try and even the playing field,” Jutila said Tuesday.

Jutila said the amount of money individuals can give to the candidates participating in the Citizens’ Election Program will not change under the omnibus campaign finance bill, but the amount of money individuals can give to the two major parties, leadership PACs, and town committees will increase under the proposal.

The proposal comes just one week after a federal corruption trial demonstrated exactly how much sway money has over Connecticut politics and policymaking. During that trial, a cooperating witness detailed how he was able to use the donations to former House Speaker Chris Donovan’s failed congressional campaign and three Republican leadership PACs controlled by House Minority Leader Lawrence Cafero in an effort to kill legislation detrimental to the interests of smoke shop owners…

The bill is an aggregation of a number of the concepts from four pieces of legislation introduced earlier this year by the General Administration and Elections Committee.

One of those bills would increase the amount of money an individual could donate to a State Central Committee from $5,000 to $10,000. The amount a town committee or leadership committee could receive from an individual would go from $1,000 to $2,000, and all other PAC limits would increase from $750 to $1,000.

It would also allow State Central Committees for the Democratic and Republican Parties to sell ad books as another way to raise money. The ability to sell advertising space in booklets handed out at public events was removed from the parties in 2005 when the Citizens’ Election Program was created.

Another bill, which has been lumped into the campaign finance package, would lift a ban on donations from state contractors and would allow them to give up to $1,000 to their local town committee. The 2005 law prohibited anyone doing business with the state from donating money.

In addition, the bill would include Sen. President Donald Williams’ ban on cross-endorsements by third parties. It would also prohibit the use of certain words such as “Independent” from the names of political parties in the state.

So a bill designed to counter some of the effects Citizens United will actually increase the money flowing from state contractors into elections. Worse it would end cross-endorsements and make the name of an existing political party illegal. The cross-endorsement bill was the subject of almost uniform opposing testimony and statements from Committee members who then voted for that bill.

At minimum these concepts/bills deserve individual debate and up and down votes. The only concept that should be adopted is a good disclosure bill.

CT Senate’s Magical Mystery Military Voting Tour

In summary the bill requires the Secretary of the State, Military Department, and Local Officials to defy science and economics, performing at least two miracles!

Just in time for Memorial Day, the Connecticut Senate has passed unanimously, an amended version of S.B. 647, An Act Concerning Voting By Members Of The Military Serving Overseas – To permit voters who are members of the armed forces and serving overseas to return ballots by electronic means

Just in time for Memorial Day, the Connecticut Senate has passed unanimously,  an amended version of S.B. 647, An Act Concerning Voting By Members Of The Military Serving Overseas – To permit voters who are members of the armed forces and serving overseas to return ballots by electronic means <amended version>

In summary the bill requires the Secretary of the State, Military Department, and Local Officials to defy science and economics, performing at least two miracles!

The previous version directed that the Secretary and the Military department develop a method for safe electronic voting and produce a report outlining needed changes in the law by next January. This bill requires them to develop that method by October 1st this year and that it be implemented in 2014, apparently regardless of their success in developing such a method and their success in passing such legislation.

The Requirements of the Bill
[Our comments in brackets]

  • On or before October 1,  2013, the Secretary of the State, in consultation with the Military Department, shall select a method for use in any election or primary held after September 1, 2014 [After the August 2014 Primary]

  • may be used by any elector or applicant for ad ission as an elector who is a  member of the armed forces and expects to be living or traveling outside the several states of the United States and the District of Columbia before and on election day, [So any travel or living change applies, duty related or not, so, a National Guard member not deployed but on vacation or a business trip could presumably vote under this act]

  • or such member’s spouse or dependent if living where such member is stationed, [It includes spouses and dependents but not those on vacation, at college, or on business trips]

  • due consideration to the interests of maintaining the security of such ballot and the privacy of information contained on such ballot, [We assume ‘due consideration’ should include assuring the Constitutional requirement of a secret vote be strictly maintained]

  •  and…ensures receipt, prior to the closing of the polls on the day of the election or primary, of such ballot by the municipality in which the member or member’s spouse or dependent is enrolled or has applied for admission as an elector, if such method is properly utilized by such  member or such member’s spouse or dependent prior to the closing of  the polls on the day of the election or primary. [So, within 4 hours of voting by 8:00pm EST, it must be guaranteed to be received by some official, inbox, or machine in the appropriate municipality. 8:00pm EST could be almost any hour of the 24 hours in a day, depending on the deployment, business, or vacation location]

  • Not later than January 1, 2014, the Secretary of the State shall submit a report, in accordance  with section 11-4a of the general statutes, to the joint standing committees of the General Assembly having cognizance of matters relating to elections and veterans’ and military affairs describing such  method and any legislative changes necessary for its implementation.

Lets look at the three known options: Email, Fax, and Online Voting

  • Email is (1) of course, not secure with the NSA listening in, interceptable by bad external actors, and directly accessible by insiders such as email vendors, insiders at data centers all along the way from personal computers or military computers, state computers, local town computers, and every stop along the way. (2) Email cannot meet the mandated four hour delivery requirement – often emails take much longer to traverse the Internet, presumably especially from remote locations the military must protect (3) Email frequently is not delivered at all. Several times a year I become aware of emails sent to me that never arrived. (4) Email schemes we have seen all require that an individual along the way receive and print the “ballot” for counting – a clear violation of the secret vote. (5) Email would have to cover personal computers for spouses and dependents, not military computers. And the military member might be on vacation or business in an area where no military computer access is available.
  • Fax, (1) like email is subject to interception in transmission (2) and like mail is subject to an individuals in town hall or state government viewing the fax as it is received. (3) subject to viewing and potential viewing by multiple members of the military as it is passed up the chain-of-command and to the Voting Assistance Officer as articulated by Rep Alexander. (4) We cannot expect the chain-of-command to pass votes and wake Voting Assistance Officers to pass votes along at all hours and within four hours, nor to provide services to dependents – did we mention they also have a war to fight and enemies that might not avoid attacks during that critical four hour period.
  • Online Voting – By online voting we mean some interactive means of voting on a web page or sending a .pdf ballot under the control of a webpage, not via email. (1) Online voting can be more secure that email or fax voting, yet is still not secure as confirmed by NIST and Homeland Security. And no online voting system has proven secure by sufficient evaluation and testing – in fact, the only system subject to some public testing failed spectacularly and another was broken by an average citizen, while vendors refuse to open their systems to scrutiny.   (2) Online voting may be difficult to administer and use, when the system is too hard to use they blame the voters. (3) Online voting is expensive! Will the state  and local officials do better than highly funded vendors or turn to their ineffective solutions? It would have cost just Edmonton Alberta $400,000. (4) Online systems entail emailing or paper mailing IDs to the voters – email can be compromised, and avoiding especially outgoing mail is the whole motivation for this bill.  Which brings us to an additional miracle. (5) Once again, it cannot be restricted to military computers.

Another Miracle for the Secretary, Military Department, and Local Officials

The Legislature requires that the the report, voting implemented, and run at no cost! It was passed with a note from the Office of Fiscal Analysis: “NO FISCAL IMPACT”. Or as articulated in more detailed note for the committee approved bill:

State Impact: None

Municipal Impact: None

Explanation

The bill, which requires the Secretary of the State to develop and report on a method for returning the ballot of a military member stationed overseas, has no fiscal impact.

The Out Years

State Impact: None

Municipal Impact: None

We doubt anything close to claiming some level of security or privacy can be done at no cost. An online system would be in the hundreds of thousands, a credible study and report on fax and email would require extensive expertise and time.

An interesting comparison is with a somewhat similar but much easier and feasible requirement in another bill passed by the same committee this year, and also analyses with a note from the Office Fiscal Analysis. The bill allows municipalities to use, at their option, electronic check-in. It requires, probably in response to our testimony, that the Secretary provide a list of acceptable electronic check-in equipment, much less a task:

State Impact:

Agency Affected Fund-Effect FY 14 $ FY 15 $
Secretary of the State GF – Cost 150,000 10,000

 Municipal Impact:

Municipalities Effect FY 14 $ FY 15 $
Various Municipalities Potential Cost Less than 20,000 Less than 20,000

 Explanation

The bill would allow registrars of voters to use electronic systems that are approved by the Secretary of the State (SOTS) to check in voters. The bill would also require SOTS to create and maintain a list of electronic devices that municipalities may use for electronic checking in of voters.

The SOTS is anticipated to incur a cost of $150,000 in FY 14 to review, approve, and create a list of approved electronic devices for use in the voter check in process. The SOTS is anticipated to incur on-going costs of $10,000 per year beginning in FY 15 to maintain and update the list of approved electronic devices. Given the technical nature of device approval it is expected that the costs identified for SOTS will support a contracted consultant.

To the extent that municipalities decide to utilize electronic resources to check in voters, there is a potential cost to municipalities arising from their purchase of such devices. The cost potentially incurred by municipalities is dependent upon the type of equipment utilized and number of polling stations in a municipality. Such costs are not anticipated to exceed $20,000 for municipalities that decide to utilize this type of equipment.

The Out Years

The annualized ongoing fiscal impact for SOTS identified above would continue into the future subject to inflation. Municipal costs in the out years would be dependent upon the lifecycle of the equipment utilized.

What is Secretary Merrill to Do?
(If this bill passes the House and is not vetoed again by the Governor)

We presume the Secretary is expected to obey the law, and that Secretary Merrill maintains her past opposition to electronic voting as expressed in her testimony on this bill and on S.B 283, stated by experts in her Online Voting Symposium, and confirmed by the Governor’s veto last year.

Normally, we presume Connecticut has a government of men (and women), of a Constitution, and not of miracles! We do not believe the Constitution requires that any official perform miracles. If it did then it would be easy to command the Governor to solve all our budget, tax, and funding problems in a similar manner.

While her response is up to the Secretary, we would suggest she insist that the report include:

  • Even experts at Homeland Security and the National Institute of Standards and Technology agree with the vast majority of computer scientists and security experts that the Internet is not safe and cannot be made safe for voting.
  • That while we have a dedicated state Military Department and legendary state and local Information Technology Departments, it is unlikely that they can defy science to do better than the U.S. Military, and large financial institutions which are regularly hacked.
  • That she and the Military Department cannot meet the requirements of the law that secrecy and security be protected.
  • That any requirements not include directives to the U.S. Military, which has shown a lack of enthusiasm and compliance with directives regarding military voting from the U.S. Congress.
  • At minimum the Constitution would need to be amended to eliminate or adjust the requirement of a secret vote, and this law amended to eliminate the requirement for ‘due consideration’ of security and privacy.
  • That the Office of Fiscal Analysis incorrectly stated the costs of study, implementation, and operation.
  • Any system should be subject to extensive independent, contracted security evaluation and testing along with well notified extensive public testing, and public comment, to guarantee its security and secrecy. Such testing should include random unannounced testing using typical equipment in the typical environments to be used by the military members and their dependents. Our voters and our military are worth this and deserve it!

Rational reasons against the National Popular Vote

Jason Paul joins a group of distinguished, prominent, and thoughtful democrats who have warned of the risks of the Compact: Former Wesleyan Professor and U.S. Senator Daniel Patrick Moynihan, Former Secretary of the State Susan Bysiewicz, Former State University Chancellor William Cibes, and Minnesota Secretary of State Mark Ritchie.

CTNewsJunkie hosted dueling op-eds for and against the National Popular Vote Compact:  Procedural Problems Plague National Popular Vote Compact Bill <Jason Paul against> <Andrea Levien against>

Jason echoes some of the same concerns we have expressed in our earlier op-ed at CTNewsJunkie and our testimony to the General Assembly.

Unfortunately, too much of the discussion and debate has revolved around the normative question: Would it be better to have a national popular vote or an Electoral College process? This is an interesting discussion and I am honestly quite torn on the question. From a normative perspective, I would probably pick the National Popular Vote.

Too many people are answering the normative question, however, and then ending the inquiry. When it comes to this bill that simply cannot be where the discussion stops. The practicalities and the details of running elections matter immensely. Shortcuts are problematic.

Under the current system, the Presidential election is decided based on the outcomes in 56 districts (50 states, plus D.C. and five congressional districts in two states that give a vote to the winner of their Congressional districts). These are all separate election contests, administered by 51 different state bodies (the 50 states, plus D.C.] Each of these 51 bodies has different rules, different guidelines, and different standards. This is fine because each body’s rules only affect the result in its own state or district. Federal laws cover the most egregious potential voting abuses; beyond that, states administer their own elections. That would change if we adopted a National Popular Vote Compact. Instead of giving them control of their own territory, these 51 different bodies would have a degree of control over the entire election system. This poses serious problems.

Here’s one example. A national recount could be a nightmare under any system. Consider that for the 2012 election, revised vote totals were still coming in all the way into February 2013, with new votes in the tens of thousands and the margin of victory changing by the thousands. The margins were large enough that each state was able to declare a winner in time for the electoral college. The late tallies didn’t matter to the outcome — this time. Under the National Popular Vote Compact, the problems would be even worse, and potentially unresolvable.

Currently, in case of a very close election in a state, there is a well-established procedure for conducting a recount according to that state’s rules. Under the compact, because there is no national system, there is no mechanism for conducting a nationwide recount. What is worse, there is no way to force states to participate in a national recount. Because the compact need only be among states with a total of more than 270 electoral votes and not all states, there will be some states that will quite rightfully take the position that they are still in the old system of 51 differing bodies. They will feel no obligation to even consider the impact of the new system. The compact-participating states won’t be able to do anything about it. States can’t force each other to do things. This would make it incredibly difficult to even have a nationwide recount.

If we are going to go from one system (sum of state outcomes) to another, (national popular vote), we need to have an understanding of how the procedural problems will be worked out. Otherwise, it is easy to conceive of a nearly endless number of problems, which would mean lots of trips to court. I would contend it is bad for elections to be decided in court. It might be possible to work out these problems under a compact system, but right now, I do not think they are even reasonably addressed. Until it is possible to answer basic questions — such as how to conduct a national recount — the idea is too flawed to implement. We should not chose the normative value over practical considerations, because it puts the credibility of our electoral system at risk. The proponents need to work out the bugs.

Paul provides a very articulate description of the problems. In the 1st comment on the op-ed we have extended his concerns with a summary our op-ed and testimony.

Jason Paul joins a group of distinguished, prominent, and thoughtful democrats who have warned of the risks of the Compact: Former Wesleyan Professor and U.S. Senator Daniel Patrick Moynihan, Former Secretary of the State Susan Bysiewicz, Former State University Chancellor William Cibes, and Minnesota Secretary of State Mark Ritchie. Jason Paul is a “Connecticut Democratic political operative from West Hartford and a University of Connecticut Law School student.”

Andrea Levien is a “Researh Fellow at FairVote”, one of the well-financed national groups working toward the National Popular Vote agreement. Her arguments seem to have more to do with money than voting integrity. While these are among many considerations, to us, they do not stack up against the added risks of a national popular vote without a uniform trusted national election system.

I have lived and voted in three cities since I turned 18: New Haven, New York City, and Washington, D.C.

While I have been extremely proud to call each of these unique cities my home, they all have one big disadvantage for a young voter who cares about presidential politics: none of these cities are located in swing states, the only states that ever receive any attention in presidential elections.

Barack Obama and Mitt Romney spent 99.6 percent of their television advertising money in the general election targeting voters in just 10 states, including the usual focus on Ohio and Florida. Neither candidate held a single campaign event outside those 10 states after the party conventions. The 2008 election wasn’t much different, with only a few more states receiving any attention at all.

I am not so sure that any Connecticut voter would be more informed by a candidate rally or visit to Bridgeport than a similar rally reported from Philadelphia. It would be great for the media moguls out of state who would get the bulk of profits from advertising in the Courant or on Comcast.

Levien also points to a study by a Ph.D.  candidate which demonstrates that Presidential administrations distribute grants based on political considerations <read>. We certainly do not dispute that. Yet, the national popular vote would be a deck chair move in return for a ticket on the Titanic. It would change the distribution criteria based on alternative political considerations from swing states to areas that would be considered ripe for raising or decreasing votes for and against candidates.