Category: CT

NIST: Internet voting not yet feasible. (And neither are email and fax voting)

Use of fax poses the fewest challenges, however fax offers limited protection for voter privacy. While the threats to telephone, e-mail, and web can be mitigated through the use of procedural and technical security controls, they are still more serious and challenging to overcome.

The National Institute of Standards and Technology (NIST) in response to an inquiry, summarized the risks of Internet voting <read>

Internet voting is not yet feasible, researchers from the National Institute of Standards and Technology have concluded. ”Malware on voters’ personal computers poses a serious threat that could compromise the secrecy or integrity of voters’ ballots,” said Belinda Collins, senior advisor for voting standards within NIST’s information technology laboratory, in an May 18 statement. ”And, the United States currently lacks an infrastructure for secure electronic voter authentication,” she added. Collins released the statement in response to an inquiry from Common Cause, a Washington, D.C. nonprofit active in campaign finance and election reform.

“This statement should serve as a blunt warning that we just aren’t ready yet and proves that we can’t trust the empty promises of ‘secure Internet voting’ from the for-profit vendors,” said Susannah Goodman, head of Common Cause’s Voting Integrity Project. ”We urge election officials and state and federal lawmakers to heed NIST’s warning and step back, support further research and STOP online voting programs until they can be made secure,” Goodman added…

The statement is based on two NIST reports:

This 2011 report http://www.nist.gov/itl/vote/upload/NISTIR-7770-feb2011-2.pdf  Strongly articulates the many risks of Internet voting and the slight mitigations available. It references an earlier report that explains the risks of all types of electronic transmission of voted ballots. Perhaps email voting and fax voting were sufficiently covered in the early report that it was not necessary to spell that out in more detail than the earlier report:

In December 2008, NIST released NISTIR 7551, A Threat Analysis on UOCAVA Voting Systems [3], which documents the threats to UOCAVA voting systems using electronic technologies for all aspects of overseas and military voting. NISTIR 7551 considered the use of postal mail, telephone, fax, electronic mail, and web servers to facilitate transmission of voter registration materials, blank ballots, and cast ballots. It documented threats and potential high-level mitigating security controls associated with each of these methods. The report concluded that threats to the electronic transmission of voter registration materials and blank ballots can be mitigated with the use of procedures and widely deployed security technologies. However, the threats associated with electronic transmission, notably Internet-based transmission, of cast ballots are more serious and challenging to overcome and the report suggested that emerging trends and developments in that area should continue to be studied and monitored.

Here is that earlier report: http://www.nist.gov/itl/vote/upload/uocava-threatanalysis-final.pdf

Voted ballot return: Sending completed ballots from UOCAVA voters to local election officials can be expedited through the use of the electronic transmission options. However, their use can present significant challenges to the integrity of the election. Use of fax poses the fewest challenges, however fax offers limited protection for voter privacy. While the threats to telephone, e-mail, and web can be mitigated through the use of procedural and technical security controls, they are still more serious and challenging to overcome.

Sadly the CT Legislature passed a bill this year the included email and fax voting, without hearings. The Governor is considering vetoing that bill which may be unconstitutional and risks democracy in the name of soldiers who are dedicated to preserving that democracy.

Courant does So-So fact check of its latest editorial

The nation’s oldest continuously downsizing newspaper did a So-So job of fact checking its latest editorial, reviewing the legislative session. Here is our analysis, which actually is the Courant’s Report Card: Accuracy: C-; History: F; Prognosis: F

The nation’s oldest continuously downsizing newspaper did a So-So job of fact checking its latest editorial, reviewing the legislative session: This Legislature: The Good, The Bad And The So-So <read>

Here’s The Courant’s report card…

The bill also allows tests, in a handful of schools, of a rigorous teacher evaluation system and lets schools get inept teachers out of classrooms faster, among other things…

Election Day Registration: One in three eligible voters in Connecticut does not even bother to register to vote, so the bill allowing Election Day voter registration is good. Now, how about online registration? Voting by mail? Weekend voting? Making it less of a chore to do one’s civic duty, as many other states have done?

Here is our analysis, which actually is the Courant’s Report Card:

Accuracy:  C- The Election Day Registration bill, H.B. 5024, covered two items, the other one was Online Registration, taking up approximately the first half of the bill. Trusting this paper’s editorials could lead you astray, even on basic facts.

History: F  The Courant said  Government accountability would be a priority this year, yet never mentioned or used that standard in evaluating the year in the Legislature. Accountability also applies to our media.

Prognosis: F  This editorial is comes just before the latest round of downsizing takes effect.


EDR passes House and Senate

We opposed this unique form of Election Day Registration. We hope we are wrong. We hope that Connecticut’s 339 registrars implement the bill effectively, fairly, safely, and uniformly. That no one is lulled into complacency by low EDR voting in 2013 for the municipal elections and that chaos does not await us in a future high interest election in 2014 or 2016.

Yesterday, H.B. 5034 passed the Senate and is now heading to the Governor’s desk for his signature. The bill provides for Election Day Registration (EDR) and online voter registration. Since Governor Malloy proposed the bill and praised its passing, it will become law. Secretary of State Merrill also praised its passing.

CTVotersCount readers know that we are in favor of EDR and online registration. However, we did not support this bill because the EDR as proposed risks the rights of EDR voters, all voters, and is unlikely to achieve the same success as EDR in other states.<see our testimony for details>

According to a PEW report, other states have achieved 3% to 7% increased turnout with an increase in registration with 10% to 20% of voters registering by EDR (presumably once EDR is available many voters who would have registered earlier take advantages of the opportunity, as well as those who would not have registered earlier).

Despite such evidence from other states, Secretary Merrill attributes their higher than average turnout of 10% solely to  EDR. We doubt our less convenient method will match their increases of 3% to 7%:  <video>, press release:

Denise Merrill
Secretary of the State
Connecticut

For Immediate Release: For more information:
May 5, 2012 Av Harris: (860) 509-6255
Cell: (860) 463-5939
-Press Release-
Merrill: Final Passage of Election Day Registration, Online Voter Registration Moves Connecticut Elections into the 21st Century
Secretary of The State Looks forward to Enacting HB 5024 that Would Modernize Elections, Lead to Higher Voter Participation

Hartford: Secretary of the State Denise Merrill today lauded the final legislative passage of House Bill No. 5024 “An Act Concerning Voting Rights” – a measure proposed by Governor Dannel P. Malloy that once enacted will allow eligible Connecticut residents to register to vote and cast ballots on Election Day, and will also enable eligible Connecticut residents with a driver’s license to register to vote from any computer or mobile device with an internet connection. The Connecticut State Senate endorsed the bill today by a vote of 19-16. The measure was approved by the House of Representatives on April 30, 2012 by a vote of 83-59.

“This common sense yet long overdue reform is something we have tried to implement in Connecticut for years, and now we have made history by moving elections in our state into the 21st Century,” said Secretary Merrill, Connecticut’s chief elections official. “This will make the right to vote much easier to exercise for the eligible voters of Connecticut and lead to increased voter participation. We have the technology to allow eligible voters to register online from any computer or mobile device, and we have the security in place to allow those late deciding, busy and mobile voters to register and cast ballots on Election Day. This will also make our voter lists more accurate. I commend both Representative Russ Morin and Senator Gayle Slossberg, the chairs of the Government Administration and Elections Committee, and leadership in both the Senate and House for seeing this bill through to passage this year. I also commend the leadership shown by Governor Malloy in proposing this legislation and I look forward to watching him sign it into law.”

Connecticut becomes the 11th state to enact Election Day Registration. Some states such as Maine, Minnesota and Wisconsin have had Election Day Registration on the books since the 1970s. Studies have shown that voter turnout in states with Election Day Registration is on average 10% higher than national voter turnout figures. Once signed into law, Election Day Registration would only be available for November General Elections, not for primaries, starting in 2013. The new law will also create an interface between the existing Centralized Voter Registration System and the database housed at the state Department of Motor Vehicles that would verify the identity of a voter wishing to register online prior to approval by the local Registrar of Voters.

Av Harris
Director of Communications
Connecticut Secretary of the State Denise Merrill
(860) 509-6255 ofc
(860) 463-5939 cell

We hope we are wrong. We hope that Connecticut’s 339 registrars implement the bill effectively, fairly, safely, and uniformly. That no one is lulled into complacency by low EDR voting in 2013 for the municipal elections and that chaos does not await us in a future high interest election in 2014 or 2016.

EDR – Proponents cannot have it both ways

Proponents tout gains in turnout, but then estimate very few will use Election Day Registration (EDR) when it comes to claiming it won’t cost municipalities much and would not result in lines etc.

John Hartwell interviewed Secretary of the State Denise Merill on Stream on Conscience

John Hartwell interviewed Secretary of the State Denise Merill on Stream on Conscience  <view>

Although I am a supporter of EDR in theory. I am against the current Election Day Registration (EDR) bill as it portends chaos in a popular election and denies EDR voters the rights to privacy booths, ballot clerks, their votes being counted publicly by optical scanner, and does not provide a right to register if they are in line at 8:00 pm.

States that have successfully implemented EDR have seen turnout increase 3% to 7% with 10% to 20% EDR registrants to get the increased turnout. (They use a different model than CT, so it is hard to predict if our model will have the same results in turnout and voter appreciation)

Poponents tout those gains in turnout, but then estimate very few will use EDR when it comes to claiming it won’t cost municipalities much and would not result in lines etc. (Underestimating the result here would increase the odds of chaos if other states’ turnout estimates are the correct  ones)

In this interview the Secretary claims early on (8:25 in the video) that states recently implementing EDR have a 10% increase in turnout, but then later finds it hard to accept John’s example of 10% of voters in Westport using EDR (21:20) as “assuming a very large number”. Contrary to the Secretary’s contention that “it is all done by computer”, registering someone who is registered elsewhere in Connecticut involves calling a registrars office, that office calling a polling place, and then responding back to make sure the voter had not previously voted.

It is correct that testing in a low turnout election (2013) would be a good time to roll out the system. However, that can also generate a false sense of confidence, with a huge turnout and huge EDR turnout in a later more popular election (2014 or 2016).

Listen to the entire interview. Many other items of interest are discussed. The Secretary is worried about gangs at polls intimidating voters in the past and potential for chaos at the polls this fall (16:30).

More details on our concerns with the current EDR bill <here>

Extra/missing ballots a problem in Pennsylvania, not in Connecticut

In Philadelphia its a problem to be investigated when there are several voting districts with a few more ballots than voters. In Connecticut we have no confidence that such differences would be found or considered worthy of resolution or investigation.

In Philadelphia it is a problem to be investigated when there are several voting districts with a few more ballots than voters <read>

Philadelphia city commissioners are investigating an unusual series of over-votes in last year’s primary election – 83 voting divisions citywide where the official vote totals were bigger than the recorded number of voters who showed up.

In most locations, the discrepancies were small, just a handful of votes. In many instances, minor procedural mistakes could account for the anomalies.

But so far, the bulk of the over-voting has not been explained.

Until they understand what happened, the commissioners say, they cannot rule out the possibility of deliberate, illegal efforts to run up votes for favored candidates, with the perpetrators losing count as they tried to cover their tracks.

In Connecticut we have no confidence that such differences would be found or considered worthy of resolution or investigation. There is no requirement that voters be compared with ballots in our post-election audits and recanvasses. In fact, even though the Citizen Bridgeport Recount found huge differences in both directions (more ballots than voters in some districts, and more voters than ballots in other districts) there has never been an official recognition of the problem. Also unlike many other states we do not require voters to sign in, a significantly more reliable and auditable process than the check-in marks by poll workers – because officials and voters make sure the correct name is marked, and there is a signature which can provide some evidence in fraud investigations.

At a 20th Ward polling place near Temple University in North Philadelphia, only six people signed the poll book, required before they were ushered to a voting machine.

UConn Memory Card Report: Technology 82%-93%, Officials 19%, (Outrage 0%?)

We applaud Dr. Alexander Shvartsman and his team for developing the technology to perform these innovative tests, the diligence to perform the tedious tests, and the fortitude to report the facts.

We do not applaud the lack of cooperation of officials in the audit or the lack of official compliance with memory card procedures. We are left wondering if this is the level of compliance and cooperation when officials know their efforts will be disclosed: “What is their compliance when their actions are unlikely or impossible to scrutinize?” Can you imagine such numbers from any other technology or Government function? Where is the outrage?

The University of Connecticut (UConn) Center for Voting Technology Research posted its memory card report  for the November 2011 election: Technological Audit of Memory Cards for the November 8, 2011 Connecticut Elections <read>

We applaud Dr. Alexander Shvartsman and his team for  developing the technology to perform these innovative tests, the diligence to perform the tedious tests, and the fortitude to report the facts.

We do not applaud the lack of cooperation of officials in the audit or the lack of official compliance with memory card procedures. We are left wondering if this is the level of compliance and cooperation when officials know their efforts will be disclosed: “What is their compliance when their actions are unlikely or impossible to scrutinize?”. Where is the outrage?

Lets start with some good news.

We have had problems for years with bad memory cards which UConn calls “junk data”. Based on the questionable sample of bad cards sent to UConn, the estimate is 7.4% to 17.4% of cards were bad in the Nov 2011 election. This is similar to statistics generated in the Coalition post-election audit survey of officials. The survey showed a huge increase in the number of municipalities reporting bad cards in Nov2011, 90% with the previous high of 56% reported a year earlier <Coalition report page 26-27>.  Anecdotally many towns are hit with an overwhelming percentage of bad cards – we speculate that somehow the programming vendor, LHS Associates, receives batches of returned bad cards, LHS  installs new batteries and the cards tend to stay together, to be used in the next election for many or all of the cards programmed for unlucky municipalities.

The good news is that our memory card nightmare may have a cure in some future election, perhaps 2012 or 2013:

New non-volatile (battery-less) memory card was recently developed by the vendor. Our preliminary analysis of this card confirmed that it is completely compatible with AV-OS systems deployed in Connecticut. It is expected that a pilot deployment of the new cards by the SOTS Offce will occur in the near future. The use of the new card should eliminate the major cause of memory card failures.

No word on State Certification which would presumably be relatively easy, yet required before such cards could be used in an actual election.

At most 30.5% official compliance with pre-election audit requests

For the pre-election audit, the Center received 453 memory cards from 331 districts. Cards were submitted for two reasons per instructions from the SOTS Oce (a) one of the four cards per district was to be selected randomly and submitted directly for the purpose of the audit, and (b) any card was to be submitted if it appeared to be unusable. Given that cards in category (a) were to be randomly selected, while all cards in category (b) were supposed to be submitted, and that the cards were submitted without consistent categorization of the reason, this report considers all unusable cards to fall into category (b).

Among these 453 cards, 223 (49.2%) fall into category (a). 100% these cards were correct. These cards contained valid ballot data and the executable code on these cards was the expected code, with no extraneous data or code on the cards. We note that the adherence to the election procedures by the districts is improving, however the analysis indicates that the established procedures are not always followed; it would be helpful if reasons for these extra-procedural actions were documented and communicated to the SOTS Offce in future elections.

According to the report 331 districts sent 453 cards, but at most only 233 of those cards were not bad cards. Thus at most 233 out of 730 districts in the election, registrars sent in a card as requested by “instructions from the SOTS [Secretary of the State] Office”. How many of these cards were in fact “randomly selected”? There is no way for the public to be sure. So we start with a maximum compliance rate of 233/730 or 30.5%.

Without a full sample, without some assurance of random selection, the statistical significance of the report is questionable and there is clearly a formula for a fraudster to avoid the memory card audit.

Considering pre-election testing we are down to at most 18.4% official (registrar) compliance:

UConn reported that 89 of those 233 cards were not set to pre-election mode yielding 134/233 or 61.8% correctly set in election mode. Thus for 134/730 or 18.4% of districts, registrars complied with both the simple procedures of sending in one card per district and testing all cards, leaving them in election mode.

This is only the most predominant of several problems uncovered:

(b) Card Status Summary:

Here status refers to the current state of the memory card, for example, loaded with an election, set for election, running an election, closed election, and others.

134 cards (60.1%) were in Set For Election state. This is the appropriate status for cards intended to be used in the elections. This percentage is an improvement over the 2010 November pre-election audit, where 41.6% of the cards were set for elections.

89 cards (39.9%) were in Not Set for Election state. This status would be appropriate for the cards that either did not undergo pre-election testing or were not prepared for elections, but not for the cards that are fully prepared for an election. This suggests that the corresponding districts sent these cards for the audit without first fi nalizing the preparation for the election. This is not a security concern, but an indication that not all districts submit cards at the right time (that is, after the completion of pre-election testing and preparation of the cards for the elections).

(c) Card & Counter Status:

Here additional details are provided on the status of the counters on the usable cards. The expected state of the cards following the pre-election testing is Set for Elections with Zero Counters.

All of the 134 cards (60.1%) that were found in Set For Election state had Zero Counters. This is the appropriate status for cards intended to be used in the elections.

85 cards (38.1%) were in Not Set for Election state and had Non-Zero Counters. This is not an expected state prior to an election. This suggests that the cards were subjected to pre-election testing, but were not set for elections prior to their selection for the audit. This situation would have been detected and remedied if such cards were to be used on Election Day as the election cannot be conducted without putting the cards into election mode.

4 cards (1.8%) were found to be in Not Set for Elections state with Zero Counters. This is UConn VoTeR Center April 5, 2012, Version 1.1 9 similar to the 85 cards above. This situation would have been similarly detected and remedied if such cards were to be used on the election day.

Taking the above percentages together, it appears that almost all districts (60:1% + 38:1% = 98:2%) performed pre-election testing before submitting the cards for the audit.

(d) Card Duplication:

The only authorized source of the card programming in Connecticut is the external contractor, LHS Associates. The cards are programmed using the GEMS system. Cards duplications are performed using the AV-OS voting tabulator; one can make a copy (duplicate) of a card on any other card by using the tabulator’s duplication function. SOTS polices do not allow the districts to produce their own cards by means of card duplication.

Card duplication is a concern, as there is no guarantee that duplication faithfully reproduces cards, and it masks the problem with card reliability. Additionally, it is impossible to determine with certainty who and why resorted to card duplication.

There were 18 cards involved in duplication. 12 of these cards (66.7%) were master cards used for duplication. 6 cards (33.3%) were copy cards produced by duplication.

We manually examined the audit logs of all duplicated cards and compared the initialization date of the card against the date of the duplication. We established that most of the cards (16 out of 18) were most likely involved in duplication at LHS. 12 out of 16 were involved in duplication either on the day of initialization, or the day after. The remaining 4 cards were involved in duplication within 4 days of initialization, however they were tested and prepared for election at a later date (4 to 7 days after the duplication occurred).

Only two cards out of 18 were most likely involved in duplication at the district, as they were prepared for election within a few minutes after the duplication event was recorded. This is an improvement from prior audits.

Given the SOTS polices, the districts must not be producing their cards locally. If a district finds it necessary to duplicate cards, they need to make records of this activity and bring this to the attention of SOTS Office.

Post-election, audited districts complied 27.8%

The registrars for districts selected for post-election audit are “asked to submit cards that were used in the election for the post-election technological audit”, 20/73 or 27.8% complied.

For the post-election audit, the Center received 157 cards. Out of these cards only 20 cards were used on Election Day. Given that the small sample of such cards does not allow for a meaningful statistical analysis, we report our nding in abbreviated form. To enable more comprehensive future post-election audits it is important to signi cantly increase the submission of cards that are actually used in the elections.

Cards were submitted to the Center for two reasons per instructions from the SOTS Oce (a) the districts that were involved in the post-election 10% hand-count audit were asked to submit the cards for the post-election technological audit, and (b) the districts were encouraged to submit any cards that appeared to be unusable in the election. Given that cards in category (a) were to be sent from the 10% of randomly selected districts, while all cards in category (b) were supposed to be submitted, and that the cards were submitted without consistent categorization of the reason, the number of unusable cards are disproportionately represented.

Can you imagine such numbers from any other technology or Government function? Where is the outrage?

We all are used to thumb drives, functionally similar technologically, yet much lower cost. What is your experience? Do they fail suddenly 18% of the time, after working correctly for months or years? How about your cell phone or GPS, much more complicated than a memory card?

Recently Connecticut was outraged by 42 state employees charged with illegally obtaining food stamps out of 800 obtaining them. That is a 94.6% compliance rate, quite a bit higher than election official compliance here of 18.4%

Even the UConn Basketball Team does better,  with a quarter of the players graduatingMilner School, subject to our Governor’s concern, had 23.5% of 3rd graders passing the reading test. But this is not like students failing tests, this is more like Boards of Education overseeing that the curriculum is followed less than 19% of the time.

Let us not forget that the most complex memory cards are not tested:

In addition to the four cards for each district, in mid size to large towns absentee ballots are counted centrally by optical scanners with memory cards that a programmed to count ballots for all districts in such towns. These are not included in the post-election audits required by law, and apparently not included in requests for memory card audits.

Sadly most of this is entirely legal

In Connecticut election procedures are not enforceable so there is no penalty for officials not following procedures. The entire memory card audit is based on procedures, not law.

Also check out some of the audit log analysis in the report

UConn inspected audit (event) logs on the memory cards, discovering several instances of where procedures were not followed and other questionable events.

The rules implemented in the audit log checker do not cover all possible sequences, and the Center continues re ning the rules as we are enriching the set of rules based on our experience with the election audits. For any sequence in the audit log that is not covered by the rules a noti cation is issued, and such audit logs are additionally examined manually. For the cases when the audit log is found to be consistent with a proper usage pattern we add rules to the audit log checker so that such audit logs are not flagged in the future.

Out of the 223 correct 6 cards, 54 (24.2%) cards were flagged because their audit logs did not match our sequence rules.

The audit log analysis produced 106 notifi cations. Note that a single card may yield multiple notifi cation. Also recall that not all noti fications necessarily mean that something went wrong | a notifi cation simply means that the sequence of events in the audit log did not match our (not-all- inclusive) rules.

Could It Happen Here? Too wide to scan, would we count or copy?

Brad Blog reports ballots too wide to scan in Wisconsin. The official solution – count by hand? NO. They copied the ballots and scanned. We agree with Brad that this is unacceptable. But what would happen in Connecticut – would one of our warnings come true?

Brad Blog reports ballots too wide to scan in Wisconsin. The official solution – count by hand? NO. They copied the ballots and scanned:  Voted Ballots ‘Remade’ by Election Workers in WI After Being Printed Too Wide for Optical-Scanners <read>

During yesterday’s Wisconsin primary election, a number of paper ballots were sent out in several counties that were reportedly too wide to be tabulated by the computerized optical-scan systems used to tally ballots in the state. The same exact thing happened just two weeks ago during the Illinois primary sending election officials into a panic and causing delays for some voters..

one way in which the failure was dealt with in both Illinois and Wisconsin continues to be extremely troubling and, frankly, offense: the practice of election workers manually “remaking” the ballots of voters after the election, in ostensible secret, and before they are tabulated…

It has become standard practice across the country for election workers to actually create new ballots, by hand, out of ballots that cannot be read by optical-scan tallying computers. The workers either “remake” those ballots correctly or incorrectly. Who knows?

We agree with Brad that this is unacceptable.  How accurately are they copied? Is there a law supporting this? Is there an audit to check, is there a numbering of original and copied ballots such that individual ballots can be verified? Our choice would be counting as that would be easier to check, audit, or recount and recover from. Simpler to prove or restore integrity and confidence. Probably less effort in the first place.

What would happen in Connecticut? Last year we cautioned that the Secretary of the State’s and Legislature’s  “solution” to the Bridgeport fiasco was insufficient. It would prevent the Bridgeport problem by printing more ballots and call for a town by town contingency plan. We warned that there were other events that count trigger a similar problem and more was needed.

Here we may have prevented just one of those triggering events. Triple the expected number of ballots could be ordered, but that would not prevent a problem if they could not be read by the scanners, ‘What Would Bridgeport Do?’, ‘What Would West Hartford Do?’ or ‘What Would Mansfield Do?’

A contingency plan might help if it anticipated a wide range of circumstances and was actually used in an emergency. But we are skeptical – What would there be that would cause Bridgeport or any other town to count accurately by hand in those circumstances, another time? What would there be to insure copying ballots was done faithfully? And that the copying was done onto readable ballots? Once again there is no law allowing any authority to step in, supervise, help, or mandate solutions or reviews. Maybe a court could be convinced to intervene?

Finally, we point out that a law requiring a contingency plan without a deadline, is even less useful than a contingency plan gathering dust on the shelf. Thus far there is no required municipal plan in place in Connecticut. Required first is a regulation containing a model plan from the Secretary of the State. Perhaps that model plan will be a pleasant surprise. Perhaps it will lead to adoption of effective plans across the state. Perhaps the plans will not stay on the shelves and will help avoid integrity and confidence problems.

Online voting vendor, Scytl’s system worries experts in Canada

Vendor touted in CT and on NPR by West Virginia Secretary of the State comes under fire after Canadian election disrupted by hackers.

Last October, former University mascot and news reporter, West Virginia Secretary of State, Virginia Tennant came to Connecticut to tout her pilot online voting project, yet to be endorsed by her state for further use. Later we saw her endorse that system on NPR along with a vendor executive from Scytl. Her wild west claims of being ambushed in Connecticut and down home wild west getup shown on NPR had resonance with some.

Cutting through the chaff and technical jargon. Online voting is not safe according to experts and experience. Now we have a new problem for online voting, simple denial of service attacks (DOS) experienced in a Canadian election.

From the Halifax Herold: NDP vote disruption worries experts – E-voting found to be open to problems <read>

Although many people are attached at the hip to their laptops, few are conversant in software coding and even fewer are familiar with heavy encryption.

Combine computers with the intricacies of elections, and that leaves only a handful of specialists worldwide who can claim to understand online voting.

Questions about e-voting were raised after the NDP leadership convention was disrupted by a cyber attack.

Not all of them have been answered satisfactorily, say software experts, despite reassurances from Scytl, the software company that handled the NDP election process, and from Halifax Regional Municipality, which has committed to use the company’s services in October’s municipal election.

“Multibillion-dollar (software developers) like Windows, you know, Microsoft . . . can’t have their software bug-free. So I don’t think Scytl is able to do that,” said Daniel Sokolov, a Halifax information technology expert.

Sokolov has examined several European elections that used e-voting and found at least three with troubling results.

One problem with online voting software is its complexity, he said, explaining no municipality could hope to vet hundreds of thousands of lines of computer code.

“It’s a farce. It’s a joke,” said Sokolov. “You need a big team of people to do that, and it’ll take years.”

Other problems include the challenge of auditing votes and vote tallies after the fact, the risk posed by cyber attacks and — perhaps the biggest issue — the difficulty of ensuring secret ballots, said Sokolov and other computer experts who spoke to The Chronicle Herald.

The vendor and Government provides a defense:

Some of these concerns have been tackled by Halifax Regional Municipality more thoroughly than critics imagine, said municipal clerk Cathy Mellett, who noted that 25 per cent of voters chose to vote electronically in the 2008 municipal election.

Mellett said the city will use a third-party auditor, most likely Ernst &Young, which will hire software experts to look over Scytl’s code.

Mellett said the city is committed to Scytl, after it successfully completed a 60-day testing window earlier this month.

Mellett also listed two other safeguards designed to ensure Scytl’s soundness.

First, although it does not open its coding to the public, citing trade secrets, it has opened it a few times to clients for advanced examination, said Mellett.

Unfortunately, no auditor, not matter how prestigious can audit a system without records showing how voters actually voted on their own computer screens.  And as was clear in the Connecticut Symposium Scytl has never agreed to let experts evaluate and publicly report on their code.

This problem (and solution) would never happen in Connecticut

We use manual addition and transcription to add results. Our audits would not catch errors made outside of polling place scanners.

Palm Beach Post  Vendor: software ‘shortcoming’ led to Wellington election fiasco  <read>

The short version:

  • Polling place machines counted races and votes correctly
  • Mismatched counters on machines used to accumulate results caused two races to be switched and the wrong candidates the apparent winners
  • The problem was discovered and corrected based on a post-election audit
  • The problem went undetected in pre-election testing as the only test is the polling place machines

Hats off to Wellington and their post-election audits. This problem (and solution) would never happen in Connecticut:

  • We leave all our totaling and transcription errors to a two and three level process of manual accounting, so we make our errors the old fashioned way.
  • Our post-election audits only compare the machine tapes to the ballot totals, not to the results posted on the Secretary of the State’s web site (they don’t have enough details even if we wanted to)

Help is on the way as the Secretary of the State is about to pilot a better accumulation system. Perhaps it will include sufficient detail to check for errors in the subset of ballots we audit, and the law will be changed to audit using those numbers rather than the machine tapes.

A Tale Of Two Laws

This year we noticed quite a difference between hearings for bills that Legislators really understand and others covering subjects with which they are not intimately familiar. We see a similar bent in the Connecticut Constitution.

This year we noticed quite a difference between hearings for bills that Legislators really understand and others covering subjects with which they are not intimately familiar. When it comes to ethics and elections they really pay detailed attention to bills that effect them, such as disclosure of conflicts of interest and campaign finance rules — they write detailed laws with everything spelled out. The disparity in attention to detail shows up in the extent and insight in their questions during hearings, as well as in the text of proposed laws. When it comes to laws they seem to not understand so well, they do not, and perhaps cannot be expected to, pay attention to the details.

Compare the changes to and details in the campaign finance law, H.B. 5228, 117 pages, 3700 lines, with the single bill H.B. 5024, with 15 pages, 415 lines. 314 of those lines dedicated to a major change providing for Election Day Registration and 101 lines to the moderate change providing for Online Registration.

The Legislature is correct to specify in law the many critical details associated with campaign spending. As we have said before, Election Day Registration deserves a lot more of those critical details spelled out to protect the rights of all voters (and candidates).

We see a similar bent in the Connecticut Constitution having 31 amendments, with, by our count, 7 addressing the composition or redistricting of the Legislature. Typically those amendments are much longer and more detailed than the others.