Category: National

CO Legislature, Election Officials want to create “a favored class of citizens”

The ballot access issue has been debated in Colorado for too long. It is time for ballots to be confirmed as public records

Colorado is considering a law to restrict their Freedom of Information Law to limit ballot access to ballots to most citizens. They say it would create “a favored class of citizens” we say it would make most Coloradans second class citizens. Denver Post editorial: Hickenlooper should veto ballot access measure <read>

A rapidly growing coalition of groups from across the political spectrum — from Common Cause to the Colorado Union of Taxpayers — is urging the governor to veto a bill governing public access to voted ballots. We hope he listens carefully to their arguments, because an important principle is at stake.

Does access to public records apply equally to all citizens in this state, or should the law open some records only to special classes?

The Colorado Open Records Act (CORA) states that “all public records shall be open for inspection by any person at reasonable times.”

By contrast, the ballot bill — which began as Senate Bill 155 but was grafted onto House Bill 1036 at the eleventh hour — says an “interested party” won’t have to wait like the rest of us until an election is certified to enjoy transparent government. And it defines interested parties as not only the candidates themselves but also political parties and even representatives of issue committees that gave money to ballot measures.

Why should the principle of open government be accorded to them and not to other groups just as interested in an election’s outcome?

Why should their ability to inspect records be greater than that of the humblest citizen with no clout or money to spend on politicking?

As members of the Colorado Lawyers Committee Election Task Force wrote in an analysis, the bill’s “restriction of CORA rights during an election to political parties and candidates creates — for the first time — a favored class of citizens … .”

When we first wrote about this bill in March, we described it as a flawed measure that left too much discretion to county clerks and failed to improve procedures that fueled worries about voted ballots being linked to specific voters. But we were also relieved that the clerks had retreated from their earlier opposition to any public access to voted ballots.

The more we consider this complex bill, however, the worse it looks — and our unease is heightened by its crude handling. Not only was it appended to an unrelated measure having nothing to do with elections, it also was rushed through the House with little notice and limited debate.

The ballot access issue has been debated in Colorado for too long. It is time for ballots to be confirmed as public records <read> <read>

60 Districts Selected for Post-Election Audits

Yesterday, with the assistance of Coalition members, Secretary of the State Denise Merrill selected sixty districts from the Republican Presidential Primary for post-election audit.

Yesterday, with the assistance of Coalition members, Secretary of the State Denise Merrill selected sixty districts from the Republican Presidential Primary for post-election audit <read>

Less than 10% of districts were selected since many towns used paper ballots without optical scanners. The audit only tests the accuracy of optical scanners, ignoring the regularly proven possibility that people can count inaccurately. Since the drawing was held after the official start of the audit period, we expect that many towns will not give the three days notice required in the Secretary of the State’s audit procedures. (In Connecticut audit procedures and likely also regulations are not enforceable.)

Which, if any, of Connecticut’s 169 towns would be secure for Internet voting (let alone email and fax voting)?

Some of the smaller Connecticut towns have very part time registrars who maintain office hours as infrequent as one hour a week. Registrars in their 70’s and 80’s whose towns have not provided them with access to email. Towns that have resisted laws to require them to post meeting minutes on the web as too challenging and costly? How will those towns accept and provide security for email and fax voting? How about even our larger cities? How well prepared are they and can they be?

Last week the Legislature, without public hearings, passed email and fax voting, stuffed in an otherwise popular bill. It would mandate each of Connecticut’s 169 towns and 339 registrars of voters to implement voting via email and fax from any location in the world. As is well know, email and fax are totally insecure.

Less well known, is how unprepared and unable our nations cities are in securing the internet. It should be obvious since our corporations, including networking giants,  intelligence community, and military forces are not able to secure their networks. For a lesson in cyber security of the internet (with email being the most vulnerable), consider Homeland Security expert Bruce McConnell’s recent talk <read/view>

Recently the New York Times highlighted a report on the security of our nations cities: U.S. Study Cites Worries on Readiness for Cyberattacks <read>

A study commissioned by President Obama to assess the nation’s ability to respond to terrorist attacks and man-made and natural disasters has found that state and local officials have the most confidence in their public health and medical services but are the most concerned about whether agencies can respond to cyberattacks…

But it was the report’s findings about cybersecurity that appeared to be the most troubling, and they continued a drumbeat from the Obama administration about the need for Congress to pass legislation giving the Department of Homeland Security the authority to regulate computer security for the country’s infrastructure.

The report said that cybersecurity “was the single core capability where states had made the least amount of overall progress” and that only 42 percent of state and local officials believed that theirs was adequate.

Although a little more than 80 percent of officials said they had adopted measures to address the issue, 45 percent said they did not have a formal program to prevent and respond to attacks.

The report said that roughly two-thirds of those officials reported that they had not updated their “information security or disaster recovery plans in at least two years.”

The preparedness report said that a little less than two-thirds of the companies in the United States had sustained cyberattacks and that “only 50 percent of owners and operators at high-priority facilities” like electrical grids said that they reported such attacks.

Since 2006, there has been a 650 percent increase in the number of reported cyberattacks in the United States, rising to 41,776 in 2010 from 5,503 in 2006, according to the report.

Some the smaller of Connecticut towns have very part time registrars who maintain office hours as infrequent as one hour a week. Registrars in their 70’s and 80’s whose towns have not provided them with access to email.  Towns that have resisted laws to require them to post meeting minutes on the web as too challenging and costly? How will those towns accept and provide security for email and fax voting? How about even our larger cities? How well prepared are they and can they be?

Basics you need to know about election integrity in fifteen minutes

Kevin O’Neill, Capitol Thinking, interviews the authors of Broken Ballots – Will Your Vote Count, Prof Doug Jones and Dr. Barbara Simons <podcast> When it comes to elections and verifiability, Doug Jones and Barbara Simons are true experts that everyone can understand.

Kevin O’Neill, Capitol Thinking, interviews the authors of Broken Ballots – Will Your Vote Count, Prof Doug Jones and Dr. Barbara Simons <podcast>

When it comes to elections and verifiability, Doug Jones and Barbara Simons are true experts that everyone can understand.

They discuss the basics of election verification, pre-election testing, election auditing, and internet voting. They also offer graphic examples of what went wrong in recent elections in Iowa and Florida, that were corrected based on paper ballots and post-election audits.

Broken Ballots was released Apr 15, even thought Amazon and Barnes & Noble still list it as available May 15th. Look for a book review here in the near future.

The Times and Internet Voting they are not a changing

Once again the New York Times ignores science and the evidence. While scientists once again, refute the Times.

Voting, alas, has unique characteristics that make internet implementations all but impossible given current technology. The big problem is that we make two demands of it that cannot be met simultaneously. We want voting to be very, very secure. And we want it to be very, very anonymous.

In late 2010 the New York Times ran an article States Move to Allow Overseas and Military Voters to Cast Ballots by Internet <read> which touted risky Internet voting. I was well refuted by Representative Rush Holt in a letter to the Times. <read>

Here we go again a very small article by Matt Bai Double-Click the Vote <read>

It’s amazing to think that I just renewed my car registration and paid my taxes online, but in November I’ll still have to wait in line to vote. The best argument against Internet voting is that it stacks the system against old and poor people who can’t afford or use computers, but the same could be said about cars. For decades, volunteers have showed up at retirement homes with rented vans. Isn’t it time they came with laptops?

What is amazing is actually that the paper of record prints such things that defy science and all the evidence <CTVoterCount Internet Voting Index>

Tech.pinions refutes Bai’s arguments, yet I suspect will reach much fewer than the flawed Bai piece: Internet Voting Is Years Away, And Maybe Always Will Be <read>

They do a great job of explaining the challenge of anonymity:

…If only it were so simple.

Voting, alas, has unique characteristics that make internet implementations all but impossible given current technology. The big problem is that we make two demands of it that cannot be met simultaneously. We want voting to be very, very secure. And we want it to be very, very anonymous.

Internet security is difficult under the best of conditions. But voting has the additional complication that it is very difficult, if not impossible, to remedy a breach. Most of the time, all that is at stake is money, and we know how to fix that. Identity theft is more complex but still there are remedies. A stolen vote is gone forever.

Anonymity complicated the problem immensely. The usual way to secure an internet transaction to to make certain that both the server and the person at the other end and who or what they claim to be. To cast a ballot at a poling place or vote an absentee ballot, you have to produce identification or, at a minimum, a signature that matches one on file. It’s not perfect. but it’s generally better than we can do on the internet. Then you are given a ballot or a card that activates an electronic voting machine, but there is no link between the ballot and your identity, guaranteeing anonymity. This is really, really hard to simulate online. The more that is done to assure your identity, the harder it is to separate that identity from the vote that is cast…

We will see more trials in this year’s voting. But widespread internet voting is still waiting for a day that may never come.

 

***********

Bonus: Alex Haldeman <video>

DHS Expert: Internet voting not secure

I had a front row seat last Thursday in Santa Fe, to hear Bruce McConnell from the Department of Homeland Security discuss Internet Voting.

Some people think online voting is bound to happen, though, once the kinks are worked out. But as McConnell’s comments show, those who worry a lot about cybersecurity believe that time is a long way away.

I had a front row seat last Thursday in Santa Fe, to hear Bruce McConnell from the Department of Homeland Security discuss Internet Voting. From NPR: Online Voting ‘Premature,’ Warns Government Cybersecurity Expert <read>

He ended his talk with a light lesson in Government-Speak reading several snippets warning of risks or inadequate technology which use nuanced words understating reality, hence the description of internet voting technology as ‘Premature’.

Warnings about the dangers of Internet voting have been growing as the 2012 election nears, and an especially noteworthy one came Thursday from a top cybersecurity official at the U.S. Department of Homeland Security.

Bruce McConnell told a group of election officials, academics and advocacy groups meeting in Santa Fe, N.M., that he believes “it’s premature to deploy Internet voting in real elections at this time.”

McConnell said voting systems are vulnerable and, “when you connect them to the Internet, that vulnerability increases.” He called security around Internet voting “immature and underresourced.”

McConnell’s comments echo those of a number of computer scientists who say there’s no way to protect votes cast over the Internet from outside manipulation.

Some, particularly Bob Carey, say it is a trade-off between security and convenience.

Some election officials say it’s a trade-off between security and convenience.

Bob Carey, director of FVAP, told a group of bloggers in October that there are risks to online voting, but also “inherent security risks with the current system,” such as people not getting their ballots on time and losing the opportunity to vote.

Carey added that “there’s not going to be any electronic voting system that’s ever going to be 100 percent secure, but also the current paper-based system is not 100 percent reliable either.”…

Some people think online voting is bound to happen, though, once the kinks are worked out. But as McConnell’s comments show, those who worry a lot about cybersecurity believe that time is a long way away.

We do not have to trade risk for convenience. States that follow the MOVE Act and provide express return of ballots and absentee ballot applications in a single envelope have shown that military and overseas voters can be served effectively, and much more economically than risky, costly internet voting schemes.

For more, see: <CTVC Internet Voting Index>

Online voting vendor, Scytl’s system worries experts in Canada

Vendor touted in CT and on NPR by West Virginia Secretary of the State comes under fire after Canadian election disrupted by hackers.

Last October, former University mascot and news reporter, West Virginia Secretary of State, Virginia Tennant came to Connecticut to tout her pilot online voting project, yet to be endorsed by her state for further use. Later we saw her endorse that system on NPR along with a vendor executive from Scytl. Her wild west claims of being ambushed in Connecticut and down home wild west getup shown on NPR had resonance with some.

Cutting through the chaff and technical jargon. Online voting is not safe according to experts and experience. Now we have a new problem for online voting, simple denial of service attacks (DOS) experienced in a Canadian election.

From the Halifax Herold: NDP vote disruption worries experts – E-voting found to be open to problems <read>

Although many people are attached at the hip to their laptops, few are conversant in software coding and even fewer are familiar with heavy encryption.

Combine computers with the intricacies of elections, and that leaves only a handful of specialists worldwide who can claim to understand online voting.

Questions about e-voting were raised after the NDP leadership convention was disrupted by a cyber attack.

Not all of them have been answered satisfactorily, say software experts, despite reassurances from Scytl, the software company that handled the NDP election process, and from Halifax Regional Municipality, which has committed to use the company’s services in October’s municipal election.

“Multibillion-dollar (software developers) like Windows, you know, Microsoft . . . can’t have their software bug-free. So I don’t think Scytl is able to do that,” said Daniel Sokolov, a Halifax information technology expert.

Sokolov has examined several European elections that used e-voting and found at least three with troubling results.

One problem with online voting software is its complexity, he said, explaining no municipality could hope to vet hundreds of thousands of lines of computer code.

“It’s a farce. It’s a joke,” said Sokolov. “You need a big team of people to do that, and it’ll take years.”

Other problems include the challenge of auditing votes and vote tallies after the fact, the risk posed by cyber attacks and — perhaps the biggest issue — the difficulty of ensuring secret ballots, said Sokolov and other computer experts who spoke to The Chronicle Herald.

The vendor and Government provides a defense:

Some of these concerns have been tackled by Halifax Regional Municipality more thoroughly than critics imagine, said municipal clerk Cathy Mellett, who noted that 25 per cent of voters chose to vote electronically in the 2008 municipal election.

Mellett said the city will use a third-party auditor, most likely Ernst &Young, which will hire software experts to look over Scytl’s code.

Mellett said the city is committed to Scytl, after it successfully completed a 60-day testing window earlier this month.

Mellett also listed two other safeguards designed to ensure Scytl’s soundness.

First, although it does not open its coding to the public, citing trade secrets, it has opened it a few times to clients for advanced examination, said Mellett.

Unfortunately, no auditor, not matter how prestigious can audit a system without records showing how voters actually voted on their own computer screens.  And as was clear in the Connecticut Symposium Scytl has never agreed to let experts evaluate and publicly report on their code.

Why we need paper ballots

Tuesday night, poll workers resorted to the old fashioned way of counting by hand.

Paper ballots and hand counting save the day in Mobile election <read>

Tuesday night, poll workers resorted to the old fashioned way of counting by hand.

Election officials said around 5,000 ballots were rejected by the voting machines, and early Wednesday morning officials found the culprit.

They said a tiny white dot that was accidentally printed on the bar code of some of the ballots.

Mobile County Probate Judge Don Davis, “Because of that little error there, the machines rejected these ballots.”

Davis said the ballots are printed by a local company, and this was a simple printing mistake.

Of course you could say this problem was also caused by paper ballots. But the lesson is that whatever the cause, having voter verified paper ballots means that we do not have to rely only on technology. Next time it could be a lose wire or some dust on a circuit in a paperless touch screen.

Common Sense: Tension between Convenience, Confidence, and Cost

Many of the issues we discuss here and debate in the Legislature revolve around tradeoffs between Convenience, Confidence, and Costs. At a basic level we find three fundamental values/goals behind every initiative and debate: These tradeoffs and competing goals are the context within which we all constantly evaluate new laws and proposals.

Note: This is the sixth post in an occasional series on Common Sense Election Integrity, summarizing, updating, and expanding on many previous posts covering election integrity, focused on Connecticut. <previous> <next>

Elections like many complex activities are subject to many demands and conflicting priorities. Reading Edward B. Foley’s excellent and fascinating paper, The 1792 Election Dispute and Its Continuing Relevance, one of its main themes:

Another lesson to be learned from the Clinton-Jay dispute of 1792 concerns the deep-rooted nature of the jurisprudential debate between strict and lenient enforcement of election statutes. As a review of the 1792 dispute reveals, this basic jurisprudential debate has been with us from the very beginning. The 1792 dispute also demonstrates that this jurisprudential debate involves competing interpretations of our nation’s most elementary commitment to the existence of democratic elections. Proponents of both strict and lenient enforcement appeal to the fundamental value of a free and fair vote among citizens. Yet each side of this jurisprudential debate appeals to this fundamental value in a different way. As a nation, we are essentially stuck in the same place regarding this debate as we were in 1792.

Many of the issues we discuss here and debate in the Legislature revolve around similar tradeoffs between strict and lenient enforcement – tradeoffs in laws set out before close election results, charges, counter charges, and arguments actually occur. At a basic level we find three fundamental values/goals behind every initiative and debate:

  • Convenience – Access for voters, access for candidates, and efficiency for officials
  • Confidence – Integrity and confidence in the process, voter qualifications, and accuracy of the results
  • Cost – What it takes to register voters and  run elections

Convenience suggests capabilities such as: Election day registration; early voting, online registration; universal registration; online voting;  many well staffed and equipped polling places; systems for those with disabilities; school or general holidays on election day; voter friendly ballot design; easy to use web information; low bars for third party candidates; public financing; short hours and increased staffing for officials; technology to save officials work; easy to setup technology; etc.

Confidence suggests requirements such as: Voter verified paper ballots; adequate supplies of pre-printed ballots; strong ballot security; strong equipment testing and security; fully transparent operations; careful, extensive registration checks; careful, effective voter checkin requirements; strong recount and post-election audits; stronger, more uniform, or faster enforcement of election laws;

Costs are usually required to increase confidence or convenience. Sometimes an investment in new equipment and methods can actually save money in the long run. In other cases waste can be eliminated or a more efficient method found. In other cases a well intended initiative can be accomplished in a wasteful, ineffective, even detrimental way.

In general we can tradeoff one of the three goals for one or two of the others, yet it does not always work that way:

  • We can save money and add to convenience at the expense of confidence when we loosen registration checks. Similarly we can add confidence, with costs and  inconvenience by stronger voter ID requirements.
  • We can increase confidence and costs, along with more work by officials when we increase the standards for protecting ballots or camera surveillance of storage and official work areas.
  • We can invest in online registration, which adds to convenience, and confidence, while it reduces costs. (As we used to call it in IT, a “sweet spot” application)
  • We could invest in paperless DRE (touch screens) which increase work for officials, can result in long lines for voters, high risks to confidence, and huge costs over optical scanners – a lose, lose, lose, lose proposition.
  • Better procedures and regulations can provide a huge payoff, only if they are accompanied by effective training and compliance.
  • Also tradeoffs may not be uniform: Costs or additional work can be greater for small towns, or for towns with many small polling places. Voter ID laws can disproportionately greatly inconvenience and cost some voters, while hardly making a difference to others.
  • Finally, some impacts are really, really difficult to determine. In recent years, the Legislature changed to require special elections for U.S. Senate vacancies – each election would cost several million dollars. How many will we have? And when? Some could be very critical and valuable to democracy, others inconsequential. What is the value of ballot security we can all trust vs. questionable security almost impossible to prevent and demonstrate fraud, should it occur?

These tradeoffs and competing goals are the context within which we all constantly evaluate new laws and proposals.

How All the votes were lost in D.C.

Within 48 hours of the system going live, we had gained near complete control of the election server. We successfully changed every vote and revealed almost every secret ballot. Election officials did not detect our intrusion for nearly two business days—and might have remained unaware for far longer had we not deliberately left a prominent clue.

In a new paper the University of Michigan ethical hackers describe how all the votes were changed/stolen in the Washington, D. C. test: Attacking the Washington, D.C. Internet Voting System <read>

The paper is a good read. Recommended especially for election officials and those that believe Internet voting is a good, safe idea. From the abstract:

This paper describes our experience participating in this trial. Within 48 hours of the system going live, we had gained near complete control of the election server. We successfully changed every vote and revealed almost every secret ballot. Election officials did not detect our intrusion for nearly two business days—and might have remained unaware for far longer had we not deliberately left a prominent clue. This case study—the first (to our knowledge) to analyze the security of a government Internet voting system from the perspective of an attacker in a realistic pre-election deployment—attempts to illuminate the practical challenges of securing online voting as practiced today by a growing number of jurisdictions.

I would add:

  1. It took the officials a while to detect the hack, even with the Michigan Fight song playing. Imagine if the team had only changed or added 10% or 20% of the vote and cast them for candidates actually on the ballot! What if it was a real election and the officials were not certain that several groups were likely trying to hack in!!!
  2. We pay significant attention to outsider attacks, but insider attacks aremuch easier, require less expertise, and are much less likely to be detected.emember online voting is about as auditable as a paperless DRE, just more globally vulnerable.
  3. Was the West Virginia Pilot hacked? How would anyone know? Maybe not, it was not a very valuable target since so few votes were involved.