Reports | CTVotersCount.org

Statistics Can Help Ensure Accurate Elections

The American Statistical Association’s Science and Public Affairs Advisory Committee has recommended that post election audits have at least a 90% level of confidence.

Election officials need to make sure the person elected winner is the person the most voters want..Election results are most trustworthy when the entire election process can be audited, not just the vote counts…the audit should have the statistical power to trigger additional action at least nine out of 10 times when the wrong winner is declared.(emboldening added)

What is significant with this committee is that it has recommended a specific level of confidence where other reports have used 90% or 95% as examples. For instance here and here.

As I have emphasized here and here Connecticut law is, in my opinion, inadequate because it over audits some races and it is woefully inadequate in other races. For example, in races such as state representative, senator, or small to mid size municipal races, the probability of detection would be 2%-4%. or one in 50, or one in 25, which is a far cry from nine out of 10. (Note: CT Law specifies auditing 10% of races selected randomly, which is quite different than the confidence %, a measure which represents the probability an audit confirms the correct candidate has won an election)

The committee goes on to cover other areas where statistics can be used to increase the integrity and confidence in the whole process. Read the entire report here.

The President of the association, however, recommended an even higher standard of 99% confidence in a letter to Senator Feinstein who, along with Senator Dodd has proposed woefully inadequate legislation at the federal level.

Brennan Center: The Machinery Of Democracy

On August 1st the Brannan Center released a report Post-Election Audits: Restoring Trust in Elections which has been covered on CTVotersCount.org. Today we will look at the security portion of an earlier report The Machinery Of Democracy: Accessibility, Usability, and Cost and its implications for Connecticut.

The tone of the report is serious. The conclusions are serious. Like all computer voting machines, optical scan voting machines are vulnerable, they are most vulnerable to malicious software, they “pose a real danger to election integrity”, and most jurisdictions have implemented none of the counter measures recommended.

A key finding:

The Brennan Center’s Task Force on Voting System Security reviewed more than 120 potential threats to voting systems…attacks involving the insertion of software attack programs or other corrupt software are the least difficult attacks against all electronic systems currently purchased when the goal is to change the outcome of a close statewide election.

Continue reading “Brennan Center: The Machinery Of Democracy”

EVT07 Electronic Voting Technology Workshop

Yesterday was the USENIX/ACCURATE Electronic Voting Technology Workshop held in Boston. Today I will give some overall impressions and highlight just one of the relevant papers.

UPDATE: Avi Rubin blogs on session with Debra Bowen
(inappropriate certification processes for electonic voting)

For me it was a highly educational and engaging day. My experience at conferences with highly academic papers, was in the mid 1980’s when for several years I participated in annual Artificial Intelligence conferences. At those conferences I found the general sessions very useful but the academic papers were very detailed, seemingly crossing the t’s and dotting the i’s on previous papers, those sessions went well beyond my tolerance for detail. The papers presented at the workshop yesterday were all clear and interesting, timely, and most were relevant to voting in Connecticut.

Seeing and meeting the other attendees was also a highlight of the day – researchers whose papers and blogs I’ve read, talked to previously, and who have made huge contributions to raise awareness of the risks of electronic voting. It was also hopeful to see a considerable group of researchers who work with state election officials and three election officials. Alex Shvartsman of Uconn and several of his students were there presenting one of their recent papers. Clearly the most appreciated attendee was Debra Bowen, Secretary of the State of California.

Sixteen of forty-two submitted papers were presented. A huge increase from the eighteen papers submitted last year. Doug Jones from Iowa, who testified to the CT Legislature a year lor two ago, was one of the organizers. He expressed the hope that next year more papers would be available that point the way to improved, reliable voting methods. Most of the papers this year demonstrated the lack of security and reliability in existing e-voting equipment. Several pointed the way for more effective post election paper audits. The final three papers presented five innovative ways that might enhance the voter attractive touch screen voting to make it private and auditable — unfortunately, for the most part, they accomplished the security by requiring a lot of sophistication on the part of the average voter.

I have covered the Uconn paper previously I will cover a paper relevant to Connecticut, from Princeton, here and perhaps more papers on other days.

The Princeton University paper:

Continue reading “EVT07 Electronic Voting Technology Workshop”

Hot Summer for Research Reports

Recent weeks and months have seen increasing activity in voting machine security and statistical analysis for auditing elections. Expect more news in the near term: A report is anticipated from the Brennan Center for Justice and several papers at the USENIX Accurate Electronic Voting Technology Workshop in
Boston on August 6^th.

CA, Post-Election Audit Standards Working Group, Report

Post-Election Audit Standards Working Group, Report, Evaluation of Audit Sampling Models and Options for Strengthening Californiaâ€™s Manual Count

This report moves the technical and political conversation to a whole new level.

â€œ The literature does not frame the statistical problem in the best way: Most of the papers address essentially this question: â€˜If the machine count named the wrong winner, what is the chance we will see at least one error in the sample?â€™ However, the Working Group believes the right question to ask is: â€˜If the machine count named the wrong winner, what is the chance we would have seen more errors in the sample than we actually saw in the sample?â€™â€
â€œIf audits are effective, then the public can have confidence in the outcome of elections even if the voting systems used are imperfect, because the audit can detect and be used as the basis to help correct human and voting system errorsâ€¦
The complexity of these systems means there are many more ways in which voting systems can fail to capture votes correctly, lose votes, miscount votes, and be manipulated to yield incorrect resultsâ€¦
Auditing a small percentage of precincts is not effective for finding problems that affect only a few precincts. Moreover, no fixed percentage (short of 100%) suffices to give high confidence that the apparent outcome of the election is correct. For that goal, the number of precincts that should be tallied manually depends on the margin in each precinct, the number of ballots cast in each precinct, and other factors, including the number of discrepancies found in the precincts that are manually counted.â€

Read the full report

University of California Red Team Reports to the Secretary of State

This confirms earlier reports on Diebold Optical Scan equipment, including the University of Connecticut report.

The vulnerabilities identified in this report should be regarded as a minimal set of vulnerabilities. We have pursued the attack vectors that seemed most likely to be successful. Other attack vectors not described here may also be successful and worth pursuing. This work should be seen as a first step in the ongoing examination of the systems, All members of the team strongly believe that more remains to be done in this field and, more specifically, on these systems
The Red Team was able to verify the findings of some previous studies on the AV-OS unit; the impact of these was to alter vote totals in order to change the vote results on that machine
…the attacker launches a low-tech attack that can be discreetly executed at a Precinct Count AV-OS under the watch of a moderately attentive poll worker. The tools for completing the attack are small and easily concealed, and they can be obtained in a typical office
â€¦we were able to discover attacks for the Diebold system that could compromise the accuracy, secrecy, and availability of the voting systems and their auditing mechanisms. That is, the Red Team has developed exploits that absent procedural mitigation strategies can alter vote totals, violate the privacy of individual voters, make systems unavailable, and delete audit trails.

Read the full report

University of Connecticut, Security Assessment of the Diebold Optical Scan Voting Terminal

In July, 2007 a similar report was released on the Diebold TSX, which demonstrated that that the state’s choice of Diebold Optical Scan was far superior to the Diebold DRE option, however, the October 2006 report is the one that applies to our voting systems.

We identify a number of new vulnerabilities of this system which, if exploited maliciously, can invalidate the results of an election process utilizing the terminal. Furthermore, based on our findings an AV-OS can be compromised with off-the-shelf equipment in a matter of minutes even if the machine has its removable memory card sealed in placeâ€¦Such vote tabulation corruptions can lay dormant until the election day, thus avoiding detection through pre-election tests
The vulnerability assessment provided in this paper is based only on experimentation with the system. At no point in time had we used, or had access to, internal documentation from the manufacturer we conclude that attackers with access to the components of the AV-OS
system can reverse-engineer it in ways that critically compromise its security, discover the vulnerabilities presented here in and develop the attacks that exploit them.

Unfortunately, presumably the secret programming of each election by Diebold allows access to the memory cards by those with all the documentation.

Read the full report

VerifiedVoting.org, Percentage-based vs. SAFE Vote Tabulation Auditing: A Graphic Comparison

This is a complete case for variable audit percentages.

Several pending electoral-integrity bills specify hand audits of 2% to 10% of all precincts. However, percentage-based audits are usually inefficient… Percentage based audits can also be ineffective, since close races may require auditing a large fraction of the total â€“even a 100% hand recount to provide confidence in the outcome. This paper presents the SAFE (Statistically Accurate, Fair and Efficient) alternative¦based on the same statistical principles that inform audits in business and finance…However, SAFE audits ensure high confidence in all electoral outcomes by using auditing resources more efficiently and employing large samples only when necessary.

Read the full report