CTVotersCount.org

Case Dismissed in Bridgeport – Reason Missed In Hartford

Update: Glitch in the Webmaster’s work, which is unaudited!!!: An earlier versions cut off part of the quote and the editorial comment making the point.

From the Channel 30 report:

A state Superior Court judge on Wednesday dismissed state Rep. Christopher Caruso’s lawsuit challenging the results of the Bridgeport Democratic primary for mayor.Caruso lost the Sept. 11 primary to state Sen. Bill Finch by 270 votes out of 9,000 ballots cast. Caruso, who said 22 violations affected the primary, sued. He said city election officials improperly prevented some voters from casting ballots and directed others to vote for Finch…

Secretary of the State Susan Bysiewicz said the judge’s ruling made it clear that all votes were counted accurately. “Judge (John) Blawie’s decision validating the results gives voters in Bridgeport, and across Connecticut, confidence in the election process, both in terms of the voting machines we now use and the procedures followed by local Registrars of Voters,” Bysiewicz said.

No. The votes were not counted against the paper. It does not validate the machines in Bridgeport, let alone the machines across the state. Absence of evidence of error is not evidence of absence of error. I have no reason to suspect a problem. Nobody has reasons to prove everything is ok.

New Britain Keeps Candidate Moving

Rick Guiness has a follow-up to last week’s story in the New Britain Herald : <read>

Continue reading “New Britain Keeps Candidate Moving”

Diebold Source Code – CA Top-To-Bottom Review

In August, the Secretary of the State of California decertified electronic voting equipment from Diebold, ES&S, and Sequoia. Her action was based on the Top-To-Bottom Review, which consisted of four reports on each vendor. Two of those reports, Documentation and Source Code were not released at the time. On October 5th, I highlited the Documentation Review. Today, I highlight the Source Code Review.

A Source Code Review sounds like and is a very techinical topic. However, this report is very educational and easy to read. Read the Executive Summary, read the Introduction, and more. I don’t expect everyone to read it completely, but please start and seeÂ if you agree that it is accessible and articulate. I cannot add to the report, however, I can provide some highlights and encourage you to go farther <the report>

From the executive summary:

Our analysis shows that the technological controls in the Diebold software do not provide sufficient security to guarantee a trustworthy election. The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit. These vulnerabilities include:

Vulnerability to malicious software…

Susceptibility to viruses…

Vulnerability to malicious insiders…

Although we present several unpublished vulnerabilities, many of the weaknesses that we describe were first identified in previous studies…

we conclude tht the safest way to repair the Diebold system is to reengineer it so that it is secure by design.
Continue reading “Diebold Source Code – CA Top-To-Bottom Review”

Election Lottery

I cannot resist commenting on the idea expressed in the Courant today in the article A Proposal To Sweeten The Ballot Box ,with opposing positions by Dr. Mark Osterloh, ophthalmologist and political activist, and Susan Bysiewicz, Secretary of the State. <read>

Dr. Osterloh’s suggestion is to award a lottery prize of $1,000,000 to voters in an election. to be paid for from existing lottery funds. Secretary Bysiewicz opposes the idea. I am very much in agreement on this with Secretary Bysiewicz.

Yet, there is a lot that voting officials and the legislature can take home from the Lottery. If the lottery was run as secretly and with the lack of transparency of our current e-voting system then there would be public cries for reform; the lottery would become less popular; few would tolerate lottery officials auditing themselves; especially if suddenly politicians or lottery officials began to win frequently, contrary to the rules of probability and predictions of statistics.

Nationally and in Connecticut we are forced to tolerate a lack of transparency with voting. Since 2000 we have been subject to two national elections and several congressional, statewide, and local elections that defy statistics. In Connecticut elections are audited by the same officials that certify the equipment, write the procedures, and conduct the elections.

The way to generate public confidence in elections is to institute a sufficient audit. That is a prerequisite for increasing public participation. Voters and bettors have lots more to lose in our elections than they do in the lottery. We risk billions in taxes, yet, our proposal at CTVotersCount.org would cost the state less than a 1/3 of the cost of the proposed lottery prize.

FAQ – How can the scanner be hacked? It is kept in a canvas bag protected by a tamper-evident seal!

Update 10/28: The Secretary of the State’s Office has taken action to mitigate these concerns by requiring three additional tamper evident seals to indicate when the case has been open and to protect the ports. <read the details> Our democracy hangs, literally, by a vulnerable plastic thread – that can be compromised with a few … Continue reading “FAQ – How can the scanner be hacked? It is kept in a canvas bag protected by a tamper-evident seal!”

Update 10/28: The Secretary of the State’s Office has taken action to mitigate these concerns by requiring three additional tamper evident seals to indicate when the case has been open and to protect the ports. <read the details>

Our democracy hangs, literally, by a vulnerable plastic thread – that can be compromised with a few $, in a few seconds.

Background: The recent story in New Britain started curiosity for information on the actual security of the canvas bag and the tamper-evident seal that are required to protect the AccuVote-OS optical scanners in Connecticut. By fortunate coincidence I had just started reading the CA Top-To-Bottom Source Code Review of the Diebold Voting System which also led to an article, Tamper-Indicting Seals in American Scientist by Roger G. Johnson, head of the Vulnerability Assessment Team at Los Alamos National Laboratory. (I will post a review of the CA Source Code Review in the near future)

Even though there is a tamper-evident seal over the memory card in the optical scanner, that alone would be insufficient to protect the memory card from unauthorized changes for two reasons: 1) Despite the recommendations of the University of Connecticut, the parallel port remains operational and exposed to provide access to compromise the scanner’s software and/or the memory card. 2) Four screws can be removed to provide access to the memory card and other parts for alteration/replacement without without disturbing the seal. The employed solution is a canvass bag matched with a tamper-evident seal enclosing the entire optical scanner.

Continue reading “FAQ – How can the scanner be hacked? It is kept in a canvas bag protected by a tamper-evident seal!”

Candidate’s rivals bothered by company’s role with voting machines

Update: 10/16 More News From New Britain: Party’s changes in ballots stress election chiefs Apparently Higher Pay does not prevent stress.

New Britain Herold story by Rick Guinness – Are voting machines protected properly? The article and the quotes from individuals involved open more questions than they answer. It is clear that Gerry Amodio is on the ballot and his company is moving the voting machines. The rest of the facts are unclear. And since the actual move has not yet happened, by surfacing the issue election officials will have time to do the right thing, no mater their original intent. <read>

Here is who the Moderator’s Handbook says must deliver the voting machines:

“BOTH Assistant Registrars from EACH polling place, or two sworn election officials from different parties (which can include the Registrars of Voters) or one police officer”.

Continue reading “Candidate’s rivals bothered by company’s role with voting machines”

Bev Harris Discusses Vulnerabilities in Bridgeport

Bev Harris of BlackBoxVoting.org has posted a stimulating discussion of the election in Bridgeport and our vulnerabilities. Not the kind of national publicity we should be proud of in the Constitution State: <read>

Bev alleges no known illegalities or incorrect vote counts, but points to the vulnerabilities of our custody procedures, the sealing of our voting machines, the inadequacy or irrelevance of the inner seal, and some questions specific to Bridgeport. Whoever won or should have won, the Bridgeport mayoral primary demonstrates several vulnerabilities which do not instill confidence.

Whoever won or should have won, the procedures in Bridgeport mayoral primary have left plenty of room for fraud…

In other words, this is a “Trust Me” elections model where you are trusting private contractors…

Despite a lot of hoopla about security procedures and special testing of memory cards and seals, we received citizen reports of at least one midday voting machine replacement. This, in a location where only 270 votes separated candidates. One or two polling places was enough to do the trick…

I have not seen the seal on the canvas tote bag, but that is actually the only seal that matters (if it even matters; I have a little experiment in mind…). The seal on the voting machine itself is a sham…

By the way, the legal term for racketeering, the charge brought against our friend the Bridgeport mayor, is “conspiracy.” Next time someone calls you a conspiracy theorist, consider saying, “Well yes, in the RICO sense, I suppose I am.”

Bev was the featured guest on Voice of The Voters last night in Pennsylvania. Two of the three callers were from Connecticut, including yours truly. I briefly discussed the recent audits. She pointed out that in her opinion that audits are not really public unless we actually see the ballots as they are being counted. Food for thought.

Brad Blog Interviews Professor Steve Freeman

It is funny to hear myself speak like radical on this issue. I’ve spent my life starting businesses and teaching in such radical institutions as Harvard Business School system and Wharton. Running businesses, starting businesses and teaching business school students. But when you are talking about privatizing elections you are really giving up the security we have that elections are unfettered and free.

Continue reading “Brad Blog Interviews Professor Steve Freeman”

Post-Election Audits – the 7.2% Audit and Other Glitches

(Note: This is an abbreviated and edited version of observations and concerns with the post-election audits recently submitted to and discussed with Lesley Mara, Deputy Secretary of the State)

It is natural for things to be learned in practice that were not anticipated in creating laws and procedures. The recent random audits are a demonstration of this. Many problems not anticipated by legislation, procedures, and yours truly. Unfortunately, the number and complexity of the problems and issues indicates that there is a need for significant changes in training, procedures, and the law.

There was no easy way to determine the dates, times, and locations of the audits other than repeatedly calling the registrarâ€™s offices. This is especially time consuming in the case of part time registrars who donâ€™t all return messages and donâ€™t provide office hours on their voice mail messages. There were no other members of the public as observers in Cornwall and Hartford. The only other observer was an Assistant Registrar from an opposing party in Hartford. Voter apathy or lack of publicity? There are no notice times or publication requirements for the public audits. The only notice required is to inform the Secretary of the State’s office of the date, time, and location of an audit. For instance, a pubic audit for 9:00AM could be set at 8:45AM.

The selection of races is not required to be public. The selection of races to be audited should be public and subject to notification procedures similar to those for the audits.

The time-frame of the audits, 15 to 19 days after the election, provides too much time for the ballots and machines to be manipulated and is completely counter to the opinions of the Brennan Center. This can only be fixed in the statutes; however, the procedures can be changed to mitigate some of the difficulties: a) The random selection of districts for audit could be held much closer to day 15. b) The drawing of races should be moved much closer to the date of the audit â€“ it could be required to be the first order of business of the same public event as the audit itself.

I was able to observe two of three audits I attempted:

Continue reading “Post-Election Audits – the 7.2% Audit and Other Glitches”

Diebold Documentation – CA Top-To-Bottom Review

Debra Bowen has recently released the “Documentation Assessment of the Diebold Voting Systems”. Having served as a software buyer and as a product manager, I can attest that software documentation is almost always an afterthought, usually poor, hard to keep up to date, and expensive to do well. Its also a very boring and mundane topic for the average software developer and untechnical user.

Yet, don’t overlook this report. There are Gems (no pun intended) and very valuable insights available from the report. Below are several excerpts to hopefully entice some to read at least a few pages of the report:

conscientious local election officials attempting to master the Diebold system will find the documentation presents numerous impediments to their managing the voting system correctly, in a manner that achieves high accuracy, security, and other core objectives…

Pursuant to the federal standards, Diebold submitted to CIBER [Independent Testing Authority] a set of voting system security policies…A comparative analysis shows that the security policies Diebold filed with CIBER were considerably more stringent and extensive than those it ultimately documented in Diebold’s product manuals..

Continue reading “Diebold Documentation – CA Top-To-Bottom Review”