CTVotersCount.org

Voting Machine Security Enhanced By SOTS Office

The Secretary of the State’s Office has taken action to reduce the chance of tampering with voting machines in Connecticut by requiring three additional tamper evident seals added to the Diebold AccuVote-OS optical scanners. The problem was outlined in a recent FAQ at CTVotersCount.org – the canvass bag and plastic seal are vulnerable, while the memory card seal can be bypassed by four screws on the bottom of the AccuVote-OS. In addition advocates complained that the parallel port had not been disabled as recommend by UConn.

Two seals will be placed over the ports of the AccuVote-OS, while another placed on the side to indicate that the optical-scanner was opened by the screws.

Case Seal Port Seal

Hats off to the Office of the Secretary of the State for swift action to address these concerns. While we doubt these seals are a perfect solution or that there is one, they are an added layer of protection, and appear somewhat more difficult to defeat than the canvas and plastic seals.

Ballots More Costly Than A Sufficient Audit

We have been saying that a sufficient audit would cost $0.20 to $0.50 per ballot cast. Now we have an example in Connecticut demonstrating that at least for one town, ballots cost $0.40 each to print. Given that extra ballots must be printed, it is clear that counting the paper is less costly than printing it in the 1st place. Just one more reason to sign the petition and change the law: Democracy is Priceless – Audits are a bargain.

Case Dismissed in Bridgeport – Reason Missed In Hartford

Update: Glitch in the Webmaster’s work, which is unaudited!!!: An earlier versions cut off part of the quote and the editorial comment making the point.

From the Channel 30 report:

A state Superior Court judge on Wednesday dismissed state Rep. Christopher Caruso’s lawsuit challenging the results of the Bridgeport Democratic primary for mayor.Caruso lost the Sept. 11 primary to state Sen. Bill Finch by 270 votes out of 9,000 ballots cast. Caruso, who said 22 violations affected the primary, sued. He said city election officials improperly prevented some voters from casting ballots and directed others to vote for Finch…

Secretary of the State Susan Bysiewicz said the judge’s ruling made it clear that all votes were counted accurately. “Judge (John) Blawie’s decision validating the results gives voters in Bridgeport, and across Connecticut, confidence in the election process, both in terms of the voting machines we now use and the procedures followed by local Registrars of Voters,” Bysiewicz said.

No. The votes were not counted against the paper. It does not validate the machines in Bridgeport, let alone the machines across the state. Absence of evidence of error is not evidence of absence of error. I have no reason to suspect a problem. Nobody has reasons to prove everything is ok.

New Britain Keeps Candidate Moving

Rick Guiness has a follow-up to last week’s story in the New Britain Herald : <read>

Continue reading “New Britain Keeps Candidate Moving”

Diebold Source Code – CA Top-To-Bottom Review

In August, the Secretary of the State of California decertified electronic voting equipment from Diebold, ES&S, and Sequoia. Her action was based on the Top-To-Bottom Review, which consisted of four reports on each vendor. Two of those reports, Documentation and Source Code were not released at the time. On October 5th, I highlited the Documentation Review. Today, I highlight the Source Code Review.

A Source Code Review sounds like and is a very techinical topic. However, this report is very educational and easy to read. Read the Executive Summary, read the Introduction, and more. I don’t expect everyone to read it completely, but please start and seeÂ if you agree that it is accessible and articulate. I cannot add to the report, however, I can provide some highlights and encourage you to go farther <the report>

From the executive summary:

Our analysis shows that the technological controls in the Diebold software do not provide sufficient security to guarantee a trustworthy election. The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit. These vulnerabilities include:

Vulnerability to malicious software…

Susceptibility to viruses…

Vulnerability to malicious insiders…

Although we present several unpublished vulnerabilities, many of the weaknesses that we describe were first identified in previous studies…

we conclude tht the safest way to repair the Diebold system is to reengineer it so that it is secure by design.
Continue reading “Diebold Source Code – CA Top-To-Bottom Review”

Election Lottery

I cannot resist commenting on the idea expressed in the Courant today in the article A Proposal To Sweeten The Ballot Box ,with opposing positions by Dr. Mark Osterloh, ophthalmologist and political activist, and Susan Bysiewicz, Secretary of the State. <read>

Dr. Osterloh’s suggestion is to award a lottery prize of $1,000,000 to voters in an election. to be paid for from existing lottery funds. Secretary Bysiewicz opposes the idea. I am very much in agreement on this with Secretary Bysiewicz.

Yet, there is a lot that voting officials and the legislature can take home from the Lottery. If the lottery was run as secretly and with the lack of transparency of our current e-voting system then there would be public cries for reform; the lottery would become less popular; few would tolerate lottery officials auditing themselves; especially if suddenly politicians or lottery officials began to win frequently, contrary to the rules of probability and predictions of statistics.

Nationally and in Connecticut we are forced to tolerate a lack of transparency with voting. Since 2000 we have been subject to two national elections and several congressional, statewide, and local elections that defy statistics. In Connecticut elections are audited by the same officials that certify the equipment, write the procedures, and conduct the elections.

The way to generate public confidence in elections is to institute a sufficient audit. That is a prerequisite for increasing public participation. Voters and bettors have lots more to lose in our elections than they do in the lottery. We risk billions in taxes, yet, our proposal at CTVotersCount.org would cost the state less than a 1/3 of the cost of the proposed lottery prize.

FAQ – How can the scanner be hacked? It is kept in a canvas bag protected by a tamper-evident seal!

Update 10/28: The Secretary of the State’s Office has taken action to mitigate these concerns by requiring three additional tamper evident seals to indicate when the case has been open and to protect the ports. <read the details> Our democracy hangs, literally, by a vulnerable plastic thread – that can be compromised with a few … Continue reading “FAQ – How can the scanner be hacked? It is kept in a canvas bag protected by a tamper-evident seal!”

Update 10/28: The Secretary of the State’s Office has taken action to mitigate these concerns by requiring three additional tamper evident seals to indicate when the case has been open and to protect the ports. <read the details>

Our democracy hangs, literally, by a vulnerable plastic thread – that can be compromised with a few $, in a few seconds.

Background: The recent story in New Britain started curiosity for information on the actual security of the canvas bag and the tamper-evident seal that are required to protect the AccuVote-OS optical scanners in Connecticut. By fortunate coincidence I had just started reading the CA Top-To-Bottom Source Code Review of the Diebold Voting System which also led to an article, Tamper-Indicting Seals in American Scientist by Roger G. Johnson, head of the Vulnerability Assessment Team at Los Alamos National Laboratory. (I will post a review of the CA Source Code Review in the near future)

Even though there is a tamper-evident seal over the memory card in the optical scanner, that alone would be insufficient to protect the memory card from unauthorized changes for two reasons: 1) Despite the recommendations of the University of Connecticut, the parallel port remains operational and exposed to provide access to compromise the scanner’s software and/or the memory card. 2) Four screws can be removed to provide access to the memory card and other parts for alteration/replacement without without disturbing the seal. The employed solution is a canvass bag matched with a tamper-evident seal enclosing the entire optical scanner.

Continue reading “FAQ – How can the scanner be hacked? It is kept in a canvas bag protected by a tamper-evident seal!”

Candidate’s rivals bothered by company’s role with voting machines

Update: 10/16 More News From New Britain: Party’s changes in ballots stress election chiefs Apparently Higher Pay does not prevent stress.

New Britain Herold story by Rick Guinness – Are voting machines protected properly? The article and the quotes from individuals involved open more questions than they answer. It is clear that Gerry Amodio is on the ballot and his company is moving the voting machines. The rest of the facts are unclear. And since the actual move has not yet happened, by surfacing the issue election officials will have time to do the right thing, no mater their original intent. <read>

Here is who the Moderator’s Handbook says must deliver the voting machines:

“BOTH Assistant Registrars from EACH polling place, or two sworn election officials from different parties (which can include the Registrars of Voters) or one police officer”.

Continue reading “Candidate’s rivals bothered by company’s role with voting machines”

Bev Harris Discusses Vulnerabilities in Bridgeport

Bev Harris of BlackBoxVoting.org has posted a stimulating discussion of the election in Bridgeport and our vulnerabilities. Not the kind of national publicity we should be proud of in the Constitution State: <read>

Bev alleges no known illegalities or incorrect vote counts, but points to the vulnerabilities of our custody procedures, the sealing of our voting machines, the inadequacy or irrelevance of the inner seal, and some questions specific to Bridgeport. Whoever won or should have won, the Bridgeport mayoral primary demonstrates several vulnerabilities which do not instill confidence.

Whoever won or should have won, the procedures in Bridgeport mayoral primary have left plenty of room for fraud…

In other words, this is a “Trust Me” elections model where you are trusting private contractors…

Despite a lot of hoopla about security procedures and special testing of memory cards and seals, we received citizen reports of at least one midday voting machine replacement. This, in a location where only 270 votes separated candidates. One or two polling places was enough to do the trick…

I have not seen the seal on the canvas tote bag, but that is actually the only seal that matters (if it even matters; I have a little experiment in mind…). The seal on the voting machine itself is a sham…

By the way, the legal term for racketeering, the charge brought against our friend the Bridgeport mayor, is “conspiracy.” Next time someone calls you a conspiracy theorist, consider saying, “Well yes, in the RICO sense, I suppose I am.”

Bev was the featured guest on Voice of The Voters last night in Pennsylvania. Two of the three callers were from Connecticut, including yours truly. I briefly discussed the recent audits. She pointed out that in her opinion that audits are not really public unless we actually see the ballots as they are being counted. Food for thought.

Brad Blog Interviews Professor Steve Freeman

It is funny to hear myself speak like radical on this issue. I’ve spent my life starting businesses and teaching in such radical institutions as Harvard Business School system and Wharton. Running businesses, starting businesses and teaching business school students. But when you are talking about privatizing elections you are really giving up the security we have that elections are unfettered and free.

Continue reading “Brad Blog Interviews Professor Steve Freeman”