They know what you think and how your vote will be recorded

NY Review of Books has a article by James Bamford, a true expert on the NSA: They Know Much More Than You Think which ends with an insightful quote from the late Senator Frank Church, which we paraphrase for the coming of Internet voting to Connecticut.

NY Review of Books has a article by James Bamford, a true expert on the NSA: They Know Much More Than You Think <read> which ends with an insightful quote from the late Senator Frank Church, which we paraphrase for the coming of Internet voting to Connecticut:

That capability at any time could be turned around on the American people and no American would have any privacy left, such [is] the capability to monitor everything: telephone conversations, telegrams, [how you voted, what you think, what you said in your you youth, who you “paled around with”,] it doesn’t matter. There would be no place to hide. If this government ever became a tyranny, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, [elect their chosen candidates, pass/defeat initiatives, make you look bad, unpatriotic, untrustworthy,] or defeat the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know. Such is the capability of this technology…. I don’t want to see this country ever go across the bridge. I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, [while avoiding reliance on technology that the government and others could use to compromise elections,] so that we never cross over that abyss. That is the abyss from which there is no return.

We add “first they came for the Military’s vote, then they came for my vote, but then there was no empowerment left to restore democracy”.

We recommend reading Bamford’s entire piece to understand what they can know about you, now or when they choose in the future, should you do something they would like to prevent by discrediting you or someone you know.

 

 

 

Well intended misstep on Connecticut’s horizon?

The Hartford Courant editorial board celebrates a step towards a mistake for which they have long advocated

There is always an easy solution to every human problem–neat,
plausible, and wrong.- H.L. Mencken

There is always an easy solution to every human problem–neat, plausible, and wrong.
– H.L. Mencken

The Hartford Courant editorial board celebrates a step towards a mistake for which they have long advocated: Registrar Reduction On Hartford Horizon, Hartford Charter Commission wisely proposes end to five-year fiasco <read>

Hartford has wasted more than $1 million in the last five years on a top-heavy registrars of voters’ office. The city has three registrars, while every other municipality in the state has two.
Under a law that apparently dates back to when the Socialist Party had a strong presence in the state, the candidates for registrar who garner the highest and second-highest number of votes win the posts. But if a major-party candidate — Democrat or Republican — is not among the top two finishers, that candidate must also be named a registrar.
In 2008, the Working Families Party candidate outpolled the Republican candidate, so both, along with the Democrat, became registrars. The cost of each party registrar, with staff, benefits, etc., approaches $250,000 a year…

Two more things must happen. The change must be approved by voters in November, and the General Assembly must make a small change in state law.

While the Editorial Board may have their heart in the right place, they may be oblivious to the demanding job of registrar and the record of human nature. They have regularly been fighting this battle since before the third party registrar was elected. We have been arguing for better solutions then and now.

  • There is a reason for two registrars and three. The idea is to have checks and balances. Since the Working Families Party is the real challenger in Hartford, they need a registrar to watch out for their interests and the interests of their voters. Yet, as the one of the major parties in statewide elections, the Republicans need someone watching out for their interests in Hartford as well. Not so long ago we saw that a single registrar was insufficient to protect the interests of one party. Does the Editorial Board remember or read the news in the Courant?
  • Replacing three uncertified registrars with one uncertified registrar, without oversight is a formula for disaster.We have argued for replacing all registrars with civil service professionals, yet not the simplistic way apparently recommend by the Editorial Board: We have recommended: Doing for election what we have done for probate: Regionalize, Professionalize, Economize. But changing one city or only a simple change allowing for a single professional to run a city’s elections is false economy. We have professional iown clerks, yet the ycan be certified and supervised. To do the job right there needs to be training and qualifications; there needs to be standards for town councils to judge potential candidates; there needs to be a career path from deputy to registrar, from smaller districts to larger ones; there must be oversight in place to see that registrars do the job as intended and are even-handed to all parties, candidates and voters. Here is the bill we proposed last year <read> for a blue ribbon commission.
  • There is more than one way to save money, in spite of the city and Courant’s lack creativity. As we have said before there is no state law mandating that a third registrar cost $250,000. There are plenty of registrars across the state that work part time, so can three Hartford registrars work 2/3 time and be supported by three deputies with fewer assistants in total.

We appreciate that the Editorial Board understands the value of auditing.

Another change would expand the powers and scope of the city’s internal audit commission. The commission has been remarkably busy this year rooting out waste and should have the tools it needs. The revision also enables the creation of a public campaign financing mechanism, a nice idea when the city can afford it.

If only we had effective, comprehensive, independent election audits.

Electronic voting as safe as electricity and nuclear power?

In a recent Hartford Courant Op-Ed, Arthur House, chair of the Connecticut Public Utilities Regulatory Authority and previous Director of Communications of the Director of National Intelligence addressed cyber threats to public utilities. We cannot help but compare the concern of Mr. House for our utilities ability to protect the infrastructure, with the sure confidence of our Governor and Legislature in the ability of the Secretary of the State and local election officials to develop systems, at no cost, to make the Internet safe for online voting. Democracy is at least as important as the infrastructure.

In a recent Hartford Courant Op-Ed, Arthur House, chair of the Connecticut Public Utilities Regulatory Authority and previous Director of Communications of the Director of National Intelligence addressed cyber threats to public utilities: State Utilities Girding Their Cyber Defenses <read>

Cyber offense and defense are rapidly evolving forms of warfare. Our public utilities are among the target s foreign powers have penetrated. Our vital public services are vulnerable. U.S. national security leadership has seen the exercise of cyber probes and weaponry, some in overt military action and others, including foreign actions in the United States, more exploratory — “battlefield preparation,” in military terms.

For public utilities and the states that regulate them, cyber threats risk denial of electricity, water, natural gas and telecommunications. Our state emergency managers include cyber threats in their portfolio of hurricanes, ice storms, other natural disasters and physical sabotage. Cyber threats present a new dimension to emergency management with potentially devastating consequences and without the certainty of adequate defenses…

.Connecticut is intensifying its work with its public utilities, which long ago started their cyber defense programs and initiated planni ng for dealing with disruption. Several strengthening steps are possible, such as requiring utilities annually publish a statement from a reputable security company affirming (or not) that the company takes reasonable steps to ensure cyber security.

The most difficult adjustment lies with all of us — understanding and accepting the reality of cyber vulnerability and its unpredictable consequences. In the past, Americans have been able to take action, find reasonable solutions and do what makes sense without giving up the essential. We can do it with cyber, but it’s time to kick into gear.. The threat is real, and the work will be demanding.

We cannot help but compare the concern of Mr. House for our utilities ability to protect the infrastructure, with the sure confidence of our Governor and Legislature in the ability of the Secretary of the State and local election officials to develop systems, at no cost, to make the Internet safe for online voting. Democracy is at least as important as the infrastructure.

Student hijacks election, case highlights internet voting vulnerability

Another challenge for Secretary of the State Denise Merrill and the state Military Department in creating a safe online voting system for Connecticut. We would add that one of the key (pun intended) vulnerabilities in online voting is in the user id’s and passwords required for voting.

A former Cal State student was sentenced to one year in jail for hacking a student election, to gain positions which pay much better than most town council positions in Connecticut. Two excellent articles by Doug Chapin: Cautionary Tale: Student Gets Jail Time for Stealing Online School Election <read> and a follow-up by David Jefferson: <read>

The gist of the story from Chapin:

Technically, this isn’t the kind of election news I usually blog about (because it doesn’t involve a public election) but I thought it was worth sharing … From UTSanDiego:

A former Cal State San Marcos student who rigged a campus election by stealing nearly 750 student passwords to cast votes for himself and friends was sentenced Monday in federal court to a year in prison …Weaver, 22, of Huntington Beach was a third-year business student when he carried out the elaborate plan to win election as president of the school’s student council in March 2012. He pleaded guilty this year to three federal charges, including wire fraud and unauthorized access to a computer …

The plan to steal the election was months in the making.

On Weaver’s computer, authorities found a PowerPoint presentation from early 2012, proposing that he run for campus president and that four of his fraternity brothers run for the four vice president spots in the student government. The presentation noted that the president’s job came with an $8,000 stipend and the vice presidents each got a $7,000 stipend.

Weaver also had done a bit of research, with computer queries such as “how to rig an election” and “jail time for keylogger.”

A month before the election, Weaver purchased three keyloggers — small electronic devices that secretly record a computer user’s keystrokes [pictured above – ed.].

Authorities said Weaver installed keyloggers on 19 school computers, stole passwords from 745 students and cast ballots from the accounts of more than 630 of those victims.

The plot was discovered, however, when technicians spotted unusual activity on the last day of the election period:

Using remote access, technicians watched the computer user cast vote after vote. They also watched as the user logged into the account of a university official and read an email from a student complaining that the system would not let her vote.Weaver had already cast a ballot from the student’s account, which was why she couldn’t vote.

The techs called campus police, who found Weaver at the school computer. He had keyloggers with him and was arrested.

The student didn’t help himself when he engaged in an elaborate cover-up afterwards

Jefferson adds several cautionary concerns that the hacker could have been a bit smarter and been less likely to be caught or the hack discovered, and that a similar public election hack would have been more difficult to discover, concluding:

In the many debates on the subject of Internet voting it is important not to allow anyone to use this Cal State San Marcos student election experience to argue that online public elections can be made safe because those who would cast phony votes will be caught. Mr. Weaver’s actions were detected because he was voting from computers controlled by the university IT staff, and he was identified and caught because he was not even minimally technically skilled in the techniques that could have distanced him from the crime. In a high stakes public election we will not be so lucky.

What would we add?

We would add that one of the key (pun intended) vulnerabilities in online voting is in the user id’s and passwords required for voting.

What if Matthew Weaver had spent his time getting a job in the computer lab and obtained the list of passwords from a central server and then made some timely changes to alter logs of the ip addresses used for voting?

The now famous D.C. Hack among other things demonstrated that even outsiders have the possibility of gaining a list of voters and their passwords.

One of those pesky details that would confront Connecticut Secretary of the State, Denise Merrill and the Sswtate Military Department when they design a safe online voting system for Connecticut.  If they choose web based voting, how in the age of Bradley Manning access can they insure that military computers and individuals’ computers are safe for internet voting? How can they assure that passwords sent through the mail arrive in time, to the intended recipient, and uncompromised?

1117=620 and other inaccuracies of NationalPopularVote.org

Although Every Vote Equal is touted as a 630 page book, a detail apparently unchanged from the original version, the fourth edition is now an increasingly redundant 1117 pages. Unfortunately, no matter to what lengths the authors go, it can never be enough to successfully defy logic and informed common sense. On the other hand I have to appreciate their work to use a small portion of that space in an effort to discredit yours truly.

This spring marked the fourth edition of Every Vote Equal, a large and expanding essay apparently aimed at convincing readers and book-lifters that the weight of evidence is on the side of passing the National Popular Vote Agreement/Compact.

Although Every Vote Equal is touted as a 630 page book, a detail apparently unchanged from the original version, the fourth edition is now an increasingly redundant 1117 pages. Unfortunately, no matter to what lengths the authors go, it can never be enough to successfully defy logic and informed common sense. On the other hand I have to appreciate their work to use a small portion of that space in an effort to discredit yours truly.

I have yet to read the forth version, as reading every page of the third version was a tough enough slog. I will stick with the movie going forward. But one of the authors had promised that my myths about the Compact would be refuted in this version. So I hunted and found only one reference, taking a half a page or so, starting on page 582. It claimed to refute a statement in an old blog post:

In an article entitled “Lawmakers Seek to Change Presidential Elections to Make Them More Risky, Reduce Confidence,” Luther Weeks of Connecticut says:

“There is no official national popular vote number complied and certified nationally that can be used to officially and accurately determine the winner in any reasonably close election.” [Emphasis added(by Every Vote Equal)]

Of course, the vote counts recorded on the states’ Certificates of Ascertainment are used under the current system to award electoral votes. Moreover, these vote counts are considered “official” enough and “accurate” enough to elect the President of the United States under the current system.

In particular, the 537-vote lead (out of 5,963,110 votes) recorded on Florida’s Certificate of Ascertainment in 2000 was considered “official” enough and “accurate” enough to elect a President. One wonders why Weeks thinks that these state-produced Certificates of Ascertainment (and the legal process behind the “final determinations” reported in these certificates) would suddenly become “more risky” if used to elect a President under the National Popular Vote compact. Why would they suddenly “reduce confidence?”

Superficially, it sounds like they have done the job. But they have not. Let me point out a couple of things they missed or overlooked.

  • I was not saying that their was not a “popular vote number complied and certified nationally”. I am of course, aware of the Certificates of Ascertainment.
  • I was implying it is not true that the Certificates “can be used to officially and accurately determine the winner”. I am sticking by that.
  • I also did not say that “Certificates of Ascertainment are used under the current system to award electoral votes.” I said they could not be used under the Compact to determine the winner.

Several times after my original statement was made, I refuted their contention in blog debates. I also changed what I was saying to make by contention clearer by adding two words, “in time”. For instance, here is my testimony to the Connecticut Legislature in 2011 and again in this year in 2013.  I said pretty much the same thing both times:

Fact or Myth?

There is no official national popular vote number compiled in time, such that it could be used to officially and accurately determine the winner in any close election.

According to NationalPopularVote.org:

20.1    MYTH: There is no official count of the national popular vote.

It is sometimes asserted that there is no official national vote count for President and, therefore, the National Popular Vote bill would be impossible to implement. Contrary to this assertion, existing federal law (section 6 of Title 3 of the United States Code) requires that an official count of the popular vote from each state be certified and sent to various federal officials in the form of a “certificate of ascertainment…

Reality:

Yes: There is an official, unaudited, national popular vote number which can be determined by examining data posted by the federal government at: http://www.archives.gov/federal-register/electoral-college

Reality: The number is not compiled and available in time, such that states could use the number to determine, under the Compact, how to allocate their electoral votes. Looking at the details for 2008,
http://www.archives.gov/federal-register/electoral-college/state_responsibilities.html#vote2
We find:

  • States must prepare a Certificate of Ascertainment listing electors and the votes that they received: “The original Certificate and two certified copies (or duplicate originals) should be sent to the Archivist as soon as possible after the November 4 election results are finalized. At the very latest, they must be received by the electors on the statutory deadline of December 15, 2008 and submitted to the Archivist no later than December 16, 2008.
  • “On the first Monday after the second Wednesday in December (December 15, 2008), the electors meet in their respective States. Federal law does not permit the States to choose an alternate date for the meeting of electors – it must be held on December 15, 2008 At this meeting, the electors cast their votes for President and Vice President.”
  • Since states are not required to submit electors and their official unaudited vote totals to the Archivist until December 16th, the national popular vote number obviouisly could not be guaranteed to be available on December 15th.  And since the Certificate cannot be created until after the electors of a state have voted, the final official unaudited national popular number could not be official until all states electors have already voted. But wait…
  • Any controversy or contest concerning the appointment of electors must be decided under State law at least six days prior to the meeting of the electors.”
  • So, each state must actually appoint its electors six (6) days before they must meet and vote which is seven (7) days before each state is required to send the state’s official unaudited popular vote numbers to Washington. But wait…
  • “The statutory deadline for the designated Federal and State officials to receive the electoral votes is December 24, 2008. Because of the very short time between the meetings of the electors in the States on December 15 and the December 24 statutory deadline, followed closely by the counting of electoral votes in Congress on January 6, 2009, it is imperative that the Certificates be mailed as soon as possible.”
  • So, the real deadline for each state’s popular vote number arriving in Washington, would be nine (9) days after the vote for electors, and fifteen (15) days after electors have to be deterimed. Presumably some time is also needed to accurately post that information so that the official, unaudited numbers would be available for state officials to review.

Let me suggest reading the other myths and arguments in the 2013 testimony for more of what Every Vote Equal chose not to even attempt to discredit.

Common Sense: Why should audits be Independent?

Why do  we need independent audits for elections just as we have for other business and government functions?

Note: This is the seventh post in an occasional series on Common Sense Election Integrity, summarizing, updating, and expanding on many previous posts covering election integrity, focused on Connecticut. <previous> <next>

In the last few weeks, since the revelations of Edward Snowdon, we have seen the limits of Congressional “Oversight”, when a small number of legislators have access to the “facts” of the implementation of the Patriot Act, FISA, and NSA. But these facts seem to be “we assure you we are not doing anything wrong”, “our warrants are reviewed by a Court (with the facts of the warrants being secret, and the Court apparently rubber stamping every proposed warrant)” etc.

This situation is not much different from audits that lack independence. One of the requirements of the Principles and Best Practices for Post-Election Audits is Independent Audits.

The authority and regulation of post-election audits should be independent of officials who conduct the elections. The actual work of post-election audits may be best performed by the officials who conduct the elections and their designees.

a. The independence of authority and regulation may be satisfied from resources inside or outside state government.

b. The actual work of post-election audits—i.e. the handling and counting of ballots and reporting the results—may be best performed by the officials who conduct the elections.

We do not find that Connecticut’s Post-Election Audits meet that criteria, since the authority and regulation of our audits are under the control of the Secretary of the State who is also the Chief Elections Official and responsible for selection and approval of election equipment in the State. What we have seen from Official Post-Elecction Audit reports is the dismissal of all differences between audit counts and machine counts as “human error”, largely without investigation. An independent audit should be expected to provide a thorough investigation of questionable results, rather than providing excuses.

We do not audit our own taxes and send the results in to the IRS. They audit our taxes and expect us to be able to justify random items. The IRS does not attribute differences in their information or calculations to their own counting errors! Similarly businesses often have internal independent auditors and external independent auditors to protect the interests of the shareholders. It does not always work but it often does. Given human nature, we could hardly expect non-independent auditors to approach being equally effective.

Other areas of government conduct independent audits often uncovering serious problems, like recent internal audits in the City of Hartford: <read>

The audit, by Chief Auditor H. Patrick Campbell for the city’s Internal Audit Commission, focused on the revenue management unit of the city finance department, which is responsible for the oversight of general fund revenue due the city, about $550 million this year. The auditors found a number of problems, including:

Poor control of lease agreements, rental properties and other revenue-producing arrangements. For example, one city parking lease had not been renegotiated since 2000, for reasons that are unclear, the auditors report.

Lease issues are troubling because they were identified in an earlier audit, which supposedly spurred corrective action. The position of asset manager was created to oversee and manage leases, and a lease, licensing and contract database was to be created.

In this review, the auditors discovered that the asset manager position was eliminated and the database was never completed. Eliminating positions that bring in revenue is eating the seed corn.

151 bounced checks totaling more than $392,000. More than half of these checks had not been followed up and resolved. Nor was it clear whether late or insufficient-fund fees were being charged. Many fees and charges are handled by individual departments; the auditors recommend they be centralized. You can’t have people bouncing checks at city hall and getting away with it.

Missing documentation. The department is supposed to keep track of actual vs. budgeted revenues, to determine what might be causing any discrepancies. The finance department did reviews, apparently, but “documentation to support the reviews and follow-up performed is not maintained on file,” the auditors wrote.

Another example comes form the Connecticut Office of State Ethics audit of Statements of Financial Interests filed by state legislators and other officials.<read> It serves as an example of a positive report, yet finds exceptions, and areas for improvement.

Would we really expect a report as critical as the one in Hartford if it was done by the managers and staff of the department making these significant errors? Would we expect legislators and employees to correctly evaluate and report on the accuracy of their own disclosure statements? Would we trust the results of a positive report written by the individuals involved? Would we expect them to find the suggestions for improvement?

That is why we need independent audits for elections just as we have for other business and government functions.

But when it comes to elections, are independent audits sufficient? Not really. We need public transparency and verifiability as well. The subject of a future post.

4th of July Reading


“The right to vote… is the primary right by which other rights are protected” – Thomas Paine

This weekend is a great time to [re-]read the Declaration of Independence. We find it very inspiring to read it sometime around the 4th of July each year.  As we have discussed before, some believe that the right to vote is more fundamental than the Constitution. Here is a link to a copy for your reading <Declaration of Independence>

The Declaration of Independence asserts our rights to determine and change our form of government – without voting integrity we lose that most fundamental of rights.

“The right to vote… is the primary right by which other rights are protected” – Thomas Paine

Military Justice, the NSA, and Independent Election Audits

Recently there were highly publicized hearings in Washington, D.C. on the subject of rape of sexual harassment in the U.S. Military and the military’s failure to make progress in reducing incidents and induce individuals to actually report crimes. One aspect of that is the fact that commanding officers have the responsibility/authority to reduce charges or even pardon the alleged or convicted perpetrators.

Recently there were highly publicized hearings in Washington, D.C. on the subject of rape of sexual harassment in the U.S. Military and the military’s failure to make progress in reducing incidents and induce individuals to actually report crimes. One aspect of that is the fact that commanding officers have the responsibility/authority to reduce charges or even pardon the alleged or convicted perpetrators.

The senior officers were concerned for discipline if an independent authority were made responsible for cases involving rape or sexual harassment. They also said that if a soldier had a very good record of valor, that should be taken into account. Let me explain why an independent authority would be a good idea. The basic reason is that an authority that is not independent can often let self interest get in the way of justice.

I learned that lesson vividly when I was in the Army, serving in Korea during the Vietnam War. As Company Clerk I was seldom directly involved in military justice. A couple of times I helped draft some charges in minor instances and once helped transcribe interrogations as part of an investigation. But in many cases I was privy to the operation of the system on the surface and scuttlebutt behind the scenes. For the most part the system worked reasonably. Sometimes it resulted in trumped-up charges, while in other cases significant crimes or errors were completely overlooked. Why? One reason was that enlisted members often knew of errors and transgressions, including sexual exploits, of others including senior officers. Without any stated threats it seemed that nobody was interested in disciplining those that knew too much, only in helping them avoid problems. Perhaps some of those who avoid discipline today is less for valor than knowledge.

That is why we need independent post-election audits, not overseen by the registrars and Secretary of the State responsible for conducting elections. That is why we need transparency and public verification of elections. Everyone makes mistakes from time to time in executing their responsibilities. Most are innocuous, some result in vulnerabilities, and others are intentional transgressions or fraud – from stealing elections, impeding or assisting candidates in ballot access, to lucrative contracts, to cutting corners. In reality, most employees know of some of their bosses and colleagues skeletons and vice-verse, in the military, in business, and government. Whistle blowers can help but transparency and independence are much reliable.

Lets add the same applies for the NSA revelations of Edward Snowdon. We cannot be sure how extensive the problem of access to information actually is. But there are huge limits on the “trust me” model that says there are limits on how the information is used. Human nature tells that if someone can get at the data it will be used for whatever purpose the person desires, to whatever benefit that person desires, at least in some cases. Say what one will about the low level education or rank of Bradley Manning and Edward Snowdon, they had access to huge amounts of information – they and many others have that access. It does not take that much expertise if you are given the keys to the information vault – we and the Congress are in no position to know what the actual access is.

Sometimes what sounds convincing and workable, is not. We need independent military justice, independent transparent election verification, and independent transparent information security.

Gov Malloy signs bill similar to one he said was risky and unconstitutional last year

Last year in 2012, after several weeks of consideration, Governor Malloy vetoed H.B. 5556 writing in his veto message:

Upon close examination, however, I find that some portions of this bill likely violate the United States Constitution…I cannot support the bill before me given its many legal and practical problems…First, as a matter of policy, I do not support any mechanism of voting that would require an individual to waive his or her constitutional rights in order to cast a timely, secret ballot, even if such waiver is voluntary. Second, as the Secretary of the State has pointed out, allowing an individual to email or fax an absentee ballot has not been proven to be secure. In 2011, the United States Department of Commerce, National Institute of Standards and Technology, issued a report on remote electronic voting. The report concluded that remote electronic voting is fraught with problems associated with software bugs and potential attacks through malicious software, difficulties with voter authentication, and lack of protocol for ballot accountability. None of these issues are addressed in this bill.

Last year in 2012, after several weeks of consideration, Governor Malloy vetoed H.B. 5556 (see Pages 51-55) writing in his veto message:

Upon close examination, however, I find that some portions of this bill likely violate the United States Constitution…I cannot support the bill before me given its many legal and practical problems…
HB 5556 also contains a provision allowing deployed service members to return an absentee ballot by email or fax if the service member waives his or her constitutional right to a secret ballot. I agree with Secretary of the State Denise Merrill that this provision raises a number of serious concerns. First, as a matter of policy, I do not support any mechanism of voting that would require an individual to waive his or her constitutional rights in order to cast a timely, secret ballot, even if such waiver is voluntary. Second, as the Secretary of the State has pointed out, allowing an individual to email or fax an absentee ballot has not been proven to be secure. In 2011, the United States Department of Commerce, National Institute of Standards and Technology, issued a report on remote electronic voting. The report concluded that remote electronic voting is fraught with problems associated with software bugs and potential attacks through malicious software, difficulties with voter authentication, and lack of protocol for ballot accountability. None of these issues are addressed in this bill. To be clear, I am not opposed to the use of technology to make the voting process easier and more accessible to our citizens. However, I believe that these legitimate problems have to be carefully studied and considered before enacting such a provision.

Last year the fax and email voting provisions were a glaring ‘rat’ stuffed into an unrelated emergency bill. Some said the Governor was against the underlying bill, but wanted more cover for the veto. We hoped, that even if that were the case, the accurate analysis of that ‘rat’ would still prevail this year. Apparently not.

There is a distinction without a difference in this year’s bill, S.B. 647, with regard to the elements of the veto message. Last year’s bill specified email or fax return of ballots. This year’s bill requires the Secretary of the State and the CT Military Department to determine a safe method of Internet voting. But all known methods have the same security risks and they all violate the Connecticut and U.S. Constitutions.

We could argue that this year’s bill is worse in at least three regards, requiring two impossible feats by the Secretary of the State, although she will have the help of the CT Military Department the three feats. One which the U.S. Defense Department has found impossible:

  • Develop a secure electronic voting system which does not violate the Constitutions.
  • Have that system transmit results immediately to the appropriate town hall.
  • Develop , implement, and operate such a system at no cost to the state and towns.

Summary Of The Problems With The Bill

  • This bill is a threat to the security, accuracy, and secrecy of the votes of our military members and their dependents, and thus to the certified outcomes of our elections.
  • It is unconstitutional since it violates the Connecticut Constitution, which states: “The right of secret voting shall be preserved.”
  • It requires the Secretary of the State and the Connecticut Military Department to develop a system for secure and private online voting by October 1st. A task that security experts, computer scientists, and experts at Homeland Security, and NIST (The National Institutes of Standards and Technology) believe is technically impossible.
  • It is further complicated by provisions for voting by deployed military dependents. It also is not restricted to deployed military, not even restricted to military actually on duty.
  • It sets a requirement for guaranteed receipt immediately in each voter’s municipality. This cannot be accomplished by either fax or email return.
  • While online voting through a web page might be developed to meet the guaranteed return requirement, it is also insecure, risks the secret vote, and would be very expensive.
  • All known methods of Internet voting would likely violate Connecticut’s Voter Verified Paper Records law established in 2005.

The Requirements of the Bill*
[Our comments in brackets]

  • On or before October 1, 2013, the Secretary of the State, in consultation with the Military Department, shall select a method for use in any election or primary held after September 1, 2014 [After the August 2014 Primary]
  • may be used by any elector or applicant for admission as an elector who is a  member of the armed forces and expects to be living or traveling outside the several states of the United States and the District of Columbia before and on election day, [Any travel or living change would apply, duty related or not. A National Guard member not deployed but on vacation or a business trip could presumably vote under this act]
  • or such member’s spouse or dependent if living where such member is stationed, [It includes spouses and dependents but not those on vacation, at college, or on business trips]
  • gives due consideration to the interests of maintaining the security of such ballot and the privacy of information contained on such ballot, [due consideration’ should include assuring the Constitutional requirement of a secret vote be strictly maintained. It should include evaluation by computer security experts, and effective security testing]
  • and…ensures receipt, prior to the closing of the polls on the day of the election or primary, of such ballot by the municipality in which the member or member’s spouse or dependent is enrolled or has applied for admission as an elector, if such method is properly utilized by such  member or such member’s spouse or dependent prior to the closing of  the polls on the day of the election or primary. [Thus, it must be guaranteed to be received by some official, inbox, or machine in the appropriate municipality by 8:00pm EST, if voted by 8:00pm EST (i.e. this is immediately). And 8:00pm EST could be almost any hour of the 24 hours in a day, depending on the deployment, business, or vacation location(*)]
  • Not later than January 1, 2014, the Secretary of the State shall submit a report, in accordance  with section 11-4a of the general statutes, to the joint standing committees of the General Assembly having cognizance of matters relating to elections and veterans’ and military affairs describing such  method and any legislative changes necessary for its implementation. [But necessary legislation enacted or not, implementation is required by this bill]

* After the bill was passed by the CT House and Senate we sent a letter to Governor Malloy asking for a veto, reminding him of his veto last year.  We made one mistake in that letter – using an older version of the bill, we misinterpreted the time requirement, stating that the bill did not require ‘immediate’ transmittal, but transmittal in four hours, by the close of election day, not the close of the polls. The actual bill creates a tougher, much more difficult barrier to implementation. This post updates portions of the details in that letter to conform to our corrected interpretation.

Analysis of the three known options: Email, Fax, and Online Voting

  1. Email is (1) of course, not secure with the NSA listening in, interceptable by bad external actors, and directly accessible by insiders such as email vendors, insiders at data centers all along the way from personal computers or military computers, state computers, local town computers, and every stop along the way. (2) Email cannot meet the mandated fimmediate delivery requirement – often emails take much longer to traverse the Internet, presumably especially from remote locations the military must protect (3) Email frequently is not delivered at all. Several times a year we become aware of emails sent to us that never arrive. (4) Email schemes we are aware of, in other states, all require that an individual in an elections office or town hall receive and print the “ballot” for counting – a clear violation of the secret vote. (5) Email would have to cover personal computers for spouses and dependents, not military computers. And the military member might be on vacation or business in an area where no military computer access is available.
  2. Fax, (1) like email is subject to interception in transmission (2) and like mail is subject to individuals in town hall or state government viewing the fax as it is received. (3) Subject to viewing and potential viewing by multiple members of the military as it is passed up the chain-of-command and to the Voting Assistance Officer, as articulated by Representative Alexander. (4) We cannot expect the chain-of-command to pass votes and wake Voting Assistance Officers to pass votes along at all hours and within four hours, nor to provide services to dependents – Note the deployed military chain-of-command also has a war to fight and enemies that might not avoid attacking during that critical four-hour period.
  3. Online Voting – By online voting we mean some interactive means of voting on a web page or sending a .pdf ballot under the control of a webpage, not via email. (1) Online voting can be more secure that email or fax voting, yet is still not secure as confirmed by NIST and Homeland Security. And no online voting system has proven secure by sufficient evaluation and testing – in fact, the only system subject to some public testing quickly failed spectacularly and another was broken by an average citizen, while vendors refuse to open their systems to scrutiny.  (2) Online voting may be difficult to administer and use, when the system is too hard to use vendors often blame the voters. (3) Online voting is expensive! Will the state and local officials making home-grown solutions, do better than highly funded vendors or turn to the vendors expensive, ineffective solutions? Such a system would have cost just Edmonton, Alberta $400,000. (4) Online systems entail emailing or paper mailing IDs to the voters – email can be compromised, and avoiding especially slow and unreliable outgoing mail to deployed military is a major motivation for this bill. (5) Once again, online voting cannot be restricted to military computers and serve dependents or serve soldiers away from home, not on Military business.

Another Miracle for the Secretary, Military Department, and Local Officials

The Legislature requires that the report, voting implemented, and run at no cost! It was passed with a note from the Office of Fiscal Analysis stating: “NO FISCAL IMPACT”. Note: A similar, yet less challenging task for the Secretary of the State to evaluate in another proposed bill this year, was estimated at $150,000. (See the Fiscal Note for S.B. 777).

Additional Documentation

Bruce McConnell Expert from the Department of Homeland Security
NPR: Online Voting ‘Premature,’ Warns Government Cybersecurity Expert
http://tinyurl.com/BMDHSNPR

Warnings about the dangers of Internet voting have been growing as the 2012 election nears, and an especially noteworthy one came Thursday from a top cybersecurity official at the U.S. Department of Homeland Security.

Bruce McConnell told a group of election officials, academics and advocacy groups meeting in Santa Fe, N.M., that he believes “it’s premature to deploy Internet voting in real elections at this time.”

McConnell said voting systems are vulnerable and, “when you connect them to the Internet, that vulnerability increases.” He called security around Internet voting “immature and underresourced.”

McConnell’s comments echo those of a number of computer scientists who say there’s no way to protect votes cast over the Internet from outside manipulation.

NIST: Internet Voting Not Yet Feasible http://tinyurl.com/NISTeVote

Internet voting is not yet feasible, researchers from the National Institute of Standards and Technology have concluded. ”Malware on voters’ personal computers poses a serious threat that could compromise the secrecy or integrity of voters’ ballots,” said Belinda Collins, senior advisor for voting standards within NIST’s information technology laboratory, in an May 18 statement. ”And, the United States currently lacks an infrastructure for secure electronic voter authentication,” she added. Collins released the statement in response to an inquiry from Common Cause, a Washington, D.C. nonprofit active in campaign finance and election reform.

“This statement should serve as a blunt warning that we just aren’t ready yet and proves that we can’t trust the empty promises of ‘secure Internet voting’ from the for-profit vendors,” said Susannah Goodman, head of Common Cause’s Voting Integrity Project. ”We urge election officials and state and federal lawmakers to heed NIST’s warning and step back, support further research and STOP online voting programs until they can be made secure,” Goodman added…

Secretary of the State’s Symposium on Online Voting

An exceptional panel of experts on voting technology and the challenges of overseas voting. Credit is due to the panelists, the Secretary, and those who contributed behind the scenes in making this event possible. John Dankowski, of Connecticut Public Broadcasting did an exemplary job of moderating a very civil, thorough debate. Video: http://tinyurl.com/SOTSOVS

Secretary of the State Denise Merrill’s testimony on S.B. 283, 2/22/2013:

Now, Senate Bill 283 concerning — AN ACT CONCERNING ON-LINE VOTING FOR MILITARY PERSONNEL SERVING OUT OF STATE. Again, I think everyone in this room supports the ability of our brave men and women in uniform, especially those serving overseas in places like Afghanistan, to vote and have their ballot counted.

I still have two, major concerns with this bill that prevent me from supporting it at this time. I mean, first, it talks about on-line voting. There — you should be aware, there’s a lot of different versions of what that actually means. So I’m presuming here it would mean developing an on-line application where the Soldier, Sailor, Airman or Airwoman or Marine can, again, have a secure log-in and — and actually select their ballot choices on the computer through a web-based application, which is different than some other proposals that have been made with electronic transmission.

This system, again, would be very costly, very expensive; and I’m talking millions of dollars to develop. My main objection to this, besides the cost which is significant — and, again, I’d like to make sure we have a problem before we spend that kind of money — but my main objection is that we simply — I don’t think we have the technology to guarantee the security, integrity of that ballot and prevent tampering or hacking these votes that are submitted on-line. It’s the same objection we have to any ballot submitted on-line at this time.

We had a — we convened a public forum on this topic with foremost experts in this field, last year at CCSU. The forum was televised; we have it on our web site; you can see what was said by these people. We asked one of the top computer science experts in the country what it would take to make on-line voting secure, and he said, Let me put it this way, saying you can have secure on-line voting is like saying you can have safe smoking.

Many people say, well, we can do bank on — banking on-line; why can’t we vote on-line? Again, I posed that exact question to the experts at that forum, and the answer was that the banking industry builds into their revenue forecast a two-to-three percent loss of funds every year due to fraud and hacking through on-line banking. I don’t think we can afford to have that kind of leeway, shall we say, in our election system. I don’t think we can adopt that kind of a model. And I, certainly, would never be able to accept the loss of a number of votes due to fraudulent hacking, just in the name of convenience. So I just don’t think we’re ready to go there.

Who knows; in the future, this may change. But I would just need to be assured before we came up with any system like that for any voter, that no one could tamper with the ballots. And I think right now, as you all know, if you have an e-mail system, yourself, I’m sure every one of us have had our e-mails hacked in some way or another or gotten or not received mail because it went into the wrong folder or whatever. It would be very difficult to design that kind of a system, so I’d be able to — I’d be — want to be able to look every Connecticut military person and their family in the eye and tell them that the vote is secure. And I don’t feel I can do that at this time.

From Representative Alexander’s Statement in Veterans Affairs Committee Hearing 2/19/2013:

REP. ALEXANDER: Thank you, Mr. Chair. I’ll be real quick. I appreciate the Clerk’s position in trying to make it easier to have servicemen and women vote any where deployed or — or in a unit wherever, and have a Voting Assistance Officer. I really took that to heart myself. But did you ever think of possible fraud when it comes to allowing military men and women to fax in their ballot, where, you know, as someone who — who was an Adjutant and ran an S1 in a battalion, the — the way usually squadrons and battalions work, you know, you’d have a Lance Corporal, a 19 or 20-year-old, fine, outstanding young man or woman who wanted to vote fill out the ballot, and then bring that piece of paper to the S1 office to be faxed. He or she doesn’t fax it themselves. Another clerk does.

ANTOINETTE SPINELLI: Oh, is that right?

REP. ALEXANDER: That — that would probably be the very common way this is implemented in most units, at the unit level, where you have a 19-year-old individual, a 20-year-old person, a Lance Corporal wants to vote — good on him for wanting to do that — brings that to their Platoon Sergeant up the chain. That Platoon Sergeant maybe, or a Squad Leader, facilitates the Lance Corporal to go to the S1 office. He submits that, and that will get faxed with a whole stack of other faxes that are going to go out in the office. And as someone that was an Adjutant, I was running an office like this day in and day out. And as an Adjutant, I would worry, as being sort of the person who is managing this type of office, that I would have a fellow maybe Lance Corporal faxing this information, where you might have someone that, being 19 or 20 years old, didn’t realize that, oh, changing it from, you know, Senator McCain, to President Obama is not a serious felony offense, which it is, and because of that chain of custody in — in reality, and — and the way maybe the military works in — in professional office spaces, I would just worry that during this handover to the fax, that you’re opening the door for potential fraud.

But the individual’s not, themselves, faxing it. Most likely, and most of the times in squadrons, you’re going to have a third party doing it, usually a 20, 21, 22-year-old Corporal or Lance Corporal doing that. And as an Adjutant running an S1, I’d be very concerned about this, and — and monitoring this very carefully, but — but that is something that would really concern me, and — and trouble me. Have the clerks thought of it from — from that angle at all? Where you could have potential voter fraud coming out of this?

 

A Positive Note: There is much we can do to improve elections

Looking over our recent posts, they are focused on warnings about risky ideas proposed in the Connecticut Legislature and risks to our elections nationwide from cyber attack and actual absentee ballot fraud, often from insiders. We want to remind readers of the many positive improvements that can be made in elections in Connecticut and nationwide.

Looking over our recent posts, they are focused on warnings about risky ideas proposed in the Connecticut Legislature and risks to our elections nationwide from cyber attack and actual absentee ballot fraud, often from insiders. We want to remind readers of the many positive improvements that can be made in elections in Connecticut and nationwide.

As the General Assembly was heading for the season of considering bills by the Senate and House we made our recommendations on a raft of election bills, several of which we recommend be passed:

Committee Approves 39 Bills In Last Meeting

Bills Approved Earlier by the GAE Committe

Then responding to President Obama’s suggestion that “we can fix that” we suggested several suggestions for national voting integrity, Connecticut voting integrity, and for improving elections beyond integrity:

Basic and Bold Steps To Improve Connecticut Elections

Basic and Bold Steps To Improve U.S. Elections

Bold Steps Beyond Integrity To Improve U.S. Elections

With other advocates, we helped create and signed on to two letters to the President taking him up on his challenge.

Mr. President: Improve voting, shorten lines with optical scanning. Avoid the risks of Internet Voting

We recognize that things move slowly in Washington and in Connecticut. But they move, not always in the best direction. So we will be back encouraging the General Assembly in the direction of positive reform next year. And in the meantime watching and reporting on election integrity here in Connecticut.