Governor vetoes bill with email/fax voting “rat”

Such rats risk bills being occasionally vetoed, yet more often fuel criticism of the the Legislature and serve to make citizens disgusted with Government in general.

I do not support any mechanism of voting that would require an individual to waive his or her constitutional rights in order to cast a timely, secret ballot, even if such waiver is voluntary…allowing an individual to email or fax an absentee ballot has not been proven to be secure.
– Dannel P. Malloy, Governor

UPDATED

CTVotersCount readers know that we have a long history of opposing Internet voting of any type, and a recent history of opposing H.B. 5556 in Connecticut, because it contains a provision for email/fax voting, added in late to an “emergency certified bill”. In Connecticut such provisions are know as “rats”.

Today Governor Malloy vetoed that bill with an extensive message. One paragraph, echoing our recent letter published in the Hartford Courant, articulately summarized the good reasons to avoid such voting <read veto message>

Upon close examination, however, I find that some portions of this bill likely violate the United States Constitution…I cannot support the bill before me given its many legal and practical problems…

HB 5556 also contains a provision allowing deployed service members to return an absentee ballot by email or fax if the service member waives his or her constitutional right to a secret ballot. I agree with Secretary of the State Denise Merrill that this provision raises a number of serious concerns. First, as a matter of policy, I do not support any mechanism of voting that would require an individual to waive his or her constitutional rights in order to cast a timely, secret ballot, even if such waiver is voluntary. Second, as the Secretary of the State has pointed out, allowing an individual to email or fax an absentee ballot has not been proven to be secure. In 2011, the United States Department of Commerce, National Institute of Standards and Technology, issued a report on remote electronic voting. The report concluded that remote electronic voting is fraught with problems associated with software bugs and potential attacks through malicious software, difficulties with voter authentication, and lack of protocol for ballot accountability. None of these issues are addressed in this bill. To be clear, I am not opposed to the use of technology to make the voting process easier and more accessible to our citizens. However, I believe that these legitimate problems have to be carefully studied and considered before enacting such a provision.

Contrary to the Governor’s message, my reading of the bill indicates it would have provided for email/fax voting for the military AND overseas voters, including voters on vacation abroad. See sections 23, 24, and 25.
http://cga.ct.gov/2012/ACT/PA/2012PA-00117-R00HB-05556-PA.htm

Others have differing opinions on the rest of the bill, and claim that the Governer would not negotiate. However, we do know that the email voting provision likely was never offered for negotiation with the governor, never had a public hearing, and was opposed by the Secretary of the State prior to placement in the bill. Still it was put in the bill shortly before the final votes by the full House and Senate, deserving of the title of “rat”.
http://www.ctmirror.org/story/16655/malloy-vetoes-campaign-finance-bill

Such rats risk bills being vetoed on occasion, yet more often rats and emergency certifications fuel criticism of the the Legislature and serve to make citizens disgusted with the Legislature, legislators, and Government in general.

Secretary of the State Merrill issued the following statement:

HB 5556 was a good faith effort to respond strongly to court decisions like Citizens United that have allowed an avalanche of private special interest money into our election system. Connecticut is a national leader in enacting clean election laws, and there can be no turning back. This bill would have strengthened our existing law in a number of ways, and I strongly support the concept. However, it is unfortunate that such important legislation included a section enacting voting by fax or email. As election technology, email or fax voting is not secure and could expose the electronically submitted ballots to hacking or other interference, calling into question the integrity of votes from our brave military serving overseas. These are citizens who put their lives on the line every day to protect our right to vote, and we should do everything we can to make sure their votes are actually counted with some assurance of accuracy and integrity. The technology that would make electronically submitted ballots secure has not yet been developed, and I am grateful that Governor Malloy concurs with this view. Therefore, I urge our Governor and General Assembly to work out a compromise on improvements to our Citizens Election Program and our response to Citizens United, and to do it soon. Our voters need to know if money or the public good drives our political system.

************** Update 06/23/2012

We have not taken a position on the campaign finance provisions of H.B.  5556. We are in favor of public funding of elections and the limitation of corporate money in elections. Today the Courant published an op-ed by the Executive Director of the CT ACLU articulating their position against the details within the bill: Veto Thwarts Bad Campaign Finance Bill <read>. We have referenced the arguments of those in favor of the bill in several of our posts.  To the ACLU we would add that the threat is real in Connecticut: Two years ago protests by the Catholic Church against a bill before the Legislature resulted in threats to the lives of two legislators – we can easily see threats and intimidation directed at funders of the groups listed in the op-ed.

************** Update 06/25/2012

Governor and Legislature would have different goals in crafting a compromise bill: Malloy, legislature make last stab at campaign reform <read>

Official Audit Report – provides no confidence in officials and machines

Once again, the report is “Flawed by a lack of transparency, incomplete data, and assumed accuracy”

Last week the University of Connecticut (UConn) released its official post-election audit report on the November 2011 election, seven months after the election and one month after the shredding of all ballots. Once again, as we said last time, the report is “Flawed by a lack of transparency, incomplete data, and assumed accuracy”. In our opinion, the report falls short of the rigor of the fine peer reviewed papers  <e.g.> and valuable memory card reports: <e.g.> that UConn  provides.

The report is available at the UConn site: Statistical Analysis of the Post-Election Audit Data 2011 November Election <read>

Our strongest concern with report is the two underlying assumptions which defy common sense and logic:

  • That officials are always correct when they claim or agree that they counted inaccurately, when hand counts and optical scanner tapes do no match.
  • That when officials count inaccurately, it implies that the optical scanners did in fact count accurately.

These assumptions leave us wondering:

  • How do officials know that they counted inaccurately?
  • Should we put blind trust in the judgment of officials that claim they cannot count accurately?
  • How accurate are the unaudited official hand counts used to provide a portion of the totals in each election which are compiled late on election night? We have only one, perhaps extreme, example to go on, coupled with some significant errors in the comparatively ideal counting conditions of the audits.
  • If every difference between scanners and officials is attributed to human error, then in what circumstances would we actually recognize an actual error or fraud should it ever have occurred?

According to the report:

Audit returns included 45 records with discrepancies higher than 5, with the highest reported discrepancy of 40. It is worth noting that 75% (30 out of 45) of the records that were subject to the follow up investigation already contained information indicating that the discrepancies were due to the human error. Following this initial review the SOTS Office [Secretary of the States Office] performed additional information gathering and investigation of those 45 records. The final information was conveyed to the Center on May 18th of 2012[after expiration of the six month ballot retention period]…

For the revised records SOTS Office confirmed with the districts that the discrepancies were due to human counting errors.

So, apparently if any official included text in the local audit report indicating human error, the report was accepted as indicating inaccurate hand counting and implying accurate scanner counting. For example <a 26% difference in counting 50 votes. Or was it actually 64 votes?>

Last time, for the Nov 2010 audit report, we misunderstood and assumed incorrectly that the Secretary of the State’s Office conducted non-public ballot counting to investigate some of the differences. To avoid making that mistake again we asked for a description of the investigations. Peggy Reeves, Assistant to the Secretary of the State for Election, Legislative and Intergovernmental Affairs, provided a prompt description to us:

In response to your inquiry, our office performed the additional investigations referenced in the UCONN report by phone call only and we did not visit any municipalities and did not count any additional ballots. Our office did not create a list of subject towns and as such, have no such list to provide you pursuant to your request. Our office identified subject municipalities by simply reviewing the audit returns submitted to our office and calling the municipalities in question to inquire as to the reason for the discrepancy. In our experience, we do concur with the statement that hand counting errors do create the reported discrepancies.

So, the investigations apparently consisted of calling some or perhaps all local officials and having them agree that they did not count accurately. No list of such towns was created, thus we are left to speculate, if some or all of the towns identified by UConn were contacted.

Unlike the official report, the Coalition actually observes the conduct of the majority of counting sessions of post-election audits and provides comprehensive observation reports on how the local audits are conducted. Also providing ever more extensive detailed data, copies of official local reports, and statistics derived from those local reports, providing the public and officials the opportunity to verify the details in our analysis of discrepancies.

We do agree with the UConn report and the SOTS Office that most differences can be attributed to human counting errors. Coalition reports show that the counting sessions are frequently not well organized, that proven counting methods are frequently not used, the official procedures are frequently not followed, in many cases, officials do not double check ballots and counts, and often that recounting is not performed when differences are found. Yet as we have said over and over:

We have no reason to question the integrity of any official. We have no evidence that our optical scanners have failed to count accurately. However, if every difference between a hand count and a scanner count is dismissed as a human counting error then if a machine has or were ever, by error or fraud, to count inaccurately, it would be unlikely to be recognized by the current system.

Given the above we see no reason to comment on the official statistical analysis of inaccurate data, adjusted without counting or credible investigation.

We will comment that Coalition observations indicate that officials do not understand the intended meaning of “questionable votes” and frequently tend to classify far too many votes as questionable. Votes, which should be expected to be, and normally are, read correctly by the optical scanners.

We do disagree with the Secretary of the State when she and her press release state:

“Connecticut has the toughest elections audit law in the country and I
am confident at the end of this year’s audit the numbers will once again match”…

The provisions in the law, developed in close cooperation with the computer science department at the University of Connecticut, give Connecticut one of the strictest audit statutes in the country…

The 10% audit does entail counting a relatively large percentage of ballots as, is necessary, in a fixed percentage audit in a relatively small state, yet the law is full of loopholes, and we would not characterize the statute nor its operation in practice as “strict”.

***************
Update 07/07/2012: Audit not Independent

We are reminded by a Courant correction today that this audit does not meet any reasonable definition of independent because:

  1. The local counting is supervised by the individuals responsible for the local conduct of the election.
  2. The University of Connecticut is contracted and dependent financially on the Secretary of the State, the Chief Elections Official.
  3. The Secretary of the State also revises and dictates the date used in the report.

UConn paper warns of limitations of cryptography

Use of good tools must go hand-in-hand with good use of tools

We have just become aware of an excellent paper from the University of Connecticut (UConn):  Integrity of Electronic Voting Systems: Fallacious Use of Cryptogrphy <read>

The report describes the limits of cryptography to protect the integrity of election equipment, our votes, and ultimately our democracy. They also provide a memorable phrase widely applicable beyond cryptography and elections:

Use of good tools must go hand-in-hand with good use of tools. In particular, severe security deficiencies have been reported in electronic voting terminals despite the use of cryptography. In this way, superficial uses of cryptography can lead to a false sense of security. Worse, cryptography can prevent meaningful independent technological audits of voting equipment when encryption obfuscates the auditable data. A vendor may provide its own test and audit tools, but relying on the self-test and self-audit features is problematic as one should never trust self-auditing software (cf. relying on a corporate entity to perform self-audit).

They the describe the challenges and limitations of using cryptography in general, the general vulnerabilities in the Diebold-Premier-Dominion AccuVote-TSx, and demonstrating two specific attacks:

we designed and tested two attacks against the AV-TSx terminal. In the first, the attacker wishes to swap votes received by two candidates. The attacker can be successful provided that the sizes of the two files that define the candidate representation in the digital slate are identical. We found that is not a rare occurrence and in fact our test election contained such pairs of candidates. The swapping was applied to the name definitions of the two candidates and included the integrity check. In the second attack, the attacker simply wishes to make one of the candidates disappear from the slate. This can be achieved though a modification of the file that defines the layout of the candidate’s name.

All our findings are based on straightforward experimentation with the voting terminal; we had no access to internal or proprietary information about the terminal or access to source code.

They point that systems are vulnerable because of their complexity:

Two observations are critical in this respect: (i) The safety and correctness of a large system is only as good as its weakest link. Additionally, a single failure — whether benign or malicious — can ripple through and affect the entire system. (ii) Procedural counter-measures can be used to mitigate the weaknesses of the system, however, in a large system relying on many distributed procedural elements, the probability of a procedure failure can be extremely high, even if each individual procedure fails with small probability.

They also provide examples of other measures which provide vulnerability

Cryptographic techniques can mitigate the risks of attacks against removable media cards. The level of protection depends upon the strength of the cryptographic techniques, upon the safekeeping of the digital keys used to protect the cards, but also upon the safe-keeping of the voting terminal themselves. Indeed, the firmware of the voting terminal necessarily holds a copy of the digital keys used to protect the removable media. A successful attack against the terminal compromises those keys that an attacker can use to produce forged, compromised removable media cards. This situation is analogous to one where a person always hides a physical key under the doormat – knowing where the key is hidden defeats the purpose of having a lock. The trust in the whole system depends on the vendor diligence in…

Once a card is programmed on EMS, it is shipped to the election officials to be inserted into the voting terminal where it stays for the duration of the election before being shipped back for aggregating the results (where central tabulation is used). The integrity of the card during the entire process is critical to the integrity of the election.

If the card can be tampered with while in transit to the precinct election officials, the entire system can be compromised. The election description can be made inconsistent with the paper ballot leading to an incorrect interpretation of the votes and therefore incorrect tallying.

Implications for Connecticut

Although we use the AccuVote-OS and this report is on the AccuVote-TSx many similar risks apply, even if the AccuVote-OS makes less use of cryptography. As the UConn report points out:

in 2005 H. Hursti released his findings on the Diebold OpticalScan system (the so-called “Hursti Hack”). This was an early design that used only a superficial password protection to secure the system. Newer designs normally incorporate some cryptographic tools; however, the application of the tools remains haphazard.

That is the same system in use today, everywhere in Connecticut.

 

“Chicken Littles” win in Colorado: Ironically, a new official Privileged Class

Those of us in the non-privileged majority will not have access to voted ballots until after elections are certified — too late, citizen activists persuasively argue, for effective public oversight. Many of those activists, it should be noted, have followed election issues closely for years and know a thing or two about them, too.

A new official eyes-only ballot secrecy law just passed and was signed by the Governor of Colorado. Denver Post Editorial <read>

Too bad. Colorado now has an election system with a privileged class of people — not only candidates but also political parties and representatives of issue committees that gave money to ballot measures — who may inspect voted ballots when everyone else, including the media, is excluded.

Those of us in the non-privileged majority will not have access to voted ballots until after elections are certified — too late, citizen activists persuasively argue, for effective public oversight. Many of those activists, it should be noted, have followed election issues closely for years and know a thing or two about them, too.

Ironically, the legislation was supposedly about protecting citizen access to election records, even though the courts had done a pretty good job in that regard during the run-up to the legislative session. It seems clear in retrospect that the bill was designed in part to help clerks keep the pesky public at bay and to insulate current procedures that the clerks themselves admit leave some ballots traceable…

Rather than try to resolve underlying problems that lead to potentially traceable ballots, the new law simply grants clerks broad discretion to hold back problematic ballots from open-records requests.

What We Worry Wisconsin! – Look ma no audits!

Wisconsin reminds us of the highest purpose of post-election audits. And that having paper ballots alone is insufficient.

Wisconsin reminds us of the highest purpose of post-election audits: Convince the losers and their supporters that they lost fairly.

And that having paper ballots alone is insufficient. See Myth #9 – If there is ever a concern we can always count the paper.

Video: Brad Freidman discusses the lack of checking and the questions that remain in Wisconsin, along with the real risks, even with scanners like ours! <post with video>

Letter: Email, Fax Voting Provisions Mar Campaign Bill

Many citizens and legislators do not understand that email voting is a risky form of Internet voting and that fax voting presents equivalent risks. If the system worked as it should, there would have been public hearings and a chance to educate our senators and representatives.

Our letter opposing H.B. 5556 was published in the print edition of the Hartford Courant today, available online by searching letters <read>

Email, Fax Voting Provisions Mar Campaign Bill

Luther Weeks, Glastonbury
The writer is executive director of CTVotersCount.
on 2012-06-03

There are additional reasons Gov. Dannel P. Malloy should veto the campaign finance bill [June 3, editorial, “Veto This Bill”].

Without public hearings, provisions were added mandating email and fax voting for military and overseas voters. Each of our 169 town clerks must implement email voting in time for the August primary, with no standards for security, no provisions for informing intended voters, and no funding.

There have never been public hearings on email or fax voting in Connecticut. Last year, the legislature held hearings on online voting resulting in a symposium at CCSU broadcast by CT-N. Three leading computer scientists confirmed for legislators that Internet voting is unsafe. Email and fax voting are less secure than online voting. We all have the experience of lost emails and fake emails from our bank. Large corporations and the U.S. military have been unable to protect networks from outsider and insider attacks.

The bill asks military and overseas voters to sign away their right to a secret vote, recognizing that the system will at minimum expose their votes to officials in town hall. Yet, the purpose of a secret vote, guaranteed by the Connecticut Constitution, is each voter’s right that no other voter’s vote can be bought or coerced. One voter cannot sign away the rights of every other voter.

That is about all that could be fit into the 200 word limit. Many citizens and legislators do not understand that email voting is a risky form of Internet voting and that fax voting presents equivalent risks. They do not understand the technical and administrative challenges of implementing the law in 169 small, medium, and large towns, some of which have asked for exemptions from maintaining web sites.

If the system worked as it should, there would have been public hearings and a chance to educate our senators and representatives.

Newspapers join CTVotersCount, ACLU, and CBIA in objections to H.B. 5556

CTVotersCount opposes H.B. 5556 and has urged Governor Malloy to veto the bill because it contains a provision for risky, unconstitutional email and fax voting.

CTVotersCount also opposes H.B. 5556 and has urged Governor Malloy to veto the bill because it contains a provision for risky, unconstitutional email and fax voting.

The underdefined provisions for military and overseas voters were added to an otherwise unrelated bill at the last minute by Senator Gayle Slossberg. Email and fax voting were never the subject of public hearings this year or ever by the General Assembly.

Not only are those voting mechanisms risky, we believe they are unconstitutional. They require individual voters to sign away their right to a secret vote, since email and fax votes cannot be made secret. However, we believe the secret vote guaranteed by the Connecticut Constitution is every voter’s right that no individual voter’s vote can be associated with the individual, such that their vote could be coerced or intimidated. So an individual voter cannot sign away that right for all other voters.

The newspaper, ACLU, and CBIA have other concerns and constitutional objections. Here is an article from the Hartford Courant discussing those concerns: Newspapers Ask Malloy To Veto Bill <read>

Under the interpretation of the bill by the Connecticut Daily Newspapers Association, newspapers that sponsor a political debate would be required to calculate “the value of the debate — i.e., set-up, airtime, advertising, etc. — coupled with the broadcasting of such debate” as an “independent expenditure” that would need to be reported publicly under the recently approved campaign finance bill.

In addition, the newspaper association board would need to approve those expenses, and the board “would then be required to disclose the votes of individual board members and ‘pertinent information’ that took place during the discussion of the expenditure,” according to a letter to Malloy by Chris Van DeHoef, the association’s executive director.

“If CDNA should partner with a local television station to host and televise a debate and CDNA placed ads in its members’ papers, would those ads constitute an independent expenditure?” Van DeHoef asked in his letter. “Would the airtime be an independent expenditure?”

Ron Rivest explains why elections should be audited, especially in MA.

Prof Ron Rivest recently summarized in the Boston Globe why elections should be audited. While MIT is a leading source of election integrity research, ironically, it sits in a state with voter verified paper ballots, yet does not use them to verify election results.

Prof Ron Rivest recently summarized in the Boston Globe why elections should be audited. While MIT is a leading source of election integrity research, ironically, it sits in a state with voter verified paper ballots, yet does not use them to verify election results.

The Podium

Protecting Your Vote

THIS STORY APPEARED IN The Boston Globe
April 03, 2012|By Ronald L. Rivest

Sometimes, a few votes make a huge difference.

Just ask Rick Santorum. In January, Rick Santorum won the Iowa caucuses, but, because of vote counting and tabulation errors, Mitt Romney was declared the winner. In the two weeks before the error became clear, Romney’s campaign gained momentum, while Santorum’s withered.

Unfortunately, the same problem – or worse – could easily occur in Massachusetts. This year, voters will choose the president, and control of the US Senate may come down to the race shaping up between Scott Brown and Elizabeth Warren.

How will voters know their votes will be counted accurately? Massachusetts voters cast paper ballots. This is a good foundation for an election system, since the paper ballots form an “audit trail” that can be examined (and if necessary, recounted). In almost all cities and towns in the state, those ballots are slid into machines that read the ballots and total up all the votes at each polling place. The machines are reprogrammed for every election, but only 50 to 75 ballots are used to check the new programming, even though 1,000 ballots or more are likely to be put into each voting machine on Election Day. Votes from each location are then brought together and tabulated. In both steps of the process, there is the possibility of significant error.

As a technologist, I have spent decades working with information systems and computer programs, and can say one thing with certainty: mistakes can happen. In banking, business, and engineering, similar problems often arise, and they are solved elegantly: with random testing. The IRS does not take every tax return on faith – it audits a small number of them. These audits uncover errors and fraud, and serve as deterrent. Athletes are randomly tested for performance-enhancing drugs. Factories pull random samples of their products off the production line and conduct quality control checks. Municipalities send inspectors to gas stations to make sure that when the meter says you have pumped a gallon, there actually is a gallon of gas in your tank.

Audits and random tests are used anytime there are numbers involved and a lot at stake. And what could be more important than the elections we use to choose our government’s leaders?

Twenty-six states have election audits and that number is growing. After an election, the state selects a few random polling places to count the ballots by hand. The hand-counted totals are compared to machine results. If the numbers are close enough, there is confidence that any errors or mis-programming sufficient to have affected the election outcome will be discovered. Because only a few random polling locations are audited, costs are kept low. Many people are surprised to learn that we don’t audit election results here in Massachusetts.

There need not be any big conspiracies or widespread failures to make audits worthwhile. Voting machines are just like any other machine. Sometimes they break. In Waterville, Maine, voting machine malfunctions caused a Senate candidate to receive 27,000 votes – about 16,000 more than the number of registered voters in the entire district. In Barry County, Michigan, flawed programming caused incorrect results. The problem was discovered only when a county clerk received the results from the precinct where he voted and noticed that the candidate for whom he voted for had received no votes.

In addition to providing security and confidence, audits provide information. Information that election officials can use to make sure every person’s vote is counted. Audits can uncover common voter mistakes that could be fixed with, for example, better instructions. Audits can tell election officials if a ballot has been poorly designed in a way many voters cannot understand, so that future ballots can be designed better.

Let’s make 2012 the year where all Massachusetts voters have confidence that their vote will be counted. There is audit legislation pending in the Legislature. Lawmakers should pass it in time for the November election. Elections matter. And every vote counts.

Ronald L. Rivest is a professor of computer science at MIT. He is a founder of RSA Data Security.

CA, we told you so… predictable, unintended consequences of open primaries

We wish in cases like this that we were more frequently wrong in our predictions.

Update: 12/12/2012 California | All Bark, No Bite: How California’s Top-Two Primary System Reinforces the Status Quo | State of Elections or as we might say “Barking up the wrong tree”.

*********

Update: Brad points out that it also applies both ways e.g. the Senate race <read>
*********
It seems like a couple of years ago that Ralph Nader and CTVotersCount warned California against open primaries: CA Prop 14: Unsafe at any but greed? <read> You can read Nader’s comments there, here is what we added back in July 2010:

However, we can add to his arguments our vision of the dilemma facing the intelligent voter on primary day: Faced with five, ten, or thirty candidates for an office: Who do you vote for, your favorite, or one you think might have a chance at being in the top two; one that might be more acceptable than others the poll say have a chance? It is just another, perhaps more complex crap shoot.

Now Brad Friedman points to the dilemma facing Democrats in some California counties in Congressional primaries: Will CA’s New ‘Cajun Primary’ System Allow Minority GOP To Capture Congressional Seats? CA-26 House race exemplifies anti-democratic potential of 2010’s voter-approved ‘Top Two’ open primary system… <read>

One example is in the newly created CA-26 Congressional District, which reveals a potential formula by which the GOP can overcome adverse party registration numbers — in that case, 40% (D), 36% (R), 19% (I) — in order to seize a Congressional seat.

Because four Democrats are competing in the CA-26 primary, long suffering progressives, including this writer, who had previously been forced to cast a protest vote in the now defunct, heavily gerrymandered CA-24 District of the outgoing, extreme right-wing Republican Elton Gallegly, may awake on June 6 to the reality that, come next November, they will be forced to choose between a ‘Tea Party’ Republican and a County Supervisor who “changed her voter registration…from Republican to ‘no party preference’ in preparation for her bid for Congress”…

The upcoming CA-26 primary underscores the undemocratic potential of such a primary system. In a three-way race, all other things being equal, one would anticipate 40% to a Democrat, 36% to the Republican and the balance perhaps going to a genuine independent candidate. But here, the 40% for Democrats will be carved up amongst four Democratic candidates running in the same race with one GOP candidate openly running as a Republican and another who had been a Republican until she decided to shed the party label for the upcoming primary to run as an ostensible “Independent.”

Stealth Republican?

The CA-26 race provides a paradigm example of how a “Cajun Primary” can facilitate a seizure of power by a minority party through the use of a stealth Republican, who deceptively dons an “Independent” label.

We wish in cases like this that we were more frequently wrong in our predictions.

NIST: Internet voting not yet feasible. (And neither are email and fax voting)

Use of fax poses the fewest challenges, however fax offers limited protection for voter privacy. While the threats to telephone, e-mail, and web can be mitigated through the use of procedural and technical security controls, they are still more serious and challenging to overcome.

The National Institute of Standards and Technology (NIST) in response to an inquiry, summarized the risks of Internet voting <read>

Internet voting is not yet feasible, researchers from the National Institute of Standards and Technology have concluded. ”Malware on voters’ personal computers poses a serious threat that could compromise the secrecy or integrity of voters’ ballots,” said Belinda Collins, senior advisor for voting standards within NIST’s information technology laboratory, in an May 18 statement. ”And, the United States currently lacks an infrastructure for secure electronic voter authentication,” she added. Collins released the statement in response to an inquiry from Common Cause, a Washington, D.C. nonprofit active in campaign finance and election reform.

“This statement should serve as a blunt warning that we just aren’t ready yet and proves that we can’t trust the empty promises of ‘secure Internet voting’ from the for-profit vendors,” said Susannah Goodman, head of Common Cause’s Voting Integrity Project. ”We urge election officials and state and federal lawmakers to heed NIST’s warning and step back, support further research and STOP online voting programs until they can be made secure,” Goodman added…

The statement is based on two NIST reports:

This 2011 report http://www.nist.gov/itl/vote/upload/NISTIR-7770-feb2011-2.pdf  Strongly articulates the many risks of Internet voting and the slight mitigations available. It references an earlier report that explains the risks of all types of electronic transmission of voted ballots. Perhaps email voting and fax voting were sufficiently covered in the early report that it was not necessary to spell that out in more detail than the earlier report:

In December 2008, NIST released NISTIR 7551, A Threat Analysis on UOCAVA Voting Systems [3], which documents the threats to UOCAVA voting systems using electronic technologies for all aspects of overseas and military voting. NISTIR 7551 considered the use of postal mail, telephone, fax, electronic mail, and web servers to facilitate transmission of voter registration materials, blank ballots, and cast ballots. It documented threats and potential high-level mitigating security controls associated with each of these methods. The report concluded that threats to the electronic transmission of voter registration materials and blank ballots can be mitigated with the use of procedures and widely deployed security technologies. However, the threats associated with electronic transmission, notably Internet-based transmission, of cast ballots are more serious and challenging to overcome and the report suggested that emerging trends and developments in that area should continue to be studied and monitored.

Here is that earlier report: http://www.nist.gov/itl/vote/upload/uocava-threatanalysis-final.pdf

Voted ballot return: Sending completed ballots from UOCAVA voters to local election officials can be expedited through the use of the electronic transmission options. However, their use can present significant challenges to the integrity of the election. Use of fax poses the fewest challenges, however fax offers limited protection for voter privacy. While the threats to telephone, e-mail, and web can be mitigated through the use of procedural and technical security controls, they are still more serious and challenging to overcome.

Sadly the CT Legislature passed a bill this year the included email and fax voting, without hearings. The Governor is considering vetoing that bill which may be unconstitutional and risks democracy in the name of soldiers who are dedicated to preserving that democracy.