Enthusiastic support for the Secretary’s Performance Task Force Recommendations

Given the many members, the brief meetings, and the lack of representation of all interests, we were skeptical when the Task Force was convened. To our delight, we find that we can offer endorsement of each of the twenty-one recommendations in the report.

There is a lot to do in all the recommendations. It will take time, money, and deliberate work with everyone at the table. Our hope is that each of the recommendations will be thoroughly explored, evaluated, and acted upon, that none get overlooked.

Last summer and fall, the Secretary of the State convened an Elections Performance Task Force to look at elections and what might be done to improve them in the State of Connecticut. Details, presentations, and videos of the Task Force meetings are available at the Secretary’s web site <here> The Secretary issued a final report and recommendations <here>

Given the many members, the brief meetings, and the lack of representation of all interests, we were skeptical when the Task Force was convened. To our delight, we find that we can  offer endorsement of each of the twenty-one recommendations in the report, starting on page 34.

We strongly endorse those recommendations in bold below [our comments in brackets]

Identify measures that will increase the efficiency and effectiveness of the voting process.

1. The Secretary recommends an amendment to Article 6, Section 7 of the Connecticut State Constitution similar to House Joint Resolution Number 88 of the 2011 legislative session. The amendment would allow the General Assembly to adopt more flexible laws for voting.

2. The Secretary recommends partnering with Professor Heather Gerken to develop a Connecticut Democracy Index. This would allow for benchmarking across municipalities and with other states to track trends in the election process, to measure performance and to gain valuable data that can inform decisions going forward.

3. The Secretary recommends streamlining the absentee ballot process. A working group should be formed to examine and make recommendations around ideas like creating a single absentee ballot application and linking the absentee ballot tracking system with the Centralized Voter Registration System. [Assuming such streamlining does not increase integrity risks or confidence in the process]

4. The Secretary recommends further study of how regionalism could make Connecticut’s electoral  system more cost-effective and consistent. For instance, the use of a statewide online voter registration system, regional on-demand ballot printing, and regional voting centers should all be further explored. [Here we would go further to explore complete regionalizaton, “doing for elections what we have done for probate in Connecticut]

5. The Secretary recommends that the polling place for district elections be the same as for state elections. This will help eliminate voter confusion caused by having to go to different polling locations for different elections. [This would be convenient, yet if mandated, would be challenging for many towns due to different boundaries and contests]

6. The Secretary recommends exploring better ways of coordinating the printing of ballots with programming of memory cards in order to create a more efficient, reliable and cost-effective process.

7. The Secretary recommends the development of a certification process for Registrars of Voters. Additionally, standards and best practices should be developed for that office around issues such as election administration, voter registration and voter outreach. These standards and best practices may need to account for differences in small, medium and large municipalities. Finally, a mechanism for enforcement and, if necessary, the removal of a Registrar of Voters should be created. [We would especially recommend standardization and better practices for post-election audits and recanvasses, along with better manuals, including creating manuals for each pollworker position]

8. The Secretary recommends that a formal study of the cost of elections be undertaken, and that a standardized set of measures for such costs be established.[We would combine this into the Democracy Index, providing ongoing measures and comparison over time]

Maintain the security and integrity of the voting process.

9. The Secretary recommends the development of a secure online voter registration system in Connecticut. The system should be tied to other statewide databases, such as the Department of Social Services, the Department of Developmental Services, and the Department of Motor Vehicles, to allow for verification of data.

10. The Secretary recommends that the state acquire at least one high speed, high volume scanner to be utilized in the post-election auditing process. This centralization of the process will reduce the fiscal and logistical burdens on towns, as well as provide for a more accurate and secure auditing process.[We are a strong supporter of electronic auditing, done effectively and transparently. The number of scanners and their capacities should be a byproduct of an effective electronic auditing pilot, plan, cost benefit analysis, and appropriate law establishing and governing electronic audits]

11. The Secretary recommends that the post-election auditing process be amended to include all ballots that are machine-counted, including those counted centrally.[We would go farther and subject all ballots cast to selection for audit.]

12. The Secretary recommends that a greater emphasis be placed on ballot security. Ballots should be stored in a secure, locked facility. Additionally, two individuals should always be present whenever these facilities are accessed. This policy should be uniformly followed and enforced.

13. The Secretary recommends that the state join the Electronic Registration Information Center (ERIC), an interstate data consortium that the Pew Center on the States is currently building. This data center would allow participating states to streamline the processes for registering eligible voters; update records of existing voters; and remove duplicate and invalid records from state voter files. The Secretary stresses the need to include multiple agencies in the database, including those that offer public assistance, interact with people with disabilities, and otherwise come into contact with eligible voters who may not normally visit the Department of Motor Vehicles. Evaluate ways to integrate technology into our election system.

14. The Secretary recommends further exploring the use of new technologies in the election process through pilot programs and examination of other states’ usage. However, the cost and security of any new technologies should be carefully examined. Examples of new technologies for consideration include:

a. Electronic poll books

   b. More advanced voting systems for the voters with disabilities

    c. Online voter registration

15. The Secretary recommends immediate implementation of a statewide web-based electronic reporting system for election results.

16. The Secretary recommends the use of web-based training to standardize election staff training across the state.[We would like to see video training and manuals having a pollworker focus, designed by professional technical writers]

Find ways to increase voter participation, particularly among minorities, young people, people with disabilities, and military and overseas voters.

17. The Secretary recommends Election Day registration in Connecticut and any necessary adjustments to the voter file system to ensure accuracy. Election Day registration has increased voter participation in states where it has been enacted.

18. The Secretary recommends an effort to increase voter participation in Connecticut, with a particular focus on youth, minorities, people with disabilities, and military and overseas voters.

a. Early voting bears further study as a possible mechanism for reaching minority voters. [We are skeptical that early voting has a particular focus on any group of voters]

   b. Since the electorate is becoming more mobile, voter registrations should be mobile as well.
   c. Connecticut’s curbside voting program should be better advertised to voters with disabilities, all polling  places should be easily handicapped accessible, and poll workers at all locations should be properly trained on utilizing the IVS vote by phone system. A viable, better alternative to the IVS system should also be sought.

   d. The military and overseas voting process should be amended to allow for the facsimile transmittal of completed absentee ballot applications. The original application would then be returned in the envelope along with the completed absentee ballot via mail, in order for the ballot to be counted.[Fax transmission should only be required to obtain a blank ballot in situations where the voter cannot print a blank ballot]

e. The military and overseas voting process should be streamlined by the electronic transmission of printable, mailable ballots. This, along with the above recommendation, would eliminate the mailing time of transmitting completed applications and blank ballots through manual post, and would allow for more time for participation by military and overseas voters.

f. The electronic transmission of ballots to military and overseas voters should be further streamlined through the use of the Centralized Voter Registration System.[Having the system aid the overseas voter in downloading their correct blank ballot]

19. The Secretary recommends that existing voter registration provisions included in legislation such as the National Voter Registration Act be fully enforced. The Secretary further recommends that Connecticut’s Department of Corrections be designated as an official voter registration agency.

20. The Secretary recommends a concerted effort to educate the public and the incarcerated population about the voting rights of those detained pre-sentencing and the restoration of voting rights to felons. The Secretary further recommends that the restoration of voting rights be extended to include parolees, as is the case in over a dozen states.

21. The Secretary recommends that Election Day be declared a holiday, as it is in many countries, and/or that elections include in-person voting on a weekend day. This would grant citizens more time to vote and would allow for the use of students and persons with the day off as poll workers.

We note several caveats:

Our endorsement of proposals is conditional. Conditional on the details of any proposed implementation or law. For instance, although we support Election Day Registration, we do not support the current bill before the Legislature which would call for Election Day Registration, because the bill is inadequate to protect the rights of EDR voters, other voters, and could result in chaos and uncertainty.

The report is the Secretary of the State’s, not approved by or endorsed by the Task Force as a whole.

Contained in this report are the findings of the Election Performance Task Force, organized by subcommittee subject matter, with the additional category of voting technology. The Secretary utilized these findings along with feedback from members of the task force, other interested parties, and the public to shape the recommendations that are detailed at the end of this report.

While we endorse the recommendations, we do not endorse the details in the report itself:

  • The statistical information and conclusions do not come close to meeting rigorous standards in justifying the conclusions reached.
  • As noted in the report, the cost of elections information provided is questionable. We find it wildly inaccurate to include data that elections might have been conducted at costs per voter less than the cost of printing a single ballot.
  • We strongly disagree that there is any basis to predict that online voting will be a safe and accepted practice within ten years.

There is a lot to do in all the recommendations. It will take time, money, and deliberate work with everyone at the table. Our hope is that each of the recommendations will be thoroughly explored, evaluated, and acted upon, that none get overlooked.

Common Sense: Tension between Convenience, Confidence, and Cost

Many of the issues we discuss here and debate in the Legislature revolve around tradeoffs between Convenience, Confidence, and Costs. At a basic level we find three fundamental values/goals behind every initiative and debate: These tradeoffs and competing goals are the context within which we all constantly evaluate new laws and proposals.

Note: This is the sixth post in an occasional series on Common Sense Election Integrity, summarizing, updating, and expanding on many previous posts covering election integrity, focused on Connecticut. <previous> <next>

Elections like many complex activities are subject to many demands and conflicting priorities. Reading Edward B. Foley’s excellent and fascinating paper, The 1792 Election Dispute and Its Continuing Relevance, one of its main themes:

Another lesson to be learned from the Clinton-Jay dispute of 1792 concerns the deep-rooted nature of the jurisprudential debate between strict and lenient enforcement of election statutes. As a review of the 1792 dispute reveals, this basic jurisprudential debate has been with us from the very beginning. The 1792 dispute also demonstrates that this jurisprudential debate involves competing interpretations of our nation’s most elementary commitment to the existence of democratic elections. Proponents of both strict and lenient enforcement appeal to the fundamental value of a free and fair vote among citizens. Yet each side of this jurisprudential debate appeals to this fundamental value in a different way. As a nation, we are essentially stuck in the same place regarding this debate as we were in 1792.

Many of the issues we discuss here and debate in the Legislature revolve around similar tradeoffs between strict and lenient enforcement – tradeoffs in laws set out before close election results, charges, counter charges, and arguments actually occur. At a basic level we find three fundamental values/goals behind every initiative and debate:

  • Convenience – Access for voters, access for candidates, and efficiency for officials
  • Confidence – Integrity and confidence in the process, voter qualifications, and accuracy of the results
  • Cost – What it takes to register voters and  run elections

Convenience suggests capabilities such as: Election day registration; early voting, online registration; universal registration; online voting;  many well staffed and equipped polling places; systems for those with disabilities; school or general holidays on election day; voter friendly ballot design; easy to use web information; low bars for third party candidates; public financing; short hours and increased staffing for officials; technology to save officials work; easy to setup technology; etc.

Confidence suggests requirements such as: Voter verified paper ballots; adequate supplies of pre-printed ballots; strong ballot security; strong equipment testing and security; fully transparent operations; careful, extensive registration checks; careful, effective voter checkin requirements; strong recount and post-election audits; stronger, more uniform, or faster enforcement of election laws;

Costs are usually required to increase confidence or convenience. Sometimes an investment in new equipment and methods can actually save money in the long run. In other cases waste can be eliminated or a more efficient method found. In other cases a well intended initiative can be accomplished in a wasteful, ineffective, even detrimental way.

In general we can tradeoff one of the three goals for one or two of the others, yet it does not always work that way:

  • We can save money and add to convenience at the expense of confidence when we loosen registration checks. Similarly we can add confidence, with costs and  inconvenience by stronger voter ID requirements.
  • We can increase confidence and costs, along with more work by officials when we increase the standards for protecting ballots or camera surveillance of storage and official work areas.
  • We can invest in online registration, which adds to convenience, and confidence, while it reduces costs. (As we used to call it in IT, a “sweet spot” application)
  • We could invest in paperless DRE (touch screens) which increase work for officials, can result in long lines for voters, high risks to confidence, and huge costs over optical scanners – a lose, lose, lose, lose proposition.
  • Better procedures and regulations can provide a huge payoff, only if they are accompanied by effective training and compliance.
  • Also tradeoffs may not be uniform: Costs or additional work can be greater for small towns, or for towns with many small polling places. Voter ID laws can disproportionately greatly inconvenience and cost some voters, while hardly making a difference to others.
  • Finally, some impacts are really, really difficult to determine. In recent years, the Legislature changed to require special elections for U.S. Senate vacancies – each election would cost several million dollars. How many will we have? And when? Some could be very critical and valuable to democracy, others inconsequential. What is the value of ballot security we can all trust vs. questionable security almost impossible to prevent and demonstrate fraud, should it occur?

These tradeoffs and competing goals are the context within which we all constantly evaluate new laws and proposals.

Busy Day: Testimony, Inaccuracy, and more

It was a busy day in Hartford today. I testified on two bills along with many others also testifying on those and other bills before the Government Elections and Administrations Committee. There is an AP article which may leave misunderstanding of my testimony and positions. Finally, the Secretary of the State released the final report of the Elections Performance Task Force. UPDATED

It was a busy day in Hartford today. I testified on two bills along with many others also testifying on those and other bills before the Government Elections and Administrations Committee.

One bill was the Constitutional Amendment for early voting. I testified for the bill and against expended absentee voting, provided the bill and ballot question accurately portray the intent of no-excuse absentee voting. <read>

Another bill authorized Online Voter Registration and Election Day Registration. I testified for both in concept, yet against the particular form of Election Day Registration which is quite different than the successful EDR systems in use in other states <read>

There is an AP article which may leave misunderstanding of my testimony and positions, here is one example <read>

Luther Weeks, the executive director of both CTVotersCount.org and the Connecticut Citizen Election Audit Coalition, spoke out against the Election Day registration proposal.

In his testimony to the committee, Weeks said the proposal does not protect the rights of voters and will lead to chaos at polling locations. He also raised concerns that people could be turned away if standing in line to register to vote when the polls close. Weeks’ coalition monitors post-election audits in Connecticut.

Like Weeks, Christopher Healy, the former Connecticut Republican Party chairman, also testified against Election Day and online voter registration. Healy argued that the two systems would lead to voter fraud because same-day registration is not verified until after votes are cast. He said online registration is only as good as the people updating the system.

For the record:

  • I testified only for CTVotersCount, not the Coalition (Coalition members have a variety of positions on election laws. We all agree on the importance of post-election audits)
  • I testified against the proposed from of Election Day Registration, although I support EDR in general.
  • I testified for Online Voter Registration
  • I testified against expanded absentee voting, but for the Constitutional Amendment, provided the Amendment and the ballot question clearly represent the purpose as providing for laws to allow expanded absentee voting.

Finally, the Secretary of the State released the final report of the Elections Performance Task Force. Once I have had a chance to review the report I will provide detailed commentary. From the Secretary’s remarks at the press conference and reading a draft report several months ago, I expect to support most if not all of the report’s recommendations. <report>

Update 3/3/2012: It seems that the AP quickly updated its article after my call last night. I appreciate their response. Our goal is also to expedite any corrections to errors in our postings brought to our attention:

Luther Weeks, the executive director of both CTVotersCount.org, spoke against the Election Day registration proposal. Weeks said the proposal does not protect the rights of voters and will lead to chaos at polling locations. He also raised concerns that people could be turned away if standing in line to register to vote when the polls close. Weeks also is executive director of the Connecticut Citizen Election Audit Coalition, which monitors postelection audits in Connecticut, but doesn’t have a consensus position on the proposal.

Absentee Ballot Hijinks in Hartford?

Evelyn Cruz filed a complaint accusing another resident, Clorinda Soldevila, of hand-delivering three absentee ballots to her home on Bond Street, and then picking up those ballots and delivering them to city hall.

Hartford Courant: Hartford Resident Alleges Illegal Handling Of Absentee Ballots <read>

Evelyn Cruz filed a complaint accusing another resident, Clorinda Soldevila, of hand-delivering three absentee ballots to her home on Bond Street, and then picking up those ballots and delivering them to city hall…

Cruz said in her complaint that Soldevila visited her on Feb. 4 and asked her to sign an application for an absentee ballot, which she did “with the understanding that [Soldevila] would return it to city hall.”

Cruz said she expected that city hall would mail her an absentee ballot, and that she would mail it back. But a week later, she wrote in the complaint, Soldevila turned up at her home again, this time with three absentee ballots — for Cruz, her husband and her daughter-in-law. She said Soldevila asked her to fill out a ballot, which she did, and put it into an envelope.

“Before I had a chance to place the envelope in the mail, Ms. Soldevila returned to my home and picked up the envelope, and told me that she would return it to city hall. This happened about two days after she brought the ballots,” Cruz wrote.

[Town and City Clerk John] Bazzano said, however, that the ballots were not dropped off, but that his office received the three absentee ballots by mail in sealed envelopes, which had been stamped and postmarked. He said the office would never accept hand-delivered ballots.

“We have the proof and the facts to back up that we did it right,” Bazzano said. “All of the envelopes are clearly stamped and postmarked.

Not sure we understand Bazzano’s statement or maybe the article is confused.  It could be accurate, however, if someone took the three absentee ballots illegally they still could have mailed them in and the main allegation would remain unresolved.

Scanners 0, Hand count 0, Officials 0, Press/Citizens 2

Connecticut has little reason to take comfort in New York’s latest election embarrassment. We do not expect an official system to recognize unofficial counts, yet we do expect a system that recognizes problems, and reacts by taking reasonable steps to correct errors.

Connecticut has little reason to take comfort in New York’s latest election embarrassment.

Yesterday we had this story from the New York Daily News:  Board of Elections does nothing as hundreds of Bronx votes go missing <read>

More than six months ago, voting experts at New York University Law School’s Brennan Center detected an alarming pattern at one polling place in the South Bronx:

The tallies from the electronic scanning machines at Public School 65 included high proportions of invalidated votes.

There were two possibilities: Either huge numbers of voters had improperly filled out their ballots, or at least one of the scanners had gone haywire. The board did nothing. Actually, the board did worse than nothing. It refused to check — even when asked to do so by state election officials.

Using the Freedom of Information Law, this editorial page then demanded the right to inspect ballots cast at PS 65 in the 2010 primary and general elections — the ones that put Gov. Cuomo into office.

The board complied, marking what may be the first time members of the public in New York State have been given permission to look over cast ballots and review how they were counted.

All too predictably, we discovered that voters had done their part correctly, while one of the three scanners at PS 65 misread and miscounted votes.

Scanners 0, Officials 0, Press/Citizens 1

But that is New York, not Connecticut. Our ancestors sold wooden nutmegs to the ancestors of today’s New Yorkers.

Recall November 2010 when Bridgeport had a  problem running out of ballots compounded by problems hand counting and accounting for the the photocopied ballots. The Connecticut Post asked to count the ballots, Bridgeport complied and citizens counted them.  And the State of Connecticut, nothing. The “Official” Bridgeport results still stand.

By our count, 20 of 25 polling places had photocopied paper ballots, but even that number was never recognized officially. We are reminded of this by an article, also yesterday, in the Hartford Courant covering a talk by the Secretary of the State: Secretary Of The State Outlines Proposed Changes In Elections <read>

Merrill has been considering changes to the way votes are cast in Connecticut following the November 2010 election fiasco in Bridgeport where only 21,000 paper ballots were preprinted in a city of 69,000 registered voters and 12 of 25 polling places ran out of ballots.

Of course we do not expect an official system to recognize unofficial counts, we do expect a system that recognizes problems, and reacts by taking reasonable steps to correct errors. We cannot hold the current Secretary accountable for actions that occurred before she took office yet we would like to see a system that not only reduced the changes of a very similar disaster, but also one that can recover from a variety of similar and dissimilar disasters in the future.

Scanners 0, Hand count 0, Officials 0, Press/Citizens 2

How All the votes were lost in D.C.

Within 48 hours of the system going live, we had gained near complete control of the election server. We successfully changed every vote and revealed almost every secret ballot. Election officials did not detect our intrusion for nearly two business days—and might have remained unaware for far longer had we not deliberately left a prominent clue.

In a new paper the University of Michigan ethical hackers describe how all the votes were changed/stolen in the Washington, D. C. test: Attacking the Washington, D.C. Internet Voting System <read>

The paper is a good read. Recommended especially for election officials and those that believe Internet voting is a good, safe idea. From the abstract:

This paper describes our experience participating in this trial. Within 48 hours of the system going live, we had gained near complete control of the election server. We successfully changed every vote and revealed almost every secret ballot. Election officials did not detect our intrusion for nearly two business days—and might have remained unaware for far longer had we not deliberately left a prominent clue. This case study—the first (to our knowledge) to analyze the security of a government Internet voting system from the perspective of an attacker in a realistic pre-election deployment—attempts to illuminate the practical challenges of securing online voting as practiced today by a growing number of jurisdictions.

I would add:

  1. It took the officials a while to detect the hack, even with the Michigan Fight song playing. Imagine if the team had only changed or added 10% or 20% of the vote and cast them for candidates actually on the ballot! What if it was a real election and the officials were not certain that several groups were likely trying to hack in!!!
  2. We pay significant attention to outsider attacks, but insider attacks aremuch easier, require less expertise, and are much less likely to be detected.emember online voting is about as auditable as a paperless DRE, just more globally vulnerable.
  3. Was the West Virginia Pilot hacked? How would anyone know? Maybe not, it was not a very valuable target since so few votes were involved.

 

Internet Voting, more problems beyond the News Hour report

Last week there was a PBS News Hour report on Internet Voting. It was fair and balanced as far as it went, but maybe a bit too fair to non-scientists and vendors touting Internet Voting. At Brad Blog, Earnest A Canning has an excellent piece pointing out some additional information not covered in the short News Hour segment.

Last week there was a PBS News Hour report on Internet Voting. It was fair and balanced as far as it went, but maybe a bit too fair to non-scientists and vendors touting Internet Voting. We wished it was more like the symposium in Connecticut where both pro and con members of the panel had adequate time to counter each others’ statements. At Brad Blog, Earnest A Canning has an excellent piece pointing out some additional information not covered in the short News Hour segment PBS News Hour Report Exposes Madness of Internet Voting, Officials Who Push For It Anyway <read>

Disturbingly, the new PBS documentary also reveals that, despite the spectacular failure and warnings from virtually every computer science and security expert, election and Pentagon officials are still pressing forward with what MIT Prof. of Electrical Engineering and Computer Science Ronald L. Rivest describes, as seen in the short PBS report, as an “oxytopian” solution. “‘Secure Internet voting,'” Rivest charges, “is a bit like the phrase ‘safe cigarettes'”…

 The Revolving Door

In some instances, like that of Paul Stenbjorn, the former Executive Director of the D.C. Board of Elections and Ethics who first pushed for the live D.C. Internet vote experiment and was then embarrassed by the D.C. Internet Voting Hack, the persistent effort to damn the science, the scientists and the extraordinary failures to move ahead with Internet Voting anyway, might be explained by the fact that he subsequently became the Director of US Operations at SCYTL, a manufacturer of online voting and election systems…

 Reliance upon technology that does not exist

Where, in the PBS report, West Virginia Secretary of State Natalie Tennant (D) expresses certainty — with no evidence to back it up — that there has been “no breach in our votes,” U.C. Berkley Computer Science Prof. David Wagner, who examined the SCYTL system, reported that there “is no known way to audit Internet voting.”

If there is no way to audit the voting, there is no way to know whether the votes have been “breached” and accurately recorded as per the voters’ intent.

Where Stenbjorn advanced the unscientific prediction that a secure system will be developed in the near future, Wagner, in the same report, noted: “It is not technologically feasible today to make Internet Voting safe against attack.”…

 No security against insider threat

One shortfall of the otherwise excellent PBS report — which includes interviews with a number of computer scientists The BRAD BLOG has turned to for years for their invaluable expertise on these issues — is that it only examined the concerns of system security from the perspective of an outsider attack, like the one that occurred in the D.C. Internet Voting Hack.

Even assuming that it were technologically feasible to prevent an outside attack, this does not begin to address the far more immediate threat that, whenever there is a lack of transparency in how votes are counted, there is a risk that the count can be manipulated by insiders with access to any e-voting system, be it Internet, Direct Recording Electronic (usually touchscreen) voting machines or paper-based computer optical scan systems.

As acknowledged by virtually all computer scientists and security experts, and even confirmed by the highly compromised, GOP-operative-created Baker/Carter National Election Reform Commission years ago, the greatest threat to all such electoral systems comes from insiders. As even the phony Baker/Carter commission noted: “There is no reason to trust insiders in the election industry any more than in other industries.” Thus, there is almost nothing that can be done to protect against such exploits…

Convenience is no substitute for democracy

During the PBS report, Bob Carey, the Director of the Pentagon’s Federal Voting Assistance Program not only expresses the unscientific belief that a foolproof Internet Voting system will be developed within five to six years, but he also downplays the risks identified by computer scientists as “unfair to military voters.”

Testimony on powers of the Secretary of the State

One bill H.B. 5026 covered the emergency powers of the Secretary of the State…there were some additional important distinctions which should be included to expand and limit the bill, along with a related power the Committee should consider for unnatural disasters

Today I attended a public hearing of the Government Administration and Elections Committee. My intention was to listen to the meeting before the hearing, and listen to the hearing which was mostly on ethics related bills. One bill H.B. 5026 covered the emergency powers of the Secretary of the State.

Denise Merrill, Secretary of the State testified in favor of the bill. The Committee asked some insightful questions related to the scope and execution of the powers in the bill. I realized there were some additional important distinctions which should be included to expand and limit the bill, along with a related power the Committee should consider for unnatural disasters:

  • The word “elections” can be ambiguous the bill should explicitly cover “elections, primary elections, and special elections”.
  • The bill should be limited to postponing only entire elections, primary elections, and special elections.
  • The Secretary should have the power to call for discrepancy recanvasses, not just a single individual in each municipality.

See our full written testimony <read>

 

“Military Grade Security” for elections is a non sequitur

Who should we believe? Vendors selling internet voting or computer scientists and government intelligence experts? We point out that the greatest danger to internet voting is insider manipulation, even easier for a single rogue election official or network insider. No need to steal paper ballots and fill them out. No risk of being caught in an audit or recount of voter verified paper ballots. UPDATE: Videos

Andrew Gumbel, author of Steal This Vote, op-ed in the LA Times: Stealing Oscar – The Academy of Motion Picture Arts and Sciences’ plan to allow voting by computer is an open invitation for cyber attacks and raises the risk of a fraudulent outcome. <read>

The academy said the software developed by the San Diego-based computer voting company Everyone Counts would incorporate “multiple layers of security” and “military-grade encryption techniques” to ensure that nothing untoward or underhanded could occur before PricewaterhouseCoopers, its accountancy firm, captured the votes from the Internet ether.

Unfortunately, leading computer scientists around the world who have looked at Internet voting systems do not share the academy’s confidence. On the contrary, they say the technology is vulnerable to a variety of cyber attacks — no matter how many layers of encryption there are — and risks producing a fraudulent outcome without anyone necessarily realizing it.

Who should we believe? Vendors selling internet voting or computer scientists?

Everyone Counts is certainly savvier than some of the computer voting machine manufacturers who emerged a decade ago. Chief Executive Lori Steele understands that clean elections are about accountability from end to end, not just some miracle machine that does all the work by itself.

She also did not contest the objections voiced by Dill and the other computer scientists. Rather, she argued that, whatever the flaws, carefully encrypted computers are far more reliable than paper ballots, which can potentially be manipulated by a single rogue election official. Everyone Counts puts its machines through a rigorous auditing process, she said, and even interrupted a recent election in Australia to conduct a surprise audit in the middle of the ballot count.

That argument might have been good enough for the academy and for PricewaterhouseCoopers, but it still alarms many software experts. “A surprise audit in the middle is interesting, but I don’t think that’s adequate for the job because there are still multiple ways to defeat it,” Dill said.

We point out that the greatest danger to internet voting is insider manipulation, even easier for a single rogue election official or network insider. No need to steal paper ballots and fill them out. No risk of being caught in an audit or recount of voter verified paper ballots.

Who should we believe? Vendors selling internet voting or computer scientists and government intelligence experts?

See this story from the New York Times: Traveling Light in a Time of Digital Thievery <read>

He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”

What might have once sounded like the behavior of a paranoid is now standard operating procedure for officials at American government agencies, research groups and companies that do business in China and Russia — like Google, the State Department and the Internet security giant McAfee. Digital espionage in these countries, security experts say, is a real and growing threat — whether in pursuit of confidential government information or corporate trade secrets.

“If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,” said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence…
Targets of hack attacks are reluctant to discuss them and statistics are scarce. Most breaches go unreported, security experts say, because corporate victims fear what disclosure might mean for their stock price, or because those affected never knew they were hacked in the first place. But the scope of the problem is illustrated by an incident at the United States Chamber of Commerce in 2010.

The chamber did not learn that it — and its member organizations — were the victims of a cybertheft that had lasted for months until the Federal Bureau of Investigation told the group that servers in China were stealing information from four of its Asia policy experts, who frequent China. By the time the chamber secured its network, hackers had pilfered at least six weeks worth of e-mails with its member organizations, which include most of the nation’s largest corporations. Later still, the chamber discovered that its office printer and even a thermostat in one of its corporate apartments were still communicating with an Internet address in China…

Last week, James R. Clapper, the director of national intelligence, warned in testimony before the Senate Intelligence Committee about theft of trade secrets by “entities” within China and Russia. And Mike McConnell, a former director of national intelligence, and now a private consultant, said in an interview, “In looking at computer systems of consequence — in government, Congress, at the Department of Defense, aerospace, companies with valuable trade secrets — we’ve not examined one yet that has not been infected by an advanced persistent threat.

Finally we have the case of army private Bradley Manning, where it is alleged that a single low level insider, located overseas, had access to and the ability to steal almost unlimited volumes of confidential documents from multiple federal agencies.

Military grade “security”, a non sequitur if there ever was one!

Update:  Videos:

  • Andrew Gumbel provides the same information and some additional information <video>
  • CEO of Everyone Counts. Little if any information beyond the above story <video>

The Wild West: Presidential Primary “Election” Edition

Selecting candidates for President is less safe and less democratic than most of us realize.

Four years ago there were five public hearings on voting in Connecticut. In reaction to election administration admissions by registrars, Representative Caruso referred to our system in the Nutmeg State as the “Wild West”. It seems that choosing a candidate for President by parties is another version of the Wild West.

The latest demonstrations the weak underbelly of candidate selection are the caucuses in Iowa and Nevada:

Iowa had a very close vote count declaring Romney the victor, followed shortly by news of bad accounting from one meeting which would have Santorum the victor <read>, followed several weeks later with a confirmation of Santorum based on a recount missing records from eight locations. <read>

Earlier many were concerned with a hacker threat to the Iowa caucus <read>  And soon after a candidate’s campaign investigated for vote fraud in Virginia <read>

This week  added concerns with the Nevada caucus:  And a summary of caucus concerns from the AP  and the Washington Times <read> <read>

What else should be of concern, given that parties can pretty much choose their own way selecting a candidate? Internet voting subject to external hacking, insider fraud, and even subject to official override. Consider the risks of the party/non-party Wall Street financed and managed Americans Elect <read>, and the 2008 Democrats Abroad vote <read>