Tagged voter confidence

Recapping The OSCON O’Reilly Radar Conversation

A couple of weeks ago I presented at OSCON and during the conference had an opportunity to sit down with Mac Slocum, Managing Editor for the O’Reilly Radar.  We had about a half an hour conversation, for which we covered ~20 minutes of it on camera.  You can find it here if you want to watch me jaw.  But perhaps simpler below, I’ve listened to the tape, and captured the essence of my answers to Mac’s questions about what the Foundation is about and working on and the like.  I promised Matt Douglass, our Public Relations Director I’d get this up for interested followers; apologize it took me a couple of weeks.

So, here it is; again not an official transcript, but a compilation of my answers after watching and listening to the video interview about a dozen times (so you don’t have to) combined with my recollection as close as I recall my remarks – expressed and intended.

O’Reilly: How are voting systems in the U.S. currently handled?  In other words, where do they come from; procurement process; who decides/buys; etc.?

Miller: Voting systems are currently developed and delivered by proprietary systems vendors, and procured by local election jurisdictions such counties and townships. The States’ role is to approve specific products for procurement, often requiring products to have completed a Federal certification process overseen by the EAC.  However, the counties and local elections jurisdictions make the vast majority of elections equipment acquisition decisions across the country.

O’Reilly: So how many vendors are there?  Or maybe more to the point, what’s the state of the industry; who are the players; and what’s the innovation opportunity, etc.?

Miller: Most of the U.S. market is currently served by just 3 vendors.  You know, as we sit here today, just two vendors control some 88% of America’s voting systems infrastructure, and one of them has a white-knuckled grip on 75% of that.  Election Systems and Services is the largest, after having acquired Premier Systems from its parent company, Diebold.  The DoJ interceded on that acquisition under a mandatory Hart-Scott-Rodino Act review to consider potential anti-trust issues.  In their settlement with ES&S, the Company dealt off a portion of their technology (and presumably customers) to the Canadian firm Dominion Systems.  Dominion was a small player in the U.S. until recently when it acquired those technology assets of Premier (as part of the DoJ acquisition, and acquired the other fomer market force, Sequoia.  And that resulted in consolidating approximately 12% of the U.S. market. Most of the remaining U.S. market is served by Hart-Intercivic Systems.

On the one hand, I’d argued that the voting systems marketplace is so dysfunctional and malformed that there is no incentive to innovate, and at worst, there is a perverse disincentive to innovate and therefore really not much opportunity.  At least that’s what we really believed when we started the Foundation in November 2006.  Seriously, for the most part any discussion about innovation in this market today amounts to a discussion of ensuring spare parts for what’s out there.  But really what catalyzed us was the belief that we could inject a new level of opportunity… a new infusion of innovation.  So, we believe part of the innovation opportunity is demonstrated by the demise of Premier and Sequoia and now the U.S. elections market is not large or uniform enough to support a healthy eco-system of competition and innovation.  So the innovation opportunity is to abandon the proprietary product model, develop new election technology in a public benefits project, and work directly with election officials to determine their actual needs.

O’Reilly: So what is the TrustTheVote Project, and how does that relates to the Foundation?

Miller:  The Open Source Digital Voting Foundation is the enabling 501.c.3 public benefits corporation that funds and manages projects to develop innovative, publicly owned open source elections and voting technology.  The TrustTheVote Project is the flagship effort of the Foundation to design and develop an entirely new ballot eco-system.

What we’re making is an elections technology framework built on breakthrough innovations in elections administration and management and ballot casting and counting that can restore trust in how America votes.  Our design goal is to truly deliver on the four legs of integrity in elections: accuracy, transparency, trust, and security.

The reason we’re doing this is simple: this is the stuff of critical democracy infrastructure – something far too much of a public asset to privatize.  We need to deliver what the market has so far failed to deliver.  And we want to re-invent that industry – based on a new category of entrants – systems integrators who can take the open source framework, integrate it with qualified commodity hardware, and stand it up for counties and elections jurisdictions across the country.

We’re doing this with a small full time team of very senior technologists and technology business executives, as well as contractors, academia, and volunteer developers.

We’re 4 years into an 8 year undertaking – we believe the full framework will be complete and should be achieving widespread adoption, adaptation, and deployment by the close of 2016 – done right it can impact the national election cycle that year.  That said, we’re under some real pressure to expedite this because turns out that a large number of jurisdiction will be looking to replace their current proprietary systems over the next 4 years as well.

O’Reilly:  How can open source really improve the voting system?

Miller:  Well, open source is not a panacea, but we think it’s an important enabler to any solution for the problems of innovation, transparency, and cost that burden today’s elections.  Innovation is enabled by the departure from the proprietary product model, including the use of open-source licensing of software developed in a public benefits project. Transparency, or open-government features and capabilities of voting systems are largely absent and require innovation that the current market does not support. Cost reduction can be enabled by an open-source-based delivery model in which procurements allow system integrators to compete for delivery license-free voting systems, coupled with technical support that lacks the vendor lock-in of current procurements. Open source software doesn’t guarantee any of these benefits, but it does enable them.

I should point out too, that one of our deepest commitments is to elections verification and auditability (sic).  And our framework, based on an open standards common data format utilizing a markup language extension to XML called EML is the foundation on which we can deliver that.  Likewise, I should point out our framework is predicated on a durable paper ballot of record… although we haven’t talked about the pieces of the framework yet.

O’ReillyWell our time is limited, but you must know I can’t resist this last question, which is probably controversial but our audience is really curious about.  Will online voting ever be viable?

Miller: Well, to be intellectually honest, there are two parts to that loaded question.  Let me leave my personal opinion and the position of the Foundation out of it at first, so I just address the question in a sterile light.

First, online voting is already viable in other countries that have these 3 policy features: [1] a national ID system, [2] uniform standards for nationwide elections, and [3] have previously encouraged remote voting by mail rather than in-person voting. These countries also fund the sophisticated centralized IT infrastructure required for online voting, and have accepted the risks of malware and other Internet threats as acceptable parts of nationwide online voting.   For a similar approach to be viable in the U.S., those same 3 policy features would likely require some huge political innovations, at the 50-plus state level, if not the Federal level.   There really isn’t the political stomach for any of that and particularly national ID although arguably we already have it, or creating national elections and voting standards, let alone building a national elections system infrastructure.  In fact, the National Association of State Secretaries recently passed – actually re-upped an earlier resolution to work to sunset the Federal Elections Assistance Commission.  In other words, there is a real Federalist sense about elections.  So, on this first point of socio-political requirements alone I don’t see it viable any time soon.

But letting our opinion slip into this, the Foundation believes there is a more important barrier from a technical standpoint.  There are flat out technical barriers that have to be cleared involving critical security and privacy issues on the edge and at the core of a packet-switched based solution. Furthermore, to build the kind of hardened data center required to transact voting data is far beyond the financial reach of the vast majority of jurisdictions in the country.  Another really important point is that online elections are difficult if not impossible to audit or verify.  And finally, there is a current lack of sophisticated IT resources in most of the thousands of local elections offices that run elections in the U.S.

So, while elections remain a fundamentally local operation for the foreseeable future, and while funding for elections remains at current levels, and until the technical problems of security and privacy are resolved, nationwide online voting seems unlikely in the U.S.

That said, we should be mindful that the Internet cloud has darkened the doorstep of nearly every aspect of society as we’ve moved from the 2nd age of industrialism to the 3rd age of digitalism.  And it seems a bit foolish to assume that the Internet will not impact the conduct of elections in years to come.  We know there is a generation out there now who is maturing having never known any way to communicate, find information, shop, or anything other than online.  Their phones exist in an always-on society and they expect to be able to do everything they need to interact with their government online.  Whether that’s a reasonable expectation I don’t think is the issue.

But I think it will be important for someone to figure out what’s possible in the future – we can’t run and hide from it, but I believe we’re no where near being able to securely and verifiably use the Net for elections.  There is some very limited use in military and overseas settings, but it needs to be restricted to venues like that until the integrity issues can be ironed out.

So, we’re not supporters of widespread use of the Internet for voting and we don’t believe it will be viable in the near future on a widespread basis.  And honestly, we have too much to do in just improving upon ballot casting and counting devices in a polling place setting to spend too many cycles thinking about how to do this across the Internet.

-GAM|out

Dude, What Is My Ballot, Really?

(Part 2 of 2: What’s My Ballot?)

Today, I’m continuing on from a recent post, which compared my in-person voting experience with one method of Internet-based voting: return of marked ballots by fax or email. Next up is a similar comparison with another form of Internet-based voting: Internet voting from home using a PC’s Web browser.

Let’s briefly recall the result at the end of the day in my polling place:
1. Some paper ballots in a ballot box.
2. Some digital vote totals in a computer, and set of paper rolls that provide a ballot-like paper trail of each voter’s activity that led to those vote totals. The paper trails can be used to check the correctness of the digital vote totals.
Let’s also recall the result at the end of the day with email ballot return:
1. Some printed versions of faxed/emailed ballots, which are treated as ballots for counting purposes.
While we’re at it, let’s recall the results of the old lever machines too:
1. Some mechanical vote totals in one or more machines
2. A hand-recorded paper transcription of the “odometer” readings. (Those machines were a lot harder to move than a computer is! So the transcriptions were the basis for vote totals.)

Now, on to home-based Web i-voting. Before doing the end-of-the-day comparison, let’s start with what the experience looks like — fundamentally, it’s Web pages. You point your browser to a Web site; you type in your voter identification, a bit like the in-person poll-book signing experience; and then you get your ballot: one or more Web pages. Various Internet voting products and services differ, but they are all fundamentally similar to something that I bet many readers have seen already: online surveys. Take a look at this simple election-like survey about music in Cuyahoga County. The web page looks like a simple ballot, with contests for vocalist and guitarist instead of governor and dog-catcher. There are candidates, and you vote by selecting one with a mouse click on a radio button next to the name of your favorite.

So far, so familiar, but when I press that submit button, what happens? Where’s my ballot? Let’s take it step by step.

  • The submit button is part of an HTML form, which is part of the Web page. (You can see the HTML form if you “View Page Source” in your browser.)
  • Pressing the button tells your browser to collect up the form’s data, which might include Rachel Roberts for Vocalist if you had clicked the radio button next to Rachel.
  • These parts of the forms data are something that in election lingo you might call a “vote” (or “contest selection” to be precise.)
  • The HTML form data, including the vote-oid data, is sent from your browser to the Web server via an HTTP POST operation.
  • The HTTP transaction is typically via an encrypted SSL session, to preserve privacy en route over the Internet.
  • The Web server passes the POST parameters to some election-specific Web application software, which interprets the data as votes, and stores the vote data in a database.

Now, let’s be specific about that database stuff. In surveymonkey, there is a database record for each Cleveland Music survey response, and it’s possible (if the survey was set up that way) that the record also includes some information about the person who responded. In actual government voting, though, of course we don’t want that. So even though the i-voting server has a database of voters, and even though you had to log in to the i-voting server, and even though you were only allowed to vote if the voter record said you were allowed to vote, still your vote data shouldn’t be stored with your voter record. So, the vote data is supposed to be anonymously and separately stored, becoming part of vote totals for each candidate in each contest.

Can you say “odometer“? Okay, maybe it’s not that obvious, so let me juxtapose a couple images. As I recounted earlier, a much younger me is standing in the voting booth of a lever machine, looking a big bank of little switches next to candidate names, and thinking that is the ballot. Then the big lever is pulled, the little switches flip back, and it’s like the ballot just evaporated! Though of course I was told that the counter dials in the back of the machine did tick over like the odometer on a car, recording each vote. The votes were stored on the odometers, but the ballot was gone without a trace. Now shift the scene to my first surveymonkey experience. I clicked some radio buttons, clicked submit, and poof! what I thought was a ballot just disappeared. I’m told that the counters in a database somewhere ticked over to record my “votes.” Again, votes were supposedly recorded, but there wasn’t really ever a durable ballot. Home-based web client-server Internet voting is just like that, regardless of varying technical implementation details. There’s no durable ballot document.

So, at the end of the day, we have stored vote totals in a database of a system that also logged the voter logins. At that point I don’t have an answer to “What’s the ballot” anymore than I do for lever machines or the early paper-trail-less DREs. Unlike the (much-more-insecure) email ballot delivery, we don’t really know what or where the ballots are. Recalling my experience in the Middlefield Road fire house, the vote data is similarly stored as bits on a computer, but!!! there is also the paper trail. That paper trail can be used to audit the system and detect errors and fraud, and serves as the durable record of the vote — almost a ballot, except for being on flimsy paper with some ballot information left out. But with i-voting, there is nothing even similar. Any kind of auditing that’s done, is done using data saved on the server computers, rather than looking at a ballot document that the voter also saw.

Is that so terrible? Maybe so, maybe not. A durable ballot is not a holy requirement for U.S. elections — though in some parts of the country it almost is. And a durable ballot may not be a requirement for a voting system that is specifically and only for timely assistance of overseas and military voters. Such requirements are a matter of local election law and decisions of local election officials. But my critical observation here is about voter trust. Trust derives in large measure from comprehension. And for many voters, a voting system is comprehensible if the voter knows what the ballot is, where it goes, and what happens to it. That’s why overseas voters like fax and email return. Despite the security and anonymity problems, the voter understands that ballot, how it pops out of the fax/printer on the other side of the planet, and how its counted as a paper ballot. The same can’t be said for paperless home-based i-voting. As a consequence, I think that it will be harder to build trust, at least in some parts of the country that are paper-centric. However, it may be less of a big deal if limited to overseas and military voters, whose main concern is “get the the ballot home in time to be counted.” The pilots are happening, and time will tell.

— EJS

Kudos to Cuyahoga

I was very encouraged by recent election news from Ohio’s Cuyahoga County, reported in the Cleveland Plain Dealer newspaper: Reason for election machine glitch found, officials expect things to be OK for the primary. At first blush, it might seem like bad news:

All told, 89 of the Cuyahoga County Board of Elections‘  1,200 machines powered down and then froze during a specific test done to ensure the optical scanners were reading paper ballots correctly.

But as the Plain Dealer’s Joan Mazzoli said in her folksy headline, the point is that the Cuyahoga BOE disclosed to the public exactly the problems that they encountered, the scope of the problems, and the possible effect on the election that will be conducted with machines that they tested. In fact BOE director Jane Platten explained the specific error logging procedures that they will use to audit the election, to make sure that no votes are lost even if the machines malfunction during the election. As Mazzoli quoted Platten:

We want to ensure everyone’s votes are counted.

Of course that is every election official’s goal, but this news is about a bit more: making sure that everyone’s votes are counted, and “making sure” in a way that the voters can see and believe in despite known problems with the election technology being used. That is what I call helping people Trust the Vote, and for that I say – Kudos to Cuyahoga!

— EJS

How to Trust a Voting Machine

[Today’s guest post is from election technology expert Doug Jones, who is now revealed as also being an encyclopedia of U.S. elections history. Doug’s remarks below were in a discussion about how to effectively use post-election ballot-count audits as a means to gain trust in the correct operation of voting machines — particularly timely, given the news and comment about hacking India’s voting machines. Doug pointed out that in the U.S., we’ve had similar voting-machine trust issues for many years. — ejs]

Lever machines have always (as used in the US) contained one feature intended for auditing:  The public and protective counters, used to record the total number of activations of the machine.  Thus, they are slightly auditable.  They are less auditable than DRE machines built to 1990 standards because they retain nothing comparable to an event log and because they do not explicitly count undervotes — allowing election officials to claim, post election, that the reason Sam got no votes was because people abstained rather than vote for him.  (Where in fact, there might have been a bit of pencil lead jammed in the counters to prevent votes for Sam from registering).

One of the best legal opinions about mechanical voting machines was a dissenting opinion by Horatio Rogers, a Rhode Island supreme court judge, in 1897.  He was writing about the McTammany voting machine, one that recorded votes by punching holes in a paper tape out of view of the voter.  I quote:

It is common knowledge that human machines and mechanisms get out of order and fail to work, in all sorts of unforseen ways. Ordinarily the person using a machine can see a result.  Thus, a bank clerk, performing a check with figures, sees the holes; an officer of the law, using a gibbet by pressing a button, sees the result accomplished that he sought; and so on ad infinitum. But a voter on this voting machine has no knowledge through his senses that he has accomplished a result.  The most that can be said is, if the machine worked as intended, then he has made his holes and voted.  It does not seem to me that this is enough.

I think Horatio Rogers opinion applies equally to the majority of mechanical and DRE machines that have been built in the century since he published it.

— Doug Jones

Mandatory disclaimer:  The opinions expressed above are mine!  The various institutions with which I am affiliated don’t necessarily agree.  These include the U of Iowa, and the EAC TGDC. – dj

San Francisco Voting Task Force Public Hearing

Tomorrow night starting at 4:30PM the San Francisco Voting Systems Task Force is holding a Public Hearing to intake testimony and public comment on its draft prospective recommendations topics.  [Disclosure: I am a member of this Task Force, appointed by the S.F. City & County Board of Supervisors.]

We encourage everyone who can make it to attend and give us your input on these draft proposed recommendations.  This is an early stage document and does not represent any final recommendations of the VSTF.  The Agenda and description can be found here.  The location of the meeting is:

SFCitySeal1 Dr. Carlton B. Goodlett Place,
Room 34 Lower Level

San Francisco, California

If you can’t make it in person, no worries as we’re accepting written input through the 24th of February, which you can submit digitally if you wish to: [email protected] or by U.S. Mails (address details on site here).

For those interested in some details; I submitted a letter to the Task Force Chair with some comments of my own on our Draft recommendations under consideration document, and you may wish to have a look at them here.

Cheers
GAM|out

OSDV Foundation Called to Testify on State of CA Voting Systems Future

Gregory Miller of the OSDV Foundation will be provide testimony during State of California Hearings on Future of Elections Systems next Monday, February 8th.

CA Secretary of State Debra Bowen requested elections and voting systems experts from around the country to attend and testify, and answer questions about the current election administration landscape and how California can best prepare for the future.  The Secretary noted in a prepared statement:

Demands for increased transparency and services, shrinking government budgets, and technological advances that outpace elections laws and regulations have combined to challenge what many thought were ‘permanent’ solutions developed as part of the 2002 Help America Vote ActMany in California and across the nation are ready to move in a new direction.  The question is, what should Californians seek in the next generation of voting equipment and how can new products truly serve the interests of voters?

Secretary Bowen will preside over the Hearing, joined by county elections executives from Los Angeles, Orange, Sacramento, San Joaquin, Santa Cruz and Madera counties. In addition to the testimony from OSDV, wide-ranging testimony will come from the U.S. Election Assistance Commission, Pew Center on States, the Federal Voting Assistance Program, representatives from every major voting system manufacturer with contracts in California, and more.  The complete agenda is available here.

California has a strong record of thoughtful analysis of its voting systems. In 2007, Secretary Bowen led a top-to-bottom review of certified voting systems. Bowen asserted from the outset that the review:

Ensure that California’s voters cast their ballots on voting systems that are secure, accurate, reliable, and accessible.

And following the top-to-bottom review, on August 3, 2007, Secretary Bowen strengthened the security requirements and use conditions for certain systems.

So its no surprise to us that continuing developments in the elections technology industry as well as legislative initiatives are leading the Secretary to conduct this Hearing next Monday.  Part of that change is best evidenced by the MOVE Act.

We’ll discuss more about the MOVE Act in other posts, but in summary, President Obama signed the Military and Overseas Voter Empowerment (MOVE) Act in October 2009.  The most immediate impact of the law from the State perspective has to do with the provision that establishes a 45-day deadline for States to provide ballots to voters. Because Primary results need to be certified and General ballots need to be constructed and conveyed, additional time (beyond 45 days) is required to meet the new federal guideline.  And the largest impact on elections technology, processes, and practices is two principle provisions of the Act that mandate States shall provide:

  1. A digital means by which overseas voters can verify and manage their voter registration status; and
  2. A digital means by which an overseas voter can receive a digital, download ready, blank ballot (think PDF).

Success in implementing these mandates will reduce lost participation of overseas voters, which studies have shown result in approximately 1 out of every 4 overseas  ballots not being counted because of failure to arrive in time.

But if it were only that easy.  You see, in 2008, many States changed their Primary dates by several months to allow their voters to more heavily impact the presidential nomination process.  And additional moves are likely in 2010 because 11 states and the District of Columbia have Primaries so close to the General Election that ballots may not be produced in time to comply with the new MOVE Act law.  California has a very large overseas and military voting contingent, and you can imagine MOVE Act mandates are on the minds of CA elections officials, State legislatures, and the Secretary.

Of equal interest, Los Angeles County, the largest election jurisdiction in the United States, is engaged in a process known as the Voting Systems Assessment Project (VSAP) to determine the design of their next generation voting system.

Serving over 4 million registered voters, the County is examining the ways in which it can modernize its voting systems.  Dean Logan, the County Registrar and Ken Bennett, the County IT Director are working to analyze the ways in which technology can ensure their ability to meet operational mandates and better serve their voters.  With the VSAP underway (a project the OSDV Foundation is participating in), our “take” is that more (and possibly dramatic) change in elections technology in the great State of California is all but assured.

Stepping back, the current voting technology used in Los Angeles County and elsewhere is provided by private companies; they offer election jurisdictions proprietary technology solutions that need to be certified by the CA Secretary of State. While there is oversight at a State level, and mandates at the Federal level, each jurisdiction must purchase their own technology and do the very important business of conducting elections. Consequently, jurisdictions find themselves in multi-year contracts for technology.

This gives a jurisdiction continuity, but impairs their ability to innovate and collaborate, learning from neighboring or similar jurisdictions elsewhere in the state or country.

With L.A. County — the largest elections jurisdiction in the nation — considering the future of elections technology for their voters, the mandates of the MOVE Act implementation bearing down, and the complexities of the largest States’ processes and regulations for selection and implementation of elections technology, the Secretary’s Hearing next week is of a near essential nature.

So we are honored to be asked to testify next week.  And the timing is good.  As a means to developing a holistic architecture for next generation systems, one of the imperative elements is a common data format for the exchange of election event data.  This is one particular element we’re working on right now.  In fact, we will shortly be collaborating with a group of States and jurisdictions on the testing of several framework components including: election event management, ballot preparation, and automated generation of printable ballots (watch for this announcement shortly).

Here’s the cool thing: It turns out that all of this work currently underway in the TrustTheVote Project which is leveraging this common data format and some other innovations, provides a ready-made open source freely available solution to implement the mandates of the MOVE Act.

So, we hope that this work will prove to be relevant and purposeful for the Hearings.  Our opportunity to testify is timely because we believe our work is in line with the agenda driving the hearing: What do next generation systems look like and how do states like CA comply with Federal mandates? How can we develop quickly to adapt to changing needs on the ground from elections officials, voters, and federal requirements?

We’re excited to participate; go Greg!

For interested viewers, there will be a webcast available here.  And the event will likely be carried live on Cal Channel Television.

Stay tuned; more to come.
Matt

Open Source e-Voting article in Network World

I came across an interesting article in Network World, “Open Source: How e-voting should be done”, by Paul Venezia of InfoWorld. It’s a good survey and review of some of the arguments in favor of Open Source in the management, conducting and tallying of elections, so I recommend reading it.

A couple of thoughts. Paul says:

“Another problem of current e-voting systems is that many still in operation provide no paper trail. Americans can’t fill up their cars or access their bank accounts from an ATM without being prompted to print a receipt, but in many voting precincts, we can vote with nothing tangible to show for it.”  (from Open Source: How e-voting should be done)

I have to say that I agree with this (at least for the next few decades.) It seems to me that with all the questions – some more legitimate than others – about election results, we need to preserve a brain-dead-simple way of doing a recount that everyone can understand, and it would seem that a piece of paper that can be re-counted is the way to go. Caveat: I know it’s not really brain-dead-simple, and that conducting a recount of paper ballots can be extraordinarily complicated with lots of possible gaps and mistakes.

Paul further says:

“But the key to securing e-voting resides in making its systems open source. […] It’s time for us to make good on the promise of open elections and open our e-voting systems as well — no black boxes, no intellectual property protections, no obfuscation, and certainly no backdoors. Doing so would require a federal mandate, one that would eliminate the use of closed source devices” (from Open Source: How e-voting should be done)

I (obviously) believe in the open source philosophy, and think it’s an important way that we can improve confidence in our elections. But I don’t think it’s a panacea, or “the key” in any shape or form.

In fact I don’t think in terms of ‘the key.’ There’s a lot of room for improvement for sure. But there’s also quite a lot more to even the technology side of elections than the software inside an optical scanning device.No doubt it’s a complex, decentralized (both technically and in the way it is managed, operated and deployed.)

Check out the article and let us know your reactions too.

Election Equipment Stolen, Election Not Stolen

Thanks to erstwhile election texpert Dan Wallach for bring attention to the burglary of an early voting center in Houston, and to the Houston Chronicle’s Chris Moran for coverage of the story including good quotes from Dan! But I have to add that in addition to theft of computers containing voter records, there were also voting machines (Hart InterCivic DRE devices and the central controller for them) that were not stolen, but the thieves had access to. And as I’ve pointed out a number of times, it’s a shame that these voting systems (Hart and all the others) store vote data on re-writable media, and of course the software is equally modifiable as well. It’s one thing to have these fundamentally vulnerable machines in county facilities, or temporary deployed during Election Day in polling places under the watchful eye of poll workers — but another to leave them sitting in community center utility rooms overnight, night after night for a couple weeks. The votes (the electronic recording of e-ballots) are just sitting there protected by a lock on the door.

But even more importantly, as Dan pointed out to me, the real problem is confidence in the election result. Suppose a contest in this election is close, and someone claims that the election results from this particular precinct are anomalous or suspicious. It would be impractical to prove the negative — that the machines or the vote data were not tampered with, even though we know there was opportunity for it. Now, don’t get me wrong. In this case I doubt that bad guys were trying to sway this election by jiggering a handful of DREs, using special skills to falsify the security seals on the devices, and calling attention to the deed by ripping off some PCs. But because these voting machines are vulnerable in their basic design, incidents like this one can’t help but give naysayers the ability to cast doubt on the election results. We can do better — and will.

But technology aside, I still have questions on the election officials’ response to the incident. As Moran reported, yes they will check the security seals (twice!) and will assume that, absent evidence of tampering, these machines are in the same state that they left election HQ, and that the data they recorded was not effected either. But suppose that the thieves banged the machines about a bit, broke a security seal, flaked out a disk drive – or even that someone walked by with a big magnet in their pocket, and scrambled a few bits? The machines would show evidence of tampering or damage, but vote data on them might still be recoverable. Should those votes count in the election result? There is no really good answer – either way, public confidence in the election results is compromised. That can’t be prevented 100% by any technology, but here is a novel idea: let’s design voting technology so that we purposely avoid having it be the Achilles Heel of public confidence. OK, maybe it’s not so novel, but it is what we’re doing.

— EJS

Another vote for paper

Check out No Voting Machine Virus in NY-23 Election(from Bo Lipari – Essays and Images:

“Finally, the good news – because New York votes on paper, everybody’s vote was counted. When the scanner stopped working, the ballots were removed and counted, so no votes were lost. Paper ballots, a software independent record of the vote, proved their great value in their very first outing in the Empire State. ” (from: No Voting Machine Virus in NY-23 Election)

Its an interesting article explaining what actually seemed to have happened in NY-23. I say “seemed” because I am sure there must be other interpreations and explanations, but the one I am citing here rings pretty realistic to me.

Dozens of Close Elections Per Year

One of the main goals of the TrustTheVote Project is to increase voter confidence in election results, by the use of election technology that is substantially more trustworthy and transparent than similar technology in use today. One of the main reasons for the importance of this mission is the experience of some high profile close elections in the last few years.

But how frequent are “close elections” really? Speaking for myself, the handful or so of very high profile close elections, taken together, is plenty enough reason for me to work toward those goals. Of course, there are thousands of local elections every election cycle, and many of them are “close” — or at least close enough (margins low in 3 digits of votes) that voter technology error could have skewed the results.

But  I recently learned that the incidence of close elections is much higher than I imagined. The state of New Jersey recently issued a report on close elections in NJ, supplemented by healthy slug of supporting data. My thanks, again, to the erstwhile Joe Hall for pointing me to it, and for this summary of a single year of close elections in NJ:

In the last year, eight elections were decided by a single vote, and 66 elections had a margin of less than 1%.

Wow! Extrapolate nation-wide, and you’ve got a substantial portion of the electorate residing in an electoral district with an election close enough to doubt the accuracy of the count. And local elections for local offices are often the ones that have the most local effects for voters. So, for the one third or so of people who polls report as doubtful about correctness of vote counts, I’d say a whole lot of them could conclude (if they knew the type of stats we’re seeing from NJ) that at least once in their voting history, an election went the wrong way.

Now, I have no way of assessing the truth of that claim, but it is the belief that is the important part, rather than a guess at likelihood or the importance of the office elected. Putting the one-third poll results together with these stats from NJ, I see a simply un-acceptable degree of un-confidence in our election system to deliver. And where technology is part of those doubts, then I think that TrustTheVote can help. That’s true both for more reliable technology, and for cases where increased transparency can increase trust in the process.

That’s my motivator for the week!

— EJS