Remember back when people first started questioning the reliability of e-voting machines? It was initially focused on Diebold, though later reports have all shown that Sequoia and ES&S are equally as bad. Yet, initially those critics were all brushed off by the e-voting firms as wild-eyed, conspiracy theory. lunatic activists. The only problem is that they keep being proven correct time and time again, and the story has certainly crossed over into the mainstream. If you need proof, look no further than The Simpsonsrecent clip about e-voting that a ton of you have sent in:
Clearly, the issue has gone beyond the "fringe" and into the mainstream. So, it's really too bad that judges seem to think that the public can't handle a research report on these machines.
You may recall that earlier this year, after some serious problems were discovered with Sequoia's e-voting machines in New Jersey, that the state asked a group of independent researchers to investigate the machines and prepare a report. Sequoia threatened to sue the researchers though. Luckily, a court allowed the researchers to investigate the machines, and said that 30 days after the court had received the report, it could be released. However, Sequoia, in its usual "It can't be our fault, no, no!" fashion, has convinced the judge to suppress the report.
Despite the fact that we're a month away from an election that will use these machines that time and time again have been shown to have problems accurately and reliably counting votes, no one is allowed to see the report. Voters in New Jersey won't be told the results of the report until after it's too late to request absentee ballots. As the head researcher on the report notes, even New Jersey's governor and secretary of state are not allowed to read the report and use it to make public policy decisions that would more likely create a fair election. For so many years now, the e-voting companies have dismissed concerns, blocked attempts to investigate, threatened investigators and almost never admitted any fault, despite tons and tons of evidence that the machines simply do not work that well. It's a travesty that this report is being suppressed.
With so many problems with various e-voting systems, many have wondered why various state governments don't simply require any e-voting system to be open sourced. It makes a tremendous amount of sense. Any trustworthy voting process needs to require transparency in how the votes are recorded and counted. Letting a hidden algorithm do the counting makes no sense. Open source e-voting code would be open to scrutiny, and would almost certainly lead to fewer problems and greater security. Yet, for some reason, election officials have always bought into the e-voting vendors' false claims that open source code is somehow dangerous to an election.
It looks like that may be changing. California's Secretary of State, Debra Bowen, who has been a major critic of e-voting vendors, is now saying that open sourcing e-voting systems could help fix many of the flaws found in today's systems. It wouldn't solve all the problems, but it would be a huge step forward.
You know, the one thing that computers are supposed to be good at is counting things accurately. So why is it so hard to do so when it comes to counting votes? We recently wrote about the case in Washington DC's primaries where election officials were struggling to figure out the source of an awful lot of votes for a non-existent write-in candidate. Sequoia, the makers of the e-voting machines in question, were quick to deny any and all responsibility with the hilariously "thou dost protest too much" statement: "There's absolutely no problem with the machines in the polling places. No. No."
Either way, it appears that officials in DC still can't properly add up the votes properly, and are noting that 13 separate races all show the exact same number of overvotes: 1,542, though no one can explain why. Sequoia continues to stand by its original statement that the problem must be one of human error -- though it fails to explain how simple human error would create 1,542 extra votes in 13 entirely separate races -- and why it didn't design a system that would prevent the ability for "human error" to create such votes.
By now, it's pretty difficult to deny that most of the e-voting equipment out there has problems. We've covered so many stories of e-voting problems, covering all of the major e-voting machine suppliers, that there's a pretty major problem out there. So what are election officials doing about it? Not much, apparently. A new report from the Government Accountability Office (GAO) notes that the Election Assistance Commission hasn't bothered informing election officials around the country about all of the problems associated with e-voting machines. And, to make matters worse, a separate report from Common Cause claims that 10 states that had problems in the last election haven't done anything to fix those problems. Given all of the stories we've had recently about e-voting problems, this is hardly a surprise, but one more reason to wonder who's actually in charge on these sorts of things?
Last week, we wrote about yet another problem with Sequoia e-voting equipment where the company was vehemently denying the problem was with the machines, even saying: "There's absolutely no problem with the machines in the polling places. No. No." Of course, this came right after a report revealing how easy it was to hack their machines, as well as numerous other problems with Sequoia machines. Yet the company consistently employs the same exact strategy: it couldn't possibly be the fault of the machines.
You may recall the story earlier this month about the Sequoia optical scanning machines in Palm Beach County that supposedly couldn't reach the same vote tally if different counting machines were used. At least that was the original claim -- but it was later changed when election officials admitted they had simply misplaced some ballots. Well, the latest report claims that the recount is now not showing lost ballots -- it's showing too many ballots. Fantastic. Election officials think they've traced the problem to the fact that some votes on Sequoia's e-voting machine cartridges weren't properly transferred, which kicks off Sequoia's standard PR response:
The company's representative, Phil Foster says "the cartridge is fine. Why it didn't read I do not know," suggesting another human error made on election night.
You know, when you keep saying that, and the problems keep occurring, at some point, people are going to stop believing you. Even if the problem really is human error every one of these times, people might begin to wonder why you don't design your systems to avoid such human errors.
Just this week, we pointed to a rather graphic demonstration of how easy it is to hack an election using Sequoia's e-voting machines. Sequoia's machines have been implicated in numerous problematic elections, such as vote totals in New Jersey that don't add up properly, or the discovery that with a little effort you can vote multiple times on some Sequoia machines. And, of course, Sequoia's usual response to these sorts of things is to deny any and all responsibility and maybe even threaten to sue those who discover the problems.
Well, here they go again. In a Washington DC primary election that used Sequoia's machines, election officials are trying to deal with the fact that the machines seem to have added thousands of votes for a non-existent write-in candidate. The election board is blaming a "faulty cartridge" (though no one seems to know what that means, exactly). Sequoia, however, denies a faulty cartridge or a faulty database and says that it must be human error or maybe "static discharge." You would think that a company like Sequoia would be quite concerned that its machines could change the course of democracy based on static discharge or basic human error, but it seems more concerned with avoiding any blame:
"There's absolutely nothing wrong with the database," said Michelle Shafer, spokeswoman for California-based Sequoia Voting Systems. "There's absolutely no problem with the machines in the polling places. No. No."
There. Now, doesn't that make you feel oh-so-confident in the ability of these machines to conduct a free and fair democratic election for President this November?
It seems like every few months, well respected security researchers come out with yet another report about just how insecure various e-voting machines are. The amazing thing is how hard the various e-voting companies have fought against allowing these researchers to look at their machines, always insisting that the federal certification process (the one that's were later shown to have not done a very good job testing the machines) was fine. Of course, even the Government Accountability Office has admitted that the federal certification process sucks.
One of the complaints that the e-voting firms have had about having independent security researchers testing the machines is that those tests are not in real world conditions. In fact, we had a commenter from one of the e-voting companies who insisted that these independent tests were useless because:
The point people often miss, which is left off of the conspiracy blogs, is that all of these 'hacking' attempts that are requested are made to do so in some sort of vacuum. In some obscure room where a gang of hackers get together and try to penetrate the system with unlimited resources. In any election, paper or fully electronic, there are procedural and security measures taken that complement and supplement the security features of the system itself. This is in addition to internal and system-independent, pre- and post-election audit features.
That's really rather meaningless, because if it were true, then that info would also come out in those independent research reports. However, even that comment turns out to be untrue. As a few folks have submitted, some security researchers at UCSB have demonstrated not just how insecure Sequoia's e-voting systems are, but they've shown how easy it is to hack an election with a pair of videos that you can watch right here (if you're in the RSS feed, click through to see them):
What this shows is that the hack that the researchers shows demolishes that comment from the insider. All it required was for those wishing to change the results of the election to drop a USB key into the pile of USB keys used to set the system up. All of the security measures that the insider talks about are then bypassed with ease. The video shows it getting buy the procedural security measures, as well as the pre- and post-election audit features.
The video also shows why paper ballots are hardly a solution, as the second video shows how the malware included in the software can be set to void out legitimate votes and replace them with fake votes, in a variety of different scenarios, almost all of which are likely to go undetected. This is a hugely damning report -- and it comes against a company that has fought so hard against having its machines tested by independent security experts. While some may say that this shows why they didn't want it tested -- it should concern anyone who believes in free and fair democratic elections that we're using such insecure voting machines.
For all the trouble surrounding e-voting, some folks believe that optical scan technologies that simply count the paper ballot votes are a decent solution. Of course, those optical scan technologies are often made by the same companies that make the e-voting equipment, and have been shown to have numerous problems going back many years. And, as per usual with these e-voting companies, they've been highly resistant to independent inspection of the systems. Perhaps that's because the machines can't do the one thing they're supposed to do properly: count the votes.
Down in Palm Beach County, Florida (yes, the home of the infamous 2000 election year "butterfly ballot" with its hanging chads), officials are admitting that they've somehow lost about 3,400 ballots. But they don't seem to be saying they physically lost the ballots -- they're saying that the optical scan machines, provided by Sequoia Voting Systems (no stranger to e-voting counting problems) count the ballots differently when the same ballots are run through different machines. In trying to explain how come a "recount" showed 3,400 fewer ballots than the original count, a county official explained:
The seven high-speed tabulating machines used in the recount are much more "unforgiving" than those that process votes on election day
Does that not seem highly problematic to people? Isn't part of the point of these optical scan machines that they'll count the ballots consistently? If everyone seems to admit that there's an element of near total randomness (chalked up to how "unforgiving" the machines are) in these machines, isn't that reason enough to question their usage at all? As for the election in question, it appears that officials have decided to throw up their hands at the controversy and certify the election, despite the fact that this "unforgiving" recount changed the results of the election. Update: Well, now officials are claiming that it wasn't a technology problem but that they simply didn't feed ballots into the machine. That's not particularly comforting either -- and it's still troublesome that they would suggest that machines would count the votes differently in the first place.
Thad Hall, a political scientist at Caltech, complains that e-voting critics rarely make apples-to-apples comparisons between electronic and paper voting systems. They contend that if traditional paper voting systems were subjected to the same kind of close scrutiny that e-voting endures, security experts would find flaws—ballot tampering, ballot box stuffing, and so forth—at least as serious as the problems commonly identified in touch-screen voting machines. Rice computer scientist Dan Wallach responds by pointing to a new paper he's written proposing an elegant way to think about the security of voting systems. Computer scientists use "big-O" notation to describe the complexity of algorithms. He suggests a similar terminology to describe the effort required to compromise voting systems as a function of the size of the election. A security flaw that can be compromised with an effort proportional to the number of voters N is said to be a O(N) flaw. A flaw that can be exploited with an effort proportional to the number of polling places is an O(P) flaw. A flaw that can be exploited with a constant amount of effort, regardless of the number of voters, is an O(1) flaw.
The last kind of attack is the most dangerous because it's feasible for a small number of people—perhaps even a single individual—to do a lot of damage. The reason paper-based elections tend to be better than touch-screen elections isn't that the former don't have flaws. The difference is that attacks against paper-based voting systems are far more likely to be O(N) or O(P)—that is, you have to tamper with a lot of ballots or corrupt a lot of poll workers. In contrast, because they contain re-programmable computers at their hearts, touch-screen voting systems are far more susceptible to O(1) attacks such as a custom-developed virus or a corrupt employee at the e-voting vendor. Because they allow a single individual to do extensive damage, they're much more dangerous than other kinds of attacks, even if carrying them out takes relatively more skill or effort than other attacks with O(P) or O(N) cost. The reason to prefer paper-based voting to touch-screen voting isn't that paper voting is flawless, but that the attacks against them are labor-intensive enough that it's difficult to carry out large-scale attacks without getting caught.
