Iowa Voters

Iowa has only dipped its toe into the vortex of email voting. Other states are diving in because it sounds so convenient. They should step back if they want their ballots to be secure.

Here’s computer security expert David Jefferson, writing two weeks ago:

I am very concerned about the widespread push toward Internet voting in the U.S., of which email voting is just one kind. Neither the Internet itself, nor voters’ computers, nor the email vote collection servers are secure against any of a hundred different cyber attacks that might be launched by anyone in the world from a self-aggrandizing loner to a foreign intelligence agency. Such an attack might allow automated and undetectable modification or loss of any or all of the votes transmitted.

While all Internet voting systems are vulnerable to such attacks and thus should be unacceptable to anyone, email voting is by far the worst Internet voting choice from a national security point of view since it is the easiest to attack in the largest number of different ways.

Jefferson goes on to list some of the pitfalls beginning with lack of privacy. Iowa allows return of ballots by email only for people in war zones. We require the voter to acknowledge in writing that he understands his ballot is no longer secret.

But Jefferson goes on to list more pitfalls Iowa is not acknowledging: Vote manipulation while in transit, malware being attached to the email ballot, server attacks, denial of service attacks, etc.

He is not expecting things to get more secure in the future:

These facts will not change: These vulnerabilities are facts about email voting. They are fundamentally built in to the architecture of email, of the Internet itself, and of the PCs and mobile devices that people vote from, and are not going to change for as far ahead into the future as anyone can see. Anyone’s security claims to the contrary should be treated with extreme skepticism. No amount of encryption (even if it were used for some parts of the voting infrastructure), no amount of firewalling, no use of strong passwords or two factor authentication, no amount of voter signature checking, and no other security tricks of the trade are sufficient to materially change these facts.

All the same problems apply to ballots returned by FAX, Jefferson says.

Iowa Secretary of State Matt Schultz is warning about unauthorized voting. He claims–without evidence–that Iowa should fear impersonators at the polling place. He thinks he can prevent this by requiring voters to produce photo ID cards. He says this will make our elections more secure.

If this is not just a voter suppression scheme, if he really worries about secure voting, he should hold the line against email voting.

cross-posted at Bleeding Heartland.

The Iowa Secretary of State is fixing to scare off a group of criminals who must be insanely smart. These folks commit their crimes in front of numerous witnesses. They always offer a handwriting sample first. They never get caught. They are so sly, people never even know the crime occurred.

They are Iowa’s fraudulent voters.

Deputy of Elections Mary Mosiman was on the radio Monday warning about this crime. She was pinch-hitting for Secretary Schultz, who yanked himself at the very last moment. Was Schultz too embarrassed to finger these elusive voters with Mosiman’s evidence? Listen to her case:

“If they did want to commit fraud, they could go in as somebody else, they could vote. They would be long gone before anybody knew about it, assuming that person that was really the voter did not come in. We still wouldn’t know because when that actual person came in, the person who committed the fraud so to speak would be gone.”

Yes, unlike dumb criminals, these people leave the scene after they commit their crimes. When asked for actual instances of this crime Mosiman repeated herself:

“Personally, I can say, that if it did occur, we would never know because the person who committed that crime is long gone. Have there been any instances that have been caught and prosecuted? None that I am aware of.”

In other words, “It never happens.” If it had, the Deputy of Elections would be able to cite places and dates rather than baseless fears.

Just consider the risks these criminals take:

*They cannot impersonate a deceased voter because those names are regularly removed from the rolls.

*They cannot impersonate an inactive voter, because inactive voters already must show an ID.

*They cannot impersonate someone who has already voted, because that is a dead giveaway!

*They cannot impersonate someone who shows up later because their signature forgery would be strong evidence against them. (Plus the number of times it has happened would become known by the number of alleged forgeries. So far that number is at zero, even according to Mosiman.)

They must impersonate an active voter who does not actually show up later to vote. It must be one who would not be recognized by any poll worker or poll watcher. See how smart these criminals are! How do they do it?

Never mind that question. Secretary Schultz wants an ID law!

The Iowa county auditors saw this coming in November when Schultz rode the wave into office. They formed a study group and prepared to write a report. They even visited other states to hear in person from other election officials who also contend with these smart criminal voters.

Never mind that report. House Republicans wrote a voter ID bill and passed it without waiting for the auditors to report. Damn the facts, full speed ahead.

The bill was so bad the auditors voted to oppose it.

On the radio Mosiman admitted that she had once advised Schultz the ID cards were not needed. Now she covers for him, saying she is “hearing” new talk without saying if was factual, fanciful, or irrational talk.

Even if those these criminals are so smart that they always escape—so smart that we aren’t even sure they exist—in another way they are insane. Consider this:

. . .why would any sane person risk going to prison to influence an election by one vote? It is all the more implausible to imagine an army of impersonators coordinating their efforts on a scale that could affect an election, let alone doing so without being detected. That is why the election fraud that’s actually been tried involves ballot-box stuffing or bulk submitting of absentee ballots—schemes that allow a few people to roll up a lot of fraudulent votes. A photo-ID requirement does nothing to prevent those real shenanigans

So what is really going on here? Do Schultz and his Republican allies really fear these imaginary criminals? Or do they see a way to shrink the electorate? Could they maybe shrink it enough someday to get back to just letting white property owners vote? Maybe so.

cross-posted at Bleeding Heartland.

New York still uses mechanical lever voting machines such as Iowa once used. They are the only state still doing so. Attorney Andrea Novick and NY writer Ruth Wahtera each have blogs that make the case for levers over scanners. Novick has researched NY case law and believes that spot checks of ballots (known loosely as “audits”) after election night violate NY constitutional law. I’ve linked these blogs on the blogroll on the right side of this page, and here they are:
Re-Media Election Transparency Coalition

Save NY’s Lever Voting Machines

After reading some of Novick’s work I came to understand the Iowa law that seals up our ballots on election night and prohibits anyone from examining them until the day they are burned. New York has such a law. It is intended to prevent fraudulant recounts. New York assumed that once the ballots leave the polling place their custody is no longer secure and they can be altered or more can be stuffed into the box or some could fall out of the box, etc. So NO RECOUNTS are allowed in New York.

Of course this law assumed that the election night count was not made by concealed software which hardly anyone present could understand or verify. Perhaps Iowa law had assumed the same thing. Nowadays we have electronic vote counting by anonymous programmers. The election night count cannot be accepted at face value.

I’m getting nostalgic for lever machines. Plus I hear they last for 100 years.

It’s just like the federal Election Assistance Commission (created by HAVA) to keep quiet about the bad news, so don’t be surprised at this story. They were warned last month about the dangers of computerized vote counts, but they kept the warning out of the press until McClatchy broke the story this week.

The warning came from the CIA. An agent said some provocative things such as

“I follow the vote. And wherever the vote becomes an electron and touches a computer, that’s an opportunity for a malicious actor potentially to . . . make bad things happen.”

He also alleged that two highly publicized 2004 elections had seen electronic tampering–Venezuela and Ukraine. Lots of Americans think Ohio should be added to that list of fishy 2004 elections.

Secret Agent guy says opportunities abound when computers are used at the polls:

Stigall told the Election Assistance Commission, a tiny agency that Congress created in 2002 to modernize U.S. voting, that computerized electoral systems can be manipulated at five stages, from altering voter registration lists to posting results.

Internet voting was also panned by Stigall. We have all the bad stuff right here in the USA: internet balloting, computerized counting (in Iowa yet!), paperless voting machines, wireless connections, and motivated politicians, I’m sure. I wouldn’t even trust the CIA.

The University of Iowa’s professor Doug Jones, a world leader in voting machine oversight, has today described the Diebold voting machine audit logs as “just totally nuts.” Diebold machines count most of the votes in Iowa elections. The audit logs are supposed to reveal what the machine has been doing as it proceeds through the stages of ballot reading and counting.

Audit logs came under scrutiny in Humboldt County, California when a public auditing process discovered that votes had not been counted in the official results. Those official totals had come from Diebold (now hiding behind the name Premier) vote counting software. Wired.com interviewed Jones, who said

“These audit logs could give us some assurances [about an election] if they were genuinely designed so that a casual bystander could look at them and understand them,” says Doug Jones, a University of Iowa computer scientist and former chairman of a board that examines and approves voting machines for use in Iowa. “[But] having them cryptic and obscure destroys the value in terms of election transparency.”

So it seems that Diebold logs don’t tell everything that happened in the correct order, as we all thought a log was supposed to do. Wired’s “Threat Level” reporter Kim Zetter goes on–

The audit logs appear to record only limited types of events on the system and provide no comprehensive record that tracks every event performed by an election official.

Premier didn’t respond to a query from Threat Level about the logs. But Jones said the Premier/Diebold system, as far as he knows, provides no single log file that chronologically lists all events in the life of an election.

Instead, he says, the system keeps “lots and lots of different logs” that appear to have been “independently designed by people who didn’t talk to each other” and that are incomprehensible to anyone except the vendor. He assumes Premier has documentation explaining how to interpret the logs, but says if it does, the company doesn’t share that information with election officials, making independent audits of a voting system difficult if not impossible.

So . . .lots of logs . . .don’t talk to each other . . .need documentation to interpret the logs . . .but WAIT—

“From the point of view of actually doing any forensics, it’s a mess,” Jones said. “Because you have to understand what all of the logs are saying, and all of the documentation to understand what they’re saying are not public documents. I find that truly reprehensible. The idea that you can have this inscrutable document, but that you can’t have any document to understand that document, is just totally nuts.”

I know that Iowa auditors are conferring with the Secretary of State about a weak audit bill for the current legislature to consider. “It will be better than nothing,” I was told. Given the “threat level,” I think that is a pretty low standard for a state that wants to be First in the Nation again in 2012. Having fallen for Diebold’s disasterous devices despite Jones’s best efforts to protect Iowa, we need a strong audit bill. States from Maine to California (literally) are pushing past us.

cross posted at BleedingHeartland. You can comment there, too.

(Update Below)

This fall the registrar of Humboldt county, California allowed local citizens to post all the ballots on the internet after the election. This was an audacious and innovative project. And guess what? This audit uncovered two counting errors, one of which traces directly to the secret software Diebold used to count the paper ballots and has made national news among election officials.

Meanwhile the local newspaper has praised the publication of the ballots in today’s editorial, noting that

To make this perfectly clear, if the transparency project were not around, the vote of Humboldt County’s voters would have been inaccurately tabulated.

This was not a recount in the wake of a close election. No one suspected these errors. The “logic and accuracy tests” upon which all county officials hang their hats had not prevented these errors. As the editorialists observe:

What better way to make sure vote counts are accurate than to make it possible for anyone and everyone across the state to conduct their own recounts, whenever and however they choose? It smells like democracy.

Iowa ballots get hidden away after the election. No one is supposed to look at them while they wait to be destroyed months later. We are light years behind this California county.

UPDATE:
Here’s the site where you can see the ballots:
http://hum.dreamhosters.com/etp/

Further details (h/t Mitch)
http://www.humtp.com
http://democracycounts.blogspot.com
http://www.mitchtrachtenberg.com/Nov2008
http://www.mitchtrachtenberg.com/ourvotes.html
http://www.tevsystems.com/press.html (for more links)

Voting machines in Black Hawk County have apparently counted ballots that don’t exist. This was discovered Wednesday during a recount in the close race between Representative Jeff Danielson and challenger Walt Rogers. Seven ballots are missing. According to the WCFCourier the recount shaved votes from both candidates.

The county conducted an honest-to-goodness hand recount of paper ballots. The recount occurred because precinct pollworkers had suspected a miscount on election night. County Auditor Grant Veeder organized an investigation, laying ballots in piles and counting them twice.

Veeder says “We are still doing some checking” in an effort to explain this anomaly.

Iowa took a giant step forward in this election by doing without touchscreen voting machines. We still need to take the next step. We need post election audits during which actual cast ballots are counted by hand and compared to the machine that already counted them. In the Black Hawk case the machine looks to have failed.

Hal, the 2001, A Space Odyssey computer with a mind of its own, is apparently lurking in some ES & S voting machines in Arkansas. They took votes from one race, assigned them to a candidate in another race and produced the wrong winner.

Worse than that: they reassigned the votes to a race that had been omitted from the ballot!

Here’s the deal. The touchscreens were programmed erroneously such that one race had been omitted. It would not appear on the screen, so voters could not vote in that race. The county noted the error and compensated by using regular old paper ballots for the one missing race.

When the election was over the touchscreens reported their votes. They claimed to have votes for the race that never appeared on the screen. Enough extra votes to make the loser into the winner. Thanks, Hal!

Luckily these errant computers produced a paper trail. Close comparison of the paper to the touchscreen totals showed no votes for the missing race on the paper trail since no one had been able to vote in that race. However, the total in a different race was low compared to the number of plainly visible paper trail votes. The two discrepancies were–voila–the same amount! When the votes were reassigned back where they belonged, the correct winner was restored to both races.

Aren’t you glad Iowa is getting rid of its touchscreens?

Those candidates looking for a recount in Iowa’s primary had better be on their toes when they go looking for possible errors in the count. There are many ways to get the wrong totals.

The 2004 campaign to purge voters from the roles in Florida has moved to Missouri. It has already been successful in Arizona and Indiana. See this tale with photo from Digby.

Several times over the next few weeks HBO will show the 2006 movie “Hacking Democracy,” an investigation of voting machines. A little progress has been made to protect democracy from these machines, but the movie’s central questions remain unaddressed: How did Florida’s Volusia County report negative votes for Al Gore in 2000? And how can we defend against miscounted paper ballots when computers do the counting in secret?

We Iowans are patting ourselves on the back, having just dumped our touchscreens. But the legislature failed to take the next step–auditing the paper ballots after the computerized scanners do the initial count. The movie makes clear why this is needed.

This is a vivid and eye-opening film. Although I had read about many of the episodes documented in it, I had not seen it until today. I don’t have HBO, I never bought the DVD and never took the time to watch the nine part YouTube edition which starts here. Luckily for me a friend in Pocahontas taped the HBO showing yesterday and drove it over to my house.

I know some of what has happened since the film was first issued. It hints that the 2004 recount in Ohio was rigged, and indeed two people later got jail terms for their part in rigging it. It recounts several investigations by computer scientists into voting machine computer code, but there have been more investigations since. All of them always produce bad news for the voting machine advocates.

The film shows how some Florida scanners were hacked. The county involved got rid of those machines, but they (Diebold scanners) still dominate in Iowa.

We know what to do. We must count ballots by hand after the computer counts. If the race is close, we must count quite a few of the ballots. If it’s a landslide, we can audit a much smaller number of ballots. But we can’t take the computer’s word for it–ever.

Ask your local election workers at the June primary if they have seen the movie. Ask your favorite candidates if they have seen it. Ask your auditor why no audits are planned. Ask Secretary Mauro, too.

UPDATE: The video below was just getting a good start circulating the internet when the real news told us a major US military contractor has made an unsolicited bid to buy Diebold. United Technologies, makers of Pratt & Whitney jet engines and Sikorsy helicopters now wants to make voting machines, too. Diebold has rejected the offer. Stay tuned and remember Ike’s warning about the military-industrial complex garnering “unwarranted influence” over democracy.
********************

While we wait for our shadowy overlords to write laws to protect us from voting machines, we can imagine what might happen if they don’t get it done:

If the store clerk says your lottery ticket was not a winner, should you just shrug and walk away? If the paperless voting machine says your campaign for office was not a winner, should you concede the election?

What’s the difference between these two events?

We now know some Canadian store clerks claimed winning lottery tickets for themselves after telling customers the tickets were worthless. That’s pretty much what happened in the election in Sarasota, Florida in 2006. Some paperless voting machines told candidate Jennings that there were not many votes on the machine for her. In fact, she probably was the real winner of the election.

Iowa’s solution is to create a better paper trail for the lottery tickets. Make customers sign their tickets before the clerk gets them. That signature prevents the clerk from claiming the winnings after mis-informing the client that the ticket was “worthless.” The clerk can’t very well turn in “his” winning ticket if it has someone else’s signature on it.

Always have a paper trail, in lotteries and in elections.

Tonight MoveOn.org is not practicing what it preaches. The lobby group has advocated paper trails for voting machines, but it is now conducting an apparently unverifiable poll via the internet, deciding which Democrat should be endorsed for the White House.

Actions speak louder than words. Shame on MoveOn. How will the supporters of the losing candidate know this vote was fairly conducted? Why did that link appear to work both times when people tried to vote twice? My two votes occurred hours apart, but MoveOn sent me thank you confirmations each time!

Media-savvy Sean Flaherty of Iowans for Voting Integrity took advantage of the slow pace of holiday news to get some airtime on Iowa Public Radio. He warned Iowans about those ES & S touchscreen voting gadgets that caused trouble in Saturday’s South Carolina primary. Several Iowa counties use the same touchscreens, notably Sean’s own Johnson County, as well as Keokuk, Newton, Clinton, Estherville. (complete list here. Look for “iVotronic” in the right hand column.)

It seems the election workers in one South Carolina county failed to get through all 999 steps when they prepared the touchscreens for the primary voting. As a result, most of the county’s gadgets would not work when the polls opened. Voters had to wait or give up and go away.

Irony abounds. Sean and others had written all the Presidential campaigns earlier to warn them about Carolina’s wondrous paperless touchscreens. He feared a contentious result (similar to what already happened in New Hampshire) could not be resolved without a paper record of the vote. He neglected to point out to the candidates that the damn gadgets might prevent voting altogether–at least until the tech support crew arrived at the various polls with their fire hoses.

Though John McCain considered seeking a court order to keep the affected polls open past the regular closing time, most news coverage and most candidates pretended nothing happened. Just another messy election.

Is there any Hope? Yes, pencils don’t need much preparation. Audits can catch mistakes. Sean comforted his listeners by saying our home state was looking into it. The Experienced Mauro is on the case. We had our close call already. Time to fix the system. Hope and Experience together can do it.

Happy MLK birthday.

Sean Flaherty, co-chair of Iowans for Voting Integrity, led off the primary election season with a fifteen minute interview on Iowa Public Radio’s Midday show on Tuesday.

He cited the many studies of voting machines that have found so many flaws, and emphasized that the main critics are computer scientists.

Flaherty concludes by arguing that final voting figures must be verifiable without relying on sofware. That means any electronically counted ballots must be audited. Audit laws are gaining ground in many states, notably in New Jersey.

Who would have ever thought that we might look to New Jersey for ways to improve Iowa’s election administration?

The interview begins two minutes and thirty seconds into the podcast.