FROM:

Teresa Hommel

Chair, Task Force on Election Integrity, Community Church of New York

 

TO:

New York State Board of Elections

40 Steuben Street

Albany, NY 12207-2108

 

Comment on Draft Voting Systems Standards

Section 6209.2 Polling Place Voting System Requirements

 

--------------------------------------------------------------------------------------------------------

 

SBOE DRAFT

A.

(2) Provide a device which produces and retains a voter-verifiable permanent paper

record, pursuant to statute, which the voter can review and/or correct prior to the casting

of their vote.

 

NYC BOE RESPONSE

A.

(2) Provide a mechanism that retains a voter-verifiable permanent paper record, pursuant to statute,

which the voter can review and if necessary change his or her ballot prior to the casting

of the ballot.

 

HOMMEL SUGGESTED REPLACEMENT

A.

(2) If a DRE voting system, provide a device which produces and retains a voter-verifiable permanent paper record, pursuant to statute, which the voter can review and/or correct prior to the casting of their vote. If an Optical Scan voting system, provide a ballot box that retains the voter-marked paper ballot after it has been accepted by the optical scanner.

 

REASON

A voter-marked paper ballot, once cast, is the voter’s legal ballot. When a voter uses a DRE, the

voter verifiable permanent paper record is not their legal ballot unless 100% of the VVPPR are

counted pursuant to statute. A cast voter-marked paper ballot and a VVPPR are not the same thing.

 

--------------------------------------------------------------------------------------------------------

 

SBOE DRAFT

A.

(3) Provide a device or means by which the votes cast on the machine can be

printed or recorded or visually reviewed after the polls are closed.

 

NYC BOE RESPONSE

A.

(3) Provide a device or means by which the votes cast and the total cumulative values on the

Election Day Tabulation Equipment can be printed, recorded, visually reviewed and reported after the polls are closed.

 

HOMMEL SUGGESTED REPLACEMENT

A.

(3) If a DRE voting system, provide a device or means by which the votes cast and the total cumulative values on the Election Day Tabulation Equipment can be printed, recorded on a removable memory device, visually reviewed and reported after the polls are closed. If an Optical Scan voting system, provide a device or means by which the total cumulative values on the Election Day Tabulation Equipment can be printed, recorded on a removable memory device, visually reviewed and reported after the polls are closed.

 

REASON

With DREs, the legal votes cast are inside the computer and may need to be printed from computer

memory. With Optical Scan voting systems, the legal votes cast are already on paper.

 

--------------------------------------------------------------------------------------------------------

 

SBOE DRAFT

A.

(4) Provide a battery power source in the event that the electric supply used to make

the voting system equipment function if disrupted. Such batteries must be rechargeable

and have minimum five-year life when used under normal conditions.

 

NYC BOE RESPONSE

A.

(4) Provide a battery powered source in the event that the electric supply used to make

the voting system equipment function if disrupted. Such batteries must be rechargeable

and have minimum five- year life. They must run the voting system and display for 17 hours

and store cast ballots for up to 7 days without loss or corruption.

 

HOMMEL SUGGESTED REPLACEMENT

A.

(4) Provide a battery powered source in the event that the electric supply used to make

the voting system equipment function is disrupted. Such batteries must be rechargeable

and have minimum five-year life. They must run the voting system and display for 17 hours

and store cast ballots for up to 7 days without loss or corruption.

 

REASON

Typo "if" replaced by "is"

 

--------------------------------------------------------------------------------------------------------

 

SBOE DRAFT

A.

(5) The system shall contain software and hardware required to perform a diagnostic

test of system status, and a means of simulating the random selection of candidates and

casting of ballots in quantities sufficient to demonstrate that the system is fully operational

and that all voting positions are operable.

 

NYC BOE RESPONSE

A.

(5) The system shall contain software and hardware required to perform (1) a diagnostic

test of system status, and (2) a means of simulating the random selection of votes in quantities

sufficient to demonstrate that the system is fully operational and that all voting positions are operable.

 

HOMMEL SUGGESTED REPLACEMENT

A.

(5) The system shall contain software and hardware required to perform a diagnostic

test of system status.

 

(5a) The system shall contain a means of simulating the random selection of candidates and

casting of ballots in quantities sufficient to generate test printouts of votes, tallies, and

election day Activity Logs to demonstrate that such printouts appear correctly formatted.

 

REASON

No software simulation can demonstrate that an interactive computer system is "fully operational"

or that voting positions on a touchscreen or pushbutton DRE are operational. To demonstrate this requires votes entered by humans using touch pressure on the touch screen or pushbuttons, use of accessible devices, use of the printer, and viewing of the ballot in minority languages.

 

--------------------------------------------------------------------------------------------------------

 

NYC BOE RESPONSE

A.

(8) If the systems within a poll site are linked to a local area network, the network must be secured

from non-authorized attachments. The network must not be continuously connected to a wide area

network (i.e. public Internet), but may connect over a secure connection temporarily for reporting or diagnostic purposes. Any such connection must be recorded in the activity log. If diagnostics are

performed or updates run, that information must be entered into the maintenance log.

 

HOMMEL SUGGESTED REPLACEMENT

A.

(8) No part or component of any voting system shall contain or have communications capability of any kind.

 

HOMMEL SUGGESTED ADDITION TO Section 6209.1 Definitions

 

Input/output capability means any hardware device or any programming for such device, whether software, firmware or any other type, that enables transfer of information from one part of a computer to another part of the same computer, such as a disk drive, keyboard, mouse, display screen, printer, diskette drive, CD drive, PCMCIA drive, USB port for flash memory device, or a slot for a memory card.

 

Communications capability means any hardware device or any programming for such device, whether software, firmware or any other type, that enables transfer of information between computers, such as Local Area Networks (LANs), modems for telephone lines, powerline communications, or devices for other wired or wireless connectivity between computer systems.

 

REASON

 

Communications capability allows tampering to occur via remote access to systems at any time that the system is on -- before, during and after elections. Such tampering is nearly impossible to detect and prevent, as shown by the constant break-ins to the most secure computer installations in the world, those of the financial industry and the US Department of Defense.

 

"Input/output" and "communications" are two different things.

 

Some vendors have designed their systems to "require" communications capability in order to accomplish simple tasks for which simple input/output devices can be used for less cost and without incurring unmanageable security risks. One example is the transfer ballot programming from one unit of equipment to another, and another is the transfer of end-of-election-day tallies and other information from poll sites to the central County Board.

 

Such designs are as inappropriate as a bank vault without a lock. If a bank said that they had to buy vaults without locks because that’s the way the vendor designed them, no one would accept that rationale and people would suspect that something dishonest was going on..

 

The State Board and County Boards have no way of controlling the security of communications capability in electronic voting systems, and appear ignorant of the technology and its risks.

 

Vendors must be required to install common input/output devices in their equipment so that transfer of ballot programming can be done via diskette, CD, flash memory device (also known as a "memory stick"), or PCMCIA card.

 

The Election Reform and Modernization Act prohibits wireless and internet communications.

 

44    S 6. Section 7-202 of the election law is REPEALED and a  new  section

45  7-202 is added to read as follows:                                   

46    S  7-202.  VOTING  MACHINE  OR  SYSTEM;  REQUIREMENTS  OF.

...

24    T.  NOT  INCLUDE  ANY  DEVICE  OR FUNCTIONALITY POTENTIALLY CAPABLE OF

25  EXTERNALLY TRANSMITTING OR RECEIVING DATA VIA THE INTERNET OR VIA  RADIO

26  WAVES OR VIA OTHER WIRELESS MEANS.

                                 

--------------------------------------------------------------------------------------------------------

 

NYC BOE RESPONSE

(9) The Election Day Tabulation Equipment must be so constructed as to permit a poll worker to

activate the correct ballot.

 

HOMMEL SUGGESTED REPLACEMENT

(9) If part of a DRE, the Election Day Tabulation Equipment must be so constructed as to permit a poll worker to activate the correct ballot.

 

REASON

With Optical Scanners a poll worker gives each voter the correct ballot.