Commentary on A8847-A

The Voting Systems Standards Act of 2004

 

Below is a list of considerations that would have to be included in the Voting Systems Standards Act of 2004, submitted by Assemblyman Wright, to try to get security the hard way -- without a complete audit of a computerized election.

 

1. OPEN INFORMATION

The following must be openly available for public examination by being posted on our state Board of Elections website for viewing and downloading.

----Certification reports from Independent Testing Authorities.

----All software used in electronic voting and ballot tabulation equipment. (Software that is freely available is called "open source.")

Additional information on certification reports:
Who Tests Voting Machines? New York Times Opinion, May 30, 2004.
"[T]here is, to begin with, a stunning lack of transparency surrounding this process. Voters have a right to know how voting machine testing is done."
Lax controls over e-voting testing labs , Election Officials Rely on Private Firms, by Elise Ackerman, Mercury News, May 30, 2004.
Excerpts from the Interview with MicroVote Executives by the I-Team 8:
Bill Carson: Unfortunately the ITA (independent testing authority) has a limited scope in what they can test and check on the system. . . based on time and economics. For an independent test authority to absolutely, thoroughly test under all possible conditions that the device will operate properly they would have to spend, in my estimation, 10 times the amount of time and money as it took to develop it in the first place. . . . .
I-Team: So what do ITAs not test?
Carson: (Picks up electrical cord.) UL says that this will not shock you and it will not catch fire. They don't tell you that it actually works. That's beyond the scope of UL testing. Absolutely nothing will you see in the FEC requirements that this (puts hand on DRE voting machine) has to work. It has to have these functions. But it doesn't have to work.
I-Team: What about state certification testing?
Ries Jr.: . . . The states basically look at the federal qualification testing as being kind of the ultimate testing ground. . . .

Additional information on open source software:
http://bcn.boulder.co.us/~neal/elections/disclosure.html
http://www.wheresthepaper.org/May24OpenSource.htm
Australia has used open source software in their election systems.
A Really Open Election by Clive Thompson, New York Times, May 30, 2004:
"[I]s the counting of votes -- a fundamental of democracy -- something you want to take on faith? No, this problem requires a more definitive solution: ending the secrecy around the machines.
"First off, the government should ditch the private-sector software makers. Then it should hire a crack team of programmers to write new code. Then -- and this is the crucial part -- it should put the source code online publicly, where anyone can critique or debug it. This honors the genius of the open-source movement. If you show something to a large enough group of critics, they'll notice (and find a way to remove) almost any possible flaw. If tens of thousands of programmers are scrutinizing the country's voting software, it's highly unlikely a serious bug will go uncaught."

2. COMMUNICATION DEVICES

Ban wireless communication devices in voting and tabulating equipment. Such devices allow a person anywhere in the world to access and modify the software, ballots, and tallies in the voting and tabulating equipment.

3. CITIZEN'S ADVISORY COMMITTEE

Require inclusion of independent computer professionals, computer scientists, auditors, and CPAs. These people would evaluate the computers, and also all procedures for their use--storage, programming, ballot preparation and programming, logic and accuracy testing, inspection of the font files for foreign language ballots (because corrupt programming has been found in these files), transportation to and from the polling sites, security before and after the election as well as during it, transportation of polling site results to the central tabulating location, tabulation of results, manual audit of the tabulation, etc.

4. RECOUNTS

a. No voter should be so gullible that he would hand over his marked paper ballot to someone he doesn't know who promises to put it in the ballot box for him -- in another room where he can't observe it. No voter would want our paper ballots to be counted in secret, behind locked doors. Yet this is what we are doing when we consign our votes to electronic ballots that we cannot observe, to be counted by an electronic procedure that we cannot observe. For this reason the voter-verified paper ballot should be considered the official ballot of record, and the electronic ballot and tally should be considered a verification mechanism. The voter-verified paper ballot should be secured and counted the same as other paper ballots (absentee, provisional, and emergency ballots).

The electronic ballot and tally can be used to reconcile the election process. If the number of paper and electronic ballots differ, an investigation must show whether there has been ballot-box stuffing, theft of ballots, or computer errors. If the vote tallies differ, an investigation must show whether the human or electronic counts were wrong.

All professional computer installations reconcile their record-keeping on a continuous basis, BECAUSE this is the only way to get accurate results. (Computers give us speed, but independent audits give us accuracy.) If we do not have the time, patience, expertise, or other resources to perform a complete, professional quality end-of-election-day reconciliation, then we shouldn't use computers in our elections. This is simply because it is inappropriate in a democracy to consign our votes and vote-counting to an unobservable process conducted by anonymous individuals who have provided us with a computer.

b. Paper ballots must be printed and available for use in case of electronic voting system failures.

c. The law must specify standards, procedures, and time-frames to guarantee voters and/or candidates the right to petition for and obtain manual recounts before certification of the winner of an election.

----The most common legal basis for recounts has been a "close election" where the margin of victory is very small. This standard is appropriate for elections with paper ballots, punch cards, or mechanical lever machines. With these technologies, corrupting the ballots and tallies requires a lot of people in a lot of polling places, etc. For electronic elections, an insider, hacker, or programming error can cause the votes per candidate to be anything, and the margin of victory to be as large as someone wishes. The size of the margin of victory can not be used to indicate accuracy or integrity of the election.

----The manipulation of pre-election polls and exit polls, and the falsified reporting of them in the major media, that occurred around our Nov. 2 election tells us not to rely on the difference between polls and election outcomes to indicate whether there has been computer hacking or errors.

----Tiny e-vote errors can change the election outcomes. Altering a single vote per e-vote machine would have changed the electoral college outcome of the 2000 election. Changing two votes per machine would have flipped the results for four states. Communications of the ACM, Vol. 47, Issue 10, October 2004. In other words, you can control the outcome of an election with a few votes here and there. Experienced crooks typically take advantage of this to hide their work. Only inexperienced newcomers would use larger than necessary vote shifts.

d. The law must allow voters to request and vote on a paper ballot on election day when malfunctions of electronic equipment are observed. Poll workers must be required to remove the electronic equipment from service and provide paper ballots to voters.

e. We are New Yorkers for Verified Voting believes that a 100% complete audit is necessary to confirm the integrity of an election run with computerized voting systems. The following considerations only apply where, in spite of the universally-accepted professional practice of complete audits, the state requires nothing more than partial audits of elections.

i. If the recount of one machine shows inaccuracies, all machines of the same manufacturer and model must be recounted

ii. If surprise random recounts of a fixed percentage of precincts are to be made using voter-verified paper ballots:

----Select precincts for recount via random selection techniques comparable to those used in state lotteries.

---Conduct the random selection of precincts in open session, with press and public invited

---Announce the schedule for the random selection and the recount a specified number of days in advance

iii. In addition to surprise random recounts, after each election each political party on the ballot should be allowed to designate precincts of their choice for recount. For example, each party might be allowed to designate one-half of one percent of precincts to be recounted.

f. All audits and recounts must be open to observation by the public and press.

5. VENDOR ACCOUNTABILITY

Penalties should be imposed if:

a. Vendors sell certified systems but deliver different, uncertified systems.

b. Vendor technicians fail to report in advance any change to voting systems, including hardware, software, or other parts.

c. Vendor technicians fail to get certification or evaluation for security purposes in advance of making changes.

d. Vendor's equipment fails or malfunctions repeatedly during elections, placing unanticipated financial burdens on the Board of Elections and the State or community.

6. COMPUTER TRAINING FOR BOARDS OF ELECTION

Prior to initial evaluation, acquisition, and use of computerized voting systems, Board of Election management and staff must be required to take training in handling technical aspects of the computerized equipment and management of secure computer systems, and to achieve a reasonable level of competence comparable to that required in business or industry. Ongoing training must be required to handle new security risks, and for new staff.

Adequate funding for this training must be mandated and disbursed in a timely manner.