Teresa Hommel





New York Should Not Acquire or Use Electronic Voting Systems




Table of Contents

A. Requirements for legitimate, democratic elections.

B. How can computers serve the requirements for legitimate, democratic elections?

C. What is an audit?

D. Problems with surprise random recounts.

E. When technicians handle systems for non-technical staff, this opens the door to fraud.

F. Other problems with electronic voting and vote tabulating systems.

G. Voters with disabilities.

H. Why the alternatives are better: Lever machines, Paper ballots and optical scanners.

I. Computerized elections are a political problem.

J.  Best sources of news and information.



A. Requirements for legitimate, democratic elections.


When election procedures are concealed from public view, errors and fraud can occur. The use of computers makes elections vulnerable to fraud in new and profound ways compared to older technologies, and therefore if computers are used the law must require appropriate security.


Vote-recording and vote-counting must be directly observed by citizens as a routine matter. Participation in the conduct of elections, observation, and verification of outcomes should not require expertise in computers or other technical disciplines. Election outcomes must be easily verifiable without technological or legal obstacles.


Elections should be about voters selecting our public servants, not about computers and technology. Elections should not require citizens to trust the word of technologists that computerized procedures were appropriate and computer-generated outcomes accurate, or force citizens and candidates to try to prove irregularities with circumstantial evidence (such as disparity between exit polls and announced outcomes) because of technological or legal barriers to direct observation of ballot recording and vote counting, or barriers to obtaining or viewing documents from Boards of Elections.



B. How can computers serve the requirements for legitimate, democratic elections?


People cannot observe what a computer is doing in its internal memory. This is a problem if computers are used to record and/or count votes.


To solve the problem, Dr. Rebecca Mercuri developed the concept of voter-verified paper audit trails or VVPAT.[1] The proper use of VVPAT converts both vote-recording and vote-counting to paper-based procedures, which enables people to observe.


1. Problem: A voter can't tell if his or her ballot is being correctly recorded in computer memory.


Solution: During the election, the voter-verified paper ballot enables each voter to observe that his or her votes are recorded correctly on paper (a permanent, non-electronic material).


2. Problem: No one can observe the computer’s internal tally process or confirm its accuracy.


Solution: After the election, an audit of the VVPAT enables election observers to observe that the votes on paper ballots are tallied correctly, and that any discrepancies between electronic tallies and paper tallies are reconciled.



C. What is an audit?


An audit of an election conducted with electronic voting systems with VVPAT starts with a recount of the voter-verified paper ballots, after which all discrepancies between the computer tally and the VVPAT tally are reconciled.

Dr. Douglas Jones of the University of Iowa and three-time chairman of Iowa's board of voting system examiners, in a recent email, described part of the reconciliation. (Dr. Jones’ web site is  http://www.cs.uiowa.edu/~jones/voting/ )


The electronic record and the printed record are both viewed as fallible and subject to subversion.  A hacker can hack into a computer and corrupt data.  A counterfeiter can print up counterfeit ballots and swap them for the real ones.  We can adopt technical means to defend against either attack, but if we adopt laws that say:


            In the event of a disagreement, the paper dominates.


Then all you need is a good counterfeiter, while if your rules say


             In the event of a disagreement, the electronic copy dominates.


Then, all you need is a good hacker.  The rule I would prefer to see says:


            In the event of a disagreement, an investigation must be initiated in order to

 determine which copy is most likely to be correct...


The rules could go on at length about what other things to examine, such as poll books, event logs, exit polls, and other evidence that could serve to corroborate one or the other copy.


In other words, there should be both an investigation into the conduct of the election (to determine whether there were irregularities by people) AND examination of the computer hardware and  software (to determine whether the computer was hacked or made an error).

One problem is that few if any Boards of Elections have the staff, expertise, or resources to examine or correct their own election software. This would require thorough knowledge of the software used, and yet all major vendors claim that their software must remain a trade secret. Errors found but not corrected would continue to cause problems in later elections.


In the Information Technology world, we recognize that computers provide speed but audits provide accuracy. Companies do complete audits of their computer systems on a continuous basis, because that is the only way to find and correct errors which would otherwise cause customers to take their business elsewhere. Those customers can discover errors through the use of receipts, tracking numbers, invoices, monthly statements, etc.


In elections, because of the secret ballot, there are no comparable ways for voters and candidates to detect errors and fraud. This is why proper use of the VVPAT as described in section B. is needed.


Due to the need for audits of elections run with electronic voting systems, it is clear that computers make the election process more complex, costly, and time-consuming. It would require significantly less effort to fully restore and maintain our lever machines, or to securely guard paper ballots that were marked by hand and to recount such ballots by hand before an audience of observers.



D. Problems with surprise random recounts.


If a surprise random check of a small percentage of transactions could ensure the accuracy of a computer system, no bank or other company would ever spend the time and money to perform a complete audit.


In February, 2004, our NY State Assembly and Senate both passed bills that would require electronic voting systems to provide VVPAT. However, neither bill required an audit or reconciliation of discrepancies. Instead they required 2% and 3% surprise random recounts, respectively, and did not require 100% accuracy.


Assuming 2% recount, problems with this approach include the following.


1. Trust-the-statistician vs. observation. If observers can watch a count of 2% of the ballots cast, then the election has 2% legitimacy.


After the November, 2004, election, discussions about "statistically significant percentages" flooded the internet as experts tried to analyze the numbers, but most citizens are not statisticians.


If only 2% recount is required, and is considered significant, most citizens would be forced to trust the statisticians that 2% is in fact a statistically significant percentage, and would be unable to confirm the math or the theory of statistical significance. In effect, a degree in math or statistics would become the new requirement for voter confidence and election transparency.


Moreover, statistical significance may be an inappropriate consideration. Each different ballot design involves different computer programming for vote recording and vote counting. There is no reason to believe that if ballots are counted correctly in one district, they would be counted correctly in other districts where the ballot design is different, requires different programming, and can generate different errors.


2. Corporate control of vote-counting. With a 2% recount, 98% of vote counting would be in private rather than public hands, raising questions of corporate partisanship, as well as motivation and opportunity for fraud.


3. Some types of computer errors and fraud may not show up in small recounts. These include:


a.       Intermittent errors or fraud triggered by particular combinations of votes and/or particular ballot designs.


b.      Legally "insignificant" vote switches per machine. A recent Yale Study showed that with a single statewide system, centralized manipulation is facilitated and can swing elections with one or two vote switches per machine. This is why, when computers are used, 100% accuracy must be mandated. The study[2] and commentary[3] are attached.


4. Creation of two classes of voters. 2% of voters would cast ballots that were confirmed to be tallied correctly. 98% of voters would cast ballots that were not.


5. Mandate for unverified elections. The requirement for 2% recount puts the burden on candidates and voters to pay for recounts, or to struggle in the courts for the right to verify an election in a timely manner before certification of outcomes.


One trigger for recounts is a “close election,” but this concept is appropriate only to paper ballots and lever machines. With computerized voting, falsified tallies can easily be made to provide any margin of victory.


Another trigger for recounts is disparity between pre-election or exit polls and announced outcomes. In 2004, we saw manipulation of pre-election polls[4], and in November, 2004, we saw that the exit polls as reported in the major media were changed to match the announced tallies.[5]  http://www.buzzflash.com/analysis/04/11/ana04025.html

6. Electronic voting and vote tabulating systems should not be treated as exceptions to professional Information Technology standards, which require 100% audit, 100% accuracy.


100% of computer systems comparable to voting systems are 100% audited, and discrepancies are reconciled to achieve 100% accuracy. The phrase "comparable to voting systems" means computer systems that capture transaction information from the human world into electronic memory  (such as an order to purchase by mail, or a financial transaction).


The idea that 2% recount is sufficient to prove integrity of 100% of computer operations is based on several false premises.


a.       Computers are accurate and secure unless proven otherwise.


b.      If one computer is proven accurate, hundreds of other similar computers are also accurate.

c.       Elections are like a court of law where a piece of technology, or an unobserved procedure, should be assumed accurate until proven inaccurate.


These and other false premises, such as “if the chief election official of a jurisdiction trusts the computers, the computers are trustworthy,” have been used to evade the routine auditing to which all commercial systems are subject.


Computer systems are merely tools created by people, and are always error-prone and vulnerable to manipulation by insiders. 100% audits, including reconciliation of discrepancies to achieve 100% accuracy, have been the only way to achieve accuracy of operation. In the Information Technology world, one common definition of computer security is "the results of normal operation have been proved correct by independent audit."


Most people understand that 100% audits with 100% accuracy are needed to prevent or detect financial fraud, but don't apply this understanding to computer systems used for voting and vote tabulation. Obviously audits are needed in both worlds for the same reason.


If you find an error on your bank statement, and a bank officer says, "our records are never perfect, and we didn't audit your account this month because our random check said we were accurate enough," that would be unacceptable. It should be unacceptable in elections.


One unspoken argument is that elections CANNOT be held to routine Information Technology standards. This idea is based on the unspoken acknowledgement that Boards of Election in real life cannot perform computer audits. They lack not only the intention or will, but the legal mandate, expertise, staff, and funding.



E. When technicians handle systems for non-technical staff, this opens the door to fraud.


The vast majority of election professionals are not computer experts. Once they acquire and begin to use electronic voting systems, they become dependent on vendor technicians to handle the computers. They can’t monitor what's going on because they don't know the technology.


For example, a technician might say, "I better check the files." Who would question that? Or understand the answer if they do ask? Yet a brief unsupervised access to the computer is a large-enough window of opportunity for someone to falsify an election.


Given the public exposure of voting systems, and the fact that in most cases they are overseen by non-technical staff, it would be impossible to control what software is in the computer during the election, or to prevent falsification of electronic ballots and tallies by insiders or technicians.


Large Boards of Elections have computer staffs, but these employees aren't running elections and overseeing the handling of the voting or vote tabulating equipment. Also, these employees may not be security experts.


Two affidavits from Ohio in December, 2004, provide an example. A technician said the computer needed a new battery and took it apart.[6] Dr. Douglas Jones said that the incident may have compromised the statewide recount.[7]  The deputy director of elections said the vendor “ran” the

elections for the county.[8] 



F. Other problems with electronic voting and vote tabulating systems.


1. They don’t work reliably.


Attached is a list of documented failures of electronic voting systems as of Dec. 20, 2004.[9] Only six vendors are represented. There are 22 pages for Sequoia, and these pages are first because many people think Sequoia will be the vendor selected if New York goes to electronic voting.  http://www.votersunite.org/info/messupsbyvendor.asp


Also attached is a paper called “Recurring Themes in Electronic Voting System Failures” which lists and discusses the recurring problems revealed by the documented failures.[10] Only in the field of elections have such repeated computer failures been ignored or tolerated, as well as defended with unfounded assertions such as “The election outcome was not affected” and “the problems were caused by voters (or poll workers, etc).”

For every documented failure we can assume that there were many other failures that went undetected because they would be revealed only by an audit: votes recorded incorrectly, and wrong final tallies. Since no electronic voting system has ever been audited, we can't know how many errors of these kinds have occurred.


2. Federal Certification does NOT mean that a voting system works.


Despite hundreds of documented failures of certified voting systems, some people still believe that certified systems are guaranteed to work -- until they read an interview in which an authoritative person states that certification does not involve comprehensive testing and does not require the system to work.


Federal certification means that “[an electronic voting system] has to have [certain] functions. But it doesn’t have to work."


This candid statement comes from page 2 of the I-Team interview with MicroVote Executives[11] (attached). MicroVote makes electronic voting systems. http://www.wishtv.com/Global/story.asp?S=1647598&nav=0Ra7JXq2


3. Unintended use of uncertified systems.


Another problem is that vendors can deliver or install uncertified versions of their hardware and software. Due to the lack of computer knowledge within Boards of Elections, uncertified systems have been used without anyone noticing until after one or more elections. This has occurred in California, Indiana, and other states. In the absence of an independent audit of the election, there is no remedy other than to run another election. This has not been done. Instead, the public is given the unfounded reassurance that “We are sure that the election outcome was not affected.”


4. Communications devices, Flash memory devices.


Communications devices, especially wireless ones, in voting and vote tabulating equipment should be banned because they enable undetectable modification of all software, ballots, and tallies by individuals in remote locations.


Regular expert inspection of electronic voting systems must be required and funded to ensure that wireless communications devices do not somehow appear. There must be criminal penalties for violation of this ban.


Dr. Mercuri told a story once of inspecting a particular machine. The sales material and the salesman had said there were no communication devices in the voting system. She asked to look inside the machine; the salesman opened it up, and there was a wireless communications device. She said, Oh, I see you have a whatever-it-was. The salesman slammed the unit shut and escorted her to the door.


Communications devices also make the secrecy of the ballot increasingly vulnerable as vendors create “integrated election systems” that verify the identity of the voter, present the correct ballot for their election district, and then record their choices.


Flash memory devices pose another danger. These devices now look like wristwatches, pens, and cigarette lighters, and would be unrecognized by non-technical staff. A technician who is not supervised by knowledgeable staff can copy the entire election software and data, including ballots and tally sheets, etc., in less than a minute. Later the technician can return and restore a modified copy of the software, ballots and tallies. An entire county or state can be affected.


In contrast, imagine someone walking off with all the ballots for a county or state. Everyone would understand what they were seeing.


5. They are easily corrupted.


A person with moderate computer skills can read information that has been on the internet for over a year, and then hack these systems to give falsified election results. The hacks require only brief access. Direct physical access is not needed because hacks can be done over a phone line and modem, a wireless communication device in the voting system, or over the internet.


In September, 2004, in Washington D.C., Bev Harris of BlackBoxVoting.org held a press conference where she demonstrated how to change the votes in a Diebold GEMS central tabulator and in a Sequoia system. http://www.wheresthepaper.org/BBV_GEMSreport.htm  She was dismissed by the major media, but in fact the "Trusted Agent Report" commissioned by the Maryland General Assembly said the same thing in January, 2004, about the Diebold GEMS central tabulator (they used more technical language, and didn’t publicize the exact methods like Bev Harris did):


"Given either physical or remote access ... it is possible to modify the GEMS database ... without detection. Furthermore, system auditing is not configured to detect access to the database."

-- Trusted Agent Report,  http://www.raba.com/press/TA_Report_AccuVote.pdf , page 21


Additional vulnerabilities were found in a study done in Ohio, which discussed Diebold Election Systems, ES&S, Hart InterCivic, and Sequoia Voting Systems. The Ohio Secretary of State's DRE Security Assessment, Volume 1 of November 21, 2003, is a 46-page Summary of Findings and Recommendations produced by InfoSENTRY Services, Inc. http://serform.sos.state.oh.us/sos/hava/files/infosentry1.pdf


The full report is 280 pages. http://www.sos.state.oh.us/sos/hava/files/compuware.pdf


6. Procedures other than auditing cannot ensure election integrity.


A variety of activities can reduce the number of errors and discrepancies than may occur during elections, but these activities cannot ensure election integrity.


a. Hardware and software testing. Such testing, if accompanied by correction of all errors that are found, can reduce discrepancies and computer errors found during an audit. Due to certification requirements and the length of time required for certification, however, such errors are likely to remain uncorrected.


b. Use of open source software. Open source software is software that is posted publicly for technologists worldwide to read. When errors are found they are discussed on the internet and suggestions for correction are made. Again, however, due to certification requirements and the length of time required for certification, such errors are likely to remain uncorrected.


c. Reading and examination of software. If reading and examining software could eliminate errors, no company would ever perform continuous audits. Professor Aviel Rubin, the computer security expert who headed the Johns Hopkins team that wrote the first report revealing the insecurity of Diebold software, has stated publicly that no examination of software of the size and complexity of voting systems can guarantee that the software does not contain fraudulent parts. http://avirubin.com/vote/analysis/index.html


d. Escrow copies of software. The idea of keeping copies of software in escrow has many flaws. First, it assumes that the escrow copy has no errors or backdoors in it. Second, it assumes that if software in an election system is changed once, it cannot be changed back to the original escrowed version. Neither assumption is true. Comparing software escrowed one day to what is in the computer on another day will reveal only very sloppily performed fraud.



G. Voters with disabilities.


1. The "private and independent vote."


The Help America Vote Act requires voters with disabilities to have a private and independent vote. Some accessibility advocates have urged the use of electronic voting systems with accessibility attachments and without voter-verified paper ballots.


Unfortunately, one strategy for disenfranchising voters in 2004 was to focus attention on the experience of voting and to gloss over the question of whether the votes would be counted. This was done with provisional ballots. These were called “placebo ballots” in a report by Demos.

A problem similar to uncounted provisional ballots faces voters with disabilities, for whom the “private and independent vote” cast into an unaudited computer may mean nothing more than a private and independent experience in a voting booth, fiddling with some assistive devices. This is why accessibility within the voting booth needs to be combined with verifiability AND actual verification when computers are used to record and tally the votes.


Moreover, electronic voting systems don’t give anybody a private and independent VOTE.


Every vote cast on a computer is handed over to a large number of anonymous technical people who have been responsible for the system from its initial design, programming, testing, maintenance, storage, programming for the ballot, transportation, and installation in the polling site. And another cast of characters after the election.


A computer is only an instrument created and managed by people.  Every voter using the computer is being assisted by these people, so the vote is not unassisted, private or independent. Without the complete audit, we can’t know if these assistants are recording our ballot choices, or counting our votes, honestly and without mistakes.


Voters who are blind, or have visual impairments, would get accessibility, privacy, and security if they mark paper ballots by using ballot templates like those in use in Rhode Island and in other countries. There are data-to-voice scanners that can read the paper ballot back to the voter through headphones. There are accessible ballot-printing machines, such as Populex, and ballot-marking machines such as the Automark, that can assist voters with a wide variety of disabilities. Their web sites are http://www.populex.com/DPB_Intro.htm   http://www.vogueelection.com/products_automark.html


2. Can all voters use the same voting technology?


Some people have suggested that all voters should use exactly the same voting technology.

This may not be practical or possible, because not all voters require accessibility devices or non-English language displays.


When voters with and without disabilities use what appears to be "the same machine," they are not using the same software.


Voters with disabilities will use accessibility attachments. Internally within the computer, each attachment is managed by a "driver" (software that handles communication between the computer and the specific accessibility attachment) that is different from other drivers (such as those for other accessibility devices, or the touchscreen or buttons used by voters without disabilities). A programmer can easily identify which voters are using each accessibility device. If an insider or technician wishes to switch the votes of blind voters, for example, these voters can be identified because of the devices they would be using.


Voters with non-English languages face similar problems, because each foreign language requires a separate font. A font is a set of graphic designs for displayable characters such as letters and numerals. Even Spanish, which has characters that are mostly the same as English, requires a character consisting of a tilde ~ over an "n" character, etc.


The separate font and processing needed for the computer to display non-English language ballots thus provide the opportunity to identify voters of specific language groups. There have been allegations that some voting systems are designed to enable an insider or technician to easily switch the votes by language group. This is done by inserting some lines of Visual Basic Script programming in the font files. Such programming might say, for example: if vote = Kerry, add 1 to Bush-tally; if vote = Bush, add 1 to Kerry-tally.


Since paper ballots can be printed in any language, it seems that the ballots of voters with non-English languages would be more secure if marked by hand or ballot-marking machine on preprinted paper ballots.



H. Why the alternatives are better: Lever machines, Paper ballots and optical scanners.


Computerized devices can be used to enable voters with disabilities or non-English languages to mark or print paper ballots. Computers should not be used to record and count votes, however, unless they are used according to professional standards of 100% audit, 100% accuracy.


1. Lever Machines and accessible ballot-marking devices.


New York can keep and maintain our old lever machines, and add an accessible ballot-marking device in each polling site.


a. Lever machines can be repaired to nearly-new condition.


New parts for lever machines are supplied by International Election Systems Corp., 1550 Bridgeboro Road, PO Box 70, Edgewater Park NJ 08010.  Telephone 609-871-2100.  The president of the company is Richard Nowetner.

Engineers say that with proper routine maintenance, the lever machines should work for 150 years. If they aren't working, that is due to not being maintained. Proper repair can bring them to nearly-new condition. The most common damage is to the casters they roll on, and the repair is to attach new casters. Most damage occurs in trucking. Damage to the metal casing is repaired in a manner similar to car body repair.


b. Three reasons why lever machines are more secure than electronic voting systems.


(1) Length of access time required to corrupt one or more machines versus magnitude of effect.


Lever machines:


One person would require access for hours to each machine. Seals outside the machine have unique numbers, and are not standard products that can be easily replaced.


Seals inside the machine would have to be broken or tampered with also, which would reveal the tampering. These are “crush seals” which consist of pieces of lead crushed over copper wires.


Tampering with the mechanical parts inside the machine would require disassembly of major portions of the machine, which would take many hours, followed by re-assembly which would take additional hours. All this would have to be done within a month before the election because the ballot is not prepared until then.


Electronic voting systems:


(a) One technical insider or hacker using an automated script running in one computer anywhere in the world would require less than a second access per computer and can corrupt all similar electronic voting systems in a state through their communications devices.


(b) One technical insider with no access to the computers can distribute a corrupt "patch" which  technicians would install with or without knowledge that it is corrupt. This could have happened in Georgia, 2002, where allegedly the software in the Diebold systems was replaced repeatedly up to two days prior to the election.


(c) One non-technical insider, hacker, or technician can falsify precinct and overall tallies in the central tabulator, which would require less than a minute access either directly or via communications devices.


(2) Ease of detecting corruption.


Lever machines: With an hour of training, one person can inspect lever machines and detect broken or wrongly-numbered outside seals. If the outside seals are broken or wrongly-numbered, an experienced technician can examine the crush seals and mechanics inside the machine.


Electronic voting systems: With years of training, one person can read and examine the software for years and not find all corruption in it.


(3)  Possibility of oversight provided by Board of Elections staff.


Lever machines: Boards of Elections have many technicians who can safeguard and fix them.


Electronic voting systems: Boards of Elections have few or no computer staff who can safeguard and fix electronic voting systems, or oversee the work of vendors.

2. Paper ballots marked by hand or accessible ballot-marking device, with precinct-count optical scanners.


New York can convert to paper ballots marked by hand or accessible ballot-marking device in each polling site, with precinct-count optical scanners.


Optical scanners are computers, and pose the problem of programming errors, fraud, and unobservable counting. For example, there were widespread allegations of falsified tallies from optical scanners in Florida after our November, 2004, election. These allegations gained seriousness when county officials refused to comply with Freedom of Information requests to view precinct tally sheets.


Should optical scanners be 100% audited with multipartisan observation, with 100% accuracy required? The problems in Florida seem to suggest "yes."


The March 2001 Caltech report called "Revised and Expanded Report: A Preliminary Assessment of the Reliability of Existing Voting Equipment" said that hand-marked paper ballots counted by hand or optical scanner rank among the most reliable of voting systems. This report also said that "the incidence of [spoiled and unmarked ballots] is highest for voters in counties using punch cards and electronic machines and is lowest for voters in counties using lever machines, optically scanned paper ballots, and hand-counted paper ballots."

Summary: http://www.hss.caltech.edu/~voting/Executive%20Summary.March30.pdf

Full report: http://www.hss.caltech.edu/~voting/CalTech_MIT_Report_Version2.pdf


A system using hand-marked paper ballots, optical scanners, and ballot marking devices for accessibility is:

1) One of the most reliable systems available.

2) Inherently voter-verified.

3) Incorporates paper ballots that are easy to hand-count where necessary.

4) Precinct-based optical scanners allow automated counting to satisfy election officials.

5) Ballot-marking devices meet multilingual and accessibility needs.

6) For New  York State, it's less expensive than Direct Recording Electronic systems with VVPAT, both in initial purchase costs and ongoing maintenance.


3. States and big cities that use paper ballots and optical scanners.


Illinois, Chicago. 83% of the population of Illinois (10 million) votes using such systems, including Chicago.  One Illinois County’s rationale:



80% of Arizona, including Phoenix.



Michigan Secretary of State’s recommendation:



States that use mostly precinct-count optical scan systems also include

South Dakota  http://www.sdsos.gov/2000/00pripre.htm

Minnesota http://www.sos.state.mn.us/election/Interactive%20Election%20Guides/HTML/15.htm




4. Canadian elections with paper ballots.


National elections in Canada are conducted with paper ballots marked and counted by hand. They use ballot templates for blind voters. Attached is a report on hand counting methods in Canada. Unlike the attitudes expressed in this country in recent years that “elections are never perfect” and “we can’t possibly hand-count paper ballots” Canadians have no trouble hand-counting the votes on paper ballots. They expect and achieve 100% accuracy.


5. Hand-count methods.


The report “How to Hand-count Votes Marked on Paper Ballots” (attached) describes several easy methods for hand-counts.[12]


Hand counts are done in Vermont, and the election law of 2003 described in detail their procedures. Some of those details were omitted in their revised law of 2004, but the old version can be obtained from the office of the Secretary of State.



I. Computerized elections are a political problem.


The Resolution on Electronic Voting, endorsed by thousands of computer technologists, says "Computerized voting equipment is inherently subject to programming error, equipment malfunction, and malicious tampering." http://www.verifiedvoting.org/article.php?id=5028


Every study of electronic voting has said that systems from the major vendors are insecure and of poor quality. http://www.wheresthepaper.org/links.html#sec


Many people have trouble with their Windows PCs, and the systems are notoriously insecure, but several of our major vendors have built their voting systems on top of Windows.


A study by Findlaw showed that in September, 2004, 42% of Americans distrusted electronic voting.  http://company.findlaw.com/pr/2004/090704.electronicvoting.html


A continuous flow of bad news from around our country tells us that electronic voting and vote tabulating these systems don’t work.



In spite of all this, few government officials with responsibility for elections are heeding the constant stream of warnings about electronic voting, and the expressed distrust by voters. The major media and some officials, even here in New York, still want to convert to electronic voting.

In 2004 Americans witnessed an overwhelming incidence of dirty tricks and failures of our election infrastructure, and the use of unverifiable and unverified computers is part of this failure.


New Yorkers have a real need. We need election systems that work, that can be managed by the kind of staffs who work for our Boards of Elections across our state, and that can be overseen by ordinary citizens.


Computers can be made to work reliably through the use of audits, but no one in a position of authority is demanding that audits be performed. Around our country and in New York’s Saratoga County, computers used in elections are being used incorrectly, accompanied by untested trust, assertions that elections are never perfect, and statements that elections cannot be run any other way because Americans are incapable of counting ballots, maintaining lever machines, recruiting and training poll workers, etc.


In states with electronic voting, some people have suggested that if any voter doesn't want to cast his or her vote on a computer, they should request a paper absentee ballot. But elections are not just about "my vote," they are about the will of the people--all votes. Unaudited computers are the wrong technology for elections for all voters.


A broken democracy can’t be fixed by using unaudited computers to record and count votes. If democracy is government "of the people, by the people, for the people," the law needs to put people back into the center of our elections, and not replace citizen participation by computers.

I urge New York not to destroy our decent lever machine election system by converting to electronic voting.



J. Best sources of news and information.


1. www.votersunite.org is the best source of organized historical and current voting system news.


2. Daily Voting News From votersunite.org - To subscribe send an email to John Gideon at jgideon@votersunite.org 


3. Email clipping service, newspaper articles on voting machine and election issues from around the country - To subscribe send an email to resist@best.com


4. Much information is at www.wheresthepaper.org  and  www.wheresthepaper.org/ny.html




1.   Materials by Rebecca Mercuri, Ph.D.: "Facts About Voter Verified Paper

      Ballots," "Rebecca Mercuri on HAVA and Electronic Voting," "A Better Ballot Box?,"

      "Florida 2002: Sluggish Systems, Vanishing Votes," and "Hanging bytes, pregnant bits."

      Dr. Mercuri's web site:  http://www.notablesoftware.com/evote.html

2.   Yale Study   http://www.wheresthepaper.org/p43_di_franco.pdf requires Adobe 6.0

3.   Commentary on Yale Study   http://www.wheresthepaper.org/CACM_YaleStudy.htm

4.   "Gallup defends results against MoveOn.org attack," USA Today, 9/29/04

5.   "Why Did CNN Change Their Exit Poll Data for Ohio After 1:00 AM?"

6.   "AFFIDAVIT December 13, 2004 Sherole Eaton" 


7.   Affidavit of Douglas W. Jones

8.  "Ohio Recount Stirs Trouble" by Kim Zetter, Wired News, Dec. 20, 2004


9.   "Sequoia in the News - A Partial List of Events."  Note that 6 vendors are in the

       packet.  http://www.votersunite.org/info/messupsbyvendor.asp

10.  "Recurring Themes in Electronic Voting System Failures"


11.  “Excerpts from Interviews with MicroVote Executives”


12.  How to Hand-count Votes Marked on Paper Ballots