Safeguarding the 2008 Vote For Speaker Nancy Pelosi Voting Rights Taskforce Wellstone Democratic...
-
Upload
olivia-tucker -
Category
Documents
-
view
213 -
download
1
Transcript of Safeguarding the 2008 Vote For Speaker Nancy Pelosi Voting Rights Taskforce Wellstone Democratic...
Safeguarding the 2008 Vote
For Speaker Nancy Pelosi
Voting Rights TaskforceWellstone Democratic Renewal ClubJune 26, 2007
Contents
Participants Executive Presentation Supporting Detail
Holt Bill (HR 811) EAC Banning DREs Electronic Voting At Risk Audits Enforcement
Background and Definitions References
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
3
Participants
Mr. James Soper, M.A., Senior software consultant, author of www.CountedAsCast.com, (510) 258-4857, [email protected].
Dr. Judy Bertelsen, M.D., Ph.D., (510) 486-1467, [email protected].
Mr. Lee Munson, B.A., M.B.A., (415) 751-4535, [email protected].
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
4
Safeguarding the 2008 Vote
How to avoid the Florida 2000, Ohio 2004, and Florida 2006 fiascos in
2008?
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
5
Safeguarding the 2008 Vote
Elections using electronic voting systems have been
distorted … accidentally or intentionally
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
6
DeForest Soaries resigns from Election Assistance Commission (EAC)
…we “had made things worse through the passage of the Help America Vote Act…
…if we were another country being analyzed by America, we would conclude that this country is ripe for stealing elections and for fraud.”
- Chairman and republican appointee to the EAC
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
7
Safeguards for 2008
Re-structure the EAC or sunset it. Timely enforcement of election laws. Require vastly improved, rigorous
and timely manual audits. Timely, public, and affordable
access to voting records.
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
8
Ban DREs
Use hand marked paper ballots (HMPB).
Use precinct based optical scanners (PBOS).
Use ballot marking devices (BMD) with touchscreen and audio interfaces for voters with disabilities.
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
9
Safeguarding the 2008 Vote
A system is only as secure as its weakest link. A piecemeal implementation will leave open
security vulnerabilities. Even paper ballots are NOT secure without improving audits and procedures.
The devil is in the details. We need clear, detailed definitions and laws. Currently, each Election Official chooses a different interpretation of election laws.
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
10
Holt Bill (HR 811) positives:
Requires useful audits and public reporting of results.
Bans most wireless and internet connections.
Addresses testing lab conflict of interest and requires public reporting of testing results.
Requires some disclosure of source code. Requires paper ballots be available (in
2010!).
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
11
Holt Bill Weaknesses
Gives more authority to a politicized, incompetent failure called the EAC.
Is weak on enforcement and penalties. Does not explicitly ban DREs. Funds text-to-speech devices before
they have been studied and are ready.
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
12
Our goals….
We would like to … … assist in writing & reviewing federal
voting legislation ... to be a resource to Congresswoman
Pelosi’s office on election integrity issues Our expertise is a combination of academic,
programming, computer security, business, and first hand election experience. We want to and can help!
Supporting Detail
Holt Bill Issues
DREs/VVPATSAuditsEAC
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
15
Holt Bill HR811
Holt Bill proposal on DREs and VVPATs (paper trails)
Requires VVPATS on DREs
Makes the VVPAT the ballot of record for audits and recounts.
Addresses voters' with disabilities ability to verify their votes from the VVPAT
Concerns include: Does not require software
independence, thus does not address inherent DRE security issue.
Requires systems to meet requirements for 2008 but study of disabled voters ability to verify not until 12/2008
Does not address inherent VVPAT printer reliability and auditability issues
Good points include Requires a paper trail Makes the paper the ballot of
record
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
16
Holt Bill HR811
Holt Bill Proposal on Audits
State Election Auditor
Minimum audit of 3% to 10%
Precincts to audit chosen within 24 hours of the final unofficial vote count
Additional handcounting if audits don’t match the unofficial tally
Concerns include: Assumes all precincts are the same size Assumes one size fits all for all states Does not state confidence levels (eg.
99%) Does not require investigation into
causes of discrepancies Does not require analysis of
consequences of discrepancies to all statewide races
Good points include Mandatory, random audits Absentee ballots must be auditted Tiered audits Precincts chosen after vote count
announced Publication of discrepancy procedures Publication of detailed results
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
17
Holt Bill HR 811
Holt Bill proposal on EAC Gives more authority to the
EAC
Concerns include: EAC has been worse than
ineffective. Nothing in legislation to
change or improve or better define EAC responsibilities
:
Election Assistance Commission (EAC)
Past, present, and future
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
19
EAC – A Quick History
Mandated by HAVA (Help America Vote Act) in 2002. Voluntary System Guidelines > 1 year late but HAVA
compliance deadlines were not extended, thus forcing purchase of expensive, poorly designed and tested electronic equipment.
DeForest Soaries resigns in 2005. ITA (Independent Testing Authority) testing shown to be a
MAJOR failure in 2006. EAC 8/06 decertification of Ciber labs not announced until
after the 11/06 election. Many machines were “tested” by Ciber.
EAC suppresses report that Voter ID laws reduces turnout.
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
20
EAC - Current Structure Issues
Leadership is bipartisan but is political – should be professional, technical and legal. Election administration should be nonpartisan.
Latest vote fraud report in which wording was manipulated to continue to support Republican claims despite findings to the contrary
No enforcement power – only makes recommendations.
Sets up privatization/corporate secrets fraught with conflict of interest in testing – should set up public, transparent, highly professional testing process.
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
21
EACProposed structural changes
Re-structure in a way to help in 2008 or else sunset the commission.
Turn all testing over to NIST (National Institute of Standards and Technology)
Promptly make testing results public Actually test for security vulnerability, including
insider and outsider attacks. Actual attacks should be attempted on the equipment. If a fix is made, that fix should be tested by an actual
attack attempt.
Sunshine provisions
Banning DREs
Requiring Software Independence as defined
by NIST will effectively ban DREs
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
23
Printable pdf version
Printable pdf version
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
24
Inherent problems with DREs
We don't know what's inside the machines Disenfranchisement (vote suppression)
Broken machines Insufficient machines Shown to suppress minority votes
www.votersunite.org/info/NM_UVbyBallotTypeandEthnicity.pdf Extra and cumbersome ballot verification steps Studies show higher undervote rate than optical
scanAre DREs worth any of their positives? NO
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
25
Who wants to Ban DREs?
Florida, New Mexico and Maryland are all working towards banning DREs
Election Integrity advocates across the country including:
Progressive Democrats of America Voters Unite
Computer security expert Professor Avi Rubin no longer supports DREs with or without a VVPAT…
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
26
Avi Rubin, e-voting expert, Johns Hopkins professor:
“…when I first studied the Diebold DRE in 2003, I felt that a Voter Verified Paper Audit Trail (VVPAT) provided enough assurance. But, I continued, after 4 years of studying the issue, I now believe that a DRE with a VVPAT is not a reasonable voting system. The only system that I know of that achieves software independence as defined by NIST, is economically viable and readily available is paper ballots with ballot marking machines for accessibility and precinct optical scanners for counting – coupled with random audits. That is how we should be conducting elections in the US, in my opinion.”
From Avi Rubin’s BLOG describing his testimony before a House subcommittee hearing on “Ensuring the Integrity of Elections”, March 7th, 2007.
Electronic voting can be corrupted…
Accidentally or Intentionally
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
28
Electronic voting at risk
NIST Report, 11/06Princeton Report, 9/06NRC Report, 7/06BBV Report, 7/06Brennan Report, 6/06Hursti II Report, 5/06Berkeley Report, 2/06
Hursti I Report, 5/05RABA Report, 1/04Compuware Report, 11/03SAIC Report, 9/03Johns Hopkins Report, 7/03Saltman Paper, 3/78
www.CountedAsCast.com/issues/security.php#reports
13 reputable reports ALL say:Electronic voting is vulnerable!
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
29
Electronic voting at risk
The risk of an outsider attack by a poll worker, voter or hacker, especially via a virus or similar, is real.
Chicago misplaced 400+ memory cardsCleveland misplaced 75+ memory cards.
Hackers can gain access if the machines havelocal network, wireless or Internet connections
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
30
Electronic voting at risk
Successful simulated attacks on an election
Poll workers, possibly voters. VVPAT may be compromised. Attack might not be caught by an audit.
Touchscreen to tabulator, Diebold & Sequoia
Summary tape and precinct totals incorrect; virus carried to other machines.
Princeton Hack
9/2006
Pollworker/Sleepovers. A good audit might catch this
Touchscreen to tabulator, Diebold
Showed that a person can take complete control of a DRE, and an election. Undetectable.
Hursti II5/2006
Pollworker/Sleepovers. A good audit might catch this
Optical Scan to tabulator, Diebold
Showed that a person can take control of memory cards, which handle the vote-reporting & counting.
Hursti I5/2005,11/2005
Anyone with access to the known tabulator passwords
Tabulator & database, Diebold
Central vote totals were changed with no trace
GEMS tabulator
5/2005
AccessEquipmentDescriptionAttack
Date
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
31
Electronic voting at risk
The risk of an insider (election official, company programmer) attack is real
Example: Easter Eggs (hidden code) We do not know what software is inside the
machines on election day No amount of testing will detect hidden
code Jeffrey Dean, voting systems programmer,
23 computer embezzlement convictions Clinton Curtis hired to write a program to
manipulate an election
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
32
Electronic voting at risk
Glitches happen Sarasota county, FL : 18,000 votes
“disappeared” Many more examples of “lost” votes Software and data are trade secrets Nobody, and no machine, should be
counting American votes in secret
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
33
Electronic Voting Recommendations
Software verification Check that the software used on election
day is the software that was inspected, tested and certified.
Public testing of systems Security (red team) testing Ban all network connections, including wireless Open source software – public inspection
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
34
Security “mitigations” are not really secure
Tamper evident seals don’t work Not all pollworkers trained to look at seals,
procedures not defined if seal is torn. Taking a machine out of service not enough if
manipulation spreads like a virus. Chain of custody of memory cards is
nullified by processes inherent to voting machine
Machines need to be in place prior to Election Day.
This allows adequate access for manipulation of memory cards.
Audits
Classic Obfuscation #2: Audits will catch any problems
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
36
Audit Issues Audits should be determined by statisticians NOT
politicians A fixed audit percentage assumes a fixed number of
precincts and fixed margins between leading candidates. These vary for each election contest.
DREs have no margin of error. Audits of optical scanners SHOULD NOT match 100%.
Voter-caused and machine-caused discrepancies must be noted
Politicians should set the boundaries for statisticians – for example, desired confidence levels for accurate election outcomes (say 90% to 99%) and desired maximum error rates for machines.
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
37
Audit Recommendations
How much to audit A federal taskforce on the statistics of audits should set standards
and approve state election audit plans for states who want to devise their own.
Tiered audit system that adjusts for the closeness of the race. Federally funded recounts for very close elections
What to audit Include ALL votes – absentee, military, mail-in, overseas, early,
provisional. How to audit
A preliminary statement of votes as an established control. Both random selections and manual audits to be publicly observable
Reporting and further actions Require that audit results are used to correct election results and are
reported publicly. Have statisticians or mathematicians evaluate whether
discrepancies could affect election outcomes; and determine whether or not to expand audits.
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
38
Audits on VVPATs are problematic
VVPATs were an afterthought, never tested for voters catching errors.
Tests show that voters who examine VVPATs often miss detecting omissions and errors and that most voters do not even look at the VVPATs
Brennan Center and MIT/Caltech reports state that only 1/3 of people look at them.
Poll workers didn’t understand the reason for VVPATs and sometimes told voters to NOT look at them.
Paper jams were frequent and votes not recorded Rolls from some systems were very difficult to read at
audits. If the VVPAT was unreadable, the roll was re-printed
from the memory card-which was NOT voter verified
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
39
VVPAT Recommendations
Federal legislation should… Ban VVPATs and DREs. Florida, New Mexico, and Maryland are all moving in
that direction Allow only Voter Marked Paper Ballots
Systems already purchased are sunk costs Ballot marking devices should be certified for
HAVA compliance
Enforcement
Too little, too late
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
41
Election laws are not enforced
No checks and balances on Elections Officials On Election Day it is nearly impossible to get
any legal action done. Deadline to certify the vote allows officials to
delay providing information, etc. until too late Officials are not being held accountable for not
following election code. District Attorneys and Attorney Generals are not acting on these issues, and sometimes help election officials cover up problems.
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
42
Enforcement recommendations
Timely !!! Enforcement must be immediate and allow revote.
Enforcements need to cover pollworkers and elections officials.
Citizens must be able to initiate lawsuits that the courts act upon very quickly.
PENALTIES spelled out explicitly. Timely, public, and affordable access to voting
records is key!!! Public oversight organizations need access!!!
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
43
Definitions and Background
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
44
The Players
Federal EAC – Election Assistance Commission ITA – Independent Testing Authority NIST – National Institute of Standards and
Technology State
SoS – Secretary of State County Elections Officials – Registrar of
Voters, Board of Elections, Clerk/Recorder
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
45
Definitions (Optical scanner)
Optical ballot scanner
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
46
Definitions (DRE, VVPAT)
DRE (Direct Recording Electronic)
VVPAT (Voter Verified Paper Audit Trail)
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
47
Definitions (Touchscreen)
Ballot Marking Devices (BMDs) are touchscreen machines that produce a paper ballot. DREs do not.
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
48
Definitions (Tabulator)
Tabulatorcentral votecounting
computer
Memorycards
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
49
Definitions (Memory Card)
Memory card used to transfer data, including votes, between the central tabulator and the scanners and voting machines in the precincts.
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
50
Definitions (Auditing)
Auditing – check vote totals from some % of precincts after the election
06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 2008
51
References
Link to this presentation
www.CountedAsCast.com/alameda/docs/presentation26jun07.php
Security issues
www.CountedAsCast.com/issues/security.phpConducting audits
www.CountedAsCast.com/issues/audits.phpProcedures are inadequate
www.CountedAsCast.com/issues/procedures.phpFailed EAC/ITA testing
www.CountedAsCast.com/issues/testing.php Monitoring elections
www.CountedAsCast.com/resources/monitoring.php