Verified Voting Blog: How not to measure security

This article was originally posted at Freedom to Tinker on August 10, 2015. It is reposted here with permission of the author.

A recent paper published by Smartmatic, a vendor of voting systems, caught my attention. The first thing is that it’s published by Springer, which typically publishes peer-reviewed articles – which this is not. This is a marketing piece. It’s disturbing that a respected imprint like Springer would get into the business of publishing vendor white papers. There’s no disclaimer that it’s not a peer-reviewed piece, or any other indication that it doesn’t follow Springer’s historical standards. The second, and more important issue, is that the article could not possibly have passed peer review, given some of its claims. I won’t go into the controversies around voting systems (a nice summary of some of those issues can be found on the OSET blog), but rather focus on some of the security metrics claims.

The article states, “Well-designed, special-purpose [voting] systems reduce the possibility of results tampering and eliminate fraud. Security is increased by 10-1,000 times, depending on the level of automation.”

That would be nice. However, we have no agreed-upon way of measuring security of systems (other than cryptographic algorithms, within limits). So the only way this is meaningful is if it’s qualified and explained – which it isn’t. Other studies, such as one I participated in (Applying a Reusable Election Threat Model at the County Level), have tried to quantify the risk to voting systems – our study measured risk in terms of the number of people required to carry out the attack. So is Smartmatic’s study claiming that they can make an attack require 10 to 1000 more people, 10 to 1000 times more money, 10 to 1000 times more expertise (however that would be measured!), or something entirely different?

Florida: As redistricting heats up, Central Florida at heart of battle | Orlando Sentinel

Central Florida’s congressional districts are essentially caught in a virtual tug-of-war between state lawmakers and the Florida Supreme Court. That was clear from the deliberations of lawmakers in a special redistricting session Tuesday, as several legislators bashed the court’s decision to throw out the previous maps and mandate the current Congressional District 5 running from Jacksonville to Orlando instead run horizontally from Jacksonville to Tallahassee. Republican legislators took particular issue with the court ordering the east-west district, which was favored by Democratic groups and the League of Women Voters, which brought the redistricting lawsuit. “If the Florida Supreme Court is basically drawng a map and they know that the map is drawn by partisan Democratic operatives . . how are the justices who do that complying with the constitution?” said Sen. Rob Bradley, R-Fleming Island.

Maryland: Hogan announces redistricting committee | Southern Maryland News

Gov. Larry Hogan announced Thursday that he has issued an executive order to create a commission to study redistricting reform in Maryland. “Maryland is home to some of the most gerrymandered districts in the country, a distinction that we should not be proud of,” Hogan (R) said. According to the governor’s office, the commission will look at fully reforming Maryland’s redistricting process and giving the authority to an independent, nonpartisan commission. It also will give recommendations for congressional district reform. Maryland last redistricted in 2010, with the maps taking effect in 2012, according to the Maryland Department of Planning. Like all states, Maryland redistricts every 10 years.

Minnesota: Ranked Choice Voting to Appear on November Ballot | KQDS

An organization, called Fair Vote Minnesota, has petitioned throughout Duluth and received more than 1,600 signatures, which was the magic number, and now puts the question of ranked choice voting on the ballot this November. Councilor Joel Sipress believes the term ‘ranked choice voting’ encompasses two different voting systems. The first is called ‘instant runoff voting’ and is the method used in races electing one person, like the Mayor or district councilors. The second, is called ‘single transferable voting,’ a system designed for races electing multiple people at the same time, like the at–large city councilors.

New Hampshire: A federal judge just struck down New Hampshire’s ban on ballot selfies | Boston Globe

New Hampshire primary voters rejoice! You may once again take “ballot selfies.” A federal judge Monday repealed the Granite State’s law banning photos of filled-out election ballots, ruling that it violated the First Amendment. U.S. District Court Judge Paul Barbadoro said the law was unconstitutional, because it did not meet the standards necessary for the state to restrict political free speech. “Here, the law at issue is a content-based restriction on speech that deprives voters of one of their most powerful means of letting the world know how they voted,” Barbadoro wrote in his decision.

Ohio: Ohio voting laws discriminate, lawsuit says | Associated Press

Recently passed Ohio voting laws create hurdles for minority voters casting absentee and provisional ballots, advocates argued in an updated federal lawsuit filed on Monday. The laws and similar orders by the secretary of state unconstitutionally permit absentee votes to be thrown out for ID errors, according to the lawsuit. Those mistakes could include putting down the wrong birth month on the absentee envelope even when a voter supplied the correct information when requesting the ballot, the lawsuit said. The laws also removed protection for voters casting provisional ballots by failing to provide the chance for voters to be notified of errors that could cause the ballot to be rejected, according to the lawsuit.

Virginia: Democrats target Virginia as they push to break down voting restrictions | The Washington Post

After Tracey Bell tried to register to vote in Virginia last year, she got a letter in the mail saying her citizenship was in doubt and she would have to pay $10 to prove it. Confused and annoyed, Bell ranted on Facebook. It was the rare Facebook rant that actually led to government action. A friend put her in touch with the Virginia Democratic Party, which connected her to a lawyer who explained that she had forgotten to check a box confirming her citizenship. She fixed it — and a year later, Gov. Terry McAuliffe (D) is pushing to have the box requirement eliminated.

Washington: Yakima Urges High Court to Overturn Election District Makeup | Spokane Public Radio

The City of Yakima has latched onto the coat tails of a Texas lawsuit before the nation’s highest court seeking to limit the principle of “one person – one vote.” Last February, a Spokane federal judge ordered the city to elect council representatives by district, rather than at large, reasoning that Latino candidates could not gain a political foothold under the at-large system.

Wisconsin: As John Doe probe is halted, legal maneuvering continues | Milwaukee Journal-Sentinel

The investigation into conservative groups and Gov. Scott Walker’s campaign may be halted, but the legal machinations surrounding it appear far from over. In the latest development, attorneys who beat back the probe are seeking to have a third party oversee prosecutors as they return evidence they gathered during the investigation. Their request to the state Supreme Court would also affect the treatment of material gathered in an earlier investigation that resulted in six convictions, according to the judge who oversaw that first investigation. Details are sketchy because the high court has sealed the filings until it determines whether they can be released. But the flurry of court activity shows that a fight over the investigation will continue as Walker pursues the Republican nomination for president.

Canada: Why B.C. candidate’s campaign video is bursting with dragons, robots, lasers: ‘People don’t have attention spans’ | National Post

It’s easily the 2015 campaign’s most computer graphics-filled video: Dragons, a giant Canada goose and a towering space robot. And according to independent candidate Wyatt Scott, it all started with a solemn vow to defy the alleged “shenanigans” of the local Liberal Party. “Obviously, people don’t have attention spans nowadays, so we figured what can we do to draw attention?” said Scott, who put together the video for less than $1,000 after recruiting student filmmakers through Craigslist. The one-minute video entitled “I’m running for Parliament!” features the B.C. candidate riding a Canada goose and stabbing a dragon in the head with a broadsword. “University is too damn expensive!” he says, while catching a man in drag falling from the sky.

Editorials: Direct Elections Won’t Help Russia’s Opposition | Vladimir Ryzhkov/The Moscow Times

One of the few things the mass protests in the winter of 2011-12 achieved was the return of direct elections for State Duma deputies representing single-member districts. They will be held in September 2016, and half of the parliamentary deputies (225) will, for the first time in 13 years, be elected by specific cities and regions. The winners in each of these 225 districts will be the candidates who receive more votes than any of their opponents. Parliamentary parties, non-parliamentary opposition groups and the Kremlin are already hard at work in preparation for these elections. A foundation with ties to the Kremlin, the Institute for Socio-Economic and Political Research (ISEPR), recently released its forecast for the elections, working from the current composition of the Duma. This ISEPR report (“Acting State Duma Deputies in their Districts — 2016”) is important and noteworthy, not only as an expert study, but as a formative one.

United Kingdom: Labour leadership contest: campaign teams summoned over ballot concerns | The Guardian

Labour has hauled in its four leadership campaign teams for a meeting at party headquarters in an attempt to put a stop to complaints from some of the camps about the credibility of the contest. The party called in representatives of Jeremy Corbyn, Andy Burnham, Yvette Cooper and Liz Kendall on Tuesday, as it sought to clear up confusion about the process and reassure them that no “entryists” from other parties would successfully infiltrate the competition. At the meeting, called by Iain McNicol, the party secretary, and attended by chief whip Rosie Winterton, the campaign teams were told that at least 1,200 members or supporters of other parties have now been excluded and at least another 800 are under investigation. But despite the party’s attempts to stress the robustness of its verification process, the Guardian has been told by sources present that the meeting raised more questions than it answered, and at least three of the camps are in touch with each other to discuss their concerns about the running of the contest.