Verified Voting Blog: Principles for New Voting Systems

Many jurisdictions will need to replace their voting systems in the next few years. Commercial voting systems currently in the marketplace are expensive to acquire and maintain and difficult to audit effectively. Elections may be verifiable in principle–if they generate a voter-verifiable paper trail that is curated well–but current systems make it hard or impractical to verify elections in practice.

Recent experience with open-source tabulation systems in risk-limiting audits in California and Colorado, and voting system projects in Los Angeles County, CA, and Travis County, TX, suggest that the US could have voting systems that are accurate, usable, verifiable, efficiently auditable, reliable, secure, modular, and transparent, for a fraction of the cost of systems currently on the market.

The key to reducing costs is to use commodity off-the-shelf hardware, open-source software, and open data standards.  Usability and auditability need to be designed into new systems from the start. The US could have the best possible voting systems, instead of just the best voting systems money can buy, if new systems adhere to the Principles enunciated below. (Download PDF)

Verified Voting Blog: New Standards for Election Data

Examining election results to confirm winners and losers for very close elections can be problematic for contests that span multiple jurisdictions using different equipment and diverse data formats for reporting those results. Such differences have been a significant barrier to conducting post-election risk-limiting audits in time to change preliminary election results if necessary. To address problems caused by incompatible election reporting formats, the IEEE has developed a new standard for election results reporting (1622-2). This standard marks the culmination of over ten years of efforts by many individuals and organizations (including Verified Voting), with crucial technical staff support from the National Institute of Standards and Technology (NIST). In the recently completed 2014 elections, the Ohio Secretary of State’s office successfully used a draft version of the standard to report and export election results and the Associated Press Election Services used the same draft standard to import Ohio’s election results and incorporate it into their national election reporting for television, radio, and newspaper clients across the country. You are invited to weigh in: to see the proposed reporting standard and submit your comments and suggestions for improvement here.

Verified Voting has been actively working for a number of years to develop and promote adoption of national data standards for to support inter-operability, transparent reporting, and post-election audits comparing hand-eye manual counts of voter-verified records with electronic tabulation results.  In 2008 and 2009, we submitted formal comments on the draft 2007 Voluntary Voting Systems Guidelines (VVSG) proposed by the U.S. Election Assistance Commission (EAC)’s Technical Guidelines Development Committee (TGDC). While the draft 2007 VVSG “encourages” adoption of a standard data exchange format to facilitate interoperability between different hardware components, Verified Voting and other groups and experts urged that voting systems be required to input and output data using a common standard format for election data import, export and exchange. As we pointed out, requiring standard data exchange formats can also help facilitate another important VVSG goal — interoperability of election hardware and software components from different vendors. 

Verified Voting Blog: Security not yet available for online voting

California’s record low turnout for November’s elections is indeed worrisome, and incoming Secretary of State Alex Padilla’s promises to increase the voter rolls are laudable. However, the editorial board’s desire to see online voting as the natural evolution of our voting systems is misplaced.  Yes, we do bank, shop and communicate online, but a quick review of the latest headlines proves these transactions aren’t secure. Cybercrime is estimated to cost businesses billions every year. Elections are unlike financial transactions because they’re extremely vulnerable to undetectable hacking. Because we vote by secret ballot, there is no way to reconcile the votes recorded and the marks the voter actually makes with technology currently available.

Verified Voting Blog: Online voting rife with hazards

Today Americans are voting in an election that could shift control of the U.S. Senate and significantly impact the direction our nation will take in the next few years. Yet, 31 states will allow over 3 million voters to cast ballots over the Internet in this election, a practice that computer security experts in both the federal government and the private sector have warned is neither secure nor trustworthy.

Most states’ online voting is limited to military and overseas voters, but Alaska now permits all voters to vote over the Internet. With a hotly contested Senate seat in Alaska, the use of an online voting system raises serious concerns about the integrity of Alaska’s election results. Alaska’s State Election Division has even acknowledged that its “secure online voting solution” may not be all that secure by posting this disclaimer on its website: “When returning the ballot through the secure online voting solution, your are [sic] voluntarily waving [sic] your right to a secret ballot and are assuming the risk that a faulty transmission may occur.”

Unfortunately, faulty transmission is only one of the risks of Internet voting. There are countless ways ballots cast over the Internet can be hacked and modified by cyber criminals. The National Institute of Standards and Technology, at the direction of Congress, has conducted extensive research into Internet voting in the last decade and published several reports that outline all the ways votes sent over the Internet can be manipulated without detection. After warning that there are many possible attacks that could have an undiscovered large-scale impact, the institute concluded that secure Internet voting is not yet achievable.

Verified Voting Blog: Mail Your Ballot Back: Why Voting Online Puts Your Vote and Privacy at Risk

Twenty-three states plus the District of Columbia allow military and overseas voters (not domestic voters) to return voted ballots by email, facsimile and/or other Internet transmission; six allow  internet return in  military in zones of “hostile fire.” Alaska allows it for all absentee voters. But these methods of casting ballots over the Internet are very insecure; ballots returned this way are at risk for manipulation, loss or deletion.

According to the National Institute for Standards and Technology, the agency charged with reviewing the security of internet voting systems, even the most sophisticated cyber security protections cannot secure voted ballots sent over the Internet and that secure Internet voting is not feasible at this time.[1] Even if ballots are returned electronically over online balloting systems that employ security tools such as encryption or virtual private networks, the privacy, integrity or the reliable delivery of the ballot can’t be guaranteed.[2]

Just as important, ballots sent by electronic transmission cannot be kept private.[3]  Most States which accept electronically transmitted ballots require voters to sign a waiver forfeiting the right to a secret ballot.  In some cases this waiver conflicts with State law or constitution which guarantees the right to a secret ballot.

Verified Voting Blog: New Voting Systems Standards Committee Steps into Election Data Void

What does the Institute of Electrical and Electronic Engineers (IEEE) have to do with elections? Glad you asked. IEEE, or the Institute of Electrical and Electronics Engineers, is the world’s largest professional association for the advancement of technology. Along with its major educational and publishing activities, IEEE is one of the leading standards-making organizations in the world. IEEE standards affect a wide range of industries including: power and energy, biomedical and healthcare, Information Technology (IT), telecommunications, transportation, nanotechnology, information assurance, and many more. In 2013, IEEE had over 900 active standards, with over 500 standards under development.

IEEE has many subgroups that establish standards for various industry areas. and one of these is IEEE Project 1622 (or P1622). This group has been active lately working on setting common standards for important election related practices, including things like distributing blank ballots (for voters who are overseas, e.g.). With Congress’ stalemate on appointing new members to the Election Assistance Commission (EAC), development and adoption of U.S. election data standards seems to be shifting from the EAC’s Voluntary Voting Systems Guidelines (VSSG) Technical Development Committee to the IEEE VSSC. Brian Hancock, EAC Director of Voting System Testing and Certification, spoke positively about this development at the recent conference of the Election Verification Network (EVN) in San Diego.

Following adoption of its initial proposed standard for electronic distribution of blank ballot information (1622-2011, published in January 2012), the IEEE Project 1622 for Voting Systems Electronic Data Interchange has been authorized to become the IEEE Voting Systems Standards Committee (VSSC).

Verified Voting Blog: Hack the Vote: The Perils of the Online Ballot Box

While most voters will cast their ballots at polling stations in November, online voting has been quietly and rapidly expanding in the United States over the last decade. Over 30 states and territories allow some form of Internet voting (such as by email or through a direct portal) for some classes of voters, including members of the military or absentees.

Utah just passed a law allowing disabled voters to vote online; and Alaska allows anyone to cast their ballots online. And there were recent news reports that Democratic and Republican national committees are contemplating holding primaries and caucuses online. We estimate that over three million voters now are eligible to vote online in the U.S.

But online voting is fraught with danger. Hackers could manipulate enough votes to change the results of local and national elections. And a skilled hacker can do so without leaving any evidence.

Verified Voting Blog: Hot State Update! What’s happening in Virginia, Oregon, Connecticut and more… and what Verified Voting is doing to help.

At Verified Voting we work to establish relationships in the states with policy makers and elections officials, in order to ensure they are educated on how to keep our votes secure. We’ve started 2014 with lots of activity around the country, building on a very strong and determined energy around voting issues, much of it unfolding on the state level. We have a great network of people in place and continue to work to make our voices heard. The following is a quick look at some of the Hot States on which we are focusing.

Virginia: This session, House and Senate bills sought to initiate electronic return of voted ballots over the Internet by overseas military voters. Amendments made to the bills called for security protocols to be examined and review of the feasibility and costs involved prior to initiating actual ballot return, thanks to intense outreach with our allies Virginians for Verified Voting, a lot of letters from VA supporters (thank you!), and an op-ed penned by Justin Moore (who is on VV’s advisory board) in the Richmond Times Dispatch.  The amended version of HB 759/SB 11 was conferenced and passed, with these crucial stop-gaps and a clause requiring that the provision be re-approved in 2016 before any ballots are sent over the Internet. As the review process takes place over the coming 18 months, we will be participating actively.  Ensuring that technologists are at the table as the conversation moves forward is critical, as is feedback from Virginia voters.  See the Bill summary here.

Verified Voting Blog: A Valuable Resource for Election Recounts

Last week Citizens for Election Integrity Minnesota released Recount Principles and Best Practices, a document providing recommendations on key recount matters such as counting methods, transparency, voter intent and challengers. The document is especially welcome as it was produced through the cooperation of election officials and citizen activists and it is the first comprehensive set of best practices for recounts. It compliments CEIMN’s earlier documents on audits and their database of state audit and recount laws.

In addition to the four authors, the report benefitted from review by a blue-ribbon panel of advisors, including election officials, election integrity advocates, journalists, and academics.  “Accurate and verifiable elections are essential for our democracy,” said Minnesota Secretary of State Ritchie, one of the reports authors. “This document and its recommendations will improve the way state and local election officials conduct recounts.”

Verified Voting Blog: Post Election Audits for New Hampshire

No voting system is perfect. Nearly all elections in New Hampshire, as in most of the nation, are counted using electronic vote counting systems. Such systems have produced result-changing errors through problems with hardware, software and procedures. Error can also occur when compiling results. Even serious error can go undetected if results are not audited effectively.

In a municipal election in Palm Beach County, Florida in 2012 a “synchronization” problem with the election management software allotted votes to both the wrong candidate and the wrong contest; this was uncovered during a post-election audit. The results were officially changed after a public hand count of the votes. Particularly noteworthy about that example is the fact that Florida has one of the nation’s weakest audit provisions; even so, it enabled the discovery of this critical error. In another state, a software malfunction caused thousands of votes to be added to the total. A manual audit revealed the mistake and officials were able to correct the results and avoid a costly run-off election. In a Republican primary in Iowa, a manual check of the physical ballots revealed a programming error that was attributing votes to the wrong candidates. Thanks to the manual audit, the correct person was seated in office.

Verified Voting Blog: Verified Voting Applauds Findings in Presidential Commission Report on Elections

Today’s landmark report by the Presidential Commission on Election Administration (PCEA), The American Voting Experience: Report and Recommendations of the Presidential Commission on Election Administration, recognizes many of the obstacles and opportunities in today’s election administration universe, and proposes several excellent approaches to solving some of those challenges. “We applaud the bi-partisan Commission’s substantial work, balancing the need for secure elections with positive ways to improve voting for all,” said Pamela Smith, President of Verified Voting.  “We strongly agree that military and overseas voters can be supported by providing access to online registration and distribution of information including blank ballots online, and appreciate that the Commission also notes that ‘the internet is not yet secure enough for voting.’” (p. 60)

Verified Voting Blog: Verified Voting Recommendations to the Presidential Commission on Election Administration

On Election Day, long lines were produced in many cases due to voting systems that malfunctioned in multiple locations across the country. As stated in a joint letter we signed sent to President Obama last November, “While insufficient voting equipment was not the only cause for long wait times, it no doubt contributed to the problems we saw on Election Day. The need to improve our voting systems is urgent. Much of the voting equipment in use today is nearing the end of its life cycle, making equipment attrition and obsolescence a serious and growing threat.”[1. http://www.calvoter.org/issues/votingtech/pub/Election_verification_letter_to_Obama_11-20-]

In our “Counting Votes 2012: A State By State Look At Election Preparedness” report[2. http://countingvotes.org], about the 50 states’ preparedness for this major election cycle, we identified key areas of concern. We predicted many states could have problems due to:

• aging voting systems,
• dependence on machine interface for voting for the majority of voters, and
• thoroughness of policies and regulations for emergency back-up provisions in case polling place problems occur and lines start to form.

There were few surprises. As one of our technology expert recruits for the OurVoteLive (OVL) Election Protection hotline indicated:

What’s most interesting is that if you divide things into “easy to solve” and “hard to solve”, the “easy to solve” ones tend to be in places using optical scan [ballots], and the “hard to solve” in places using machines [DREs].

Verified Voting Blog: The California College Vote Hack

I just read Doug Chapin’s article on the vote rigging at Cal State San Marcos, and I would add several observations. Had this been a public election conducted via Internet voting, it would have been much more difficult to identify any problem or to capture the perpetrator, Matthew Weaver. Mr. Weaver was captured because he was voting from school-owned computers. This was networked voting but not really Internet voting. The IT staff was able to notice “unusual activity” on those computers, and via remote access they were able to “watch the user cast vote after vote”. But in a public online election people would vote from their own private PCs, and through the Internet, not on a network controlled by the IT staff of election officials. There will likely be no “unusual activity” to notice in real time, and no possibility of “remote access” to allow them to monitor activity on a voter’s computer.  Note also that university IT staff were able to monitor him while he was voting, showing that they were able to completely violate voting privacy, something we cannot tolerate in a public election.

In the Cal State San Marcos election votes apparently had to be cast from computers on the university’s own network, and not from just anywhere on the Internet. I infer this because it makes good security sense, and because I cannot think of any other reason Mr. Weaver would cast his phony votes from a university computer rather than from an anonymous place like a public library. If this is correct, it is a huge security advantage not possible in public elections, where the perpetrator could be anywhere in the world. Even if public officials somehow did notice an unusual voting pattern that made them suspicious after the fact that phony votes were cast, there would be no evidence to indicate who it was, and no police on the spot to pick him up red handed.

Verified Voting Blog: Leave Election Integrity to Chance

How do we know whether the reported winners of an election really won?

There’s no perfect way to count votes. To paraphrase Ulysses S. Grant and Richard M. Nixon, “Mistakes will be made.” Voters don’t always follow instructions. Voting systems can be mis-programmed, as they were last year in Palm Beach, Florida. Ballots can be misplaced, as they were last year in Palm Beach, Florida, and in Sacramento, California. And election fraud is not entirely unknown in the U.S.

Computers can increase the efficiency of elections and make voting easier for people who cannot read English or who have disabilities. But the more elections depend on technology, the more vulnerable they are to failures, bugs, and hacking. Foreign attacks on elections also may be a real threat.

Even if we count votes by hand, there will be mistakes. How can we have confidence in the results?

Verified Voting Blog: Helping LA County Build a Voting System

This past week I was at the kick-off meeting of the LA County Voting System Assessment Project’s (VSAP) Technical Advisory Committee. The VSAP is Registrar/ClerkDean Logan’s intense and groundbreaking effort to design, develop, procure and implement a publicly owned voting system. I am honored to be asked to serve on such an important body.

LA County is the largest election jurisdiction in the US, with 5 million registered voters, 10 languages, 5,000 precincts and a very large physical area. The county currently uses the InkaVote Plus voting system (with Audio Ballot Booth for accessibility), which is essentially an overhaul of former punchcard equipment to use inked styluses for marking and to provide in-precint checks for the voter in case they make mistakes.

Verified Voting Blog: Internet voting for overseas military puts election security at risk

Connecticut lawmakers are considering legislation to allow military voters to cast ballots over the Internet. The intention of this legislation is well-meaning — Connecticut does need to improve the voting process for military voters — but Internet voting is not the answer. Every day, headlines reveal just how vulnerable and insecure any online network really is, and how sophisticated, tenacious and skilled today’s attackers are. Just last week, we learned that the U.S. has already experienced our first-ever documented attack on an election system, when a grand jury report revealed that someone hacked into the Miami-Dade primary elections system in August 2012. A chilling account in The Washington Post recently reported that most government entities in Washington, including congressional offices, federal agencies, government contractors, embassies, news organizations, think tanks and law firms, have been penetrated by Chinese hackers. They join a long list that includes the CIAFBIDepartment of DefenseBank of America, and on and on. These organizations have huge cybersecurity budgets and the most robust security tools available, and they have been unable to prevent hacking. Contrary to popular belief, online voting systems would not be any more secure.

Verified Voting Blog: Statement on the Dangers of Internet Voting in Public Elections

At a time when more and more transactions occur online, a number of election officials and private organizations are looking to the Internet as one more possible avenue for balloting. When the Academy of Motion Picture Arts and Sciences announced that would be using an online voting system to help its members choose this year’s Oscar nominees and finalists, thereby adding to the “credibility” of online voting, we find ourselves compelled to remind the general public that it is dangerous to deploy voting by email, efax, or through Internet portals in public governmental elections at this time. Public elections run by municipal, local and state governments should not be compared to elections like the one run by the Academy. The following describes our concerns about the use of Internet voting systems in public elections.

• Cyber security experts at the National Institute of Standards and Technology[1] and the Department of Homeland Security[2] have warned that current Internet voting technologies should not be deployed in public elections. Internet voting systems, including email, fax and web based voting systems in which marked ballots are cast online, cannot be properly protected and may be subject to undetectable alteration.

• Citizens ask, “If I can bank online, why can’t I vote online?” Online banking and e-commerce are NOT secure, despite massive business investments in state-of-the-art cyber-security tools.

• Banking policies protect and reimburse people whose money or credit card numbers are stolen online. If a hacker deletes or alters a ballot, the action can neither be traced nor corrected.

• Banking policies generally do not protect companies when funds are stolen from their accounts. It has been reported that as many as ten percent of small business have had money stolen from their bank accounts.[3] Even so, businesses understand and accept that money lost through cyber-crime is part of the risk of doing business online, and they seek to reduce losses by obtaining fraud insurance. We cannot take that approach in counting votes in public elections; a cyber-attack that alters or deletes just a few hundred votes, and perhaps even fewer, can change the result of an election. There is no such thing as “fraud insurance” for ballots, and we can scarcely accept online fraud in ten percent of our election jurisdictions.

• The parties in online business transactions maintain and audit account records to detect fraudulent activities. But because we vote by secret ballot in public elections, individual voters have no way to check and verify that their ballots were properly counted. Thus online voting is particularly susceptible to tampering, all but certain to go undetected.

• Internet voting system vendors make claims about the security of their products that have never been substantiated by publicly reviewable testing and research.

Verified Voting Blog: Election, Tech Experts to Obama: Yes, “We Need to Fix That,” But E-Voting Not the Answer

Groups Warn Against Hasty Action on Internet Voting in Response to Long Lines, Technical Glitches in November

In a letter delivered to President Obama and congressional leaders this week, a broad coalition of experts, including congressional representatives, elections officers and cyber-security experts, is urging the president and Congress to reject any calls for Internet voting. They are warning officials that Internet voting remains a highly insecure option that leaves our systems vulnerable to cyber-attacks and technical failures. After voters across the country waited as long as seven hours to cast their ballots and Hurricane Sandy wreaked havoc on East Coast election systems last November, lawmakers in Congress are introducing legislation to facilitate the voting process in federal elections, and some parties have expressed Interest in online voting. The text of the letter can be found here.

Verified Voting Blog: Some modest proposals for voter signature verification

Iowa Secretary of State Matt Schultz proposes that we use some kind of electronic scanning system to evaluate voter signatures. I have no idea how good signature comparison software is these days, but I do I know that my own signature isn’t very consistent. Would automatic signature matching software really work well enough to recognize that all of my signatures are mine while rejecting forgeries? I’m skeptical. If one person’s absentee ballot is incorrectly rejected because someone or some software thinks their signature does not match, that would seem to me to be a violation of that voter’s civil rights. If signature matching has a higher likelihood of failing for one group of people than for another, then signature verification can be said to systematically deny voting rights to that group.

Verified Voting Blog: Recount Roulette

We risk an election meltdown worse than the Florida 2000 debacle when the presidential election came down to hanging chads and chaos. This time we are looking at another razor close result and perhaps another recount. However, if a recount is required in either of two key states — Virginia and Pennsylvania — we risk catastrophe, because most of those votes will be cast on paperless voting machines that are impossible to recount. To make matters even worse, the wake of superstorm Sandy could cause disruption on Election Day. Polling places without paper ballots that lack power will have to close, resulting in voter disenfranchisement. This is inexcusable, especially as voting advocates have long urged states to provide emergency paper ballots. Other states present their own hazardous recount challenges. About one quarter of voters nationwide will use paperless direct-recording electronic (DRE) voting machines, most of which have touch screens. Unfortunately, the DRE software can store voters’ choices incorrectly.

Colorado: Voting in Colorado

Arapahoe County Colorado was in the news the week with the Denver Post reporting that envelopes containing absentee ballots mailed to over 230,000 voters included “I Voted” stickers, which rubbed up against the ballot and in some cases left a faint, near-linear mark that appeared exactly where voters draw a line to select their candidates. The Secretary of State has issued a list of procedures to address the potential of un-readable ballots and because there is a software independent record of the voted, officials are confident that the problem can be resolved. Unfortunately not all potential problems with the Colorado’s voting technology can be resolved.

For polling place and early voting, Colorado uses Direct Recording Electronic (DRE) machines and paper based optical scan systems as well as at least two counties doing hand count of paper ballots. About 70% of ballots cast in Colorado are returned by mail. Some counties have only residual use of DRE to satisfy HAVA requirements, others collect substantial votes on DRE in precinct polling places. Some counties receive paper ballots at polling places but count them centrally by optical scan.

Verified Voting Blog: Internet Voting in the U.S.

The assertion that Internet voting is the wave of the future has become commonplace. We frequently are asked, “If I can bank online, why can’t I vote online?” The question assumes that online banking is safe and secure. However, banks routinely and quietly replenish funds lost to online fraud in order to maintain public confidence. We are told Internet voting would help citizens living abroad or in the military who currently have difficulty voting. Recent federal legislation to improve the voting process for overseas citizens is a response to that problem. The legislation, which has eliminated most delays, requires states to provide downloadable blank ballots but does not require the insecure return of voted ballots.

Yet another claim is that email voting is safer than Web-based voting, but no email program in widespread use today provides direct support for encrypted email. As a result, attachments are generally sent in the clear, and email ballots are easy to intercept and inspect, violating voters’ right to a secret ballot. Intercepted ballots may be modified or discarded without forwarding. Moreover, the ease with which a From header can be forged means it is relatively simple to produce large numbers of forged ballots. These special risks faced by email ballots are in addition to the general risks posed by all Internet-based voting schemes.

Verified Voting Blog: Virginia – the new Florida?

There are many ways in which Virginia 2012 could resemble the Florida 2000 – only worse. At least in 2000 there were paper ballots to recount in Florida.  But only 7 out of 134 Virginia localities (Virginia terminology for counties and independent cities) do not use paperless  Direct Recording Electronic (DRE) voting machines. If a DRE loses or miscounts ballots, it is essentially impossible to determine the correct results.

As if to guarantee that it will be impossible ever to verify an election in Virginia, Virginia law actually prohibits manual post-election ballot audits of paper ballots, except in extremely narrow and unlikely circumstances. This prevents election verification even in the 7 localities that have no paperless DREs (Chesterfield, Gloucester, Hanover, New Kent, Wythe, Fredericksburg, and Williamburg), together with the 30 other localities that have a mix of paper ballots and paperless voting machines.  Unless the anti-verification law is repealed, Virginia will continue to be a poster child for how not to run an election, even after Virginia replaces all of its antiquated paperless DREs with paper ballot based optical scan systems, as it should. But it gets worse.

Two notoriously unreliable paperless DRE systems are still being used in Virginia, years after their inadequacies had become common knowledge. A distinctive feature of the WINVote that makes it particularly vulnerable is it’s use of wifi to communicate between equipment in the polling place. The AVS WINVote, used only in Hind County, Mississippi and in the state of Virginia, failed to qualify for federal certification in 2007, even to the lower testing of the two voting systems standards. Since then, AVS seems to have folded, with maintenance  done by Election Services Online, a Philadelphia based company with ties to the Shoup family, that founded AVS predecessor company over a century ago.

The other unreliable paperless DRE system is the Unilect Patriot, which gained notoriety in November, 2004 in both North Carolina and Pennsylvania. In Carteret County, N.C. a Patriot machine lost almost 4500 votes in early voting, while in Pennsylvania the Patriot appears to have lost a significant number of votes in the 2004 presidential race. Pennsylvania Secretary of State Pedro Cortes issued a report claiming that the Patriot was not “capable of absolute accuracy” and was not “safely and efficiently usable”. Pennsylvania decertified the Patriot; it is now used only in Virginia. Should either the AVS WINVote or the Unilect Patriot malfunction on Election Day with the Presidential or Senate race hanging in the balance, our country could be in uncharted territory.

Verified Voting Blog: Ohio – Improved but Still a Concern

Ohio’s status as a large battleground state means that problems in Ohio could have a significant impact nationwide. Although Ohio is in better shape than a number of states because there are no paperless voting machines,The major concern is that about half the counties use Direct Recording Electronic (DRE) machines, though they are equipped with Voter Verified Paper Audit Trail (VVPAT) printers. In theory a VVPAT is supposed to accurately represent the choices the voter makes with the touch screen machine. In practice, VVPATs can be difficult and even confusing to read. Tests have shown that most voters do not bother to check the VVPAT.  Therefore, VVPATs offer only limited protection against election theft. Someone wishing to steal an election could change both the electronic version of the voter’s choices and the VVPAT, while retaining the correct version on the DRE screen, so that the change would not be obvious to the voter.  If the voter happens to notice and void the VVPAT, election rigging software could print and store in memory the voter’s correct choices. That way, the VVPAT results would match the electronic ones, even though the overall result was rigged.

Verified Voting Blog: Problems come when using databases to disqualify voters

During their news conference Friday, Iowa’s Republican secretary of state, Matt Schultz, and Democratic attorney general, Tom Miller, presented evidence suggesting there are non-citizens who have registered to vote illegally and that some of these illegal registrants have voted. Clearly, further investigation is called for, and if indeed these people have voted, they should be prosecuted. I am worried, however, about the effort to run a database matching effort to ferret out and remove non-citizens from the voting rolls. The central problem here is that we have no requirement of registering to vote under the same name as we use for other purposes.

For a driver’s license, you present a birth certificate, so your name on the driver’s license will match your birth certificate. To register to vote, you can use your employer ID card and a phone bill. As it turns out, my voter registration is in the same name as my driver’s license. That’s because I used my license to register about 32 years ago. On the other hand, my employer’s ID card lists my name differently (just a middle initial). I could have registered to vote with that card, had I wanted to. There is no legal requirement that I use the same name everywhere, and in fact, I use a variety of names and nicknames:

  • Most people know me as Doug Jones.
  • Some know me as Douglas Jones.
  • To my employer, I’m Douglas W. Jones.
  • And on my driver’s license, I’m Douglas Warren Jones.

I’m not trying to confuse people. It’s just that, at various times, I’ve used different and obvious variations on my full name.

Verified Voting Blog: Rush Holt’s Voter Confidence and Increased Accessibility Act of 2011 (HR 5816)

On May 17, US Rep. Rush Holt (D-NJ) re-introduced The Voter Confidence and Increased Accessibility Act of 2011 (HR 5816), together with 98 co-sponsors. The language in the bill matches that of HR 2894, introduced by Mr. Holt in the 111th Congress in 2009 and would require voter-marked paper ballots in all federal elections. The bill would authorize funding for states to purchase voting equipment, require hand-counted audits of electronic vote tallies, and reform the process of testing voting equipment. The language of HR 5816 is also included as Title VI of the omnibus election reform bill, The Voter Empowerment Act (HR 5799.) It was referred to the Subcommittee on Election of the Committee on House Administration and the Committee on Science, Space, and Technology.

As with earlier versions of Mr. Holt’s legislation, Verified Voting is proud to endorse HR 5816. Verified Voting President Pamela Smith notes “this bill provides a baseline standard for our voting systems that’s so essential the voter confidence — not just that the outcome is correct, but that it actually means something when they take the time to go and vote.”  Reflecting the added urgency of Mr. Holt’s legislation since it was first introduced, Smith adds “the funding called for in this bill to support the movement to more resilient and reliable voting systems is urgently needed in many states and counties where voting systems are aging rapidly and need to be replaced.”

In 2010, over 60 percent of the nation’s voters cast their votes on paper ballots that were read by electronic scanning devices. In the last several years, voter-marked paper ballots have become the most popular means of providing a paper record of each vote. “Paper trail” printers attached to voting machines are an alternative method of providing a paper record, but have reliability problems, such as printer jams. They are cumbersome to recount, raise privacy concerns because they store all votes on a continuous roll, and go unchecked by significant numbers of voters. Three-fourths of the states have adopted voting systems that provide some form of voter-verifiable paper record, but a significant number still use electronic voting machines that offer no voter-verifiable backup. In at least ten states in the 2012 elections, most or all of the votes will be cast on paperless electronic voting systems. These include Indiana, Virginia, and Pennsylvania, as well as Delaware, Georgia, Kansas, Louisiana, South Carolina, and Texas.

Verified Voting Blog: Verified Voting Comments on Proposed Changes to Colorado Election Rule 43

On February 14, 2012, Colorado Secretary of State Scott Gessler held a hearing on proposed changes to existing regulations governing county procedures for the security of ballots, voting equipment, and other election materials.  The public was invited to comment.  Verified Voting reviewed the proposed rules changes (which can be found here) and made the following comment, highlighting concerns about changes to chain procedures of custody of ballots and equipment. Submitted February 21, 2012

Thank you for this opportunity to comment upon proposed revisions to Colorado Election Rules governing county procedures for securing election equipment and materials. Verified Voting is a national nonpartisan organization working to safeguard elections in the digital age. We seek to promote the deployment of election systems and practices that vouchsafe the accessibility, reliability, and transparency of public elections. We believe that the proposed revision contains several positive changes, as well as some that cause concern, or call for more clarity.

Verified Voting Blog: Roadmap for Future California Elections

When it comes to elections, what does California do well? What could California do better? How have we led, and how have we perhaps lagged behind? These are questions that a diverse group of individuals and organizations asked themselves and one another over the course of three months, with an aim to envision the future of California’s elections. It turned out to be an extraordinary conversation and a process which could very well serve as a model for other states as well. One driving force in the process was the convening organization, the James Irvine Foundation, which has long worked on issues of importance to Californians. The participants included a diverse range of representatives with a concern for voters and not-yet voters, for elections and how they function, and for California’s democracy.

Download the Roadmap for Future California Elections (pdf)

Verified Voting Blog: Developing Standards for Election Data

 

One of the challenges faced by advocates of election audits and transparency is that current voting systems each record and store election file data in unique ways. This is no surprise given that vendors have long claimed that their systems are proprietary. But the current model of storing election data in ways that prevent easy sharing and analysis is proving difficult for election officials, statisticians, election integrity advocates, and even voting systems vendors. Because of these problems, serious discussion is taking place about what can be done about standardizing election data.

Often, within a single state there are many different voting systems from multiple vendors. At the same time, many elections, including most federal and statewide races, cross election jurisdictions so that votes for the same race are reported in different ways, depending on the system type used in each district. Even a single polling place may have different types of equipment – an optical scanner and a touch screen device for accessible voting for example – which report results in incompatible ways but which must be combined after the polls close.