Verified Voting Blog: Dismissed Venango County Pennsylvania Election Board Files Appeal

Attorney Charles A. Pascal, Jr., has filed a Motion For Reconsideration on behalf of members of the specially appointed Venango County Election Board. The filing was made this afternoon in response to President Judge Oliver J. Lobaugh’s order dismissing the Board yesterday. Citing ongoing investigations into serious voting machine problems reported during the May 17 primary election, the specially appointed Election Board requested that they be allowed to continue their work until 11:59 PM on December 31, 2011.

“The members of the specially appointed Board of Elections believes that it is necessary to continue their work in order to assure the voters of the County of Venango of the integrity of the election process in the county,” the Motion states, “and to assure that any possible violations of policy, protocol, best practices, or the law, or any directive of the Pennsylvania Secretary of State, are not repeated in future elections.”

Verified Voting Blog: If I can shop and bank online, why can’t I vote online?

There is widespread pressure around the country today for the introduction of some form of Internet voting in public elections that would allow people to vote online, all electronically, from their own personal computers or mobile devices. Proponents argue that Internet voting would offer greater speed and convenience, particularly for overseas and military voters and, in fact, any voters allowed to vote that way.

However, computer and network security experts are virtually unanimous in pointing out that online voting is an exceedingly dangerous threat to the integrity of U.S. elections. There is no way with current technology to guarantee that the security, privacy, and transparency requirements for elections can all be met with any security technology in the foreseeable future. Anyone from a disaffected misfit individual to a national intelligence agency can remotely attack an online election, modifying or filtering ballots in ways that are undetectable and uncorrectable of just disrupting the election and creating havoc. There are a host of such attacks that can be used singly or in combination. In the cyber security world today almost all of the advantages are with attackers, and any of these attacks can result in the wrong persons being elected, or initiatives wrongly passed or rejected.

Nonetheless, the proponents point to the fact that millions of people regularly bank and shop online every day without apparent problems,. They note that an online voting transaction resembles an ecommerce transaction, at least superficially. You connect your browser to the appropriate site, authenticate yourself, make your choices with the mouse, click on a final confirmation button, and you are done! All of the potential attacks alluded above apply equally to shopping and banking services, so what is the difference? People ask, quite naturally, “If it is safe to do my banking and shopping online, why can’t I vote online?”

This is a very fair question, and it deserves a careful, thorough answer because the reasons are not obvious. Unfortunately it requires substantial development to explain fully. But in brief, our answer is in two-parts:

1. It is not actually “safe” to conduct ecommerce transactions online. It is in fact very risky, more so every day, and essentially all those risks apply equally to online voting transactions.

2. The technical security, privacy, and transparency requirements for voting are structurally different from, and much more stringent than, those for ecommerce transactions. Even if ecommerce transactions were safe, the security technology underpinning them would not suffice for voting. In particular, the security and privacy requirements for voting are unique and in tension in a way that has no analog in the ecommerce world.

Verified Voting Blog: Report on the Estonian Internet Voting System

I visited Estonia in mid-July of this year at the invitation of Edgar Savisaar, the country’s first prime minister and current mayor of Tallinn. Mr. Savisaar is the leader of the Centre Party, which placed second in recent national elections. The Centre Party and Mr. Savisaar have been questioning the outcome of the Internet voting portion of those elections. They invited me to Estonia because of a presentation I made at a European Parliament panel on the risks of Internet voting.

I told my hosts that I was happy to discuss the risks of Internet voting, but I would not comment on internal Estonian politics. When asked whether or not I thought the national election was rigged, I refused to comment, aside from saying that no one could prove that it was or was not rigged, because there is no way to conduct a recount of an Internet election.

The Internet portion of the 2011 election lasted from February 24 to March 2, with paper balloting conducted on March 6. The Internet vote was counted the evening of March 6. Estonian law allows complaints to be submitted only during the 3 days immediately following the procedure being challenged. Since Internet voting is considered separate from paper voting, the final day for submitting complaints about Internet voting was March 5. Graduate student Paavo Pihelgas was the only person who submitted a complaint by the deadline. (The Centre Party and independent candidates tried to file complaints, but they did not do so within the required 72 hour time frame).

Verified Voting Blog: Let the MOVE Act have a chance to work before considering electronic return of ballots

Military and overseas voters saw improvements in their ability to vote in 2010, thanks to the Military and Overseas Voter Empowerment Act (MOVE) passed in late 2009, according to a report to Congress last month by the Military Postal Service Agency (MPSA). The report indicates that MOVE will improve things further as its provisions become better known and implemented.

The MOVE Act required states to send ballots to military and overseas voters at least 45 days before election-day in federal elections so they have time to return their voted ballot. MPSA must pick up ballots for return to election offices no later than 7 days before election day. MOVE also sped up the process by requiring states to offer electronic transmission (website, email, fax) of blank ballots and registration materials. The law stopped short of establishing electronic return of voted ballots because ballots cannot be secured against undetected interception and manipulation over the internet. New procedures were implemented for 2010, coordinating MPSA with USPS, including the use of Express Military Mail Service (EMMS) for uniformed overseas service members and their families.

Verified Voting Blog: Report on second risk-limiting audit under AB 2023 in Monterey County California

The second risk-limiting audit under California AB 2023 was conducted on May 6 in Monterey County. The contest was a Special all-mail election for Monterey Peninsula Water Management District Director, Division 1.  Monterey uses Sequoia equipment. There were two candidates: Brenda Lewis and Thomas M. Mancini, and write-ins. 2111 ballots were cast in all.  The reported totals were 1353 reported for Lewis, 742 for Mancini, and 13 write-ins. The remaining 3 ballots were recorded as undervotes and overvotes.  Lewis was reported to have 64.18% of the valid votes.

Two members of the public observed the entire audit process, which took roughly 90 minutes including some preliminary explanation of the procedure. They confirmed that their interpretation of the ballots agreed with mine and the elections officials’, and they helped roll the dice used to select ballots at random.  In conversations afterward, they seemed quite satisfied with the transparency of the procedure (although perhaps not utterly convinced by the mathematics that justified the details).

The audit was performed as follows. After the ballots had been tabulated officially, elections officials Bates-stamped each with a unique serial number (1962 ballots that were scanned had been stamped prior to audit day; the remaining 149 were stamped as part of the audit). It is my understanding that stamping the ballots took about 5 person-hours in all.

Verified Voting Blog: Online voting is risky and expensive

Online voting is an appealing option to speed voting for military and overseas voters. Yet it is actually “Democracy Theater”, providing an expensive, risky illusion of supporting our troops. Technologists warn of the unsolved technical challenges, while experience shows that the risks are tangible and pervasive. There are safer, less expensive solutions available. This year, the Government Administration and Elections Committee held hearings on a bill for online voting for military voters. Later they approved a “technical bill”, S.B. 939. Tucked at the end was a paragraph requiring that the Secretary of the State “shall, within available appropriations, establish a method to allow for on-line voting by military personnel stationed out of state.”

In 2008, over thirty computer scientists, security experts and technicians signed the “Computer Technologists’ Statement on Internet Voting,” listing five unsolved technical challenges and concluding: “[W]e believe it is necessary to warn policymakers and the public that secure internet voting is a very hard technical problem, and that we should proceed with internet voting schemes only after thorough consideration of the technical and non-technical issues in doing so.” The prevailing attitude seems to be, if voters and election officials like it and see no obvious problems then it must be safe.

Verified Voting Blog: Oak Ridge, spear phishing, and i-voting

Oak Ridge National Labs (one of the US national energy labs, along with Sandia, Livermore, Los Alamos, etc) had a bunch of people fall for a spear phishing attack (see articles in Computerworld and many other descriptions). For those not familiar with the term, spear phishing is sending targeted emails at specific recipients, designed to…

Verified Voting Blog: Flawed Wisconsin Race Proves Need for Transparency, Accountability in Election Procedures

When Wisconsin voters flocked to the polls on April 5, one of the factors driving the high turnout was the State Supreme Court contest between incumbent Justice David Prosser and challenger JoAnne Kloppenburg. Prosser, whose term ends July 31, often casts the deciding vote on the seven-member court. He is a conservative Republican former Speaker of the Assembly seen as closely allied to Wisconsin’s controversial Gov. Scott Walker. Kloppenburg, a virtual unknown who was given little chance of success when she entered the race several months ago, was buoyed by the high passions stirred by Walker’s actions to strip government employees of their collective bargaining rights. Though the race is officially nonpartisan, it was seen as both a referendum on Walker and a chance to affect the Supreme Court’s ruling on Walker’s actions, which are likely to be reviewed by the Court in its next term. Election night results were considered too close to call, but the next day when seemingly all the votes had been tallied, Kloppenburg claimed victory with a margin of 204 votes of the more than 1.4 million total votes cast. A recount seemed inevitable.

[pullquote align=”left”][media url=”http://www.youtube.com/watch?v=ldCVBB-ruKY” width=”360″ height=”240″ jwplayer=”controlbar=bottom”][/pullquote]Then one day later, County Clerk Kathy Nickolaus of Republican stronghold Waukesha County suddenly announced in a dramatic press conference that she had forgotten to include the votes of the county’s second-largest city, Brookfield, in her tabulation. The more than 14,000 votes she added now gave Prosser a lead of almost 7,316 votes of the 1,498,880 votes cast, or 0.488%. Wisconsin picks up the tab for recounts where the margin of victory is less than 0.5%, so this falls just barely within the margin of a state-funded recount.

Verified Voting Blog: Losing Democracy in Cyberspace

It has been nothing short of astonishing that, within a few weeks, the brave people of Tunisia and Egypt toppled corrupt dictators who ruled for decades. One of the protesters’ key demands was for democratic elections — the right to choose a government that is responsive to the people’s needs. That is also what protesters in Bahrain, Yemen, Iran, Jordan and Libya are demanding as they call for the dissolution of their autocratic and oppressive governments. As the protesters know all too well, voting does not mean that one’s vote will be counted. In Egypt’s 2005 elections, Hosni Mubarak was reelected with 88.6 percent of the vote. In 2009, Tunisia’s Zine El Abidine Ben Ali was reelected with an 89.6 percent landslide victory. In both cases allegations of fraud and corruption surrounded the elections.

What nobody is talking about is how votes will be cast in emerging democracies. For elections to be legitimate in such countries, it is critical to use voting technology that counts votes accurately. In the 21st century, chances are high that computers will be used in some form in the coming elections in Egypt and Tunisia. But voting computers, like heads of state, must be held accountable to the people they serve. It is a tenet of computer science that computers can be programmed to do anything, including play “Jeopardy!” and steal votes.

Verified Voting Blog: Paper Ballots – New York Courts Don’t Get It

New York State’s highest Court has upheld lower Court decisions to stop any further counting of ballots and declare a winner in the 7th Senate District race. The decision is unfortunate on many levels, not the least of which is that it sets legal precedent in the State for how we verify election results by auditing and recounting paper ballots. New York’s Courts have now ruled, in essence, “We do not use paper ballots to verify elections.” The Court, displaying a lever-machine mindset, believed it’s okay to trust the machine. It never was of course, but New York has never had a way to verify election results before. The Court didn’t understand why we need to compare machine reported results with a manual inspection of ballots in the audit, failing to grasp that the way we get to the real result is counting the paper, not avoiding it at all costs.

Verified Voting Blog: New York SD 7: Count the Paper

In the first test case of how we verify election results using New York’s new paper ballots, the State Judiciary is in the process of setting an egregious precedent – Judges are free to nullify audits and recounts in the interests of having a quick decision. In Nassau County’s contested 7th Senate District (SD7) race, two State Courts that have heard the case to date have made very bad decisions. Ruling that even if New York’s audit laws require a further hand count of paper ballots, accepting the machine results and declaring a winner outweigh the public’s right to know who really won the election. [ See news reports here and here.]

The Johnson and Martins dispute demonstrates the typical dynamic in close political contests when paper ballots are available to inspect – regardless of party affiliation, the candidate in the lead wants to stop further ballot counting, the candidate behind wants to continue. And the Courts almost always become involved in one way or another. In the SD7 case, Johnson asks the Court to order a full manual recount, since several machines failed the initial 3% audit. Martin’s legal team on the other hand argues that “At the end of the day we must balance accuracy with finality”. The meaning here is hardly disguised – stop counting ballots, we’re more interested in winning than getting an accurate result.

Verified Voting Blog: Maryland Report – Scanners Cost Less than DREs

A new study commissioned by the state of Maryland has just taken a close look at the relative cost of optical-scan paper-ballot voting systems compared with electronic touch-screen systems, and found that optical-scan paper-ballot systems are less expensive . These findings are timely and important not only for Maryland, but for other states as well. With Maryland’s direct-recording electronic voting machines (DREs) approaching the end of their useful lifespan, the report by the Department of Legislative Services notes that using the systems becomes increasingly risky as the machines age. The report recommends that the State should move to implement optical scan systems for “long-term cost-effectiveness and cost control.” and that “Maryland would spend $9.5 million less on an optical scan system than it would on a DRE system. Both [Operations and Maintenance]and capital costs are expected to be lower over the long term under an optical scan system.”

Using current costs of service contracts and cost proposals submitted to the State, the study concludes that “Overall, the cost of continuing to use the state’s current voting system will be higher than transitioning to an optical scanning system.” The study compared price quotes submitted to Maryland with five other states and ascertained that the proposed purchase of the optical scan devices and related equipment appears to be in line with what other jurisdictions have paid for identical equipment. In all cases where direct comparisons can be made of ES&S pricing on software and hardware from past contracts, the price quotes in the Maryland response are comparable or better.”

Verified Voting Blog: Unique Challenges of Election Administration

For most Americans the election has been over for two weeks, but for the state and local officials tasked with administering elections the process continues. Most jurisdictions are involved in the certification process, during which vote totals are confirmed, absentee ballots are tabulated and the status of provisional ballots are determined. Over half the states conduct a post election audits of some ballots. And of course some jurisdictions are involved in recounts of close contests. Most of the time the demanding work of election officials goes unnoticed and unacknowledged until something goes wrong or comes under the microscope in the politically charged atmosphere of a recount.

Verified Voting Blog: Pulling the Lever for Paper

The 2010 elections quietly marked a milestone in election technology history. For the first time in over a hundred years, this was the first national election in which mechanical lever machines were not used. Lever machines were at one time so ubiquitous in US culture that the phrase “pull the lever” is still the go-to phrase we use to mean “cast the vote”. Most states made the transition from levers years ago, beginning in the 1980s when the first optical scanners were employed. But in New York State, this election was the first one without levers in a very long time. Fortunately, the new technology the State chose to use is paper ballots and optical scanners,  not paperless electronic voting. And those paper ballots are proving their worth already in several disputed elections around the state.

Media reports of “problems with the new voting systems” really have it the wrong way around. Perhaps it’s because New York isn’t yet used to having an actual paper record of votes, so we don’t yet understand the value of a recount. When outcomes are uncertain or disputed, recounting paper ballots is the best way there is to find out who really won an election. New York’s new ability to count the paper is not a problem, it’s the solution.

Verified Voting Blog: Paper vs. Electronic Voting in Houston

Back in late August, Harris County (Houston)’s warehouse with all 10,000 of our voting machines, burned to the ground. As I blogged at the time, our county decided to spend roughly $14 million of its $40 million insurance settlement on purchasing replacement electronic voting machines of the same type destroyed in the fire, and of the same type that I and my colleagues found to be unacceptably insecure in the 2007 California Top-to-Bottom Report. This emergency purchase was enough to cover our early voting locations and a smattering of extras for Election Day. We borrowed the rest from other counties, completely ignoring the viral security risks that come with this mixing and matching of equipment. (It’s all documented in the California report above. See Section 7.4 on page 77. Three years later, and the vendor has fixed none of these issues.)

Well, the county also spent the money to print optical-scan paper ballots (two sheets of 8.5″ x 17″, printed front and back), and when I went to vote this morning, I found my local elementary school had eight eSlate machines, all borrowed from Travis County (Austin), Texas. They also had exactly one booth set up for paper ballot voting. After I signed in, the poll worker handed me the four-digit PIN code for using an eSlate before I could even ask to use paper. “I’d like to vote on paper.” “Really? Uh, okay.” Apparently I was only the second person that day to ask for paper and they were in no way making any attempt to give voters the option to vote on paper.

Verified Voting Blog: In D.C.’s Web Voting Test, the Hackers Were the Good Guys

Last month, the District conducted an Internet voting experiment that resulted in a team from the University of Michigan infiltrating election computers so completely that they were able to modify every ballot cast and all election outcomes without ever leaving their offices. They also retrieved the username and password for every eligible overseas voter who had signed up to participate. The team even defended the system against attackers from China and Iran. More than any other event in recent years, this test illustrates the extreme national security danger of Internet voting.

Though the District’s Board of Elections and Ethics prudently dropped the plan to use the most dangerous parts of the system in Tuesday’s midterms, the board still claims Internet voting is the wave of the future. By contrast, the consensus of the computer security community is that there is no secure Internet voting architecture suitable for public elections. The transmission of voted ballots over the Internet, whether by Web, e-mail or other means, threatens the integrity of the election. Simply fixing the problems identified in the District’s test will not prove the system secure. Almost certainly the next test will discover new vulnerabilities yielding a similar disastrous result.

People frequently ask: If we can bank online, why can’t we vote online? The answer is that because every banking transaction must be associated with a customer, banks know what their customers are doing, and customers get monthly statements that can be used to detect unauthorized transactions. There is no banking equivalent of the requirement for a secret ballot untraceable to the voter. While banks have huge budgets for mitigating security problems, they still lose substantial sums due to online fraud. In addition, while banks may tolerate the costs of online theft, because they save money overall, elections cannot tolerate a “small” amount of vote theft. For more than a decade, computer security scientists have been warning of certain core dangers related to Internet voting. The successful Michigan incursion confirmed many of them.

National: Vote Flipping and Touch Screen Calibration

Again this election cycle, stories have emerged about “vote flipping”, most notably in Texas, where a video of erratic touchscreen behavior was posted on several sites, and in several North Carolina counties. (link, link, link, link) As voting technology expert Douglas Jones wrote several years ago, it seems unlikely that vote flipping is evidence of intentional hacking. However, these incidents do highlight the lack of transparency of software-generated election results and undermine confidence in elections generally. Vote flipping can be caused by a voter touching the screen in two places, for example resting one hand on the machine while making selections with the other (see pp. 20-22 here), but the most likely cause of “vote-flipping” is miscalibration. As Rice University computer scientist Dan Wallach explains in a post at ACCURATE:

The screen shows pictures of buttons with labels for the various candidates, which the voter selects by touching the screen with their finger. Some voters using these machines have reported problems where they pressed the button for one candidate and a different candidate was selected. These issues are most likely the result of poor touchscreen calibration rather than any security problems with the voting machines’ software.

The clear, touch-sensitive layer is separate from the part of the screen that displays the buttons. The thickness of the touch-sensitive layer directly implies that when different voters are looking at the screen from different angles, they will naturally want to touch the screen at different locations. This can be partly addressed by “calibrating” the touchscreen in advance. The calibration process, familiar to anyone who owns a PDA, involves the machine displaying a series of cross-hairs and asking the user to press on the center of each cross-hair. The machine then computes a correction to ensure that selections are mapped to the correct part of the screen below. Of course, if the calibration was done incorrectly, or even if the voter is notably taller or shorter than the person who did the calibration, then presses on the screen might still be misinterpreted. Furthermore, different voters may use different parts of their finger (ranging from the fingernail to the whole finger), which may differ from how the system was calibrated. (See also “Touch Screen Usability: Election Edition!” and “Vote Flipping and Touchscreens“) Vote flipping was investigated in several articles during the 2008 election cycle. Computerworld interviewed both voting machine vendor and election integrity activists for “Are design issues to blame for vote ‘flipping’ in touch-screen machines?” and Wired magazine posted an article about the potential for maliscious calibration as detailed in the Ohio EVEREST report.

Verified Voting Blog: Hacking the D.C. Internet Voting Pilot

The District of Columbia is conducting a pilot project to allow overseas and military voters to download and return absentee ballots over the Internet. Before opening the system to real voters, D.C. has been holding a test period in which they’ve invited the public to evaluate the system’s security and usability. This is exactly the kind of open, public testing that many of us in the e-voting security community — including me — have been encouraging vendors and municipalities to conduct. So I was glad to participate, even though the test was launched with only three days’ notice. I assembled a team from the University of Michigan, including my PhD students, Eric Wustrow and Scott Wolchok, and Dawn Isabel, a member of the University of Michigan technical staff. Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots. In this post, I’ll describe what we did, how we did it, and what it means for Internet voting.

Verified Voting Blog: States May Use Federal HAVA Funds for Post-Election Audits

Post-election audits of electronic vote tallies are inexpensive.  The process is simple: a sample of precincts (or batches of ballots that have been tallied electronically) is chosen randomly, counted by hand, and compared to the corresponding computer tally.  To mention just two examples, North Carolina conducted an audit of  the Presidential election in 275 precincts (almost 10% of the total precincts in the state) for a statewide total of $31,000, and  Connecticut’s November 2008 audit costed 11 cents per audited race on each ballot.

Still, in these straightened times, States and counties with auditable voting systems might be concerned about the costs of manually counting ballots.  In May, the U.S. Election Assistance Commission gave such jurisdictions excellent but little-noticed news: the Commission ruled that States may use Federal Help America Vote Act (HAVA) funds to pay for the cost of post-election audits.  The EAC concluded that funds allocated under either Section 101 or Section 251 of HAVA may be used to fund audits.

Verified Voting Blog: Dangers of Internet Voting Confirmed

For years, computer security experts have said that casting ballots using the Internet cannot be done securely. Now, after a team from the University of Michigan successfully hacked the Washington D.C. Board of Elections and Ethics (DCBOEE) public test of Internet voting, we have a visceral demonstration of just how serious the threats really are.…

Verified Voting Blog: Coalition Calls For Halt to Washington State E-mail Ballot Program

This week, as University of Michigan computer technologists revealed in stark fashion the risks of Internet voting, Verified Voting, Common Cause, and Voter Action worked to halt an effort to expand the electronic return of voted ballots in Washington State. The Secretary of State of Washington  has proposed an emergency rule that would allow voters to send their votes home to election officials via e-mail.  In a letter to the Secretary this week, the three organizations and a cooperating attorney wrote that e-mail balloting is not required by Federal or State law, and exposes voters’ ballots to unacceptable risk of error or fraud.

This week, Dr. Alex Halderman and his students at the University of Michigan provided a powerful demonstration of the wisdom of avoiding the electronic submission of voted ballots for the foreseeable future.  Professor Halderman’s team hacked the District of Columbia’s pilot Internet voting portal for the District’s overseas and military voters, changing the contents of encrypted ballots and re-encrypting them,discovering the identities and user PINs of voters – as well as noting attempts by users in Iran and China to gain access to the DC voting system.

Verified Voting Blog: The meaning of Alex Halderman’s successful attack on the DC Internet voting system

University of Michigan Prof. Alex Halderman has now released some details about his successful attack on the District of Columbia’s proposed Internet voting system which has been under test for the last week. (See www.freedom-to-tinker.com.) It is now clear that Halderman and his team were able to completely subvert the entire DC Internet voting system remotely, gaining complete control over it and substituting fake votes of their choice for the votes that were actually cast by the test voters. What is worse, they did so without the officials even noticing for several days. Let there be no mistake about it: this is a major achievement, and supports in every detail the warnings that security community have been giving about Internet voting for over a decade now. After this there can be no doubt that the burden of proof in the argument over the security of Internet voting systems has definitely shifted to those who claim that the systems can be made secure.

Verified Voting Blog: Report from the Senate Hearings on the New York State Primary

On September 29th Senator Joseph Addabbo, chair of the Senate Elections Committee held a hearing on the recent New York State primary when new paper ballot and optical scan systems were used statewide for the first time. The hearing focused on reported problems that occurred in New York City, the largest election jurisdiction in the country with almost 4.5 million registered voters. In addition to the New York City Board of Elections, others giving testimony included the New York City Public Advocate Bill de Blasio, the Brennan Center for Justice, the League of Women Voters of the City of New York, NYPIRG, Commissioner Doug Kellner of the State Board of Elections and others. Senator Addabbo chaired the hearing, with Senators Bill Perkins, Liz Krueger, and Daniel Squadron also attending.

Verified Voting Blog: Thoughts on the New York Primary

Despite the impressions received from media reports, the September 14th primary was not the first time that New Yorkers voted on paper ballots and scanners. In the 2009 off-year election, 47 counties in upstate New York used the new systems as part of a pilot program. This trial run taught participants valuable lessons, and New York City’s decision to abstain led directly to many of the problems reported there. In general, things went smoother upstate than in the City. Problem reports broke down into a few main categories:

Privacy Issues – One of the big lessons from the 2009 pilot was that voters felt that their ballots were too often exposed to public view. Some of this was inevitable – using a lever machine, surrounded on all sides by panels and curtains, the voter is in an isolation booth. Today, the small privacy booths where voters fill out their ballots are open on the back side, and if not placed correctly at the poll site (for example with the open side facing a wall) one can feel exposed. It’s very important that Boards of Elections think about layout and lines of sight within the polling place. A second frequent privacy complaint concerned carrying the paper ballot in plain view over to the scanner. This can only happen if Boards of Elections do not provide sufficient supplies of ‘privacy sleeves’ (folders which conceal the completed ballot) and adequately train poll workers in their distribution and use. Lack of privacy sleeves is an administrative failure, and is really inexcusable.

Verified Voting Blog: An Important New Proposal for Voting Machines

If you’ve wondered why voting machine problems seem to occur again and again around the country and what can be done about it, the Brennan Center at New York University School of Law has an answer. A report released last week by the non-partisan organization, Voting System Failures: A Database Solution, found that in the absence of requirements to report malfunctions, vendors do not keep election officials informed about voting system defects. The report recommends several remedies for this pervasive problem. Among other conclusions, it calls for a searchable national database of voting machine problems to be created and made available to the public.

The report found that election officials “must rely almost exclusively on the voting system vendors for information about malfunctions, defects, vulnerabilities and other problems that the vendors have discovered, or that have occurred with their voting systems in other states“. Vendors “don’t have an incentive to inform [election officials] of certain problems with their systems”. Noting that this leads to repeated failures of systems year after year, ” these malfunctions – and their consequence, disenfranchisement – could have been avoided had election officials and/or public advocates known about earlier problems and had an opportunity to fix them”.