Post Election Audits

Tag Archive

National: Can US Elections Be Hacked? Security Experts Call For More Protections Against Election Hacking | International Business Times

More than one hundred security researchers and experts signed on to a letter sent to member of the United States Congress to warn of their belief that not enough has been done to protect against potential threats to state and federal elections. The letter, published Wednesday as a Senate Intelligence Committee hearing on Russian interference during the 2016 U.S. presidential election, argues many states are unprepared to respond to cybersecurity risks that may arise during upcoming election.The signatories laid out three primary suggestions for securing the electoral process and prevent against any potential tampering that may occur. First, the experts called on election officials to establish voter-verified paper ballots as the “official record of voter intent.” Doing so would require phasing out paperless voting machines that offer no way to verify if a vote tallied by the system corresponds to the vote intended to be cast by the voter. Read More

National: DHS Never Ran Audit to See if Votes Were Hacked | Daily Beast

Despite assurances from the U.S. intelligence community that Russian hacking only influenced the 2016 U.S. election—and didn’t change vote tallies—there was never actually a formal federal audit of those systems, the Department of Homeland Security said. And while DHS offered free security scans to any state that wanted them, many states—even ones that took up the DHS offer, like Michigan and Maine—either use audit procedures that are considered inadequate or don’t audit their election results at all. “I think there’s a presumption amongst both the general public and lawmakers that DHS did some sort of investigation,” said Susan Greenhalgh, who serves as Elections Specialist at Verified Voting, a nonprofit devoted to U.S. election integrity. “It didn’t happen. That doesn’t mean that something happened, but it also means it wasn’t investigated.” Read More

Kansas: WSU statistician: New voting machines more tamper-resistant, but not perfect | The Wichita Eagle

Wichita State University statistician Beth Clarkson says Sedgwick County’s new voting machines leave less room for vote tampering than the old ones did, but still aren’t perfect. “It’s a step in the right direction,” said Clarkson, who has a doctorate in statistics and works as chief statistician at WSU’s National Institute for Aviation Research. “If we would audit (the machines), that would be another step in the right direction.” On the plus side, she said, the new machines do print paper ballots with the voters’ choices printed on them. That allows voters to review their ballots and verify their selections before they feed the cards into a separate counting machine. It also will make it possible to do a hand recount in future races if problems are suspected with the machine counts, she said. On the downside, Clarkson said, the votes are still counted by computerized machinery, which creates the possibility of hacking or tampering with the software to change the outcome. Clarkson is a leading skeptic of the vote counting in recent south-central Kansas elections, citing what she says have been statistical anomalies between precincts and conflicts with the results of exit polling she oversaw last year. Read More

Verified Voting Blog: A Democracy Worth the Paper — Ballot — it’s Written on | Mark Halvorson and Barbara Simons

This oped appeared originally at Medium.com on December 19, 2016.

As the CIA digs deep to investigate foreign influence on our election, we should recognize that we don’t need cybersecurity experts to tell us if our votes have been accurately counted. Citizen observers can do the job, if we fix the way we vote and the way we verify those votes.

Our democracy is in crisis because we have introduced computers into our voting systems without proper safeguards. First and foremost, every vote must be cast on a paper ballot marked by the voter. In addition, we must require that at least a random sample of those paper ballots be counted by hand to determine if the electronically reported election results are correct.

About 25 percent of the 2016 votes, including almost all of Pennsylvania, were cast on paperless, computerized voting machines. Since software can contain bugs, programming errors, and even malware, we never should have allowed paperless voting machines to record and count our votes, because there is no way to verify that votes are properly recorded and counted inside the machines. Voting on a paperless electronic voting machine is like speaking your vote to a stranger behind a screen and ­­­­­trusting him to cast it for you, without ever seeing the person or how he marked your ballot.

Furthermore, even states with paper ballots tabulate almost all of them using computerized optical scanners. Paper ballots provide no protection unless they are manually checked after the election to verify or correct the computer-declared results. There are only two ways to independently verify electronic tallies (that is, to confirm whether or not the person behind the screen was honest and accurate): post-election audits and recounts done by hand by examining the original paper ballots. Read More

Editorials: 3 Reforms for America’s Vulnerable Democracy in Light of the 2016 Election | Robert Schlesinger/US News

The end is near. All remaining political disputes – recounts, in this case – must be wrapped up by Tuesday, six days before Dec. 19 when the members of the Electoral College meet in their respective states and ratify Donald Trump’s election to the presidency. The last procedural twitches of controversy from the 2016 election, in other words, are drawing to their inevitable close. But the book closing on the 2016 elections is a good time to take stock and consider reforms that this year has made painfully clear the system needs. After all, this election has inarguably highlighted serious vulnerabilities in the political system that need to be remedied because they are not unique to this year. I’ve got three common-sense ideas on that score. The first two reforms we ought to undertake are interrelated and have to do with ensuring the security, and thus the legitimacy, of the vote, whether from error – manmade or mechanical – or malicious attacks. Read More

National: Votes Miscounted? Your State May Not Be Able to Find Out. | Governing

Green Party Presidential Nominee Jill Stein’s recent requests for recounts in Pennsylvania, Michigan and Wisconsin highlight how few states routinely verify the accuracy of their vote counts: Twenty-two states do not require a post-election audit, and 15 states do not require paper records that could be compared against electronic vote tallies in a recount. With roughly 22.5 percent of registered voters living in election districts with paperless ballots, the pressure to audit vote counts is mounting. Modern electronic machines are susceptible to tampering, casting doubt on the security of the machines and the certainty of their final vote counts. Following the 2000 presidential election and the resulting legal challenges in Florida over inaccurate counts of votes cast on paper ballots, Congress distributed more than $3 billion to replace manual voting equipment with modern electronic machines. At the time, “there was a feeling among some election officials and state legislatures that it’d be best to avoid paper going forward,” said Larry Norden, deputy director of the Democracy Program at the Brennan Center for Justice. Instead, states opted for “computerized voting machines that just told you what the totals were and you wouldn’t have to deal with the messy process of trying to figure out voter intent.” But as it’s become clear that without a paper record there’s no way to verify vote tallies, computer scientists and election activists have begun pushing for states to not only keep a paper record but to also institute routine post-election audits. Since 2004, many states passed a law requiring audits. Read More

National: Russia probably didn’t hack US election – but we still need audits, experts say | The Guardian

The computer science experts who want the presidential election results audited don’t think a Russian vote-hacking operation is likely, either. But they’ve been upset for a decade that there’s no way to make sure. Jeremy J Epstein, senior computer scientist at research center SRI International, said the effort to audit the vote “was and is a nationwide effort over a long period of time”. The Green party candidate, Jill Stein, has applied for a recount. The Clinton campaign has said it will cooperate. “The Stein folks have somewhat hijacked the message, but I’m not worried,” Epstein said. “In fact, the goal of an audit is to verify [emphasis his] that the result was as originally reported.” Epstein describes himself as “75% confident that Trump won, and 25% that either there was an error in counting or there was a hack”. “Any accusation that it’s partisan and of-the-moment is ignorant of the history,” Epstein told the Guardian. Epstein, formerly of Princeton’s Center for Information Technology Policy, is one of the country’s foremost experts on election security and last year successfully crusaded to get insecure WinVote voting machines decertified and removed in Virginia. Read More

Verified Voting Blog: Want to Know if the Election was Hacked? Look at the Ballots | J. Alex Halderman

This response was originally posted at Medium.com and is cross-posted here with permission of the author.

haldermanYou may have read at NYMag that I’ve been in discussions with the Clinton campaign about whether it might wish to seek recounts in critical states. That article, which includes somebody else’s description of my views, incorrectly describes the reasons manually checking ballots is an essential security safeguard (and includes some incorrect numbers, to boot). Let me set the record straight about what I and other leading election security experts have actually been saying to the campaign and everyone else who’s willing to listen. 

How might a foreign government hack America’s voting machines to change the outcome of a presidential election? Here’s one possible scenario. First, the attackers would probe election offices well in advance in order to find ways to break into their computers. Closer to the election, when it was clear from polling data which states would have close electoral margins, the attackers might spread malware into voting machines in some of these states, rigging the machines to shift a few percent of the vote to favor their desired candidate. This malware would likely be designed to remain inactive during pre-election tests, do its dirty business during the election, then erase itself when the polls close. A skilled attacker’s work might leave no visible signs — though the country might be surprised when results in several close states were off from pre-election polls.

Could anyone be brazen enough to try such an attack? A few years ago, I might have said that sounds like science fiction, but 2016 has seen unprecedented cyberattacks aimed at interfering with the election. This summer, attackers broke into the email system of the Democratic National Committee and, separately, into the email account of John Podesta, Hillary Clinton’s campaign chairman, and leaked private messages. Attackers infiltrated the voter registration systems of two states, Illinois and Arizona, and stole voter data. And there’s evidence that hackers attempted to breach election offices in several other states.

In all these cases, Federal agencies publicly asserted that senior officials in the Russian government commissioned these attacks. Russia has sophisticated cyber-offensive capabilities, and has shown a willingness to use them to hack elections. In 2014, during the presidential election in Ukraine, attackers linked to Russia sabotaged the country’s vote-counting infrastructure and, according to published reports, Ukrainian officials succeeded only at the last minute in defusing vote-stealing malware that was primed to cause the wrong winner to be announced. Russia is not the only country with the ability to pull off such an attack on American systems — most of the world’s military powers now have sophisticated cyberwarfare capabilities. Read More

Editorials: Five reasons why you can count on Minnesota’s voting system | Mark Halvorson/Minneapolis Star Tribune

Rigged? Fraudulent? Excuse me, but as Donald Trump might interject: “Wrong!” In Minnesota, we can have confidence in our election outcomes. For the past 12 years, Citizens for Election Integrity Minnesota (CEIMN), a nonpartisan, nonprofit group, has worked to ensure accurate, transparent and verifiable elections in Minnesota. As the founder of CEIMN, I helped organize seven statewide observations of Minnesota’s postelection audits and recounts. Here are five reasons you can be confident that the results of next month’s election will be accurate and verifiable.

1) Routine audits of voting machines: After each general election, audits are conducted in about 200 randomly selected precincts statewide. Ballots are counted by hand to check the accuracy of voting machines. These audits are public events, and anyone can attend. Malicious attempts to influence the election through voting equipment would be difficult because we use paper ballots and we audit them. Read More

Verified Voting Blog: What are the post-Election Day procedures states can take to confirm the election went well?

This article was originally posted in the September 16 issue of NCSL’s The Canvas.

Ensuring the accuracy and integrity of the vote count can help generate public confidence in elections. Two of the most important steps happen after voting concludes on Election Day. Ballot accounting and reconciliation (BA&R) is a not-so-exciting name for a crucial best practice. BA&R is a multi-step process that is designed to account for all ballots, whether cast at the polling place or sent in remotely, and compare that with the number of voters who voted, as the first pass. After that, the next step is to ensure that all batches of votes from all the polling places are aggregated into the totals once (and only once). This is a basic “sanity check” that makes sure no ballots are missing, none are found later, none were counted twice, etc. Most jurisdictions do a good job at this task. Read More