In my last post I described a particularly efficient kind of risk-limiting audit (RLA) of election results: ballot-level comparison audits, which rely on a unique serial number on every ballot. The serial number should not be preprinted on the ballot where the voter can learn it, otherwise the voter could sell their vote, or be coerced to vote a certain way, and the buyer or coercer could learn the vote from the file of cast-vote records (CVRs). The solution, when central-count optical scan (CCOS) is used, is that the central-count optical-scan voting machine can print the serial number onto the ballot, as it scans and counts the ballot. But many jurisdictions use precinct-count optical scan (PCOS): the voter marks a ballot, and feeds it directly into the PCOS voting machine, where it is scanned, counted, and preserved in a ballot box. This has three advantages over CCOS: PCOS machines can alert the voter about overvotes, undervotes, or blank ballots, which gives the voter a chance to correct their ballot. PCOS tabulations are ready immediately at the close of the polls, which gives faster election-night reporting. PCOS tabulations give an additional safeguard against low-tech paper-ballot tampering: if the hand-to-eye recount of this batch does not match the results claimed by the optical-scanner, then one of them is wrong. The paper ballots themselves are the presumed ballot of record; State statutes should say that in case of disagreement we trust the paper by default, not the (possibly hacked or buggy) computers; but even so, a disagreement is important evidence of possible tampering that could be worth a forensic investigation. We don’t get this safeguard with central-count scanning of precinct-marked ballots. But PCOS machines are not equipped with serial-number printers. Why is that? It would be straightforward to add one to a standard PCOS design, and it wouldn’t much affect the price of the product (so I’ve been told by the vice president of a major voting-machine company). The reason is not that the vendors can’t or won’t make the product; it’s that PCOS-ballot serial numbers are not so straightforward to use in RLAs.Full Article: Ballot-level comparison audits: precinct-count.
Articles about voting from the blogosphere.
All voting machines these days are computers, and any voting machine that is a computer can be hacked to cheat. The widely accepted solution is to use voting machines to count paper ballots, and do Risk-Limiting Audits: random-sample inspections of those paper ballots to ensure (with a guaranteed level of assurance) that the election outcome claimed by the computers is the same as you’d get by an accurate count of the votes actually marked on the paper ballots. An RLA is any statistical/logistical method that guarantees a quantifiable risk limit. Most RLA methods are much more efficient than a full recount, but some RLA methods are more efficient than others, especially in close elections: the closer the margin of victory, the more ballots you have to random-sample to guarantee the risk limit. One simple method, the Ballot Polling Audit, randomly samples individual ballots from among all the batches of ballots in the entire election, and (by human inspection of the paper ballot) counts how many are for each candidate. If you sample enough ballots, and that “poll” comes out the same way as the outcome claimed by the voting machines, then you get real assurance. (If the “poll” doesn’t come out the same way, you can do a bigger poll or a full hand recount.)Full Article: Ballot-level comparison audits: central-count.
Voting Blogs: Counties in North Carolina Gamble on New Voting Machines | Margaret Lowry/State of Elections
Super Tuesday is tomorrow and voters in North Carolina might use new voting machines. Since the 2018 election, several counties in North Carolina have had to make a critical decision for their voters–what voting machines should they purchase? A shortened timetable and heightened concern about election security have made for a contentious process. A 2013 bill required all voting systems in the state to produce a paper ballot, and set a schedule to decertify existing machines that did not meet the requirement. Originally, the bill set the decertification date as January 1, 2018, but subsequent legislation in 2015 and 2018 pushed the deadline to December 1, 2019. About one-third of the counties in North Carolina have Direct Record Electronic (DRE) voting systems that will need to be replaced by the decertification date. DREs are paperless. Voters use a touchscreen to select their choice, and the machine then stores and tabulates that choice electronically.Full Article: Counties in North Carolina Gamble on New Voting Machines - State of Elections.
Voting Blogs: Preparing for Cyberattacks and Technical Failures: A Guide for Election Officials | Brennan Center for Justice
America’s intelligence agencies have unanimously concluded that the risk of cyberattacks on election infrastructure is clear and present — and likely to grow. 1 While officials have long strengthened election security by creating resiliency plans, 2 the evolving nature of cyber threats makes it critical that they constantly work to improve their preparedness. It is not possible to build an election system that is 100 percent secure against technology failures and cyberattacks, but effective resiliency plans nonetheless ensure that eligible voters are able to exercise their right to vote and have their votes accurately counted. This document seeks to assist officials as they revise and expand their plans to counter cybersecurity risks. Many state and local election jurisdictions are implementing paper-based voting equipment, risk-limiting audits, and other crucial preventive measures to improve overall election security. In the months remaining before the election, it is at least as important to ensure that adequate preparations are made to enable quick and effective recovery from an attack if prevention efforts are unsuccessful. While existing plans often focus on how to respond to physical or structural failures, these recommendations spotlight how to prevent and recover from technological errors, failures, and attacks. Advocates and policymakers working to ensure that election offices are prepared to manage technology issues should review these steps and discuss them with local and state election officials.Full Article: Preparing for Cyberattacks and Technical Failures: A Guide for Election Officials | Brennan Center for Justice.
A voting system which uses Radio Frequency Identification (RFID) technology to store electronic votes has been under scrutiny after election experts questioned its capacity to safeguard the integrity of election data. Though the voting system had been tested in a few Argentine jurisdictions, academics from around the world had not had a real chance to analyze it in detail until authorities from the Democratic Republic of Congo decided to use a similar system for the long-delayed elections of December, 2018. The decision to automate the controversial elections using an untested system drew criticism from U.S. diplomats. According to experts from The Sentry, it is possible to manipulate the information the RFID chip contains, since the use of this unique identifier technology and radio communications give off signals that can be easily detected at distances greater than expected. Experts recommend election officials to refrain from implementing this type of technology. RFID technology is well known for its usefulness in tracking inventories, but its use extends to other industries, from bookstores and apparel to health and transportation. The main benefit of having RFIDs is that it allows quick communication with remote sensors. Nonetheless, however useful RFID may be for certain industries, elections are an entirely different ballgame. The capacity to allow remote sensors to read the information it contains opens the door for bad actors to hack the votes.Full Article: e-lected blog (a view on electronic voting around the world).: Election experts warn against RFID-based voting systems.
Voting Blogs: U.S. Elections Are Still Vulnerable to Foreign Hacking | Tim Lau/Brennan Center for Justice
Election officials warn that the time is running out for Congress to bolster security before the 2020 race. The warnings follow a recent statement from a senior U.S. intelligence official confirming that Russia, China, and Iran are attempting to manipulate public opinion ahead of the 2020 elections. And earlier this year, the Department of Homeland Security and the FBI reported that Russian hacking efforts in 2016 were more extensive than originally understood, targeting elections in all 50 states. Congress took a major step last year toward helping states boost their election security efforts by approving $380 million in grant funds through the Help America Vote Act (HAVA). States have started to put that funding to work and are expected to spend 85 percent of that money by the 2020 election, much of it on cybersecurity, updated voting equipment, and election audits, according to estimates by the Elections Assistance Commission (EAC). But despite those efforts, many election security projects at the state level remain unfunded or underfunded, as outlined in Defending Elections, a new paper authored by a bipartisan group of organizations including the Brennan Center, the Alliance for Securing Democracy, R Street Institute, and the University of Pittsburgh Institute for Cyber Law, Policy, and Security. Defending Elections provides case studies from six states analyzing how they allocated their HAVA grants and the outstanding needs for additional election security funding. “State and local election officials need support from the federal government,” said Liz Howard, who is a counsel in the Brennan Center’s Democracy Program, was the former deputy commissioner for the Virginia Department of Elections, and co-authored the Defending Elections report. “They are on the front lines, yet many, especially those in rural localities, simply lack the resources to implement additional election security projects to further strengthen our election infrastructure.”Full Article: U.S. Elections Are Still Vulnerable to Foreign Hacking | Brennan Center for Justice.
Voting Blogs: Stewards of Democracy: The Views of American Local Election Officials | Natalie Adona/Democracy Fund
Local elections officials (LEOs) are the stewards of our democracy, but oftentimes they are left out of important conversations about the future of our elections nationwide. The LEOs from our survey are the chief elections officers in their local jurisdictions. Not to be confused with poll workers, the LEOs surveyed in our new report oversee local election processes and are responsible for ensuring the voting process is fair, free, and secure. Among their many responsibilities, LEOs execute the election laws in their state, make decisions that define the voter experience, and train the permanent and temporary employees that interact with the electorate. It might be hard to imagine but (depending on how you count) between 7,000-10,000 local election officials manage the front line of elections in the United States. Despite their recognition as the people who run elections, LEOs are often left out of national conversations about reform and may not have a seat at the table when important policy decisions are made at the local, state, or federal levels—decisions that they alone will ultimately implement.Full Article: Stewards of Democracy: The Views of American Local Election Officials: Democracy Fund.
Voting Blogs: Pilots of risk-limiting election audits in California and Virginia | Andrew Appel/Freedom to Tinker
Orange County, CA Pilot Risk-Limiting Audit, by Stephanie Singer and Neal McBurnett, Verified Voting Foundation, December 2018.
City of Fairfax,VA Pilot Risk-Limiting Audit, by Mark Lindeman, Verified Voting Foundation, December 2018.
In order to run trustworthy elections using hackable computers (including hackable voting machines), “elections should be conducted with human-readable paper ballots. … States should mandate risk-limiting audits prior to the certification of election results.”
What is a risk-limiting audit, and how do you perform one? An RLA is a human inspection of a random sample of the paper ballots (or batches of ballots)—using a scientific method that guarantees with high confidence that if the voting machines claimed the wrong winner, then the audit will declare, “I cannot confirm this election,” in which case a by-hand recount is appropriate. This is protection against voting-machine miscalibration, or against fraudulent hacks of the voting machines.
That’s what it is, but how do you do it? RLAs require not only a statistical design, but a practical plan for selecting hundreds of ballots from among millions of sheets of paper. It’s an administrative process as much as it is an algorithm.
In 2018, RLAs were performed by the state of Colorado. In addition, two just-published reports describe pilot RLAs performed by Orange County, California and Fairfax, Virginia. From these reports (and from the audits they describe) we can learn a lot about how RLAs work in practice.Full Article: Pilots of risk-limiting election audits in California and Virginia.
This article was originally posted at Freedom to Tinker on November 14, 2018.
Well designed ballot layouts allow voters to make their intentions clear; badly designed ballots invite voters to make mistakes. This year, the Florida Senate race may be decided by a misleading ballot layout—a layout that violated the ballot design recommendations of the Election Assistance Commission. In Miami, Florida in the year 2000, the badly designed “butterfly ballot” misled over 2000 voters who intended to vote for Al Gore, to throw away their vote. (That’s a strong statement, but it’s backed up by peer-reviewed scientific analysis.) In Sarasota, Florida in the year 2006, in a Congressional race decided by 369 votes, over 18,000 voters failed to vote in that race, almost certainly because of a badly designed touch-screen ballot layout. In Broward County, Florida in the year 2018, it appears that a bad optical-scan ballot design caused over 26,000 voters to miss voting in the Senate race, where the margin of victory (as of this writing, not yet final) is 12,562 votes.
Voting Blogs: Counting Ballots Pursuant to Law is Not Stealing an Election | Steven F. Huefner /Election Law @ Moritz
It has been less than 72 hours since polls closed on the 2018 congressional midterm elections, and for candidates and their supporters who do not yet know the outcome of close contests, patience – not unsubstantiated or false allegations of election rigging – MUST be the order of the day. As any close observer of U.S. elections knows, once the polls close each state then conducts a carefully structured process of tallying the votes. Critically, as any close observer also knows, the Election Night “results” are not only unofficial, they are also still entirely preliminary and will almost inevitably change, perhaps considerably. With the dramatic rise in the use of mail-in absentee voting over the past decade, election officials increasingly must deal after Election Day with a significant volume of paper ballots that have arrived around Election Day (each state sets its own rules for when the ballots must arrive). Meanwhile, provisional ballots also require individual review and processing after Election Day. These post-election processes are not some mere afterthought; rather, they are critical components of determining the official election outcome, and they must be respected as essential to the overall integrity of the election.Full Article: Moritz College of Law | Election Law @ MoritzArticle - Election Law @ Moritz | Counting Ballots Pursuant to Law is Not Stealing an Election.
A ProPublica analysis found election computer servers in Wisconsin and Kentucky could be susceptible to hacking. Wisconsin shut down its service in response to our inquiries. As recently as Monday, computer servers that powered Kentucky’s online voter registration and Wisconsin’s reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries. The service, known as FTP, provides public access to files — sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server’s operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives.Full Article: This Software is Exposing State Election Servers to Intruders.
Voting Blogs: Ten ways to make voting machines cheat with plausible deniability | Andrew Appel/Freedom to Tinker
Voting machines can be hacked; risk-limiting audits of paper ballots can detect incorrect outcomes, whether from hacked voting machines or programming inaccuracies; recounts of paper ballots can correct those outcomes; but some methods for producing paper ballots are more auditable and recountable than others.
A now-standard principle of computer-counted public elections is, use a voter-verified paper ballot, so that in case the voting machine cheats in counting the votes, the human doing an audit or recount can see the paper that the voter marked. Why would the voting machine cheat? Well, they’re computers, and any computer may have security vulnerabilities that permits an attacker to modify or replace its software. We must presume that any voting machine might, at any time, be under the complete control of an attacker, an election thief.Full Article: Ten ways to make voting machines cheat with plausible deniability.
Voting Blogs: CEIR voter registration database security report: Survey finds most states adopted best cybersecurity practices since ‘16 | electionlineWeekly
The Center for Election Innovation and Research (CEIR) has released a new report based on a survey of 26 states conducted between June and July of 2018 to assess the current state of security around voter registration databases (VRDBs). The survey results, released ahead of National Voter Registration Day, show that immense progress has been made in securing voter registration databases since 2016, though significant room for improvement remains for states to strengthen their defenses against hacking attempts. Voter registration databases have been a central focus of conversations around election security since the 2016 presidential election when several voter registration databases were scanned and at least one infiltrated by Russian operatives.Full Article: electionlineWeekly.
Voting Blogs: Creating a culture of proactive security: Colorado’s EPIC TTX prepares for almost any scenario | electionlineWeekly
There was a fire, a tornado, and the heating system went down in the ballot-tabulation room. There was fake news on social media and real news media in the room. Polls opened late and stayed open late. The state voter registration database went down. Tabulation machines failed to tabulate. There were concerned citizens and advocates demanding to know what was happening. And then there was Olga from Sputnik News who seemed overly curious about everything. Those were just some of the scenarios and situations faced by Colorado county elections officials and staff participating in the secretary of state’s EPIC table top exercise last week in Englewood.Full Article: electionlineWeekly.
Voting Blogs: Federal Court Expedites Motion to Compel Georgia to Use Paper Ballots for 2018 Midterm Elections | The Brad Blog
Plaintiffs in a Georgia lawsuit seeking to force the state to move to a hand-marked paper ballot system in time for this year’s midterm elections, promise to produce expert testimony to the court, demonstrating that “Georgia’s voting system is a catastrophically open invitation to malicious actors intent on disrupting our democracy.” The Coalition for Good Governanceand a group of multi-partisan individual plaintiffs filed a motion [PDF] on July 31, seeking a preliminary injunction in the federal case, to prevent Georgia from conducting this year’s midterms on the state’s notorious Diebold AccuVote TS (touchscreen) Direct Recording Electronic (DRE) voting machines. Instead, plaintiffs seek an order that Georgia’s election officials utilize, for in-person voting, the same already-certified, Diebold paper ballot-based optical-scan system currently used for tabulation of the Peach State’s absentee ballots. Last week, U.S. District Court Judge Amy Totenberg ordered an expedited briefing schedule on plaintiffs’ motion to compel the State of Georgia to adopt this simple method for conducting a verifiable paper ballot election on November 6, 2018.Full Article: Federal Court Expedites Motion to Compel GA to Use Paper Ballots for 2018 Midterm Elections | The BRAD BLOG.
Voting Blogs: Lawsuit Seeks Public Info About Controversial Voting Purge Letter | Brennan Center for Justice
The Brennan Center for Justice at NYU School of Law is suing the Justice Department today for refusing to turn over documents related to a controversial letter DOJ sent last year, which sought detailed information about how states maintain their voter rolls. Voting rights groups are concerned that it could be a prelude to pressuring states to engage in aggressive voter purges — the often-flawed process of deleting names from voter registration lists. “The public has a right to know why the Justice Department sent this letter, and what information it received from states in response,” said Jonathan Brater, counsel in the Brennan Center’s Democracy Program. “The Justice Department should be fighting to protect the voting rights of all Americans. We are concerned, though, that this letter may be part of a broader effort to undermine those rights, and we are going to court to find out.”Full Article: Brennan Center Sues Justice Department for Refusing to Disclose Documents Related to Controversial Voting Letter | Brennan Center for Justice.
In a wide-ranging set of indictments handed down on July 13, 2018, the U.S. Department of Justice (DOJ) charged 12 Russian intelligence officers with brazenly attacking U.S. election infrastructure during the 2016 presidential election. On that same day, Director of National Intelligence Dan Coats sounded the alarm that Russia is continuing its cyberattacks on the United States, ominously stating that “the warning lights are blinking red again,” just as they were before the terrorist attacks of 9/11. Coats went on to say that the nation’s election systems and other digital infrastructure are “literally under attack.” Yet, in the face of overwhelming evidence, for more than a year-and-a-half, President Donald Trump has cast doubt on these consistent warnings. It now is incumbent on Congress, key members of the administration, state and local officials, and other stakeholders to take aggressive steps within their respective purviews to secure our election infrastructure.Full Article: Time Running Out to Secure Against 2018 Election Cyberattacks.
On April 19, 2016, thousands of eligible Brooklyn voters dutifully showed up to cast their ballots in the presidential primary, only to find their names missing from the voter lists. An investigation by the New York state attorney general found that New York City’s Board of Elections had improperly deleted more than 200,000 names from the voter rolls. In June 2016, the Arkansas secretary of state provided a list to the state’s 75 county clerks suggesting that more than 7,700 names be removed from the rolls because of supposed felony convictions. That roster was highly inaccurate; it included people who had never been convicted of a felony, as well as persons with past convictions whose voting rights had been restored. And in Virginia in 2013, nearly 39,000 voters were removed from the rolls when the state relied on a faulty database to delete voters who allegedly had moved out of the commonwealth. Error rates in some counties ran as high as 17 percent.Full Article: Purges: A Growing Threat to the Right to Vote | Brennan Center for Justice.
Voting Blogs: States are applying for 2018 HAVA funds, how are they spending them? | electionlineWeekly
Earlier this year, the president signed Consolidated Appropriations Act of 2018 into law, the law includes $380 million in grants for states to improve their cybersecurity. To-date 32 states, America Samoa and the U.S. Virgin Islands have applied for their HAVA funds. Although states are allowed to draw down on their available funds in phases, most states seem to be applying for—and receiving—all their funds at one time. Once states have applied for their funds they have 90-days to provide a narrative on what they will be spending the money on. Part of the requirement for receiving the federal funds is a 5 percent match from states. How elections officials are getting those matches varies. Some states are relying on their Legislatures to allocate the funding and others are using existing funds allocated in state budgets.Full Article: electionlineWeekly.
My experience in voting with an absentee ballot in New Jersey in the 2012 and 2016 presidential elections, as well as the 2017 gubernatorial election, alerted my attention to flaws in the system. As an active voter, these experiences have left me to wonder if absentee voting is worth it. I am thankful that my home state of New Jersey has an absentee ballot system that allows me to vote as a New Jerseyite even though I go to school in Virginia. Although New Jersey’s absentee ballot rules are arguably less stringent than other states, I learned the hard way that absentee voting can be difficult.Full Article: Are Absentee Ballots as Helpful to Voters as They Appear to Be? - State of Elections.