Iowa Voters

Despite the ever-flowing river of condemnation for DRE voting machines(see the California report just six weeks ago), Pocahontas county uses them at every opportunity, forsaking their paper ballot equipment. Today in an uncontested school board race, we had to vote on the touchscreen.

Since the outcome was virtually certain anyway, I used the occassion to write in a candidate instead of voting for the unchallenged incumbent. I wrote in “Paper Ballot.”

Doing so caused me to realize something. The election workers could tell I was writing in a candidate! Every time I touched a letter on the screen as I typed out P-a-p-e-r B-a-l-l-o-t the Diebold made a beeping noise. The election judge was only six feet away. No other voters were in the room, so it was quiet as could be. She had been listening to voters all day. She knows it doesn’t take that many beeps to vote on two races.

Meanwhile the old red, white and blue voting booths for paper ballot use stood unoccupied like ghosts from the past on the north wall of the room. They are always there, always ready. They don’t beep, either. One can actually vote secretly in one of them.

You’ve never seen a more patriotic video than this one.

It documents how the people of Wilton, NH count their 2200 paper ballots by hand. And it explains why some of the counters are sitting on some of the ballots while they work: it’s a low tech (how much lower could you get?) solution to the common computer problem of having more votes tallied than there were ballots cast.

Here’s another, wherein the volunteers of Lyndeborough, NH count 1100 ballots at no cost to the city. They actually turned away volunteers in 2004.

Update: Here’s the whole show.

Correction: Calhoun has been dropped from the list of Ivotronic counties.

Dan Rather is out tonight with an expose of ES & S touchscreen voting machines. He says they were made in a sweatshop in the Phillippines where quality control consisted of grabbing the gadget with both hands and giving it a shake. This was supposed to expose any loose parts.

Here’s a twelve minute excerpt.

The following Iowa counties have the Ivotronic: Emmet, Calhoun, Jasper, Fayette, Clayton, Clinton, Johnson, and Lee.

Two bizarre “audits” of today’s straw poll in Ames were announced –one to cast doubt on the process and one to soothe fears of skeptical voters. Neither audit could accomplish much of anything.

The official Republican “audit” was being conducted by the state auditor David Vaudt. I inquired as to how it would work. My question was answered by a county auditor who had volunteered to help out and was supervising the 6 Diebold scanners in Hilton Coliseum. He said that at some point one of the six scanners would be opened and its stack of ballots would be counted to determine that the number of ballots matched the machine’s count of ballots that had been deposited.

No ballots would actually be examined. The audit would not show that the machine had properly read the pencil mark on the ballot or that it had properly totalled the ballots marked for each candidate. It would only show that the machine contained the number of ballots that its indicator screen claimed.

Such an audit is of no help in reassuring that the count for each candidate is accurate. We want to know that the machine did NOT take every tenth Tancredo vote and move it to Mitt. Such mischief could terminate Tom Tancredo.

Mitt moved mountains to win the poll. Ron Paul supporters need to know Mitt was not able to move votes inside the black boxes. They are a skeptical bunch.

Worse than the Republican audit was the one going on outside the polling place by people in yellow shirts saying VoteinSunshine. They were conducting a non-random exit poll. They gave voters a yellow half page paper to sign. The paper said the signer was signing because he wanted the votes to be properly counted. Signers were also supposed to scribble down the name of the candidate for whom they had just voted back at the Diebold scanner. The papers were then deposited in a translucent plastic box.

According to a Wisconsin woman working on this project, these exit poll results would be counted and reported at the same time (7 pm) as the official results.

Unfortunately many voters walked past the exit poll without participating. The woman claimed Romney voters put “their noses in the air.”

So what good is this? Vote in Sunshine will have different results from the official results because some groups will be undersampled by their casual methods. For all their efforts to advocate hand counting and to insist that ballots actually be examined by citizens, their totals will be worthless and that will undermine their work.

Really good audits are not hard to do. Some fraction of the scanners would have their ballots recounted by hand. Landslide results require very small audits. Close elections require more extensive hand counting. Statisticians know how to determine the minimum size audit for any circumstances. It’s time we started this practice.

In a late-night press conference convened just before the Friday midnight deadline for voting system changes before next spring’s primary election, Secretary of State Debra Bowen announced widespread decertification of most types of electronic voting equipment used in California, including the Diebold TSx, which is also widely used in Iowa.

The withdrawal of certification for the equipment was the culmination of a complete top-to-bottom review of all election systems used in California. In her campaign for Secretary of State last fall, Ms Bowen, a former state senator, had promised a thorough study of the state’s voting systems, which she set in motion immediately upon taking office last January. The review consisted of four separate studies encompassing all aspects of the system: security, accessibility, system software, and a review of official documents related to the equipment.

“Secretary of State Bowen took the only responsible course of action in light of the severity of the study’s findings,” said Robert Ferraro, a Co-Director of SAVE Our Votes, a grass-roots citizens’ group working for Secure, Accessible, Verifiable Elections in Maryland.

The decertifications will prohibit the use of most Direct-Recording Electronic (DRE) voting equipment, often referred to as touch-screen machines, except for those used in early voting and one in each precinct to provide accessibility for voters with disabilities. These DREs have been conditionally reapproved under stringent conditions for their use, including a requirement to handcount all of the voter-verified paper print-outs from the machines instead of using the electronic votes tallied by the machine. California already requires each voting machine to provide a voterverified paper record of each vote for use in audits and recounts of election results. A paper trail bill also passed in Iowa this spring.

While many of the reports’ findings reconfirm vulnerabilities revealed in previous studies, some shocked even the computer experts who performed those earlier reviews. Dr. Aviel Rubin, a computer security expert at Johns Hopkins University who scrutinized voting source code from Diebold Election Systems, Inc. in 2003 commented on his blog, “In all cases, the analysts were able to rewrite the firmware on the machines. This means that an attacker could change every aspect of the behavior of the voting systems….There are many other examples of attack that are much more serious than what I expected from this report — and I was expecting a lot.”

The full reports from California are posted.

This post adapted from a press release by Robert Ferraro.

Howard Stanislevic, a computer network engineer in NYC who has been studying the intersection of elections and computers, sees a clear path ahead despite the rancor among election activists over current legislation. At his blog he has proposed these five steps, only one of which is currently met by Iowa:

1. Publicly disclose and audit all Ballot Definition Programming before each election. Follow up with rigorous Logic & Accuracy tests.

2. Aggregate precinct totals transparently and independently after posting and witnessing them at the precincts on election night.

I’m not sure how transparent Iowa’s process of tallying is, but I know precinct totals are not posted at my precinct.

3. Audit within-precinct tallies (using paper and hand-to-eye counts) with a statistically accurate, fair and efficient (SAFE) method.

You’ll be hearing more from me about these SAFE audits.

4. Follow up on any discrepancies found until correct outcomes can be confirmed with very high certainty (prior to certification of course). Ninety-nine percent has been shown to be feasible for all recent federal elections without excessive administrative burden.

5. Have plenty of paper ballots on hand in case of DRE failures (or ban the DREs altogether until someone can get them right)! The 9.2% failure rate allowed by the federal voting system standards makes DREs an unacceptable technology for running elections, especially when other methods are used in other jurisdictions within the same State.

That last one should be already met by Iowa. It’s in the code anyway.

Notice Howard can guarantee the election was properly decided even without examining source code. This avoids the problem of trade secret software, and the problem of trying to spot every possible error in the software even if it is made public.

Howard goes on to compare these five steps to current legislation (HR 811, the Holt bill). He conditionally endorses the bill even though it falls short of his 5 steps.

The Iowa House has passed the paper trail bill, one which leads eventually to the end of the trail for touchscreen DREs in this state. It’s a victory for good government and citizen activism.

Iowa’s bill includes $2 million to bail counties out of the mess they wandered into when they bought paperless touchscreen voting machines, known in the trade as Direct Recording Electronics (DREs). Auditors who have them must either replace them now or buy paper trail printers to augment them. They have until June 15 to make their choice. You have about half that time to make your opinion known to your auditor if you want to have an impact.

When the current touchscreens wear out or embarrass their owners by mis-performing (see North Carolina, Cuyahoga county, Sarasota, etc.), auditors are not allowed to buy anymore of them. Iowa has now prohibited both punchcards and DREs. We will have only optically scanned ballots in the sweet bye and bye.

Thanks to State Representative Mary Gaskill who led this effort in the House and to Senator Jack Kibbie whose sound bite on WOI radio in 2005 kicked off the campaign in Iowa.

Kibbie had pointed to the unresolved race in North Carolina in 2004 in which paperless voting machines lost 4,000 votes. He introduced a bill to get paper trails for Iowa. Auditors and county election directors resisted, sending Dawn Williams, Mary Mosiman and Linda Langenberg to testify against the bill. Feeling the resistance, Kibbie told his constituents to write letters to the editors of the DM Register.

During that session the Senate had its own troubles with its electronic voting board and got religion. They passed Kibbie’s bill unanimously. It stalled in the House under the influence of Langenberg’s own state representative who was chair of the relevant committee. Meanwhile Iowa auditors spent their HAVA money, buying hundreds of paperless voting gadgets.

Simultaneously Iowans for Voting Integrity was born. Their leaders spoke to State Representative Mary Gaskill, informing her that Iowa had its own expert on electronic voting in UI professor Doug Jones. Gaskill was in the minority in Des Moines, but she acted anyway, scheduling Jones for an informal discussion of paper trails at the statehouse in March 2006. Some legislators attended.

The House finally took up the bill but only because the majority Republicans hoped to use it as a way to also get tougher voter ID laws. The gambit failed. Vilsack wasn’t going to sign any such deal.

Meanwhile the news was grim for DREs. A string of studies from Blackbox Voting, Princeton University, UConn, NYU’s Brennan Center, GAO, Congressional Research Service coupled with negative news coverage from Cleveland, Chicago, Florida, California, New York, Colorado, New Jersey and elsewhere exposed the weaknesses and poor performance of the DRE technology. It was all topped off by two spectacular voting machine failures, one in Council Bluffs and the other in Florida. The Iowa fiasco in June was salvaged because there was a paper trail to recount. The Florida Congressional race in November probably sent the wrong candidate to Congress because there was no paper trail for the 18,000 missing votes.

That same November election brought paper ballot user Mike Mauro in as SoS and a Democratic majority in both parts of the legislature. The stage was set.

Mauro moved first, inexplicably appointing paper trail opponent Langenberg to be his election director. Had he abandoned his campaign promise? Maybe he had merely co-opted the auditors by bringing the critics into the tent. At any rate, he got the job done. Support for the paper trail bill remained high in the legislature and new bills were introduced.

At least one was a trick! It required printers but gave the printed ballot no role! Someone (we don’t know who it was) had tried to fool the legislators with a pretend paper trail.
A new point man for IVI, Sean Flaherty, began contacting legislators at every stage of the process.

The current bill accomodates those unrepentent auditors who won’t recognize the perils of DREs or won’t admit they erred. They can put more of our money into those gadgets via the paper trail printer contraptions. But there it ends. No more paperless equipment can be purchased.

That way we always will have something to audit. We still need audits. All these ballots are counted by computerized scanners and thus subject to hacks and errors galore. After the election there should be a system for examining ballots by hand to verify the machine’s work.

Federal legislation is pending that addresses this. Perhaps Gaskill will also address it next year. Encourage her.

This was too good to pass over, even though it is not about Iowa. New voting machines in France were condemned following Sunday’s vote because they caused long lines (up to two hours). Here’s the best quip:

Philippe de Villiers, a nationalist Catholic candidate in the election, called it a “cheating machine” as he voted in his home town of Herbiers in western France.

I think this election had only one race. I just read in the Christian Science Monitor about the usual French voting method (No Hanging Chads) using an envelope and preprinted slips of paper. Voters get an envelope and can select as many paper slips as they want. Each slip has one candidate’s name on it. Then in the voting booth, they select one slip to put in the envelope. They drop the envelope in the ballot box as they leave the poll.

I guess that was too low tech for the 21st century. Gotta have expensive touchscreens!

It is possible to “steal all the votes in [Clayton or Fayette] county without being detected” according to a “respected computer scientist who is familiar with the inner workings of the ES&S iVotronic electronic voting system.” The iVotronic is the only voting machine available in Clayton and Fayette counties. It is also used by some voters in Emmet, Calhoun, Jasper, Lee, Johnson, and Clinton counties.

The charge of insecure voting machines has been made to the federal Election Assistance Commission following a study of the machines in Florida. These machines were responsible for the 18.000 missing votes in Sarasota’s Congressional race last November. The news of this vulnerability is being withheld by the EAC but has been leaked to VotersUnite.org. The anonymous computer scientist concludes

One consequence for advocates is that this is further evidence that it’s not just one vendor who has serious security problems; it’s a second instance this sort of virus vulnerability. Don’t let anyone tell you that if we just “kick Diebold off the island” all of the security problems will go away.

The scientist warns local officials,

Don’t use the iVotronic in major elections until the security problems have been verified to be fixed. . . . Because making these kinds of changes to a voting system and getting approval from testing labs and certification authorities is a lengthy process, if we are to fix this problem before the 2008 primary, it is important to get this process underway immediately.

I have a better idea. Switch to paper ballots.

Well, maybe they expect only Michigan Dems will have opinions about what their state party does, but they already heard from me. Want to chip in? What else you got to do?

The Michigan Democrats want to allow internet voting in their Presidential primary again this year and have asked for public comment by April 27.

You can read the plan here and comment by fax (517-371-2056) or mail (606 Townsend, Lansing, MI 48933) or by email to jmoon@michigandems.com

You’ll look in vain (see page 6) for any explanation of why they think internet voting is secure. They may not even know it’s risky.

So that was my public comment and it’s one you can pose as easily: “Please tell us what computer scientists have defended the security of your internet voting scheme. If you can’t mount a knowledgable case for it, then don’t do it. It sets the stage for insecure internet voting in the general election. Don’t set a bad example.”

See how easy that is? By April 27 you could probably write something even better. (Hat tip to JMC in NC)

Happy Easter. Let’s talk about Easter eggs.

Not the holiday Easter eggs, but the computer software easter eggs–hidden bits of programming that open up only when certain secret commands are given. They are a threat to voting machines.

That’s one reason machines are supposedly “tested and tested and tested” –to see if the code works correctly and to hunt for easter eggs. Testing might find hidden code, but it can’t guarantee no hidden code went undetected.

So we have asked for open source software, or at least for the current software to be made public. Even if the code is open today, a future change of code could introduce new problems. Most election officials and poll watchers can’t tell the status of the code anyway.

There’s a better solution to this threat: audits

We can’t decipher code but we could easily audit the paper ballots. A good audit could make us 99% certain that the election was correctly called.

We just need to let statisticians show us how many ballots to hand count in each case. The number varies with the number of precincts, their sizes, and the margin of victory.

Relying on software to determine elections has been condemned by the Technical Guidelines Development Committee of the National Institute for Standards and Technology. It’s time to turn to audits.

Sarasota was warned. Sarasota did nothing. Sarasota’s race for Congress came up 18,000 votes short. The wrong person went to represent Sarasota in Washington, D.C.

The loser filed suit over the voting machines. The state investigated. Sarasota did not mention the warning. The voting machine company (ES & S) did not mention the warning. The loser lost again. The voting machines were exonerated in the press.

The loser’s attorneys kept digging. On a website in North Carolina they found the warning memo. It said the touchscreens were erratic and slow. It said the voter may have to hold a finger on the screen for several seconds in order for the vote to register. It said to fix this problem before the election.

Sarasota didn’t do it, nor did they warn voters, nor did they admit they knew this when the 18,000 votes were missing.

I call that a cover up.

The whole story is well told at the Bradblog today. I am pleased to see Brad has abandoned his green background with the yellow lettering. This post is actually easy on the eyes, so I’m happy to link to it.

At the heart of the current voting machine mess is the reliance on corporations to run public elections. One voting machine company just went out of business, leaving some Indiana counties up a creek without a paddle:

“From the best we can tell they no longer exist, so we have no support for our equipment,” Thornburg said.

The Wisconsin company’s telephone is disconnected.

That company does not run any Iowa voting machines, but this one does and they drove one Arkansas election official to resign:

Election Systems and Software is the company providing the Ivotronics machines and related software.

“The reason I am leaving is the provider of the Ivotronics and related software lacks competency to make their equipment work timely and effectively. They … make a difficult job impossible to do,” said Selph.

“They can’t spell, meet deadlines, send documents to the right address or code elections correctly. They leave races off the ballot for us to correct, they can’t program their software to work and you have to hand add the results. And they don’t return phone calls,” Selph said.

“The ES&S people in Arkansas are capable but the people I have dealt with in the home office in Omaha prevent them from being effective. They are also mean-spirited when you try to get them to correct the numerous and recurring errors,” he said.

The wonders of the market economy. They are not for elections

Democrats loved HAVA in the beginning. It was going to end the large number of spoiled or undervoted ballots that plagued some Democratic precincts. “Don’t worry about that paper trail nonsense,” they said. “Democrats will win more votes with new e-vote machines because more votes will get counted.”

New Mexico saw the opposite result. In 2004 they made the switch to electronic machines. In 2006 they switched back to voter marked paper as a way to satisfy the public demand for paper trails. The undervote rate went up six-fold in some of the most Democratic precincts in 2004 and came back down in 2006. Stunning.

Here’s the research: link

The 18,000 missing votes in Sarasota, Florida resulted in a study of the voting machines that was released this week. It say the machines are “terribly insecure“. Iowa uses similar machines in Emmett, Calhoun, Clayton, Clinton, Fayette, Jasper, Johnson, and Lee counties.

Commenting on the report, computer scientist Ed Felton of Princeton says:

Experience teaches that systems that are insecure tend to be unreliable as well — they tend to go wrong on their own even if nobody is attacking them. Code that is laced with buffer overruns, array out-of-bounds errors, integer overflow errors, and the like tends to be flaky. Sporadic undervotes are the kind of behavior you would expect to see from a flaky voting technology.

Missing votes may be in our future, too, if we continue to use tally our votes on touchscreens.