Paul Hardwick: eVote

Administrivia: Possible unscheduled upgrade of Privacy Digest

Sun, 18 Mar 2007 01:39:04 GMT

Administrivia: Possible unscheduled upgrade of Privacy Digest.

I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.

There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.

Please let me know what you think.

Four Colorado Counties Placed on Election Watch List.

Wed, 14 Mar 2007 20:04:05 GMT

Four Colorado Counties Placed on Election Watch List. Errors with voting machines, delays in voting, inadequate security cited. [GT: Security and Privacy]

OpenCongress

Wed, 14 Mar 2007 19:30:38 GMT

OpenCongress brings together official government data with news and blog coverage to give you the real story behind each bill.

Protect E-Voting ó Support H.R. 811.

Mon, 12 Mar 2007 20:20:32 GMT

Protect E-Voting [~] Support H.R. 811.

After a long fight, we have reached the point where a major e-voting reform bill has a chance to become U.S. law. I[base ']m referring to HR 811, sponsored by my Congressman, Rush Holt, and co-sponsored by many others. After reading the bill carefully, and discussing with students and colleagues the arguments of its supporters and critics, I am convinced that it is a very good bill that deserves our support.

The main provisions of the bill would require e-voting technologies to have a paper ballot that is (a) voter-verified, (b) privacy-preserving, and (c) durable. Paper ballots would be hand-recounted, and compared to the electronic count, at randomly-selected precincts after every election.

The most important decision in writing such a bill is which technologies should be categorically banned. The bill would allow (properly designed) optical scan systems, touch-screen systems with a suitable paper trail, and all-paper systems. Paperless touchscreens and lever machines would be banned.

Some activists have argued that the bill doesn[base ']t go far enough. A few say that all use of computers in voting should be banned. I think that[base ']s a mistake, because it sacrifices the security benefits computers can provide, if they[base ']re used well.

Others argue that touch-screen voting machines should be banned even if they have good paper trails. I think that goes too far. Touchscreens can be a useful part of a good voting system, if they[base ']re used in the right context and with a good paper trail. We shouldn[base ']t let the worst of today[base ']s insecure paperless touchscreens [~] machines that should never have been certified in the first place, and anyway would be banned by the Holt Bill for lacking a suitable paper ballot [~] sour us on the better uses of touchscreens that are possible.

One of the best parts of the bill is its random audit requirement, which selects 3% of precincts (or more in close races) at which the paper ballots will be hand counted and compared to the electronic records. This serves two useful purposes: detecting error or fraud that might have affected the election result, and providing a routine quality-control check on the vote-counting process. This part of the bill reflects a balance between the states[base '] freedom to run their own elections and the national interest in sound election management.

On the whole this is a good, strong bill. I support it, and I urge you to support it too.

Share This

[Freedom to Tinker]

How Computers Can Make Voting More Secure.

Thu, 08 Mar 2007 21:35:06 GMT

How Computers Can Make Voting More Secure.

By now there is overwhelming evidence that today[base ']s paperless computer-based voting technologies have such serious security and reliability problems that we should not be using them. Computers can[base ']t do the job by themselves; but what role should they play in voting?

It[base ']s tempting to eliminate computers entirely, returning to old-fashioned paper voting, but I think this is a mistake. Paper has an important role, as I[base ']ll describe below, but paper systems are subject to well-known problems such as ballot-box stuffing and chain voting, as well as other user-interface and logistical challenges.

Security does require some role for paper. Each vote must be recorded in a manner that is directly verified by the voter. And the system must be software-independent, meaning that its accuracy cannot rely on the correct functioning of any software system. Today[base ']s paperless e-voting systems satisfy neither requirement, and the only practical way to meet the requirements is to use paper.

The proper role for computers, then, is to backstop the paper system, to improve it. What we want is not a computerized voting system, but a computer-augmented one.

This mindset changes how we think about the role of computers. Instead of trying to make computers do everything, we will look instead for weaknesses and gaps in the paper system, and ask how computers can plug them.

There are two main ways computers can help. The first is in helping voters cast their votes. Computers can check for errors in ballots, for example by detecting an invalid ballot while the voter is still in a position to fix it. Computers can present the ballot in audio format for the blind or illiterate, or in multiple languages. (Of course, badly designed computer interfaces can do harm, so we have to be careful.) There must be a voter-verified paper record at the end of the vote-casting process, but computers, used correctly, can help voters create and validate that record, by acting as ballot-marking devices or as scanners to help voters spot mismarked ballots.

The second way computers can help is by improving security. Usually the e-voting security debate is about how to keep computers from making security too much worse than it was before. Given the design of today[base ']s e-voting systems, this is appropriate [~] just bringing these systems up to the level of security and reliability in (say) the Xbox and Wii game consoles would be nice. Even in a computer-augmented system, we[base ']ll need to do a better job of vetting the computers[base '] design [~] if a job is worth doing with a computer, it[base ']s worth doing correctly.

But once we adopt the mindset of augmenting a paper-based system, security looks less like a problem and more like an opportunity. We can look for the security weaknesses of paper-based systems, and ask how computers can help to address them. For example, paper-based systems are subject to ballot-box stuffing [~] how can computers reduce this risk?

Surprisingly, the designs of current e-voting technologies, even the ones with paper trails, don[base ']t do all they can to compensate for the weaknesses of paper. For example, the current systems I[base ']ve seen keep electronic records that are subject to straightforward post-election tampering. Researchers have studied approaches to this problem, but as far as I know none are used in practice.

In future posts, we[base ']ll discuss design ideas for computer-augmented voting.

Share This

[Freedom to Tinker]

Wired: AP Tech - Diebold Weighs Strategy for Voting Unit

Mon, 05 Mar 2007 20:48:03 GMT

CLEVELAND (AP) -- Diebold Inc. saw great potential in the modernization of elections equipment. Now, analysts say, executives may be angling for ways to dump its e-voting subsidiary that's widely seen as tarnishing the company's reputation.

Though Diebold Election Systems - the company's smallest business segment - has shown growth and profit, it's faced persistent criticism over the reliability and security of its touch-screen voting machines. About 150,000 of its touch-screen or optical scan systems were used in 34 states in last November's election.

Diebold to Withdraw from E-Voting?

Mon, 05 Mar 2007 20:44:56 GMT

Diebold to Withdraw from E-Voting? ICA writes "It appears after years of criticism, Diebold may be ready to withdraw from electronic voting entirely. The company is concerned that this relatively small and marginally profitable unit is hurting the company's overall image." [Slashdot]

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Tue, 27 Feb 2007 23:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 21:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

Sarasota: Could a Bug Have Lost Votes?

Tue, 27 Feb 2007 20:10:24 GMT

Sarasota: Could a Bug Have Lost Votes?

At this point, we still don[base ']t know what caused the high undervote rate in Sarasota[base ']s Congressional election. [Background: 1, 2.] There are two theories. The State-commissioned study released last week argues that for the theory that a badly designed ballot caused many voters to not see that race and therefore not cast a vote.

Today I want to make the case for the other theory: that a malfunction or bug in the voting machines caused votes to be not recorded. The case sits on four pillars: (1) The postulated behavior is consistent with a common type of computer bug. (2) Similar bugs have been found in voting machines before. (3) The state-commissioned study would have been unlikely to find such a bug. (4) Studies of voting data show patterns that point to the bug theory.

[...]

Conclusion

What conclusion can we draw? Certainly we cannot say that a bug definitely caused undervotes. But we can say with confidence that the bug theory is still in the running, and needs to be considered alongside the ballot design theory as a possible cause of the Sarasota undervotes. If we want to get to the bottom of this, we need to investigate further, by looking more deeply into undervote patterns, and by examining the voting machine hardware and software.

Share This

[Freedom to Tinker]

Texas Bill Would Require Voting Machine Paper Trail.

Mon, 26 Feb 2007 22:44:57 GMT

Texas Bill Would Require Voting Machine Paper Trail. Would require the system to allow the voter to inspect and verify the paper record before the electronic vote is recorded. [GT: Security and Privacy]

Sarasota Study Report Released.

Sun, 25 Feb 2007 02:50:15 GMT

Sarasota Study Report Released.

The technical team commissioned by the State of Florida to study the technology used in the Sarasota election has released its report.

We are studying the report and will comment here as soon as we are able.

Share This

[Freedom to Tinker]

Feinstein to GAO: Investigate E-voting System.

Thu, 22 Feb 2007 15:56:31 GMT

Feinstein to GAO: Investigate E-voting System.

During the 2006 election in Florida, electronic voting machines may have "undercounted" to the tune of 18,000 votes in Sarasota County. But because the new machines were not designed to provide paper receipts, there is no way to double check the vote.

Now, Senator Dianne Feinstein of California has taken action. Last week, she asked the Government Accountability Office (GAO) to investigate electronic voting systems that do not provide voter-verified paper ballots. Senator Feinstein specifically highlighted the problems in Florida, and asked for a "top to bottom investigation"

"Should the GAO become aware of any systems that are prone to software malfunctions, are susceptible to fraud, or use hardware design that would lead to voting system problems, I would request that you also inspect those systems," writes Senator Feinstein.

EFF and a coalition of voting integrity groups, representing Sarasota County voters, have filed suit in state court in Tallahassee asking for a re-vote in Florida's 13th congressional district. To find out more about EFF's work defending your right to vote, visit our E-voting page.

[EFF: Deep Links]

$82 Buys E-Voting Secrets.

Fri, 16 Feb 2007 17:39:17 GMT

$82 Buys E-Voting Secrets. Five Sequoia electronic voting machines sold at on online auction? $82. A chance for a researcher to dissect the embedded software that the company refused to make public? Priceless. By Kim Zetter. [Wired News: Top Stories]

Groups Call for E-Voting Paper Trail Legislation.

Tue, 13 Feb 2007 23:13:06 GMT

Groups Call for E-Voting Paper Trail Legislation. A coalition of voting rights groups today called on the U.S. Congress to pass legislation that would require electronic voting machines to have printers attached. [PC World: Latest Technology News]

EFF Supports Reintroduction of Critical E-voting Bill.

Thu, 08 Feb 2007 16:39:42 GMT

EFF Supports Reintroduction of Critical E-voting Bill.

In Washington D.C. on Tuesday, EFF proudly supported the reintroduction of Rep. Rush Holt's (D-NJ) Voter Confidence and Increased Accessibility Act of 2007 (HR 811). Below the fold, we've posted EFF's statement released in conjunction with Tuesday's press conference. Take action now and tell your representatives to support this bill.

[EFF: Deep Links]

Why So Many Undervotes in Sarasota?

Tue, 30 Jan 2007 17:06:28 GMT

Why So Many Undervotes in Sarasota?

The big e-voting story from November[base ']s election was in Sarasota, Florida, where a congressional race was decided by about 400 votes, with 18,412 undervotes. That[base ']s 18,412 voters who cast votes in other races but not, according to the official results, in that congressional race. Among voters who used the ES&S iVotronic machines [~] that is, non-absentee voters in Sarasota County [~] the undervote rate was about 14%. Something went very wrong. But what?

Since the election there have been many press releases, op-eds, and blog posts about the undervotes, not to mention some lawsuits and scholarly studies. I want to spend the rest of the week dissecting the Sarasota situation, which I have been following closely. I[base ']m doing this now for two reasons: (1) enough time has passed for the dust to settle a bit, and (2) I[base ']m giving a joint talk on the topic next week and I want to work through some thoughts.

There[base ']s no doubt that something about the iVotronic caused the undervotes. Undervote rates differed so starkly in the same race between iVotronic and non-iVotronic voters that the machines must be involved somehow. (For example, absentee voters had a 2.5% undervote rate in the congressional race, compared to 14% for iVotronic voters.) Several explanations have been proposed, but only two are at all plausible: ballot design and machine malfunction.

The ballot design theory says that the ballot offered to voters on the iVotronic[base ']s screen was misdesigned in a way that caused many voters to miss that race. Looking at screenshots of the ballot, one can see how voters might miss the congressional race at the top of the second page. (Depressingly, some sites show a misleading photo that the photographer angled and lit to make the misdesign look worse than it really was.) It[base ']s very plausible that this kind of problem caused some undervotes; and that is consistent with the reports of many voters that the machine did not show them the congressional race.

It[base ']s one thing to say that ballot design could have caused some undervotes, but it[base ']s another thing entirely to say it was the sole cause of so elevated an undervote rate. Each voter, before finalizing his vote, was shown a clearly designed confirmation screen listing his choices and clearly showing a no-candidate-selected message for the congressional race. Did so many voters miss that too? And what about the many voters who reported choosing a candidate in the congressional race, only to have the no-candidate-selected message show up on the confirmation screen anyway?

The malfunction theory postulates a problem or malfunction with the voting machines that caused votes not to be recorded. There are many types of problems that could have caused lost votes. The best way to evaluate the malfunction theory is to conduct a careful and thorough study of the machines themselves. In the next entry I[base ']ll talk about the efforts that have been made toward that end. For now, suffice it to say that no suitable study is available to us.

If we had a voter-verified paper trail, we could immediately tell which theory is correct, by comparing the paper and electronic records. If the voter-verified paper records show the same high undervote race, then the ballot design theory is right. If the paper and electronic records show significantly different undervote rates, then something is wrong with the machines. But of course the advocates of paperless voting argued that paper trails were unnecessary [~] while also arguing that touchscreen systems reduce undervotes.

Several studies have tried to use statistical analyses of undervote patterns in different races, precincts, and machines to evaluate the two theories. Frisina, Herron, Honaker, and Lewis say the data support the ballot design theory; Mebane and Dill say the data point to malfunction as a likely cause of at least some of the undervotes. Reading these studies, I can[base ']t reach a clear conclusion.

What would convince me, one way or the other, is a good study of the machines. I[base ']ll talk next time about the fight over whether and how to look at the machines.

Share This

[Freedom to Tinker]

Wired News: Hillary: The Privacy Candidate?

Mon, 29 Jan 2007 01:24:38 GMT

The issue of digital-era privacy did not make it to the top of Sen. Hillary Rodham Clinton's legislative to-do list at the Saturday launch of her presidential campaign. But for those who look, the New York Democrat has clearly staked out her positions on the esoteric subject, and they're sending electronic civil libertarians' hearts a twitter.

Clinton, the presidential front-runner among Democrats in way-early polling, addressed electronic privacy issues at a constitutional law conference in Washington, D.C. last June. There she unveiled a proposed "Privacy Bill of Rights" that would, among other things, give Americans the right to know what's being done with their personal information, and offer consumers an unprecedented level of control over how that data is used.

"At all levels, the privacy protections for ordinary citizens are broken, inadequate and out of date," Clinton said.

These ideas have long been championed by consumer groups and civil liberties advocates, but are largely strangers to presidential campaigns. Other Democrats who have announced presidential exploratory committees for the 2008 election -- including Illinois Sen. Barack Obama and 2004 vice presidential candidate John Edwards -- have worked on privacy issues through their careers as government officials. But Clinton's approach is notable for its range and detail, say privacy advocates.

"Sen. Clinton's plan is well-informed and the most sophisticated statement in recent years by a presidential candidate on privacy issues," said Chris Hoofnagle, a law professor at UC Berkeley's School of Law. "She grasps consumers' frustrations with the annoyance of direct marketing, but also the more important point that a lack of privacy can lead to lost opportunities and oppressive social control."

Clinton's stance on consumer privacy hearkens back to the debates of the '90s when Congress and the public began agonizing over the question of who should wield the most control over consumers' transactional data. Her general policy position is that companies should cede more control to consumers, and that new legislation should be enacted to make it easier for consumers to recover monetary damages from companies that violate their privacy policies.

For example, Clinton said that financial companies as a rule should not be allowed to share consumers' transactional information without first obtaining their permission. Under current law, financial institutions freely share certain kinds of customer information unless consumers specifically opt-out.

Congress to Send Critics to Jail, Says Richard Viguerie

Thu, 18 Jan 2007 02:29:14 GMT

MANASSAS, Va., Jan. 16 /PRNewswire-USNewswire/ -- The following is a statement by Richard A. Viguerie, Chairman of GrassrootsFreedom.com, regarding legislation currently being considered by Congress to regulate grassroots communications:

"In what sounds like a comedy sketch from Jon Stewart's Daily Show, but isn't, the U. S. Senate would impose criminal penalties, even jail time, on grassroots causes and citizens who criticize Congress.

"Section 220 of S. 1, the lobbying reform bill currently before the Senate, would require grassroots causes, even bloggers, who communicate to 500 or more members of the public on policy matters, to register and report quarterly to Congress the same as the big K Street lobbyists. Section 220 would amend existing lobbying reporting law by creating the most expansive intrusion on First Amendment rights ever. For the first time in history, critics of Congress will need to register and report with Congress itself.

"The bill would require reporting of 'paid efforts to stimulate grassroots lobbying,' but defines 'paid' merely as communications to 500 or more members of the public, with no other qualifiers.

"On January 9, the Senate passed Amendment 7 to S. 1, to create criminal penalties, including up to one year in jail, if someone 'knowingly and willingly fails to file or report.'

Political Bloggers May Be Forced to Register.

Thu, 18 Jan 2007 02:21:40 GMT

Political Bloggers May Be Forced to Register. Thebes writes "Under Senate Bill S.1, political bloggers with a readership of over 500 who comment on policy matters or hope to incite 'grassroots' action amongst their readers would be forced to register with the Federal Government as lobbyists." [Slashdot: Your Rights Online]Political Bloggers May Be Forced to Register. Thebes writes "Under Senate Bill S.1, political bloggers with a readership of over 500 who comment on policy matters or hope to incite 'grassroots' action amongst their readers would be forced to register with the Federal Government as lobbyists." [Slashdot: Your Rights Online]

House Seat Hangs by a Byte.

Fri, 12 Jan 2007 02:21:57 GMT

House Seat Hangs by a Byte. With 18,000 votes missing, the putative loser of a tight Florida congressional race is demanding to see the source code for the electronic voting machines that squeaked her opponent into office. A key House committee is joining her call, even as the winner moves to Capitol Hill. By Kim Zetter. [Wired News: Top Stories]

California Monitoring Program Reports Votes Cast on Electronic Machines Were Accurately Recorded.

Thu, 11 Jan 2007 21:11:09 GMT

California Monitoring Program Reports Votes Cast on Electronic Machines Were Accurately Recorded. "The results of the report confirm for voters that their votes were successfully recorded November 7, 2006." [GT: Security and Privacy]

Florida Voters Challenge Judge's Shutdown of Election Investigation.

Wed, 10 Jan 2007 00:34:21 GMT

Florida Voters Challenge Judge's Shutdown of Election Investigation.

Ruling Impedes Search for Answers in Sarasota County Congressional Race

Tallahassee, Fla. - A bipartisan group of Florida voters today challenged a court ruling that is preventing a thorough, independent investigation into alleged voting machine failures in the state's 13th congressional district race.

The appeal asks for a reversal of last week's ruling that allowed electronic voting machine vendor Election Systems & Software (ES&S) to keep its software, hardware, and related documentation hidden from the voters -- even though experts from both sides agree that something went seriously awry during November's election.

"The court wrongly decided that the voters' legitimate demand to determine who won their election was less important than the remote possibility that an independent investigation by nationally-recognized experts would harm the trade secrets of the vendor," said Electronic Frontier Foundation (EFF) Staff Attorney Matt Zimmerman. "The court could easily have addressed the vendor's concerns the same way trade secret concerns are usually handled in litigation -- by simply issuing a protective order that set limited use of the information to the litigation. The judge had the power to protect the interests of all parties. Unfortunately, in this case, he decided not to use it."

According to the electronic voting machines used during the November general election, more than 18,000 people in Sarasota County -- approximately 15% of the voter turnout -- did not cast a vote for any congressional candidate for the hotly contested seat. Instead of performing a robust analysis of the county's voting machines and software, the Florida Elections Canvassing Commission certified Vern Buchanan as the winner by 363 votes.

The voter plaintiffs' appeal comes days after a key member of the House of Representatives weighed in on the disputed Florida congressional election, saying that not only the litigants but the House of Representatives itself would benefit from more open discovery. On Thursday, the incoming Chairwoman of the House Administration Committee -- which has the responsibility for evaluating any House election contest -- submitted a letter to the Florida First District Court of Appeal noting that the House's evaluation would be assisted by the creation of a complete record, including all relevant and critical evidence.

EFF, VoterAction, People for the American Way Foundation, and the ACLU Foundation of Florida represent 11 Sarasota voters seeking an investigation into likely voting machine malfunctions and a revote if lost votes cannot be recovered. The suit is nonpartisan and not affiliated with either candidate from the race.

For the full request for appeal:
http://www.eff.org/Activism/E-voting/florida/plaintiffs_joinder.pdf

Contact:

Matt Zimmerman
Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

[EFF: Breaking News]

House Encourages Florida Court to Allow Access to E-voting Source Code, Hardware.

Sat, 06 Jan 2007 21:08:53 GMT

House Encourages Florida Court to Allow Access to E-voting Source Code, Hardware.

Another key member of the House of Representatives has weighed in on the disputed Florida Congressional election, saying that not only the litigants but the House itself would benefit from more open discovery. On Thursday, the incoming Chairwoman of the House Administration Committee, which has the responsibility for evaluating any House election contest, submitted a letter to the Florida First District Court of Appeal expressing concern with the inability of the Plaintiffs to pursue their claims.

In her letter, Chairwoman Millender-McDonald (D-CA) stated:

It is [...] of concern that the parties have been unable to agree upon, and that, on December 29th, the lower court declined to order, the requested access to the hardware and software (including the source code) needed to test the contestant's central claim: voting machine malfunction.

Millender-McDonald went on to note that:

[T]he House is well served in its own deliberations by having before it a complete record. Consequently, Florida law will facilitate the evaluation of the election contest pending before the House to the extent that it provides access to relevant and critical evidence. I am confident that this can be done in a way that accommodates the valid interests of the parties, and resolution of these issues may obviate the need for the House to address them.

Millender-McDonald's letter strongly supports the positions taken by District 13 challenger Christine Jennings as well as the eleven Sarasota voters (represented by EFF, VoterAction, People for the American Way Foundation, and the ACLU of Florida) in their separate suit. Florida voters deserve and Florida law requires that challengers be given an opportunity to fully investigate legitimate claims that call into question the integrity of election results.

On December 29, 2006, the trial court denied the Plaintiffs' motions to compel the production of hardware, software, and documentation that would allow the cases to move forward. The Court of Appeals is now considering an appeal that was filed this week.

[EFF: Deep Links]

New fraud concerns over Dutch ballot computers.

Sat, 06 Jan 2007 20:50:32 GMT

New fraud concerns over Dutch ballot computers.

Good enough for local elections

A Dutch plan to use e-voting computers by manufacturer Sdu for the coming provincial elections in March has met with fierce criticism.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

U.S. Bars Lab From Testing Electronic Voting - New York Times

Thu, 04 Jan 2007 16:35:10 GMT

A laboratory that has tested most of the nation's electronic voting systems has been temporarily barred from approving new machines after federal officials found that it was not following its quality-control procedures and could not document that it was conducting all the required tests.

Skip to next paragraph

The company, Ciber Inc. of Greenwood Village, Colo., has also come under fire from analysts hired by New York State over its plans to test new voting machines for the state. New York could eventually spend $200 million to replace its aging lever devices.

Experts on voting systems say the Ciber problems underscore longstanding worries about lax inspections in the secretive world of voting-machine testing. The action by the federal Election Assistance Commission seems certain to fan growing concerns about the reliability and security of the devices.

The commission acted last summer, but the problem was not disclosed then. Officials at the commission and Ciber confirmed the action in recent interviews.

Ciber, the largest tester of the nation's voting machine software, says it is fixing its problems and expects to gain certification soon.

Experts say the deficiencies of the laboratory suggest that crucial features like the vote-counting software and security against hacking may not have been thoroughly tested on many machines now in use.

"What's scary is that we've been using systems in elections that Ciber had certified, and this calls into question those systems that they tested," said Aviel D. Rubin, a computer science professor at Johns Hopkins.

Feds Shut Down E-voting Certification Lab

Thu, 04 Jan 2007 16:31:45 GMT

Feds Shut Down E-voting Certification Lab.

Colorado-based Ciber Inc., the largest laboratory that tests software used in U.S. voting systems, has been temporarily banned from approving new systems following problems discovered last summer by the Election Assistance Commission. In July, the EAC began a new oversight program that increased the level of scrutiny that independent testing authorities ("ITAs") must satisfy in order to be able to review candidate voting systems. The EAC found that Ciber was not following proper quality-control procedures and could not document that it was conducting all the required tests. Ciber's renewed petition for accreditation is currently under EAC review.

The ITA review process, largely closed and funded by voting machine vendors themselves, is regularly criticized for its lack of transparency and procedures that are insufficient to ensure that systems are accurate and secure.

[EFF: Deep Links]

E-Vote Challenge Denied.

Thu, 04 Jan 2007 03:41:53 GMT

E-Vote Challenge Denied. Florida judge rejects candidate's review of ballots as infringing 'trade secrets.' [PC World: Latest Technology News]

Judge rules against Jennings, Democrats to seat Buchanan

Tue, 02 Jan 2007 03:40:28 GMT

TALLAHASSEE -- A judge ruled Friday that congressional aspirant Christine Jennings has no right to examine the programming source code that runs the electronic voting machines at the center of a disputed Southwest Florida congressional race.

Circuit Judge William Gary ruled that Jennings' arguments about the possibility of lost votes were "conjecture," and didn't warrant overriding the trade secrets of the voting machine company.

Democrats in Congress meanwhile, said they'd allow Republican Vern Buchanan to take the seat next Thursday, but with a warning that the inquiry wasn't over and that his hold on it could be temporary.

The state has certified Buchanan the winner of the District 13 race by a scant 369 votes.

The ruling Friday from Judge Gary prevents for now the Jennings camp from being able to use the programming code to try to show voting machines used in Sarasota County malfunctioned. Jennings claims that an unusually large number of undervotes _ ballots that didn't show a vote _ recorded in the race implies the machines lost the votes.

Source Code Access Denied in Disputed Race.

Tue, 02 Jan 2007 03:33:30 GMT

Source Code Access Denied in Disputed Race. MrMetlHed writes "A judge ruled Friday that congressional aspirant Christine Jennings has no right to examine the source code that runs the electronic voting machines at the center of a disputed Southwest Florida congressional race. From the article: 'The ruling Friday from Judge Gary prevents for now the Jennings camp from being able to use the programming code to try to show voting machines used in Sarasota County malfunctioned. Jennings claims that an unusually large number of undervotes (ballots that didn't show a vote) recorded in the race implies the machines lost the votes.' " [Slashdot: Your Rights Online]

Computers, Freedom and Privacy - Montreal, May 1-4 2007

Thu, 28 Dec 2006 23:41:06 GMT

Come to CFP2007 in Montreal, May 1-4 2007. There's a lot at stake.

Soft Coercion and the Secret Ballot.

Mon, 18 Dec 2006 19:23:18 GMT

Soft Coercion and the Secret Ballot.

Today I want to continue our discussion of the secret ballot. (Previous posts: 1, 2.) One purpose of the secret ballot is to prevent coercion: if ballots are strongly secret, then the voter cannot produce evidence of how he voted, allowing him to lie safely to the would-be coercer about how he voted.

Talk about coercion usually centers on lead-pipe scenarios, where somebody issues a direct threat to a voter. Nice kneecaps you have there [sigma] be a shame if something unfortunate should happen to them.

But coercion needn[base ']t be so direct. Consider this scenario: Big Johnny is a powerful man in town. Disturbing rumors swirl around him, but nothing has ever been proven. Big Johnny is pals with the mayor, and it[base ']s no secret that Big Johnny wants the mayor reelected. The word goes around town that Big Johnny can tell how you vote, though nobody is quite sure how he does it. When you get to the polling place, Big Johnny[base ']s cousin is one of the poll workers. You[base ']re no fan of the mayor, but you don[base ']t know much about his opponent. How do you vote?

What[base ']s interesting about this scenario is that it doesn[base ']t require Big Johnny to do anything. No lawbreaking is necessary, and the scheme works even if Big Johnny can[base ']t actually tell how you vote, as long as the rumor that he can is at all plausible. You[base ']re free to vote for the other guy, but Big Johnny[base ']s influence will tend to push your vote toward the mayor. It[base ']s soft coercion.

This sort of scheme would work today. E-voting systems are far from transparent. Do you know what is recorded in the machine[base ']s memory cartridge? Big Johnny[base ']s pals can get the cartridge. Is your vote time-stamped? Big Johnny[base ']s cousin knows when you voted. Are the votes recorded in the order they were cast? Big Johnny[base ']s cousin knows that you were the 37th voter today.

Paper ballots aren[base ']t immune to such problems, either. Are you sure the blank paper ballot they gave you wasn[base ']t marked? Remember: scanners can see things you can[base ']t. And high-res scanners might be able to recognize tiny imperfections in that sheet of paper, or distinctive ink-splatters in its printing. Sure, the ballots are counted by hand, right there in the precinct, but what happens to them afterward?

There[base ']s no perfect defense against this problem, but a good start is to insist on transparency in the election technology, and to research useful technologies and procedures. It[base ']s a hard problem, and we have a long way to go.

[Freedom to Tinker]

Tuesday Hearing on Critical E-Voting Evidence in Flawed Florida Election.

Mon, 18 Dec 2006 19:18:28 GMT

Tuesday Hearing on Critical E-Voting Evidence in Flawed Florida Election.

Search for Thousands of Missing Votes in Sarasota County Congressional Race

Tallahassee, Fla. - On Tuesday, December 19th, at 1 p.m., a state judge in Tallahassee, Florida, will consider whether representatives of Florida voters will gain access to voting machines and software in a contested election for the U.S. House of Representatives seat for Florida's 13th congressional district.

The Electronic Frontier Foundation (EFF) and other election advocacy groups last month filed suit on behalf of Sarasota County voters [^] both Republicans and Democrats [^] and are demanding a thorough investigation into potential electronic voting machine malfunctions. State and local election officials, however, continue to object to making the electronic voting machines and software available for examination. Tuesday's hearing will consider, among other issues, whether such materials must be made available to outside experts.

According to the electronic voting machines used during the November general election, more than 18,000 people in Sarasota County [^] approximately 15% of the voter turnout [^] did not cast a vote for any congressional candidate for this hotly contested seat. Instead of performing a robust analysis of the County's voting machines and software, the Florida Elections Canvassing Commission certified Vern Buchanan as the winner by 363 votes. The voters' lawsuit contends that thousands of voters were likely disenfranchised by machine-related problems.

WHAT:
Fedder v. Gallagher

WHEN:
1 p.m.
Tuesday, December 19

WHERE:
Leon County Courthouse
301 S. Monroe St.
Tallahassee, FL 32301

For more on the Florida lawsuit:
http://www.eff.org/news/archives/2006_11.php#005020

For more on EFF's E-Voting work:
http://www.eff.org/Activism/E-voting/

Contacts:

Matt Zimmerman
Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

[EFF: Breaking News]

Voting, Secrecy, and Phonecams.

Thu, 14 Dec 2006 19:09:56 GMT

Voting, Secrecy, and Phonecams.

Yesterday I wrote about the recent erosion of the secret ballot. One cause is the change in voting technology, especially voting by mail. But even if we don[base ']t change our voting technology at all, changes in other technologies are still eroding the secret ballot.

Phonecams are a good example. You probably carry into the voting booth a silent camera, built into a mobile phone, that can transmit photos around the world within seconds. Many phones can shoot movies, making it even easier to document your vote. Here is an example shot in 2004.

Could such a video be faked? Probably. But if your employer or union boss threatens your job unless you deliver a video of yourself voting [base "]correctly[per thou], will you bet your job that your fake video won[base ']t be detected? I doubt it.

This kind of video recording subverts the purpose of the voting booth. The booth is designed to ensure the secret ballot by protecting voters from being observed while voting. Now a voter can exploit the privacy of the voting booth to create evidence of his vote. It[base ']s not an exact reversal [~] at least the phonecam attack requires the voter[base ']s participation [~] but it[base ']s close.

One oft-suggested approach to fighting this problem is to have a way to revise your vote later, or to vote more than once with only one of the votes being real. This approach sounds promising at first, but it seems to cause other problems.

For example, imagine that you can get as many absentee ballots as you want, but only one of them counts and the others will be ignored. Now if somebody sees you complete and mail in a ballot, they can[base ']t tell whether they saw your real vote. But if this is going to work, there must be no way to tell, just by looking at a ballot, whether it is real. The Board of Elections can[base ']t send you an official letter saying which ballot is the real one [~] if they did, you could show that letter to a third party. (They could send you multiple letters, but that wouldn[base ']t help [~] how could you tell which letter was the real one?) They can notify you orally, in person, but that makes it harder to get a ballot and lets the clerk at the Board of Elections quietly disenfranchise you by lying about which ballot is real.

(I[base ']m not saying this problem is impossible to solve, only that (a) it[base ']s harder than you might expect, and (b) I don[base ']t know a solution.)

Approaches where you can cancel or revise your vote later have similar problems. There can[base ']t be a [base "]this is my final answer[per thou] button, because you could record yourself pushing it. But if there is no way to rule out later revisions to your vote, then you have to worry about somebody else coming along later and changing your vote.

Perhaps the hardest problem in voting system design is how to reconcile the secret ballot with accuracy. Methods that protect secrecy tend to undermine accuracy, and vice versa. Clever design is needed to get enough secrecy and enough accuracy at the same time. Technology seems to be making this tradeoff even nastier.

[Freedom to Tinker]

Erosion of the Secret Ballot

Tue, 12 Dec 2006 18:15:33 GMT

Erosion of the Secret Ballot.

Voting technology has changed greatly in recent years, leading to problems with accuracy and auditability. These are important, but another trend has gotten less attention: the gradual erosion of the secret ballot.

It[base ']s useful to distinguish two separate conceptions of the secret ballot. Let[base ']s define weak secrecy to mean that the voter has the option of keeping his ballot secret, and strong secrecy to mean that the voter is forced to keep his ballot secret. To put it another way, weak secrecy means the ballot is secret if the voter cooperates in maintaining its secrecy; strong secrecy means the ballot is secret even if the voter wants to reveal it.

The difference is important. No system can stop a voter from telling somebody how he voted. But strong secrecy prevents the voter from proving how he voted, whereas weak secrecy does not rule out such a proof. Strong secrecy therefore deters vote buying and coercion, by stopping a vote buyer from confirming that he is getting what he wants [~] a voter can take the payment, or pretend to knuckle under to the coercion, while still voting however he likes. With weak secrecy, the buyer or coercer can demand proof.

In theory, our electoral system is supposed to provide strong secrecy, as a corrective to an unfortunate history of vote buying and coercion. But in practice, our system provides only weak secrecy.

The main culprit is voting by mail. A mail-in absentee ballot is only weakly secret, the voter can mark and mail the ballot in front of a third party, or the voter can just give the blank ballot to the third party to be filled out. Any voter who wants to reveal his vote can request an absentee ballot. (Some states allow absentee voting only for specific reasons, but in practice people who are willing to sell their votes will also be willing to lie about their justification for absentee voting.)

Strong secrecy seems to require the voter to cast his ballot in a private booth, which can only be guaranteed at an officially run polling place.

The trend toward voting by mail is just one of the forces eroding the secret ballot. Some e-voting technologies fail to provide even weak secrecy, for example by recording ballots in the order they were cast, thereby allowing officials or pollwatchers who record the order of voters[base '] appearance (as happens in many places) to connect each recorded vote to a voter.

Worse yet, even if a complex voting technology does protect secrecy, this may do little good if voters aren[base ']t confident that the system really protects them. If everybody [base "]knows[per thou] that the party boss can tell who votes the wrong way, the value of secrecy will be lost no matter what the technology does. For this reason, the trend toward complex black-box technologies may neutralize the benefits of secrecy.

If secrecy is being eroded, we can respond by trying to restore it, or we can decide instead to give up on secrecy or fall back to weak secrecy. Merely pretending to enforce strong secrecy looks like a recipe for bad policy.

(Thanks to Alex Halderman and Harlan Yu for helpful conversations on this topic.)

[Freedom to Tinker]

E-Voting Whistleblower Deserves Medal, Gets Punished.

Tue, 12 Dec 2006 01:41:20 GMT

E-Voting Whistleblower Deserves Medal, Gets Punished.

The need for e-voting reform is now widely-recognized, as this Friday's front page story in the New York Times demonstrates. Along with many other people deserving credit for bringing this issue to the fore, you'd think that whistleblowers like Stephen Heller would be unanimously celebrated. Unfortunately, you'd be mistaken.

In 2004, Heller leaked documents showing that Diebold Election Systems used uncertified software in California elections even though it knew that doing so was likely illegal. The documents outraged voters and spurred instant media coverage for an issue that, at that time, was largely ignored. For defending Californians' fundamental right to vote, Heller deserves a medal from the state.

Instead, Heller has been facing criminal charges and threats by Diebold's lawyers to sue him for multimillion dollar damages. Last month, Heller accepted a plea agreement of three years probation and a $10,000 payment to lawyers at Jones Day.

This sad outcome could only be made worse if Heller's virtuous aims remain unfulfilled and votes continue to be cast on flawed machines. EFF is pushing for voting reform around the country, including in our recent lawsuit in Sarasota, Florida. You can support reform, too, by writing to your representatives through our Action Center.

[EFF: Deep Links]

NIST Recommends Not Certifying Paperless Voting Machines.

Thu, 07 Dec 2006 17:18:38 GMT

NIST Recommends Not Certifying Paperless Voting Machines.

In an important development in e-voting policy, NIST has issued a report recommending that the next-generation federal voting-machine standards be written to prevent (re-)certification of today[base ']s paperless e-voting systems. (NIST is the National Institute of Standards and Technology, a government agency, previously called the National Bureau of Standards, that is a leading source of independent technology expertise in the U.S. government.) The report is a recommendation to another government body, the Technical Guidelines Development Committee (TGDC), which is drafting the 2007 federal voting-machine standards. The new report is notable for its direct tone and unequivocal recommendation against unverifiable paperless voting systems, and for being a recommendation of NIST itself and not just of the report[base ']s individual authors.

[UPDATE (Dec. 2): NIST has now modified the document[base ']s text, for example by removing the [base "]NIST recommends[sigma][per thou] language in some places and adding a preface saying it is only a discussion draft.]

The key concept in the report is software independence.

A voting system is software-independent if a previously undetected change or error in its software cannot cause an undetectable change or error in an election outcome. In other words, it can be positively determined whether the voting system[base ']s (typically, electronic) CVRs [cast-vote records] are accurate as cast by the voter or in error.

This gets to the heart of the problem with paperless voting: we can[base ']t be sure the software in the machines on election day will work as expected. It[base ']s difficult to tell for sure which software is present, and even if we do know which software is there we cannot be sure it will behave correctly. Today[base ']s paperless e-voting systems (known as DREs) are not software-independent.

NIST does not known how to write testable requirements to make DREs secure, and NIST[base ']s recommendation to the STS [a subcommittee of the TGDC] is that the DRE in practical terms cannot be made secure. Consequently, NIST and the STS recommend that [the 2007 federal voting standard] should require voting systems to be [software independent].

In other words, NIST recommends that the 2007 standard should be written to exclude DREs.

Though the software-independence requirement and condemnation of DREs as unsecureable will rightly get most of the attention, the report makes three other good recommendations. First, attention should be paid to improving the usability and accessibility of voting systems that use paper. Second, the 2007 standard should include high-level discussion of new approaches to software independence, such as fancy cryptographic methods. Third, more research is needed to develop new kinds of voting technologies, with special attention paid to improving usability.

Years from now, when we look back on the recent DRE fad with what-were-we-thinking hindsight, we[base ']ll see this NIST report as a turning point.

[Freedom to Tinker]

Federal voting-machine standards - Paper Trail Standard Advances.

Thu, 07 Dec 2006 17:08:10 GMT

Paper Trail Standard Advances.

On Tuesday, the Technical Guidelines Development Committee (TGDC), the group drafting the next-generation Federal voting-machine standards, voted unanimously to have the standards require that new voting machines be software-independent, which in practice requires them to have some kind of paper trail.

(Officially, TGDC is drafting [base "]guidelines[per thou], but the states generally require compliance with the guidelines, so they are de facto standards. For brevity, I[base ']ll call them standards.)

The first attempt to pass such a requirement failed on Monday, on a 6-6 vote; but a modified version passed unanimously on Tuesday. The most interesting modification was an exception for existing machines: new machines will have to be software-independent but already existing machines won[base ']Äôt. There[base ']Äôs no scientific or security rationale for treating new and old machines differently, so this is clearly a political compromise designed to lower the cost of compliance by sacrificing some security.

If you believe, as almost all computer scientists do, that paper trails are necessary today for security, you[base ']Äôll be happy to see the requirement for new machines, but disappointed that existing paperless voting machines will be allowed to persist.

Whether you see the glass as half full or half empty depends on whether you see the quest for paper trails as mainly legal or mainly political, that is, whether you look to courts or legislatures for progress.

In court, the exception for existing machines will be strong, assuming it[base ']Äôs written clearly into the standard. It will be hard to get rid of the old machines by filing lawsuits, or at least the new standards won[base ']Äôt be useful in court. If anything, the new standards may be seen as ratifying the decision to stick with old, insecure machines.

In legislatures, on the other hand, the standard will be an official ratification of the fact that paper trails are preferable. The latest, greatest technology will use paper trails, and paperless designs will look old-fashioned. The exception for old machines will look like a money-saving compromise, and few legislators will want to be seen as risking democracy to save money.

As for me, I see legislatures more than courts, and politics more than lawyering, as driving the trend toward paper trails. Thirty-five states either have a paper trail statewide or require one to be adopted by 2008. The glass is already 70% full, and the new standards will help fill it the rest of the way.

[Freedom to Tinker]

Major Ohio County Reconsiders E-Voting.

Fri, 01 Dec 2006 19:53:28 GMT

Major Ohio County Reconsiders E-Voting.

After another election with flawed touch-screen electronic voting machines, Cuyahoga County, Ohio may say enough is enough. The AP reports:

"The commissioners of the state's most populous county are considering getting rid of touch-screen voting machines and putting in a new system for the presidential election in 2008.
"Cuyahoga County spent $14 million on the Nov. 7 election and cannot afford to spend that much every time voters go to the polls, especially the high volume that a presidential race generates, commissioners Tim Hagan and Jimmy Dimora said."

More and more, election officials and voters are starting to see the pitfalls of e-voting and pursue real reform. Recently, EFF and a coalition of voting integrity groups, representing Sarasota County voters, filed suit in state court in Tallahassee asking for a re-vote in Florida's 13th congressional district. Learn more about the suit here.

[EFF: Deep Links]

E-voting 2006: A touch screen, a missing vote, a mystery in Arkansas.

Wed, 15 Nov 2006 05:12:32 GMT

E-voting 2006: A touch screen, a missing vote, a mystery in Arkansas. A mayoral candidate in Waldenburg, Ark., is trying to figure out why the vote he cast for himself on Election Day wasn't counted. In fact, when all the votes were in, he didn't have any votes at all. [Computerworld Privacy News]

ABC News: Candidate: Zero Vote Tally Off - by 1

Mon, 13 Nov 2006 22:32:04 GMT

WALDENBURG, Ark. Nov 11, 2006 (AP)-- Randy Wooten figured he'd get at least one vote in his bid for mayor of this town of 80 people even if it was just his own.

He didn't. Now he has to decide whether to file a formal protest.

Wooten got the news from his wife, Roxanne, who went to City Hall on Wednesday to see the election results.

"She saw my name with zero votes by it. She came home and asked me if I had voted for myself or not. I told her I did," said Wooten, owner of a local bar.

However, Poinsett County results reported Wednesday showed incumbent William H. Wood with 18 votes, challenger Ronnie Chatman with 18 votes and Wooten with zero.

"I had at least eight or nine people who said they voted for me, so something is wrong with this picture," Wooten said.

Man's Vote for Himself Missing In E-Vote Count.

Mon, 13 Nov 2006 22:27:22 GMT

Man's Vote for Himself Missing In E-Vote Count. Catbeller writes "The AP is reporting that Randy Wooten, mayoral candidate for Waldenburg Arkansas (a town of eighty people) discovered that the electronic voting system hadn't registered the one vote he knew had been cast for him ... because he cast it himself. The Machine gave him zero votes. That would be an error rate of 3%, counting the actual votes cast [~] 18 and 18 for a total of 36." From the article: "Poinsett County Election Commissioner Junaway Payne said the issue had been discussed but no action taken yet. 'It's our understanding from talking with the secretary of state's office that a court order would have to be obtained in order to open the machine and check the totals,' Payne said. 'The votes were cast on an electronic voting machine, but paper ballots were available.'" [Slashdot: Your Rights Online]

Florida 'Missing' 18,000 E-Votes in Close Race.

Fri, 10 Nov 2006 22:28:15 GMT

Florida 'Missing' 18,000 E-Votes in Close Race. Irregularities in Sarasota County House of Representatives race spur Florida recount and calls for revote. [PC World: Latest Technology News]

Some voters saying machines lack privacy

Fri, 10 Nov 2006 01:49:07 GMT

With all the privacy of a walk-up ATM, but little of the protocol, electronic voting machines on Tuesday left some people feeling exposed.

Many voters said they found the touch-screen machines easy to read and easy to use. But they also complained of a lack of privacy and pined for the seclusion of the old-style voting booth.

With the new machines lined up close together in crowded polling places -- and offering bright, readable screens -- some felt as if they were voting for an audience.

Electronic Voting Machine Headaches Shut Out Citizens.

Thu, 09 Nov 2006 05:46:56 GMT

Electronic Voting Machine Headaches Shut Out Citizens.

Delays Mean Long Lines for Voters in Florida, Utah, and Other States

San Francisco - Problems with electronic voting machine failures kept some polls from opening, created long lines, and left many voters puzzled about whether their votes were counted in Tuesday's high stakes election.

The Electronic Frontier Foundation (EFF) joined a nationwide team of technology lawyers and other experts staffing nationwide call centers and legal command posts on Election Day. The volunteers chronicled election problems, assisted voters, and worked with election officials to pull malfunctioning machines wherever possible. By 8:00 pm ET on Tuesday, over 17,000 incidents, including machine-related problems, had been reported to the Election Protection Coalition's 866-OUR-VOTE hotline.

The types of machine problems reported to EFF volunteers were wide-ranging in both size and scope. Polls opened late for machine-related reasons in polling places throughout the country, including Ohio, Florida, Georgia, Virginia, Utah, Indiana, Illinois, Tennessee, and California. In Broward County, Florida, voting machines failed to start up at one polling place, leaving some citizens unable to cast votes for hours. EFF and the Election Protection Coalition sought to keep the polling place open late to accommodate voters frustrated by the delays, but the officials refused. In Utah County, Utah, more than 100 precincts opened one to two hours late on Tuesday due to problems with machines. Both county and state election officials refused to keep polling stations open longer to make up for the lost time, and a judge also turned down a voter's plea for extended hours brought by EFF.

"If election officials insist on depending on this unreliable technology, they should be prepared to react appropriately when things go wrong," said EFF Legal Director Cindy Cohn. "Voters should not have to bear the brunt of this poor planning. We are very disappointed that the court did not recognize that."

"Jumping vote" problems -- touchscreen machines displaying selections not intended by voters -- once again appeared across the country and across machine models. Some voters again encountered difficulty making or changing selections on touchscreen machines, resulting in long lines and frustrated voters leaving polling places. Optical scan machines also broke down in many places, most prominently in Cook County, Illinois, but also in Los Angeles, California, also leading to long delays for voters.

The national monitoring campaign was developed after many states hastily implemented flawed electronic voting machines and related election procedures. Twenty-three states still do not require a paper record of all votes, despite the demonstrated technical failures of e-voting machines in the 2004 presidential election. Without a record, voters cannot verify that the e-voting machines are recording their votes as intended, and election officials cannot conduct recounts. In addition, most of these machines use "black box" software that hasn't been publicly reviewed for security.

But poorly designed systems are not the only problem. Most election workers remain woefully under-trained regarding potential e-voting problems. Vendor technicians frequently have unsupervised access to voting equipment, and local election officials routinely deny attempts to examine e-voting audit data.

Along with supporting local election reform, EFF has helped Congressional Rep. Rush Holt's Voter Confidence and Increased Accessibility Act garner immense, bipartisan support. The bill contains several critically important election reforms, including the requirement of a paper trail for all electronic voting machines, random audits, and public availability of all code used in elections.

"Voters deserve these practical election reforms -- not long lines and unverifiable results," said EFF Staff Attorney Matt Zimmerman.

For the latest election news:
http://www.eff.org/deeplinks/

For more on EFF's e-voting efforts:
http://www.eff.org/Activism/E-voting/

Contacts:

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Matt Zimmerman
Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

[EFF: Breaking News]

Lack of E-Voting Paper Trail Precludes Full Recount in Virginia, Elsewhere.

Thu, 09 Nov 2006 03:10:29 GMT

Lack of E-Voting Paper Trail Precludes Full Recount in Virginia, Elsewhere.

Many Virginians were among the millions of voters nationwide that cast their votes on electronic voting machines which lack paper trails. Voters thus could not verify that their votes were accurately recorded, and election officials will not be able to conduct a full and thorough recount.

That's bad enough, and with the close margin in Virginia's Senate race and the U.S. Senate at stake, it is especially tragic for the entire country, regardless of who is ultimately declared the winner. Simple precautions could have been taken to prevent this and myriad other e-voting problems. Indeed, Montana fortunately requires a paper trail, which could aid a recount in its tight Senate race.

Thankfully, there's an existing solution for the whole country: Rep. Rush Holt's Voter Confidence and Increased Accessibility Act (HR 550) contains several critically important election reforms, including the requirement of a paper audit trail for all electronic voting machines, random audits, and public availability of all code used in elections. The bill has gained the support of 220 bipartisan cosponsors, and, according to Holt, it even has a chance to pass before the next Congress takes office in January.

Make your voice heard on HR 550 now using the form below and tell Congress to support this crucial reform.

Listen to our podcast interview with Holt here.

[EFF: Deep Links]

E-Voting Problems in Tight Florida Race.

Thu, 09 Nov 2006 03:08:37 GMT

E-Voting Problems in Tight Florida Race.

A detailed report in Wednesday's Sarasota Herald-Tribune raises some important questions about touchscreen voting and a congressional race there that could be missing votes.

The paper reports that as of Wednesday morning, Republican Vern Buchanan had a lead of a few hundred votes over Democrat Christine Jennings in the battle for Florida's 13th Congressional District. But in about 13% of the ballots cast, there was no vote in the congressional race at all. So while 87,797 in Sarasota County voted in the Florida senate race, only 76,549 made a choice in the congressional race. That's also about 3,000 fewer people than voted in the local hospital board election, according to the report.

The Jennings campaign says voters complained throughout the day Tuesday about votes not registering properly in the congressional election. Supervisor of Elections Kathy Dent says nothing went wrong with the machines, but, without a paper trail, there's no way of knowing for sure that votes are accurately counted as cast. Voters in that county chose yesterday to scrap the machines in favor of paper ballots by 2008, but that can't remove the shadow e-voting machines cast over this election.

[EFF: Deep Links]

E-Voting Glitches Already Abound in Election 2006.

Thu, 09 Nov 2006 00:41:49 GMT

E-Voting Glitches Already Abound in Election 2006.

As early voting has started in states across the country, electronic voting machine problems are already being widely reported. For instance, machines in apparently Arkansas, Florida, and Texas have flipped votes; voters attempted to select a particular candidate, but the machine incorrectly indicated a vote for the opponent. The Chicago Sun-Times reports that this problem and a host of others occurring in Illinois. Meanwhile, five counties in Florida report that their machines are mistakenly set to stop recording votes one hour prior to the end of election day.

And that's just a few of the stories we're hearing. Sometimes, machine glitches can be identified and addressed before they cause any votes to be lost or incorrectly recorded. Unfortunately, election workers remain woefully under-trained regarding potential e-voting problems.

Case in point: election officials in Ohio reportedly used e-voting memory cards in ordinary laptops, exposing them to possible security threats. We hope no harm comes of this particular mistake, but, when it comes to the next e-voting impropriety, voters might not be so lucky.

All of these problems underline, once again, why a voter verifiable paper trail is necessary.

We'll continue to keep you posted on e-voting problems throughout Election 2006.

(Hat tip: VotersUnite.org, which provided links to the news reports in this post.)

[EFF: Deep Links]

Line Noise Podcast Election Special.

Thu, 09 Nov 2006 00:34:17 GMT

Line Noise Podcast Election Special.

As America goes to the polls, EFF's own podcast, Line Noise, returns with an interview with Representative Rush Holt, the politician behind the "gold standard" of e-voting reforms - a plan to introduce voter-verified paper records, public source releases, and random audits to all US electronic voting machines.

You can listen in glorious MP3, vibrant Ogg, or subscribe to our ongoing podcast feeds. We're also available via iTunes.

[EFF: Deep Links]

Excellent Election Day Law FAQ For Online Journalists.

Thu, 09 Nov 2006 00:32:53 GMT

Excellent Election Day Law FAQ For Online Journalists.

In collaboration with the Center for Citizen Media, the Stanford Center for Internet Society has published an excellent election day law FAQ, including information on taking photos or videos at polling places. Check it out here and here, and stay tuned to that blog for more answers to your questions.

[EFF: Deep Links]

AP: "Technical glitches reported in early voting".

Thu, 09 Nov 2006 00:30:43 GMT

AP: "Technical glitches reported in early voting".

AP has a round-up of some early election activity:

"About a third of voters were using new equipment, and problems in several states were reported right out of the gate. The government deployed a record number of poll watchers to the many competitive races across the country.
"Glitches delayed balloting in dozens of Indiana and Ohio precincts, and Illinois officials were swamped with calls from voters complaining that poll workers did not know how to operate new electronic equipment.

"In Delaware County, Indiana, officials planned to seek a court order to extend voting after an apparent computer error prevented voters from casting ballots in 75 precincts.

"Florida officials, working to avoid a repeat of the vote-counting debacle of 2000, fielded extra voting machines, paper ballots and poll workers.

"In the Jacksonville suburb of Orange Park, Florida, voters were forced to use paper ballots after an electronic machine broke."

Update:Here's another round-up posted at 3 ET.

[EFF: Deep Links]

EFF Defends Your Right to Vote on Election Day 2006.

Wed, 01 Nov 2006 06:27:16 GMT

EFF Defends Your Right to Vote on Election Day 2006.

Hoping for a quiet, orderly election day? Dream on. In recent days -- a full week before most Americans go to the polls -- election observers have already reported problems with electronic voting machines:

Selections made on Diebold touchscreen voting machines in Florida have registered for the wrong candidate, evoking widespread reports of similar problems in 2004.
Hart Intercivic voting machines in Virginia are truncating the names of several candidates on the summary page, including the name of Democratic candidate for the U.S. Senate James H. "Jim" Webb, whose name appears as "James H. 'Jim.'"

This year's election will feature hot races for no fewer than sixty House and a dozen Senate seats, along with a slew of contested state and local races. With many races likely to come down to the wire, election irregularities could lead to disaster.

Along with our partners in the Election Protection Coalition and numerous volunteers, EFF will once again be on the front lines to ensure that voters' ballots are counted as cast. We will help solve technology-related problems at the polls, document voting machine-related incidents for future examination, and bring any legal action that might be required by equipment failures.

EFF today released Electronic Voting Machine Information Sheets that give election observers (and the general public) a quick glimpse into how today's voting equipment works as well as the types of problems that have been reported about these systems in the past. EFF is also investigating reports of voting equipment irregularities and discussing them with on-the-ground observers as well as election officials. Finally, in case something does indeed go wrong next Tuesday, EFF and its partners are preparing legal pleadings that will allow us to go to court to keep polls open, to halt the use of malfunctioning equipment, or stop illegal or erroneous practices by election officials.

If you encounter any type of problems on election day, call the Election Protection Hotline at (866) OUR-VOTE. With your help, we'll be able to help protect voters in the short term as well as continue to improve the accuracy, integrity, and transparency of voting technology over the long term.

[EFF: Deep Links]

Stats Expert: Paperless Voting Spells Disaster in Election 06.

Tue, 31 Oct 2006 15:24:52 GMT

Stats Expert: Paperless Voting Spells Disaster in Election 06.

Statisticians are trained experts in data collection, so it's worth paying special attention to the American Statistical Association President's timely letter [PDF] about accurately counting votes in the upcoming national election. President Sallie Keller-McNulty warns that, "[W]e can expect between five to twenty federal elections and dozens of local elections to be ... too close to call." "To resolve close elections" and make sure every vote is accurately counted, election officials must be ready to do "real recounts (cross-checking paper records against official tabulations), not just rereading machine totals" and perform "random audits in all localities."

We couldn't have said it better ourselves. Tragically, millions of votes will be cast on e-voting machines that lack voter verified paper records, and of those that will be, even fewer will use those records during recounts or audits. As the letter points out, and as has long been made painfully obvious in previous elections, merely rereading machine totals is not a "real recount."

The American Statistical Association has offered to provide more information on improving the process of elections. We hope that election officials across the country (as well as legislators) will take them up on the offer.

Learn more about how EFF is fighting to protect your right to vote.

[EFF: Deep Links]

Florida ballot terminals favor Republicans.

Tue, 31 Oct 2006 15:01:54 GMT

Florida ballot terminals favor Republicans.

Even when voters don't

Florida voters using electronic ballot machines are having persistent problems choosing Democrats in early elections, the Miami Herald reports.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Slashdot | How to Hack the Vote and Steal the Election

Thu, 26 Oct 2006 19:37:33 GMT

divisionbyzero writes "Many people have asked for it so that the government will have to deal with it. So here it is: a guide to stealing an election that uses electronic voting machines written by Jon Stokes over at Arstechnica. From the article: "In all this time, I've yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are, six years after the Florida recount. So now it's time to hit the panic button: In this article, I'm going to show you how to steal an election.""

Slashdot | New Campaign Tactic - Google Bombing

Thu, 26 Oct 2006 19:30:50 GMT

jeian writes "My Direct Democracy, a liberal group blog, is trying out a new campaign tactic -- Google bombing. From the New York Times article: 'Searching Google for Peter King, the Republican congressman from Long Island, would bring up a link to a Newsday article headlined King Endorses Ethnic Profiling.' Google's policy has typically been to not intervene and let the algorithms work by themselves, but could this change if Google-bombing becomes a common tactic?"

Slashdot | Quebec Bans Electronic Voting

Wed, 25 Oct 2006 19:39:16 GMT

gfilion writes "The Chief Electoral Officer of QuÃ©bec tabled an evaluation report that makes a troubling diagnosis of the problems that occurred during the municipal elections of November 6, 2005, in some of the 162 QuÃ©bec municipalities that used electronic voting. He says: "Not only did the systems fail, but the corrective measure proposed were insufficient, poorly adapted and often came too late." There was a moratorium on electronic voting prior to the November 6 election, it will be extented for future elections."

Chaos Computer Club condemns e-voting machine.

Wed, 11 Oct 2006 03:57:02 GMT

Chaos Computer Club condemns e-voting machine.

Flaws detected

The German Computer Chaos Club, Europe's largest hacker group, has called for a ban on the Nedap ES3B voting machine and similar computers after a Dutch citizens group found flaws in the dated e-voting machine.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Security Analysis (and Response) of Diebold Voting Machines.

Sat, 23 Sep 2006 22:18:27 GMT

Security Analysis (and Response) of Diebold Voting Machines.

Ari Feldman, Alex Halderman, and Ed Felton released an amazing paper on the security of Dielbold's e-voting technology. The paper is accompanied by a ten-minute video that demonstrates some of the vulnerabilities they've uncovered. Here is the paper's abstract:

Security Analysis of the Diebold AccuVote-TS Voting Machine

Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten
Princeton University

This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities -- a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.

Along with the various weaknesses they discuss in the paper, Felton later discovered that the lock "securing" the machine's components from outside tampering could be opened with a standard hotel mini-bar key. Unbelievable.

Predictably, Dielbold responded (PDF) with their PR team in full spin mode, but Felton easily dispenses with their generally off-point retorts. Felton's conclusion:

Secure voting equipment and adequate testing would assure accurate voting -- if we had them. To our knowledge, every independent third party analysis of the AccuVote-TS has found serious problems, including the Hopkins/Rice report, the SAIC report, the RABA report, the Compuware report, and now our report. Diebold ignores all of these results, and still tries to prevent third-party studies of its system.

If Diebold really believes its latest systems are secure, it should allow third parties like us to evaluate them.

[michaelzimmer.org]

Freedom to Tinker - Security Analysis of the Diebold AccuVote-TS Voting Machine

Thu, 14 Sep 2006 17:29:14 GMT

Today, Ari Feldman, Alex Halderman, and I released a paper on the security of e-voting technology. The paper is accompanied by a ten-minute video that demonstrates some of the vulnerabilities and attacks we discuss. Here is the paper's abstract:

Security Analysis of the Diebold AccuVote-TS Voting Machine

Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten
Princeton University

This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities -- a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.

Voting Security Attacked In Court Again.

Fri, 04 Aug 2006 21:55:55 GMT

Voting Security Attacked In Court Again.

Here we go again. Despite all of our efforts to dispel the false dichotomy between secure voting and accessible voting, a shrinking but vocal minority of the disability rights community continues to take steps to prevent more secure voting by claiming that it will violate the rights of the disabled. They've now filed a federal lawsuit in San Francisco, called PVA v. McPherson, to try to turn back the clock -- and force Californians back into insecure, inauditable voting systems. This argument was wrong when it was rejected by a federal judge in 2004 and it's still wrong now.

[EFF: Deep Links]

Slashdot | Voting Isn't Easy, Even if Cheating Is

Wed, 02 Aug 2006 16:29:56 GMT

The Open Voting Foundation's disclsosure that only one switch need be flipped to allow the machine to boot from an unverified external flash drive instead of the built-in, verified EEPROM drew more than 600 comments; some of the most interesting ones are below, in today's Backslash story summary.

Worst Ever Security Flaw in Diebold Voting Machine.

Wed, 02 Aug 2006 16:28:00 GMT

Worst Ever Security Flaw in Diebold Voting Machine. WhiteDragon writes "The folks at Open Voting Foundation got their hands on a Diebold AccuVote TS touchscreen voting machine. They took it apart (pictures here), and found the most serious security flaw ever discovered in this machine. A single switch is all that is required to cause the machine to boot an unverified external flash instead of the built-in, verified EEPROM." [Slashdot: Your Rights Online]

WEAU | Voter Privacy Becoming an Issue

Fri, 28 Jul 2006 15:35:58 GMT

With a revised policy on voting in Wisconsin, a government watchdog group now says allowing a unique voter identification number to be made public violates state privacy laws.