Voter ID Bill Out of Committee; Smith Believes it Will Fail (Just Like He Wanted)

Well I hope it does fail (5.00 / 1)

It's a horrible bill.  It has absolutely no purpose as good public policy.  There are serious election issues that do rise to the level of "crisis".  In person voter impersonation is not one of them.

• The majority of voters in Texas vote on paperless e-voting systems that provide no independent means to verify the vote tally.  The vote tally is provided by the same software that runs the election. Some software that we know is insecure.

• Texas is ranked 46th in turnout in the nation. Figures from the 2008 general election.

• We rank 42nd in voter registration of eligible population according to census data.

• Provisional ballot rejection rates in Texas are almost 80% where the average for the rest of the country is 20%.

• Registration rates under the NVRA (National Voter Registration Act) have fallen off 80% in Texas since the initial implementation.
  

Those items are crisis level election issues that threaten our democracy.

---

by: sonia @ Mon May 11, 2009 at 19:37:07 PM UTC

Better and worse systems of paperless voting (5.00 / 1)

I'm on the Travis County Elections Study Group, charged with advising the county on our next election system. I went into our first meeting with a lot of doubts about the security of electronic voting. After seeing how Travis County actually handles ballot security, I was largely won over. Among the security measures they use:

1) Voting machines are programmed well ahead of time, and then thoroughly tested. Travis County Elections runs a mock election with about 8,000 votes cast, with the "voters" (actually employees) videotaped as they cast their votes, and the tabulated results are compared with how people actually voted. This is done out in the open, with the public welcome to watch.  (The biggest fear isn't vote-stealing but programming bugs. You need to make sure that all sorts of special features, from straight-party voting to write-ins, are handled correctly.)

2) The programs are hash tested, meaning that there are several numerical fingerprints of the program as it was entered. The machines are re-tested after the election to make sure that their programs haven't been altered in the mean time.

3) Once programmed and tested, the voting machines are completely isolated from the rest of the world. No wireless, no physical connection, nothing. Not only are they thoroughly locked down, but the seals are labeled, and are only broken in the presence of sheriff's deputies (or constables, depending on the situation), who record the numbers of the broken seals, and the numbers of the seals that replace them. The chain of physical custody is amazing.

4) On election day, machines at a random precinct are pulled and checked for tampering.

That's not a complete list of security measures, but it gives you an idea. Dana DeBeauvoir and her team make a point of being paranoid, and therefore being prepared.

That's not to say that all electronic systems are safe. We need stricter laws that get other jurisdictions to follow many of Travis' safety procedures. And yes, the ESG is looking into possibilities for a paper trail that allows for independent verification of election results! The difficulty is doing it in a way that doesn't introduce other errors. (E.g., what happens if a voter votes, gets his receipt, sees that it is correct, and forgets to put it in the ballot box?)

But for now, at least in Travis County, paperless voting is not a crisis level issue that threatens our democracy.

---

by: LSadun @ Mon May 11, 2009 at 21:35:16 PM UTC

[ Parent ]

Thanks for your input and for serving on the committee (0.00 / 0)

I assume that you are going to read the red team report from the California Secretary of State top to bottom review on the Hart Intercivic systems.

A paper based system does not have to be a VVPAT system i.e. printer attached to a DRE.  Most states are moving back to voter marked paper ballots scanned/counted by optical scan machines. Plus I would add audits to those counts as well.

You should read the latest study done by Election Data Services that does surveys for the Election Assistance Commission.  They fall report of equipment shows that DREs have reached the tipping point.  It's downhill for them from here on out.

Nation Sees Drop in Use of Electronic Voting Equipment
for 2008 Election - A First October 2008

For the first time in the nation's history, fewer jurisdictions and less registered voters will be using electronic voting equipment than in the previous election. After nearly three decades of consistent growth in their use with each election, nearly 10 million fewer registered voters will be using electronic voting equipment in the 2008 general election compared to just two years ago. Every county that has changed voting systems since 2006 has moved to optical scan equipment.

Why would Travis keep technology that is going to become obsolete fairly quickly.  The vendors of paperless DRE systems have reached market saturation; so where are they going to make more money for improvements of these systems?

I agree that the Travis election department does a good job on trying to secure their DREs, but nothing is 100% secure.  The extra precautions that Travis takes it does so on it's own.  None of that is mandated by state law.  And all the DREs in Texas are paperless systems.

---

by: sonia @ Mon May 11, 2009 at 22:40:36 PM UTC

[ Parent ]

Hart Reports on CA SoS site (0.00 / 0)

Let me correct the link in my post for the Red Team reports on Hart.

All of the reports are available from the CA SoS site.  This page is for all the Hart reports:

www.sos.ca.gov/elections/elections_vs_hart.htm

---

by: sonia @ Mon May 11, 2009 at 23:01:44 PM UTC

[ Parent ]

The Red Team report is very good reading, (0.00 / 0)

especially since every one of their potential attacks would be stymied, or at least detected, by the procedures in place in Travis County. In their summary, the Red Team says

That is, the Red Team has developed exploits that - absent procedural mitigation strategies - can alter vote totals, violate the privacy of individual voters, make systems unavailable, and delete audit trails. (emphasis added)

Their worst possible attack involved a malicious poll worker taking the recording card out of the recording (JBC) machine, hacking it to change the vote totals, and putting it back in. Never mind that there are Democratic and Republican poll watchers at every precinct. Never mind that there is a post-election audit that compares the vote totals from the JBC to the totals from the individual e-Slate machines. And never mind that the whole thing is sealed with uniquely identified seals that are only broken (and replaced, with numbers noted) in the presence of sheriff's deputies. It's  like taking a bolt cutter, breaking into the ballot box, replacing a bunch of cast paper ballots with fake ballots, and resealing the box. It's just as easy if everybody is totally corrupt, and just as hard if they're not.

Their most realistic attack involved getting the JBC to issue extra access codes, allowing somebody to vote multiple times. This could work, but would be easily detected after the fact, when the number of ballots cast didn't match the number of voters who signed in. It's the equivalent of grabbing two paper ballots instead of one, which my precinct's election judge tells me he sometimes used to do by accident (yes, he would return the extras).

There were worries about somebody hacking into the central counting computer (B.O.S.S.), which is why in Travis this computer has no wireless card, and is kept in a room with a video camera running 24/7, with the lights on, with extra security on the door, and with nobody (not even Dana) authorized to enter by themselves. It's only removed from the room on election night all rolled out into full view, where everybody can see the cards being entered and the votes being counted.

Finally, there were worries about voter privacy, that the votes cast by an individual voter could be detected. This only worked in precincts with a single e-Slate. In Travis, all precincts have multiple stations.  

---

by: LSadun @ Tue May 12, 2009 at 16:29:41 PM UTC

[ Parent ]

3 kinds of voting systems (0.00 / 0)

I'm not saying there aren't any problems with electronic voting systems, but you have to balance them against the problems of other kinds of voting systems:

1) Pure paper. These are difficult for the handicapped to use. Even the best optical scanners have failure rates of about 0.5%. In a presidential election, that means about half a million disenfranchised voters! Physical ballot stuffing is fairly easy, at least on a small scale. Ballots can be marked in an ambiguous way -- is that a partially filled in oval or a stray mark?  Minnesota did a great job with the Franken/Coleman recount, but there were a lot of rulings on ballots that could have gone either way.

2) Hybrids, with an electronic vote backed up by a paper record. These tend to be expensive, and subject to mechanical problems. (Printers fail REALLY often!) If the paper ballot is the official one, how do you ensure that it is handled properly (e.g., what if somebody walks off with their ballot?) It's hard to get a system where voters have enough control to be sure their votes are counted properly, but where you don't get a large number of human errors.

3) Pure electronic systems. These don't have any means of independently verifying the results.  In the absence of sensible security measures, systems can be hacked. There is a general lack of trust. When the public doesn't believe the election results, the winner has no legitimacy and democracy is stymied.

Pick your poison.

What gets me mad is that the lack of trust in electronic systems is something we Democrats are generally making worse. Of course we should complain when there are legitimate security problems, but when things are done right, we should be the first ones saying "thank you for protecting our votes."

Let's improve ballot security by getting more jurisdictions to follow the good practices of the counties (like Travis) that do things right. Let's not lead a stampede against electronic voting in general.  

---

by: LSadun @ Tue May 12, 2009 at 16:52:11 PM UTC

[ Parent ]

I pick option #2 - the hybrid (0.00 / 0)

But with a different option assumption.  The hybrid part is that the count is electronic but the ballot is marked by the voter.  Therefore it produces its own software independent verification/audit capability up front.  

And I would disagree that these are the most expensive.  In fact they are cheaper than paperless DREs.  Each DRE machine costs about $5K per unit and depending on the precinct turnout you might have 10-25 or more machines required.  A paper ballot system that is counted by PCOS (precinct count optical scanner) would be far cheaper as you would only need 1 or 2 of these scanners per precinct.  Instead of the 10-25 DRE machines.

Some argue that paper is expensive but it's not as expensive as a DRE is to program, store or maintain.  And with ballot on demand systems, you can still have the capability of storing multiple ballot styles and printing ballots for whatever pct you need at the time of voting.  This would allow early vote centers to work easily.  This is what Florida and New Mexico did when they moved to optical scan for their whole states.

My position has always been "verify then trust". And my discussion with respect to this whole thread has been the entire state of Texas and not just Travis.  If one county does a better job at conducting elections, that does not necessarily translate to the whole state.  That is precisely why I mentioned that the state Legislature really needed to address this on a state level.  And none of that is being done.  Bills that would have improved security and uniform DRE security measures across the state are not going to pass the Legislature this year.  

Instead the main election "security" legislation that rises to the level of "crisis" at the Lege is to address a non-issue of voter impersonation fraud.

---

by: sonia @ Tue May 12, 2009 at 18:12:26 PM UTC

[ Parent ]

Where we agree 100% (0.00 / 0)

is on the need for statewide standards. No matter what kind of ballots we use, there are going to be security issues, and the Lege needs to take them seriously. Unlike voter impersonation, which is not a real threat.

I would love to see a workable hybrid system, for verifiability and to restore confidence. Right now I'm skeptical about whether it would cause more problems than it would solve, but the truth is that the ESG hasn't learned much about hybrids yet. (We've been studying how things currently work before considering alternatives.) Ask me in a few months and you may get a different opinion.  

---

by: LSadun @ Tue May 12, 2009 at 19:49:41 PM UTC

[ Parent ]