CA Secretary of State Debra Bowen has done the right thing and decertified Sequoia, Hart, ES & S and Diebold e-Voting machines. In fact she’s decertified all of them, with strong (and reachable) conditions for using the Hart and Diebold machines for this election cycle only.she did not approve the Sequoia or ES & S machines because of the massive security flaws in them.
Go read the Red Team reports and Source code reviews; if you know anything about technology – and I do – the only thing to do is scrap them and start over.
Huge compliments to Secretary Bowen for doing the right thing.
As I’ve said before it’s pretty damn cool to be able to delineate the exact moment when a tide changed; it’s my belief that one leg of our political system – confidence in voting – is as bad tonight as it is going to be in my lifetime, and we’re watching tonight as one brave woman managed to do the hard work to stop the tide and reverse it.
We’re not done yet…
Who needs to know instantly who’s won or what issue won when the results don’t go into effect for months? The media for the entertainment value. Government doesn’t exist for ratings or sales of a commodity, in this case, modern entertainment conglomerates. Just do the job right.
Somebody should ask Ms. Bowen to post the information, or at least a precÃs of it, in HTML. I get damned tired of downloading .pdfs and later having to find and delete the superfluous files.
What I’ve suggested from the beginning is two machines, one for vote preparation and a second for verification and recording. The first isn’t connected to anything but power and has no I/O ports except for what’s needed to run the keyboard, display, and a printer; it accepts the voter’s choices and prints a paper ballot. The second reads the ballot via OCR, displays the choices, and asks the voter to verify them before recording. The paper ballot is retained and is controlling in case of recounts. Ideally the ballot would be human-readable as well as decipherable by the recording machine, the recording machine would also be able to read registration cards and keep a record of which ones have been used to vote, and the two machines would be from two different manufacturers.
There is no way to make any system absolutely secure; all electrons are identical. It should be possible to make voting secure enough that your typical political activist can’t figure out how to spoof it.
Regards,
Ric
Now, if they would only do the same for legacy election techniques (all human and paper) where abuses like seen in Chicago and LBJ’s Texas were trivial.
Ric,
Whatis the point of the first step? Here in Oklahoma we use a “mark sensing” voting machine. All counties use exactly the same equipment. That way, if a county needs more machines, they can borrow them from another county.
Our ballots are printed on large pieces of heavy paper, with a place to make a horizontal mark by every choice. Our ballots can handle candidates for office, state questions or any other multiple choice issue. When we are finished marking our ballots, we insert them in the voting machine’s scanner, which detects double voting and other errors. If the scanner detects an error, it backs out the ballot, allowing the poll attendant to destroy the ballot and provide another to the voter. In the event of a power failure the ballots are deposited in a secure section of the machine, and are retrieved and scanned by the poll workers under the eyes of the poll watchers. A manual recount is very easy with our ballots, and the ballots are very unlikely to be compromised by handling during a manual recount.
I am unaware of even a hint of a security problem with this system. I don’t understand why everyone doesn’t use it.
BTW, as a system developer I am mystified why people think they need a computer, especially a touch screen, for voting. That is just more to go wrong. Sometimes a pencil and deck of 3×5 cards is the best, if not the coolest, solution. Same with voting.
I think one reason the people who run the polling places want electronic systems is that they want to get home quickly after the polls close. Paper is such a hassle, don’t you know.
Jack Okie is right. Paper ballots, marked with a pen and tabulated by an optical scanner, are an excellent system. That’s what we use in North Carolina, and it works really well.
I am still waiting for someone to explain to me why we need touch-screen voting machines. In what way are they an improvement over paper ballots? Convince me.
I’m with Don.
Ban isn’t quite as comprehensive as Marc hinted, though. “San Diego Tribune”:http://www.signonsandiego.com/news/state/20070804-0602-ca-votingmachines.html
bq.. “Specifically, Bowen said she had decertified the machines for use and then recertified them on the condition they meet her new security standards. When asked what would happen if the companies failed to do so, Bowen responded, “I think they will.”
In a move with potentially wide-ranging consequences, Bowen also limited the Diebold and Sequoia machines to one per polling place. She said that would help voters with disabilities cast their ballots while significantly reducing the threat of vote manipulation.”
I am a permanent absentee voter in California and use a paper ballot. The e-voting machines are vulnerable to even more massive voter fraud than we now have.
The Diebold and Sierra DVR machines will be allowed 1 per voting place for HAVA (access for disabled voters); Hart DVR machines may be recertified for use with strong conditions. E S & S Inkavote is decertified because they did not offer information in time; her office and ES & S are working on a review and conditions for those machines.
And all of this is for the 08 election only.
It’s a pretty complete change…
Much of what I’ve read in the MSM is not accurate, or at least not entirely accurate. I haven’t read the San Diego Trib piece, but the comment I made about recertification was in response to a question about my decertification of the ES&S InkaVote Plus, a system that is used only in Los Angeles County and Missouri (to the best of my knowledge), and it was applicable only to that decision.
I decertified that system without recertification subject to conditions for a simple reason: ES&S refused to provide its source code, voting equipment and the funds for conducting the review — all of which are required both by the conditions of certification imposed by the previous Secretary of State, and by Section 19222 of the California Elections Code, which mandates the periodic review of voting systems to determine if they are defective, obsolete, or otherwise unacceptable. (Yes, that’s the wording in the statute.) It is unacceptable for a voting system vendor to prevent that review.
IMHO, the mark sense / optical scan systems are a good choice. My primary recommendation for improvement would be to use open source software for the op scan processing in the polling place, as well as for the central tabulation equipment. Whoever does that first will have a winning hand — the public is demanding transparency, as well they should!
Security and audit procedures need improvement overall, and I am requiring security plans and better auditing for all voting systems. That will go into regulation, as well as in certification conditions.
No system, whether paper or plastic, is immune from mistakes or worse.
So there is is … straight from the horse’s mouth.
Oh, and I will look into using html in addition to pdf. We made a particular effort to split the reports by vendor and by type, to enable people to get only the information they desired, and you can tell how big the pdf is BEFORE you make a commitment … I have a personal gripe about opening something that is not really what I wanted, and being stuck while the whole thing is processed.
Jack,
Mark-sense machines are what we use here, too, in Pierce County (Tacoma, WA.) They work great, as you say, with the sole exception of not being adaptable for the vision-impaired (you can’t just print a larger-type ballot because the scanner is of a fixed size.) Do I see this as a problem? Hardly–the number of voters whose vision with correction is so bad that they can’t read the ordinary ballot is quote small, so there’s nothing wrong with printing a special run of large-print ballots and tabulating them by hand.
Ric,
I pointed out the major flaw in your proposal the last time you made it here: if machine #1 has no I/O, then how does it get the election-specific information in the first place?
Debra,
Thanks for joining the discussion here! Good work on the voting machine review; and do you suppose we in Washington State might borrow you for a while once you finish cleaning up CA? 🙂
A shout-out to both SoS Debra Bowen and Armed Liberal.
A reverse shout-out to companies that would build a voting-machine product around MS Access.
That’s all good news.
Why did we end up with the great move to electronic voting in the first place?
An explanation I read at the time was that Americans cast too many votes to be counted. A population of 300 million has so many voters that votes would have to be counted electronically, or they would not be counted at all. States such as Florida were so populous that any paper system would be overwhelmed.
As an “inevitablist” argument, I think this is a variation on another argument of the time: progress. That is: technological progress is inevitable, this is technically more advanced … (and thus there is no need for further argument. Unless you’re a backward-looking Luddite – you’re not, are you?)
Hallelujah!
As a long-time Silicon Valley tech manager and wonk, and current VC, I can probably pass muster as a ‘non-Luddite’. And I thoroughly agree with this move. A couple of further comments from that perspective:
First, to David Blue re the ‘inevitabilist’ argument. Technological ‘progress’ begs the direction of change. Establishing what you’ve got to sell as the ‘next big thing’ is one of the ultimate goals of technology marketing. Doing so gives cover to those who buy your stuff, and might even help trigger the network/scale/investment feedback effects that make the claim ultimately true.
But making the inevitable future claim, even having it accepted by the press and digerati, doesn’t make it so. Heard much about ‘push’ lately? How’s that network computing vision coming? How ’bout tablet computers? Made any money in VR goggles?
The notion of touch screen kiosks as next generation and inevitable might have once barely passed the grin test with rather technically naive SoS’ offices, voting registrars, or whatever. That time is long gone, as the market has clearly ‘progressed’ in different directions. (If you want to recapture that pixey dust, better build your voting system on a Web 2.0 framework that you can access from an iPhone, all secured by PKI. No, I am NOT suggesting this seriously, just trying to recreate the appropriate level of pitch cynicism.)
Second, the voting machine industry is a rather nichey, marginal business. It’s not dominated by technical issues, but by the need to sell products and services to a myriad of jurisdictions, one at a time, under rules that may vary idiosyncratically from state to state or county to county. In spite of the superficial technical similarities, this is not an industry that is comparable to (for instance) banking machinery or secure communications gear, which are scalable businesses. You’re better off thinking of it as being like secondary school curricula and learning technology, which labor under similar sales constraints.
Bottom line, these are businesses whose continuation depends a lot more on selling than on building, and I’d wager their investment patterns reflect that. Not that it’s any excuse from the public policy point of view, but one is probably better off in following Napoleon’s adage in assigning most of the problems to incompetence (i.e., underinvestment in technology) than malice (conspiracy to allow voting fraud). From here the voting machine biz looks like a lot like many other government-facing niches where the key to success is in building relationships with the funders, by means fair or foul, not in actual innovation. Its connection to the mainstreeam of technology is marginal – hitech in general will not go to the mat to save Diebold, et. al.
Marc and Debra may or may not agree with this analysis, but are not in a position to say anything if they do. They are obliged to work within the existing regulatory capability of the state of California, and how it impinges on local procurement and voting practices, at least for now. Keep that in mind if you’re wondering “why not even tougher?” What they’re doing is more or less by fiat, which means it can be fast, but its impact will be limited unless it becomes – as Marc hopes – a watershed that provokes policy changes elsewhere.
Institutionalizing a change would have a better chance of sticking to the wall. That’s made more difficult by the federalizing principle that jurisdictions control their own voting practices within broad requirements from the national level. That wouldn’t, however, prevent something like a collaboration of State SOS’ offices to charter and fund a joint project to create open systems. Perhaps administered by a neutral party such as NIST and/or a contracted manager with secure systems experience.
The first step in such an open process should of course be a requirements analysis. Which AFAIK has NEVER been done in any systematic fashion with regards to electronic voting. The over-riding need for any such a system is that it be seen to be legitimate, in the eyes of the citizens themselves, who are not generally technical sophisticates. To the extent that any technically mediated voting system is inherently more opaque to the voters, it should have a burder of proof to show a compelling advantage to overcome that debit.
Excellent comment #18 from Tim Oren!
The argument from inevitability has little appeal to me personally. I was just reporting what I had read way back when. The argument from a high population is weak in the same way that it’s weak to argue that we have to go to bottle-feeding babies because the total number of babies in a population of many millions is too large to breast feed.
I’m with Don.
I should ask Ms. Bowen, “why not ban all polling places”, now that she knows that vote by mail can be achieved with privacy (http://www.havabreach.com)