Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safeguarding the 2008 Vote For Speaker Nancy Pelosi Voting Rights Taskforce Wellstone Democratic Renewal Club June 26, 2007.

Similar presentations


Presentation on theme: "Safeguarding the 2008 Vote For Speaker Nancy Pelosi Voting Rights Taskforce Wellstone Democratic Renewal Club June 26, 2007."— Presentation transcript:

1 Safeguarding the 2008 Vote For Speaker Nancy Pelosi Voting Rights Taskforce Wellstone Democratic Renewal Club June 26, 2007

2 Contents Participants Executive Presentation Supporting Detail Holt Bill (HR 811) EAC Banning DREs Electronic Voting At Risk Audits Enforcement Background and Definitions References

3 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 20083 Participants Mr. James Soper, M.A., Senior software consultant, author of www.CountedAsCast.com, (510) 258-4857, SomeThoughts@aol.com.www.CountedAsCast.com Dr. Judy Bertelsen, M.D., Ph.D., (510) 486-1467, jbert@lmi.net. Mr. Lee Munson, B.A., M.B.A., (415) 751-4535, aleem@earthlink.net. aleem@earthlink.net

4 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 20084 S afeguarding the 2008 Vote How to avoid the Florida 2000, Ohio 2004, and Florida 2006 fiascos in 2008?

5 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 20085 S afeguarding the 2008 Vote Elections using electronic voting systems have been distorted … accidentally or intentionally

6 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 20086 DeForest Soaries resigns from Election Assistance Commission (EAC) …we had made things worse through the passage of the Help America Vote Act… …if we were another country being analyzed by America, we would conclude that this country is ripe for stealing elections and for fraud. - Chairman and republican appointee to the EAC

7 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 20087 Safeguards for 2008 Re-structure the EAC or sunset it. Timely enforcement of election laws. Require vastly improved, rigorous and timely manual audits. Timely, public, and affordable access to voting records.

8 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 20088 Ban DREs Use hand marked paper ballots (HMPB). Use precinct based optical scanners (PBOS). Use ballot marking devices (BMD) with touchscreen and audio interfaces for voters with disabilities.

9 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 20089 Safeguarding the 2008 Vote A system is only as secure as its weakest link. A piecemeal implementation will leave open security vulnerabilities. Even paper ballots are NOT secure without improving audits and procedures. The devil is in the details. We need clear, detailed definitions and laws. Currently, each Election Official chooses a different interpretation of election laws.

10 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200810 Holt Bill (HR 811) positives: Requires useful audits and public reporting of results. Bans most wireless and internet connections. Addresses testing lab conflict of interest and requires public reporting of testing results. Requires some disclosure of source code. Requires paper ballots be available (in 2010!).

11 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200811 Holt Bill Weaknesses Gives more authority to a politicized, incompetent failure called the EAC. Is weak on enforcement and penalties. Does not explicitly ban DREs. Funds text-to-speech devices before they have been studied and are ready.

12 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200812 Our goals…. We would like to … … assist in writing & reviewing federal voting legislation... to be a resource to Congresswoman Pelosis office on election integrity issues Our expertise is a combination of academic, programming, computer security, business, and first hand election experience. We want to and can help!

13 Supporting Detail

14 Holt Bill Issues DREs/VVPATS Audits EAC

15 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200815 Holt Bill HR811 Holt Bill proposal on DREs and VVPATs (paper trails) Requires VVPATS on DREs Makes the VVPAT the ballot of record for audits and recounts. Addresses voters' with disabilities ability to verify their votes from the VVPAT Concerns include: Does not require software independence, thus does not address inherent DRE security issue. Requires systems to meet requirements for 2008 but study of disabled voters ability to verify not until 12/2008 Does not address inherent VVPAT printer reliability and auditability issues Good points include Requires a paper trail Makes the paper the ballot of record

16 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200816 Holt Bill HR811 Holt Bill Proposal on Audits State Election Auditor Minimum audit of 3% to 10% Precincts to audit chosen within 24 hours of the final unofficial vote count Additional handcounting if audits dont match the unofficial tally Concerns include: Assumes all precincts are the same size Assumes one size fits all for all states Does not state confidence levels (eg. 99%) Does not require investigation into causes of discrepancies Does not require analysis of consequences of discrepancies to all statewide races Good points include Mandatory, random audits Absentee ballots must be auditted Tiered audits Precincts chosen after vote count announced Publication of discrepancy procedures Publication of detailed results

17 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200817 Holt Bill HR 811 Holt Bill proposal on EAC Gives more authority to the EAC Concerns include: EAC has been worse than ineffective. Nothing in legislation to change or improve or better define EAC responsibilities :

18 Election Assistance Commission (EAC) Past, present, and future

19 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200819 EAC – A Quick History Mandated by HAVA (Help America Vote Act) in 2002. Voluntary System Guidelines > 1 year late but HAVA compliance deadlines were not extended, thus forcing purchase of expensive, poorly designed and tested electronic equipment. DeForest Soaries resigns in 2005. ITA (Independent Testing Authority) testing shown to be a MAJOR failure in 2006. EAC 8/06 decertification of Ciber labs not announced until after the 11/06 election. Many machines were tested by Ciber. EAC suppresses report that Voter ID laws reduces turnout.

20 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200820 EAC - Current Structure Issues Leadership is bipartisan but is political – should be professional, technical and legal. Election administration should be nonpartisan. Latest vote fraud report in which wording was manipulated to continue to support Republican claims despite findings to the contrary No enforcement power – only makes recommendations. Sets up privatization/corporate secrets fraught with conflict of interest in testing – should set up public, transparent, highly professional testing process.

21 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200821 EAC Proposed structural changes Re-structure in a way to help in 2008 or else sunset the commission. Turn all testing over to NIST (National Institute of Standards and Technology) Promptly make testing results public Actually test for security vulnerability, including insider and outsider attacks. Actual attacks should be attempted on the equipment. If a fix is made, that fix should be tested by an actual attack attempt. Sunshine provisions

22 Banning DREs Requiring Software Independence as defined by NIST will effectively ban DREs

23 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200823 Printable pdf version Printable pdf version

24 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200824 Inherent problems with DREs We don't know what's inside the machines Disenfranchisement (vote suppression) Broken machines Insufficient machines Shown to suppress minority votes www.votersunite.org/info/NM_UVbyBallotTypeandEthnicity.pdf Extra and cumbersome ballot verification steps Studies show higher undervote rate than optical scan Are DREs worth any of their positives? NO

25 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200825 Who wants to Ban DREs? Florida, New Mexico and Maryland are all working towards banning DREs Election Integrity advocates across the country including: Progressive Democrats of America Voters Unite Computer security expert Professor Avi Rubin no longer supports DREs with or without a VVPAT…

26 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200826 Avi Rubin, e-voting expert, Johns Hopkins professor: …when I first studied the Diebold DRE in 2003, I felt that a Voter Verified Paper Audit Trail (VVPAT) provided enough assurance. But, I continued, after 4 years of studying the issue, I now believe that a DRE with a VVPAT is not a reasonable voting system. The only system that I know of that achieves software independence as defined by NIST, is economically viable and readily available is paper ballots with ballot marking machines for accessibility and precinct optical scanners for counting – coupled with random audits. That is how we should be conducting elections in the US, in my opinion. From Avi Rubins BLOG describing his testimony before a House subcommittee hearing on Ensuring the Integrity of Elections, March 7 th, 2007.

27 Electronic voting can be corrupted… Accidentally or Intentionally

28 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200828 Electronic voting at risk NIST Report, 11/06 Princeton Report, 9/06 NRC Report, 7/06 BBV Report, 7/06 Brennan Report, 6/06 Hursti II Report, 5/06 Berkeley Report, 2/06 Hursti I Report, 5/05 RABA Report, 1/04 Compuware Report, 11/03 SAIC Report, 9/03 Johns Hopkins Report, 7/03 Saltman Paper, 3/78 www.CountedAsCast.com/issues/ security.php#reports 13 reputable reports ALL say: Electronic voting is vulnerable!

29 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200829 Electronic voting at risk The risk of an outsider attack by a poll worker, voter or hacker, especially via a virus or similar, is real. Chicago misplaced 400+ memory cards Cleveland misplaced 75+ memory cards. Hackers can gain access if the machines have local network, wireless or Internet connections

30 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200830 Electronic voting at risk Successful simulated attacks on an election Poll workers, possibly voters. VVPAT may be compromised. Attack might not be caught by an audit. Touchscreen to tabulator, Diebold & Sequoia Summary tape and precinct totals incorrect; virus carried to other machines. Princeton Hack 9/2006 Pollworker/Sleepovers. A good audit might catch this Touchscreen to tabulator, Diebold Showed that a person can take complete control of a DRE, and an election. Undetectable. Hursti II5/2006 Pollworker/Sleepovers. A good audit might catch this Optical Scan to tabulator, Diebold Showed that a person can take control of memory cards, which handle the vote-reporting & counting. Hursti I5/2005, 11/2005 Anyone with access to the known tabulator passwords Tabulator & database, Diebold Central vote totals were changed with no trace GEMS tabulator 5/2005 AccessEquipmentDescriptionAttackDate

31 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200831 Electronic voting at risk The risk of an insider (election official, company programmer) attack is real Example: Easter Eggs (hidden code) We do not know what software is inside the machines on election day No amount of testing will detect hidden code Jeffrey Dean, voting systems programmer, 23 computer embezzlement convictions Clinton Curtis hired to write a program to manipulate an election

32 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200832 Electronic voting at risk Glitches happen Sarasota county, FL : 18,000 votes disappeared Many more examples of lost votes Software and data are trade secrets Nobody, and no machine, should be counting American votes in secret

33 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200833 Electronic Voting Recommendations Software verification Check that the software used on election day is the software that was inspected, tested and certified. Public testing of systems Security (red team) testing Ban all network connections, including wireless Open source software – public inspection

34 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200834 Security mitigations are not really secure Tamper evident seals dont work Not all pollworkers trained to look at seals, procedures not defined if seal is torn. Taking a machine out of service not enough if manipulation spreads like a virus. Chain of custody of memory cards is nullified by processes inherent to voting machine Machines need to be in place prior to Election Day. This allows adequate access for manipulation of memory cards.

35 Audits Classic Obfuscation #2: Audits will catch any problems

36 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200836 Audit Issues Audits should be determined by statisticians NOT politicians A fixed audit percentage assumes a fixed number of precincts and fixed margins between leading candidates. These vary for each election contest. DREs have no margin of error. Audits of optical scanners SHOULD NOT match 100%. Voter- caused and machine-caused discrepancies must be noted Politicians should set the boundaries for statisticians – for example, desired confidence levels for accurate election outcomes (say 90% to 99%) and desired maximum error rates for machines.

37 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200837 Audit Recommendations How much to audit A federal taskforce on the statistics of audits should set standards and approve state election audit plans for states who want to devise their own. Tiered audit system that adjusts for the closeness of the race. Federally funded recounts for very close elections What to audit Include ALL votes – absentee, military, mail-in, overseas, early, provisional. How to audit A preliminary statement of votes as an established control. Both random selections and manual audits to be publicly observable Reporting and further actions Require that audit results are used to correct election results and are reported publicly. Have statisticians or mathematicians evaluate whether discrepancies could affect election outcomes; and determine whether or not to expand audits.

38 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200838 Audits on VVPATs are problematic VVPATs were an afterthought, never tested for voters catching errors. Tests show that voters who examine VVPATs often miss detecting omissions and errors and that most voters do not even look at the VVPATs Brennan Center and MIT/Caltech reports state that only 1/3 of people look at them. Poll workers didnt understand the reason for VVPATs and sometimes told voters to NOT look at them. Paper jams were frequent and votes not recorded Rolls from some systems were very difficult to read at audits. If the VVPAT was unreadable, the roll was re-printed from the memory card-which was NOT voter verified

39 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200839 VVPAT Recommendations Federal legislation should… Ban VVPATs and DREs. Florida, New Mexico, and Maryland are all moving in that direction Allow only Voter Marked Paper Ballots Systems already purchased are sunk costs Ballot marking devices should be certified for HAVA compliance

40 Enforcement Too little, too late

41 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200841 Election laws are not enforced No checks and balances on Elections Officials On Election Day it is nearly impossible to get any legal action done. Deadline to certify the vote allows officials to delay providing information, etc. until too late Officials are not being held accountable for not following election code. District Attorneys and Attorney Generals are not acting on these issues, and sometimes help election officials cover up problems.

42 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200842 Enforcement recommendations Timely !!! Enforcement must be immediate and allow revote. Enforcements need to cover pollworkers and elections officials. Citizens must be able to initiate lawsuits that the courts act upon very quickly. PENALTIES spelled out explicitly. Timely, public, and affordable access to voting records is key!!! Public oversight organizations need access!!!

43 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200843 Definitions and Background

44 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200844 The Players Federal EAC – Election Assistance Commission ITA – Independent Testing Authority NIST – National Institute of Standards and Technology State SoS – Secretary of State County Elections Officials – Registrar of Voters, Board of Elections, Clerk/Recorder

45 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200845 Definitions (Optical scanner) Optical ballot scanner

46 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200846 Definitions (DRE, VVPAT) DRE (Direct Recording Electronic) VVPAT (Voter Verified Paper Audit Trail)

47 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200847 Definitions (Touchscreen) Ballot Marking Devices (BMDs) are touchscreen machines that produce a paper ballot. DREs do not.

48 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200848 Definitions (Tabulator) Tabulator central vote counting computer Memory cards

49 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200849 Definitions (Memory Card) Memory card used to transfer data, including votes, between the central tabulator and the scanners and voting machines in the precincts.

50 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200850 Definitions (Auditing) Auditing – check vote totals from some % of precincts after the election

51 06/15/07 Voting Rights Taskforce - Safeguarding our Elections in 200851 References Link to this presentation www.CountedAsCast.com/alameda/docs/presentation26jun07.php Security issues www.CountedAsCast.com/issues/security.php Conducting audits www.CountedAsCast.com/issues/audits.php Procedures are inadequate www.CountedAsCast.com/issues/procedures.php Failed EAC/ITA testing www.CountedAsCast.com/issues/testing.php Monitoring elections www.CountedAsCast.com/resources/monitoring.php


Download ppt "Safeguarding the 2008 Vote For Speaker Nancy Pelosi Voting Rights Taskforce Wellstone Democratic Renewal Club June 26, 2007."

Similar presentations


Ads by Google