American Idol, Hawaii, and Internet-based Voting

Image by stevegarfield via Flickr

While many of us are working to save the integrity of our election system by defeating New York's move to software-based vote counting, Hawaii and the NYC Department of Education have moved in the other direction -- internet-based voting. James Pinkerton has written an interesting commentary on the politics of vote counting, anticipating what he thinks is an inevitable move to the internet.

I include some excerpts from his piece. His questions and comments are as relevant to software-based vote-counting machines as the internet, but his solution seems as flawed as the current "certification" process.

JAMES P. PINKERTON: Will Democrats Become a Permanent Majority Thanks to Internet Voting? � FOX Forum � FOXNews.com: "So if vote fraud is already a problem, what will happen when the “vote” is simply an electronic pulse, that could have come, potentially, from anywhere in the US–or around the world? Who will oversee the e-voting process? And who will oversee the overseers?"

...But of course, the high-tech nature of digital democracy adds a new layer of complexity, as well as mystery, to the voting process. In theory, the technology is completely neutral. But theoretical technology and practical politics are two different things. Diebold, a leading manufacturer of traditional voting machines, has come under repeated fire for alleged pro-Republican bias. But the complexity of a voting machine is nothing compared to the complexity of computers and the Internet.

...So what’s needed immediately is a completely fair and transparent process to examine all facets of the transition to Internet voting. And the only way to achieve that fairness and transparency is to create a rigorously bipartisan outfit to oversee the implementation of such technology, modeled after either the Federal Election Commission, or the private Commission on Presidential Debates.

Voter fraud has always been a problem, and always will be. The integrity of our election system is based on the voters' belief that the system is impartial, observable, and secure.

A bipartisan commission of Washington lackeys sitting in a hearing room can never assure voters that a software based system -- local or internet driven -- is secure or impartial, never-mind observable. I cite the recent American Idol vote as a silly, but relevant example.

My Google Alerts for voting news were full of articles this week about the groundswell of fans who believe that AT&T manipulated the American Idol vote and that's why their favorite lost.

Just try to convince them they're wrong.

Why computers are bad at counting votes

Click the box … voters from Pittsburgh, Pennsylvania, during last
November’s presidential election hope their ballots won’t be ‘erased’.
Photograph: Jeff Swensen/Getty Images

Wendy Grossman had an excellent article in the London Guardian which I found in tomorrow's Taipei Times. Hmm, the world is getting smaller. Anyway, Grossman does a great job pulling together some of the recent problems with electronic voting.

Guardian "It’s commonly said that insanity is doing the same thing over and over again while expecting different results. Yet this is what we keep doing with electronic voting machines — find flaws and try again. It should therefore have been no surprise when, at the end of March, California’s secretary of state’s office of voting system technology assessment decertified older voting systems from Diebold’s Premier Election Solutions division. The reason: a security flaw that erased 197 votes in the Humboldt county precinct in last November’s presidential election.

Clearly, 197 votes would not have changed the national result. But the loss, which exceeds the error rate allowed under the Help America Vote Act of 2002, was only spotted because a local citizen group, the Humboldt County Election Transparency Project (humtp.com) monitored the vote using a ballot-imaging scanner to create an independent record. How many votes were lost elsewhere?"

She quotes Rebecca Mercuri, a security consultant who studied voting systems for her doctoral dissertation:

“It’s nothing new. These are all security flaws that are well known in the industry. Why are they acting as if this is the first time they’ve heard this?” The audit log problems were documented in Bev Harris’s 2004 book, Black Box Voting (blackboxvoting.org).

Mercuri explains that election software belongs to the class of problems known as “NP-complete,” that is, problems computers cannot solve in a known amount of time. How much time have you got to test that a given voting system will function perfectly under all possible circumstances?

“What are people going to do about it?” she asks. “Say we fixed it when it’s theoretically not possible to fix these things at any real level?”

And she points out that many of the security problems now involve insiders with legitimate access to the software, bought off by organized crime gangs because of the money they can make. They only need a USB stick in their back pocket.

Grossman continues:

At least with voting, citizen groups are motivated to push for greater transparency. In the UK, Jason Kitcat, Green councilor for Brighton and Hove, on the south coast of England, organized volunteers to observe e-voting trials in the 2007 local government elections in England and Scotland on behalf of the Open Rights Group.

“We saw the same audit log issues,” he says. “We know from a computer science point of view that making an audit log that can’t be changed is impossible. But it seems as if there’s a huge disconnect between people who are computer-science literate, and the people delivering the policy.” [my emphasis]

Besides, politicians like making uncontroversial decisions. Who could fault them for trusting a company that makes ATMs worldwide? Again, it comes back to humans.

“The folks who buy ATMs [bank managers] and voting machines [election officials] don’t really want to pay for a facility that will make it easier for people to challenge them,” says Ross Anderson, a professor of security engineering at Cambridge University, England.

“In the long run, of course, this ends up costing them more: fraud can lead to challenges that are systemic rather than local. Nevertheless, the purchasers may be rational. Most of the bank managers who bought crap ATM systems in the ’80s are retired now — they got away with it. With voting machines, some vendors have been discredited in some countries, but lots of money has still been made.”

That is, from us — the taxpayer and the bank customer. Kitcat says: “It is shocking that in this day and age this has been allowed to continue.”

This is a good overview of the issues today. NY has been the last holdout. Let's not let it happen here.

Related articles by Zemanta

• Why machines are bad at counting votes (guardian.co.uk)
• Diebold Admits Flaw In Voting Software (politics.slashdot.org)
• Diebold Admits Audit Logs in ALL Versions of Their Software Fail to Record Ballot Deletions (bradblog.com)
• Diebold Voting System Has 'Delete' Button for Erasing Audit Logs (wired.com)
• Turns Out Diebold's ATMs Insecure As Well; Scammers Install Malware (techdirt.com)
• Premier Election Systems' electronic voting machines have an erase button! (allthingsreform.org)
• No Surprise Here: Lost Votes In Last Election Due To Faulty Diebold Equipment (techdirt.com)

How SysTest Lost Its Certification to Test Optical Scanners

If you've been wondering what SysTest could do to lose its federal certification, this report on the suit Premier Election Solutions (formerly known as Diebold) filed against SysTest last month provides a glimpse.

Federal certification of election systems by independent voting system test labs is supposed to assure voters that these systems can't be hacked. The test labs are certified by the Election Assistance Commission (EAC) with the National Institute of Standards and Testing (NIST).

Last October, they revoked SysTest's certification. The testing program is now suspended in New York and many other states.

According to the report from the Courthouse News Service, the EAC began questioning SysTest's procedures and requesting additional information that was not forthcoming as early as last July (08). The National Institute of Standards and Testing finally suspended SysTest last October, after an on-site review. You can read the full article by following the link, but here's an excerpt.

Courthouse News Service: "The [Premier] complaint then cites five paragraphs, attributed to the NIST report, on 'serous concerns about SysTest's performance of voting system testing.'
Excerpts include: 'the test methods being used were not fully developed, validated, mapped to the requirement of the applicable standards, and controlled under SysTest's document control policy ... it was unclear who at SysTest had the ultimate responsibility for test method development ... During the observed tests, it appeared that the testers were running the tests for the first time. ... Basic tests, such as the system ready test, were not conducted successfully. ... Some anomalies or potential problems during testing were not reported by the testers but were pointed out by members of the on-site team.' These citations are from the first two of five paragraphs."

It sure doesn't make this voter feel warm and fuzzy about the optical scanners that SysTest was certifying to replace our lever machines in New York. How about you?