Helen of Marlowe's Blog

The voting machines, again

Posted in "North Carolina", Government by helenofmarlowe on October 15, 2012

More on the (un)reliability of voting machines.

This will make more sense if you have first read the immediately preceding post.  The course from the University of Michigan discussed in detail in previous post  explains in detail why paper ballots, available for counting and recounting, are essential.    Not sufficient, but essential.

I say not sufficient, because there are a number of reasonable scenarios in which paper ballots can be useless.  Perhaps worse than useless, since they can give the mistaken impression that  all is well, when perhaps all is not well.

Briefly, a few reasons paper ballots are helpful if actually looked at, but not a guarantee against voter-machine manipulation:

Software can be easily written to record a vote for Candidate A on the computer’s memory card, which is not the voter’s choice, but to print on paper that the vote was recorded for Candidate B, as the voter intended. Virtually all professionals in the field recommend open source software, such as Linux, which would make this sort of thing visible.

The print is often so tiny, and/or the ink so light, that the voter cannot read it.

Paper records are almost never looked at.   The paper audit is almost never used unless there is evidence of something wrong.   There are a few instances in which public announcements were made that there would be audits in certain states, and that the districts chosen would be random, but in fact, the districts were chosen ahead of time and the election officials were told which districts would be audited.

Here we see the memory card, much like the one in your camera, being changed to one which holds software that overrides the software shipped with the machine.

Although a paper trail cannot guarantee that votes have not been changed, it is still very useful if it is actually checked.

The course showed various ways that a person with only brief access to a machine can sabotage  the software or the hardware.

Recommendations for improving the security of our elections include requiring transparent certification by truly independent certification authorities (at present, machines are tested by certification companies chosen by and paid by the machine vendors), and using open-source software, so that computer professional from all over the world can see the code and look for and report bugs.

In summary, all the voting machines tested by university computer professionals were found lacking in security features.  All the testing universities (including University of California, Princeton, Johns Hopkins) reported sloppy coding in the software and  disturbingly easy access to the hardware.  Cards holding the votes and cards holding the program can be changed, “tamper-proof” seals can be removed and replaced without leaving evidence, jumpers that count the votes can be changed (changing the vote count). None of these problems were reported to the public or to election officials by the certification companies.  Vendors influence legislators, not just in efforts to make sure that their own machines are allowed in the states, but also to influence legislation that will make their competitors’s machines unacceptable.

In 2009, legislation was introduced by Rep. Rush Holt  entitled The Voter Confidence and Increased Accessibility Act of 2009 (HR 2894), which would require non-proprietary software and create a national standard to ensure the verifiability and auditability of every vote, but the legislation did not pass the senate.

Finally, I want to encourage everyone to watch this 14-minute video of the Oct. 4, 2012 Charlie Rose show, in which Charlie Rose interviews Barbara Simons, author of Broken Ballots: Will Your Vote Count?  A computer engineer, Dr. Simons confirms  in this video that we have no way of knowing who American voters are actually electing.

#

 How can we trust our elections?

Posted in "North Carolina", Government, Politics by helenofmarlowe on September 30, 2012

Gov. Romney may end up in the White House not because the majority of voters choose him, but because Pres. Obama’s lead may not be large enough to survive the obstacles his supporters will face on the way to the voting booth, and inside it. The Obama supporters who will not be allowed to vote, or whose votes, once cast, will not be counted, may be in numbers high enough to put the wrong man in the White House. Again. We all know, and most of us acknowledge, that the photo ID laws and the purging of voter rolls disenfranchises many legitimate voters, and these voters are not evenly distributed among voter demographics. That burden falls most heavily onto college students, the elderly poor, and racial minorities. Guess how they usually vote.

I’m taking a coursera course, Securing Digital Democracy, from the University of Michigan. Most of what we’re learning, I already knew in general terms, but this course is revealing the details. Especially interesting to me are the intricate innards of the voting machines which were implicated in putting George W. Bush into the White House.

Code might be a million lines long. Any typos? Any errors? Any malicious code? What happens is unobservable. The process is secret.

The ways that these machines can miscount votes, either because of design flaws that have been discovered and reported but not corrected, or by deliberate manipulation, are too many to list. I take notes as I watch these lectures, with pen on paper, and my spiral notebook contains eight pages of ways these machines can miscount votes. In most cases, the software running the vote has never been tested. No independent tests. Diebold has threatened election officials with loss of their job if they request independent testing.

Instead of a hand behind a curtain, we have a secret program developed by a private company. We can’t see the code, but hey, it was approved by our government, so what could go wrong? Right?

Some of the troublesome source code is revealed and explained in the course. In some cases the teacher points out the errors, and in some he simply says, see if you can find the errors.

Here is an example of the latter. I cannot find the error(s).

Image

Computer Science departments were able to get hold of actual voting machines (through cloak and dagger adventures that I won’t go into here) and find hardware flaws as well. The many ways the votes can be changed involve the removable memory chips, the locks, the bootloader, the encryption keys, the memory cards, and the jumpers on the motherboard, to name just a few.

Memory cards (holding the votes) could easily be replaced without leaving evidence. And the machines were left unlocked in schools and other public buildings so that anyone with access could replace a memory card. A person with even brief access (the computer has a locked compartment, but the lock can be picked in about 10 seconds) can replace memory cards or even replace a chip that will cause the machine to boot to another program other than the vote recording program.

Once in, a hacker can even change the code so that when a vote is cast for Candidate X, the machine records a vote for Candidate Y, but the paper record shows that the voter voted for Candidate X, assuring the voter that all went well. This kind of malicious code is not as likely, as it would be caught in the case of an audit, but only in the case of an audit, and most precincts don’t end up in an audit.

Our voting machines are tested by independent testing authorities.  The testing companies are chosen by the voting machine companies and paid by them.  After machines are certified by ITAs, independent computer experts have found flaws that allow votes to be changed without detection.  Every independent testing has found serious flaws in machines that have been certified.

There is great incentive in a competitive market for ITAs to produce a glowing report, and no requirement that flaws be reported.

Exit polls were extraordinarily reliable predictors of wins until computer counting became the prevalent means of deciding outcomes.  There is overwhelming evidence that exit polls are more reliable than  the counts reported by private proprietary secret computer codes. Yet the National Election Pool had made a decision to eliminate exit polling in the 2012 election in 19 states.  This further erodes election integrity.

All this is troublesome, but it requires citizens to learn about the troubles. And that’s not easy. So should we just  trust our elections to private corporations with secret codes?   What could go wrong?

See the answer  here, at  Voting Machines, again.

Tagged with: , ,
%d bloggers like this: