Friday, April 30, 2004

California Bans E-Vote Machines

By Kim Zetter, Wired News, April 30, 2004


California Secretary of State Kevin Shelley ended five months of speculation and announced Friday that he was decertifying all electronic touch-screen voting machines in the state due to security concerns and lack of voter confidence.

He also said that he was passing along evidence to the state's attorney general to bring criminal and civil charges against voting-machine-maker Diebold Election Systems for fraud.

"We will not tolerate deceitful tactics as engaged in by Diebold and we must send a clear and compelling message to the rest of the industry: Don't try to pull a fast one on the voters of California because there will be consequences if you do," he said.

Shelley said the ban on touch-screen machines would stay in effect unless and until specific security measures could be put in place to safeguard the November vote.

California Voter Foundation applauds Secretary of State's decertification of touchscreen voting machines

California Voter Foundation News Release, April 30, 2004

Please see CVF's news release for a summary of today's historic action by California Secretary of State Kevin Shelley, and my reaction.

The Secretary of State's news release is also available online.

Diebold tells Alameda County it will secure e-voting system

By Ian Hoffman, Alameda Newspaper Group, April 30, 2004


Hacking a Diebold touchscreen voting machine is astonishingly easy with a few tricks and busy poll workers.

All it takes is a $1 plastic card with a memory chip, like the ones voters use, and the encryption keys and passwords for Diebold's software.

In a report delivered Thursday to Alameda County elections officials, Diebold proposes to lock down some of the most gaping security holes in its e-voting systems nationwide before the November election.

McKinney, Texas-based Diebold Election Systems Inc. wrote or "hard-coded" those encryption keys and passwords into the software itself and put the software on an Internet site accessible via an easily guessed password. It was downloaded by Seattle journalist Bev Harris in January 2003 and circulated.


"If you know that password," said Michael Wertheimer, a former National Security Agency code-breaker, "you can erase all the votes that are in there, you can put 50,000 votes in there ... You can tell it to vote 100 times or 1,000 times or 5,000 and for whom you want it to."

Computer-security analysts were stunned to find the hard-coded encryption keys and passwords -- and that they weren't changed as Diebold touchscreens spread throughout Maryland, Georgia and California.

But it's changed in Maryland, and it's about to change for Georgia and Alameda and Plumas counties in California.

Diebold's proposal depends first on whether California Secretary of State Kevin Shelley today accepts the recommendations of an advisory panel that he allow e-voting in November and also whether he certifies all of Diebold's new software.

If both hold true -- Shelley was agonizing through the first decision on Thursday -- Alameda County voters in November will be touching the same glowing Diebold machines as in the last two years. But the software inside will offer stronger encryption and changeable or "dynamic" passwords.

That's the easiest fix for possibly the worst security vulnerability on Diebold's touchscreen voting machine, one of several uncovered by Wertheimer and colleagues on a team of computer-security experts at RABA Technologies in a live-attack exercise for the state of Maryland.

"It's not as though they did the security poorly. It's as though they didn't think about it all," Wertheimer said.

Wednesday, April 28, 2004

Panels recommends counties use paper backup ballots

By Jim Wasserman, Associated Press, April 28, 2004

Today the California Secretary of State's Voting Systems and Procedures Panel passed a motion prohibiting further purchases of paperless, electronic voting systems in California. The panel also voted to require counties that use paperless electronic systems to provide paper ballots in polling places as an option for voters who prefer to vote on paper.

While the panel did not go as far as I had hoped -- decertification of all paperless electronic systems in California -- it did make several decisions today that point California in a good direction. Today's decision, combined with last week's decision, if implemented by Secretary of State Kevin Shelley, mean that California's inventory of paperless electronic machines will be reduced by one-third and that in the future electronic voting machines will only be permitted in California if they produce an accessible voter verified paper audit trail.

The panel also voted to require the papereless e-voting counties to provide provisional ballots in a paper, rather than electronic form. They adopted a number of security measures, many of which were included in Secretary of State Kevin Shelley's February 5 security directive which several county registrars chose to ignore.

On Friday Kevin Shelley is expected to announce his decision on the decertification matter.

Sunday, April 25, 2004

E-voting rhetoric flies in Oakland

By Ian Hoffman, Alameda Newspaper Group, April 24, 2004

This article provides a good recap of the e-voting debate this week in California, which began at the Secretary of State's Voting System Panel meeting on Wednesday and continued to Friday's Computers, Freedom and Privacy conference e-voting plenary on the "Great Paper Trail Debate".


Twice in California this week, computer scientists and lawyers, activists and elections officials engaged in ideological warfare, trading barbed rhetoric while trying to preserve an air of civility.

One activist likened it to "a dysfunctional frat party where we all hate each other."

"The battle lines are drawn," Michael Shamos, co-director of Carnegie-Mellon University's Institute for Electronic Commerce, agreed after a tense debate Friday at the Computers, Freedom and Privacy Conference 2004, at the Claremont Hotel.


Saturday, April 24, 2004

NYT Editorial: Making Votes Count: A Compromised Voting System

New York Times Editorial, Saturday, April 24, 2004


A state advisory panel has urged Mr. Shelley to bar the use of one model of Diebold machine whose certification was improper; 15,000 of them are in place in four California counties. Based on the two reports, this is the correct course. Diebold's record does not inspire the sort of confidence voters deserve. Equally important, banning these machines is the only way to make it clear that the certification laws must be followed scrupulously.

The harder question Mr. Shelley faces is whether to ban all electronic voting machines that do not produce a paper trail, as many voting experts, and some state legislators, are urging him to do. His obligation to ensure that voting machines function properly and inspire voter confidence argues for a total ban. To do otherwise is to risk Election Day meltdowns, and another presidential election in which voters lack faith in the outcome.

Thursday, April 22, 2004

CA Secretary of State's Voting Systems and Procedures Panel Diebold Investigation

Yesterday I testified at the CA Secretary of State's Voting Systems and Procedures Panel. My remarks are available online.

More information is available here:

Secretary of State's Report on March 2, 2004 Statewide Primary Election, and Diebold Investigation documents.

There are numerous stories about yesterday's events online; here are links to two of them:

Decision Nears On Whether To Use Touch-Screen Voting, KCRA, 4/21/04

Protesters gather as panelists ponder touch-screen devices, By Cameron Jahn, The Sacramento Bee, 4/22/04


Later, after the hearing started, Yolo County Clerk-Recorder Freddie Oakley broke ranks with her colleagues and echoed the secretary of state's call for paper receipts in all touch-screen voting machines.

"(W)hatever the fiscal cost of restoring reliability to California's election, it is (diminished) when weighed against the cost of abandoning the principle of 'every vote counts,' " she said.

Tuesday, April 20, 2004

Diebold legal memos reveal company strategy

By Ian Hoffman, Alameda Newspaper Group, April 20, 2004

Ian Hoffman, a reporter for the Alameda Newspaper Group, obtained a supply of internal legal memos from Jones Day, the law firm retained by Diebold Election Systems, Inc. to help the company with legal challenges in California.

There are two stories online:

Voting services firm facing legal hurdles

Diebold was aware of shortcomings early


In a series of internal memos, attorneys for Diebold Election Services Inc. depict California as a legal minefield where the electronic-voting giant faces a false-claims lawsuit, potential grand jury investigations, investigations by state and local elections authorities and lawsuits by counties.

Starting Wednesday, California elections regulators will debate punishing Diebold for fielding unapproved voting systems in violation of state law. They could ban the use of some or all Diebold equipment in California elections, even bar the nation's second largest voting-systems provider from doing business in the largest state.

By February, according to memos obtained by ANG Newspapers, attorneys at the Los Angeles office of corporate defense firm Jones Day estimated that defending Diebold on all quarters would cost $535,000 to $925,000 for two months.

At the time, Jones Day already was scoping potential defenses to a California False Claims Act suit against Diebold that is filed under seal and not publicly available. Lead counsel for Diebold's troubles in California has been assigned to Daniel D. McMillan, a specialist in the False Claims Act.

If the plaintiffs prove that Diebold knowingly made misrepresentations to local governments to win voting-systems contracts, such as its $12.7 million sale to Alameda County and its $31 million sale to San Diego County, Diebold could face punitive damages for up to three times the contracts' value.

Jones Day also had begun analyzing Diebold's risk of criminal prosecution, at a two-month cost of $25,000 to $40,000. The internal memos show the firm already has concluded that California Secretary of State Kevin Shelley has evidence that Diebold violated state election laws in at least Los Angeles, Lassen and Trinity counties.

State law requires Shelley to refer those violations to the local district attorneys or the state attorney general for prosecution, the internal memos show.

Jones Day's lawyers advised Diebold to retain a white-collar criminal defense specialist for "pre-grand jury investigative advice" at an additional $5,000 to $10,000 a month, with an eye to "persuading prosecuting authorities not to bring criminal charges."


Voting experts say the industry's factories and printing plants probably can handle the extra demand for replacement voting machines and paper ballots, given at least three months' notice. But Shelley's decision also could unleash a barrage of lawsuits that could mire orders of equipment and ballots in legal wrangling over who will pay for them.

At the center of those battles will be Jones Day. The firm's internal memoranda show its attorneys considered the idea of calling a new bit of uncertified voting software "experimental." State rules say local governments can use entire experimental voting systems without state approval.

The lawyers also presented California officials who were seeking documents from Diebold with sweeping confidentiality agreements designed to hide flaws in Diebold software as much as its intellectual property.

In drafts of a Feb. 13 letter to state regulators, Diebold's attorneys declared that Diebold makes no changes to electronic devices that the company and its predecessor have been programming for at least five years.

The drafts show they staked out a firm position that a critical piece of Diebold's voting system -- its voter-card encoders -- did not need national or state approval because they were commercial off-the-shelf products, never modified by Diebold.

But on the same day the letter was received, Diebold-hired techs were loading non-commercial Diebold software into voter-card encoders in a West Sacramento warehouse for shipment to Alameda and San Diego counties.

"They were still crunching and working on that software in the middle of February," said James Dunn, who worked as an assembly technician in Diebold's Sacramento warehouse.

More than 600 of the devices froze or displayed unfamiliar screens and error messages on the morning of Election Day, for failure rates of 24 percent in Alameda County and about 40 percent in San Diego County.

Diebold Elections executives were told in October by state officials to ensure every piece of its voting systems was fully tested and approved by national and state authorities.

But Diebold resisted, arguing that the encoders did not need testing and approval because they were a "peripheral" device on its voting systems and that the devices were common, commercial products.

That was true for the hardware. But not the software.

In fact, Diebold engineers were writing and rewriting the software at DESI headquarters in Texas and in Sacramento, supplying the latest versions two weeks before the encoders failed at high rates in the Super Tuesday presidential primary.

Diebold eventually sent a sample of the encoders to an outside laboratory, but it did not have time for more than cursory testing.

The encoders were the only way that poll workers were trained to create cards that let voters call up digital ballots on Diebold's touch-screen machines at more than 2,000 polling places in Alameda and San Diego counties. Dunn says he is not surprised.

As he and other techs raced to assemble the encoders out of tablet-PC screens, batteries and card-writing bases shipped to Sacramento from factories in Asia, Diebold officials kept supplying new versions of the software.

In addition, the hardware components often failed to mate well, resulting in frozen screens. And when the batteries lost power, the devices lost their internal clock and operating settings, often Diebold's software as well.

Dunn blames Diebold's rush to get the devices into the March 2 elections and the lack of standard quality controls in assembling and configuring them. No instructions, no checklists, no tracking system.

Monday, April 19, 2004

Solano county registrar to step down this summer

County Board of Supervisors approves 'streamlining' moves

By Jason Massad, The Vacaville Reporter, April 7, 2004

Laura Winslow, one of four California county registrars who purchased federally unqualified Diebold TSx voting machines, is stepping down from her position this summer and going into "semi-retirement".


A sweeping reorganization, which Solano County officials say will "streamline" county government and not cost more money, was approved Tuesday by the Board of Supervisors.

As part of the reorganization, the county's departments of transportation and environmental management will be merged into a Resources Management Department, and a newly created Information Technology Department will include the duties of the Registrar of Voters.


Registrar of Voters Laura Winslow will step down from her post this summer, and the county's top transportation position has been vacant since Charlie Jones died several months ago.

Winslow's position will be dissolved to make way for a lower-paid elections manager within the Information Technology Department.

The official duties of the registrar of voters will be handed to Ira Rosenthal, the anticipated head of the IT Department who now works under the county administrator's umbrella.

That move was criticized by one person attending the meeting Tuesday because he said it could decrease the autonomy of the elections office.

Duane Kromm defended moving the responsibility for elections into a 56-person organization whose main responsibility will be to provide technical advice and expertise to all of the county's various subdivisions.

"The issue of keeping (the election's department) independent ... is up to all of us," Kromm said, noting that today's high-tech elections would be served well by the new department.

Thursday, April 15, 2004

CVF-NEWS round-up

Here is the latest CVF-NEWS that features:

*California Voting Technology Update

*CA Voting Systems panel will consider decertification of e-voting systems April 21-22

*Legislation introduced to prohibit paperless electronic voting systems in November

*Computers, Freedom & Privacy Conference begins April 20 in Berkeley, CA

*Observations of the Basque Government's "Demotek" voting system

Tuesday, April 13, 2004

E-voting probe finds no reason for glitches

By Ian Hoffman, Alameda Newspaper Group, April 13, 2004

Diebold recently filed a draft report with Alameda County summarizing the problems the county experienced with the company's voting equipment and software during the March Presidential Primary election.


Electronic devices that held the key to digital voting in Alameda County's Super Tuesday primary failed in at least a half-dozen ways, hobbling the $12.7 million voting system at a quarter of polling places.

Poll workers saw unfamiliar Windows screens, frozen screens, strange error messages and login boxes -- none of which they'd been trained to expect.

A report released Monday by Diebold Election Systems shows that 186 of 763 devices known as voter-card encoders failed during the primary because of hardware or software problems or both, with only a minority of problems attributable to pollworker training.

Diebold's post-mortem of the March 2 election said it was "disappointed" in the encoder failures and that it values its ties to local elections officials. But the McKinney, Texas-based firm offered no fundamental explanation of how and why the company delivered faulty voting equipment to Alameda and San Diego counties -- its two largest West Coast customers -- on the eve of the 2004 presidential primary.

Alameda County Registrar of Voters Bradley Clark wants full answers to that question, plus Diebold's guaranteed fix for software that erroneously gave optically scanned votes to the wrong candidates, by April 29. Otherwise, Clark says, he will consider firing Diebold.

"I want to see some real frankness and answers to the optical scan problem. That to me is the biggest problem facing us," Clark said.

The faulty voter-card encoders can be fixed or replaced by older, more dependable devices, he said, but faulty vote-tabulating software is a more troubling matter.

Friday, April 9, 2004

Some votes miscounted in primary, officials say

By Luis Monteagudo Jr. and Helen Gao, San Diego Union-Tribune, April 8, 2004

New troubles have arisen in San Diego. Diebold's optical scan software designed to count the county's paper absentee ballots misread thousands of votes in the races at the top of the ballot. The San Diego Union-Tribune reports that "miscounts occurred in the Democratic presidential race, in which 2,747 votes cast for John Kerry were incorrectly credited to Rep. Dick Gephardt. In the Senate race, in which Bill Jones won, 68 votes cast for Barry L. Hatch were credited to candidate Tim Stoen, and six votes cast for James Stewart were credited to Stoen."

More excerpts below:

County Chief Administrative Officer Walt Ekard said his confidence in the system has been "dampened." Meanwhile, a state official raised the possibility for the first time that the system could be dropped for the November election.

"All options are on the table, including decertification," said Doug Stone, a spokesman for the Secretary of State's Office.


The miscounts occurred because multiple scanners simultaneously fed the absentee ballot data into the computer tabulation system. The large number of ballots and candidates on them overwhelmed the system.

Diebold spokesman David Bear said the company has provided a software fix to the county for the new problem.

Ekard wants Diebold to have all its equipment tested and certified before November.

"These performance failures are unacceptable," Ekard wrote. "Having a reliable and trouble-free voting system is absolutely essential to the county. Your failure to provide such a system in the March election was extremely troubling and any issues that remain must be fully resolved long before the November election."

Ekard has appointed Mikel Haas, the county's former registrar of voters, to oversee efforts to ensure that all Diebold equipment is certified for November and to evaluate other systems that could be used as an alternative.

Alex Martinez, a county deputy chief administrative officer who is leading an internal investigation into the electronic voting problems, said the county has not yet paid Diebold for the 10,200 touch screens used March 2.

"We are not about to pay Diebold any amount of money until we are totally satisfied with the performance of the system," he said.


County Board of Supervisors Chairwoman Dianne Jacob said if the problems can't be fixed, "we need to change to a new system to make sure we have a reliable and trouble-free voting system in place by the November election."

The Daily Show with Jon Stewart

Comedy Central, April 7, 2004

The Daily Show's John Stewart on e-voting: "If there's one thing we learned from our last presidential election, it's that democracy is far too important to rely on an outdated error-prone system like punchcard ballots. So, as we gear up for the 2004 vote, many communities have moved on to electronic voting -- a far more high tech, error-prone system."

To watch the entire clip, click on the link above and click the "watch" button below the image of John Kerry and George W. Bush. Stewart's story, featuring an interview with a RABA Technologies computer scientist explaining how easy it was to hack into and alter votes on Diebold's server, is toward the end of the online segment.

You can also view streamed video of the full segment, plus the "Moment of Zen at the end, courtesy of Avi Rubin's web site.

Tuesday, April 6, 2004

Berkeley Mayor Asks For Probe Of Alameda Voting Problems

KTVU Television, April 5, 2004


(Berkeley Mayor Tom) Bates questioned the county's usage of Diebold Election Systems equipment and called the vote-casting problems "serious."

"Every person needs to be absolutely certain that their vote will count," Bates said in a released statement.

"That is why I am requesting that Alameda County conduct a full investigation of the problems we have seen and issue a public report detailing the findings and remedies prior to the November election," he said.

Bates' request for an investigation has been made in writing to the county Registrar of Voters Brad Clark.

The Berkeley City Council will discuss the matter at its meeting on April 20.

Monday, April 5, 2004

Doubts about e-voting drive bilateral push for paper backups

By Robert Tanner, Associated Press, in USA Today, April 2, 2004


An effort to erase doubts about new ATM-style voting machines by backing up digital votes with paper records is gaining ground nationwide, as state officials heed warnings about security and potentially messy recounts.

Four states are demanding printers that will generate paper receipts voters can see and verify, and more than a dozen other states are weighing the change. But only one — Nevada — expects to have a paper trail in place by the fall elections.


The idea, known as a verified voter paper trail, has been proposed in at least 16 other states as lawmakers have begun responding to months of complaints, letters of protests and security studies that found serious flaws in the ATM-style equipment.

Secretaries of state in California, Missouri and Nevada have gone further and ordered changes. And Illinois passed a law last year requiring a paper trail. Only Nevada, however, will be ready for the fall elections.