Saturday, August 4, 2007

California voting machines decertified

California Secretary of State Debra Bowen withdrew certification of every voting system in California, and recertified several components with certain conditions. Her decertification orders and recertification/use requirements were issued literally at the stroke of midnight. Several TV camera crews were camped out at Bowen's office all afternoon and late into the evening waiting to find out what she would decide to do about California's voting equipment. Recent studies by UC researchers found the hardware and software of many of the components were vulnerable to attacks or viruses.

Secretary of State Bowen is allowing the Hart electronic system to be used, with certain conditions. The Sequoia Edge and Diebold TSx machines can only be used on a limited basis for accessible and early voting, subject to a 100 percent manual recount of the machines' voter verified paper records. ES&S' Ink-a-Vote system, which is used by Los Angeles County, was decertified because the company failed to meet the Secretary of State's review requirements.

Although August 3 was the deadline for decertification decisions, there is no deadline for recertification. I expect many of the vendors, counties, and the Secretary of State will be working together over the next few months to figure out how to meet the recertification requirements.

The decertification orders are available online. Today's Riverside Press Enterprise story by By Michelle DeArmond and Kimberly Trone, below, provides an excellent overview.

Electronic Voting Decertified
Riverside Press Enterprise
August 4, 2007

Riverside and San Bernardino counties, which have been at the forefront of the electronic voting movement in California, might be using paper ballots in the February presidential primary, Secretary of State Debra Bowen announced early Saturday.

After hours behind closed doors, Bowen announced a decision to decertify electronic voting systems across the state just minutes after a midnight deadline, which is six months before the presidential primary in February.

In a document outlining the new requirements, Bowen gave local governments and electronic voting manufacturers 45 days to provide comprehensive security plans for their systems, but it was unclear early Saturday how that might affect the machines' use in February.

Before any machines are used in the primary election, Bowen is requiring that they be reinstalled with voting system application software obtained directly from the federal testing laboratory or her office.

Bowen also laid out numerous rules aimed at increasing transparency and bolstering citizen participation in the elections process.

Registrars in Riverside and San Bernardino counties could not be reached for comment early Saturday.

But recently Riverside County Registrar Barbara Dunmore told county supervisors she would be prepared for whatever decision Bowen made -- even if it meant a return to paper ballots.

Bowen, who campaigned in 2006 as an outspoken critic of the state's voting system, has been critical of the Sequoia Voting System's machines used in Riverside and San Bernardino counties for months.

In May, she ordered a review of electronic voting systems in use throughout the state. California law requires periodic reviews and the electronic systems fared poorly in Bowen's five-week analysis.

Computer experts from the University of California tested the electronic voting systems and found vulnerabilities in the Sequoia machines that made it easy to change the recorded votes. They found similar problems with Diebold Election and the Hart InterCivic systems as well.

Other counties that used touch-screen machines, including Alameda, Merced and Solano, already have switched from to paper-based systems in the wake of the growing scrutiny and complaints.

David Beirne, executive director for the Election Technology Council, a trade association of electronic voting manufacturers based in Texas, said Bowen's security test was flawed.

Electronic voting systems manufacturers paid for Bowen's $1.8 million review.

Beirne said researchers were given unfettered access to voting systems without the "real world" safeguards local elections officials use to prevent elections tampering, which they have acknowledged.

The council encouraged the testing to include experienced election officials and to apply the common physical security measures such as locks, tamper-evident seals and adequate password requirements.

Tom Courbat, founder of the elections integrity group that has lobbied for paper ballots used with optical scanners and criticized Riverside County's security, hailed Bowen's decision.

Courbat, whose group is called SAVE R VOTE, said that with the absence of any comprehensive plan to safeguard the systems' integrity, electronic voting machines would be used on a limited scale for disabled voters and then completely audited.

"Voters in Riverside County can breathe a sigh of relief," Courbat said.

The decision follows years of conflict between the secretaries of state and counties that use touch-screen voting machines. In the latest debate, attention on Riverside County's system and leaders has intensified amid growing criticism of the machines.

Riverside County supervisors late last year appointed a panel of retired judges and public servants to review the county's elections process in the wake of complaints about long lines and technical malfunctions at the November polls.

After several public hearings, expert testimony and study sessions, the panel recommended last month that the county immediately return to paper ballots.

The commission found no evidence of any significant error or defect in the county's touch screen system but said it hadn't gained voter confidence and failed to meet expectations of reliability and cost savings.

Retired Superior Court Judge Robert George Taylor, a member of the panel, told the Board of Supervisors that after months of reviewing information about the electronic system he had lost trust in it.

Riverside County, which has spent $25 million on the ATM-styled devices, was the first in California to put electronic-voting systems to widespread use in 2000. San Bernardino County started using a newer version of the same system in 2004.

Shortly thereafter, then-Secretary of State Kevin Shelley revoked the certification of all touch-screen machines in the state, declaring them unreliable and subject to security breaches.

Riverside and San Bernardino counties sued the state, but a federal judge ruled Shelley had the right to decertify the machines. After three months of negotiations with Shelley, both counties dropped out of the lawsuit and agreed to comply with additional security measures in order to get their machines recertified.

Sequoia Voting Systems, which provides machines for both counties, also had to comply with new security measures in time for the November election.

Kim Alexander, president of the nonprofit, nonpartisan the California Voter Foundation, said she knew changes in technology and security standards have posed ever-changing challenges for registrars.

"I'm sympathetic to the registrars. They would like to feel like the ground is not continuously shifting underneath them," she said Friday. "We've been in a state of transition for six years in California now."

Nonetheless, preventing voter disenfranchisement and protecting the integrity of the results trumps other concerns, she said. Additionally, Alexander said the long-term costs of switching to a paper-based system likely would be cheaper.

Reach Kimberly Trone at 951-368-9456 or

Friday, August 3, 2007

Voting system evaluations, reports and decisions

Well, it's been a long time since I've blogged -- it was nice having a break these past few months. Now things are getting busy again, and there is so much going on that I decided it was time to post a new blog entry with links to some important reports that have recently been released.

The big news in California is that the Secretary of State, Debra Bowen, recently completed her "top-to-bottom" review of voting systems. Computer scientists and other academics from UC Berkeley and UC Davis led the review. Most of their public reports are now available at the Secretary of State's web site. (We are still awaiting release of the third and final set of reports, completed by the documents review team.) See the Secretary of State's July 27 news release for more details.

On Monday, July 30, Secretary Bowen convened a public hearing on the review at her auditorium in Sacramento. The hearing lasted all day, beginning with testimony from UC Davis computer science professor Matt Bishop, followed by statements from respresentatives of the three vendors whose systems were evaluated (Sequoia, Hart and Diebold). Numerous citizen activists opposed to electronic voting spoke during the day; so did many county election officials, most of whom expressed disappointment that the review was not conducted in a "real-world" environment, taking into account procedures in place at the local level the prevent security violations.

I spoke at the hearing as well, and said that voting system security should not be dependent on procedures being carried out at the local level. Procedures vary widely from county to county, and with 58 counties, 25,000 precincts, and 100,000+ pollworkers in a statewide election, it is impossible to monitor or verify compliance in all polling places. Video from the California Channel and a transcript from the Secretary of State are available.

If you're wondering what all this means, there are a few blog postings that help sort out these important developments. In particular, take a look at recent posts from Ed Felten, Avi Rubin, and Matt Blaze.

Also released was the Post Election Audit Standards Working Group report to the Secretary of State, outlining numerous ways that auditing after the election could be strengthened to increase voter confidence and improve the auditing process. I served on this committee, and the options outlined in our report will be beneficial to the Secretary of State and counties as they consider ways to address security problems in our current voting systems. The audit working group's report is online, along with a news release from the Secretary of State announcing the report.

Meanwhile, elsewhere around the country....

The much-anticipated report, "Post Elections Audits: Restoring Trust in Elections" was recently released. A joint production of The Brennan Center for Justice at NYU School of Law and the Samuelson Law, Technology & Public Policy Clinic at UC Berkeley's Boalt Hall School of Law, the report details how few states are fully equipped to find sophisticated and targeted software-based attacks, non-systemic programming errors and software bugs that could change the outcome of an election. See the news release for addtional highlights.

In Florida, a new report was issued this week by the Security and Assurance in Technology (SAIT) Laboratory at Florida State University. The SAIT researchers examined Diebold's latest version of its electronic voting machine, found numerous problems and recommended the state not award certification.

Another report about Florida's election was also issued today. It comes from the Government Accounting Office, which examined Sarasota County's voting system after 18,000 undervotes were cast in a closely contested congressional race last November and issued this progress report to Congress.