Friday, March 31, 2006

CA voter registration database, voter fraud and Sequoia in the news

This week brought an interesting and troublesome variety of news stories. On Tuesday, the Los Angeles Times' Jordan Rau reported in this article about how new voter registration database laws resulting from the Help America Vote Act and an agreement signed by California Secretary of State and the Department of Justice have created a stringent verification process resulting in the blockage of large numbers of new registrations. According to Rau's article, Los Angeles County has seen 43 percent of its new registrations in the past few months rejected in the new system, which requires an exact match of the name provided on the registration card and on a driver's license.

A related issue that is growing more controversial is over the push by some politicians and in several states to require identification at the polls. This commentary by Lorraine C. Minnite, a political science professor at Barnard College, examines the claims of widespread voter fraud being made to justify the ID requirement, and finds them lacking. In her piece, Minnite tells how she looked at news coverage over a five-year period in six states with the most leniant voter registration systems and found only eleven cases of reported attempts of voter fraud. Her commentary provides other statistics suggesting that an ID requirement would have a disproportionate impact on the poor and people of color.

And last, but not least, some big news out of Pennsylvania, where Mike Shamos, longtime certification expert for that state recently conducted certification testing of Sequoia's Advantage full-face touchscreen voting machine and vote counting system. These machines are different from the Edge machines used in California, and don't produce a voter-verified paper audit trail. On Monday, the Pittsburgh Post-Gazette published this article by Jerome L. Sherman that discusses Shamos' testing plans as well as his years-old bet to give $10,000 to anyone who can hack into a touch screen voting machine undetected.

It appears that Dr. Shamos may have won his own bet. On Wednesday Tracie Mauriello reported in the Post-Gazette in this article that Dr. Shamos halted the testing on Wednesday after he found that he could tamper with the results. Today's Philadelphia Inquirer also features this story by Jeff Shields and Nancy Petersen, titled "Voting software vulnerable to hackers". Excerpts from both articles are featured below.

----------
(from the Post-Gazette)

Dr. Shamos encountered yesterday's problem during a test for vote tampering. In an instant, he said, he was able to transform a handful of votes into thousands.

Developers quickly fixed the problem by replacing a file in the tabulation software, but that didn't alleviate Dr. Shamos' concerns. A malicious hacker could easily make the same switch, allowing votes to be changed, he said.

"What control is there over the software package if different files can be swapped in and out?" he asked.

Also yesterday, Dr. Shamos uncovered a series of unusual error messages and a fluke that causes the program to shut down when the "print" button is used.

A day earlier, he detected a problem transferring data between voting machines and the tabulation software. That problem has since been fixed.

Larry Tonelli, Sequoia's state manager for Pennsylvania and New York, said he was confident the latest problem can be resolved, too.

"We know the hardware is fine. It's been out there for eight or nine years so we're moving ahead with training and shipping machines [to Allegheny County]. The software doesn't need to work until just before the election so we've got time. It's no big deal," he said.

---------
(from the Philadelphia Inquirer)

The problem arose not in individual voting machines, but in a central control unit that compiles votes from each precinct.

Michael Shamos, a professor of computer science at Carnegie Mellon University in Pittsburgh, said in an interview he was able to hack in and change totals during a state test. The machines are also being purchased by Allegheny County.

"I found that by altering one file I could change vote totals from 10 to over 8,000," he said. "It easily let me do that, so the security mechanisms associated with county central are deficient."

In another test involving a referendum question, the system would not allow a "no" vote.

"I told them to do a comprehensive fix and a comprehensive test and come back in two weeks," he said. "If they fix it, we can distribute one copy to Allegheny County and one copy to Montgomery County and we're good to go."

Allegheny is buying 2,800 machines, and Montgomery is upgrading software in its existing 1,050 machines. There are no problems with the machines that are in each precinct, he said.

Michelle Shafer, a spokeswoma for Sequoia, said the company, based in California, was confident the software would pass a second test. She said the environment in which Shamos encountered problems was not a typical voting situation.

"Someone had full, unfettered access to the voting software, which would not be the case in an actual election," Shafer said.

No comments:

Post a Comment