Originally published on TomPaine.com
| Election Security 2006 by Steven Hill June 05, 2006 |
Steven Hill is director of the Political Reform Program of the
New America Foundation. Portions of this article are excerpted
from the author’s new book, 10 Steps to Repair American
Democracy. Part I of a two-part series. Part II will outline a
forward-looking agenda for how to secure the vote in the United
States.
Will your vote count on Tuesday? As we head into another
election season—with control of Congress potentially up for
grabs—ongoing concerns about voting equipment and
election administration continue to worry fair elections
advocates. Recent headlines have added to previous fears,
but there are also signs that effective advocacy is paying off.
Last month, The New York Times and other news media
reported on a new security glitch uncovered in election
equipment manufacturer Diebold Election System’s ATM-like
touch-screen voting machines. Voting technology experts
have called it the "worst security flaw ever"—any person with
basic knowledge and a minute or two of access to a Diebold
touch screen could load virtually any software into the
machine and disable it, redistribute votes or alter its
performance in myriad ways without being detected.
"This [security flaw] is worse than any of the others I've
seen. It's more fundamental," said Douglas Jones, a
University of Iowa computer scientist and veteran voting
system examiner for the state of Iowa. "In the other ones,
we've been arguing about the security of the locks on the
front door. Now we find that there's no back door."
Incredibly, media reports withheld some details of the
vulnerability at the request of elections officials and
scientists, partly because exploiting the security hole is so
easy that providing details would give a roadmap to a
potential hacker.
Elections officials in several states scrambled to limit the
risk. In Pennsylvania, respected state elections chief
Michael Shamos, previously a supporter of touch-screen
voting, ordered the sequestering of all Diebold touch-
screens. California and other states invoked emergency
procedures. Meanwhile, problems with voting equipment
sold by Diebold's main competitors, Sequoia Voting Systems
and Election Systems and Software, popped up in numerous
states, including Oregon, Texas, Colorado, Illinois, Florida,
New Jersey, Washington and New Mexico.
Election Data Services estimates that, while some states are
still in the process of buying voting equipment, touch-screen
machines will be used by 34 percent of counties in 2006, up
from 10 percent in 2000. But only seven states will use
devices that print a paper receipt of electronic votes from
touch-screen machines—known as a “voter verified paper
audit trail" or VVPAT—with more than a dozen states still
pushing legislation to require paper records. This trend is
extremely worrying to election security advocates. Some
cause for comfort is that 50.2 percent of counties will use
optical-scan machines that read hand-marked paper ballots
(up from 41 percent in the 2000 election), since at least
optical scan systems have a VVPAT—a paper ballot that was
marked with a pen before being scanned by the machine.
Traditional paper ballots marked by pen and counted by hand,
which some touch-screen opponents nostalgically hearken
back to, will account for only 5.7 percent of counties in 2006,
down from 11.7 percent of counties six years ago. But on the
positive side, use of punch-card voting equipment, which
was badly discredited during the 2000 presidential vote count
in Florida, has declined from 18 percent of counties in 2000 to
just under 4 percent.
Two steps forward, one step back? It’s hard to say whether
we are making progress or not, mostly because the powers-
that-be appear uncertain about what actually represents
progress. This was painfully obvious at the Voting Systems
Testing Summit in November 2005, which marked the first
time that representatives from all the different camps
involved with or concerned about election administration—
top federal regulators, vendors, testing laboratories, state
and local election administrators, computer scientists and fair
elections advocates—came together in one place. Most
striking was that no one could articulate a comprehensive
inventory of the many problems, much less a blueprint for the
solutions. Instead, there was a lot of finger-pointing and
excuses.
At the summit, one expert made the staggering claim—which
no one bothered to dispute —that the U.S. provides more
security, testing, and oversight of slot machines and the
gaming industry than to our nation's voting equipment or
election administration. Clearly, the biggest threat to the
integrity of our elections is that no one seems to be steering
the ship. There is no central brain or team that has a handle
on all aspects, developing best practices or a roadmap that
states and counties can follow. Tragically, while Congress
has appropriated $3 billion for buying new voting equipment,
the money is arriving before the necessary standards to
ensure that it isn’t wasted are in place. This hardly
resembles the world’s greatest democracy in action.
Looking at the bigger picture it’s clear that the entire
regimen of public-private infrastructure for running elections
in the United States, where for-profit vendors sell proprietary
equipment to counties and states in a quasi-regulated
market, is going through yet another round of convulsions.
It's like watching an antiquated bridge creaking and groaning
under the strain of traffic, wondering when it will give way
next. Any sensible person favoring the fairness and integrity
of our elections should be concerned. Yet that concern also
must be kept in perspective lest it spiral into a paralyzing
paranoia.
There are a number of positives to point to in an admittedly
chaotic situation. Election security activists are more
mobilized than ever and they are having an impact in a myriad
of ways. They have raised the profile of these issues to the
point of a national crisis. Their efforts, once considered the
actions of fanatical gadflies, are being increasingly cited and
even joined by respected election bureaucrats like
Pennsylvania’s Michael Shamos. Former President Jimmy
Carter and Secretary of State James A. Baker III—yes, that
James Baker, the Bush family's consigliore in the disputed
2000 presidential election—were co-chairs of the bipartisan
Commission on Federal Election Reform which warned in
their 2005 final report that “software can be modified
maliciously before being installed into individual voting
machines. There is no reason to trust insiders in the election
industry any more than in other industries."
Advocates’ increased credibility has resulted in real action,
with two governors deciding to take matters into their own
hands. New Mexico's Democratic Gov. Bill Richardson
pushed through legislation mandating paper ballots
throughout the state. Maryland's Republican Gov. Robert
Ehrlich in February called for change after a Johns Hopkins
University study found Diebold’s software was open to
attacks from hackers, followed by seeing a 10-fold jump in the
cost of maintaining and storing the sensitive electronic
machines.
In another sign of progress, election security advocates led
by Voter Action, a nonpartisan, nonprofit organization, have
found the necessary resources to begin filing lawsuits as a
way to block state and election officials' efforts to use touch-
screen equipment. So far, lawsuits in nine states have been
filed, with the embattled terrain becoming tenser and
increasingly high-stakes. Diebold lawyers are not taking this
lying down. They have retaliated against whistleblower
Stephen Heller, pressuring law enforcement officials in Los
Angeles to send him to jail for allegedly leaking documents
exposing that Diebold was using illegal, uncertified software
in their California voting machines.
As a result of all this furious activity, a consensus is
emerging from top to bottom that the system is broken, even
if there is not yet a consensus about what to do about it. But
increasingly even the more mainstream experts acknowledge
that for the 2006 election, the creaky bridge continues on a
shaky foundation.
Heading into the 2006 election, fair election advocates need
to remain vigilant, particularly in the handful of close races
where a swing of a small number of votes could change an
election outcome. Longer term, activists must turn their
efforts to a more visionary agenda that will ensure fair, free,
safe and secure elections in the 21st century.
New America Foundation. Portions of this article are excerpted
from the author’s new book, 10 Steps to Repair American
Democracy. Part I of a two-part series. Part II will outline a
forward-looking agenda for how to secure the vote in the United
States.
Will your vote count on Tuesday? As we head into another
election season—with control of Congress potentially up for
grabs—ongoing concerns about voting equipment and
election administration continue to worry fair elections
advocates. Recent headlines have added to previous fears,
but there are also signs that effective advocacy is paying off.
Last month, The New York Times and other news media
reported on a new security glitch uncovered in election
equipment manufacturer Diebold Election System’s ATM-like
touch-screen voting machines. Voting technology experts
have called it the "worst security flaw ever"—any person with
basic knowledge and a minute or two of access to a Diebold
touch screen could load virtually any software into the
machine and disable it, redistribute votes or alter its
performance in myriad ways without being detected.
"This [security flaw] is worse than any of the others I've
seen. It's more fundamental," said Douglas Jones, a
University of Iowa computer scientist and veteran voting
system examiner for the state of Iowa. "In the other ones,
we've been arguing about the security of the locks on the
front door. Now we find that there's no back door."
Incredibly, media reports withheld some details of the
vulnerability at the request of elections officials and
scientists, partly because exploiting the security hole is so
easy that providing details would give a roadmap to a
potential hacker.
Elections officials in several states scrambled to limit the
risk. In Pennsylvania, respected state elections chief
Michael Shamos, previously a supporter of touch-screen
voting, ordered the sequestering of all Diebold touch-
screens. California and other states invoked emergency
procedures. Meanwhile, problems with voting equipment
sold by Diebold's main competitors, Sequoia Voting Systems
and Election Systems and Software, popped up in numerous
states, including Oregon, Texas, Colorado, Illinois, Florida,
New Jersey, Washington and New Mexico.
Election Data Services estimates that, while some states are
still in the process of buying voting equipment, touch-screen
machines will be used by 34 percent of counties in 2006, up
from 10 percent in 2000. But only seven states will use
devices that print a paper receipt of electronic votes from
touch-screen machines—known as a “voter verified paper
audit trail" or VVPAT—with more than a dozen states still
pushing legislation to require paper records. This trend is
extremely worrying to election security advocates. Some
cause for comfort is that 50.2 percent of counties will use
optical-scan machines that read hand-marked paper ballots
(up from 41 percent in the 2000 election), since at least
optical scan systems have a VVPAT—a paper ballot that was
marked with a pen before being scanned by the machine.
Traditional paper ballots marked by pen and counted by hand,
which some touch-screen opponents nostalgically hearken
back to, will account for only 5.7 percent of counties in 2006,
down from 11.7 percent of counties six years ago. But on the
positive side, use of punch-card voting equipment, which
was badly discredited during the 2000 presidential vote count
in Florida, has declined from 18 percent of counties in 2000 to
just under 4 percent.
Two steps forward, one step back? It’s hard to say whether
we are making progress or not, mostly because the powers-
that-be appear uncertain about what actually represents
progress. This was painfully obvious at the Voting Systems
Testing Summit in November 2005, which marked the first
time that representatives from all the different camps
involved with or concerned about election administration—
top federal regulators, vendors, testing laboratories, state
and local election administrators, computer scientists and fair
elections advocates—came together in one place. Most
striking was that no one could articulate a comprehensive
inventory of the many problems, much less a blueprint for the
solutions. Instead, there was a lot of finger-pointing and
excuses.
At the summit, one expert made the staggering claim—which
no one bothered to dispute —that the U.S. provides more
security, testing, and oversight of slot machines and the
gaming industry than to our nation's voting equipment or
election administration. Clearly, the biggest threat to the
integrity of our elections is that no one seems to be steering
the ship. There is no central brain or team that has a handle
on all aspects, developing best practices or a roadmap that
states and counties can follow. Tragically, while Congress
has appropriated $3 billion for buying new voting equipment,
the money is arriving before the necessary standards to
ensure that it isn’t wasted are in place. This hardly
resembles the world’s greatest democracy in action.
Looking at the bigger picture it’s clear that the entire
regimen of public-private infrastructure for running elections
in the United States, where for-profit vendors sell proprietary
equipment to counties and states in a quasi-regulated
market, is going through yet another round of convulsions.
It's like watching an antiquated bridge creaking and groaning
under the strain of traffic, wondering when it will give way
next. Any sensible person favoring the fairness and integrity
of our elections should be concerned. Yet that concern also
must be kept in perspective lest it spiral into a paralyzing
paranoia.
There are a number of positives to point to in an admittedly
chaotic situation. Election security activists are more
mobilized than ever and they are having an impact in a myriad
of ways. They have raised the profile of these issues to the
point of a national crisis. Their efforts, once considered the
actions of fanatical gadflies, are being increasingly cited and
even joined by respected election bureaucrats like
Pennsylvania’s Michael Shamos. Former President Jimmy
Carter and Secretary of State James A. Baker III—yes, that
James Baker, the Bush family's consigliore in the disputed
2000 presidential election—were co-chairs of the bipartisan
Commission on Federal Election Reform which warned in
their 2005 final report that “software can be modified
maliciously before being installed into individual voting
machines. There is no reason to trust insiders in the election
industry any more than in other industries."
Advocates’ increased credibility has resulted in real action,
with two governors deciding to take matters into their own
hands. New Mexico's Democratic Gov. Bill Richardson
pushed through legislation mandating paper ballots
throughout the state. Maryland's Republican Gov. Robert
Ehrlich in February called for change after a Johns Hopkins
University study found Diebold’s software was open to
attacks from hackers, followed by seeing a 10-fold jump in the
cost of maintaining and storing the sensitive electronic
machines.
In another sign of progress, election security advocates led
by Voter Action, a nonpartisan, nonprofit organization, have
found the necessary resources to begin filing lawsuits as a
way to block state and election officials' efforts to use touch-
screen equipment. So far, lawsuits in nine states have been
filed, with the embattled terrain becoming tenser and
increasingly high-stakes. Diebold lawyers are not taking this
lying down. They have retaliated against whistleblower
Stephen Heller, pressuring law enforcement officials in Los
Angeles to send him to jail for allegedly leaking documents
exposing that Diebold was using illegal, uncertified software
in their California voting machines.
As a result of all this furious activity, a consensus is
emerging from top to bottom that the system is broken, even
if there is not yet a consensus about what to do about it. But
increasingly even the more mainstream experts acknowledge
that for the 2006 election, the creaky bridge continues on a
shaky foundation.
Heading into the 2006 election, fair election advocates need
to remain vigilant, particularly in the handful of close races
where a swing of a small number of votes could change an
election outcome. Longer term, activists must turn their
efforts to a more visionary agenda that will ensure fair, free,
safe and secure elections in the 21st century.
| June 5, 2006 editorial by Steven Hill: Election Security 2006 |
 |
| |
 |
| |
 |
| |
 |