Folks,

Problems Reported

I spent most of yesterday at the TrueVoteMD offices helping to monitor the election, speak at a press conference, and take a few hotline calls. Although it wasn't as bad as the primary election, when the Montgomery County Board of Elections forgot to include the voter access cards in the kits for the polling places, it wasn't good. The mainstream media are all reporting that there were "minor glitches" in many places, making it seem like no big deal. However, we need to look underneath what is going on.

The whole electronic voting system is horribly complex, with many more bits and pieces of gear that need to be set up, maintained, and work perfectly under field conditions. I think all of the people on this list can tell firsthand stories of how equipment and software that works fine in the office will be completely misused or fail with malicious glee when placed at a remote location. I think that we are seeing the results of the system complexity, in repeated, small breakdowns that actually are having the cumulative effect of the death of a thousand cuts.

The major bug this time around seems to be vote switching due to mis-calibrated touch screens — a voter presses on the rectangle for candidate A but the selection box for candidate B lights up instead. Another problem that is showing up in reports is absentee ballots that arrived too late to be used, despite being requested well in advance. The State Board of Elections' less-than-helpful response is to say, "well, you can just go down to your county Board of Elections offices and turn in your ballot in person." That doesn't help the gentleman who is in Indiana and just received his ballot on the 7th, or the lady in Switzerland(!) who never received hers at all.

The biggest problem of all is the long wait caused by the various equipment malfunctions and the problems with the poll workers who have to deal with them. Election judges are working 20+ hour days to keep things going. This is insane. One of the big selling points of these electronic voting systems is that they were supposed to reduce the possibility for human error. In reality, they have *increased* the possibility for human error, by making the system so complex that it's impossible for it to work in the real world. 

The Original SAIC Report

Another aspect you might be interested in is that the original SAIC report on the security of the elections process was leaked on the bradblog.com web site. This report was commissioned by the Maryland State Board of Elections in 2003. In fact, none of the actual board members had seen it until now — Linda Lamone, the Administrator of the SBE, kept it secret from them as well as the public. The original report was nearly 200 pages long, but only a redacted, 38-page version was released to the public and the board members. There have been various claims made by Ms. Lamone and her staff that releasing the report would cause security breaches, to which I say, "bull."

I've been reading through the full report, and I'm about 3/5ths of the way through. A couple of points stick out:

1. The report recommends a total of 326 management, operational, and technical controls to secure the system. This is ridiculous — any system that needs that many changes to secure it should be thrown out. It's simply too complex to work properly — patch on top of service pack on top of bug fix on top of workaround.
   
2. I have yet to see any reason why this report should not have been released earlier, aside from embarrassing the living daylights out of Diebold. None of the recommendations or redactions cover information that is proprietary in nature. If the recommendations we carried out and were sufficient to secure the voting system, then releasing the full report should have no security consequences. On the other hand, if the recommendations were not fully carried out or were not sufficient to secure the voting system, then we the public, the members of the board, the Maryland legislature, and the governor darn well have the right to know that we are working with a voting system that has significant security problems.
   

If you want to read it for yourself, there are 5 PDFs at:

http://www.bradblog.com/?p=3731

The Original Problem

In all of this, let's not lose sight of the original problem. It is impossible to tell from these electronic voting machines whether or not your vote has been properly counted. There is ZERO ability to audit the system — to ensure that something (an ordinary, garden variety bug or someone trying to tamper with the election) hasn't caused vote totals to be changed.


--Paul