Total Election Awareness

Over the last several years, EFF has strongly opposed the use of closed, unverifiable voting technologies, bringing litigation to investigate faulty machines and challenge bad practices as well as backing legislation that would move us towards more trustworthy elections. For 2008, EFF is making a new contribution to help keep track of election issues, technology-related or otherwise.

Last week, EFF successfully tested a beta version of Total Election Awareness (or "TEA"), a web-based application designed to help election monitoring efforts collect and analyze election-related incidents in real time. The first field test took place on February 5th — "Super Tuesday". Working with the Election Protection Coalition, TEA helped volunteers staffing Election Protection call centers (866-OUR-VOTE) in Atlanta, Chicago, Los Angeles, and New York to record over 2,200 incidents and inquiries from voters from across the country. This week, TEA recorded the details of another 600 calls in the Virginia, Maryland, and Washington D.C. primaries.

The next phase in the project development is preparing the tool for use in the November general election. In addition to improving the quality of the data recorded as part of the Election Protection process, we're also planning to make the November data available to the public in real time. Moreover, TEA is being developed as a free open-source project so other election monitoring efforts, large or small, will be able to use the tool themselves once it's released.

Stay tuned to Deeplinks for future developments!

[Permalink]

Judge Voids Election Because of E-Voting Snafus

Good news from California's Alameda County -- a judge has voided election results after the county botched its response to a contested race conducted on Diebold electronic voting machines. The judge ordered that the disputed Measure R -- an initiative addressing the operation of medical marijuana dispensaries -- go back on next year's ballot.

Measure R lost by fewer than 200 votes in the 2004 election, and Americans for Safe Access and voters in the city of Berkeley brought a legal challenge seeking a recount. But while the lawsuit was ongoing, election officials returned the voting machines to supplier Diebold Election Systems, and 96% of the detailed audit information from the election was destroyed. EFF helped analyze the remaining data, but as the judge recognized, it was impossible to tell if the tallies reported on election night were correct.

This decision was expected, but it's heartening that Superior Court Judge Winifred Smith saw the ramifications of the county's behavior and ordered the appropriate remedy. If there is no way to examine data, audit logs, and chain-of-custody records, there is no way to do an accurate recount. This is only the second time in Californian history that a court has ordered than an election be rerun. The message is clear: using electronic voting machines and keeping sloppy records is not an acceptable way to run an election.

The news is good in California, but serious reforms are needed nationwide, including a voter-verified paper trail and mandatory random audits. Contact your representative today and voice your support for H.R. 811, the Voter Confidence and Increased Accessibility Act of 2007.

[Permalink]

Crunch Time for E-voting Reform

If all goes as planned, HR 811 -- the Voter Confidence and Increased Accessibility Act of 2007, introduced by New Jersey Representative Rush Holt -- will finally come to a floor vote in the House of Representatives this week, likely on Thursday or Friday. Despite speculation to the contrary, it is not at all clear whether the bill will pass or, even if it does, whether a substantively similar companion bill will then pass the Senate. Like it or not, with election officials arguing that they're running out of time to implement wholesale changes, this likely amounts to Congress's only attempt to make any serious improvements to the nation's election procedures ahead of the 2008 presidential election.

EFF supports HR 811 and hopes that you will tell your Representative to support it as well. As we have done over the years through the bill's various incarnations, EFF has supported HR 811 based on what the bill would actually do, not what it lacks. At the end of the day, a post-HR 811 electoral system would indisputably (despite arguments to the contrary) be better than the one that exists today. EFF has discussed this in detail before: from where we sit, banning the use of paperless direct recording electronic (DRE) voting machines if they are not retrofitted with voter-verified paper ballots (VVPATs) and mandating for the first time across-the-board audits of federal elections would unquestionably be good things which continue to deserve support, regardless of whether or not we'd like to see additional improvements.

Are DREs, even those utilizing VVPATs, fraught with problems? Of course. Should more rigorous audits be mandated? Absolutely. But a heartfelt desire to ban DREs or improve audits is no reason to oppose this bill, especially since states are not prohibited from making either of these reforms -- or nearly any other voting system-related reform -- on their own.

Our support for HR 811 is tempered by profound disappointment that one of the bill's pillars has been watered down to the point of ineffectiveness due to pressure from the proprietary software industry. The source code disclosure provisions, requiring that voting system source code be disclosed at the very least to litigants and other "qualified persons" who can test the integrity of the voting system under a non-disclosure agreement, have since the bill's introduction been replaced by a requirement that "voting system software" -- a definition that does not explicitly include source code -- be disclosed. While "correcting" language was included in the Committee Report as a result of prompt feedback from computer security experts after the bill's current language was released, that Report will likely not be sufficient to ensure source code access. Having litigated cases in which prompt access to voting system source code is critical, EFF's strong advocacy for this bill has been based in large part on the source code disclosure requirement. We call on Rep. Zoe Lofgren and the other members of the Elections Subcommittee to promptly fix this provision -- using the explicit language included in the Committee Report -- before the bill makes it to the floor of the House.

Whatever its shortcomings, whatever its incremental pace, HR 811 offers an important step forward. EFF continues to call for more ambitious reform than that offered by the current version of the bill, but we also properly recognize that HR 811 offers the best immediate opportunity for meaningful change. It needs your support today. Without it, be prepared to live with no additional federal protections for the 2008 election as we all return to square one with a new bill targeted at the 2010 or 2012 general election.

[Permalink]

Following Blistering Review That Highlighted Widespread Vulnerabilities, California Decertifies Flawed Election Equipment

The final reports of California's "Top to Bottom Review" of its voting systems are in, and the results aren't pretty. Yesterday, the other shoe dropped. Secretary of State Debra Bowen, who as a candidate promised to radically overhaul California's election technology and related procedures, did just that. In a statement made literally at the 11th hour -- minutes before an impending statutory deadline expired -- Bowen announced that all of the voting equipment analyzed in the Top to Bottom Review would be prohibited from further use in the state unless dramatically improved security requirements were met. EFF applauds Secretary of State Bowen's courageous decision. We sincerely hope that other jurisdictions will promptly follow California's lead.

Highlights of the additional requirements imposed on the previously approved equipment of vendors Diebold and Sequoia Systems:

* Only one DRE may be used per precinct in order to satisfy federal accessibility requirements. DREs may still be used in early voting.
* Improved audit requirements for all vote tallies, including increased manual sample counts in close elections and escalation requirements if discrepancies are found.
* A 100% manual count audit requirement for each DRE.
* All increased audit requirements must be paid for by the vendor.
* Elections officials must reset default passwords and encryption keys prior to each election.
* Prior to the February primaries, all voting system software and firmware must be reinstalled using certified versions stored with federal testing labs.
* All use of wireless components is prohibited.
* Upon request, members of the public must be permitted to inspect the integrity of hardware security seals.
* Election officials must create detailed logs of all voting equipment problems, logs which must be made publicly available for inspection.
* Any voting device that crashes must be pulled from service. All votes cast on that device are subject to a 100% manual audit requirement. In addition, all software and firmware must be reinstalled from approved sources before that device can subsequently be used again.

Hart InterCivic's DREs, which the Secretary of State found to be similarly "defective or unacceptable" although less vulnerable in some ways than either Diebold's or Sequoia's systems, are subject to similar security restrictions with some notable exceptions including less-stringent auditing requirements and no limitation on the number of DREs used in future elections.

California's Top to Bottom Review, which included "red team" attacks on all certified systems to uncover vulnerabilities as well as an analysis of system source code and documentation, began on May 31, 2007. Despite the short review period, the respective teams identified a wide range of critical vulnerabilities and other design problems, discoveries that bolstered the criticisms levied by EFF and others that the country's voting technology needs a massive overhaul if it is to earn the legitimate trust of the voting public.

Among the findings in the source code review reports, released to the public on August 2nd:

Sequoia Systems (Final Source Code Review Report: http://www.sos.ca.gov/elections/voting_systems/ttbr/sequoia-source-public-jul26.pdf)
* "Every software mechanism for transmitting election results and every software mechanism for updating software [in Sequoia's voting system] lacks reliable measures to detect or prevent tampering."
* "We found pervasive security weaknesses throughout the Sequoia software. Virtually every important software security mechanism is vulnerable to circumvention."
* "[W]e are not optimistic that acceptable practical and secure mitigation procedures are even possible for some of the Sequoia system?s components and features, at least in the absence of a comprehensive re-engineering of the system itself."

Diebold (Final Source Code Review Report: http://www.sos.ca.gov/elections/voting_systems/ttbr/diebold-source-public-jul29.pdf)
* "Our analysis shows that the technological controls in the Diebold software do not provide sufficient security to guarantee a trustworthy election. The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit to affect election outcomes."
* "Since many of the vulnerabilities in the Diebold system result from deep architectural flaws, fixing individual defects piecemeal without addressing their underlying causes is unlikely to render the system secure. Systems that are architecturally unsound tend to exhibit ?weakness-in-depth? ? even as known flaws in them are fixed, new ones tend to be discovered. In this sense, the Diebold software is fragile. Due to these shortcomings, the security of elections conducted with the Diebold system depends almost entirely on the effectiveness of election procedures. Improvements to existing procedures may mitigate some threats in part, but others would be difficult, if not impossible, to remedy procedurally. Consequently, we conclude that the safest way to repair the Diebold system is to reengineer it so that it is secure by design."

Hart InterCivic (Final Source Code Review Report: http://www.sos.ca.gov/elections/voting_systems/ttbr/Hart-source-public.pdf)
* "Building a secure networked system of this type requires adopting an attitude of defense in depth: it must be designed and implemented in such a way that a compromised component cannot induce misbehavior in other components that communicate with it. Our examination indicates that Hart?s system is not designed along these lines."
* "Although we had only limited time to review the source code of the system, our review nevertheless uncovered what we believe to be a number of significant security issues. In many cases the Hart system does not incorporate defense-in-depth principles, which may allow individual attacks
to be escalated up to much broader attacks. ... Some of these issues can be mitigated with stricter polling place procedures. Others may be
repaired with minor modifications to Hart?s systems, while yet others may require significant re-design."

[Permalink]

HR 811: Separating Truth From Fiction in E-voting Reform

After years of painstaking lobbying, e-mail and phone campaigns, congressional hearings, and committee markups and amendments, Rep. Rush Holt's Voter Confidence and Increased Accessibility Act finally appears poised for a floor vote in the House of Representatives. With an impressive 216 bipartisan co-sponsors, the bill has a real chance of passing. If signed into law, HR 811 would dramatically improve the electoral process in both the short and long term. While it would not solve the immense shortcomings in the current system, HR 811 would take a giant step towards returning much-needed transparency and accountability to the process.

Not unexpectedly, now that the bill has gained traction in the 110th Congress, critics have descended onto the bill with a fury, complaining that it is too weak or too strong, that its deadlines are too ambitious or too distant, that it takes too much autonomy away from the states or not enough.

HR 811 is not perfect. Few bills are. And honest debate about a matter as important as election integrity is always helpful to the process. However, much of the ostensibly pro-transparency criticism of HR 811 has sadly taken a detour away from being useful and descended into hyperbole, fear-mongering, and uninformed posturing. Returning to the substance of the bill and its actual consequences is long overdue.

[Read the entire post]

Action Alert: E-Voting Reform Bill Headed to House Floor!

A bipartisan bill requiring paper trails for electronic voting machines just cleared a major hurdle and could be taken up by the House of Representatives next week. Defend your right to vote and support H.R. 811, the Voter Confidence and Increased Accessibility Act of 2007.

E-voting machines have wreaked havoc and undermined confidence in our election system. Despite demonstrated technical failures -- including the loss of thousands of votes -- nearly half of all states still do not require a voter-verified paper ballot. Most of the voting machines in operation today haven't been sufficiently reviewed for security, and pollworkers frequently do not receive adequate training to deal with machine problems.

Along with requiring machines to produce a voter-verified paper ballot, H.R. 811 mandates random audits, the mandatory availability of voting machine computer code for review by experts and litigants, and many other critical reforms. The House Administration Committee passed the bill last week and approved amendments that further improve it, including a requirement that voters be allowed to use paper ballots upon request and a more robust ban on connecting voting equipment to the Internet.

For over three years, EFF has been helping Rep. Rush Holt move this legislation forward, and support from individuals like you has been crucial in garnering an astounding 215 cosponsors. Hundreds of activists joined EFF for Washington, D.C. lobby days in 2005 and 2006, and thousands of letters have poured in to Congress.

Now those efforts are paying off, and victory in the House is within reach -- take action now and fight for fair, transparent elections.

[Permalink]

Feinstein to GAO: Investigate E-voting System

During the 2006 election in Florida, electronic voting machines may have "undercounted" to the tune of 18,000 votes in Sarasota County. But because the new machines were not designed to provide paper receipts, there is no way to double check the vote.

Now, Senator Dianne Feinstein of California has taken action. Last week, she asked the Government Accountability Office (GAO) to investigate electronic voting systems that do not provide voter-verified paper ballots. Senator Feinstein specifically highlighted the problems in Florida, and asked for a "top to bottom investigation".

"Should the GAO become aware of any systems that are prone to software malfunctions, are susceptible to fraud, or use hardware design that would lead to voting system problems, I would request that you also inspect those systems," writes Senator Feinstein.

EFF and a coalition of voting integrity groups, representing Sarasota County voters, have filed suit in state court in Tallahassee asking for a re-vote in Florida's 13th congressional district. To find out more about EFF's work defending your right to vote, visit our E-voting page.

[Permalink]

EFF Supports Reintroduction of Critical E-voting Bill

In Washington D.C. on Tuesday, EFF proudly supported the reintroduction of Rep. Rush Holt's (D-NJ) Voter Confidence and Increased Accessibility Act of 2007 (HR 811). Below the fold, we've posted EFF's statement released in conjunction with Tuesday's press conference. Take action now and tell your representatives to support this bill.

[Permalink]

Florida Governor: Dump E-Voting Machines

Florida Governor Charlie Crist says his state should dump the touch-screen voting systems that were installed after the disputed 2000 presidential race in favor of more reliable optical-scanning machines. Voters would mark up a paper ballot and be able to verify their vote on the spot with a paper receipt.

"You go to an ATM machine, you get some kind of a record. You go to the gas station, you get a record. If there's a need for a recount, it's important to have something to count," said Crist. The governor plans to ask the Florida legislature for $20 million to replace the touch-screen machines.

The current machines provide no paper backup, and have been plagued by irregularities and scandal in recent elections. EFF and a coalition of voting integrity groups, representing Sarasota County voters, have filed suit in state court in Tallahassee asking for a re-vote in Florida's 13th congressional district. In a high-profile battle over former Rep. Katherine Harris' seat, the result was decided by 363 votes, yet over 18,000 ballots cast on Sarasota County's e-voting machines registered no vote in the race, an exceptional anomaly in the State.

To find out more about EFF's work defending your right to vote, visit our E-voting page.

[Permalink]

Roll Call Op-Ed: E-Voting Transparency Needed Now

The Election Assistance Commission is charged with ensuring that our voting systems are reliable and secure. Each machine is "supposed" to be subjected to rigorous tests before being certified, and the EAC was recently empowered to oversee that process.

At least that's the theory. As Aaron Burstein and Joseph Lorenzo Hall show in their recent opinion piece in Roll Call, however, the revelation that the EAC de-certified a major testing company (Ciber) in the summer of 2006 but did not notify election officials until long after the 2006 election demonstrates that EAC suffers from a culture of secrecy that undermines the very goals it is supposed to protect.

The EAC recently announced a new policy that not only fails to ensure transparency in the future, but affirmatively allows it to shield from the public important information about how and why voting systems are tested and certified. Manufacturers are allowed to deal with test labs privately, keeping communications secret. And while the EAC is publishing test lab reports, it is refusing to publish the test plans it used to certify a voting system — and without that knowledge, the public cannot know whether the tests were in fact rigorous or accurate enough.

As Burstein and Hall note, in the case of Ciber, the results of EAC's secrecy were that approximately 70% of voters in the November 2006 election used equipment that had been "certified" by a company that the EAC de-certified months before the election. Who knows what the next problem will be? As Burstein and Hall put it: "Secrecy isn't working for the EAC or democracy — and there is no reason to think it will in the future."

[Permalink]