Lynn Landes 
 The Landes Report ...

Go back to Voting Machine Webpage


Technical Issues and (no federally mandated) Standards

Federal Election Commission - Has no regulatory authority over elections industry. It did not even have a complete list of vendors of computerized vote tabulation systems as of 2/20/03. See:  http://web.archive.org/web/20030402181008/http://www.fec.gov/pages/vendorslist.htm.  Also see http://www.ecotalk.org/VotingMachineCompanies.htm "No voting system is ever 'Federally Approved' or 'FEC Approved'," says the Texas-based National Association of State Election Directors (NASED). SEE more on FEC/NASED/HAVA below

Must read! LIST of voting machine reports of irregularity

Systems to be used in 2004: http://www.heraldtribune.com

  • Paper Ballots only
    • 0.6% - 1 million registered voters 
  • Lever machines
    • 12.8% - 22.2 million registered voters
  • Electronic - 86.5% of all votes cast
    • 32.2% - Optical scan, 55.6 million registered voters
    • 28.9% - Electronic touchscreens, 50 million registered voters
    • 18.6% - Punch cards, 32.2 million registered voters
    • 6.8% - Mixed, 11.7 million registered voters

Source: Election Data Services

Balloting and Tabulation data sources: 


FEC/NASED/HAVA



Texas-based National Association of State Election Directors (NASED) - General Overview for Getting a Voting System Qualified. "No voting system is ever "Federally Approved" or "FEC Approved."" http://www.nased.org/ITA_process.htm

The descriptions of these two organizations makes it very clear that any standards are really industry guidelines with no meaningful oversight from the FEC or NASED.

FEC - The Commission formulates voting systems standards and maintains those standards to keep them dynamic to changes in technology and testing requirements.  The FEC coordinates with NASED to assure that independent testing can be performed under the standards.  No voting system is ever "Federally Approved" or "FEC Approved."

NASED - NASED selects and approves testing laboratories which can perform testing related to voting systems to meet the FVSS.  The standards are not NASED standards and NASED does not have authority over the FVSS or its individual components of the standards.  NASED does select and qualify Independent Test Authorities to perform the work of doing professional testing to assure that voting systems manufacturers comply with the FVSS.  NASED has no ability to determine whether a system passes or fails; the ITAs operate independently to determine objectively whether the vendor has met or exceeded the FVSS. 


SELECTED REPORTS (for complete list of Voting Security articles - http://www.ecotalk.org/VotingSecurity.htm): 


Select articles and reports:

The chief problem with computer voting, according to Dr. Rebecca Mercuri, is this, "Any programmer can write code that displays one thing on a screen, records something else, and prints yet another result. There is no known way to ensure that this is not happening inside of a voting system."  NotableSoftware.com  

Government Oversight: There is no federal agency that has regulatory authority over the elections industry. No agency or organization even has a complete list of voting machine companies. Using a rough estimate, there are about 70 voting machine companies worldwide, with at least 48 based in the U.S.. The FEC lists only 19, the Texas-based National Association of State Election Directors (NASED) lists 16 that are 'industry certified' (which are outmoded and voluntary guidelines), while the IFES Buyers Guide lists 64 companies worldwide. Meanwhile there is one company that is 'flying under the radar' of both the FEC and NASED, that is the Bermuda-based Accenture (formally Andersen Consulting) that has the contract for the online military vote in 2004. 

Standards: The voting counting industry is basically self-regulating. There are not now nor have there ever been any federal mandatory standards or certification process for voting systems. The Federal Voting Systems Standards (FVSS) used by the three NASED's approved Independent Test Authorities (ITA) to "certify" companies are outmoded guidelines and voluntary, and not all states have adopted them. The Help America Vote Act (HAVA) sought to establish a committee to formulate strong technical standards. Although no HAVA committee has been created, new voting machines are being authorized for purchase using HAVA funds. http://www.notablesoftware.com/evote.html#Update 

 

Paper Ballots, Paper Trails, Audits: There is no federal requirement for voter-verified paper trails, a paper ballot, or independent auditability of voting systems. Many experts say that a paper ballot that can be verified by the voter and then hand counted is vital to ensure that votes are cast and counted properly, and to allow for legitimate recounts. Rep. Rush Holt (D-NJ) has introduced legislation HR 2239 to require all voting machines to produce a voter-verified paper trail.

Articles on 'Open Source' code - it won't prevent vote fraud or technical failure:


From Dr. Rebecca Mercuri - http://www.notablesoftware.com/evote.html#Update 

The Act that is not helping America Vote:

The 2002 Help America Vote Act (HAVA) legislation authorized $3.8B in federal spending, with a substantial portion of these funds allocated to US states and terrirories for the purpose of replacing their punch card and lever voting machines and making voting systems accessible to the disabled.  To obtain the money, an implementation plan must be submitted to the Election Assistance Commission by January 1, 2004.  Note that states are not required to purchase computerized voting systems, they can still obtain mark-sense (optically scanned) products, but in order to receive certain of the equipment funds, the plan must indicate that the state will replace all of its lever and punch card machines by the first election for Federal office held after January 1, 2006.

The Presidentially appointed 4-member HAVA Election Assistance Commission, in addition to approving each of the state plans, will also be responsible for administering a host of other tasks, not the least of which include overseeing a 14-member Technical Guidelines Development Committee and a 110-member Standards Board, and making provisions for "testing, certification, decertification, and recertification of voting system hardware and software by accredited laboratories."  The Technical Guidelines Committee must produce a set of recommended voluntary voting system guidelines nine months after appointment, and it is understood that these guidelines would be the ones used by the laboratories in their certification and testing processes.

Only problem is, the HAVA Commission has yet to be appointed (it was supposed to have been created by February 26, 2003). As well, none of the HAVA Committees and Boards were established.  Thus, the Technical Guidelines are unlikely to be available by the time that state implementation plans are due.  This has resulted in the states contracting to purchase voting systems that can not possibly be HAVA compliant, since there does not yet exist any HAVA standards.

Those of us (including myself) who had worked hard for this bill are sorely disappointed that its implementation seems to be stalled.  Write your congressfolk and urge them to get things moving.

But vendors say their voting machines are certified:

Voting systems are currently certified under a system established by the Federal Election Commission (FEC) and the National Association of State Election Directors (NASED).  This certification is based on the 2002 FEC guidelines that were only adopted by 37 of the states and have been criticized by technologists as flawed.  (See my detailed comment The FEC Proposed Voting Systems Standard Update.)  According to their website, even "the FEC recognizes that the Help Americans Vote Act of 2002 will fundamentally alter the long term application of the Standards, including testing."  Some problems with the FEC standard include the lack of a requirement that vote tallies be independently auditable, the allowance of trade-secret code that may not be able to be inspected should an election contest question the proper functionality of a voting system, and the use of commercial software products in voting systems without any certification inspection.

What about Internet voting?

Internet voting is risky due to its sociological and technological problems.  Absentee balloting does not provide the safeguards of freedom from coercion and vote selling that are afforded via local precincts.  Internet voting creates additional problems due to the inability of service providers to assure that websites are not spoofed, denial of service attacks do not occur, balloting is recorded accurately and anonymously, and votes are cast by the appropriate person.  The government's website warns that "it is the citizen's responsibility to maintain the latest anti-virus software for their computer" in order to assure safety, yet they fail to acknowledge the fact that anti-virus software can only protect against known malware (new ones appear constantly, and could occur during an election season) and server-based attacks are still possible.  Certainly citizens overseas should have an opportunity to vote, but perhaps this could be handled by setting up remote balloting precincts at the U.S. Embassies, or by creating bi-partisan poll-worker teams on military bases?

Back in 2000 when the U.S. Department of Defense first tried Internet voting they spent $6.2M so that 84 voters could cast ballots.  This time, the DoD has engaged Accenture, the Bermuda-based consultancy arm of the former Arthur Andersen (can we spell Enron?) group to oversee its SERVE project for military personnel and overseas citizens.  Accenture recently acquired election.com (the firm that provided Internet voting services that were disrupted by the Slammer worm during a Toronto election on January 23, 2003) from a Saudi investment group, Osan Ltd. that had owned 51.6% of the company. 

 


NOTES & LINKS:



From Pandora's Black Box by Philip M. O’Halloran (Nov 1996) - (EcoTalk.org editor: This is Rigging-Made-Easy - "in most cases" voting machine companies control ballot position)

Several critics of the computer election fraud concept downplay the dangers by arguing that any programmer inside a large computer vendor who is bent on, let’s say, rigging the election in favor of Bill Clinton, would run the risk of accidentally shooting himself in the foot, unless he knows the ballot position of the candidate (first, second, etc.). Since he has no control over some county clerk in Tupelo, Mississippi who might plug Bill Clinton into the top, middle or bottom of the ballot depending on how she feels that day, he will have an equal chance of shifting the illegal votes to Bob Dole or Ross Perot. However, this argument does not hold up when one considers that in many, if not most cases, the computer vendors either input the candidates’ names to the ballot themselves or know the ballot positions in advance of their sending out the computers.

According to Doretha Blair of the Michigan Board of Elections, the order in which political parties appear on the ballot is determined according to pre-set guidelines:

"There’s no happenstance on the ballot positions".

She informed Relevance that whichever party currently occupies the office of Secretary of State appears first on the ballot. The other parties appear according to their pre-determined ballot status. The names of contenders in primary elections and the many non-partisan candidates, such as those vying for judgeships, are selected by alphabetical order and rotated according to precinct.

Who decides the order of precinct rotation in the judgeships and other non-party races? Doretha Blair told Relevance

"As a rule, the counties will leave that rotation portion to the vendors".

Thus, there is very little left up to chance for the hypothetical vote-fixing "mole" lurking within a vending company supplying the state of Michigan. If he knows the party of the Secretary of State and how to alphabetize, he can ensure that the computer illegally transfers votes to the right position on the ballot to favor his candidate. Although every state is different, it’s not likely that he’d have a much tougher time in Tupelo, Mississippi – or many other states for that matter. Such is the extent of the vote-counting machine vendors’ stealthy takeover of the election process in much of the United States. To paraphrase Clemenceau, from the standpoint of the vendors,

"Elections are much too important to leave up to the election officials".


Also from Pandora's Black Box by Philip M. O’Halloran (Nov 1996) - (EcoTalk.org editor: Can cell phones control voting machines?)

Remote modem access to a central counting computer?

On hearing an unconfirmed report in Michigan of a vendor representative in this month’s election re-booting a computer that had "crashed" by holding a cell phone up to it, your editor popped the question to Jeff Ryan, a BRC spokesman in Chicago:

Could the counting computers be accessed remotely by cell phone or other device?

His previously cordial tone instantly changed to a rude, insulting one. He condescendingly stated that the question betrayed a total lack of understanding of how computers actually work. Although this was not far off the mark; he still hadn’t answered the question.

When it was repeated, he stammered that it was a ridiculous question and seemed to want to get off the phone in a hurry, insisting that "until you go to Lynn Allen, your Oakland County Clerk and sit in his office and have him show you how the computer works, you shouldn’t be asking me that kind of a question!"

When he was told that he and his firm were better qualified to respond to technical questions about their own product than their politician customer, and when your editor wondered aloud why it was such a touch question, Mr. Ryan apparently unable to stay on the phone another second, blurted "Thank you very much, thank you..." and hung up even as the offending question was being asked for the third time.

Why Are Modems Being Placed Inside Voting Computers?

Although we were not sure what, if anything, he was trying to hide, our curiosity was piqued, so we contacted BRC’s only real competitor in Michigan, Doubleday Publishing of Kalamazoo, which sells the Accu-vote optical scanner supplied by Global Election systems. A programming technician matter-of-factly told us that there are modems inside each of the vote-counting computers which are used to transfer results from dozens of precincts to the central counting computers. He explained,

"They talk between the modems – there is a modem between each [computer] unit, or at least, most of them."

Thus, the vote-counting computers can "talk" to the central computer and are, thus, technically, vulnerable to outside access. The Doubleday technician explained that special command cards can be inserted into the machine. To tell the precinct computer to call the central computer with the results, he stated:

"You have to program the phone number into the card. The card accesses the modem in the Accu-vote unit and the card tells it to dial into the central computer... To close the election you slide an "ender card" – like a special ballot – which has certain codes on it and it tells it to lock up the election.

In order to triple check this disturbing finding, we went to the State of Florida’s election vendor Internet website, looked under BRC and found this option available for the Optech computer vote-counter:

"Modem Communications and results transfer capability from the precinct with the OPTECH III-P Eagle and Regional accumulation with the Smart Pack Receiving system. [See also the BRC website at < www.brcp.com <

The Global Election Systems’ website provided further information in this innovative feature:

"Following simple instructions, the poll workers plug a phone jack into the receptacle in the back of the Accu-Vote and press a button on its front to automatically dial and transmit the precinct results to the Host Computer for county-wide accumulation."

We viewed with grave concern the presence of an internal (read hidden) modem which could allow outside access to the computer without anyone’s knowledge