Download
1 / 44
440 likes | 634 Views
E N D
2. ITAA
350 plus member trade association
Representing the IT industry
Programs include public policy and business development
ETC
Committee of ITAA focused on electronic voting
Comprised of electronic voting vendors
3. Florida 2000
Bush wins by 536 votes
Election decided by the Supreme Court 36 days following the vote
Court relies on “Equal Protection” Clause to render its verdict
4. A multi-state problem with voting infrastructure
Documented by several studies
CalTech/MIT Study
Carter Commission (National Commission on Federal Election Reform)
Problems with “residual vote” - over/under vote looms large
(e.g. 6.2% of vote in Cook/Chicago was a “residual vote”)
5. Who got hurt the most?
minorities disenfranchised
millions of lost votes
disability community finds access difficult and confidentiality impossible
6. Help America Vote Act of 2002 passes on Oct 9, 2002
Bi-Partisan bill (Reps. Bob Ney, Steny Hoyer, Senators Dodd and McConnell)
Creates the EAC
Authorizes and Allocates money
Sets Requirements
7. Four member commission
Not appointed until January 2004
Standards Board – 110 (all states represented)
Board of Advisors – 37
Technical Guidelines Development Committee – 15 (Headed by NIST)
8. Voting Systems
Verify Vote
Second Chance voting
Notify voter if an over-vote
Audit trail
Accessible for all voters – one per poll site
Deadline: January 1, 2006
Alternative language capability
Each State must define what a vote is by voting system
9. Voter Registration
“Near real time” voter data base of all voters statewide
Not a county system linked, but a statewide system available to counties
Share data with DMV and SS Administration
Other Provisions
Voter ID
Provisional Voting
10. $3.86 billion (plus 5% match)
$325 MM early out for states – for election administration
$325 MM for punch card and lever machines ($4k/Precinct)
$3 billion for requirements
Balance for poll worker program, disability site access, and R&D
11. Language requirements
“Lesser of 5% of registered voters or 10,000 voters who are not sufficiently proficient in English to cast a ballot”
DOJ enforcement
Consequences
Orange County – five languages
Los Angeles – nine languages
Arizona, New Mexico, North Dakota: Indian languages
12. HAVA was a watershed event in elections for three reasons:
Federal funding for federal requirements
Huge piece of Civil Rights legislation protecting the rights of voters with disabilities
State became a player in elections for the first time
Became a political issue/opportunity
Became a new bureaucracy to navigate
13. DRE development accelerated
Proliferation of vendors (Unisys, Microsoft, Compaq, HP, Dell, etc)
Exodus of vendors (Unisys, Microsoft, Compaq, HP, Dell, etc.)
14. Houston
Florida
Georgia
Maryland
And that’s when the trouble began…
15. Training programs insufficient to meet the demands of change
Equipment failures/reliability issues
Software version controls
Voter education programs need additional resources/support
BUT
No documented case of any votes lost to fraud
16. Rebecca Mercuri – Bryn Mawr to adjunct professor at Harvard – author of the “Mercuri Method”
Beverly Harris – literary publicist – started web site Black Box Voting.org
David Dill – Stanford University – started web-based campaign called Verified Voting.Org
Avi Rubin/Dan Wallach – John Hopkins/Rice – authors of critical reports on Diebold AccuVote
Ben Cohen – True Majority – The Computer Ate My Vote
New York Times, and a few other major media outlets.
17. Electronic voting is insecure and not transparent
Electronic voting system vendors and elections officials cannot be trusted
Only a voter verified paper audit trail can be trusted
18. Many incorrect assumptions on technology
Used limited quantity of older code
Ignored checks and balances in elections equipment and procedures that would prevent fraud scenarios
Did not do a reality check with elections experts
Some study authors later disavowed unrealistic scenarios
But the perception was already created in the media…damage done.
19. Disability rights groups
League of Women Voters
LCCR
Michael Shamos - Carnegie Mellon
Henry Brady - Cal Berkeley
Ted Selker – MIT
Brit Williams – Georgia State
Dan Tokaji, Ohio State
THE VAST MAJORITY OF ELECTION PROFESSIONALS
20. There are many safeguards in place – election security isn’t just a function of software design
Undetected fraud is practically impossible and requires a vast conspiracy
The alternatives to electronic voting are worse than the problems – including the VVPAT
VVPAT…putting the cart before the horse.
Let’s look at the science
Assess risks, test hypotheses, and test again
Let EAC/NIST work.
21. Appointed almost a year late
Seriously underfunded to do its work
Delinquent action left a void while controversy raged
22. Maryland security review
SAIC, RABA reports
State of Ohio
CompuWare and InfoSentry reports
Illinois passed a law requiring VVPAT
California held hearings and banned all electronic voting
Re-certification if security steps taken
23. Rush Holt/Hillary Clinton – VVPAT bill
HAVA sponsors on VVPAT in a letter to colleagues:
“Not only are such VVPAT proposals premature, but they would undermine the essential HAVA provisions, such as the disability and language minority access requirements, and could result in more, rather than less, voter disenfranchisement and error.”
24. We’ve seen this before with Punch Cards
There is no problem (no incidence of fraud found)
We’re a market driven industry and we’ll make what you want
Move to action:
All current vendors are in the process of developing or certifying a VVPAT solution
Others offer electronic verification
Encrypted receipts that voter can go on web and see if vote was included in count as cast.
25. DREs are part of a process that includes voter registration, equipment procurement, election preparation, election day poll site administration, and election results and canvassing
Security hinges on all components working properly
Not vulnerable from a single point of attack
Misplaced focus on software
Voter anonymity requirements make security with transparency extremely tough to attain.
26. What is the role of the Election Industry in the conduct of elections in this country?
Hardware – voter interface design; reliability;
Software – functionality; security;
Election management systems – election logistics
Project implementations
Election professional training
Poll worker training
Voter outreach
Ongoing support
27. Equipment features/functionality:
Smart cards control access
Software-based and physical protection of machines, memory cards
No transmission over Internet/public networks
Audit logs & device history records
Multiple memory card storage
Encrypted stored data
Print capability
28. What does the current process look like, from the vendor point of view?
Regulatory process
NASED (now EAC/ NIST)
Voting System Standards
1990, 2002
Next generation –April 2005?
Evolution of Standards: from a photo mechanical hardware intensive process to a software based industry
Focus changing from functionality to security
29. ITA process
Line by line examination of the code
Over 400 pages of rules to certify against
State certification follows ITA process
Federal Standards up to now have been voluntary
35 of 50 states use them
State testing can be more rigorous than federal testing
Most of the equipment being replaced was not subject to third party testing, or was not tested to the same rigorous standards as DREs and other newer equipment.
30. Pre-Election Testing: Logic and Accuracy Testing
Vote a predefined script and then tally for predefined result
Clocks set to the day of election to test for problems that could only happen on the day of election.
MD example…paper ballot recount produced errors.
31. Election Day Testing
Real time audit logs
Records from which the operation of a voting system may be audited
Testing 48 hours before and immediately after an election
Parallel Testing
32. Are Administrative Processes Adequate?
Chain of custody – documented – conspiracy required to circumvent
Physical security – ballot box seals, for example
Most people who criticize electronic voting systems combine administrative procedures with hacking or malicious/defective software code
Lots of administrative issues but NO issues of election fraud
33. Are People Processes Adequate?
Training is the most important factor in conducting an election
Poll workers are a core issue – profile is not optimum (72 Years average age)!
34. How Safe are Alternative Methods?
Lever Machines
Punch Cards
Optical Scan
ALL are programmed for EVERY election
DRE systems are NEVER programmed for any election!
35. Hacking, Fraud are possible on a wide scale
DREs do not offer a recount procedure
Audit Trails/Paper Trails
Logical conclusions: Migrate to Open Source, Turn DREs into Ballot Markers, and Hand Count ALL ballots
Paper Ballots and Audit Trails have their own sets of problems
Accessibility
Mechanical Failures
How do you know they are being counted accurately????
36.
37. Source code is already held in third party escrow
EAC calling for software escrowed in National Software Reference Library
Verification that what is running on election day is what is certified
ETC has endorsed this proposal
All major vendors have submitted machine language.
38. InfoSentry Poll – by Opinion Research Corp. – Feb. 2004
68% of respondents trusted confidentiality and accuracy of DREs
31% expressed moderate/low levels of trust in equipment.
Winston Group – commissioned by ITAA – April 2004
Overwhelming majority (88%) indicate confidence that DRE equipment in their precinct accurately records their vote…same as confidence levels of those using paper ballot.
Miami Herald – November 2004
25% of Florida poll respondents were not confident that vote would be accurately counted by touchscreens.
39. Recent poll by the Poneman Institute
88% of computer security professionals have “no confidence” in the “security and reliability” of electronic voting systems
Same poll…only 25 % of voters expressed concern
Concern mostly about voter reaction to the devices, and not the security of the machines.
40. On top of all the technical issues around electronic voting sits a deep distrust of the political system
Kerry – 2,500 lawyers appointed. Working in every state, enough for 5 simultaneous statewide recounts
Bush – 30,000 precincts with legal coverage
41. Several citizens’ groups have filed lawsuits in CA, FL, NJ, MD seeking injunctions, VVPAT mandates.
Suits rejected: NJ opinion -- plaintiffs had failed to demonstrate any "immediate threat" posed by "the type of voting machines that have been used in this state, and in other states, for many years without problems."
42. This issue isn’t going away because elections are close and will likely stay close
Close elections are not unique to the 2000 Presidential election
Since 1948, over half of all states have had their electoral votes decided at least once by less than 1% of the vote
2000 – 5 states had less than 1% difference in popular vote
43. Election technology vendors are critical stakeholders in the election process.
The Election technology industry has a strong incentive to support and assist a process that will result in accurate, accessible, reliable and trustworthy elections.
