Re: Conversation with the San Diego County Registrar of Voters.

From: Ed Kennedy <ekennedyx_at_yahoo_dot_com>
Date: Tue Apr 05 2005 - 22:49:51 CDT

Hello Miriam:

Actually ballots under glass is a fabulous, gourmet delicacy Yummy;->>. No it is a 'phrase of the art' in voting that involves something like a large cash register tape that scrolls out as you vote or when you've told the otherwise DRE (direct recording electronic) voting machine that you're finished voting. You, the voter are separated from the paper tape output by a piece of glass or clear plastic. You can read the ballot but not actually touch it. If after reading the ballot, you decide that it clearly indicates your voting intent, you push another button on the screen and the paper rolls up on a take up reel or chops it off and dumps it in a sealed box. The whole affair is rather like the journal tape in a cash register.

The main reason for this, IMHO, is that this is the cheapest, quickest and easiest way to tack on the now California required VVPAT (Voter verified paper audit trail) system to an existing DRE. These are either plug in or bolt on modifications to the existing stock of machines. They have two problems. First of all, like many after market accessories, they are a barely serviceable kludge. The existing DRE's are not really designed to do this and will have to be reprogrammed with an additional batch of code to drive the printer. The second, and in my opinion, more important problem is that they are a threat to voter privacy/secrecy. If the paper tape is picked up by a tape up reel, voting order is preserved. If you secretly video tape the polling place or if the arrival times of voters are logged in the poll book or otherwise (that may be illegal but I'm not sure) it is reasonably possible, at the end of the day, to roll back the paper tape, look at the video tape time stamps or the illegal logging of voting arrival times and see how people voted. This could lead to voter intimidation or vote buying. A great deal of effort has been expended in the past to end this practice and no responsible person wants to see it return. The second reason is a basic distrust of voters. If you review the Open Voting Consortium System website (see my blog for the link), you'll see that a lot of effort has gone into working around this problem.

I guess I didn't express myself clearly about the video taping of voting. This is solely for the purpose of testing the machines not for actual voting. You video tape the hands of the person testing the machine and the screen to see what and where they pressed and how the screen reacted to each touch. Then, you get the totals off the machine and the VVPAT and compare these with the video. If all three don't match, then there is a problem with the machine (although the vendors like to blame the voter). The testing people walk in with various voting scripts that they run through. Also, in some cases they walk in with the actual manuals for the equipment and try to do as many things wrong as possible to see if they can get the machine to act up.

There are several problems with this approach to testing equipment.

1. A manufacturer would be an idiot to not closely and carefully pretest the machines before packing them up and sending them to the certification authority. In other words, the machines are cherry picked.

2. The basic nature if not the details of the testing scripts are public knowledge. You can pre-program the equipment to behave more or less correctly with these inputs in a manner it might otherwise have unexpected problems with on election day.

3. The people who test this equipment are experienced in using computers and may even be specialists in voting. Problems that are obvious to a voter would be very unlikely to occur to them.

4. A serious issue is a potential Trojan Horse program that alters votes, even without the manufacturers knowledge, can conceal itself within the software and only work on the first Tuesday in November in even numbers years and then erase itself. These Windows/Intel based machines have internal clocks that the Trojan can check. It is possible to advance the clocks of the machines to test this but there are more devious ways to get around that. Those however is a very real but seemingly down the rabbit hole world that I don't want to go to tonight.

The more appropriate way to test this equipment is to test each part of it as it is programmed and constructed in a step by step manner. Software code or hardware that has no actually serviceable use directly connected to voting should be deleted or removed. Independent, open source review of the code is really the only way to know if something is truly secure and reliable. The approach currently being used is called security by obscurity and is a chronic failure time after time as it is based on people keeping secrets and keeping others in the dark. It is only as good for as long as the system isn't reverse engineered or broken by a brute force attack. As things are constantly being reverse engineered and brute force attacks on supposedly secure systems succeed on a daily basis it's a pretty silly assumption.

Thanks, Ed Kennedy

Thanks, Edmund R. Kennedy
Always work for the common good.
10777 Bendigo Cove
San Diego, CA 92126-2510
I blog now and then at: <>
  ----- Original Message ----- 
  From: Miriam Raftery 
  To: Ed Kennedy ; Open Voting Consortium discussion list ; 
  Cc: Brina-Rae Schuchman ; Margaret Momparler ; Kathy Dopp ; ; John Falchi ; 
  Sent: Tuesday, April 05, 2005 6:27 PM
  Subject: Re: Conversation with the San Diego County Registrar of Voters.
  Ed -- Thank you for your update on your conversation with Mike Haas, our new Registrar of Voters.  I'm glad he's at least receptive to our concerns, to some degree.
  I suspect our Republican Secretary of State will certify the machines before long, and that the voting machine manufacturer will have them ready in time.   It would be interesting to know the criteria for "performing satisfactorily" in 2008.   
  Have any of you heard anything about these ballots under glass?  Also, I don't like the idea of being videotaped while voting, as it eliminates secret voting.
    ----- Original Message ----- 
    From: Ed Kennedy 
    To: Open Voting Consortium discussion list ; 
    Cc: Miriam Raftery ; Brina-Rae Schuchman ; Margaret Momparler ; Kathy Dopp 
    Sent: Tuesday, April 05, 2005 5:55 PM
    Subject: Conversation with the San Diego County Registrar of Voters.
    Hello All,
    The following is from my Election Reform blog,
       I had a very interesting and productive talk with the San Diego County Registrar of Voters, Mike Haas, this afternoon. He had gotten my letter (included below) and was looking into some of the issues. I mentioned that I had a meeting tomorrow on these issues and he, even while driving, was willing to discuss some of the stuff at length.
      Highlights of our conversation was that he would like to bring back the Diebold TSX DRE voting machine in it's new incarnation. He noted that the machine had recently been recertified by Federal authorities and that it was undergoing recertification at the State level. These machines apparently have an add on VVPAT module that generates ballots under glass. We discussed issues of voter privacy and it was a little hard for him to follow that the order of voters could possibly be reconstructed from the order of ballots. He seemed to think it was unlikely. I decided to not press the issue at this time.
      I asked about the voting machine as 'black box' software issue and he told me that at least code escrow was going to be involved. He is aware of the concept of open software but noted that no currently available machines had such. He mentioned that Diebold must meet three goals to get the County to pay for the TSX machines.
      1. The machines had to be certified by the state
      2. They had to be ready by sometime in 2007
      3. They have to perform satisfactorily during the 2008 election.
      Until all three goals are met, Diebold doesn't get any money and has to provide ballots and optical ballot scanners. He mentioned that Diebold was using a method of video testing of people following pre-programmed voting scripts and that output from the machines was compared with what was seen in the videos. He also said that the results had been quite positive. I decided to discuss the issue of Trojan horses and such with him at another time.
      I told him that I was delighted to talk to him but warning him that there could be substantial political heat when the Diebold TSX is reintroduced. Also, in response to my invitation, he said that he could be available for meetings with local election reform groups.
    As a side note to OVC/US votes, I think he would be happy to fill in one of the questionnaires.  I'd be happy to facilitate.
    To local San Diego Election Reform advocates, he seems like a nice guy.  Also, what I understood was that any special elections between now and 2007 would be done using the same optical scan ballot technology that we used in the November, 2004 general election.  
    Thanks, Edmund R. Kennedy
    Always work for the common good.
    10777 Bendigo Cove
    San Diego, CA 92126-2510
    I blog now and then at: <>

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sat Apr 30 23:17:02 2005

This archive was generated by hypermail 2.1.8 : Sat Apr 30 2005 - 23:17:22 CDT