"Decertification Delimea, " Government Technology--Ed's occasionaly clipping service.

From: Edmund R. Kennedy <ekennedyx_at_yahoo_dot_com>
Date: Thu Jan 03 2008 - 09:32:41 CST

As usual, getting an accurate vote seems to be considered a nuisance hardly worth the effort by some CA. Registrar's of Voters. See story below.

Decertification Dilemma


Dec 19, 2007, By Merrill Douglas

Debra Bowen doesn't hate electronic voting. In fact, California's secretary
of state anticipates a time when she can whip out a BlackBerry or iPhone to cast
her ballot if she's out of her home district on Election Day.

"But we're not there yet," Bowen said. And there lies the reason why this
August, Bowen placed restrictions on the use of certain e-voting machines that
left election officials in many counties scrambling to figure out how to hold
California's presidential primary on Feb. 5, 2008.

Last spring, Bowen commissioned a team of experts assembled by the University
of California to review many of the voting systems previously certified for use
in California. As a result of this two-month assessment, Bowen decertified all
the systems and then recertified them for use under certain conditions.

For all of the machines, Bowen's office will require election officials to
implement stronger security and post-election auditing procedures. Counties may
continue to use direct recording electronic (DRE) systems from Hart InterCivic
for general voting, as long as they comply with the stiffer security and
auditing requirements. But counties may only use DRE systems from Diebold
Election Systems and Sequoia Voting Systems to conduct early voting and provide
one machine per polling place for disability access.

The ruling hits hardest in 21 of California's 58 counties that have been
using the Diebold or Sequoia DRE system for all Election Day voting, said
Stephen Weir, president of the California Association of Clerks and Election
Officials (CACEO) and clerk of Contra Costa County.

"The impact on counties is that there's precious little time to put any Plan
B into effect," Weir said. Most likely, counties will use their DRE machines to
make voting accessible to disabled citizens, he said. However, they'll probably
have to revert to using paper ballots for most in-person voting in February.

They can then tally votes in one of two ways: run all ballots through the
centrally located optical scanning systems they currently use to count absentee
ballots, or buy new scanning systems to count votes at the precinct

The Cost of Conversion
The total cost to the 21 counties for
converting from DRE to optical scanning will depend on which strategy they
choose. If they stick with their centrally located scanners, costs will total
about $18 million, Weir said. But adding paper ballots to the absentee ballots
the counties already run through their central scanners will slow the counting
process, he said. "It's going to take much longer to get a sense of what
Election Day looked like for those counties that aren't able to scramble and get
a precinct-based system."

Adding lots of new scanners, though, will raise costs considerably. "If
you're going to put a precinct-based scanner in all of those 10,000 polling
places that are losing their DREs as their main voting, if you train the poll
workers and do all the things you have to do, my estimate was about $66
million," Weir said.

Some counties can cover this cost with money they received through
California's Voting Modernization Bond Act of 2002, Bowen said. Some still have
federal money provided through the Help America Vote Act (HAVA). But a few have
depleted both sets of funds. "We'll have to work with the counties, as Florida
had to do, and New Mexico, to figure out the best way to handle the financial
impact of the problem."

In addition, provisions in their contracts with voting system vendors, which
require the vendors to provide certified election equipment, protect some
counties, Bowen said. If the technology is decertified, the vendor must replace
it with another voting system that the county is allowed to use.

California's liberal vote-by-mail policies also should soften the impact of
the decertifications. "Close to half of our voters are now voting by mail,"
Bowen said. "Last November [2006], somewhere between two-thirds and
three-quarters of California voters cast their ballots on paper, either in an
optical scan system at the polling place, or on an absentee ballot which is
mailed in, and which, of necessity, has to be on paper."

At the time the counties bought them, the e-voting systems in question were
all certified by California and the federal government. Bowen said she took a
new look at the systems because state law requires the secretary of state to
periodically review voting systems for defects, obsolescence or other factors
that might make them unacceptable.

Bowen said her concerns about e-voting stem from ongoing debates -- dating
back to the 2000 presidential election -- about the reliability and security of
various voting methods. She highlighted numerous incidents where DRE systems
left thousands of votes uncounted.

Take the precinct in North Carolina where the voting server was configured to
hold up to 3,200 votes, and more than 7,000 people voted there, she said. "That
meant 4,000-some people were completely disenfranchised."


Minibar Key
Bowen also pointed out documented security flaws in
e-voting machines -- for example, the use of identical keys to lock the memory
card doors on all systems in a product line. "Researchers at Princeton last fall
discovered, using one of the Diebold systems, that a hotel minibar key or an
office filing cabinet key would unlock the voting machine. And it's the same key
for every piece of equipment," she said.

Some county officials have questioned the process used to evaluate the DRE
machines. "The secretary of state, first of all, never contacted election
officials. They were not part of the process," said Paul McIntosh, executive
director of the California State Association of Counties.

Moreover, McIntosh said, the secretary's office gave the researchers
information about the machines and their software that real hackers would need
to unearth on their own. And researchers had ample time to work with the

"Somebody said it was tantamount to giving the inmates the key to the jail
and putting the correctional officers on break, and then saying the jail is
unsafe," McIntosh said.

"When the secretary did her review, she did it under the worst-case scenario
model, without any defenses," Weir said. "From most registrars' perspectives,
the true test wasn't given." Such a test would consider not only safeguards
built into the machines, but also safeguards that election officials put around
the machines, he said.

Bowen termed this sort of criticism "naive," given the ingenuity of many
hackers. And, she said, researchers didn't always need inside knowledge to
violate the systems. "In the Sequoia system, for example, the testers were able
to create an exploit that allowed them not only to change the results of an
election, but to hide their tracks, without having any access to the source code
or any knowledge of the password."

According to one security expert, California's effort to pinpoint security
flaws and demand that they are fixed is beside the point. Writing in
Wired magazine last August, Bruce Schneier said that while the University
of California tests represented a laudable effort, no matter how many security
flaws one may patch in an IT system, more will inevitably appear.

"Insecurity is the norm," wrote Schneier. The real solution is security
assurance, a series of processes that build security in from the ground up and
maintain it throughout the life cycle of the system.

It's true, Weir agreed, the best way to provide security in voting systems is
to layer it in. "Believe me, we get that." But HAVA required election officials
to provide machines that disabled voters can use and machines that offer
"second-chance" voting -- the opportunity to correct an apparent error, such as
unintentionally marking two candidates for the same office. Counties had to meet
those requirements with technology that was already on the market.

"We'd love second-generation stuff," Weir said. But given the time it takes
to develop new systems, get them through the permitting process and bring them
to market, better-designed technology probably won't become available until
2014, he said.

For Bowen, the bottom line is that she'll have to certify the results of
elections in California in 2008. "When I certify elections," she said, "I want
to be able to say to voters, 'I am certain that these are the results of the
election that was just conducted in California.'"

Contributing Writer Merrill
Douglas is based in upstate New York. She specializes in applications of
information technology.

10777 Bendigo Cove
San Diego, CA 92126-2510 
Work for the common good.
My profile:  <http://geocities.com/ekennedyx/>
OVC-discuss mailing list
By sending email to the OVC-discuss  list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at  http://gnosis.python-hosting.com/voting-project/
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Fri Jan 11 16:16:29 2008

This archive was generated by hypermail 2.1.8 : Fri Jan 11 2008 - 16:16:35 CST