The Roanoke Times: RoundTable

Comments

# 1

[September 30, 2007 7:21 PM]

Ed S.

"No, I am not going to reveal where. The secrecy of the site is one of the bulwarks against partisan ninjas slipping through the shadows and hacking the next election."

And they let the RT in?!

All kidding aside, glad you feel they sleep safely. Does any one person have access to them, or does the physical security require that more than one person be present to access the machines?

Politics being what it is, the insider threat would be large here. If they are able to replace "seals", and an individual has control over the entire physical security, than the integrity of the process is in the hands of that person (or persons).

Christian, just out of curiosity, what is your preferred polling system/process?

# 2

[September 30, 2007 8:22 PM]

C. Trejbal

Randy Wertz could probably get in by himself, but no one else. Even if he got in without anyone noticing, the seals are a tough burden to overcome. Each seal has a serial number that runs to many digits. Those numbers are recorded by the electoral board when the machines are locked down. Without a seal of the same number, tampering would be evident.

And all that said, Wertz strikes me as a stand-up guy. I trust him.

So, really, there are three main vulnerable points lingering around:

1) On election day, someone could tamper with a machine.

2) The company that provides the machines demands the code remain proprietary. Frankly, I don't trust these companies. If they opened their code to inspection, I'd trust them a little more, but not all the way because there'd still be room for tampering by them.

3) These things are windows-based. I've seen enough blue screens of death to worry that a system crash could lose a bunch of votes because there is no paper trail.

As for my preferred system ... I'm partial to scantron (color the bubbles) ballots tabulated by machines with open source software. That leaves a pretty reliable count with a paper trail that can be easily reviewed. Even if a ballot isn't colored well enough for the tabulator, the electoral board can check the physical ballot.

I'd add that I'm partial to vote by mail. Oregon's experiment with the system has shown that it can be done securely and that it encourages participation.

# 3

[September 30, 2007 8:48 PM]

Henry

Funny

When a Republican wins, we hear about voter machine mishaps and problems.

When a Democrat wins, we never hear anything about voter machine mishaps and problems.

# 4

[September 30, 2007 10:31 PM]

Josh

So true, Henry. We didn't hear a damn thing about hanging chads or crooked electronic voting until 2000. We heard about it in 2004, even though everybody was watching the machines closely; then last year, there was magically no problem.

But of course, there never was. That's their dirty little secret.

# 5

[September 30, 2007 10:32 PM]

Ed S.

"3) These things are windows-based."

haha 'Nuff said.

"I'm partial to scantron (color the bubbles) ballots..."

God help us. If its not hanging chads, it'll be "the polling place ran out of #2 pencils". ;)

Fairfax County has had the electronic (computer based) machines since I moved here seven years ago. (yes, when you start them they display the 'WinVote' logo...I acutally laughed in front of the helper when I saw it). They're cute, almost idiot-proof in making sure you select what you intended and voted for everything (if you want), but I still wonder where my vote goes when I click the button.

Wonder what they'd do if I asked for a receipt?

# 6

[September 30, 2007 10:41 PM]

C. Trejbal

Unfortunately, that's one of the big problems, no voter-verifiable paper trail. I don't know of any localities that print receipts. There might be some, but the state does not require it. Every time the bill comes up, it gets shot down.

# 7

[October 1, 2007 9:45 AM]

ncvoter : →http://www.ncvoter.net

The problem with Montgomery County machines:
1. they have no independent, tangible record of the vote, so an accidental "glitch" could cause the loss of votes. This has happened before on the type of machines used in Montgomery County.

2. The maker of Montgomery Co's machines is in trouble in Pennsylvania for distributing uncertified systems:

Scranton Times-Tribune, USA - Sep 26, 2007
State officials suspended the use of the AVS machines in Pennsylvania last month because of a lack of federal certification for critical software upgrades.
http://www.thetimes-tribune.com/site/news.cfm?newsid=18797098&BRD=2185&PAG=461&dept_id=415898&rfi=6

3. Wait until some "War Drivers" start chalking outside the polling places in Montgomery County, as they detect unsecured wireless transmissions coming from the WINVote (WIN stands for wireless Networking) voting machines.

I have been told that the wireless is sometimes "on" when it is supposed to be "off".

Secure? Yes, if there are no "war drivers" or other smart teenagers sitting across the street with a laptop using a healthy wireless card.

# 8

[October 1, 2007 10:08 AM]

C. Trejbal

As you might not realize down in North Carolina, Virginia this year requires that all wireless networking be disabled on election machines. As I mentioned in the column, part of the setup procedure involved disabling it. Those war drivers aren't going to find anything.

Even when Montgomery County was using wireless, and again, I don't know policy in NC, it used heavy encryption. Sure, it was a potential point of vulnerability, as I mentioned in a past column, but with it disabled now, it's a poor point of attack to corrupt an election

# 9

[October 1, 2007 10:40 AM]

Henry

The real question is identity. If John Smith comes in to vote, how do you know he really is John Smith? We are so concerned about paper trails and audits but we don't even audit the voting. The machines may be safe but the process is open to fraud. You can still stuff the ballot box even if the box is a computer.

# 10

[October 1, 2007 8:23 PM]

ncvoter : →http://www.ncvoter.net

Can you advise how the wireless is disabled on the WINVote?

Can you advise what you mean that the wireless capability is be "disabled"?

The only really safe situation is having no wireless communication hardware at all.

Usually what people mean when they say the capability is "disabled" is that wireless card is present but powered down (although not electrically disconnected), or no driver is installed, or the driver that is installed is marked "disabled" in software (i.e. is functional, but is marked "not to be used"), or any of a number of other software mechanisms that will effectively prevent the wireless communication from working are in place.

The problem with all of these latter techniques for "disabling" wireless communication, including powering down the wireless card, is that they can all be re-enabled through software.

Any attack that allows the attacker modify the code on the machine, or to execute his own code (and many such attacks have been discovered) would allow the attacker to turn wireless communication back on. And since the wireless card, if present, is buried in the machine's housing, it would not be physically noticable in any simple way other than attempting to communicate with it.

# 11

[October 1, 2007 8:41 PM]

C. Trejbal

It is not physically removed. The card is disabled through software. I won't elaborate further for obvious reasons.

Yes, that means it could be enabled but:

a) That at least requires physical access to the machine and would only affect that single machine.

b) Post election diagnostics could reveal if the card has been enabled

c) Someone would still need to break the encryption/guess the password or alter that through software.

Don't get me wrong, if you read the piece, you know I don't like the machines either. I'm just willing to give credit where it is due.

# 12

[October 2, 2007 8:29 AM]

Josh

Ah, but Henry, requiring voters to have ID's would be a modern equivalent to a poll tax. You are asking these poor disenfranchised people to pay for an ID, even though the government would provide the IDs for free. Then how would the Democrats be able to get dead people and illegals to vote?

# 13

[October 2, 2007 11:28 AM]

Will

Much of the debate surrounding voting irregularities has been around for years. The rise in its significance only came about in 2000 when the election was so very close.

Anyone with a grain of common sense could see that.

Open voting will always have its share of problems...thats the nature of an open democracy. Can you catalog, index, cross index, blood type, cross match, finger print every individual intent on creating some kind of voting irregularity? I doubt it seriously.

Can you take steps to curb it? Sure...and why wouldn't you want to?

By the way, stop beating the partisan drum Josh. You're beat is really getting old and tired. Even Ann Coulter had something decent to say about Hillary Clinton this morning on Today. Surly if she can, you can.

# 14

[October 2, 2007 6:10 PM]

Alex

Don't bet on the "heavy" encryption protecting wireless communication. The encryption these things use can be broken, its actually one of the weaker schemes in use. Its absolutely nuts for voting machines to have wireless cards at all, but unfortunately, its pretty deeply entrenched into AVS systems.

# 15

[October 2, 2007 6:22 PM]

Alex

Henry wrote:
"When a Republican wins, we hear about voter machine mishaps and problems. When a Democrat wins, we never hear anything about voter machine mishaps and problems."

This isn't about partisanship gain for most of us advocating for election reform, but about making sure elections are secure, transparent and accurate. Most people don't have the technical EE or CS backgrounds to judge the risks.

** FWIW, the absolute best case I know that demonstrates the need for an audit trail happened in an election where the electronic count (incorrectly) favored the Democrat, but the paper trail (correctly) showed that the Republican had actually won. (There was an error in the software - no fraud, an ordinary software error)

Without the paper trail (opt-scan in this case), the loser would have been sworn in, and people would still be voting on machines that counted votes incorrectly in some cases.

This happened in Wayne County, North Carolina in 2002 and is a great example of the value of a paper trail, the risks of only an electronic count, and also of election officials acting admirably when presented with an apparent problem (they investigated rather than defending the machines)

Contrast that to the problems last November in Sarasota County Florida where the machines almost certainly lost votes - but there is no paper trail, no way to check what happened, no remedy, and the election officials spent all their energy fighting the mere idea that someone could have made a mistake.

The North Carolina way was better, and deserves alot more attention. I can provide details about that case if anyone is interested.

# 16

[October 3, 2007 12:29 AM]

Alex : →http://www.vvcva.org

I forgot to mention, if you would like to help work for better election machines, audits and recount laws in Virginia, please contact info@vavv.org

Virginia Verified Voting is a NON-PARTISAN group whose only goal is improving the integrity of Virginia elections. http://www.vavv.org

We are part of the Verifiable Voting Coalition of Virginia, http://www.vvcva.org, a coalition of several groups working to improve elections in Virginia

# 17

[October 3, 2007 9:50 AM]

Brenda

I was living in Tampa, Florida during the Bush/Gore election. YES!!! These machines MUST be locked away as firmly as possible.

The county I was living/voting in was recounted twice with differing results each time. One thing our liberal media never mentions is when one is truly tampered with. A woman in Pinellas County was found with a voting machine AND empty cards IN HER VEHICLE 2 days before the election. Of course, that never made news. She was a democrat and worked for her party at the polls. (she "forgot" it was in there...riiiiight). How about the multiple voting across districts by folks with multiple addresses and identities? Yes, it happens.

How about the fact the MEDIA was who tried to steal the election? How many here know that the news announced on air "polls were closed" at 7pm EST...but Florida's panhandle is in CST? NO>>> you'll NEVER hear that. Do you have any idea the havoc that caused? I am told hundreds of soilders at the base in Pensecola turned around and went home rather than continue to the polls when they thought they had closed 1 hr early. Of the complaints lodged, nearly 80% were registered Republicans. So much for "Bush stole the election". He won and should have been able to have those hundreds of additional votes...but the media made sure THAT didn't happen.

It is critical EVERYONE who votes have a picture Id. I could not care less about those who say asking one to prove picture ID when voting is a problem or discriminating against anyone, like the "poor". What a joke! It discriminates against nothing.

Maybe we should eliminate having to show ID to get a bank loan, or buy alcohol? Wake up America!

# 18

[October 3, 2007 10:57 AM]

Henry

There was a really funny story going around in 2000 about the election fiasco. A guy called into a radio show and said he was paid $5 to vote in Palm Beach. He was given a voter punchcard and was told to substitute it for the one given to him at the polls. I guess you can pay voters but you can't trust them. The card was prepunched for Gore. If you punched Bush instead, the card was thrown out as a double-punch which explains all the double punches for President. Who votes twice for President?

The big problem was that some of the cards has accidentally been prepunched for Buchanan who was the punch next to Gore. That started the whole fiasco about "I accidentally voted for Buchanan". Think about it. How would you know you voted wrong?

Anyway, it was a funny story and not much else. I didn't understand the "hanging chad" deal but I did understand the "dimpled chad". Those things were hard to punch.

# 19

[October 4, 2007 9:40 AM]

Brenda

Oh...I can tell you all about the hanging chads. The way we voted was by punch card and you had this little pin-push "thing" that you used to press through the card once you inserted into the slot in order to vote. You would punch out the perforated square for the candidate of choice. Well, if one was only partially punched through, they didn't count it. That's right, if ALL other canidates were voted for "properly", the ENTIRE ballot was disregarded (this is not a joke and can be validated). Made me sick.

We had the 2nd count because all of the "tossed" cards were pulled back and "recounted". Here's the amazing part...those who were recounting were told to "determine" who they thought the voter had been attempting to vote for.

Can you say Oh my God!!!!

Everyone was in an uproar. They were showing the recounting on TV with these people holding the cards up to the light and this and that. Was like watching Karnack on the late night show or something. What if I'd started to punch for one, changed my mind, and fully punched through for another? That would mean my vote was denied.

Here's another one. The couple behind me in line spoke or read no English. An interpretter was there trying to explain to them she could not read the ballot for them...was illegal. Anyway, another pollster came over and handed over a pamplet in Spanish. Then I heard the interpretter say, "they are illiterate...the cannot read Spanish either. Well, sadly...this couple was directed to a booth and still made an attempt to vote. This is in America...at least for now we are still America.

# 20

[October 4, 2007 9:41 AM]

Brenda

Forgot to mention...they were NOT hard to punch unless you were a weak 100 year old lady. How hard to push a pin through a thin piece of paper that is similar to what a manilla folder is made from? Also, the area to press through WAS perforated.

Lord have mercy.

# 21

[October 4, 2007 10:10 AM]

Other John

I remember those cards Brenda. I used to use those in Virginia Beach all the time for both on-site elections and the mail-in ballot elections I participated in while I was a student here at VT. I had a terribly hard time seeing how anyone could mess those cards up in the voting machines since it was almost impossible to not get the card fully punched unless you just lazily rested the pin on the card (through the marked hole for the proper candidate). Voting by mail was possibly the only time there could be any confusion because you had to read the ballot and double-check to make sure you punched the right hole. But those "chads" pop right out with almost no effort. I always thought the Florida recount debacle was a manufactured voter fraud scam because millions of people voted with those systems for several years with no problems...so why was Palm Beach County full of so many screwed up ballots? It stunk to me then, and still does now.

# 22

[October 5, 2007 9:31 AM]

Brenda

Other John...well, my answer to the problems in Palm Beach will truly upset the liberals, but too many uneducated and illegals voting. Bottom line.

There was an article in The Orlando Sentinal yesterday stating Florida will get 3 more electoral votes. Why? (Hope you are sitting down.) Because of all of the immigrants and illegal aliens which increased the census numbers dramatically.

We are about to loose America. When we allow those to vote who have no other interest than what they will be GIVEN by our government, we've lost our soverienty already.

Freedom and liberty to PURSUE life, liberty, and happines..not rape it from the pockets of others.

Here's the article. Read it and weep for our country.

http://www.orlandosentinel.com/news/custom/growth/orl-congseats0407oct04,0,70475.story

# 23

[October 17, 2007 1:17 AM]

Former Blacksburger

One needn't hide the voting machines away - lock them in a well publicized and visible location behind glass doors. Security through obscurity is no security at all.

Encouraging the public to point out security loopholes in a full-disclosure system and acting responsibly to close them is the best tack our government can take.

# 24

[November 7, 2007 7:13 PM]

Lila Bonnell

Chris, thanks for your excellent article. (I really appreicate it that you made the time to really research this, even though you aren't entirely thrilled with the machines.) I am an Election Official in Fairfax County (and was one in Arlington County when I lived there). At least in the precincts where I have worked, the Election Officials have been fanatics about making sure ID's meet the legal standard, voters' secret ballots are kept secret and that the process is kept fair and transparent. During election day, the number of people who come in to vote is tallied both manually (at the check-in tables) and on the machines. Totals are compared at random intervals throughout the day and on the rare occasion where there is inconsistency, we go to great lengths to resolve. (On the rare occasions I have seen this happen it is almost always because one of us at the check-in table got distracted-trying to address an issue with a voter, perhaps-and forgot to cross off the next number on the integer list that serves as our manual total marker. It's frustrating, but simple to resolve.) I also appreciate the stories laid out above. Reminds me how important it is to get and stay involved. As one person above suggested, the process is not be perfect; if we stay involved, however, we can minimize abuse and make improvements. Thanks again for your article.