17 October 2014

“Before his swearing-in, Bilbray said he looked forward to replacing the images of airplanes that used to decorate the walls with photos of surfboards and sailboats." — USA Today

Unfortunately, the immigrant-bashing Brian Bilbray wasn't talking about decorating his dorm room. California's newest congressman is moving into the Rayburn House Office Building, specifically the office vacated by Randall “Duke" Cunningham, bribe taker extraordinaire, who is now serving eight years in prison. Bilbray edged past Democrat Lorraine Busby in a special, allegedly closely watched election on June 6, allowing Republicans to hold the 50th District in traditionally conservative San Diego County.

And the folksy detail about Bilbray's taste in poster art, in lieu of reportorial outrage, seems to signal that, once again, America has moved on from a shoddily conducted election — making Congress seem about as trustworthy as a New Orleans rebuilt atop the toxic waste stirred up by Hurricane Katrina. Somebody's going to get sick from this sooner or later.

Indeed, the “democracy extremists" out there — the ones who take procedural integrity seriously, especially in the era of electronic voting — are sick already.

Let's forget for a moment the political significance of Bilbray vs. Busby, or even who won, and pare the contest down to one essential fact: The use of Diebold optical-scan and touchscreen machines in last week's voting in San Diego County was subject to rigid procedural standards set down both by the California Secretary of State's office and the National Association of State Election Directors, the point of which was to guarantee that the machines arrived at their polling places untampered with and inviolate.

This is no small matter. People across the political spectrum have begun waking up to the immense risks posed by electronic voting. For instance, conservative CNN commentator Lou Dobbs recently weighed in that, “The security of our elections and the integrity of our democracy is in jeopardy. Nationwide, there is concern and even alarm that electronic voting machines are simply too easily compromised and vulnerable to fraud."

And Diebold machines, which were decertified in California at one point, are probably the most controversial of all. Computer experts given even brief access to a Diebold machine have demonstrated how easily it can be hacked, with election-changing results. A highly detailed “security alert" about Diebold, issued in May by the nonpartisan Black Box Voting, warns:

“Based on publicly available documentation, source code experts and testing performed with the system, there seem to be several backdoors to the system which are unacceptable from a security point of view. . .

“In the worst case scenario, the architectural weaknesses incorporated in these voting terminals allow a sophisticated attacker to develop an ‘offense in depth' approach in which each compromised layer will also become the guardian against clean-up efforts in the other layers. This kind of deep attack is extremely persistent and it is noteworthy that the layers can conceal the contamination very effectively should the attacker wish that. A quite natural strategy in these types of situations is to penetrate, modify and make everything look normal."

Bev Harris of Black Box Voting put it a little more bluntly: “The Diebold system is only as good as the most recent person who gets at it. It's a defective system."

While many people argue that the machines shouldn't be used at all, California Secretary of State Bruce McPherson, who recertified Diebold, at least acknowledges their security danger and has established strict “chain of custody" standards for each machine and memory card. No unauthorized person should ever be alone with them, and “Any breach of control over a memory card shall require that its contents be zeroed."

Now then, fasten your seatbelts. In San Diego County, the voting registrar, Mikel Haas, apparently following time-honored custom (or whatever), sent machines and other equipment home with poll workers for as much as a week before the June 6 election, to be stored in living rooms, garages, etc., shattering all control over these insecure machines and opening up, in Harris' words, “a huge gaping maw of an attack hole."

Some of the poll workers themselves were incredulous and contacted LA-based blogger and democracy maven Brad Friedman. “My neighbors were quite surprised when I showed them one of the touchscreen systems from my garage," one of them wrote. Friedman sounded the alarm to his readers, which is how I found out about it.

A spokesman at Haas' office subsequently confirmed the “sleepover" (as Friedman put it). And another spokesman, at McPherson's office, who took the better part of two days to return my calls, refused to answer a simple, point-blank question: Were chain-of-custody requirements violated in San Diego County? Instead, she e-mailed me a copy of the secretary of state's certification process, which seemed to confirm that indeed they were. Further calls to McPherson's office have not been returned.

I don't know whether the secretary of state's allegiance is to partisan politics or just a quick count. But like others who have looked on appalled at the procedural sloppiness of this election, I have no confidence in Bilbray's 4,732-vote victory" over Busby. Worse, I fear that democracy in the electronic era is in the hands of people who regard it as more trouble than it's worth.