26 April 2014

Result of State's First Ever Testing of E-Voting Systems Find All Systems 'Vulnerable' to Manipulation and Theft by 'Simple Techniques'



SoS Brunner Recommends Paper Ballots Optically-Scanned at County Headquarters for Buckeye State...



The results of new, unprecedented testing of e-voting machines in the state of Ohio are in, and the findings mirror the landmark results of a similar test carried out earlier this year in California.
"Ohio's electronic voting systems have 'critical security failures' which could impact the integrity of elections in the Buckeye State," says Ohio Secretary of State Jennifer Brunner in a statement which accompanied the release of the report today on the SoS' website. Brunner, a Democrat, was joined in her press conference (video now here), called today to discuss the results of the testing, by Ohio's Republican House Speaker, Jon Husted.



Brunner is calling for a ban on all Direct Recording Electronic (DRE, usually touch-screen) voting systems in the state, along with a ban on precinct-based optical-scan paper based systems, charging that the central counting of ballots at the county would eliminate "points of entry creating unnecessary voting system risk."



The State's bi-partisan "Evaluation & Validation of Election-Related Equipment, Standards & Testing" (EVEREST) report finds, as did California's study, as did virtually every other independent test of such systems, that violating the security and manipulating the "federal approved" electronic voting systems, is a breeze.



"To put it in every-day terms," Brunner said, "the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant."



"The results underscore the need for a fundamental change in the structure of Ohio’s election system to ensure ballot and voting system security while still making voting convenient and accessible to all Ohio voters," said Brunner, who has come under fire from Election Integrity advocates for failing to act quickly enough concerning the voting systems to be used in next year's crucial election, as well as for failing to seek accountability for the exceedingly well-documented and now-infamous charges of election fraud and voter suppression in the 2004 Presidential election under her predecessor J. Kenneth Blackwell.



While the effort is long overdue in Ohio, actions being taken by Brunner, in light of the test results, are less stringent than those taken by California Secretary of State Debra Bowen after tests in her state. Brunner's recommendations, some of them quite puzzling, are likely to come under some fire in the bargain, from Election Integrity advocates in Ohio and elsewhere...



Results of the Ohio tests were submitted to Brunner's office last week. The testing was carried out by several teams of testers from both the commercial and academic computer science and security communities, and included systems used in the state of Ohio, as made by Diebold (now known as Premier), Election Systems & Software (ES&S) and Hart Intercivic,



All of the systems were found vulnerable to easy tampering.



"In an era of computer-based voting systems, voters have a right to expect that their voting system is at least as secure as the systems they use for banking and communication," Brunner said today. However, while making a number of recommendations for changes to the voting system, as based on the testing, she has notably not decertified any of the vulnerable systems, as she would be allowed, according to Buckeye State statute.



After testing In California, Secretary of State Debra Bowen decertified all of the states voting systems, and re-certified them under stringent new security requirements. Among them, the allowance for only a single DRE voting system made by either Diebold or Sequoia Voting Systems can be used in a polling place in order to marginally meet federal voting requirements for voters with disabilities. She mandated that the so-called "paper trails" produced by those systems be 100% hand-counted after each election.
Criticism from the Election Integrity Community



Columbus Free Press investigative journalists Bob Fitrakis and Harvey Wasserman, contend that Brunner's admissions in the wake of EVEREST testing means that "Ohio's top election official has finally confirmed that the 2004 election could have been easily stolen."



Pointing to the similar findings from the California study, the Free Press --- which has been perhaps the most assiduous of media investigators into what happened during Ohio's 2004 Presidential election --- alleges in their report today on EVEREST, that the findings suggest vulnerabilities in America's --- and specifically Ohio's --- voting system are far worse than has been generally acknowledged by the public and the media:

    In tandem, these two reports add a critical state-based dimension to the growing mountain of evidence that the US electoral system is rife with insecurities. Reports from the [NYU] Brennan Center [for Justice], the Carter-Baker Commission, the Government Accountability Office, the Conyers Committee Task Force Report, Princeton University and others have offered differing perspectives that add up to the same conclusion.



    Coming in the state that decided the 2004 election for George W. Bush, Brunner's confirmation of the electoral system's vulnerabilities adds huge new weight to the charge that the Buckeye State's vote count was stolen.

Fitrakis and Wasserman go on to point out that while the official margin of victory for Bush in Ohio, the state that determined the result of the election was "less than 119,000 votes out of 5.4 million cast," those results "varied by 6.7% from exit poll results, which showed a Kerry victory." The Exit Polls in 2004, they go on to report, had an official "margin of error of about 1%."



They also point out that though all 88 counties in Ohio were ordered by a federal judge to retain their ballots from the '04 election, 56 of them either "destroyed" or "lost" some "1.6 million ballots, cast and uncast, needed for definitive auditing procedures."



Both Brunner and State Attorney General Marc Dann, another recently elected Democrat, have come under fire from Election Integrity advocates for failing to hold anyone accountable for the destruction of those ballots, as well as for several well-known acts of improprieties by county officials across the state in 2004 which allegedly results in millions of uncounted and uncast votes, predominately in Democratic-leaning minority areas of the state.



Though central tabulators made by the same companies were in use during the 2004 election, most of the states newer DRE electronic voting systems where not implemented until the 2005 election when still-unexplained results managed to turn down a number of election reform measure that were on the ballot under Blackwell's reign. Some 44 of Ohio's 88 counties had implemented touch-screen systems made by Diebold for that election.
Each subsequent election has led to embarrassment for residents of Ohio, most notably in Cuyahoga County (Cleveland) where Brunner removed the entire Board of Elections shortly after taking office in early 2007.



Could New Recommendations Lead to Still More Trouble?



Brunner's recommendation, and failure to decertify the most dangerous of the voting systems, could lead to even more trouble ahead for Ohio.



Voting system and security experts have previously argued that decentralized precinct-based counting was more secure than central, county-based counting since results could be both counted, and posted at the polling place on election night, prior to transport of ballots, and vulnerable recording media to county offices.



During the 2004 election, investigators have maintained, chicanery occurred at the county level on election night. One such now-infamous incident occurred in Warren County, one of the last to announce results for the November 2004 election, when a supposed terrorist threat led county officials to shut the public and media out of the counting room. The unprecedented action still remains unexplained to this day. Nobody at either the FBI or Dept. of Homeland Security has admitted to giving such a warning to Warren County, and the officials in Warren who claimed they did have never offered the names of any such individuals.



Neither Brunner nor Dann have investigated the disturbing allegations surrounding that incident either, to our knowledge.



Central tabulators which process paper-based optical-scan ballots are notoriously vulnerable to hacking as well. Though, in theory, proper audits of paper ballots might reveal tampering in the event that a tabulator is hacked, decentralized counting and posting of results is generally acknowledged by experts to make such tampering far more difficult to accomplish without detection.



Brunner's statement admits that "the researchers commented that with the lack of technical measures in voting system design, its integrity 'is provided purely by the integrity and honesty of election officials.'" Such officials would still be responsible for overseeing all tabulation at the county level under Brunner's new recommendations.



A recent report from Houston, earlier this month, highlighted the ease by which a single individual could change the results for an entire county election with just the push of a few keystrokes on a county-based central tabulator.



VotersUnite.org's Executive Director, John Gideon, a frequent contributor to The BRAD BLOG, notes that central-based ballot scanning also makes recommendations by the federal Help America Vote Act (HAVA) for notification of over-voting on ballots, virtually impossible.



"The vendors are already lining up to sell their expensive, high-speed scanners to Ohio," he tells us. He also pointed out problems seen in recent elections with counties who have "outsourced" their counting to voting system vendors at the county level, instead of relying on the more decentralized and more transparent precinct-based optical-scan systems, while mentioning that he's so far had difficult finding information in the EVEREST report that is critical to such vote-counting methods.



"All the stuff I've seen in there so far refers to DREs, not op-scan," Gideon said.



In addition to central based optical-scanning, Brunner made several recommendations that would push the state closer to all absentee ("vote-by-mail") voting.
She has recommended "no fault" absentee voting and "Election Day Vote Centers" to combine precincts into "super precincts".
Election experts have long regarded absentee voting as the most vulnerable to fraud, manipulation and "vote-buying". While Voting Centers have had a short, but storied history of recent failure in places like Denver, where technical problems during the '06 election created impossibly long lines, and likely kept hundreds of thousands of voters from being able even cast a vote.
Brunner has also recommending that special "issues only" elections, such as the one to be held next August in Ohio, be carried out as a "vote-by-mail" election, with no in person voting.
While Democrats across the country, including even California's SoS Bowen, have begun to recommend "vote-by-mail" as a cure to the woes of electronic voting, many Election Integrity advocates are warning against such a move, arguing that both transparency and ballot secrecy is greatly diminished by mail-only elections. The possibilities of fraud, they also argue, are greatly increased in the bargain.
The Ohio Secretary of State's page, with links to report from the EVEREST testing, is available here.