Saturday, November 14, 2009
Did you think the ballot you cast in the 2008 election was secret? Think again if you live in Hawaii
by Larry Geller
Bob Babson, lead plaintiff in the Babson v. Cronin lawsuit, has documented some of his concerns and suggestions in an email request for new legislation that I hope our lawmakers will take very seriously. As I read through his document, I was alarmed at some of the revelations. See what you think.
In response to Babson’s lawsuit, Judge Joseph E. Cardoza enjoined Hawaii’s Office of Elections from purchasing electronic voting equipment until administrative rules were in place. A central concern expressed in the lawsuit was the danger of so-called “man-in-the-middle” attacks that could change election results.
But there’s more. To answer the headline question, no, your 2008 ballot probably wasn’t secret. Bob explains that the Hart machines chosen by the Office of Elections used a new and different technology, one that violates the secrecy of your vote:
In 2008, there was a number on the ballot and a different number on the detachable part of the ballot handed to the voter. But the election vendor who designed the system and ordered the ballots could easily know both numbers. The number on the detachable part was written down by election volunteers when voters signed in. Thus, election officials could later see this number and trace it to the ballot and learn how voters voted. This was especially easy because in 2008, "marksense" was not used but instead "digital ballot imaging" (see "terminology" at the end of this letter) was used where every ballot was photographed and made into a ".jpg" which showed the number on the ballot making it easy to see who voters voted for. This absolutely violates the constitutional right of all voters to vote anonymously.
In other words, the new machines did not just record your vote, the way the older machines did. They took a picture of your entire ballot, including the ballot number. As Bob explained above, that number is easily traced to you. So your vote cast in 2008 is not secret. It can be easily looked up in a computer. In prior elections, your ballot would have to be located, a time-consuming task. Once the paper ballots were destroyed, your vote could not be traced. Now your vote is recorded in a computer file with an identifying number.
I also noted that, according to Bob’s report, neither the Office of Elections nor the voting systems have ever been audited. This seems like an oversight that the Legislature could and should remedy, particularly given the lawsuits against the OOE and other difficulties it has experienced.
Of course, there is the unresolved question of how to prevent “man-in-the-middle” attacks if electronic transmission by phone or over the Internet is allowed. The OOE should be required to demonstrate that this or other hack attack is not possible before electronic voting equipment is allowed to be used. The value of an audit is that it could show whether the Office of Elections is truly protecting the sanctity of our vote or simply expecting the equipment vendor to do that for them.
Bob asks us to communicate with our legislators on some new lawmaking. His document is long, but very worth reading. I have redacted his personal information except for his email because spammers typically harvest that information from websites. If you can read this, you should be able to contact Bob if you wish via his email. (Note: his attachments are not included here, contact him directly if you would like them).
Dear Citizens of Hawaii,
There are serious problems with the Hawaii election system. Below, please find my letter to the Hawaii State Legislature making eight recommendations which I believe will significantly increase Hawaii election system accuracy. Please read over these recommendations and if you concur, please forward this email to your Representative and Senator and ask them to enact some or all of these recommendations into law. You can quickly forward this email with your comments to all Representatives by clicking on "forward" and addressing it to email@example.com. Then, to send it to all Senators, click on "forward" again and address it to firstname.lastname@example.org. Please add specific comments if you wish. Open, honest and accurate elections are the backbone of Democracy! We must protect it!
November 1, 2009
Hawaii State Legislature
Hawaii State Capitol
415 South Beretania Street
Honolulu, HI 96813
Re: Recommendations for new Hawaii State Laws to be passed by the State Legislature which will significantly increase the accuracy of elections in Hawaii.
Dear Hawaii State Representatives and Senators,
I majored in accounting in college and was an auditor for three years following my graduation. In 2006 I was a Maui Official Observer and I saw numerous weaknesses in the Hawaii election system. I have described each weakness below and have made recommendations which I believe will increase the accuracy of all future Hawaii elections. Voting is the cornerstone of democracy. Every vote must and should be counted accurately. Please review each recommendation and if you agree, please introduce a bill in the State Legislature to make it Hawaii State law.
Recommendations for Significantly Increasing the Accuracy of the Hawaii Election System:
1. The Hawaii State Legislature should pass a law banning all election equipment from using any form of telecommunication or remote networking.
a. This will eliminate any possibility of "Man in the Middle" vote flipping. It is impossible to know where votes are going when they go over telephone lines and/or the internet. "Chain of custody" is completely broken. They could be going to a "middle man" at a remote website where they are "flipped" in a matter of less than 60 seconds and then sent on to the state count center. "Flipped" means votes are taken from one candidate and given to another candidate allowing the receiving candidate to win the election illegally. During all elections in Hawaii since at least 1998 through 2008, votes have been sent over the internet and could have been flipped. The Office of Elections has 100% "trusted" the election vendor who 100% secretly designs the software and hardware and no one is allowed to inspect it because of "proprietary" laws. Please Google "elections man in the middle" to see the numerous news stories about this very serious problem.
b. The election vendor could actually program the computers and manipulate votes and vote counts directly or indirectly by sending the vote counts to a remote computer where they could be altered (by the man in the middle) and then sent on to the state count center. Current law does not require this type of protection and the Chief Elections Officer has refused to consider such rules in petitions and letters seeking such rule making. Legislative protection is needed in this area.
c. To further illustrate how dangerous it is to have any computer connected to the internet, please go to www.gotomypc.com and click on "how it works" and watch the "demo" to get the idea of how easy this type of software is to install and use. It is designed for business people to access all their files on their office computer from a remote computer. Using this kind of software, an election vendor could come into their count center computers and flip votes at will any time during the day. It is therefore absolutely mandatory that all election equipment not be connected to any telecommunications of any sort.
d. California has already passed state law AB 3026 banning the use of the internet during elections (see Attachment #1).
e. Representative Rush Holt has introduced in Congress HR 2894 which, if passed, will ban the use of all telecommunications during elections in all 50 states (see Attachment #2). To see the text and status of HR2894, please go to www.thomas.loc.gov and enter HR2894. This is good bill and will significantly improve election accuracy in the United States.
f. Computer experts have stated it is impossible to have secure elections when the internet is used. Please see list of experts and their statements (see Attachment #3).
g. German High Court rules "evoting" unconstitutional. Germany not only banned the use of all telecommunications, they also banned all computers. All future elections will be hand counted (see Attachment #4). Note: there is a movement in the United States to have all votes counted by hand. Please see www.handcountedpaperballots.org.
2. The State Legislature should pass a law authorizing and ordering the Hawaii State Auditor to conduct a full 100% inspection of the Hawaii election system from start to finish and write a report with recommendations to the state legislature and the general public following each election.
a. The State Auditor should have 100% full access by law to all aspects of the election including election vendor software and hardware and not be denied any information they seek. Said inspection should include hiring computer experts if not already on staff to review and approve all election vendor software and hardware and all election procedures before, during and after each election. This would include being in attendance at all election events which Official Observers attend. Note: From 1998 to 2008 there has never been a computer expert evaluation or professional audit of the Hawaii election system. No reports have ever been made. Instead, we have just "blindly trusted" the election vendor. The State Auditor audits all other branches of Hawaii government. They should audit the Office of Elections and the Hawaii election system too.
b. The State Legislature should pass a law that all election RFP's should mandatorily require in advance the successful election vendor to allow "by contract" the Hawaii State Auditor to conduct a full inspection of all software, hardware and any and all other procedures designed by the election vendor and/or the Office of Elections. This would eliminate the ability of the election vendor to claim secrecy due to "proprietary" law. California and other states have computer experts examine the software and hardware and Hawaii should also.
3. The State Legislature should pass a law authorizing and implementing a 100% vote by mail election system like they already have in Oregon and other states.
a. This will also increase voter turnout and reduce costs to the State, since there will be no precincts other than the one required by HAVA for disabled citizens to be able to come in and vote at the County Clerk's office.
b. To implement voting by mail, Hawaii should order four optical scanners for use here in Hawaii to count votes. This would be one scanner for each county. It would be located at the county count center. Each scanner must be able to print out the accumulated election results at any time during the day in order to accommodate the numerous cutoff's explained below (see 3e(2)) which are required for the manual audit. Each scanner must also be able to record all accumulated election results on a memory card. When the final vote is counted in each county, a final printout of all votes should be done, and the memory card should then be removed from the optical scanner and both the final printout and the memory card should be transported in a secure container via automobile and/or airplane to the Honolulu state count center escorted by election officials and Official Observers where the memory cards will be read in by the tabulator. A second final printout should also be made which will remain in the county and be available to the manual audit team and the public. No votes shall be transmitted over the internet.
c. Hawaii should also order one tabulator which will be located at the state count center. The tabulator should also be able to print out election results and be able to read-in the memory cards from the four counties which shall be transported in a secure container from the four counties to the state count center. No votes shall be transmitted over the internet.
d. Hawaii should order compatible ballots for the scanners to read. Said ballots should be 100% anonymous for purposes of privacy. There should be no detachable part of the ballot. When the voter signs in, a ballot should be handed to the voter. This would guaranty the vote is anonymous. There would be no "trail" back to the voter. In 2008, there was a number on the ballot and a different number on the detachable part of the ballot handed to the voter. But the election vendor who designed the system and ordered the ballots could easily know both numbers. The number on the detachable part was written down by election volunteers when voters signed in. Thus, election officials could later see this number and trace it to the ballot and learn how voters voted. This was especially easy because in 2008, "marksense" was not used but instead "digital ballot imaging" (see "terminology" at the end of this letter) was used where every ballot was photographed and made into a ".jpg" which showed the number on the ballot making it easy to see who voters voted for. This absolutely violates the constitutional right of all voters to vote anonymously.
e. Here's how voting 100% by mail works and the safeguards in place. All voters register with the county clerk. The county clerk therefore has the voter's signature on file. The county clerk then mails out a ballot to all voters and voters vote and mail it back in. The outer envelope has the signature which the clerk checks to the signature on file to ensure it is valid. If valid, the envelope is stored in a secure room until election day. If not valid in the opinion of the clerk, it is also stored in a secure room for further review as a "provisional ballot." On election day, all valid envelopes are brought to volunteers at the county count center who open the outer envelope and give the inner envelope to a second team who opens them and unfolds the ballot and places them in special ballot boxes which are taken to the count center optical scanner for counting. Then:
(1) The first 100 ballots of the day are run through the optical scanner and the optical scanner then prints out the results which are placed in a ballot box along with the 100 ballots so that the manual audit team can double check that the optical scanner is accurately counting the ballots.
(2) In the 2006 election, and I believe in 2008, the optical scanner simply counted all ballots for the rest of the day accumulating the total. Unfortunately, this resulted in the Absentee Ballot Mail (AB Mail) precinct being so big (approximately 1/3 of all votes) that it was impossible to manually count the AB Mail precinct. Therefore, no mail-in ballots other than the first 100 were manually counted. This therefore became the logical place to "flip" votes if it was going to happen. By banning the use of any telecommunications, we have eliminated the "Man in the Middle" problem. However, software can be programmed to flip votes too. So to deter this possibility, I recommend that after counting every 250 ballots, the printer should print out the accumulated results so far and the printout put into boxes along with the 250 ballots and marked "Cutoff #1, #2, #3, etc. This will give the manual audit team the ability to randomly select various "cutoff's" each consisting of 250 ballots to count and compare the votes to. The manual votes counted should equal the current cutoff less the previous cutoff. Example: If "cutoff #16 is chosen to count, then the votes manually counted should be the accumulated votes for cutoff #16 less the accumulated votes for cutoff #15. This will enable the manual audit team to count the 10% of votes required by Hawaii state law and to make sure the software didn't "flip" any votes.
(3) In the 2006 election, and I believe in 2008, the manual audit team began counting at approximately 7:00 pm on election night and finished their manual counts about 11:00 pm. However, they did not count anywhere near the 10% of the votes required by law (HRS 16-42(3). In 2006 they only counted the votes for one candidate in each of seven precincts. This is less than one percent of the total vote. I therefore recommend, that for all future elections, the manual audit team arrive on the day following the election at 8:00 am and count until 5:00 pm or until such time as 10% of the votes are counted in accordance with state law. Note: Another problem with 2006 and 2008 manual audits on election night was that many precincts were not even in to be counted. Ballots from some precincts didn't arrive until 9:00 to 10:00 pm. So the audit team could not "randomly" select precincts to count that were not there, further thwarting any appearance of random testing. If 100% mail in voting is used, it could be late in the evening when the optical scanner finishes with the final cutoff. Thus, it is best to do the random selection and manual audit count on the next day when all counts are done.
(4) Under federal law, all ballots are stored for 22 months following each election in case a recount is necessary. They should be stored in the special ballot storage boxes mentioned above with 250 ballots per box including the cutoff printout. The box should be marked with the cutoff number so the manual audit team can easily find and count the cutoffs they randomly selected.
4. The State Legislature should pass a law that all election RFP's should mandatorily as a part of the contract require the successful election vendor's chief executive officer and all election vendor employees on site here in Hawaii to certify that to the best of their knowledge, every vote has been accurately counted. All CEO's and CFO's of publically traded companies are required by federal law (Sarbanes-Oxley Act of 2002) to certify that to the best of their knowledge the financial statements are true and correct. There is no reason why an election vendor cannot also certify that the elections were accurately counted to the best of their knowledge.
5. The State Legislature should pass a law that all Election Commissioners shall automatically as a part of their official duties and responsibilities be able to attend and observe, at their discretion, all election activities the same as Official Observers . The best way for Election Commissioners to judge the election system is to be there on election day watching at the county and state count centers. According to the Minutes of the Regular Meeting of the Elections Commission of October 16, 2008, paragraph V states: "Commissioners Nelson and Swift expressed their difficulty in being able to observe election operations in the County of Kauai." These minutes are posted on the Office of Elections website under "Elections Commission." Please go to www.hawaii.gov/elections and click on "Elections Commission."
6. The State Legislature should pass a law that all Official Observers should be chosen by random selection. Hawaii citizens who meet the requirements of the law to be Official Observers should be allowed to apply at their county clerk's office for the county count center or at the Office of Elections for the state count center. There should then be a public meeting where all applicants could attend and names should be drawn randomly from a box. Note: Under the current system, the chief election officer and/or the county clerk can "hand pick" Official Observers. I was a 2006 Official Observer and because I wrote some letters making recommendations which Official Observers are suppose to do (we are the "Eyes & Ears of the General Public" - according to the election manual), the Chief Election Officer denied me the right to be an Official Observer at the Maui Count Center in 2008. In the financial world, auditors are chosen by the board of directors or the shareholders, never by the chief financial officer who is being audited.
7. I recommend that the State Count Center also have a manual audit team who would meet at 8:00 am on the day following the election and whose duties would be as follows:
a. They should audit the "Detail Statewide Summary" showing all precincts and how they voted and add up the total votes for selected candidates on a random test basis to make sure they add up to the results in the "Statewide Summary." In 2006, the county manual audit teams traced all manual ballot counts to the "Detail Statewide Summary" but no one added up the details and traced it to the "Statewide Summary" which is what was used to announce final winners. Both the Detail Statewide Summary (540 pages in 2008) and the Statewide Summary (3 pages in 2008) are posted on the Office of Elections website as PDF's for your review. Please go to www.hawaii.gov/elections and click on "Election Results."
b. The state manual audit team should also receive the four county count center final printouts forwarded to the state count center (see 3b above) and manually add the votes for each candidate on the four county printouts together and trace the total to the final Statewide Summary.
8. The State Legislature should pass a law mandating that all election RFP's and the successful vendor's contract with all addendums be made immediately available to the public by being posted on the Hawaii Office of Elections website. Elections must be open and transparent and the public should have ready access to these important documents. Each member of the public should not have to go through a Freedom of Information request. It is noted that the current RFP for 2010 with addendums is posted on the OOE's website and this is good.
Thank you for your consideration in this matter. Please contact me if I can be of further assistance.
Robert G. Babson, Jr.
Useful Terminology to Know:
1. "Marksense" technology was used in Hawaii from 1998 to 2006 by ES&S. The voter "marks" the ballot and the optical scanner "senses" the vote and counts it on the first and only scan.
2. "Digital Ballot Imaging" technology was used in Hawaii in 2008 by Hart InterCivic using their Escan optical scanners. The voter "marks" the ballot and the optical scanner is programmed to photograph the ballots and make a ".jpg." Next, the ".jpg's" are read by a second program and the votes are counted during this second program. Note: In Maui in 2008, the first scan produced "blurry" .jpg's and so Official Observers demanded that the ballots all be scanned again to get better .jpg's that the second program could more accurately read. The thinking was that if the Official Observers were having trouble reading the blurry .jpg's, then the second program would also have trouble and could make mistakes. The Maui Official Observers didn't go home until 8:00 am the day after election day.
1. California Assembly Bill No. 3026 bans use of internet in all election equipment.
2. Rush Holt Proposed Act of Congress HR2894 bans use of internet in all election equipment.
3. Computer Technologists' Statement of Internet Voting.
4. German High Court declares evoting unconstitutional.
Please see attachment to this email which includes these four attachments.
I think your account, following Bob Babson, is misunderstanding the numbers on the ballots.It is reasonable for people to be suspicious of the voting process and take steps to ensure the results are accurate and private.
But it is my understanding the unique number (and barcode) on the optical scan ballots cannot be traced back to an individual voter. The numbers are there to protect the integrity of the voting, not as part of some plan to violate the voter's privacy. If there were NOT unique identifier numbers on the recorded ballot images, how would people monitoring the elections have any confidence the images are not simply duplicate images rather than unique ballots? The unique numbers also ensure ballots are not scanned twice, which is a rather trivial way to alter election results.
The barcode numbers are not in sequence and cannot be traced back to the number on the voter's stub. I think Bob is mistaken in his allegations.
I was an election observer and wanted to comment on the unique numbers. As Bart has covered the topic in detail I will just second everything he has stated.
I am a PhD computer scientist (Stanford) and a subject-matter expert. Bob Babson is absolutely correct in concluding that the balloting method used in Hawaii destroys voting secrecy. Unique barcodes on ballots is not in itself a problem: Bart Dame is correct in pointing out that unique barcodes can successfully be used to prevent "ballot box stuffing." The problem is the 1-to-1 correspondence of the unique barcode on the ballot and the number on the stub. Secrecy is broken by the fact that the number on the stub is recoded by election officials.
Mahiko, thanks for your comment. Since the article is old, I'm going to re-post your comment as a separate article.
Since you posted anonymously, I wonder if you might let me know via email (click "Larry" at the bottom of this comment) and let me know if I might check with you in the future on this.