Voting experience or “I want my VVPAT”
I just voted on a Diebold AccuVote-TS (I will call them Diebold machines as long as they have Diebold branding all over them). Everything went very smoothly - I was greeted by friendly and knowledgeable elections workers, the touchscreen was calibrated, my vote was presented to me for review, I mashed on the “Cast Vote” button on the screen, and then… poof. Nothing. I had no tangible evidence that my vote was recorded according to my wishes.
VVPAT is voter verified paper audit trail. It means a piece of paper records your vote choice in parallel with the electronic record. Many experts recommend mandatory VVPAT in conjunction with audits that reconcile the paper with the electronic counts for a statistically meaningful sample of available data. I don’t know about the Maryland audit procedures, but since there’s no VVPAT, there’s nothing to audit.
In an earlier post I discuss security requirements for a voting system. Let’s just review how well they were met today.
Ballot Secrecy
This requirement is probably met adequately. I was given a smartcard to insert into the machine to initiate my voting system. It is possible that the device that put the voting token credentials on the smartcard may have recorded my identity, but it’s doubtful. Violating ballot secrecy permits vote buying and intimidation, but there are easier ways to manipulate an election than these “social engineering” approaches.
Vote Integrity
Who knows. Feldman, Halderman and Felten’s 2006 article on the Accuvote-TS states:
Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities—a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine’s hardware and software and the adoption of more rigorous election procedures.
Ed Felten has demonstrated that it is possible to access the memory card with a minibar key, by the way.
An attack that can modifies software can be applied anytime in the voting process. An attack that modifies logs can be applied any time after voting begins. How strong is the chain of custody from the point in which the machines were known to be in a secure state? How do I know that somebody with a minibar key and a malicious memory card hasn’t had sixty seconds of private time with the machine I voted on?
Mutual Suspicion
With no independent voter verification (such as VVPAT), I am required to trust the manufacturer and the elections administrators. I do not impute ill motives to any party, but the integrity of the voting process must not be contingent on trusting them.
[updated]
Of course why would anyone ever suspect the chain of custody.
February 12th, 2008 at 1:09 pm
Maryland will go for Clinton and McCain.
February 12th, 2008 at 2:38 pm
We should find out in about six hours.
February 12th, 2008 at 3:52 pm
So…you have fear of everything?
What good is the certainty of voting if all you have is fear of the system you are voting for?
This requirement is ‘probably met adequately’….. are you saying you dont know? why is that? This means that the wackos at bradblog and other sites have gotten into your mind with second and third hand knowledge fear tactics.
The card gives the machine your party/district info….so it knows what screens to show you….period.
So you didn’t see the seals that make it impossible to get the mem card out without alerting the poll workers?
Dont you think it’s strange that all these sites don’t report the security procedures used by the election officials? Just the fears of breaking them?
Anyways…glad you voted…didnt panic…and walked away without getting shot….consider yourself lucky.
February 12th, 2008 at 9:41 pm
[…] MD: Voting experience or “I want my VVPAT” http://www.glassboxvotin…ence-or-i-want-my-vvpat/ […]
February 18th, 2008 at 5:21 pm
Someone please go back into the history books and remind me WHY direct-recording-equipment was originally invented BACK IN THE 1880’s!
Do all of these people who think their vote isn’t secure just because they can’t see where it goes really think a piece of paper is the answer? Doesn’t anyone remember the actual evidence (not anecdotal like all the voting-machine scares) of boxes and boxes of paper ballots found weeks after the elections floating in rivers?
Why the sudden distrust of Election Officials? Please don’t say Palm Beach, Florida in 2000. There was no conspiracy there. A Democrat Supervisor of Elections took a commonly-used ballot design (the butterfly ballot) to BOTH political parties who unanimously applauded its application to make voting easier for senior citizens in the 2000 General Election. Voters who don’t read and follow instructions are to blame for what happened there–that would be the same voters who still don’t read and follow instructions and instead of filling in ovals mark them with a check or an x. And didn’t they have a paper ballot to recount then? And didn’t the statewide “audit” of that election show that Bush really DID win Florida?
Paper ballots, optical scan or otherwise, are so much more easily manipulated than any other form of voting. THAT IS WHY DRE’s (lever machines being the first type–still widely used in Hillary’s NY, by the way) WERE INVENTED IN THE FIRST PLACE–to get fallible and bribable humans OUT of the vote-counting process.
And now, “for security” a very vocal minority wants to go back to the 18th century? The biggest crime here is that Congress is allowing itself to be misled by this small splinter group.
I hope CNN and the rest of the pundits don’t mind waiting until Easter for certified results.