[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 12/12 Daily: County to vote on voting system finalist

To: bcv@xxxxxxxxxxx
Subject: Re: 12/12 Daily: County to vote on voting system finalist
From: Paul Tiger <tigerp@xxxxxxxxxxxx>
Date: Fri, 12 Dec 2003 18:10:56 -0700
Delivered-to: mailing list bcv@booyaka.com
In-reply-to: <20031212143742.82581.qmail@web21007.mail.yahoo.com>
List-help: <mailto:bcv-help@booyaka.com>
List-post: <mailto:bcv@booyaka.com>
List-subscribe: <mailto:bcv-subscribe@booyaka.com>
List-unsubscribe: <mailto:bcv-unsubscribe@booyaka.com>
Mailing-list: contact bcv-help@booyaka.com; run by ezmlm
Organization: We have no organization
References: <20031212143742.82581.qmail@web21007.mail.yahoo.com>
Reply-to: paul.tiger@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703

The most serious and interesting thing that Neal says is that he tells us that he can defraud the elections by making his own ballots. Even if he could and could somehow get them past a polling place judge and into the ballot box ... it would be fraud. He's telling us that he can perform fraud and challenges us to believe that this is fairly normal. He challenges people to try it.

While I am babbling on about HERF guns and data destruction, I don't do it in a public forum like a newspaper. It is completely irresponsible on his part.

But it is really misdirection. Point us to look at something that is not happening and show us how easy it is. But we could catch it, because it is easy to see as well. Insecure or badly written code is not easy to see, and we can't know if Neal has created a fraud machine.

Personally, I don't think that Neal would do this. I think that he has the public trust in mind and is a moral person. However he needs a handler or learn something about psychology before opening his yap. I'd bet that a lot of people are scared of his ideas and him.

paul tiger

kellen carey wrote:

Good points. I would add that the Diebold system was fully certified by all the states in which it operates and by the FEC/NASED, and yet both the Johns Hopkins/Rice University and SAIS (independent computer security auditors) studies foundn and mutually confirmed numerous significant security flaws (over 30 if I recall). The "standards" that currently exist are next to worthless. kell

*/Paul Walmsley <paul@xxxxxxxxxxx>/* wrote:

Hello Richard and fellow listmembers,

    It's worth commenting on some of Mr. McClure's assertions before
    the Citizens Review Committee meets tomorrow. The quotes below are
    from
    Richard Valenty's story in the Colorado Daily tomorrow, kindly
    forwarded
    by Doug, two hours before print publication :-)

On Thu, 11 Dec 2003, Doug Grinbergs wrote:

    > "Since when did paper become a tamper-proof media? I could print
    ballots
    > on my $175 home printer that would look like real ballots," said
    > McClure. "If a group says that tampering and election fraud has
    been a
    > way of life in this country, you've just put a media that
    everyone is
    > accustomed to right back into their hands."

    It's not clear why Neal McClure believes that his ability to print out
    fraudulent paper ballots at home would negatively affect the
    security of a
    paper-ballot election.

    Perhaps he is asserting that he could print out hundreds of fraudulent
    ballots at home and then substitute them for genuine ballots at
    some point
    in the voting process, or stuff the ballot box at the polling place.
    Since this problem is well-known, as a society, we've developed
    some good
    safeguards. We staff polling places with sworn election judges to
    prevent
    one person from stuffing many ballots inside the ballot box when
    they come
    to vote. We seal ballot boxes after the polls close so the boxes
    cannot
    be tampered with enroute to the vote counting center. Citizens and
    election judges are able to monitor the vote counting process, and
    verify
    by sight, if they so choose, that the count recorded by an optical
    scanner
    matches what is recorded on the paper ballots.

    These security measures are fairly easy to understand -- unlike the
    security measures required to ensure that Mr. McClure's DRE
    machines ! are
    working correctly. For malicious or buggy computer programs
    running in
    his DRE machines could change citizens' votes at any point in the
    voting
    process.

    > "We store the votes in three physically separate memory locations.
    > There's a primary path from what we call a 'mobile ballot box,'
    which is
    > just a flash memory card. We provide a software application that
    will
    > collect and store the alternative storage of those electronic
    ballots,
    > and allow you to compare that with the primary data path," said
    McClure.

    Mr. McClure's "three separate copies" do no good if his software
    records
    the wrong vote immediately before those three separate copies are
    stored.
    In that case, the wrong vote would be stored in three separate
    places.
    Triple redundancy ... for the wrong information! Any recount would
    merely
    result in the same incorrect vote tally.

    With DREs such as Mr. McClure's, the voter has absolutely no way of
    ensuring that the machines did not corrupt their vote.

    On the other hand, in an election using voter-verifiable paper
    ballots,
    the voter can carefully review their ballot before depositing it
    in the
    ballot box. And the paper is always there for a recount.

    > CVV is currently attempting to get Boulder County to delay
    purchasing a
    > new system. According to a position statement from the CVV Web site,
    > http://coloradovoter.net, technical standards for voting systems
    "have
    > not yet been developed by National Institute for Standards and
    > Technology (NIST) as required under the Help America Vote Act
    (HAVA)."
    >
    > McClure called the Daily from Washington, D.C. on Thursday,
    where he was
    > attending a NIST conference titled "Building Trust and Confidence in
    > Voting Systems." According to McClure, standards do in fact exist
    > despite the claims of CVV and other nationwide groups.
    >
    > "T! here are standards in existence, the Federal Election
    Commission (FEC)
    > standards of 2002," said McClure. "In the HAVA, it's required
    NIST to
    > manage the voting system certification process. The NIST people have
    > been involved with the National Association of State Election
    Directors
    > (NASED).
    >
    > "Voting systems are now being built to a set of standards. To
    think that
    > NIST is going to come up with a set of standards that are
    completely and
    > absolutely different is inaccurate. What NIST is looking at doing is
    > taking FEC standards and doing some incremental improvements on
    them,"
    > said McClure.

    The issue is not that "some" standards do not exist -- it is that
    the NIST
    standards do not exist. Why is this so important? One reason is
    because
    the Colorado Secretary of State's election rules specifically
    require DREs
    purchased or leased in Colorado to conform with NIST's standards.

    No one, not! I nor Mr. McClure, know what these standards will be,
    since
    they do not yet exist. So CVV's position in this regard -- that it is
    unwise to purchase any systems before NIST releases their
    standards -- is
    actually an election rule, promulgated by the Colorado Secretary
    of State.

(Colorado's election rules are at

- in particular, see rule 34.2.)

    (As an aside, CVV has never claimed that standards do not exist.
    In fact,
    CVV's website has had a link to the FEC standards mentioned by Mr.
    McClure for several weeks - see
    .)

    > "I'm the project manager for the IEEE voting systems standards
    > committee," said McClure. "There's a federal law that says if
    there's a
    > commercial standard, a government entity must adopt it. I will
    tell you
    > that the IEEE standards have taken FEC standards as their starting
    > point."

    I challenge Mr. McClure to back up his claim that "there's a
    federal law
    that says if there's a commercial standard, a government entity
    must adopt
    it."

    > "What happened then is that companies and people got organized and
    > addressed the issue. At the stroke of midnight, planes didn't
    fall out
    > of the sky and financial markets didn't crash. As engineers, we
    have to
    > say 'Sure, problems are possible, but are they likely?' I'm
    confident in
    > the accuracy and integrity of an election conducted on eSlate," said
    > McClure.

    As many news stories have demonstrated, problems with DRE machines
    are
    widespread. We should not rely on a vendor's word that their
    machines are
    trustworthy. Rather, we must require that any machine that a voter
    uses
    must not record the vote directly - rather, it must generate a
    full-text,
    voter-verifiable, paper ballot. Anything less is disrespectful to
    all !
    those who have fought and died to give us the democracy we have
    today.

- Paul

------------------------------------------------------------------------ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing <http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=21260/*http://photos.yahoo.com>

References:
- Re: 12/12 Daily: County to vote on voting system finalist
  - From: kellen carey

Prev by Date: Re: County: lack of outreach on e-voting issues
Next by Date: Re: "Ballot Now" system
Previous by thread: Re: 12/12 Daily: County to vote on voting system finalist
Next by thread: "Ballot Now" system
Index(es):
- Date
- Thread