[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]

At 7 a.m., we opened the polls, and head judge Jim cast the first vote, to 
a round of applause from all of us. Voters trickled in, but at a slow 
pace. I felt some hostility from my fellow judges. This was not helped by 
what transpired next. A TV crew from Fox News showed up at the polls and 
asked the head judge if they could interview me. The head judge called a 
"super" judge at the county and came back and said no. The reporter asked 
to speak to the super judge, named Jackie, and was obviously not getting 
anywhere. She left rather angry, with a nasty exchange with head judge Jim 
and some unpleasant words with head judge Marie. I felt very 
uncomfortable. At that moment, there were no more voters in the room, and 
I offered to everyone in the room that I was not here to pull a publicity 
stunt, and that I would agree not to speak with any reporters throughout 
the day. This was a serious responsibility and duty that I took with the 
utmost respect for the system, and I would not let it turn into a mockery. 
A few minutes later, though, a photographer from the Baltimore Sun showed 
up with a reporter in tow. The same routine happened, only this time, they 
allowed the photographer to take pictures of me working and checking in 
voters and programming smartcards. However, they would not let the 
reporter talk to me. An angry exchange ensued, and when he left, I felt 
that tempers were pretty hot.

Once again, I reiterated my intensions of being nothing more than an 
objective judge today. The situation was worsened when one voter had a 
problem with his card which the voting machine spit out. He was given a 
new card, but I was concerned, and so I asked head judge Marie to count 
the ballots and check them against the count in the machine after he left. 
She did, and the count was fine. The smartcard really had failed and it 
was fixed. However, I overheard head judge Jim complain to Joy that I had 
made a big deal about that incident because the Baltimore Sun reporter was 
there. That was not true. It was a coincidence.

Over the next several hours, we all were busy checking in voters and 
dealing with running the election. Everybody calmed down, and we started 
joking around with each other and the mood became more positive. We only 
had one other minor press incident during the day. During breaks, I 
decided to educate Marie and Joy about the security problems of electronic 
voting machines. Amazingly, they really started to get it. They confessed 
that they had been ready to fight me, and that there was great animosity 
towards me, but that, in their words, I wasn't "such a bad guy after all". 
At the same time, I started realizing that some of the attacks described 
in our initial paper were actually quite unrealistic, at least in a 
precinct with judges who worked as hard as ours did and who were as 
vigilant. At the same time, I found that I had underestimated some of the 
threats before. I think that being an election judge was the best thing I 
could have possibly done to learn about the real security of elections.

In our paper, we described how the smartcards used by these machines had 
no cryptography on them, and we made the widely criticized claim that a 
teenager in a garage could manufacture smartcards and use them to vote 20 
times. I now believe that this particular attack is not a real threat -- 
at least not in the primary I worked today. We had 9 judges and 5 
machines. Whenever a voter took what seemed to be too long, we always had 
a judge ask them if they needed help, or if something was wrong. Also, the 
machines make a loud clicking sound when the smartcard is ejected, and we 
almost always had a judge standing there waiting to collect the card and 
give the voter a sticker, as they are ushered out.

In general, multiple voting attacks during the election are not likely to 
work in a precinct such as the one where I worked. Every hour or so, we 
counted all of the voter authorization cards (different from the 
smartcards), which were in an envelope taped to the machine, and compared 
them to the number of votes counted by the machine so far. I believe that 
if any voter somehow managed to vote multiple times, that it would be 
detected within an hour. I have no idea what we would do in that 
situation. In fact, I think we'd have a serious problem on our hands, but 
at least we would know it.

Every hour, we also counted the totals on the machines and compared them 
to the totals in the registration roster that we used to check people in. 
I was amazed at the number of countings and pieces of paper that we 
shuffled throughout the day in what was billed as a paperless electronic 
election.

There were also some security issues that I found to be much worse than I 
expected. All of the tallies are kept on PCMCIA cards. At the end of the 
election, each of those cards is loaded onto one machine, designated as 
the zero machine. (I found it interesting that Diebold numbered the 
machines 0 through n-1, disproving my notion that they don't have anyone 
on board who knows anything about Computer Science.) The zero machine is 
then connected to a modem, and the tallies are sent to a central place, 
where they are incorporated with the tallies of other precincts. In our 
case, the phone line was not working properly, so we went to the backup 
plan. The zero machine combined all the tallies from the PCMCIA cards that 
were loaded one at a time onto the machine. It then printed out the final 
tallies. One copy of that went onto the outside door of the building where 
there were talliers and poll watchers eagerly waiting. The other was put 
into a pouch with all of the PCMCIA cards, each wrapped in a printed tally 
of the machine to which it corresponds, and that pouch was driven by the 
two head judges to the board of elections office.

The security risk I saw was that Diebold had designated which machine 
would be the zero machine, and at one point, all of the vote tallies were 
loaded onto that one machine in memory. That would be the perfect point to 
completely change the tallies. There is no need to attack all of the 
machines at a precinct if someone could tamper with the zero machine. In 
fact, even when the modem is used, it is only the zero machine that makes 
the call. In the code we examined, that phone call is not protected 
correctly with cryptography. Perhaps that has been fixed. I was glad to 
see that the administrator PIN actually used in the election was not the 
1111 that we used in our training, and that we had seen in the code.

One thing absolutely amazed me. With very few exceptions, the voters 
really LOVED the machines. They raved about them to us judges. The most 
common comment was "That was so easy." I can see why people take so much 
offense at the notion that the machines are completely insecure. Given my 
role today, I just smiled and nodded. I was not about to tell voters that 
the machines they had just voted on were so insecure. I was curious that 
voters did not seem to question how their votes were recorded. The voter 
verifiability that I find so precious did not seem to be on the minds of 
these voters. One woman did come up to Joy and complain that she wanted a 
paper ballot to verify. But, Joy managed to convince her that these 
machines were state of the art and that there was nothing to worry about, 
which was followed by a smile and a wink in my direction. I just kept 
quiet, given the circumstances. As an election judge, my job is to make 
the election work as well as possible, and creating doubts in the voters' 
minds at the polls does not figure into my idea of responsible behavior. 
Perhaps the lightest moment in the day came when one voter standing at his 
machine asked in the most deadpan voice, "What do I do if it says it is 
rebooting?" Head judge Marie turned white, and Joy's mouth dropped. My 
heart started to beat quickly, when he laughed and said "just kidding." 
There was about a two second pause of silence followed by roaring laughter 
from everyone.

I found the reaction to that joke interesting. Everybody was willing to 
believe that this had happened, and yet when it became clear that it 
didn't, we all felt relief. I'm sure that the other judges would have 
claimed that this was impossible, and yet, for a brief instant, they all 
thought it had happened.

There were a few unusual moments related to my previous work on e-voting. 
Several people recognized me from TV appearances and from the paper. 
Yesterday, I was on two CNN shows and the local ABC station criticising 
Diebold's voting machines, and last week, I was on the Today show and on 
TechTV. One voter who I was checking in, leaned over and said, "I know who 
you are." I just smiled. Then he asked me if he should even bother voting, 
and if I thought the machines would "hold out". I answered that my views 
were well known, but that today I was an election judge. Another voter 
asked me, "Aren't you that hacker guy?"

In the beginning of the election, we printed a "zero tape" of each 
machine. I found this to be the kind of charade that a confidence man 
would play when performing some sleight of hand. So, the machines printed 
each candidates name with a zero next to it. Somehow, that is supposed to 
mean that there are no votes counted on the machine? I don't know. I think 
I could write a five line computer program that would print the zero 
tally, and I don't see how that ties into the security of the election. In 
fact, that was not the only procedure that I thought served more as eye 
candy than real security. For example, the process for collecting the 
smartcards was for the unit judge to take the card from the voter and put 
it on a piano that was across the room. Every 15 minutes or so, the unit 
judge would take the cards and give them back to us book judges. When a 
Diebold rep showed up, I asked her about this, and she said that it was 
done to give the voters a sense that nothing was being kept on the 
smartcards about their voting session. After my experience today, I can 
say with total confidence that this would not have ocurred to any of the 
voters we had.

There was a very funny moment around 2:00 in the afternoon. A voter 
complained that she was a Democrat but had been given the Republican 
ballot. This required both head judges to void the ballot. It turned out 
that this had been my mistake when I coded the smartcard. In fact, I was 
the only one the entire day who made such a mistake. The less than young 
judges had a good time constantly reminding me of who the careless judge 
was at this election. One of them commented to me that there are many 
young people who are incompetent and many old people who can manage an 
election just fine, thank you.

I continue to believe that the Diebold voting machines represent a huge 
threat to our democracy. I fundamentally believe that we have thrown our 
trust in the outcome of our elections in the hands of a handful of 
companies (Diebold, Sequoia, ES&S) who are in a position to control the 
final outcomes of our elections. I also believe that the outcomes can be 
changed without any knowledge by election judges or anyone else. 
Furthermore, meaningful recounts are impossible with these machines.

I also believe that we have great people working in the trenches and on 
the front lines. These are ordinary people, mostly elderly, who believe in 
our country and our democracy, and who work their butts off for 16 hours, 
starting at 6 a.m. to try to keep the mechanics of our elections running 
smoothly. It is a shame that the e-voting tidal wave has a near hypnotic 
effect on these judges and almost all voters. I believe that after today's 
experience, I am much better equipped to make the arguments against 
e-voting machines with no voter verifiability, but I also have a great 
appreciation for how hard it is going to be to fight them, given how much 
voters and election officials love them.

We were not allowed to use cell phones or access email all day. On my way 
home from the polls, I called my voicemail at work. I had messages and 
requests for interviews from ABC News, the Baltimore Sun, the Washington 
Post, Wired News, CNN, several radio stations and the New York Times. So, 
this issue is not going away. Over the next few days, I'll be discussing 
my experience and probably sparring with the usual suspects in the various 
media outlets. My biggest fear is that super Tuesday will be viewed as a 
big success. By all accounts, everyone at my precinct felt that way. The 
more e-voting is viewed as successful, the more it will be adopted, and 
the greater the risk when someone decides to actually exploit the 
weaknesses of these systems.

It's now almost midnight, and I've been up since 5:00 a.m. I'm falling 
asleep as I type this, so I will end here. Good night.
Prev by Date: Avi Rubin's experiences as an election judge
Next by Date: RE: Can we consense on hand-counting for 2004?
Previous by thread: Avi Rubin's experiences as an election judge
Next by thread: Request from VerifiedVoting.org
Index(es):
- Date
- Thread