Disruptions. Glitches. Delays. Oh My! We make our predictions for the voting snags you should expect on Election Day.
Viewing entries tagged
I've spent a fair bit of time over the last few days digesting a broad range of media responses to last week's election's operation, much it reaction to President Obama's "we've got to fix that" comment in his acceptance speech. There's a lot of complaining about the long lines, for example, demands for explanation of them, or ideas for preventing them in te future -- and similar for the difficulty that some states and counties face for finishing the process of counting the ballots. It's a healthy discussion for the most part, but one that makes me sad because it mostly misses the main point: the root cause of most election dysfunction. I can explain that briefly from my viewpoint, and back that up with several recent events. The plain unvarnished truth is that U.S. local election officials, taken all together as the collective group that operates U.S. federal and state elections, simply do not have the resources and infrastructure to conduct elections that
- have large turnout and close margins, preceded by much voter registration activity;
- are performed with transparency that supports public trust in the integrity of the election being accessible, fair, and accurate.
There are longstanding gaps in the resources needed, ranging from ongoing budget for sufficient staff, to inadequate technology for election administration, voting, counting, and reporting.
Of course in any given election, there are local elections operations that proceed smoothly, with adequate resources and physical and technical infrastructure. But we've seen again and again, that in every "big" election, there is a shifting cast of distressed states or localities (and a few regulars), where adminstrative snafus, technology glitches, resource limits, and other factors get magnified as a result of high participation and close margins. Recent remarks by Broward County, FL, election officials -- among those with the most experience in these matters -- really crystalized it for me. When asked about the cause of the long lines, their response (my paraphrase) is that when the election is important, people are very interested in the election, and show up in large numbers to vote.
That may sound like a trivial or obvious response, but consider it just a moment more. Another way of saying it is that their resources, infrastructure, and practices have been designed to be sufficient only for the majority of elections that have less than 50% turnout and few if any state or federal contests that are close. When those "normal parameters" are exceeded, the whole machinery of elections starts grinding down to a snail's pace. The result: an election that is, or appears to be, not what we expect in terms of being visibily fair, accessible, accurate, and therefore trustworthy.
In other words, we just haven't given our thousands of localities of election officials what they really need to collectively conduct a larger-than-usual, hotly contested election, with the excellence that they are required to deliver, but are not able to. Election excellence is, as much as any of several other important factors, a matter of resources and infrastructure. If we could somehow fill this gap in infrastructure, and provide sufficient funding and staff to use it, then there would be enormous public benefits: elections that are high-integrity and demonstrably trustworthy, despite being large-scale and close.
That's my opinion anyway, but let me try to back it up with some specific and recent observations about specific parts of the infrastructure gap, and then how each might be bridged.
- One type of infrastructure is voter record systems. This year in Ohio, the state voter record system poorly served many LEOs who searched for but didn't find many many registered absentee voters to whom they should have mailed absentee ballots. The result was a quarter million voters forced into provisional voting -- where unlike casting a ballot in a polling place, there is no guarantee that the ballot will be counted -- and many long days of effort for LEOs to sort through them all. If the early, absentee, and election night presidential voting in Ohio had been closer, we would still be waiting to hear from Ohio.
- Another type of infrastucture is pollbooks -- both paper, and electronic -- and the systems that prepare them for an election. As usual in any big election, we have lots of media anecdotes about people who had been on these voter rolls, but weren't on election day (that includes me by the way). Every one of these instances slows down the line, causes provisional voting (which also takes extra time compared to regular voting), and contributes to long lines.
- Then there are the voting machines. For the set of places where voting depends on electronic voting machines, there are always some places where the machines don't start, take too long get started, break, or don't work right. By now you've probably seen the viral youtube video of the touch screen that just wouldn't record the right vote. That's just emblematic of the larger situation of unreliable, aging voting systems, used by LEOs who are stuck with what they've got, and no funding to try to get anything better. The result: late poll opening, insufficient machines, long lines.
- And for some types of voting machines -- those that are completely paperless -- there is simply no way to do a recount, if one is required.
- In other places, paper ballots and optical scanners are the norm, but they have problems too. This year in Florida, some ballots were huge! six pages in many cases. The older scanning machines physically couldn't handle the increased volume. That's bad but not terrible; at least people can vote. However, there are still integrity requirements -- for example, the voters needs to put their unscanned ballots in an emergency ballot box, rather than entrust a marked ballot to a poll worker. But those crazy huge ballots, combined with the frequent scanner malfunction, created overstuffed full emergency ballot boxes, and poll workers trying to improvise a way store them. Result: more delays in the time each voter required, and a real threat to the secret ballot and to every ballot being counted.
Really, I could go on for more and more of the infrastructure elements that in this election had many examples of dysfunction. But I expect that you've seen plenty already. But why, you ask, why is the infrastructure so inadequate to the task of a big, complicated, close election conducted with accessibility, accuracy, security, transparency, and earning public trust? Isn't there something better?
The sad answer, for the most part, is not at present. Thought leaders among local election officials -- in Los Angeles and Austin just to name a couple -- are on record that current voting system offerings just don't meet their needs. And the vendors of these systems don't have the ability to innovate and meet those needs. The vendors are struggling to keep up a decent business, and don't see the type of large market with ample budgets that would be a business justification for new systems and the burdensome regulatory process to get them to market.
In other cases, most notably with voter records systems, there simply aren't products anymore, and many localities and states are stuck with expensive-to-maintain legacy systems that were built years ago by big system integrators, that have no flexibility to adapt to changes in election administration, law, or regulation, and that are too expensive to replace.
So much complaining! Can't we do anything about it? Yes. Every one of those and other parts of election infrastructure breakdowns or gaps can be improved, and could, if taken together, provide immense public benefit if state and local election officials could use those improvements. But where can they come from? Especially if the current market hasn't provided, despite a decade of efforts and much federal funding? Longtime readers know the answer: by election technology development that is outside of the current market, breaks the mold, and leverages recent changes in information technology, and the business of information technology. Our blog in the coming weeks will have several examples of what we've done to help, and what we're planning next.
But for today, let me be brief with one example, and details on it later. We've worked with state of Virginia to build one part of new infrastructure for voter registration, and voter record lookup, and reporting, that meets existing needs and offers needed additions that the older systems don't have. The VA state board of elections (SBE) doesn't pay any licensing fees to use this technology -- that's part of what open source is about. The don't have to acquire the software and deploy it in their datacenter, and pay additional (and expensive) fees to their legacy datacenter operator, a government systems integrator. They don't have to go back to the vendor of the old system to pay for expensive but small and important upgrades in functionality to meet new election laws or regulations.
Instead, the SBE contracts with a cloud services provider, who can -- for a fraction of the costs in a legacy in-house government datacenter operated by a GSI -- obtain the open-source software, integrate it with the hosting provider's standard hosting systems, test, deploy, operate, and monitor the system. And the SBE can also contract with anyone they choose, to create new extensions to the system, with competition for who can provide the best service to create them. The public benefits because people anywhere and anytime can check if they are registered to vote, or should get an absentee ballot, and not wait like in Ohio until election day to find out that they are one in a quarter million people with a problem.
And then the finale, of course, is that other states can also adopt this new voter records public portal, by doing a similar engagement with that same cloud hosting provider, or any other provider of their choice that supports similar cloud technology. Virginia's investment in this new election technology is fine for Virginia, but can also be leveraged by other states and localities.
After many months of work on this and other new election technologies put into practical use, we have many more stories to tell, and more detail to provide. But I think that if you follow along and see the steps so far, you may just see a path towards these election infrastructure gaps getting bridged, and flexibly enough to stay bridged. It's not a short path, but the benefits could be great: elections where LEOs have the infrastructure to work with excellence in demanding situations, and can tangibly show the public that they can trust the election as having been accessible to all who are eligible to vote, performed with integrity, and yielding an accurate result.
Tomorrow is Election Day 2012, and with many people experiencing pre-election angst, perhaps now is not the time to start telling our patient readers what the heck we've been doing in technology land for the last several months. Right now, we're in a bit of a breather, as election officials and other partners have been focusing solely on the final slog to election day, and readying for a couple intense weeks of work post-election. So instead, I'll be focusing on sharing with you a technology spin on current election news, and get around to our own accomplishments a little later. The news of the moment I want to share is this: there is a good chance that Ohio's state and federal election results won't be available on Election Night or even the next day, and root of the problem is technology. To continue the tree analogy, the trunk is process, the branches are people, the leaves are provisional ballots, and the possible storm blowing through the tree is litigation about the ballots. The technology root is balky; the trunk process of finding absentee voters is tricky; election officials didn't do the process correctly; thousands of absentee voters will instead vote provisionally; the delay in counting those ballots can create the opportunity for a storm.
As a result, there is Florida-2000-style election meltdown looming in Ohio. Due to problems with Ohio's voter records database, perhaps as many as 100,000 Ohioans will vote on provisional ballots, a huge number when you consider that every one of them requires human decisions about whether to count it. And those decisions must be monitored and recorded, because if the decision is "yes" then it is irrevocable. Once a provisional ballot is separated from the voter's affidavit (explaining why they are entitled to vote even if the poll worker didn't think so) and counted, then you can't un-count it. Likewise, the "no" decisions lead to a pile of uncounted ballots, which can be the focus of litigation.
"How does a voter records system lead to this?" you might well ask, thinking of a voter registration system that mainly handles new voter registration (creating a new voter record), and updates or re-registration (e.g. changing the address in an existing voter record). Technology glitches could disenfranchise a voter, but create an election integrity meltdown? Yes - and that's because we're not talking about a voter registration system or database, but rather a voter records system that local election officials use for many purposes. And in this case, it's the hinge for absentee voting.
Here's how it works. An Ohio voter requests absentee status via a voter registration form, either a new registration or an update of an existing record. If that request is granted, the voter record's absentee status is updated. Later on, 50-something days before the election, local election officials use the system to find all the people in their county who will be voting absentee, and send each of them their absentee ballot via U.S. Post. But what if the "find all the absentee voters" part doesn't work? Then some people don't get an absentee ballot, and many of them will try to vote in person, and hit a snag, because:
- The find-the-absentee-voters part is tricky to do with the voter-records system, and many county officials were not given the correct instructions for the lookup. As result, many absentee voters didn't get an absentee ballot.
- What does seem to work OK is preparing the pollbooks for in-person voting, where the poll books indicate for each voter whether they have absentee status. As a result, you get voters with absentee status -- but no absentee ballot -- showing up on Election Day, and being told that they already have a ballot.
Then what? Well, if a voter is persistent and/or the poll workers well-trained and not swamped, then a poll worker will help the voter understand how to vote provisionally -- mark a ballot that does not go into the ballot box, but rather into an envelope with the voter's info. After the election, all these provisional ballot envelopes go to county election HQ, where election officials have to process each envelope, to decide whether the ballot inside should be counted.
Now, the 100,000 estimate kicks in. In a small county with thousands of provisional ballots, or a large county with tens of thousands, the provisional ballot processing can easily go all night and into the next day, because it can't even begin until all absentee ballots have been centrally counted, folded into the results from precincts, and tabulated as preliminary election results. Now suppose that statewide, the margin of victory for the presidential election is only tens of thousands of votes, and statewide there are 100,000+ provisional ballots that are yet to be counted?
In that case, provisional ballot processing is going to receive a lot of scrutiny, and every one of those non-counted ballots is going to be subjected to the type of controversy we saw in Minnesota 4 years ago with the Franken-Coleman senate contest that took weeks to resolve. And this is the situation that has many Ohio election officials (and me) praying that whatever the election result is, the margin is wider than the number of provisional ballots.
This situation is rooted in a voter records system that's too complicated and clunky for harried, under-funded, under-staffed, hard-working election officials to use reliably. So if you doubted that ordinary information technology could create a possible election meltdown just as easily as flaky proprietary voting systems, well, now you know. And that's just one reason why we've been hard at work on registration-related technology -- try to help create the public benefit of an election that is and can be seen to have been administered correctly, before the ballot counting even begins.
Keep those fingers crossed …
Yesterday, judges in New York state were hearing calls for hand recount, while elsewhere other vote counts were being factored into the totals, and on the other side of the Atlantic, the same question "where are the election results?" was getting very serious. In the Ivory Coast, like in some places in the U.S., there is a very close election that still isn't decided. There, it's gotten serious, as the military closed off all points of entry into the country as a security measure related to unrest about the close election and lack of a winner. Such distrust and unrest, we are lucky to have avoided here; despite the relatively low levels of trust in U.S. electoral processes (less than half of eligible people vote, and of voters polled in years past a third to a half were negative or neutral), we are content to let courts and the election finalization process wind on for weeks. OK, so maybe not content, maybe extremely irate and litigious in some cases, but not burning cars in streets.
That's why I think it is particularly important that Americans better understand the election finalization process -- which of course like almost everything in U.S. elections varies by state or even locality. But the news from Queens NY (New York Times, "A Month After Elections, 200,000 Votes Found") though it sounds awful in headline, is actually enormously instructive -- especially about our hunger for instant results.
It's not awful; it's complicated. As the news story outlines, there is a complicated process on election night, with lots of room for human error after a 16 hour day. The finalization process is conducted over days or weeks to aggregate vote data and produce election results carefully, catching errors, though usually not changing preliminary election-night results. As Douglas A. Kellner, co-chairman of the State Board of Elections, said:
The unofficial election night returns reported by the press always have huge discrepancies — which is why neither the candidates or the election officials ever rely on them.
That's particularly true as NY has moved to paper optical scan voting from lever machines, and the finalization process has changed. But in the old days, it was possible to misplace one or a few lever machine's worth of vote totals with human errors in the paper process of reading dials, writing numbers on reporting form sheets, transporting the sheets, etc. Then, add to that the computer factor for human error, and you get your 80,000 vote variance in Queens.
Bottom line -- when an election is close, of course we want the accurate answer, and getting it right takes time. Using computerized voting systems certainly helps with getting quicker answers for contests that aren't close and won't change in the final count. And certainly they can help by enabling audits and recounts that lever machines could not. But for close calls, it's back to elbow grease and getting out the i-dotters and t-crossers -- and being thankful for their efforts.
More tabulator troubles! In addition to the continuing saga in New York with the tabulator troubles I wrote about earlier, now there is another tabulator-related situation in Colorado. The news report from Saguache County CO is about:
a Nov. 5 “retabulation” of votes cast in the Nov. 2 election Friday by Myers and staff, with results reversing the outcome ...
In brief, the situation is exactly about the "tabulation" part of election management, that I have been writing about. To recap:
- In polling places, there are counting devices that count up votes from ballots, and spit out a list of vote-counts for each candidate in each contest, and each option in each referendum. This list is in the form of a vote-count dataset on some removable storage.
- At county election HQ, there are counting devices that count up vote-by-mail ballots and provisional ballots, with the same kind of vote-counts.
- At county election HQ, "tabulation" is the process aggregating these vote-counts and adding them up, to get county-wide vote totals.
In Saguache, election officials did a tabulation run on election night, but the results didn't look right. Then on the 5th, they did a re-run on the "same ballots" but the results were different, and it appears to some observers that some vote totals may be been overwritten. Then, on the 8th, with another re-try, a result somewhat like in NY:
... the disc would not load and sent an error message
What this boils down to for me is that current voting system products' Tabulators are not up to correctly doing some seemingly simple tasks correctly, when operated by ordinary election officials. I am sure they work right in testing situations that include vendor staff; but they must also work right in real life with real users. The tasks include:
- Import an election definition that specifies how many counting devices are being used for each precinct, and how many vote-count datasets are expect from them.
- Import a bunch of vote-count datasets.
- Cross-check to make sure that all expected vote-totals are present, and that there are no un-expected vote-counts.
- Cross-check each vote-count dataset to make sure it is consistent with the election definition.
- If everything cross-checks correctly, add up the counts to get totals, and generate some reports.
That's not exactly dirt-simple, but it also sounds to me like something that could be implemented in well-designed software that is easy for election officials to use, and easy for observers to understand. And that understanding is critical, because without it, observers may suspect that the election has been compromised, and some election results are wrong. That is a terrible outcome that any election official would work hard to avoid -- but it appears that's what is unfolding in Saguache. Stay tuned ...
PS: Hats off to the Valley Courier's Teresa L. Benns for a really truly excellent news article! I have only touched on some of the issues she covered. Her article has some of the best plain-language explanation of complicated election stuff, that I have ever read. Please take a minute to at least scan her work. - ejs
NYT reported on the continuing counting in some New York elections, with the control of the NY state house (and hence redistricting) hanging in the balance. The article is mostly apt, but the reference to "hanging chad" is not quite right. FL 2000's hanging chad drama was mainly about the ridiculous extreme that FL went to in trying to regularize the hand re-counting rules for paper ballots, while each time a ballot was touched, the rule could change because the chad moved. In this NY election, the problem is not a re-count, but a slow count; not problems with the paper ballots per se, but with the opscan counting system; and not a fundamental problem with the ballot counting method, but several problems arising from poll-worker and election officials' unfamiliarity with the system, being used for the first time in this election. Best quote:
Reginald A. LaFayette, the Democratic chairman of the Board of Elections in Westchester, said older poll workers had trouble reading the vote tallies printed out by the machines. “You take the average age of an inspector, it’s maybe about 65, and so you put a new product out with them, and the change has been overwhelming to some of them,” he said.
It's another example of the of situation I recently described in North Carolina. These voting systems were built for time-to-market, rather than designed, engineered, and tested for usability and reliability -- much less designed for simplicity of the process of combining tallies into election results.
The recent experience in New York is nothing truly new - but rather an example of the usability issues manifested in an election organization that, unlike those elsewhere using similar voting system products, has not yet learned by experience how to use these quirky systems with greater speed and transparency than the first time around. Of course, it is a shame that this type learning-by-doing in real elections is necessary at all, to get to a reasonably transparent election process. But that's what the vendors served up the market, and that's what TTV is working to improve on.
Last time, I wrote about what I learned from two curious statements in the context of the NC experience with and litigation about flakey voting machines. Today is Part Two, starting by explaining what I mean by "flakey", and finishing with a response to Johnnie McLean's (NC SBE deputy director) statement at the conclusion of the litigation. When I say "flakey voting machine" I simply mean that the machine in question is prone to mis-behavior that leaves the voter with low confidence that their votes were recorded correctly. Examples from this election include both touch-screen misbehavior and opscan machines accepting one sheet of a two-sheet ballot and rejecting the other sheet. What do I mean by "prone to"? Just that mis-behavior has frequently been alleged, even if some allegations proved unfounded. When I see a voting machine behaving in a way that I see as strange, it's just a fact that I'm not going the confident about the outcome, even if someone explains that the voting machine is just fine and the behavior was my problem.
And that "not my computers' fault" explanation is what's behind Ms. McLean's remarks:
I hope this is the end of the issue. We have every confidence in the voting systems North Carolina has and I've seen no evidence that we should feel differently.
That's sensible at one level, but completely misses the point at another level. Ms. McLean is being sensible when she points out that there were no cases of a voting machine mal-functioning by mis-counting votes, and that most of the incidents were from machine mis-behavior caused by user error. And yes, the mis-behavior was caused in part by people touching the screen in multiple places, so you could say that it was the "voter's fault." Technically, it might be true to say that these machines were operating "according to spec" which includes: if you calibrate them tightly and a user touches a screen in exactly the wrong way, the user will see some weird stuff that is not what they meant.
But that is missing the point. Even when these devices are operating "correctly", they can easily mis-behave. From the perspective of a voting machine vendor, these devices are operating "correctly" when they get confused by a voter doing multiple simultaneous moving touches. It's not that the voting systems are inherently un-reliable in counting votes (or at least no less unreliable than software in general). Rather, these particular NC systems are inherently flakey. They just weren't designed for or built with technology that supports very-low-error operation by ordinary people in the wide variety of typical circumstances. Of course not! This is not your typical iPad -- but rather 20 year old screen technology in some cases. This is not your typical iPhone running an award-winning iPhone app, developed with sophisticated usability testing -- but rather a somewhat hastily-assembled system created about 8 years ago to cheaply and quickly get to market to be the first to soak up HAVA funding.
Of course, NC voters deserve better than these current systems. And NC taxpayers deserve better+cheaper than the perhaps-a-bit-better but quite expensive replacements that vendors offer, but many election officials literally can't afford. It's just that in the US voting systems market today, you just can't get what you deserve, never mind how important high-confidence elections are.
(PS: and we continue to work on fixing that!)
I was very encouraged by recent election news from Ohio's Cuyahoga County, reported in the Cleveland Plain Dealer newspaper: Reason for election machine glitch found, officials expect things to be OK for the primary. At first blush, it might seem like bad news:
All told, 89 of the Cuyahoga County Board of Elections' 1,200 machines powered down and then froze during a specific test done to ensure the optical scanners were reading paper ballots correctly.
But as the Plain Dealer's Joan Mazzoli said in her folksy headline, the point is that the Cuyahoga BOE disclosed to the public exactly the problems that they encountered, the scope of the problems, and the possible effect on the election that will be conducted with machines that they tested. In fact BOE director Jane Platten explained the specific error logging procedures that they will use to audit the election, to make sure that no votes are lost even if the machines malfunction during the election. As Mazzoli quoted Platten:
We want to ensure everyone's votes are counted.
Of course that is every election official's goal, but this news is about a bit more: making sure that everyone's votes are counted, and "making sure" in a way that the voters can see and believe in despite known problems with the election technology being used. That is what I call helping people Trust the Vote, and for that I say - Kudos to Cuyahoga!
Whew. We're through it, and for all the angst, sweat, and tears, I sense it went well. I want to thank the Panelists for being so good-natured (and well behaved as to the time limits in responses). We had some intense moments of heated disagreement and heated agreement. I'll have some more to say later when more recovered, but I believe this is the start of an on-going conversation that brought out the challenges and opportunities of using the Internet in the elections and voting processes.
- Apologies to Operation Bravo for getting it absolutely wrong on the Pilot locations (polling being on verses off Military base). I learned a valuable lesson to not try and wedge in that final question in the middle of the night when its too late to wake anyone to confirm facts. Good thing I had the "Plan B" question.
- Apologies to the activists who hounded me about using a coin toss to determine which side went first on closing remarks. I agreed to do so, put the 2 Euro in my pocket to toss, and then completely forgot in the rush of the final moments before going live to actually toss the coin, and had to randomly point at one side to go first at closing. DoH!
For whatever its worth, I will not declare a winner or loser. You can watch it on Vimeo or YouTube yourself when it finally posts in a couple of weeks.
But I will say this, as Moderator I thought the Proponents Team pulled it together in the closing argument and made some interesting points after earlier seemingly dropping some balls on answers. And I thought the Opponents Team could've registered a far stronger closing statement after slicing through issues with surgical precision throughout the preceding 80 minutes.
One More Apology
One final, off-topic comment that constitutes another, more serious "mea culpa." It has been called to my attention by a County Elections Official from Ohio who was "in the trenches" in 2004 and 2006, that our Every Vote Counts booklet has an error on the time-line page claiming a recount was required in the 2004 Ohio results due to machine errors. This is completely false on all counts and I allowed ourselves to be drawn in by some faulty reporting and research. In fact, some recounts in 2006 (not '04) were due to some scanning equipment malfunctions of a mechanical nature only. The machine issues otherwise alleged have never been substantiated and this Election Official, Rokey Suleman (now running elections in D.C.) has good reason to be frustrated with me by something unintentionally picking at an old battle scar.
We're going to fix that. I am committed to transparency. First, may I please publicly apologize to Rokey Suleman for my public relations and outreach teams' embarrassing goof. The buck (er, book) stops with me; they're my team and I take full responsibility for that. There are no excuses. We should have done closer proofing of the work. OSDV Foundation has a great story to tell, and I hate the possibility of diluting it with an errant statement or representation.
Here is the repair list:
- We will correct that page before any further printing of that booklet. I will do my best to halt further distribution of this version, but apologize in advance if there remain copies floating about or accidentally further distributed.
- More importantly, we're going to give Rokey Suleman our podium here to explain to all of you reading, the story inside Ohio from one of the gentleman who was in the middle of it; from his personal and direct experience. Mr. Suleman has agreed to draft that for our publication here under his name as a guest blogger.
Furthermore, I note that we learned here in Munich that Rokey is doing some amazing things in his new appointment running D.C. elections. And he has a deep commitment to overseas and military voters. I find him to be highly motivated, and passionately committed to accurate, transparent, trustworthy, and secure elections. And I am impressed by his innovative attitude and intense commitment to seeing the District of Columbia (America's answer to the Vatican ;-) ) be a thought leader and model for elections in the 21st century and digital age. His passion for transparency (and interest in open source methods) is refreshing.
I hope this small token of our regrets will allow Rokey Suleman another reasonably public forum to set the record straight (in this case, apparently skewed again at our own hands).
Otherwise, the Debate was fun and exhausting and I can't wait for the video replay. Cheers
Thanks to erstwhile election texpert Dan Wallach for bring attention to the burglary of an early voting center in Houston, and to the Houston Chronicle's Chris Moran for coverage of the story including good quotes from Dan! But I have to add that in addition to theft of computers containing voter records, there were also voting machines (Hart InterCivic DRE devices and the central controller for them) that were not stolen, but the thieves had access to. And as I've pointed out a number of times, it's a shame that these voting systems (Hart and all the others) store vote data on re-writable media, and of course the software is equally modifiable as well. It's one thing to have these fundamentally vulnerable machines in county facilities, or temporary deployed during Election Day in polling places under the watchful eye of poll workers -- but another to leave them sitting in community center utility rooms overnight, night after night for a couple weeks. The votes (the electronic recording of e-ballots) are just sitting there protected by a lock on the door. But even more importantly, as Dan pointed out to me, the real problem is confidence in the election result. Suppose a contest in this election is close, and someone claims that the election results from this particular precinct are anomalous or suspicious. It would be impractical to prove the negative -- that the machines or the vote data were not tampered with, even though we know there was opportunity for it. Now, don't get me wrong. In this case I doubt that bad guys were trying to sway this election by jiggering a handful of DREs, using special skills to falsify the security seals on the devices, and calling attention to the deed by ripping off some PCs. But because these voting machines are vulnerable in their basic design, incidents like this one can't help but give naysayers the ability to cast doubt on the election results. We can do better -- and will.
But technology aside, I still have questions on the election officials' response to the incident. As Moran reported, yes they will check the security seals (twice!) and will assume that, absent evidence of tampering, these machines are in the same state that they left election HQ, and that the data they recorded was not effected either. But suppose that the thieves banged the machines about a bit, broke a security seal, flaked out a disk drive - or even that someone walked by with a big magnet in their pocket, and scrambled a few bits? The machines would show evidence of tampering or damage, but vote data on them might still be recoverable. Should those votes count in the election result? There is no really good answer - either way, public confidence in the election results is compromised. That can't be prevented 100% by any technology, but here is a novel idea: let's design voting technology so that we purposely avoid having it be the Achilles Heel of public confidence. OK, maybe it's not so novel, but it is what we're doing.
The reports of computer viruses in NY voting machines -- though spurious -- cause me to return to a basic mantra of TrustTheVote: we do technology development so that election tech helps inspire public confidence in elections, rather than erode it. The NY case is a great example of erosion, but also a cautionary tale for future inspiration. The caution comes from the significant and ongoing confusion about the term "virus". But first, the situation in question arose in Hamilton County, NY, part of the hotly contested NY 23rd Congressional District race between Hoffman and Owens. It's an ugly scene, because the vote was close, it's already certified, Owen is seated, but re-canvassing efforts highlighted some counting irregularities. These weren't large enough to effect the race, but were enough to spark Hoffman to un-concede defeat, and to issue a letter with some really disturbing claims of the election having been stolen. Now, add to this the claim that the election result is further tainted by the discovery of a computer virus in the voting system used in Hamilton. That's a real example of tech digging the confidence hole that much deeper - ouch!
But the really sad part of this, for me, is that the true story is a good story about election officials doing the right thing: when they found a software bug, they worked with the vendor and created an effective work-around -- maintaining the integrity of the system, the exact opposite of the story about the virus undermining the system. The real virus is that spurious story! The details, provided by NY State election official Doug Kellner, also provide another example of complexity of diligent election administration:
In pre-election testing several counties discovered the Dominion ImageCast machines froze when fed ballots that contained contests with multiple candidates to be elected. It was determined during the week before the election that the cause was a source code programming error in the dynamic memory allocation of the function that stores ballot images--not the counting function. Although only one line of source code needed modification, NYSBOE staff properly refused to approve any modification of source code without proper certification. Dominion developed a work-around by changing the ballot configuration file--not the source code so that the machines using the new configuration files functioned on election day. It is my understanding that a few county officials, who were using the machines for the first time, did not properly revise the configuration files and the machines were used in emergency ballot mode--that is, ballots were inserted in the emergency ballot boxes contained within the machine and were counted manually after the close of the polls.
Kudos to NY for doing their job right, in the real world of flawed equipment, not the fantasy land of viruses and stolen elections. New Yorkers should be thanking the NYSBOE for a job well done!
PS: For a detailed debunking of the virus claims, see the blog of NY election tech expert and advocate Bo Lipari. It's excellent. It got picked up in local press. But it can't catch up to the idea virus, as the tale continues to mutate through the blogosphere that Hoffman was cheated by corrupt election officials, or ACORN, or computer hackers, or viruses, or some combination. ;-(
"Finally, the good news – because New York votes on paper, everybody’s vote was counted. When the scanner stopped working, the ballots were removed and counted, so no votes were lost. Paper ballots, a software independent record of the vote, proved their great value in their very first outing in the Empire State. " (from: No Voting Machine Virus in NY-23 Election)
Its an interesting article explaining what actually seemed to have happened in NY-23. I say "seemed" because I am sure there must be other interpreations and explanations, but the one I am citing here rings pretty realistic to me.
Election officials in Myrtle Beach, SC, noted the absence of about 260 votes in the recent election there. Fortunately, the votes were found, and the reason for the error discovered -- and both before the election was certified. It's a good thing that Myrtle Beach election officials were making their lists and checking them twice, because it's quite possible for the omission to have been overlooked until after the election was final. However, the story is a good illustration of how some technology design decisions create the scope for operator error. The basic story is that in one polling place, a poll worker made a mistake in the process of extracting electronic vote totals from a voting machine, using a removable data storage cartridge in a way that's similar to how you might use a USB flash drive to copy some files off of your PC. The problem, however, it that these particular voting machines are designed to be picky -- if you don't use the right cartridge the right way, the data is not copied, and is omitted from the supposedly complete vote totals compiled later (Also, it is not obvious to exhausted poll volunteers when this mistake occurs.)
You might ask, why so picky? Wouldn't it be better to record vote totals in a way that didn't depend on a poll worker not making mistakes at the end of an 18+ hour day? Well of course, put that way, yes. But when you look at the actual details of the way the iVotronic voting machines work, you can see that from a techie perspective, the design is not crazy -- right up to the V-8 moment of realizing that a consequence is that operator error results in lost votes. Those details are not technical, quite instructive, and well explained by voting technology expert Doug Jones:
The electronic cartridge (PEB) is used to initialize the machine in the morning, enable the machine for voting before each voter, and close down the machine in the evening.
In some jurisdictions, a polling place has multiple PEBs: a master PEB for opening and closing the polls, and another used for routine voting. When you do this, only the master PEB has the zero report and the vote totals on it. If you've got several iVotronics at the polling place, and you use a different PEB to close the polls on some of them, the master PEB won't have all the totals; then, when you upload it, you'll be missing votes from some machines.
This is an excellent example of a procedural error of the type that the voting systems could help defend against, but don't. It would be possible to write specs that lead to automatic detection of machines believed to have been deployed for which no totals have been reported. Sadly, we haven't got such behavior in our system specs, and as a result, we chalk such problems up to human error and let the voting system off the hook.
As you can see, once again the devil is in the details -- and thanks to Doug for the infernal info.
Pennsylvania has ordered a statewide recount of the race for Pennsylvania Superior Court Judge - a recount that is similar in scope and significance as the Minnesota Franken/Coleman recount (though one hopes less acrimonious), as the result will decide who will be making durable rulings in law for the whole state. It's an interesting story, for at least a couple reasons. This recount is also the first one performed under the PA state law that automatically triggers a full recount when a contest's margin of victory is by less than one-half of 1 percent of the total votes cast. It's also interesting because of the variety of voting technology across the state, and hence the variety of re-counting methods and results. For example, in Lackawanna County, which was already doing local-race recounting a few days ago, County Commissioner Mike Washo was quoted:
We share the concerns of everyone who came here to talk about having every vote count. We're going to ensure that every vote is counted. The good news is, with paper, we have the ballots.
Even so, there is still controversy there, because the re-count is using equipment that is similar to the counting equipment that had the apparent failures that caused Lackawanna County officials to do the recount in the first place. Despite the 2% hand recount, some are wishing for 100% hand recount in addition to the machine recount.
In other counties, no doubt the local variations in voting methods will drive different concerns and controversies. But the compare-and-contrast possibilities of this statewide recount should be very instructive. Stay tuned ...
A good question re-surfaced for us as we participated in the National Civic Summit recently. The issue was and remains about identifying a "gold build," that is, when there is a particular system/version that is certified for use as a voting system, how should election officials know that the systems that they deployed are systems that are an instance of the certified system. Previously, we provided some answers of how you could answer the question "How do I know that this voting machine is a good one" and provide in the wiki on a more technical treatment of "field validation" of voting system devices. But the slightly different question that arose recently is: how does open source help?
The simple answer is that open source techniques do not directly help at all. We could build a completely open system that has exactly the same architectural blockades to field validation as the current vendors' product do. However, the TrustTheVote open source project has some advantages. First, we're working on voting systems, which have sufficiently simple functional requirements (compared to general purpose computing systems) that field validation of voting devices isn't as difficult as in the more general case. *
The second advantage allows us to sidestep many of these complexities, given the relative simplicity of voting devices. We were able to go back to the drawing board and use an architecture that simplifies the field validation problems, for the very specific and limited class of systems that are voting devices.
Openness itself didn't create these two advantages; but in conducting a public works project, we have the freedom to start fresh and avoid basic architecture pitfalls that can undermine trust. Therefore, the value of working openly is that the benefit of this work -- increased confidence and trust -- is a bit more easily achieved because field validation is fundamentally a systems trust issue, and we address in a way that can be freely assessed by anyone. And that's where the open source approach helps.
* NOTE: for the detail-oriented folks: in general, the twin problems of Trusted Software Distribution and Trusted System Validation are, in their general form, truly hard problems. Feasible approaches to them usually rely on complex use of cryptography, which simply shifts the burden to other hard problems in practical applied cryptography. For example, with "code signing" my Dad's computer can tell him that it thinks he should trust some new software because is it signed as being from his SW vendor (e.g., Microsoft or HP); but he wonders (rightly) why he should trust his computer's judgment in this matter, given the other mistakes that his computer makes. For more on the non-general voting-system-friendly solution, see the TrustTheVote wiki: https://wiki.trustthevote.org/index.php/Field_Validation_of_Voting_Systems
Today's news yielded another pair of oddly juxtaposed news items. Starting with news from the world's largest democracy, India, where voting machine tampering is in the news, following a recent election in Orissa province.
Strange things have happened in many states including Orissa and a lot of complaints, allegations and cases have been lodged, observed the NGO and technocrat team.“We are taking the issue up at a national level. We are not opposed to the use of EVMs but we want them to be the pride of India and therefore tamper-proof," said Mr Prasad and Mr Rao.
Given the level of activism involved, it may be that India will soon be the world's leader in e-voting incidents, at least as measured by number of voters potentially affected.
Another candidate for world's largest voting body -- the Internet, or in this case, the subset of net-connected people planet-wide, who elected to participate in the Time.com 100 Poll on the world’s most influential people in government, science, technology and the arts. Millions voted, or, well, there were millions of votes, but we're not sure how many voters. It turns out that Time's 100 Poll voting system was hacked in a particular and clever way. Not only did the winner turn out to be "moot" (the handle for founder of the 4chan graphic BBS) but the whole poll was rigged continually so that the acronym of the names of the top 21 influential people turned out to be "Marble Cake, or The Game." (Apologies to #5 placer Larry Brilliant, who might actually be the 5th most influential person on the planet, rather than just the B in marBle). A blog posting by Paul Lamere includes an excellent account of the details of the hack.
For the Time.com 100 hack, the local reaction here in Silicon Valley may be mainly one of wry amusement, but I expect the same may not be true with our counterparts in Bangalore, Pune, et. al. India's election integrity NGOs are now calling for a way that to promote public confidence that India's real elections are more trustworthy that Time's Internet polls -- with the added challenge of public pride in a country that is far less technically literate, and indeed far less literate, than the U.S. electorate that we are more used to thinking of. Heartfelt best of luck to Prasad, Rao, and compatriots in India. Now, back in Silicon Valley, it's tea-time - a slice of marble cake, anyone?
I'd like to call your attention to this week's electile dysfunction news, which is about a mini-Minnesota situation in Fairfax County, Virginia. I think it's instructive because it illustrates how some problems with "paperless" voting are actually quite similar to a more old-fashioned form of voting, "paper only" voting, and a mooted new-fangled kind of voting, Internet voting.
The dust has settled – sort of – in the “lost ballots snafu” in Palm Beach County Florida, enough that I can correct a very serious mis-reading of the events, and briefly summarize the two completely contradictory “outcomes” of investigation: (1) it’s an accounting problem, not a technology problem, and (2) it’s a technology problem. Either way, the result is a failed election – not just a clouded outcome, but a completely failed election. The very short story: a recount was needed, 3000+ ballots couldn’t be
As a sad example of suspicion arising from current e-voting systems, I'd like you to read a story that I don't really know how to believe -- which is my point.
It seems like e-voting snafus are like weather: there’salways a bit of a storm somewhere, and now and then you get a big one. Although we can thank our lucky stars that we haven’t had a real hurricane, an electronic equivalent of Florida in 2000, the recent Arkansas vote-flipping snafu might qualify as a force 9 gale.
And because this time it is clear the outcome of the race was also flipped, this case of Arkansas State House District 45 in 2008 might