But how do we know our ballots are counted?

By Betsy Salter of Portland, Oregon. Betsy describes herself as "a 47 year old working mom who helped found the Oregon Voter Rights Coalition."

Most Oregonians assume because we use paper ballots that our elections are accurate. The reality is that our paper ballots are counted on optical scanners and aggregated on computers, both of which use proprietary software owned by for-profit private out-of-state corporations. We have NO idea whether these electronic machines have been counting our votes accurately.

If this is an issue you've been following and have written to your county clerk to explain why you are concerned about the integrity of our election system, no doubt you have heard all their excuses:

* 'All election equipment must be certified by the federal and state governments before it can be purchased for use in Oregon.' In reality, the federal and state governments have privatized the certification of election software so that election machine corporations pay private certification corporations to certify the election machines. Hmmmmm.

* 'We conduct logic and accuracy (L&A) tests on each machine before, during and after each election.' In reality, L&A tests are only designed to make sure that the optical scanners are reading the ballots correctly. The L&A tests cannot ensure that the optical scanners and aggregators are adding our votes accurately.

* 'There has never been a statewide recount that has overturned an election.' SO WHAT? Past recounts have only been conducted if the margin between the candidates is so miniscule that a winner cannot be determined OR if someone is willing to pay for the cost (financially and with their political career) of the recount if the recount does not result in changing the outcome of the election. There may have been elections for which a recount would have reversed the results, but WE WILL NEVER KNOW.

Fortunately, Representative Mitch Greenlick recognizes this weakness in Oregon's otherwise stellar election system. In response, Mr. Greenlick has introduced House Bill 3270, requiring mandatory handcounts of a scientifically drawn random sample of ballots to verify machine tallied election results in Oregon. Co-sponsors of HB 3270 include Representatives Phil Barnhart, Peter Buckley, Ben Cannon, Brian Clem, Paul Holvey, Jeff Merkley, and Chuck Riley.

HB 3270 will receive a hearing with the House Ethics, Elections and Rules Committee on Monday, March 19th at 8:30 a.m. If you can attend the hearing and show your support for mandatory independent verification of machine tallied election results, PLEASE come to this hearing and testify.

If you can't attend the hearing, there are many other ways you can support this critically important legislation:


1. Ask your state representative to co-sponsor HB 3270.

2. If your state representative co-sponsored HB 3270 -- thank him!

3. Write to the members of the Ethics, Elections and Rules committee to give the bill full consideration and receive a committee vote.

Please go to the Oregon Voter Rights Coalition website for more suggestions and information,

With your help, we can restore the public's trust in Oregon's election system and demonstrate to the nation that, once again, Oregon leads the way in ensuring that elections in America are accessible, transparent, secure and verifiable.

Comments

  • Steve Bucknum (unverified)
    (Show?)

    In the past, those that have been for more secure elections have over-reached and over-reacted, at least as far as what the problem in Oregon could be. I have seen proposals like having a webcam at every ballot box (and we vote by mail!), and proposals that would be impossible in some of Oregon's smaller Counties.

    This proposal, to use a sampling method, is exactly the correct response to the type of technology used. In my County we have 17 precincts. If we randomly selected two per election and hand counted ballots in one or two races (perhaps one State wide race and one local - randomly selected), it would clearly show if the machines were counting correctly. It would take our County staff about an hour to do.

    That is not over reaching. That is reasonable.

  • gt (unverified)
    (Show?)

    Simple. Have everyone fingerprinted and then check the ballots against the fingerprint records. I don't like the idea that criminal illegal Mexicans can cast ballots in Oregon.

  • (Show?)

    GT, in The United States of America we have something called the Bill of Rights? Ever heard of it? Does the Fourth Amemdment ring any bells?

    Forcing Americans to be fingerprinted as a condition for voting is a preposterously un-American suggestion.

    Where did you say you were from?

  • Bob R. (unverified)
    (Show?)

    GT's proposal also eliminates the notion of a Secret Ballot. Voters using GT's scheme could be harassed for voting the "wrong" way.

    The counties ALREADY compare signatures from the outer envelope to voter registration cards. This is fair and eliminates most fraud. Requiring a verification fingerprint on the ballot itself is unlawful, unconstitutional, invasive, and well, ludicrous.

    • Bob R.
  • Bob R. (unverified)
    (Show?)

    I would add a separate proposal (it doesn't have to be part of this bill) -- a web-based interface to see if your envelope has been received by the county.

    This would be relatively simple to implement - the outer envelopes already have bar codes and a tracking number. The voter could simply jot down this number, go to a state-run web site a few days later, and enter in the number. The output would simply be "received", "not received", or "problem - please contact elections office" and could include contact information for people concerned about their ballot.

    No names, private information (and nothing about how a person may have voted), etc., need to be disclosed -- just the unique number and "received" or "not received". This would prevent fraud and intimidation while adding confidence to voters who want to know their ballot will be counted.

    • Bob R.
  • (Show?)

    There are actually other technological solutions out there. I can share some of these if people are interested--I attended a very informative conference on voting technology just last week.

    One important provision of this ballot is badly misdirected, though: the requirement of handcounts .

    It has been demonstrated time and again that hand counts are more prone to error than rerunning a set of the ballots through the optical scanner a second time.

    You can have a second machine count under the eyes of independent auditors, or the two political parties, or all of these parties.

    But requiring a hand count as a measure of "accuracy" is bad public policy.

  • Phil Jones (unverified)
    (Show?)

    All that's needed to confirm identities is for the State Attorney Generals office to regularly compare SSN's with names registered with the U.S. Treasury Dept. No ballots should be mailed to those whose name doesn't match their SSN. To date, the state AG has refused to do that.

    So far as electronicly counting votes is concerned, pre-election tests should be run by running a known sampling of ballots through the entire system and comparing the results with the expected count. Then, all tallying and reporting equipment (including programmable routers) should be sealed and not used until the actual voting day.

    But, heck, accountability just isn't much fun, is it? And that's exactly why you end up with two terms of G.W.Bush and Company, lazoids.

  • (Show?)

    Bob R:

    Something like that would be nice. Even just something in the meantime that clearly and noticeably tells people they can contact the elections office to verify their ballot was received without problem

    Of course many of the problems with ballots occur after the ballots have been scanned as received. We'd need some kind of notice that states it has only been received, and that there could still be a problem.

    The most common problems are missing signature, wrong signature (people in the same household get their outer envelopes mixed up), signature does not match, and missing signature.

    These aren't checked prior to the ballots being scanned as received. They're checked in the days leading up to the election, as well as election day. These checks go into the night, and in big elections, into the following day(s).

    I think it would be much easier to do a received/not received system than it would be to include a notice that there is a problem with a person's ballot.

  • (Show?)

    Matching names to the SSN database the Treasury Dept. has is not a good thing.

    They do something similar with the forms for student loans/grants, and every time my application is rejected. Why? Because my official SSN record has two middle names (original middle name & my maiden name), but most forms only allow for a single middle initial.

    Therefore, I'm always rejected and have to bring in my birth certificate, social security card, and a certified copy of my marriage certificate.

    That would be a huge burden on voters, since copies of those forms cost money. Our marriage license was lost in the mail after we got married, and we had to pay a pretty penny to get a certified copy. And you don't automatically receive a certified copy of a birth certificate -- you have to pay for one. That's no different than a poll tax, which is illegal.

    Names can mismatch for a variety of reasons, and not giving ballots to someone because their name doesn't match is bad policy.

  • TechnicalFixesAreNotSolutions (unverified)
    (Show?)

    paul - unfortunately, your comments are based on addressing a different problem than Betsy is addressing with her efforts. What interests me is if you know that or not.

    Betsy is addressing the issue of detecting rigged machines and her solution is the proper way to do that, assuming a known unrigged machine is available. Which of course is not a reasonable or valid assumption.

    You are addressing the issue of random faulty machines, and your solution is one way to do that. However, the mathematical details of sampling theory says in general that insuring an accurate result could require a large number of recounts, and that knowing the number of recounts required itself requires knowing something about the actual failure mode and rate (which, if you knew, could be dealt with other ways more effectively.)

    Phil Jones - I think you miss the point entirely about what elections are about, and the trust factor. First, people distrust electronically counted elections because they can't see what is happening with their own eyes. Second, no amount of testing in the form you suggest can ever assure anyone there has not been tampering after the test. Seals can be broken and re-installed, and at some point the cost of technological solutions to just seals starts to exceed the cost of doing something non-technological.

    You may not like that, but in an election in a free society, where the purpose of an election is the peaceful transfer of power, it's not your choice whether you like it. Your only reasonable choice is to respect it.

  • TechnicalFixesAreNotSolutions (unverified)
    (Show?)

    Betsy is addressing the issue of detecting rigged machines and her solution is the proper way to do that, assuming a known unrigged machine is available. Which of course is not a reasonable or valid assumption.

    Should have read:

    Betsy is addressing the issue of detecting rigged machines and her solution is the proper way to do that, assuming a known unrigged machine is NOT available. Which of course is a reasonable and valid assumption.

  • JohnH (unverified)
    (Show?)

    Well folks, the problem has been solved...in Venezuela. Their solution was to audit the machine by matching paper ballots to results found on the machine. Everything is totally transparent, nothing is left to dispute.

    On election night, up to 50% of the paper ballots are randomly selected for auditing. With such a high audit requirement, the final vote distribution will be virtually identical to the distribution found in the audit.

    To conduct the audit five people from the community are randomly selected as auditors. People from political parties are free to attend. One person picks up a paper ballot and announces out loud the selection marked on the ballot. The people randomly selected from the community and from the political parties record what they hear. Once the ballot by ballot audit is completed, votes are tallied. The tally on the machine must match the tally of the auditors. If they match, results are posted and sent to election central. Everyone can see if the tally recorded at election central matches what was announced locally.

    Results are available the same evening.

    Granted, in Venezuela, ballots do not contain as many candidates and initiatives as here. However, this problem can be solved. For instance, begin with a 5% audit of all machines. Where races prove to be close, increase the audit requirement according to the tightness of the race.

    This voting system is one of the reasons that Venezuelans give higher marks to their democracy than do citizens of any other country in Latin America. Despite intense polarization of the population between Chavistas and the opposition, the legitimacy of the last election was never in doubt.

  • Phil Jones (unverified)
    (Show?)

    It's amazing how many naysayers come out of the closet to whine about how difficult solutions can be to technical issues. Some people just can't see the forest for the trees, I suppose.

  • JMG (unverified)
    (Show?)

    I highly recommend a very readable book called "Brave New Ballot" by Avi Rubin, Ph.D. at Johns Hopkins U. Terrific book about the problems with computer voting and a very rational proposal for using technology in a way that doesn't make voting into a black box exercise where the voters simply have to trust private for-profit companies.

    (Note that this describes a system for states that do not use all mail ballots. A lot of this doesn't apply in Oregon because of the mail thing, but the principles are the same.)

    In a nutshell, a very fast, trustworthy system for polling place voting is this:

    1) Use touchscreen technology to let the voter create a paper ballot. The touchscreen provides the error correction (warnings about overvotes, undervotes, etc.) This machine also counts the votes.

    2) The voter takes the paper ballot and inserts it into an optical scanning machine made by an entirely different vendor. That machine reads the ballot and tallies the votes--and keeps the paper ballot.

    3) Thus, you have two separate tallies on two different machines made by two different companies that should be identical.

    4) If not, you have the paper ballots to permit hand recounts as needed to determine which machine is erring.

    In the all-mail balloting system, we lose the advantage of having the capability for immediate warnings to alert the voter about various kinds of spoiled ballot issues (overvoting, undervoting, etc.) However, if we cared to, it's easy to imagine systems that would let us send voters a notice (e-mail or sealed card) saying "Your ballot had an overvote that will void your vote in the following races, please contact your elections office to revote" or "Your ballot did not register a choice in the following races" (for undervotes). This is harder, for sure, but perhaps democracy is worth it.

  • SadlyMisguided (unverified)
    (Show?)

    JMG - there would be horrendous distrust of a computerized system which actually tracked whether an individual's ballot had been undervoted or overvoted. And some degree of tracking would have to happen to cause voter notification to happen. The lack of immediate feedback, and the real problems correcting that, is one of those system flaws with VBM that contribute to make it a very detrimental system to our state. Read the rest of my comment for another one.

    The following two paragraphs recount a true story, Google it for yourself if you don't believe me:

    After the 2004 election the story emerged that Timothy Griffin --- a Republican operative who has been back in the news recently as the new Arkansas DA installed after the political firings of 7 DAs by the adminstration --- had been involved in voter suppression dirty tricks that some argue is what made the difference between Kerry winning and losing.

    The tactic was simple, and not illegal: They sent non-forwardable, first class letters to registered voters. Eligible voters for which letter was returned, for any reason, had to go to non-trivial extra effort to vote, if they bothered at all, and had their voter registration suspended or cancelled if they didn't actively take steps to maintain it.

    Now, compare that to what happens in Oregon under VBM with the full support of terribly naive people like Betsy Salter (in her own words: "Oregon's otherwise stellar election system", "Oregon leads the way in ensuring that elections in America are accessible, transparent, secure and verifiable.")

    In Oregon, every election, the state sends a non-forwardable first class letter (the ballot) to voters. Eligible voters for which letter (ballot) is returned, for any reason, in the end have to to go to extra effort to vote, if they bother at all, and will in many cases have their voter registration cancelled if they don't actively take steps to maintain it. The only case where registration is maintained is when the USPS positively reports the status of the recipient.

    In addition, with our VBM system, failure to return a ballot because the voter failed to receive for whatever reason, but that the PO delivers because they do not have some notice on file of a delivery status change by the voter, also results in the voter being noted as having not voted in the election with the registration status consequences that follow from not voting in an election.

    The fact is, that in Ohio, the scheme was designed to suppress Democratic votes directly. It was based on recognizing that voters with less address stability are more likely to vote Democratic because the socio-economic factors which (traditionally) pre-disposed people to vote for Democrats also pre-disposed people to have less address stability, and to vote more irregularly. In Ohio, of course they upped their chances for suppressing the Democratic vote by targeting registered Democrats. Note that this only upped their chances, though, because starting with the Reagan era, people registered as Democrats in fact voted Republican - so Griffin's tactic probably suppressed some Republican votes.

    In Oregon, there is no reason to believe other than VBM has a similar suppression effect because the effect arises from the mechanism of how ballots are delivered and how a voter remains eligible to receive a ballot. In addition, up until now there has been no widely publicized research that has disproved this probable suppression effect. There also is no work reported on the SOS website in this regard. If it exists someone should bring it forward.

    There are actually much more compelling arguments out there why VBM is bad for governance. In particular, Prof. Paul Gronke has been quite articulate in this regard. The proponents one hears from everywhere have shown, however, they really don't care about those arguments for a one dominant reason: They cheerfully cite how this system works well for them and people like them because it caters to their consumerist approach to life, and see no problem at all with imposing that consumerist mentality on our election system.

    In their argument though lies the very proof of the destructive nature of VBM voting. They cite as it's strength how it has been designed to make it easy, and therefore filter, for participation by them and people like them. In that way they embrace making it less easy, and therefore filter against, participation by those who have less address stability, or are just the victim of random system failures each election. This also is not the full story about address instability and the very negative consequences of VBM, this particular aspect of address instability is the one that speaks most directly to the misguided arguments of those who defend VBM as a progressive concept, and who choose to ignore the far more substantive arguments why VBM is bad for our state, our country, and representative democracy.

    Betsy, I support your measure. It is good common sense regardless of how elections are conducted. However, I think it is sad you actually believe that the result of your work is to restore the public's trust in Oregon's election system and demonstrate to the nation that, once again, Oregon leads the way in ensuring that elections in America are accessible, transparent, secure and verifiable.

  • Ross Williams (unverified)
    (Show?)

    we can restore the public's trust in Oregon's election system

    There is no need to "restore the public's trust in Oregon's election system" since there it has never really lost that trust. Nor should it.

    There may have been elections for which a recount would have reversed the results, but WE WILL NEVER KNOW.

    And unless there is a recount for every election, WE WILL STILL NEVER KNOW. While its certainly possible someone could figure out how to tamper with the counting machines, its pretty unlikely. Its also unlikely they would get caught by a manual recount.

    This is a solution looking for a problem. The real problems with computerized voting are elsewhere and don't apply to Oregon's system. My guess is that old-fashioned ballot box stuffing is a bigger threat.

  • gt (unverified)
    (Show?)

    Fingerprinting is the most effective way to ensure that criminal illegal Mexicans don't cast ballots. They use fingerprinting in many other countries around the world - why not here? You want "every vote to count" yet then argue with me that my idea for a sure fire way to ensure just that is "Un American"? You liberals whine about every proposal. No wonder these Democrats can never get any decent legislation passed - they're always quibbling!

  • (Show?)

    Paul G wrote There are actually other technological solutions out there. I can share some of these if people are interested

    Yes, please. Do share.

    I am very interested in your thoughts about how to detect purposely rigged machines -- not because I think we have a problem, but for the sake of public confidence.

    I'll suggest one solution: Make the machine's internal code public. It sounds counterintuitive, but by making the code public, we invite every public-minded programmer to review the code, find bugs, and discover security holes. That's why open-source OS code is more secure than Microsoft's black box OS code -- more eyeballs, more accountability.

  • (Show?)

    The Ron Saxton challange: Prove that illegal immigrants are voting.

  • (Show?)

    Yes, GT, people in many other countries are not protected by our Constitution. Sounds like you'd be much happier in one of those places since you find living in a free country such a bother.

  • (Show?)

    Kari,

    A few comments. There are two other technical solutions that are being proposed.

    The first, very interesting proposal, involves cryptography. It provides the voter with a record analogous to a Fed Ex tracking number, which would allow the individual to track that their ballot has been counted. The more advanced variant of this allows a voter to see the actual ballot that was counted, again using cryptography, but the attendees agreed that this was too controversial at this point.

    The second solution is proposed by a guy in Canada ... I can't recall the name right now ... and it involves a ballot solution where the voter retains a record that they can check against a bitmapped image of the ballot actually counted. I don't want to go too far into the details now, and will post the URL tomorrow, but like the cryptographic solution, it uses randomization in such a way that the secrecy of the ballot is maintained but the voter can check what was counted.

    I don't want to go on too much about the last suggestion, but I am convinced from the conference that is it simply unworkable. Here are just three illustrations as to why:

    first, suppose a "flaw" is flagged just a few days before an election. What do we do? Do we stop the election? Do we assume the programmer is correct?

    Second, voting machines currently undergo a certification process that takes anywhere between 12-18 months. That means that the sort of timeline that is feasible for identifying software problems and releasing patches simply would not work for election machine code.

    Third, who "manages" the code? The GNU Election Foundation? The EAC? The Feds? The States? Who decides what counts as a good patch or not? I think the jury is still out on whether open source code is always more secure--anyone who ran Linux during its first few years I think may say something different.

  • Bob R. (unverified)
    (Show?)

    Paul -

    The problem with any proposal that allows an actual ballot to be reviewed by a voter after-the-fact is that it enables vote-buying. With campaigns now spending multiples of $10 per vote cast, how difficult is it to believe that an unscrupulous person would offer $$$ to disadvantaged persons who privately "prove" to them that they cast a vote a certain way? Also, the current concern about the "battered spouse" being intimidated into casting a ballot contrary to their intentions would become validated, because such an individual could now be forced by their partner to "verify" that they indeed cast their ballot a certain way. Granted, these may not ever be pervasive and widespread problems, but at the margins they could be enough to swing a close election. What problem are we solving by opening this potential new doorway for abuse?

    • Bob R.

    (To all, I'm responding to Paul's comments above, NOT to the legislative proposal described in the main post -- I do support the legislative proposal.)

  • (Show?)

    Oh, and by the way, there is a way to know if the machines are counting accurately. It is quite simple.

    You generate a given number of ballots with a known pattern of votes. There are many procedures by which you can generate these ballots and "embargo" the results from the election officials, the candidates, or whomever conspirator you happen to suspect today.

    Then you run these ballots through a machine, see what it reports, open the envelope, and voila!, you've certified the accuracy of the machine.

    This would work FAR BETTER than the inaccurate procedure known at the human recount.

  • (Show?)

    In other words, start with a known sample - and test-run it through the system... but you'd have to do 'em live, adding to the results. Any test that runs on a day that isn't election day is likely to be a test that the evil programmer has planned for.

    Like I said, I'm not particularly concerned about actual fraud, but public confidence in our system is critical. After the 2006 election, I heard lots of serious and thoughtful political professionals wondering if the Diebold people "gave" us the 2006 election in order to establish credibility in advance of stealing the 2008 election.

    Personally, I think that Oregon is better off than most states. After all, we've still got piles of paper ballots which CAN be hand-counted in a worst-case scenario (with all the usual problems that entails). It's the states where it's all bits on a disk that worry me.

  • (Show?)

    Kari, yes, actually we are routinely cited as having one of the best run systems. I've posted to another blog asking about a recount system (CA has a 1% recount that seems to work pretty well).

    Yes, you'd run the test just before counting on election day. Then again after the counting is done.

    By the way, got the links: The MIT Crypto group: http://theory.lcs.mit.edu/~cis/voting/voting.html#bibliography

    See especially Ben Adida and Ted Selker (who, by the way, had three brothers who attended Reed College).

    punchscan.org - that other system I butchered above.

    And this is cool, happening in PDX this summer at the same time as the NASS meeting: vocomp.org.

  • TechnicalFixesAreNotSolutions (unverified)
    (Show?)

    paul positively about technological solutions a little too quickly, and clearly does not think like a computer scientist. He says (with one snarky aside as academics are wont to do) incorrectly:

    Oh, and by the way, there is a way to know if the machines are counting accurately. It is quite simple.

    You generate a given number of ballots with a known pattern of votes. There are many procedures by which you can generate these ballots and "embargo" the results from the election officials, the candidates, or whomever conspirator you happen to suspect today.

    Then you run these ballots through a machine, see what it reports, open the envelope, and voila!, you've certified the accuracy of the machine.

    Sounds good, right? Can anyone see the glaring failure of his argument as presented?

    The answer is this: The conspirator you happen to suspect today could have rigged the machine to do the first 1, 2, 3, (or some number greater than whatever would be reasonably expected) counts correctly and then do rigged counts after that. And you can be the actual number of test counts +/- some small number will be set down in election law so the conspirator will know it a prior.

    Doing the test again after the count is complete would sound like it would be sufficient to catch this kind of rigging right? Well maybe only to political science professors who have a bias against hand counts for some reason, even though the purpose of hand counts is more than trust, and someone already gave a solution ho to make hand counts more accurate earlier in the thread. The test after the count is useless if the whatever conspirator you happen to suspect today has some idea how long the actual counting was to last. The tabulators can internally estimate time (quite accurately actually), and then starting counting accurately again after a time period that is assuredly less than the expected length of time that live votes will be tabulated.

    Rig a machine that way and, to paraphrase:

    and voila!, you've (falsely) certified the accuracy of the machine.

    Two other comments:

    First, paul's jab at open source is easily handled also: If you really believe that the whole solution is technology rather than properly done hand counts, you charge NIST with being the official development coordinator/maintainer/disburser of the only code that can be used in vote recording and tabulating machines. It doesn't actually solve the problem that people will never totally trust a count they can't see being done with their own eyes (hear with their own ears). However, if the idea is what paul is selling here of simply giving people plausible arguments designed to give people a false sense of trust in technological solutions, this is far more plausible than telling them to believe in proprietary code and complex algorithmic tricks that they will just have to believe can catch rigging.

    Second, The MIT-CalTech consortium Selker is associated with was formed for the explicit purposes of "selling" techological solutions. Lip service aside, they seem to not "get it" when it comes to the human dimension of what it means to actually establishing true trust in an election. But of course, what would one expect from folks at institutions that are about technology as much or more than the human dimensions of society, and who really do believe in technocracy.

    paul - In all seriousness, you have people reading your comments here who trust what you say. As intelligent as they believe they are, they are in fact swayed more by your authority than your arguments. By virtue of that authority and power, you really owe more than to them than this.

  • (Show?)

    Kari: In other words, start with a known sample - and test-run it through the system... but you'd have to do 'em live, adding to the results. Any test that runs on a day that isn't election day is likely to be a test that the evil programmer has planned for.

    Actually, Kari, we had our local Washington County Elections Officials do a presentation to us, and they told us that they already do exactly what you're talking about. They do the vote count in batches, recording the results for each, and several times after qualification they run a test batch to make sure the system is working perfectly.

    The system is so self-redundant and cross-checked, they're really not worried about intentional vote fraud. The checks are mostly there to make sure that a vote isn't thrown off by a sensor failure in one of the machines.

    Never attribute to malice that which can be adaquately explained by incompetence.

  • Ross Williams (unverified)
    (Show?)

    The Ron Saxton challange: Prove that illegal immigrants are voting.

    The bigger challenge. Prove it matters.

  • TechnicalFixesAreNotSolutions (unverified)
    (Show?)

    Steven Maurer makes the point I raised to Kari. Namely, that the kind of accuracy checks paul describes are all about finding random, normal failures: The checks are mostly there to make sure that a vote isn't thrown off by a sensor failure in one of the machines.

    Of course he goes on to illustrate the fundamental naivete on the part of many (not necessarily him) that they take an unfounded belief: The system is so self-redundant and cross-checked, they're really not worried about intentional vote fraud.. This is all but a technological impossibility: Any reasonable person assumes that an adversary knows as much about the design of the system, including the safeguards, as anyone and therefore will design an exploit around all of the safeguards. And whether a perfect set of safeguards can be designed depends totally on the problem being safeguarded against. Nothing has been put in evidence here or in the public domain that it is even theoretically possible to put perfect safeguards in place against practical rigging schemes.

    Maybe I'm dense, but in all honesty I can't quite parse this comment:

    Never attribute to malice that which can be adaquately explained by incompetence.

    What would be the "malice" referred to here, and what would be the "incompetence"?

  • TechnicalFixesAreNotSolutions (unverified)
    (Show?)

    A followup in response to paul's praise of the MIT-Caltech consortium and Selker:

    When they formed, they were concerned about restoring public trust in electronic direct recording machines and fully electronically conducted elections in general. As a quite legitimate intellectual tactic, they did some work which showed in many cases voter suppression dirty tricks were probably more responsible in Florida and Ohio for tilted elections than rigging or electronic election machine failures.

    Since they are interested in the problem of voter suppression --- by system design or malice intent --- it would seem that studying whether or not our VBM system has any suppression effects would be a legitimate thing from them to do. (Particularly since they have a problem with paper ballots also, and our system is completely based on paper ballots.) I haven't checked in with them lately to know if they have done this, but up through about a year ago they had not published any work in this regard.

    paul - do you know if they or anyone have, or are studying, the possible voter suppression properties of VBM? One possible scenario described in fair analogy to a known malicious voter suppression tactic in Ohio in 2004 has been noted here, so clearly there is a reasonable question for academic study there.

  • Ross Williams (unverified)
    (Show?)

    clearly does not think like a computer scientist.

    In this case that may be an advantage. The problem is that someone who wants to rig a machine to manipulate the vote needs to know an awful lot of specific information in order to direct a specific outcome. Then they have to have access to the optical scanner and the ability to reprogram its chip to mis-record votes in a specific way while avoiding detection.

    The reality is standardizing the procedures for voting and testing would make it easier, not harder, for someone seeking to rig a machine to avoid detection. This is the problem with Microsoft or any standard, every machine has the same security flaws.

  • gt (unverified)
    (Show?)

    "The bigger challenge. Prove it matters. "

    If you don't see a problem that criminals who broke the law can cast a vote, then that is a fundamental difference between the way you and I think. Here we are quibbling about "if my vote matters" and you argue "who cares if criminals vote". See the disconnect here?

    The solution is to require fingerprinting of everyone. Sure its a little intrusive but we should just accept the fact that fraud is rampant in today's world. They should do the same for credit card transactions, food stamp cards, everything. How much did we lose last year due to fraud? I'm sure any effort to stem this tide would be worth it.

  • TechnicalFixesAreNotSolutions (unverified)
    (Show?)

    Ross Williams is quite right about standardization and making it easier to rig elections. However, that is quite apart from what engenders (false) trust in non-technically adept people. The fact is, they will always trust that which someone they trust can examine, particularly if many people they trust can examine it, than that which they can't examine and have to take on faith is "OK" from someone they don't know.

    As long as we are throwing around aphorisms, I'll throw in the most important one every good engineer learns:

    Never choose a complex technical solution when a simpler technical solution suffices, and never choose a simple technical solution when a non-technical solution suffices.

  • Ross Williams (unverified)
    (Show?)

    If you don't see a problem that criminals who broke the law can cast a vote, then that is a fundamental difference between the way you and I think.

    Do you think it is a problem when we let people who got a speeding ticket vote? How about tax cheats? Shouldn't we require that people have an audit of their state and federal tax returns before we let them vote? I don't think so and I don't think it matters whether someone who lacks a proper work visa mistakenly votes either. In fact, I don't really see any good reason to exclude them from voting. They have a stake in the outcome like everyone else.

    Here we are quibbling about "if my vote matters"

    I don't know that is the real concern. I think the fear is that election results themselves are wrong, not that one or two votes are or aren't counted.

    What happened in Florida in 2000 was that every military vote was counted whether it was legally cast or not. These were believed to be Republican votes. At the same time there was a concerted effort to exclude the votes of people likely to be Democrats. These were not random decisions, they were made because of how they would impact the final result.

  • (Show?)

    TechnicalFixesAreNotSolutions: What would be the "malice" referred to here, and what would be the "incompetence"?

    In this case "malice" would be someone in the County Registrar's office risking a multi-year jail term by trying to engage in election's fraud under the eyes of both their coworkers (who are specifically chosen from a varety of political parties), and elections observers. The "hacking" - in this case would be literal. Vote scanning machines aren't PCs. They're much more like a big office copy machine. And the process of altering one is much more involved than changing the toner.

    Further, vote scanning machines are "stupid". They don't know what the bubbles stand for, they just count them. So you get a result like: "12193 ballots processed, bubble 1 checked 8372 times, bubble 2 checked 1219 times, ...".

    It's all tested and retested, right up to, and during, the actual vote count. And it's open to the public. You can call up your local elections office and take a tour. They'll show you everything.

    Now "incompetence" is voters - who contrary to explicit instructions - wad their ballot up into a ball, spill jam, coffee, and/or their kid's school art project glue on it, and/or otherwise do things that end up messing up the scanning machine if not caught. It takes only one glitter-star (a happyface for my candidate) coming off inside the machine and affixing itself to a sensor to start creating false positives and/or negatives.

    And - unlike the nefarious macro-conspiracy theories of the left and right, from evil Republican hackers to tens of thousands of illegal immigrants giving the police their name, address, and fake social-secutiry number - the "incompetence" stuff really does happen. That's why they test so often, and precheck the ballots for the basic "ewwww, we're not putting that through the machine". (In that case, a Republican and Democrat jointly create a clean copy of the voter's original ballot by a carefully recorded process.)

    I'd teach you more, but why don't you go down and see for yourself?

  • (Show?)

    "But requiring a hand count as a measure of "accuracy" is bad public policy."

    Actually, hand counts are the most accurate method we have. What they are not as good at is reliability.

    What's meant by that is that a machine has no native intelligence, and thus lives by the principle "garbage in, garbage out." If you run 100 ballots through a machine 100 times, the reliability of the machine--the likelihood you'll get the same answer each time--is very high. Humans, on the other hand, can be distracted to the point where they might not get the same result every time.

    What humans do better is to analyze ballots machines misread or don't read at all. In most states the intent of the voter is enough to create a valid vote, even if the marks made do not trigger the proper counting response by a machine.

    So if we're talking about whether humans are more reliable than machines, they're not. But if you want to know as exactly as possible how the vote came out in a close election, there's no substitute for human eyes.

  • Ross Williams (unverified)
    (Show?)

    never choose a simple technical solution when a non-technical solution suffices.

    I think this is just plain wrong. Anyone here think they can multiply 203405 by 344558 more accurately with a "non-technical solution" than they can with a calculator? On the other hand, when multiplying 30 by 5 you in fact may be more likely to make an input error on the calculator than to get the answer wrong in your head.

    The reality is the optical scanners quite likely count more accurately than a hand count (not to mention faster and cheaper). The problem is if they can be made to count inaccurately to effect the outcome of an election. And whether it is likely to be detected if someone does.

  • gt (unverified)
    (Show?)

    "Do you think it is a problem when we let people who got a speeding ticket vote? How about tax cheats? Shouldn't we require that people have an audit of their state and federal tax returns before we let them vote? I don't think so and I don't think it matters whether someone who lacks a proper work visa mistakenly votes either. In fact, I don't really see any good reason to exclude them from voting. They have a stake in the outcome like everyone else."

    I don't see how you can equate immigration and identity fraud with such petty crimes like speeding tickets and tax evaders? Do you HONESTLY view criminal illegal Mexicans in the same light as someone who gets a speeding ticket?

  • Schizzle (unverified)
    (Show?)

    I would like to see members of the Nation of Islam to be recruited in Oregon to count our ballots. It's the only "True" way of knowing what the count should actually be.

    Peace out.

  • Jerry A. (unverified)
    (Show?)

    With the advent of electronic machines, we now have the opportunity to use two methods (machine and hand count) to can check the accuracy of the outcomes. (The Oregon VRC method requires a sample of less than 3 percent of the votes using hand counts.) This method is a simple way of gaining "checks and balances" to ensure accurate outcomes. The method has been vetted by specialists in statistics nationally.

    Since the programming for the electronic machines is proprietary and the manufacturers have not allowed the software source code to be examined for malicious code, even by federal or state governments, this hand-count procedure is essential. HAVA (federal law) requires that software is certified for accuracy (by a private company that is paid by the vendor being certified). HAVA does not require an examination of software designed to find outcome-altering code.

    With an independent hand-counted sample of votes, we have a way of testing whether our votes were counted as cast. We certainly want to be sure that our bank hand-counts our money as we submit it to them and gives us a paper receipt of that count--as a check against the electronic record. Why would we want less assurance on the accuracy of the electronic count of our votes than at least a sample hand count?

  • Ross Williams (unverified)
    (Show?)

    I don't see how you can equate immigration and identity fraud with such petty crimes like speeding tickets and tax evaders?

    Tax evasion is stealing money from all of us and is a felony. Speeding sometimes kills people. What is it about working as a handyman or picking strawberries that is so dangerous?

  • Ross Williams (unverified)
    (Show?)

    Why would we want less assurance on the accuracy of the electronic count of our votes than at least a sample hand count?

    Because the exact count of money is important. The exact count of election results isn't unless it is a very close election.

    I don't think the question is whether you should trust the scanner counts. Its whether the current approaches used to assure that they are accurate are sufficient. And whether having a single statewide standard for doing so would add security or actually make them less secure.

  • (Show?)

    The exact count of election results isn't unless it is a very close election.

    It is very important. All someone has to do is set the machines to alter every X number of votes, and they can turn the outcome of an election.

    A stolen election doesn't have to be "very close."

  • Ross Williams (unverified)
    (Show?)

    A stolen election doesn't have to be "very close."

    Fraud is a different issue, the question was accuracy. With money if the count is off by a couple dollars, someone loses a couple dollars. If the vote count is off by a couple votes it probably isn't going to change the outcome at all.

  • gt (unverified)
    (Show?)

    "What is it about working as a handyman or picking strawberries that is so dangerous?"

    It's a huge detrmient to our society. These illegals are taking away work that kids should be doing in the summer instead of sitting on their lazy butts all day playing video games. "Cheap labor" in fact becomes very expensive when you take everything into consideration.

    We have to pay for their kids' educations. Since they have a LOT of kids and pay very little into it, that costs all of us. The fact that they overwhelm the ER's. That costs all of us. The fact that they bring a very substantial CRIMINAL element. The fact that many use stolen Social Security #'s.... How about that many BROKE the law and entered the country illegally, an insult to many who came from other countries and filed the necessary paperwork. I could go on and on. Have you checked the newspapers in some of the more suburban communities and see how many Hispanic names are in the arrest record? Do it sometime, I think you'll understand where I'm coming from. Check the McMinnville News Register or the Hillsboro Argus.

  • (Show?)

    Immigrants, legal and otherwise, commit fewer crimes than natives.

    So sorry, try another unsupported claim and see how far you get. Do you think BlueO readers are Fox News watchers? We don't just swallow GOP bullshit without checking.

  • (Show?)

    Jenni Simonis: All someone has to do is set the machines to alter every X number of votes, and they can turn the outcome of an election.

    That - like most programming - is easier said than done, Jenni. Take it from a programming expert. Optical counting machines are simply not the same thing as the rightly derided Diebold products. They are, largely, too dumb to hack. They're not connected to any network. They're reliable enough not to need last minute programming changes. They have an airtight chain of custody (since they never go anywhere). They are tested before, during, and after the election. And most importantly, to alter one, you have to be an expert in their technology, as opposed to (in the case of Diebold), being able to hack the vote merely by knowing Excel-spreadsheet-macro programming.

    I mean, certainly, if the entire office of a county elections office is determined to steal an election - including both someone conversant in programming vote counting firmware, and the entire office falsifying the test runs under the nose of election's observers - then anything can happen. But if you have that kind of airtight macroconspiracy, there's nothing to prevent them from miscounting or misreporting a hand counted vote either.

    At some point you just have to fundamentally believe that the entire world isn't actually specifically out to get you and/or your political perspective. People who can't do that don't need access to optical scanner assembly code. They need therapy.

  • Phil Jones (unverified)
    (Show?)

    Our Secretary of State, Bill Bradbury isn't concerned about illegal vote tabulations. He's fixated on those 26 foot tidal waves that are going to wipe out most of our coastal cities in the near future due to global warming.
    It's nice to see he has his priorities straight.

  • (Show?)

    Actually, it is easier than you think. And there are ways to do it without the machines being on a network. That is why handheld electronic devices are no longer allowed near the vote counting machines. Apparently there has been evidence that some machines can be altered using such devices.

    There are ways to do it, and those who want to often times have the money to spend to find out how.

    This isn't about conspiracy theories, there are various ways of altering and hacking these machines that have been proven to work. The folks over at OVRC can give you more information. It's been a while since I've sat through a presentation on this, so I don't recall all the details. I have so many things on my plate that it's not something I get to spend a lot of time on. But it is important.

  • Ross Williams (unverified)
    (Show?)

    see how many Hispanic names are in the arrest record? Do it sometime, I think you'll understand where I'm coming from.

    Oh, I think I got that ...

  • (Show?)

    GT,

    You keep claiming that "criminal illegal Mexicans" cast ballots in Oregon. How many have done so? Can you cite any sources? Or are you just making this up? Even if one or two or a couple dozen have cast ballots, I don't think this would be a huge problem since it probably wouldn't affect the outcomes of any election. But I doubt you can supply any proof or evidence of this claim of yours that illegal mexicans are voting.

    "criminal illegal Mexicans"

    Why is it that Republicans aways focus on and demonize the immigrants who may have come to this country illegally, but don't bother to criticize the business owners who hire them and provide the main motivation for these people to migrate to the US in the first place?

    I think most of the condemnation should be focused on the "criminal business owners" who hire illegals, rather than on the people just trying to feed their families and make their lives better.

    Building walls and militarizing the border with Mexico wouldn't be nearly as effective in slowing down immigration as cracking down on the business owners encouraging immigrants to come to this country for jobs in the first place.

  • (Show?)

    The whole immigration debate comes down to this:

    If you want to reduce immigration, the most effective solution would be to require everyone to have high security, national citizen ID cards. These would be like a souped up social security card with photo and using anti-counterfiet technology. Then require anyone who wants a job or wants to vote to have one of these national ID cards.

    The only reason we don't have these is because everyone is too concerned about "big brother" and doesn't want the government to issue a national ID card.

    But if you are against the idea of national ID cards, then you have to be in favor of open borders and "illegal" immigrants having jobs and doing all kinds of things in this country.

    You can't have it both ways.

  • Schizzle (unverified)
    (Show?)

    "Posted by: zman | Mar 19, 2007 5:25:59 PM

    The whole immigration debate comes down to this:

    If you want to reduce immigration, the most effective solution would be to require everyone to have high security, national citizen ID cards. "

    That's incorrect. If you want to 'reduce immigration' or effectively deal with illegal immigration you have to ensure that EMPLOYERS do not hire illegals. Follow the $$. When undocumented workers cant find employment because laws that are already on the books are being enforced - they will go back home.

    Nobody wants a big brother solution, and that's not the way to deal with the problem.

  • Schizzle (unverified)
    (Show?)

    "Why is it that Republicans aways focus on and demonize the immigrants who may have come to this country illegally, but don't bother to criticize the business owners who hire them and provide the main motivation for these people to migrate to the US in the first place?"

    I agree that employers should be held to the law, but that doesn't justify coming to this country illegaly. If people couldn't/wouldn't "sneak" into this country illegaly, then the demand for labor would push the laws to be changed and/or result in the outsourcing of jobs, which we're already seeing.

  • Ross Williams (unverified)
    (Show?)

    Question: "Why is it that Republicans aways focus on and demonize the immigrant"

    Answer: "see how many Hispanic names are in the arrest record?"

    The problem is obvious, a lot of immigrants are hispanic and Republicans have never liked hispanics.

  • (Show?)

    Ross--

    And the fact that these people seem to always assume that a hispanic last name must mean they're illegal or immigrants. As if someone with those last names couldn't have lived here for generations legally.

  • (Show?)

    Steve Maurer assumes that folks concerned about electronic voting see the source of possible corruption and malice beginning in the County Clerk's office. If Maurer had been attentive to any of the Oregon VRC meetings, documents or online information he would know that this is not the case.

    Oregon VRC has the highest regard for Oregon County Clerks. Having met with them on many occasions, we can authoritatively say that they are dedicated to their work and committed to the integrity of the election process.

    While computer failures can occur at any point in the process, its highly likely that corrupted proprietary software can be introduced without detection, and even the most attentive County Clerk would be none the wiser. The key verbage here is the proprietary aspect of the software; neither County Clerk nor Citizen has access to these source codes.

    I won't pretend to describe the nuances that distinguish operating systems, because no, I'm not a computer expert. But when put under the scutiny of experts, operating systems like those operating in Oregon (ES & S and Sequoia) not only have been identified to pose potential problems, but have exhibited historical problems throughout the country.

    These incidents are generally described as "glitches," and the local media commends the County Registrar for catching the problem. Often election officials are clued in when there are more cast votes than registered voters in their jurisdiction. On many occasions, votes were so radically flipped, that it would be difficult to not notice. There are literally thousands of reported failures of varying degrees on all types of machines.

    ...What happens when the "glitch" is not so obvious? Nothing, if it's not caught.

    Finally, the word "paranoid" has been bandied about lately in regard to our concerns about the Oregon Election System. Our take is this: we're trying to make a good system better. This isn't any more paranoid than locking your doors at night and taking the goodies out of your car. There are a ton of cliches advocating preventative maintenance overc ostly repairs... why should we not apply the same principles to our election system?

  • (Show?)

    NOTE to GT: You need to write another post. Your topic isn't relevant to the original column.

    NOTE to KARI: See note to GT

  • (Show?)

    OK, correction... 'Meant to say GT needs to write his posts under a different column entirely....

  • Ross Williams (unverified)
    (Show?)

    we're trying to make a good system better.

    The problem is that you may be making it more vulnerable. County offices already take precautions to prevent vote fraud. It seems to me that they do need to be educated about the potential for fraud and how they can prevent it. But the question here is whether they all ought to be required to take the same precautions. It seems to me to consistency just makes the whole system that much more vulnerable.

  • (Show?)

    Torridjoe writes: Actually, hand counts are the most accurate method we have. What they are not as good at is reliability.

    Joe, I think you and I are on the same page, and I'm doing some research into the CA hand-count law to see how it works.

    I'd ask you to amend your statement, though, because use of the work "accurate" is just not correct. Usually we measure accuracy by two things, "reliability" (would we get the same result if we measured a second time) and "validity" (are we really measuring what we intend to measure).

    You are right to point out that hand counts may have an advantage on validity, and you are also right to note (as many ignore) that hand counts are not as reliable as machine counts.

    But it's important for any advocate to realize that both of these matter for "accuracy."

    Let me just share one true anecdote with you, anonymized for the purpose of avoiding a furor: suppose in a very close Senatorial race in 2008, a ballot came in with the name "Gordon Blumenauer."

    How would you "correct" that ballot to express the true intent of the voter?

    In the case that I know of, the rest of the ballot was examined to see if the person "seemed" like a Democratic or Republican voter. The ballot was changed to an "Earl Blumenauer" vote.

    I checked this with our excellent elections officials in Oregon, and all agreed that the correct way to "correc" this ballot would have been to count a vote for "Gordon Blumenauer", that is, for neither of the two (fictional) candidates.

    But another jurisdiction, not in this state, did not follow this procedure.

  • Beth P. (unverified)
    (Show?)

    It's interesting to me that some of the leading opponents of electronic election systems, including optical scan/paper ballot systems like we use in Oregon, are computer programming and computer security experts. These experts include Dr. Rebecca Mercuri, Dr. Avi Rubin, and Chuck Herrin (http://www.chuckherrin.com/archive.htm), to name just a few. Those who blindly trust these electronic systems, or think they can be trusted because we have honest people running our elections, etc., are people with no expertise in computers. The people in the latter category unfortunately includes our County Clerks. Personally, I'll take the advice of experts over the belief of amateurs any day.

    Maybe everything is fine here in Oregon. Maybe it will continue to be fine. But I want proof! After all, it's my vote, and everyone's vote, we're talking about, i.e., the transfer of power from We the People to the government. I want to make sure that transfer of power is legitimate and goes to the rightful winners. I will only TRUST after VERIFICATION.

guest column

connect with blueoregon