My experience as an Election Judge in Baltimore County

Avi Rubin website ^ | 3/3/2004 | Avi Rubin

[expatpat]

Baltimore City is what it says, and has a Mayor. Baltimore County is the suburb to the north of the city with a separate County Executive. It is largely white, suburban, and horse country.

[expatpat]

CRC? TOD?

[expatpat]

I have a better way since that is also very open to fraud, by miscounting ballots, adding phony ballots, etc. Use a piece of paper, with an ID number on it, then run it through an optical reader for the tabulation. This is what we had here until they went to the touch screens this year.

[Don Joe]

The two biggest potential avenues for fraud are either overlooked, or willfully ignored.

They are 1) "motor voter", and 2) the laws that allow the mentally deficient, "disabled" (insert whatever term you like, I'll describe what I'm talking about in a moment) to "vote" via "assistants" who "help them vote."

Now, before anyone gets all snippy, here's what I'm talking about. A few years ago, I lived in a town that had a large state facility. The facility changed names every few years, becoming increasingly Orwellian with each succeeding wave (and man, they sure are succeeding!) of Political Correctness. It started out as "The State Home" (itself a euphemism). Later, it was "The Regional Center for Developmental Disabilities". Last I heard, it was "The Center for Human Development".

Nice lofty terms, eh? Sounds almost like a think-tank. In reality, it was quite the opposite. It was the place that the state housed those who were born with the most tragic "disabilities" imaginable. The sort of almost frightening birth defects that society chooses to hide from itself, to pretend do not exist. I'm talking about people who are in a very real sense not "people". People who were born essentially without a brain. Just enough of a brainstem to allow them to breath and maintain basic life support. No cognition, no "speech" -- unless you consider loud, random, gutteral grunts and screeches to be "speech".

Now, here's the kicker.

These people vote!

How on Earth, you might ask, can people without any cerebral tissue manage to vote/i>?

That's a good question. And, as fate would have it, it's a question that's been addressed by the law.

They "vote" by having an "assistant" drive a shortbuss load of them to the polling place, wheel them inside, and then proceed to "assist" them to "vote".

Get the picture yet?

These tragic cases are used as tokens, for unionized state-employed socialworker types to cast votes en masse.

It made it into the local paper -- once -- when someone who saw it happening was outraged, and contacted the rag. As far as I know, that was the end of it. I presume the practice continues, and, I presume it is not restricted to that one community.

In fact I'd be surprised if it's not happening all over the country.

And, I'd be surprised if it's not limited to people afflicted with such dramatically obvious "issues."

I'd be surprised if it's not happening anywhere you've got large numbers of people who are sufficiently "disabled" to be unaware that someone is voting "on their behalf." The profoundly retarded, institutionalized mentally ill, etc.

I don't expect to be surprised.

As to the topic of vote-counting software, anyone who even suggests it's complex code is IMO immediately suspect. Tallying up lists of numbers via simple addition is not even "CS101" level "programming". It's more like, "Introduction to Computers" type stuff.

Now, adding the crypto protection is a bit harder, but it doesn't make the actual tallying any harder.

In short, if Rubin (the "R" in "RSA") is concerned with the black magic going on inside those boxes, then everyone should be concerned.

But, as I said above, there's plenty to be concerned with apart from electronic tallying -- and no one seems very concerned about it. Working up a sweat over potential for fraud over e-voting while disregarding the fraud potential with motor-voter and "assisted voting" is like leaving your lifeboat and climbing back onto the Titanic because you forgot to shut off the faucet in your stateroom.

[Don Joe]

"If this guy is to be believed..."

Well, considering the fact that "this guy" is one of the three fathers of modern crypto, I'd think it might be worth listening to what he has to say on the matter.

[Don Joe]

Oops, mea culpa -- Ruben is not Rivest.

Coffee deficiency, operator halted.

[Don Joe]

Argh! Rubin is not Ruben either!

Coffee... need coffee...

(Just for the record, my brainfarts notwithstanding, Avi Rubin is a heavy-hitter in the field.)

[Don Joe]

CRC? TOD?

Cyclic Redundancy Check, Time of Day.

The first is a method of detecting if the contents of a piece of data have been tampered with, sort of like a checksum, but more robust. The second is self-explanatory.

[Cultural Jihad]

An interesting article.

[expatpat]

Thanks. CRC seemed familiar, but I couldn't place it. I hadn't run across the TOD acronym, but you're right: that would be very useful check.

[RedWing9]

In the code we examined, that phone call is not protected correctly with cryptography. Perhaps that has been fixed.

No, really? You mean you really wouldn't think they would try to fix any bugs??? Noooooo...

I was glad to see that the administrator PIN actually used in the election was not the 1111 that we used in our training, and that we had seen in the code.

No sh$% sherlock. When in training, the PIN can be anything you want. Geez, when we are developing we give everyone full access, but does everyone have full access in production???

And this guy is a computer science pro!!! The guys a lacky who knows nothing about the real world and only lives in his philosophical utopia.

[expatpat]

But, as I said above, there's plenty to be concerned with apart from electronic tallying -- and no one seems very concerned about it.

Exactly right. The idea of an 'almost-unforgeable' ID card, with some biometric verification, offends the Civil-Liberties purists, but I can't get too excited about it, and it would solve a lot of problems with voter-fraud, terrorists, illegal aliens, identity theft, etc.

I expect to get flamed by the purists, so have my asbestos suit on.

[GulliverSwift]

Nice post. But you should remember that no one here on FR thinks Motor Voter is a good idea. It's nice to be reminded, however, that it should never have been passed.

[WOSG]

There seems to be a myth that election fraud is done by voters. No, for the most part the fraud is done by those RUNNING THE ELECTION.

It is wonderful and marvelous that Prof Rubin participated in a great bipartisan election run by dedicated and honest Americans.

Now he should go to one of those rotten Philly precincts and see if it the same game.

The holes in security that he identified are real. The problem is NOT with the companies per se, but with any system that has any element that lacks cross-checking.

It seems in the case of electronic voting, the old trick of simply having the election judge sign in dead voters and add the tally himself could happen. All you need is for nobody to notice. Old fashioned and the new system doesnt defeat it.

[irv]

All you need is for nobody to notice.

The wrong person alone with the machines for just a few minutes and another precinct is cooked. Yup.

[Dr. Frank fan]

2) the laws that allow the mentally deficient, "disabled" (insert whatever term you like, I'll describe what I'm talking about in a moment)

I happen to know that you are 100% correct here due to the fact that my aunt works in just such a facility. She told me how she "helps" them vote. (But hey, don't worry, because the people there decide, the social workers "explain" to them what each candidate is about.... ;-)

[Dr. Frank fan]

The holes in security that he identified are real.

Look, given untrustworthy poll workers? Of course.

Untrustworthy poll workers can do a whole lot more damage if the ballots are punch-cards than if they are paper ballots which voters mark with a pen. (See 2000, "dimpled chads".) Untrustworthy poll wokers can do a whole lot more damage if ballots are electronic, than if they are punch-cards. Essentially, the potential for poll worker fraud is magnified exponentially, the more sophisticated and "mass" technology that is used.

That is why I advocate paper ballots.

Nowhere did I say I wouldn't keep a better eye on poll workers if necessary. Of course I would. But "there could be dishonest poll workers!!" is not an argument against paper ballots per se. It is an argument against, first of all, trusting poll workers too much. It is also an argument against voting systems which leave no paper trail, and/or whcih render ballots too identical/interchangeable/computer-friendly, and/or on which all tallies are kept on computer and can be spoofed by the push of a button. In other words it is an argument against systems other than paper ballots.

[WOSG]

Interesting point. Efficiency begets efficiecy for the hoenst and the dishonest alike.

still, I think a basic point in security should be made systematic: Cross-checking and backup. This is more fundamental than any technology, it's about making a verifiable record of what happened.

A paper ballot that is a separate stream from the electronic vote tally after it is created by the voter would be such a cross-check. And if it was generated with a cryptographic stamp that uniquely paired the paper ballot to the electronic vote *with a time stamp* (I mean, encode the voter, the selections and the time stamp all together to generate the crypo code and print it on the ballot when it is cast - creating a phony one would be impossible unless you actually went through the process of voting yourself, thus it would take serious serious hacking to even get close to tampering with it) - you would find it highly difficult to generate phony ballots on any large scale without it being detected. ie it would be tamperproof.

The only thing missing from the system is that independent verification mechanism.

In the end, I too think we need paper ballots - but paper ballots that are generated by these electronic voting machines when real voters vote and stored as a backup for independent verification and for fraud reduction purposes.

[Doctor Stochastic]

The guys on the usnet "comp.risks" have been complaining about these machines for years. They think the Republicans are pushing electronic machines in order to steal votes.

[WOSG]

"The guys on the usnet "comp.risks" have been complaining about these machines for years. They think the Republicans are pushing electronic machines in order to steal votes."

As a PhD in Comp Sci, and one who has looked at election fraud, I see the risks. They existed in older technology, and they exist here (in different forms in different technologies).

But only leftwing anti-GOP hate-mongers think there is some kind of conspiracy about these machines tied to fraud. As usual, the lefties make an allegation without checking the record. If you recall, it was the *Democrats* demanding we replace all the voting machines because they couldnt operate butterfly ballots. The Democrats demanded we spend millions to update voting machines. They supported and voted for it. The Republicans went along with it but only because if they opposed it, the democrat would have a hue and cry about Florida 2000 all over again.

Now these new machines that the Democrats demanded are a Republican conspiracy? Feh!