[E-voting] Open Source voting system

Catherine Ansbro cansbro at eircom.net
Fri Apr 5 23:22:27 IST 2013

Hi all,

I have concerns regarding electronic-based election systems, including 
those for counting optical scan ballots.

(Possible exception: imaging systems where all ballot images are 
immediately published and made available to everyone in the general 
public--IF the local laws also enable physical inspection of the ballots 
if necessary, without major impediments, with excellent chain of custody.)

I understand lots more about this issue now than I did when I first 
became aware & involved in about 2002.

*Any voting system technology must be considered as part of an entire 
election administration "environment", including local legal framework 
for administration & contesting elections.*

Those coming from technology backgrounds are often unfamiliar with the 
non-technical implications and vulnerabilities of the election 
environment. This is equally true of the open source community 
("security by transparency") as of the "security by secrecy" folks. (see 
point 2 below in particular).

*The technology--with all its own vulnerabilities--represents only a 
small part of the entire election environment.*

Below is a quick summary, *off the top of my head*, of some concerns, 
gleaned from exposure to ongoing proven issues in elections in Ireland, 
USA & elsewhere

1) as per Jason Kitkat's email with link 
there is *no way--EVER*--to ensure that the code that runs during an 
election is the same as what was installed or tested previously. Running 
in test mode is not the same as running in election mode. "Patches" are 
often made. Election admins & technicians have access --> notorious, 
well-documented issues (including convictions).

2) Election fraud is almost always perpetrated by election 
administration *INSIDERS*. There are many cases of this in USA. Local 
convictions are not picked up by national media, and so this pattern is 
not widely appreciated.  Media / activists tend to focus on "voter 
fraud" when the real problem is insider fraud.  Any systems involving 
technology (open source or otherwise) are even more susceptible to 
insider fraud than "conventional" paper ballots.

3) The *whole election system and its legal framework*--different in 
every jurisdiction--is crucial.
3.1) For example, with optical scan counting technologies in USA, did 
you know that in many states, it is NOT ALLOWED that someone be able to 
inspect the actual (paper) ballots?  Even when there are many sources of 
prima facie evidence of election fraud, and where inspecting the 
physical ballots could resolve this? (e.g., major cases in Arizona, 
Colorado, California, Ohio & elsewhere--in all cases the original 
ballots were never allowed to be inspected (!), or in some cases where 
some (!) could be inspected, there had been no chain of custody and 
obvious tampering had taken place (e.g., "sorting" of the ballots by 
admin prior to recount, which was expressly forbidden by law)
3.2) In some cases, optical scan paper ballots are being deemed not to 
be "election records" and have even been destroyed during the period in 
which election materials were required to be retained, since just the 
electronic version was deemed to be the formal election record.
3.3) In some states/counties, any inspection can only be made AFTER the 
election results have been irrevocably determined. In some 
states/counties, election laws put in place virtually impossible 
barriers to recounts or inspection of the original ballots. For example, 
only a candidate has "standing" to request such a recount..
3.4) Even in the rare cases where there is standing, the person 
requesting must pay all the costs (often exorbitant and prohitive).
3.5) Some place require that before doing any kind of recount (even of a 
sample precinct) one must prove that any discrepancy would have changed 
the election result. (So small discrepancies must be ignored--even if 
small discrepancies in many locations could add up to a big discrepancy.)
3.6) And/or, recounts are only possible when the margin of difference is 
less than X%.  (And with software, it is easy to make sure to avoid that 
little situation never arises.)
3.7) (and what if it was a ballot initiative or policy proposition, not 
an election--who has "standing" then?) (In USA, some major zoning issues 
are voted on, or other issues with massive financial implications so 
lots of incentive to get the "right" result)
3.8) Several systems have been proposed which offer elaborate methods 
(involving technology, encryption etc) by which an INDIVIDUAL voter can 
validate their INDIVIDUAL vote--but offering no way in which anyone can 
validate ALL the votes of an entire election (Thus there's no way to 
uncover fraud that did not involve your personal vote.)

Some specific proven issues relating to *optical scan* technology (off 
the top of my head, not a complete list)
9) many technical issues have surfaced in USA, some / all of which can 
be used as a mechanism to affect election integrity.  These include:
9.a) the kind of pen / marking device, and the kind of sensor, and ways 
these can be deliberately mismatched to skew results
9.b) incorporating bar codes onto the ballot that link the ballot to the 
voter (without the voter being aware of it; local government having 
repeatedly denied this, but then it's publicly proven) (thus lots of 
opportunities for collecting what should be private voting information, 
whether by the local gov't / corrupt election officials / corrupt voting 
technology companies or consultants)
9.c) not having proper auditing for ALL BALLOTS PRINTED, all ballots 
used, and proper reconciliations of all of these (many documented 
instances of this). This includes photocopied ballots (!) used in 
situations when there were not enough regular ballots
9.d) inadequate or (more commonly) nonexistent chain of custoy of the 
original paper ballots.  (In a paper-only "non-electronic" system, this 
is the main issue. But when other technologies are added, the number of 
points of vulnerability--particularly to fraud by insiders--increases 

****Re: optical scan, the versions that are designed to image all the 
ballots & then make those images available to EVERYONE w/o hassle--and 
if the original physical ballots possibly availalbe with excellent chain 
of custody--could be useful. Anything other than this, no thank you.****

Don't forget other vulnerabilities of all election systems--*IT'S NOT 
--registration of who can vote, who controls this process, who keeps the 
records, and who can alter these records (lots of documented insider 
fraud in relation to this)
--validation that the person who supposedly voted is truly the person 
who voted
--integrity of any ballot storage or transmission (chain of custody) 
(e.g., in Ireland, chain of custody is with the Gardai! And AFAIK this 
has never been questioned for its appropriateness--I've never heard of 
candidates being able to assign representatives to ride / stay with 
those ballot boxes, and Gardai like any election insider are a major risk)
--validation of the count

Said better & more succinctly by Bev Harris: *"The public must be able 
to see and authenticate these four essential steps for an election to be 
public, democratic, and valid: (1) Who can vote (voter list); (2) Who 
did vote (3) The original count; (4) Chain of custody."*

See Also:
A) article from *TODAY* with just a few shocking examples (!) of 
convicted corruption involving local gov't officials, election 
administrators, and election technology companies & contractors:

B) post about process concealment:

As for any consideration of voting using *internet *-- I won't even 
start, as the vulnerabilities are so devastating and well-documented. 
Even the US Dept. of Defence gave up trying to develop a secure voting 

Best wishes,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.stdlib.net/pipermail/e-voting/attachments/20130405/3721717e/attachment.htm 

More information about the E-voting mailing list