Trusted Logic Voting (TLV)

The OASIS Elections services committee have produced a white paper that discusses the importance of the use of standards for election systems.

The NYTimes revealed in its article that Ciber - one of the two certified testing organizations - had actually been de-certified in the summer of 2006. This conflicts with Ciber's actions in that they had continued with New York state and other testing assignments without publically revealing this.

Furthermore the NYTimes article shows voting machines in use where voter privacy is clearly able to be compromised - a key legal requirement for NY elections.

All this raises serious questions about the level of testing performed and the nature of the testing required by the US EAC and how those tests are included into the procedures recommended.

Once again underscoring the need for open public solutions that can be scrutinized other than in closed private processes.

The latest paper from Roy G. Saltman and funded by a grant from NIST provides an excellent round-up of election process and technology in America.

Roy confirms what the voting advocacy community already knew - but does so in an authoritative and clearly reasoned way.

Also - he details some of the in-place balances and checks - that often sound so reasonable and sound - for example Maryland has a way to check that the certified software is installed on their voting systems that is crossed checked by NIST. Unfortunately this check woefully fails to verify if that explicit version of the software is actually running on voting machines during the ballot casting itself! Subtle details - but of course vital to integrity of elections.

Anyway - there is much instructive information in this latest paper - and certainly an excellent introduction for those seeking an overview also of digital voting and the election process in America.

You can also compare this latest paper with the one originally published back in October 1988 for the ACM.

Presentation by John Borras, Chair of the OASIS Election Markup Language (EML) TC, with contributions from David Webber, to the Cambridge University sponsored Workshop On Trustworthy Elections (WOTE) and e-Voting techniques

The presentation discusses the work on OASIS EML and then looks at the key factors needed to use with EML XML components to deliver particularly trusted counting mechanisms.

In addition there are two papers submitted to WOTE -

1) Trusted voting mechanisms - here

2) Framework for accreditation of voting systems - here

Abstract from "Trusted Voting Mechanisms" -

Voting is one of the most critical features in our democratic process. In addition to providing for the orderly transfer of power, it also cements the citizen’s trust and confidence in an organization or government when it operates efficiently. Society is becoming more and more web oriented and citizens, used to the high degree of flexibility in the services provided by the private sector and in the Internet in particular, are now beginning to set demanding standards for the delivery of services by governments using modern electronic delivery methods.

The implementation of electronic voting would allow increased access to the voting process for millions of potential voters. Higher levels of voter participation will lend greater legitimacy to the electoral process and should help to reverse the trend towards voter apathy that is fast becoming a feature of many democracies. It is also recognized that more traditional voting methods will exist for some time to come, so a means is needed to make these more efficient and integrate them with the newer electronic methods.

In the election industry today, there are a number of different services vendors around the world, all integrating different levels of automation, operating on different platforms and employing different architectures. With the global focus on e-voting systems and initiatives, the need for a consistent, open, auditable, automated election system has never been greater.
This paper focuses on reviewing the aspects of the OASIS EML standard and shows how it can provide the facilitation for trusted electronic voting systems. Included is an assessment of the minimum functional mechanisms that ensure audit trail and crosschecking that allow verification of voting to be implemented.

The USA Today article notes —> Most of the electronic voting machines widely adopted since the disputed 2000 presidential election "pose a real danger to the integrity of national, state and local elections," a report out Tuesday concludes.

There are more than 120 security threats to the three most commonly purchased electronic voting systems, the study by the Brennan Center for Justice says. For what it calls the most comprehensive review of its kind, the New York City-based non-partisan think tank convened a task force of election officials, computer scientists and security experts to study e-voting vulnerabilities.

The study, which took more than a year to complete, examined optical scanners and touch-screen machines with and without paper trails. Together, the three systems account for 80% of the voting machines that will be used in this November's election.
<-- And then Rep. Rush Holt, D-N.J., a chief sponsor of a bill to improve electronic-voting security is quoted as saying - "A voting system that is not auditable contains the seeds of destruction for a democracy". For more information see the article online.

Click on the following links to review the Brennan Center Press Release and the Report Summary - "THE MACHINERY OF DEMOCRACY: PROTECTING ELECTIONS IN AN ELECTRONIC WORLD "

While the US Government has been tasked through HAVA to spend $B+s of dollars helping states acquiring voting systems to "focus on assuring Americans that their vote was being recorded" there has been too little focus on the key issue of "how do you trust and know that your voting is being counted?" Clearly with the paper-based mechanical voting systems this had become an issue - but are we any further forward today? What exactly is trust in the context of casting an election ballot?

What we do know is that since democracy was invented - people have sought to influence the result of a vote. Some of this is judged fair and some of this as cheating - example : I can say that bad things will happen if you vote for 'X'; but I cannot say I will do bad things to you if you vote for 'X'!

Giving people confidence that their vote was accurately recorded and counted is but one piece of the overall picture. Allied to that is that other people were not able to somehow make votes and change the count so as to negate the legitimate ballots cast!

Most importantly people should be able to transparently understand how the computer is handling their vote and have the means to independently verify that and hence be confident in and embrace the process. Unfortunately today that does not appear to be the case - and the report produced by Forbes on the flaws in current e-Voting systems highlights that.

The report notes "The most widely used electronic-voting systems all have flaws that can be addressed relatively easily, but few states and counties have actually implemented recommended security measures, researchers concluded Tuesday". The report, based on interviews with elections officials and analyses of voting systems, came from the Task Force on Voting System Security convened by New York University's Brennan Center for Justice.

So there are legitimate ways of influencing elections that we all are familiar with - and then there are ways that clearly seek to undermine a fair and open process.

Our goal with developing trusted balloting mechanisms is to reduce the risk that people will use the computer technology introduced into the process to cheat in new and interesting ways that were previously not available.

Also - computer technology should remove old ways of cheating - such as ballot stuffing - and therefore minimize the risks that were previously there.

Other challenges that the report notes are addressed in the trusted logic approach - notably - "Researchers acknowledged that audits won't uncover attacks that change both the electronic and paper records, something possible because many voters don't bother to check the paper trail before leaving the voting booth" - because in the TLV approach the voter has to physically use the paper record to make the ballot themselves - in contrast to the computer printing out its own paper record behind a screen away from the voter.

Larry Norden, the task force's chairman noted - "We're not talking about dramatic restructuring of the architecture," but "We're talking about straightforward things, most of which could be in place for the 2006 elections."

While Larry is undoubtedly correct - we have seen that the vendors of the voting systems have been extremely reluctant to do so - and demanded excessive fees and re-tooling costs in order to provide these changes - as is happening right now in Maryland for example.

Until these fundamental issues have been addressed and voting systems that truely provide trusted mechanisms from the core of their operational approach - then we will continue to fail to deliver on this fundamental foundation for the future of democracy.

Voters do care - and instinctively can understand this when presented this in a clear fashion. The problem is today that very few understand their own crucial role in ensuring that computer systems really are counting their vote correctly because they are being deliberately excluded from the fundamentals of the voting process itself and relegated to a spectator role.

Why should Americans care about possible 2004 vote miscounts? The 2004 election is over. It’s old news. The only reason for rehashing prior elections is to ensure that our votes are counted the way voters intend in the future. Should Americans trust that our votes are counted accurately; or is wholesale electronic election tampering occurring? How could the evidence of vote tampering be hidden? Are the future of
democracy and U.S. elections at stake? The U.S. press has dismissed exit polls as surprisingly inaccurate in the 2004 presidential election when exit polls conflicted with official vote counts. Were exit polls wrong or were vote counts altered?

On February 14, 2006, the National Election Data Archive, a group of volunteer mathematicians and statisticians, released a report asking that new measures be taken immediately in order to assure the integrity of future U.S. election results. Their new report discusses why current measures to ensure vote count accuracy, such as testing and certification, are inadequate; discusses how evidence of vote miscounts are hidden by current election reporting procedures; and recommends independent vote count audits, public detailed election data monitoring, and public exit poll data.

Two documents provide deep insights into the lessons learned from Ohio, 2004.
http://www.prweb.com/releases/2006/2/prweb346936.htm

http://electionarchive.org/ucvAnalysis/US/exit-polls/Ohio2004-US-future.pdf

OASIS, the international standards consortium, today announced that its members have approved the Election Markup Language (EML) version 4.0 as an OASIS Standard, a status that signifies the highest level of ratification. Developed through an open process by the OASIS Election and Voter Services Technical Committee, EML enables the secure interchange of information between electronic voting systems, software, and services.

This marks a significant step forward in the development of open standards for voting systems.

A new article sets the current scene for e-Voting in the US. And in case people need reminding - literally billions of $ dollars are at stake, particularly in Presidential elections - where the winners take all and are able to direct Federal programs, subsidies, research, development programs and more.

The size of the US Government is now double what is was a decade ago.

Clearly these are non-trivial issues and a major set of challenges for the worlds richest democracy.

More details from the article show the level of the challenges faced.

Clearly there is not just one quick fix technology solution here. And the fact that 50 States and thousands of election counties and districts are involved unscores the size of the logistical challenge here.

What had been tacit in a paper based manual system for over hundred years is now being laid bare and tough procedural questions and answers sought.

Quick link here to the PDF positioning the work that Don Norris's team is doing at the University of Maryland and the focus and scope of their study on electronic voting systems being considered by Maryland.

The GAO has released a 107 page on the security of voting systems today.

What the GAO found -

"While electronic voting systems hold promise for improving the election
process, numerous entities have raised concerns about their security and
reliability, citing instances of weak security controls, system design flaws,
inadequate system version control, inadequate security testing, incorrect
system configuration, poor security management, and vague or incomplete
voting system standards."

Examples of Voting System Vulnerabilities and Problems:

• Cast ballots, ballot definition files, and audit logs could be modified.
• Supervisor functions were protected with weak or easily guessed passwords.
• Systems had easily picked locks and power switches that were exposed and unprotected.
• Local jurisdictions misconfigured their electronic voting systems, leading to election day problems.
• Voting systems experienced operational failures during elections.
• Vendors installed uncertified electronic voting systems.

The full 107 report is here.

Comprehensive comments submitted to EAC on their VVSG outlining required improvements and changes in approach.

Several luminaries participated in a one hour radio broadcast on the Paul Berenson radio program yesterday (17th September, 2005).

This is a direct URL for the audio file:
http://www.paulb.com/voice/show/09-17-05-elect.mp3

The Santa Barbara County Registrar of Voters helped explain Open Voting to listeners. Other highlights include the host asking Mr. Holland to explain about how open source software could be used in elections.

Debra Bowen, California State Senator and 2006 candidate for Secretary of State, did a great job answering all the questions and, again, voiced support for “open source” and “publicly owned” software for elections.

Mimi Kennedy, provided much light and clarity. Jim March was his usual entertaining and informative self. Also mentioned was the importance of the report that the California Secretary of State will produce on the feasibility of using open source software.

Some vendors appear to be taking steps to integrate their voting solutions with voter registration systems. This was almost an inevitable development after the Carter/Baker Commission focused attention on the flaws in voter registration process today. So of course everyone is stepping forward now with their "but we can fix that!" offerings, including the use of server systems connected to the polling stations.

Whatever the intentions and motivations to this there are some fundamental principles being broken here that need to be clarified and protected by at minimum the EAC VVSG requirements and architecture, and probably beyond that to legal clarifications in voting law.

These can be summarized as:

1. There has to be a complete physical separation between the voter registration system and the voting system. No direct realtime electronic connection can be permitted, nor can the voting system know in anyway who voters are, nor store lists of voters.



2. The only connection between the two systems is the voter themselves and the physical act of voting. That is a fundamental principle here that needs to be a requirement of voting system architectures.



3. So when a voter is acknowledged in the registration system and is provided access to the voting system, they carry a physical access token of some kind that denotes their entitlement to vote. Their voting event then corresponds to the event in the registration system.



4. Because voting is private this process has to be anonymous and a voting system can have no knowledge of voters demographic information of any kind, even and especially including total numbers of voters registered or other metrics.



5. Use of cast paper ballot audit trail to verify the total number of electronic votes counted is still essential. Even more so, in a centralized server based tabulation system.

Centralized server systems introduced into the voting process, while it potentially solves some issues, introduces many more concerns around vote tabulation and declaration of result totals.

Many people may question why the old paper based voting systems cannot continue to work. The catalogue here of fair and foul events show that, as with some many others in life, the internet, communications and computers are changing the landscape and effecting outcomes in ways that paper voting systems were never meant to prevent.

And even more today than ever before the stakes are so enormous the temptation to manipulate, even a little, is too large. So we need to build new mechanisms that can provide robusted and trusted election processes. Now read on!

http://prorev.com/votecount2.htm