Today I observed the voting process and equipment used in Gary Indiana. While onsite, I interviewed one of the election poll workers regarding some of the observations I made about the voting equipment being used. These observations led me to be concerned about the potential for vote tampering.
I examined the MicroVote Infinity electronic voting machine (hereafter, “Electronic Voting Machine”) and discovered that the Electronic Voting Machines were not connected to printers while votes were being cast. After my review of user manuals downloaded from the MicroVote.com website, I confirmed my suspicion that the Electronic Voting Machine has no internal printer. The manual explained that the printer is connected only at the beginning of the voting day to verify that there are no votes recorded on the Electronic Voting Machine and later after the closing of the polls to print the final tallies and transfer the voting totals to the Red Flash Storage card that is plugged into the Electronic Voting Machine just above the red button.
Following my initial conversation with an election poll worker, I also inspected one of the Electronic Voting Machines and discovered that the batteries were not present in the unit. The Electronic Voting Machine manual states that in the event of a power loss, the prior votes would not be lost. However, the manual also indicates the battery charge capacity is reported to the poll worker at the beginning of the Election Day when the equipment is prepared for voting. This leads me to wonder why the Gary Indiana precinct poll workers didn’t raise the issue of the Electronic Voting Machine reporting zero battery backup power at the startup of the Election Day. Perhaps this is due to insufficient training or a lack of access to the necessary documentation by all of the poll workers. Not having the battery backup installed could potentially cause a loss of votes as cast by the voters.
After reviewing the user manual for the Electronic Voting Machine used at the Gary precinct I visited, I remain concerned about the prospect for vote results tampering. I was unable to confirm with the equipment maker whether votes cast would remain as originally cast by the voter in the event of a loss of direct A/C power with no battery backup power present. If this turns out to be the case, the Electronic Voting Machine could potentially be powered off without backup at the closing of the polls to purge the vote counts and then reload new voting data that matches the total number of ballots cast, but not necessarily as intended by the voters.
I attempted to determine how data from the Electronic Voting Machine was recorded during the course of the Election Day. It was not apparent to me if votes are written to internal non-volatile flash memory during the Election Day or if votes are stored in RAM (otherwise known as volatile memory that can be lost when the power is not present).
The manual for the Electronic Voting Machine available on the manufacturer’s website http://www.microvote.com reports that at the end of the day, votes are saved from the unit to the Red Flash Storage card that the poll worker inserts just above the Red button. The totals are then transferred to the Red Flash Storage card only after the poll worker confirms successful printing of the vote counts. If the wrong card is inserted, the Electronic Voting Machine will issue an audible alarm and will not transfer the vote counts. This is a clear improvement to some of the other systems I have reviewed. After the user confirms the successful printout, the totals are transferred directly to the matching serial numbered Red Flash Storage card. The generated vote tally printout is then sealed by the poll workers to provide an alternate audit option for a later time if needed. The Red Flash Storage card is then used to transmit and report the vote tallies for election reporting purposes.
If the Electronic Voting Machine writes the votes cast immediately at the time of the voter submitting their electronic ballot to internal non-volatile storage, then the votes for the day should remain intact. In this situation, the only concern I have is the lack of a tamper evident seal (serialized and signed) securing the physical unit from being opened without detection. I searched for proof that the Electronic Voting Machine stores votes immediately on non-volatile internal storage, but was unable to be assured this was the case based on my review of content on the MicroVote.com website. The lack of clear transparency on whether or not the votes cast are written to power resistant non-volatile memory is a major concern I have regarding this equipment that hopefully will be clarified by MicroVote.
I approached two of the election poll workers with my concerns about the votes cast earlier in the day and the possibility of losing votes cast as intended due to the lack of real-time printing. One of the election poll workers expressed that she shared my concerns. My main concerns are that the vote tallies do not print as submitted by the voter, there was a lack of a security seal on the unit and an absence of batteries inside the unit I was able to examine.
The election poll worker assured me that they audit the total vote count from the tape that gets printed after the polls close. This count is compared against the total number of registered voters that sign in requesting a ballot. I expressed my concern that there is a potential threat that someone could tamper with the Electronic Voting Machine. A person with the necessary tools and know how could potentially change the distribution of votes cast, but still keep the total number of votes such that they match the number of ballots requested. The election poll worker acknowledged to me that she shared my concerns and was personally more comfortable with the older paper ballot system.
I believe that requiring a printer to be embedded within the Electronic Voting Machine or attached to each unit would provide much more integrity to the voting process. This would enable the electronic voting machine to capture a real time audit trail tape of the votes cast. There are a number of low-tech lock and key strategies that could be used to protect a snooping poll watcher from discovering how someone voted. However, none of these reasonable precautions appear to be used at the polling site I visited.
If the public is concerned with protecting voter privacy regarding what votes a voter casts in an election, using a remedy such as ciphering the tape printouts to be altered from easy human comprehension (decipherable with the encryption methodology) to encrypted printed text would provide more integrity to the process and address that concern effectively. Simply having the audit trail of votes cast printout secured inside of the electronic voting machine would also address that concern. This is similar to how a cash register keeps an internal copy of the day’s transactions while allowing the customer to take the receipt. Another easy option to improve the present situation would be to have the unit print the vote distribution count made by each voter upon finalization of their electronic ballot. The voter then could apply their inked fingerprint stamp to the ballot printout. Once complete, the voter then would place it inside the ballot envelope provided to them at sign-in. They finally would deposit the sealed envelope inside the secured and locked ballot box for later audit purposes if necessary at a later time. This system would allow for a post audit of the paper ballots in the event that irregularity concerns warranted verification of the electronically reported vote tallies. This solution provides the best of both worlds, while keeping the vote reporting process fast, yet able to be audited with confidence.
There is no reason why governments should be resistant to capturing a real time paper trail simultaneous to the voting process, unless their is a lack of understanding or a willingness to create a situation ripe for election fraud.
A fraudulent party wanting to alter the vote tally outcome could easily purchase one of the Electronic Voting Machine used units from a cash strapped governmental agency on eBay. Once purchased, they could figure out how to hack the embedded vote count data to alter the outcome. With that knowledge, they or their accomplices, could show up at the end of the voting day, ask the poll workers what number they are in the voter count and then program the vote totals accordingly to match the total of voters requesting ballots.
Electronic Votes alteration could also happen where the fraudulent party or their representatives serve as poll workers or persons having physical access to the machines before the election results are certified. Despite the total numbers of votes cast between the sign-in table and the electronic voting machines, the actual reported vote distributions as submitted by the voters doesn’t necessarily have to match the voters’ electronic ballots. In order to prevent this scenario, more transparency from the manufacturers of electronic voting equipment should be required to ensure our election process integrity.
After reading both Electronic Voting Machine manuals I downloaded from the manufacturer’s website http://www.microvote.com, it is my opinion that Micro Vote’s electronic voting equipment is superior to other election equipment I have observed, yet still inferior to older paper ballot based systems. These observations or reasons include:
• Print verification of zero votes cast at startup.
• Use of serialized storage media that is matched to the voting equipment and will sound an alarm if alternate store media is used and will prevent reporting of the votes.
• Prints directly from the electronic voting machine to the printer as part of writing the counts to the electronic media (Assuming the poll worker has to press yes, the tape printed out without problem before it transfers the totals for transmission to the matching serialized number red storage device. This is an improvement over other systems I have reviewed. The reason being is that the media card containing the totals reportedly cannot be swapped out with an alternate media card before transmission.)
A few tweaks that would make Micro Votes product more reliable and secure include:
• Requiring a printer connection that prints votes as cast real time to an audit tape of sorts. If voter privacy is a concern, altering the printout to non-easily human readable EBCDIC encrypted text is an easy solution.
• Embed the printer into unit with a tamper evident, serialized controlled label that is signed and dated would provide greater integrity to the audit tape contained within the voting machine.
• Instruct voting authorities to apply dated and signed security tamper evident labels before delivery of the election equipment to the polling precincts. In addition, not allowing any precinct workers to break the tamper evident label would help maintain the integrity of the internal audit trail. Opening and accessing internal embedded electronic storage media, if it does exist on these electronic voting machines, should be performed by a separate party that doesn’t have physical access to the election tally printouts or the Red Flash Media card in order to ensure effective audit controls are in place.
• Make additional disclosures and samples of the equipment and data as it exists in its various states to third party security vendors for an objective assessment. This would enable security experts to assess the extent to which the units could be altered by hackers or those desiring to alter the election outcomes.
The public has a need for broader scrutiny of the manufacturers of electronic voting equipment. I personally think the integrity of punch based paper ballets that get fed into a scanner by the voter before being placed by the voter into a sealed ballot box is the superior immediate solution.
Hanging chads aside, there is at least a human method available to review the intentions of the voters. Whereas, this is not the case with present day electronic voting as I have observed first hand.
This blog post has gone on a little too long… I will end this post with the interview click I had with one of the election poll workers in Gary, Indiana.
- Staff Recognized for Departing Employee Investigations - The first issue of Corporate Counsel Business Journal, CCBJ, includes an interview with our Director of Digital Forensics, Yaniv Schiff, and Solutions Architect, Curtis Collette, on the evolution of departing employee investigations. Departing Employee: When Do Investigations Become Necessary? appeared in the print publication, online edition, and on CCBJ’s In-House Tech website. For Increasing Numbers of Employers, Departing Employee Investigations[...Read More]
- Chicago Office Food Drive – The Results Are In - QDiscovery’s Chicago Office collected nearly 1,000 containers of food for the local food bank this Holiday Season! Our office competed with sister offices in Indiana and Connecticut. Alas, we came in third. Our sister offices each collected nearly 2,000 containers for their local food banks. Relatively new to the company-wide food drive, the Forensics Division[...Read More]
- QDiscovery QMobile App Wins Innovation Award - QDiscovery’s QMobile is winner of a 2017 Relativity Innovation Award. Presented at Relativity Fest, the Innovation Award celebrates organizations that create apps or integrations that extend the functionality of Relativity’s eDiscovery software. Our development team created an application that makes the analysis of mobile collections much more manageable. Relativity users can now produce and review mobile[...Read More]
- Moving and Changing - Acquired by Connecticut-based QDiscovery in 2016, Forensicon’s capabilities multiplied overnight, both in forensics brain power and eDiscovery expertise. As part of a leading provider of end to end litigation support, moving to larger offices that are more central to the Chicago legal community was inevitable.
- QDiscovery Named One of the Top 20 Providers of Legal Services! - Leading industry publication, CIO Magazine, has named Forensicon’s parent company, QDiscovery, to it’s Top 20 Providers of Legal Services. The annual listing includes 20 companies that are at the forefront of providing legal solutions and impacting the marketplace. Read the whole article here. Featured in the publication alongside QDiscovery President, Dave Barrett, is Director of Digital Forensics, Yaniv[...Read More]