I HAVA Dream… Or Is It a Nightmare?
by Rustie Woods
November 11, 2003
One of the loudest, most important opportunities we have to voice our vision and expectations for America is to vote on Election Day. Regardless of one’s race, gender, religion, sexual orientation, economic position, or political affiliations, on that day, for any given election, the opportunity to participate in shaping our society is at our fingertips. Or is it?
For as far back as I can remember, there seemed to exist the faction of folks whose credo sorrowfully echoed the sentiment that their vote didn’t count and it wouldn’t make a difference anyway. While their howling was always met with incantations about having no right to complain if they don’t vote, there is something to be said about the astuteness of their perceptions.
If we wander into the recesses of our minds that hold dark memories of past elections, we can find examples of this disheartening reality. Thirty-five years ago the Democratic Presidential Primaries were running a close race between Eugene McCarthy and Robert Kennedy. Vice President Hubert Humphrey entered the race late, waiting until after the unpopular incumbent, Johnson, officially withdrew. On June 4 Kennedy won the California primary and held 46% of the vote. That evening he was assassinated.
With Vietnam protestors in full force and the ensuing violent police response, the bloody riots in the streets of Chicago served as a backdrop for the tumultuous 1968 Democratic National Convention. McCarthy arrived with at least 42% of the popular vote. Unfortunately, the state party bosses, rather than the primary election results, had the power to control the delegate selection process. During those four days of convention, McCarthy and McGovern correctly, but unsuccessfully, challenged at least 19 State delegations on the grounds of being illegal, unconstitutional, or contrary to the rules of the party. When the August convention concluded, Humphrey received the nomination with 67% of the votes to McCarthy’s 23%. Also beaten by the delegates of the DNC was the Vietnam Peace Plan. Did the votes cast by the people count? Did the public’s voice make a difference? Obviously not. However, important reforms to the Democratic nomination process ensued.
Thirty-two years later we experienced the anguish of another election that dashed the hopes of American voters. Lending credence to the wails of non-believers, the disenfranchised and non-voters, the US Supreme Court overruled the recount of the Florida votes in the dubious 2000 Presidential Election. An unprecedented 36 days after the election, with Al Gore receiving over half a million popular votes more than his Republican rival, George W. Bush was declared President. Did the public’s voice on Election Day make a difference? No. But once again, we are attempting to learn from our mistakes.
The experience of the 2000 Presidential election fiasco and the subsequent exposure of unmitigated election fraud contributed to the introduction and overwhelming passage of bill HR 3295, the Help America Vote Act of 2002 (HAVA). Mandating all 50 states to reform their election procedures, the overview of the new Federal law includes upgrading voting machines, improving registration processes and increasing poll worker training.
The primary goal of HAVA would appear to be to provide a more accessible, accountable and fair election system to our current process. It includes a $3.9 billion price tag to accomplish its goals. HAVA contains many significant mandates. However, there is nothing in it that addresses the problems associated with informational bias in the mass media, party politics during convention, or the archaic Electoral College.
That having been said, it is important to note some of the law’s more meaningful provisions. HAVA includes a mandate that allows voters to correct mistakes in their ballots or be allowed to cast provisional ballots if their names do not appear on the registration list, or if they do not have IDs. It requires polling places to have a minimum of one accessible private voting machine for disabled voters and allows for voting machines that can perform in other languages. The law requires that each state create integrated, computerized, statewide voter registration and provides funding for voter outreach. These are all significant steps, necessary to provide society with an equitable link to our election process. Should these goals be achieved in a forthright fashion, much will have been accomplished.
Unfortunately the specifics of how to implement the mandates of HAVA were left undefined. Each state is free to interpret and implement at its discretion. Having failed to establish uniform standards for any of its mandates, the Federal law is wide open to either progressive or regressive reforms. Herein lies the rub, particularly with respect to the mandate calling for the replacement of punch card and lever voting machines. Without adequate uniform standards for testing and certification of the new electronic voting systems (EVS), also called direct recording electronic (DRE) voting machines, we are in danger of recreating the very problems we are trying to eliminate. While it may appear that virtual voting has the potential to accomplish most of the HAVA reforms in one fell swoop, we must be wary of any reform that does not include standards to safeguard against abuse and misuse of the system.
In a true democracy, everyone of legal age and sound mind must have the opportunity and accessibility to cast their vote. Unquestionably we understand that every vote counts and every vote must be counted. Few would disagree that our election system has been far from equitable for minorities, low income and disabled citizens. Thus, we eagerly cling to the notion that computerized voting is the panacea for our election woes.
Unfortunately this 21st century voting technology has the potential to be far more destructive to our democracy than empowering. Computer scientists from some of the most prestigious universities in the country, John Hopkins, Rice and Stanford, have carefully examined election software and have conclusively determined that these programs have insufficient security safeguards to prevent voter fraud. Diebold, one of the major manufacturers and suppliers of EVS in the nation, mistakenly placed their software code on the Internet. This made it available to computer security experts for in-depth evaluation. The experts concurred that the software is riddled with back doors that can be easily opened, an “open door” so to speak to voter fraud. Avi Rubin, technical director of the Information Security Institute at John Hopkins, made this comment about the “smart cards”, a component necessary in Diebold’s machines to cast a single ballot; “A 15 year old computer enthusiast could make these counterfeit cards in a garage and sell them.”
The security flaws do not exist solely at the user end. From the ability to easily counterfeit administrator and ender cards, to unprotected PINs, improperly encoded data storage, unauthorized accessibility to data during transmission, and unsafe, incomplete and inaccurate software design, the experts found few safeguards against fraud at the administration level. These problems are further exacerbated by the fact that software is not subject to mandatory independent inspection and review of source code.
While these systems require thorough testing, the source code, the information that conducts and controls what actually happens inside the computer, is off limits to outside examination. This convenient veil of secrecy is obtained by licensing the source code as “proprietary software” rather than “open source” or “free software”. Open source or free software is available to scrutiny by anyone at anytime. The source code of open source software is not secret. Proprietary software, on the other hand, is protected from “outside” perusal under the guise of “trade secrets”. In other words, no outside agency, or independent expert may inspect and review the source code without the express permission of the person or entity that holds the software license.
There are three major private corporations that are selling EVS, or DRE voting machines, in the United States. They are Diebold, ES&S and Sequoia Voting Systems. All of these corporations use proprietary software. They will not allow review and inspection of their source code by the government, the public, security experts or election officials, unless a nondisclosure agreement is signed before auditing the code. An audit performed under the protection of a nondisclosure agreement would prevent the inspector from disclosing any of their findings to “outsiders”. This renders the inspection meaningless if the purpose is to inform and protect the public.
If independent experts do not regularly audit voting software, what is the implication? Literally no one but the manufacturer will know exactly what the computer you are using to cast your vote is actually doing with that vote.
In addition to software problems, the touch screen systems are also subject to error. For instance, if a touch screen is misaligned, a voter may choose candidate C but the misalignment may cause the machine to register a choice for candidate A. With no paper audit verification there is absolutely no way for a voter to realize that their vote has been incorrectly cast. Obviously, the absence of a paper audit trail compounds all of the aforementioned problems that exist in computer voting technology.
If we confine our reservations about DRE voting systems (a.k.a. EVS) to the ascertainable security flaws, the inherent error risks, and the inability to conduct independent inspections, we have plenty to be concerned about. For those whose attention is focused on the potential theft of our elections, the current state of electronic voting is a nightmare.
The potential for fraud and the ease with which election results might be manipulated is clear. As previously detailed, several experts in the field of computer science and information security corroborate this assertion. The secrecy that surrounds these systems and their software is the veritable kiss of death to election security. Voting software needs to be secure to prevent abuse of the election process. Experts agree that without independent security researchers verifying source code there are no safeguards against inevitable security flaws.
Add to this nightmare two more glaring inconsistencies in our quest for improved, secure elections and we find ourselves having replaced our ballot box with Pandora’s box.
The omission of voter verifiable paper trails in these systems removes the option for a manual audit or recount should computer error, human error, or intended fraud be suspected. Paper printouts produced after the polls have closed merely duplicate the information stored in the computer and do not address the potential problems and concerns of computer malfunction or voter fraud.
Last but not least, is the non-existence of disclosure regulations. When combined with the inherent security flaws, the absence of outside software evaluation and the lack of voter verification, it takes little more than common sense to realize the stunning possibilities available to those of questionable character with intentions to rob us blind at the polls. Let’s consider a few examples.
Diebold is probably the most egregious spectacle in the computerized voting debate. Approximately 30 states are currently using their virtual voting technology. When experts obtained access to their source code, resulting in an extremely unfavorable evaluation, the official response was that the software examined was outdated and never used. Diebold insisted that their systems were accurate and secure. Yet in February 2003 programmers for Diebold admitted that they put highly sensitive company files on an unprotected web site. What was uncovered in those files was a folder called “rob-georgia”. Georgia state officials eventually admitted that just before the November 2002 election a program “patch” was administered to over 22,000 touch-screen voting machines.
And so the stage was set for Georgia’s unexpected mid-term election results. Incumbent Governor Democrat Roy Barnes was leading in the polls by almost eleven points. The popular Senator, Democrat Max Cleland, was also ahead. Cleland, a Vietnam war-hero was strong on defense and national security. His opponent, Republican Saxby Chambliss, had avoided serving in Vietnam and based his campaign on professing to be more patriotic than Cleland. Both Senator Cleland and Governor Barnes were expected to be re-elected. But when the Diebold voting machines finished the tally, Barnes lost to Republican Sonny Perdue 46% to 51%, a 16% point swing, and Cleland lost to Chambliss 46% to 53%. Could “rob-georgia” have had anything to do with this?
On August 14, 2003, continuing in the corporation’s brazen spirit, the CEO of Diebold Inc, Walden O’Dell, sent a fundraising letter to Ohio Republicans. His request; raise $10,000 each in donations for an Ohio Republican Party fundraiser, in September, at his home. His message; he is “committed to helping Ohio deliver its electoral votes to the President next year.” So what’s wrong with a businessman getting personally involved in politics on his own time? Nothing, unless his business is to supply the state of Ohio with voting machines. On August 15 Ohio Secretary of State Ken Blackwell was prepared to announce Diebold as one of the three firms eligible to sell EVS to Ohio for the 2004 election.
Had it not been for O’Dell’s untimely letter, Diebold might well have been the winner in the lucrative race to outfit Ohio’s 71 counties still in need of HAVA mandated voting machine upgrades. Neither O’Dell’s politics nor his audacious comment is enough to incriminate him as scheming to steal the Ohio election for Bush. It is enough, however, to raise reasonable doubt as to Diebold’s impartiality. It is still uncertain if Diebold will be allowed to participate in the bid, but Blackwell has stated that it might be best to remove them from the process. One can’t help but wonder, had the Georgia scandal been disclosed, would Blackwell have still considered Diebold as a contender?
Sequoia Voting Systems is not without its problems due to disclosure, or rather lack thereof. Multiple counties in Florida are outraged with SVS’s failure to reveal that one of its top executives, Phil Foster, is facing criminal charges in Louisiana. He is charged with two counts of conspiracy to commit money laundering, and one count of conspiracy to commit malfeasance in office.
Florida’s Indian River County is furious that they were not told about the charges against Foster when they negotiated a $2 million contract with him on behalf of Sequoia. County officials are terminating the contract on a legal technicality. Sequoia however, is not eager to let them out of the deal.
Also pending is the $15.5 million contract with Pinellas County. And Hillsborough and Palm Beach Counties are now reconsidering whom they will purchase their voting equipment upgrades from. Disclosure requirements could have saved these counties a great deal of time and the costs associated with such misadventures.
At this point we would be remiss to not examine the Nebraska elections of 1996. This was a curious time of first events for Nebraska. 1996 marked the first year Nebraska utilized the services of vote counting machines in an election. This was the first time Chuck Hagel ran for any political office. This was the first time in 24 years that a Senate seat was won by a Republican. This was the first time Senator Chuck Hagel took office in any elected government capacity.
Hagel’s upsets in both the primaries and general election were astounding. The Washington Post (01/13/1997) reported that his “Senate victory against an incumbent Democratic governor was the major Republican upset in the November election.” Six years later on November 05, 2002 Hagel won his second term in the U.S. Senate with an unprecedented 83% of the vote.
In Nebraska 80% of the votes are counted by ES&S, the only voting machine company certified to count votes in the state. The remaining 20% of the votes are counted by hand. In 1987 the McCarthy Group and the Omaha World Herald Company purchased the controlling interest in ES&S, previously called American Information Systems (AIS) until its name change in 1997. From 1992 to 1995 the Chairman of the Board and CEO of AIS was Mr. Chuck Hagel. Until 1996 Hagel was also the President of the McCarthy Group.
In Hagel’s FEC disclosure documents he included an investment with the McCarthy Group of up to $5 million from 1996 to 2001. But he did not list McCarthy’s underlying assets, which would have included ES&S. As recently as January of this year, Michael McCarthy, Hagel’s campaign finance director, admitted that Hagel continues to own a beneficial interest in the ES&S parent company the McCarthy Group.
At no time did Senator Hagel disclose his affiliations or financial interests in ES&S. Though he was required to report in his 1996 FEC disclosure form that he was still chairman of AIS for the first ten weeks of the previous year, he did not do so. His failure to include them as an underlying asset of McCarthy Group is in review. In both of the Nebraska Senate elections, which Hagel won with astonishing victories, ES&S counted at least 80% of the votes. In short, the company that programmed, installed and controlled Nebraska’s voting technology, had administrative and financial ties to one of the candidates running, Senator Chuck Hagel. Hagel, indirectly, continues to maintain financial interests in ES&S. The direct result of this relationship means Senator Hagel’s net worth increases as ES&S prospers in the election business.
Hagel’s failure to disclose his past and present relationship with ES&S aptly fosters many questions and concerns regarding his personal integrity. More importantly however, are the concerns we should have and the questions we should be asking regarding these obvious conflicts of interest. How do these improprieties affect the sanctity of our election process? If politicians, partisan loyalists and criminals have ties to the manufacturers of our voting systems, is it reasonable to doubt the integrity of our elections? If so, is it not equally reasonable to expect that the disclosure of this information be mandated?
Individuals seeking to enter politics are required to file disclosure statements with the FEC. Why should corporations, seeking to enter our election process, be exempt from similar disclosure requirements? Furthermore, why should election technology and equipment in consideration for purchase with taxpayer dollars be exempt from scrutiny and review by independent experts?
Maryland’s Governor Robert Ehrlich would tell us otherwise. After the John Hopkins report on Diebold software became public, Ehrlich ordered an independent third-party review of the Diebold systems for which Maryland had a $55.6 million contract pending. Diebold agreed, non-disclosure agreements were signed and SAIC conducted the audit.
SAIC concluded; the system is at high risk of compromise. A list of recommended mitigations to reduce the risks was also included.
Reduce the high risk of compromise? This does not inspire confidence, nor does it dispel the concerns illuminated by the John Hopkins report that these systems, Diebold’s in particular, are just short of an invitation to vote tampering. Nonetheless, Ehrlich decided to go forward with the purchase. Why would he seemingly ignore the results of his own audit?
Perhaps Ehrlich’s past experience with Diebold voting machines was enough to satisfy his confidence with the system’s ability to get the job done. In March 2002, Maryland upgraded four counties with Diebold machines. In November 2002, Ehrlich was the first Republican Governor elected in 36 years.
And who is the privileged “outsider” that performed the audit? Science Application International Corp is a giant military contractor, complete with alarming connections to the FBI, CIA and a tarnished past. Here is a summary of what is an impressive list of improprieties:
* 1990 SAIC indicted by the Justice Department on 10 felony counts for fraud in its management of a Superfund toxic cleanup site. SAIC pleaded guilty.
* 1993 the Justice Department sued SAIC accusing it of civil fraud on an F15 fighter contract.
* 1994 SAIC admitted to having falsified test results from a toxic waste dump at DOE’s PORTS and paid $1.3 million in penalties.
* 1995 SAIC settles a suit with a Treasury Department currency plant in Fort Worth, TX. SAIC was charged with lying about security system tests.
* 1996 the GAO filed a report entitled “Department of Energy, Unethical Conduct at DOE’s Yucca Mountain”, citing SAIC’s involvement.
* 2002 Yucca Mountain Project, under the management of Bechtel SAIC Co, fired quality assurance specialist Jim Mattimoe after he cited flaws in the process scientists were using to determine the site’s suitability for nuclear waste disposal. Director of quality assurance Robert Clark was transferred after raising similar concerns about the project’s safety.
* 2003 Yucca Mountain Project reassigned three of their four review team auditors after they cited flaws in Bechtel SAIC’s work procedure revisions.
These are interesting qualifications for a company that is auditing the reliability and security of software to be used in our election process. It might be instructive to note that SAIC is also in the election business with ties to VoteHere. In addition, they are the parent company of Network Solutions Inc. That’s right, the only company authorized to register Internet domain names was purchased by SAIC in May 1995. One can only speculate about SAIC’s agenda.
The business of EVS is extremely lucrative, astonishingly powerful and frighteningly connected to our Republican friends. All of the major players in line to infiltrate our election process are military defense contractors and/or information technology firms. They are heavy contributors to the Republican Party. Most of their clients are state governments and federal agencies. These corporations and their affiliates are the same gang that came out strong in support of HAVA and its mandate to replace those nasty paper ballots. Bush barely blinked an eye before he signed the legislation. And now, many state officials and private well-respected organizations, such as the League of Women Voters and the ACLU, can’t wait to close the deal.
Those leaping like lemmings to virtual voting insist that the systems are secure. Their mantra: until proven otherwise, there is nothing to worry about. With nothing in hand to “prove otherwise”, how would anyone know if there was something to worry about? Some, like the Women League of Voters, insist that requiring a voter verifiable paper trail would impede the process to replace old systems that are inadequate for disabled voters. They prefer instead to rely on the integrity and security of computer systems that are designed, and implemented into our election process, by corporations whose top administrators are of dubious distinction, are fraught with conflicts of interest, and who are busily engaged in clandestine business practices. Not my idea of fixing our election problems.
HAVA is a federal law and the nation is now required to replace punch card and lever voting machines. We are not however required to replace them with EVS. Some states have returned to written ballots that are hand counted. Upgrading to EVS is a very expensive proposition. We will not find ourselves in the near future with additional funding to correct hasty purchases. How can we expect to secure the reliability, security and integrity of these systems if they exist within a dark cloud of secrecy, where all traces of our elections dwell only in cyberspace?
One positive step would be to require voter verified paper trails, unannounced hand recounts of those paper ballots and software source code disclosure. Representative Rush Holt has done just that with HR 2239, the Voter Confidence and Increased Accessibility Act. Since May 2003 this bill has been in the Committee on House Administration. Conveniently, it has not been brought to action on the floor. Perhaps Congress needs to hear from us about this seemingly lost amendment to HAVA.
Ultimately HAVA will do very little to accomplish genuine election reform. Nonetheless, our prudence and vigilance in the implementation of its mandates is all that will ensure that it is not used to further corrupt our election process and government. Genuine election reform will not come until we abolish the Electoral College, implement Instant Voter Run-off, and absolutely remove private corporations from the playing field. Concern and suspicion about fraud, and attempts to safeguard our sacred right to vote, are not wild-eyed conspiracy theories emanating from unpatriotic Americans. As citizens of a democratic society it is our responsibility to ensure the security and integrity of our election process to the best of our ability. Election fraud has always existed in this country. From buying votes, to stealing votes, there is nothing new going on here: not even our choice to pretend that these problems don’t exist.