Reported over at Internetnews.com.
The National Institute of Standards and Technology (NIST) is recommending that the 2007 version of the Voluntary Voting Systems Guidelines (VVSG) decertify direct record electronic (DRE) machines
Not verified yet, but this could be a very major development, if true.
I don’t completely agree with ba
ing all DRE- they play a valuable role for disabled voters and a few other demographics. During the last election I watched one older gentleman leave to go get a magnifying glass, since he couldn’t read the optical scan ballots.
Requiring a stronger voter verified paper record for a recount, rather than ba
ing all DRE, seems more reasonable.
Reader interactions
4 Replies to “NIST Recommending Decertification of DRE E-Voting?”
I agree that psychological factor is important for elections, but I’‘d argue for more precision about using the term “recount”.
There is a statistical phrase about how it is impossible to actually count 100 pennies—every time you do the count you get a different result. You can reduce the margin of error, but you never really have a hard count. And the recount rules, dating back to a pre-machine error, are designed to solve that problem.
We also have assumed our modern “Australian” paper ballots are pretty safe in this country, so we usually don’‘t like to move beyond the recount. Given the low number of very close races (less than 10 an election cycle) it’s a system that works.
However, what we’‘re seeing now are court challenges. You always had that option—after you lost a recount, you could go to court and say “well, the election was bad from the start so the recount is meanignless.” This is where you can bring up hanging chad standards, dissparate standards across states—and potentially flawed DRE. The question there will be proof—how do you show a DRE failed to properly record votes outside some sort of paper ballot. What is happening now is the “margin of litagation” which used to be very high is no getting smaller—- close races that courts would not look at now are being torn apart by lawyers challenging everything.
My problem is that at that point a paper ballot isn’‘t real proof of anything—chain of custody issues—boxes of paper ballots are just asking for someone to lose a box or two in the month leading to the court challenge—and what you really want to do with DREs is not a recount, but crack open as many machines as possible to find out if someone was tinkering.
So, from a fraud standpoint, I’‘m not sure how helpful the paper receipt will be.
The cryptographic stuff that NIST mentions is good—you get a coded receipt that you can then check your vote later to make sure it is accurate—although you may be opening up another can of worms there.
Yeah, the more I dig into this, the more I realize a lot of woes trace back to that law. What a surprise.
Recounts are still important for two reasons. First, even with computers the possibility of error is highly likely in an election. Ballot boxes (virtual or real) are missed, systems aren’‘t perfect, and we compress the process for immediate results, increasing any chance of error. The second reason is psychological- we desire a mechanism for validation when results could spawn conflict. I read an interview with Gore lately where someone asked if he agreed with the result from his own loss, and if not, why didn’‘t he do something? His response was that once the Supreme Court ruled his options were to go along, or start an armed revolution. We, as humans, just seem to need these processes (which, for statistical reasons, are also necessary).
Even with optical systems, I suspect the outcome wouldn’‘t always be the same- even computers aren’‘t that good.
Your second point is a big one- checksums alone aren’‘t enough, since there are ways to defeat them. Multiple hash techniques is probably the best option.
OK, after some digging aound I have a better handle on this subject.
NIST is giving technical assistance to the EAC to create the new 2007 VVSG guidelines (the old ones were from 2005, taking effect this year). All of this was created by HAVA.
After reading the NIST, they concern is about “Software Indepdence” (“SI” in government acronym talk) or, as they define it “software-independent if a previously undetected change or error in its software cannot cause an undetectable change or error in an election outcome. In other words, it can be positively determined whether the voting system’s (typically, electronic) CVRs are accurate as cast by the voter or in error.”
Since they find that all DREs today (except optical scan) are not “SI” they are recording they are not included in the next VVSG.
Now, having more optical ballots is not a bad thing—I think the only ones who are hurt are elderly folks who might have problems filling in the little circles. Error rates on optical ballots are not bad. Cost is an issue. EAC got some money in 2004 to distribute back to the states but I’‘m not sure how much is left.
I’‘ll make two quick points:
1. Again, to hammer home the issue—is this a technical problem, or one where the technology has outpaced the underlying law? NISTs concern is not about hackability per se, it is about the ability to do a meaninful recount. Is that a valid concern? Should there be a better way to resolve disputed elections? Recounts make sense with paper ballots and manual counting, but do they always make sense? Let me give you an example. Take a recount with optical ballots. Outside smudged marks, the recount would be the same as the orginial count. The issue would be people would say “Well, my paper reciept was not the same as when I pushed the vote button, clearly something is rigged” which throw elections like that into the courts. Also the issue of “bad ballot design” is not something arugable in a recount procedure.
2. What is the best way to secure the machines? I always thought some some of checksum to make sure the software is the same as when it was installed is enough. Under NIST’s proposal it is not. What is the best way to make sure the software on the machine is the same as the installed software? If the installed software is bad, then you have a bigger problem—your local voting adminstrator may be corrupt.
But that is not an issue for a recount—it is a factual issue that a judge would look at.
HAVA has been a disaster all around.
Rich:
Great digging here. I’‘m reading the report this weekend, and it’s not clear to me what role NIST plays in the actual certification process. Some this may be just 80% smoke. I need to do some digging as well.
My first take is that again the problem is not so much the DREs as the recount legislation—in a recount with DRE you want to do more than just tabulate the results again—you want to tear the machines apart to see if they are working properly.
A quick read through the NIST papers suggests that they are afraid of lot of straw men that I’‘ve been railing aginst – the one hacker taking down an election—and not on improving diversity in both vendor and voting authorities.