VT Secretary of State Deb Markowitz "responds" to security problems found with state's voting system
Brennan report finds security vulnerabilities in Diebold optical-scan system; Markowitz promises audit this Fall, but some of her recent statements raise serious questions
August 30th, 2006
Gary Beckwith, Vermonters for Voting Integrity
Several recent independent studies on electronic voting machines including the Brennan Report have discovered and confirmed significant security vulnerabilities. The most recent study concludes that "All three voting systems have significant security and reliability vulnerabilities, which pose a real danger to the integrity of national, state, and local elections." Many states are taking action to increase security on the systems in use. Vermont Secretary of State Deb Markowitz recently addressed the issue in an interview on WDEV radio with host Mark Johnson.
In the interview Deb states that an audit will be conducted on this November's election, to check the accuracy of the computers. In the audit, a random sample of the ballots will be selected and hand counted to verify the computer count.
Vermonters for Voting Integrity applauds Ms. Markowitz's decision to conduct an audit this November. This is something we have been pushing for, for quite some time. However the Secretary of State has not gone far enough, as the Brennan Report calls for random audits on ALL elections, not just the one this November. And a close listen to the interview reveals some significant problems with some of Ms. Markowitz statements, which seem to contradict the facts in some cases.
Rather than tell you about what she said, we invite you to listen for yourself. Below we have the entire 44 minute interview for you to listen to online. As well we have a transcript for some of the most important statements which deserve attention, and some objective commentary.
We do give credit to Ms. Markowitz for announcing the audit but at the same time, we are very confused about some of her statements in the interview:
|
Deb Markowitz interview, WDEV Radio, host Mark Johnson
4:10
Markowitz: What was really great about this (Brennan) study that came out is that it showed that Vermont's on track and that our procedures and the procedures we have in place are the recommended procedures and, so, we can feel really confident here; it was affirming.
VVI Commentary:
This is simply not true. Vermont does NOT have several of the recommendations of the Brennan Report in place. The very first recommendation of the Brennan Report is "CONDUCT AUTOMATIC ROUTINE AUDIT
OF PAPER RECORDS." The audit that will be conducted this November is not automatic or routine. The audit is at the discretion of the Secretary of State, and she (or a future Secretary) could just as easily decide not to have an audit in the next election. As the report states, we need automatic audit procedure in place for every election. We call on our legislators to enact legislation to this effect, and for Deb Markowitz to support such legislation, which we do not currently have.
Another recommendation Vermont is not in compliance with is #5 which states "ENSURE DECENTRALIZED PROGRAMMING AND VOTING SYSTEM ADMINISTRATION." This refers to the fact that the greatest vulnerability exists when the election is set up by a small group of people at a single company. In Vermont this is a very real problem because all the memory cards for the optical scan machines are sent to one centralized location before each election, where they are programmed by a small number of people at a single company.
And recommendation #6 states "IMPLEMENT EFFECTIVE PROCEDURES
FOR ADDRESSING EVIDENCE OF FRAUD OR ERROR." This refers to the importance of having guidelines and procedures in place ahead of time for if the random audit finds a "red flag." Vermonters for Voting Integrity has requested such information from the Secretary of State's office, concerning the procedures and guidelines of the audit. With 2 months to go before the election, the office has not released any details of the audit, what percentage will be counted, or what would happen if a discrepancy of the vote count is detected. Without specific guidelines in place ahead of time, it is possible a problem could be found but no corrective action be taken.
We feel it is misleading to say Vermont is in compliance with these recommendations because we simply are not.
|
5:05
Johnson: I was surprised to read that ... these optical scan machines are hackable and are manipulatable.
Markowitz: Well they're only hackable or manipulatable if you give somebody the (memory) cards. Of course, ... if we took the card, you know there's a computer card, and if we gave it to somebody, they could certainly find a way to hack in and alter results and soforth. And that's why we have a chain of custody procedure in those polling places that use the optical scan machines ...
VVI Commentary:
This statement is misleading and untrue. No one has to give a memory card to anyone for an election to be hacked. The fact is that all the memory cards are sent to a central location at a private company before each election. There, employees have access to the cards. These people have not taken any kind of oath like the Town Clerks have, and they have unfettered access to the the "brain" of the optical scan machines, which could be programmed to do just about anything. We feel it is misleading to say that someone has to be given access to the cards, because that is already the case.
|
16:11
Johnson: So this report, the Brennan Report which talks about problems with optical machines, you're arguing that they're not applicable to Vermont?
Markowitz: well, the hacking arguments, they're not applicable to Vermont, because we have in place the safeties that they have recommended. And that was the comforting piece.
VVI Commentary:
This statement is extremely misleading. The truth is that the findings about the vulnerabilities to a great extent DO apply to Vermont. Several of the safeties they recommended are NOT in place in our state. The Brennan Report should not be seen as comforting to Vermonters in any way. In fact it should raise an alarm that we should take steps to comply with each and every recommendation of the report as soon as possible.
|
23:47
Caller: You mentioned something about the possibility of random audits of the machine tabulated ballots, just to check the accuracy of the ballots. Did I hear recently that we are going to be doing that in Vermont?
Markowitz: Yes we are, that's part of the, sort of, security procedures ... It may be helpful for me to describe the security with respect to our optical scan machines from the life cycle of the vote ... What happens is we've got a machine ... but the machine itself is meaningless. It's the memory card that is what counts. And what happens is that the memory card gets configured by a company that's in, I can't remember if it's in Massachusetts or Connecticut, but it's south of our border ... but it's called LHS. And the way it works, the security begins at configuration, because that's the first place that there could be funny business. The card itself is empty, and there can't be code there that changes outcome, because you don't know how that card is going to be configured. .... There are six machines where these cards are configured. Each of them are independent, they are not networked, they are completely independent, they are not wired to the internet... They are in one room, so everybody configuring is with each other. So back to Vermont's sort of 'tattle tale' method, that you know, if you are coding it, it's a pretty different exercise than if you're simply configuring. So if you're messing with computer code, other people around you could easily notice. In addition, the manager is right there as well, just kind of watching what's going on, so there's one person who's able to observe ... Every card is linked to a particular machine so you know who has configured every town. So remember the goal is transparency, and accountability. You've got transparency because it's all happening in an open room. You've got accountability because we know who configured each card. Then it goes right into a slot ... into the Federal Express package where it's sent and can only be accepted by signature by the town clerk.
VVI Commentary:
This statement is really leaving us scratching our heads. Deb says "You've got transparency because it's all happening in an open room." The fact is that room is behind closed doors of a locked building of a private company. It is anything but transparent. We have absolutely no idea what they are putting on the memory cards because no one is allowed to view the computer code on the machines or watch the programmers work. If this process was transparent, we should be able to observe the programming of the memory cards. The public should be allowed to view the software code. This is not the case and the process is not transparent at all. It is misleading to call this "transparent" in any way. Because this is all done in secret, we are in effect putting our blind trust in LHS and Diebold to count our elections for us. The Secretary of State's office has stated that Diebold is a trustworthy company, but they are facing several lawsuits and investigations for fraud already. We should not be asked to put our blind trust in ANY private company, especially one like Diebold. We have a right to real transparency in our elections!
|
27:18
Markowitz: So all through the process there's this transparency and accountability. The clerk tests the card when she gets it; (she) makes sure it's configured properly because it's certainly possible for someone to make a mistake ... they conduct a random number of tests ... and then the card is used.
VVI Commentary:
This comment gives the impression that the test done by the clerk is effective in making sure the card is configured properly. But all the reports and studies show that these tests can not detect many types of potential problems with the cards. In fact another study by the Voting Systems Technology Assessment Advisory Board found that "Successful attacks can only be detected by examining the paper ballots: There would be no way to know that any of these attacks occurred; the canvass procedure would not detect any
anomalies, and would just produce incorrect results."
|
|
Click here to listen to the entire interview. (10 MB, 44 minutes). The times at the top of each part of the transcript show the approximate place on the recording you can hear that quote.
Are we trying to attack Deb Markowitz?
Absolutely not. We are only printing her own words and being as objective and respectful as possible. As we have stated many times, we applaud her decision to conduct an audit this November. But we are still very concerned that there are several important recommendations we do not have in place, to ensure the integrity of our election system. We do not accuse Deb of intentionally misleading the public about how secure our election system is. It is possible that her statements are the result of being misled by Diebold, which is in fact facing a class action lawsuit for falsely representing their products.
Regardless, it is clear that just conducting one audit is not enough. We need mandatory random audits on all elections. We need specific guidelines to be in place before the audit takes place. We need to have real transparency with our elections, with "open software code" on the machines.
We are drawing attention to this interview because it is the Secretary of State's job to make sure our elections are secure and accurate. From her words it appears she does not fully understand the situation, nor does she plan to take the necessary actions. We respectfully call on Deb Markowitz to look at this issue objectively and realize the evidence is clear that further measures are necessary.
Special Note:
Here's your chance to meet Deb in person and express your concern or ask questions!
Wednesday Sept. 6, Deb will speak and take questions at the DFA meeting in Hinesburg. |
What can you do?
We know that grassroots efforts work because we've seen it happen with our own eyes. We call on the public to contact Ms. Markowitz now and express their concern about election security and the findings of the Brennan Report. Click here for Deb's contact info. And now that you know the facts, you can demand straightforward answers. We also call on the public to help spread the word by linking to this article and distributing this flyer on bulletin boards and car windshields all over the state.
Gary Beckwith is Director of Vermonters for Voting Integrity
|
|
