Comparing Marylands DRE voting to a trusted system

["David Webber \(XML\)" <david@drrw.info>]

Team,

We have an opportunity to study the methods
Maryland are using and compare those to
the latest trusted model.

Interestingly the Maryland procedure has now
adopted many of the aspects of the trusted
process.  So while they may not be aware of
the definition of the process - clearly they are
moving toward one.

They have recognized the need to have separate
verification of the counts, and electoral counts, and
the need to validate and check the software programs
used.

The only issue that I can see here is that their DRE
machines can still be compromised with their
current procedure.

Here's a few attacks I could see that the software could
have and still pass their pre and post election testing.

The most obvious is a small percentage based vote
switching system that only occurs once a certain
number of voters have cast votes - or only on the
election day itself - pre and post checking would
not catch that.

Similarly if one of the key cards (used by voters
to access a DRE) was a special card, that when
inserted into the voting machine activated
the switching logic - that would also be another attack.
Since the cards are rotated through the machines on
voting day - eventually each one would be triggered
by the special card - (and the vendor does control
the supply of those cards BTW).

Third - the counting and tallying software could be
compromised - so even though all the counts coming
from the voting stations are correct - they can be
manipulated on the tallying side - to shift votes
there too - and especially because there is no way
to crosscheck votes against separate paper ballots.

But specific attacks are not the point - they could test
for my three here - and still fail to catch another attack
we've not thought of.  The problem is that they
do not have an independent VVPB thread in their
voting.  So - while their current crosschecks are
good and necessary - they are not unassailable
because the DRE is doing both the vote taking
and the counting and not printing an independent
paper trail.

You would not expect your bank to write all
your cheques, and balance your account and not
send you statements!  The opportunuity to add
a few pennies here and there on a random basis
would be just too exposed - even if you did
trust your bank.

But their letter does show that they have done
the best they can with a DRE-only system. We
have to give them credit for that.

It is also instructive for us in designing a
trusted process to see how a currently fielded
system is exposed to risk, and how a trusted
process can remove those risks.

DW

----- Original Message ----- 
Sent: Sunday, March 06, 2005 11:33 PM
Subject: Re: TrueVote Tuesday: Update and New Developments


> Dear Tech Committee,
>
> I received the following letter in the mail from Linda Lamone today.   I
> also attempted to post it on the discussion board.   James are you the
> moderator?  I have to wait 24 hours for it to post.  Might we just close
off
> the board to registered and known users only?
>
> Here is what I posted I received today:
>
> Dear Ms. Pentz:
>
>  Thank you for your correspondence to Governor Robert L. Ehrlich, Jr.
> expressing your concerns about the voting system used in Maryland.  The
> Governor has received your letter and asked me to respond on his behalf.
>
>  Although Maryland's voting system does not provide a voter with a printed
> version of his or her ballot, the voting unit prints a report before the
> polls open on Election Day showing that there are no votes cast on the
> voting unit.  After the polls close, the voting unit also prints a report
> showing the results of the contest on the ballot.   The reports are
printed
> and signed by the election judges in the polling place and are matched
> against the number of voters recorded by the election judge's as having
> voted.   This report, as well as others printed throughout the election
> process, provides an audit trail.
>
>  Maryland has taken numerous steps to verify that the voting system
> accurately records and tabulates votes.   First, the State receives the
> voting system software directly from a federally appointed independent
> testing authority, not from the voting system vendor.  When installed, an
> independent validation and verification process is performed to ensure the
> correct version of the software has been installed.   Second, the State
and
> counties perform numerous tests to verify that the system accurately
records
> and tabulates votes.  Third,  Maryland has implemented recommendations
from
> security experts to reduce the likelihood of unauthorized access to the
> voting system.   All of these actions should assure the public that the
> voting system is accurate and secure.
>
>  In addition to the numerous tests election officials have performed on
the
> voting system, this office conducted "parallel testing" on randomly
selected
> voting units during six counties' required public demonstrations and on
> Election Day.   Parallel testing is a method of testing an electronic
voting
> unit.  At the conclusion of each parallel test, the hand-tallied results
> matched the voting unit results.  These results confirm the accuracy of
the
> voting system.
>
>  Thank you for your interest in Maryland's electoral process.  If I may be
> of any further assistance on this or any other election-related matter,
> please contact me at 410-269-2840.
>
>                                                           Sincerely,
>
>                                                           Linda H. Lamone
>
>                                                          State
Administrator
>
>