- Pieties and Pitfalls
- Voting Integrity
- Internet Voting and the Dept. of Defense
- Internet Voting in Colorado
- Mail Ballots
- Electronic Voting Machines
Pieties and PitfallsBack in 1876 in the language of the day, our state Constitution espoused integrity in elections. This requirement still stands. Article VII, Section 11 states: “Purity of elections. The general assembly shall pass laws to secure the purity of elections, and guard against abuses of the elective franchise.”
As if to provide a failsafe should the state legislature neglect its assigned duty, C.R.S. 1-1-107(5) reiterates the words of the Constitution. After specifying duties of the secretary of state, the law states, “The provisions of this section are enacted…to secure the purity of elections and to guard against the abuses of the elective franchise.”
Currently, Colorado has four different means of voting:
- All-mail ballot elections, whereby every eligible elector is mailed a blank ballot.
- Electronic voting, whereby electors vote using Direct Record Electronic voting machines (DREs)
- Paper ballots, whereby electors vote using paper ballots counted on electronic scanners.
- Internet voting, which has been encouraged by the Department of Defense’s Federal Voter Assistance Program (FVAP) for use by military and overseas voters.
All-mail ballot elections, the use of DREs, and Internet voting all have significant election integrity limitations.
Voting Integrity ComponentsAs of 1947, to protect the “purity of elections,” our state Constitution specifically requires the “secret ballot” to avoid vote coercion, vote buying or vote stealing. (See “Article VII, Section 8. Elections by ballot or voting machine. All elections by the people shall be by ballot, and in case paper ballots are required to be used, no ballots shall be marked in any way whereby the ballot can be identified as the ballot of the person casting it… Nothing in this section, however, shall be construed to prevent the use of any machine or mechanical contrivance for the purpose of receiving and registering the votes cast in any election, provided that secrecy in voting is preserved.”)
Other components of voting integrity include:
Elections must be fair, with all eligible electors having an equal opportunity to vote.
Elections must be accurate, so that only eligible voted ballots are counted, and counted as their electors intended.
Election processes must be transparent to allow public oversight of the election-related actions of public employees and private contractors.
All election products must be kept secure from illegal tampering, until there is no more possibility of election challenges.
In their 2012 book, Broken Ballots: Will Your Vote Count?, Douglas W. Jones and Barbara Simons, two election integrity experts knowledgeable about computers and election administration, give this list of bottom line characteristics of good elections in their recent book: auditability, accessibility, accuracy, security, reliability, and usability; they add that these goals are not mutually exclusive, but complement each other.
On its “About” page, the organization Verified Voting defines election integrity as including “accuracy, transparency and verifiability of elections,” along with “the reliability and security of voting systems,” and stresses the necessity “that each vote be counted as cast.”
Internet Voting and the Dept. of DefenseEven though computer experts have tried to get the word out that use of our present Internet for voting endangers the integrity of elections, over thirty states in U.S., including Colorado, allow some use of electronic returns of voted ballots for counting, especially for military and overseas citizens.
“Proposals to conduct voting pilots using real elections continue to reappear both in the U.S. and elsewhere, seemingly independent of warnings from computer security experts. While the appeal of Internet voting is obvious, the risks, unfortunately, are not, at least to many decision makers. While very few votes have ever been cast in American elections directly through a web interface, many states already allow military and overseas ballots to be returned via fax and email. Yet voted ballots sent via [the] Internet simply cannot be made secure and make easy and inviting targets for attackers ranging from lone hackers to foreign governments seeking to undermine US elections.
“Despite that, as states provide electronic delivery of blank ballots, some are using the Internet for return of voted ballots via email attachments. Vendors of online election software, with a vested interest in selling their products, of course downplay the inherent risks and promise the oxymoronic “Internet security[.]” But experts in computer security maintain that nothing sent over the Internet is secure. [A] Voter’s personal computers, from which emails are sent, are easily and constantly attacked by viruses, worms, Trojan Horses and spyware.
“Once a voted ballot is emailed, it moves between many different servers located all over the planet, and is subject to compromise by anyone with access to any of those machines. And the election official on the receiving end has no way to know if the voted ballot she received matches the one the voter originally sent, no matter how well secured their county computer services may be, and no matter how much has been spent licensing software and upgrading their systems.
“There is no way to guarantee that the security, privacy, and transparency requirements for elections can all be met with any practical technology in the foreseeable future. Anyone from a disaffected misfit individual to a national intelligence agency can remotely attack an online election, modifying or filtering ballots in ways that are undetectable and uncorrectable, or just disrupting the election and creating havoc. There are a host of such attacks that can be used singly or in combination. In the cyber security world today almost all of the advantages are with attackers, and any of these attacks can result in the wrong persons being elected, or initiatives wrongly passed or rejected.”
With scientists discouraging use of the Internet for voting, why have so many states used it anyway? Surely the Department of Defense’s Federal Voting Assistance Program (FVAP) must bear some responsibility for this. For years, the FVAP has promoted Internet voting.
In 2004, scientists hired by the Department of Defense (DoD) exposed the insecurities of a DoD Internet voting program, and it was cancelled. However, the FVAP efforts to bring about Internet voting continued, to the consternation of interested scientists.
Also, over a number of years, the FVAP used its position as administrator of a federal Act meant to help military and overseas citizens to press for adoption of Internet voting through its program of “Legislative Initiatives.” Every Secretary of State or the equivalent were sent annual customized letters crusading for states to adopt a number of initiatives, among them Internet voting. This was ostensibly to help raise the number of eligible military and overseas citizens able to receive and return their ballots by election day. But, given the scientific realities of internet voting, one might wonder if the goals of this initiative were truly benign.
In October 2009, the federal Military and Overseas Voter Empowerment (MOVE) Act was passed with provisions to help make it easier for military and overseas citizens to vote successfully. The law required local U.S. election officials to mail absentee ballots for federal elections to military and overseas voters 45 days before an election; the law also permitted electronic transmission of blank ballots to voters. But, significantly, the law made no mention of allowing electronic returns of voted ballots.
FVAP showed no such restraint. In its annual letters to Secretaries of State dated November 2009 (a month after the MOVE Act was passed), FVAP got behind the MOVE Act’s new measures, but then went its own way. We quote from a copy of the letter sent to Colorado’s then Secretary of State Buescher:
“The enclosed initiatives focus on sending ballots to voters at least 45 days before the election. FVAP also recommends the expanded use of email and online transmission for all election materials throughout the entire absentee voting process [italics added], replacing fax and postal mail where possible. Until secure programs for the electronic transmission of voted ballots are established, we recommend that States allow voters to return static copies of voted ballots through available electronic means. However, the decision to send a voted ballot by unsecure [sic] electronic means must rest with the individual voter with their full understanding they necessarily relinquish their right to a secret ballot.”
This wording is deceptive. No mention is made, as it is with warnings from computer scientists, that anything but a loss of individual privacy is at stake with electronic return of voted ballots via email. The secret ballot was originally established as a way to lessen control by others over individuals’ votes with bribes or intimidation. Email return of voted ballots risks election integrity in ways never even hinted at by FVAP.
There is another way the FVAP appears to be supporting the adoption of Internet voting. The Electronic Information Privacy Center has recently filed a lawsuit against the FVAP for refusing to release results of tests performed on the online ballot marker, a device used in Internet voting.
Internet Voting in Colorado: The UMOVA BillThe 2009 FVAP letter to Colorado not only urged online voting; it also encouraged participation in the drafting of a model bill initiated by the Uniform Law Commission (ULC) that was intended for adoption by all states; it would be called the “Military Services and Overseas Civilian Absentee Voting Act.” Colorado’s Secretary of State Buescher sent State Representative Clair Levy to be on the Drafting Committee for this bill.
ULC model bills allow “observers,” also referred to as “stakeholders,” to attend and participate in meetings alongside committee members. One observer of note was a representative of Scytl, one of the two main vendors of Internet voting systems. Another was Bob Carey, Director of the FVAP, who submitted the 2009 FVAP Legislative Initiatives for the Committee’s record.
Was the final language of the model bill (known as “UMOVA” and passed in July, 2010) influenced by the observers from the FVAP and the Internet voting vendor Scytl? No word-for-word transcriptions of meetings are available on the ULC website.
However, the March 17, 2009 report of the American Bar Association (ABA) Advisors to the Drafting Committee discussed provisions of the federal MOVE Act, saying, “It does not authorize, for security reasons, electronic transmission over the Internet of voted ballots from the voter.” (Italics added.)
The Prefatory Note of the UMOVA bill has a different emphasis regarding internet voting, saying, “The act… does not require the use of electronic means for transmitting voted ballots. This is because no consensus yet exists on the question of whether and how electronic voting can occur securely and privately.” The ABA Advisor’s comment on security probably referred to a consensus as well — that within the scientific community, Internet transmissions are too insecure for sending voted ballots.
Although the major justification for the model bill was to create uniformity of state laws, when the UMOVA bill came before a Colorado legislative committee, two out-of-town lobbyists showed up to testify: one was from the FVAP and the other from the Uniform Law Commission. Both stated that it was acceptable if existing state law was at variance with model bill language. One of the lobbyists specifically mentioned allowance of electronic return of voted ballots as acceptable.
Colorado law has allowed electronic return of voted ballots by email or fax, but only if there is no more secure method such as mail available or feasible. With the MOVE Act increasing the likelihood of timely voting for military and overseas citizens without the use of electronic return of voted ballots, the insecure electronic option could have been used infrequently, if ever. However, the Colorado Department of State has steadfastly neglected to reinforce the conditional aspect of the Colorado Revised Statutes in Rules. Ignoring the statutory exceptional use of electronic returns puts military and overseas voters’ ballots unnecessarily at risk.
The Colorado legislature passed a law to allow the development of “an Internet-based voting pilot program…commencing with the general election held in 2012.” The statute promised an amazing array of protections for votes in this program, including (2)(c): “Verify that the votes of the electors transmitted to the election officials via the internet are private and secure and have not been viewed or altered by sites that lie between the voting location and the vote-counting destination.”
While the pilot project to create “an Internet-based voting pilot project” is described in the statute as funded from the state’s funds, in 2012, Colorado received an FVAP grant of $1,200,000. The Terms and Conditions of the grant state in (a) that these funds are not to be used for the electronic transmission of voted ballots, including by email or fax. In (b), the “Grant prohibits the integration of separate electronic voted ballot system developed at the Recipient’s expense into this funded research project.”
From 2009 to 2013, the FVAP spent 85 million Congress-appropriated dollars for research grants to the states, according to an article by Greg Gordon and posted by McClatchy. The article says, the “office of Pentagon Inspector General John Rymer is taking a hard look at systems like Nevada’s to see whether they’re violating a prohibition on the use of Defense Department grant dollars to create online voting systems… The prohibition was spurred by concerns that those systems are vulnerable to hackers.”
Everyone Counts (E1C), another main internet voting vendor besides Scytl, has contracted with the Colorado Department of State to provide services statewide beginning with the June 2012 Primary Election through fiscal year 2016-17. These services include a ballot-on-demand system and an online ballot-marking device. The online ballot-marking device can be coupled with a return of voted ballots by email or fax, especially since the Secretary of Defense isn’t enforcing the law that a non-electronic mail option of return trumps an electronic one. We wonder what Pentagon Inspector General Rymer will make of Colorado’s distribution of funds to support a program making unnecessarily risky use of email ballot returns?
Then and NowMail ballots, once an option only for voters who were absent from their home county on Election Day, have become widely used in some states. A gradual increase in the general use of mail ballots in Colorado has finally resulted in all-mail ballot elections, but with an option for electors to vote their ballots in person at one of the new Voter Service and Polling Centers (as opposed to the traditional precinct polling locations).
A few years ago, a lobbyist for the Vote By Mail Project frequented the halls of the state Capitol, urging general use of mail ballots. In 2008, the director of the advocacy arm of the Vote By Mail Project told a CFVI member that the organization was a program of the League of Rural Voters, and that its support came mainly from the union SEIU, the postal unions NALC and APWU, and the Gill Action Fund based in Colorado.
The Vote By Mail Project is apparently defunct; its goal seems to have been incorporated into America Votes, which has a broader mission. American Votes calls itself “progressive,” includes a wide group of supporting organizations, and is Democratic in leaning. Although it no longer reveals its funding sources, it gets considerable funds from unions.
Purities and ImpuritiesBack in 1876 in the language of the day, our state Constitution made integrity in elections the duty of the legislature. This requirement still stands. Article VII, Section 11 states: “Purity of elections. The general assembly shall pass laws to secure the purity of elections, and guard against abuses of the elective franchise.”
As if to provide a failsafe should the state legislature neglect its assigned responsibility, C.R.S. 1-1-107(5) reiterates the words of the Constitution. After specifying duties of the secretary of state, the law states, “The provisions of this section are enacted…to secure the purity of elections and to guard against the abuses of the elective franchise.”
As of 1947, to protect the “purity of elections,” our state Constitution specifically requires the “secret ballot” to avoid vote coercion, vote buying or vote stealing. (See “Article VII, Section 8. Elections by ballot or voting machine. All elections by the people shall be by ballot, and in case paper ballots are required to be used, no ballots shall be marked in any way whereby the ballot can be identified as the ballot of the person casting it… Nothing in this section, however, shall be construed to prevent the use of any machine or mechanical contrivance for the purpose of receiving and registering the votes cast in any election, provided that secrecy in voting is preserved.”)
Mail ballots are undoubtedly more vulnerable to violations of this Constitutional requirement of a secret ballot than paper ballots cast at a polling place. When an elector votes in a polling place, his or her identity is determined at a physical distance from where he or she marks a ballot and drops it into a ballot box. In Colorado, regulations for voting in person are supposed to afford voters privacy in marking a ballot unless a voter requests assistance.
Mail ballots do not afford this level of privacy. In Colorado, assuming a mail ballot arrives intact at a clerk’s office to be counted, it returns in an envelope with a voter’s name, address and signature. Inside, the paper pocket known as a “secrecy sleeve” contains the voted ballot. This is the only physical separation of a ballot and its voter’s identity. For a valuable discussion of mail ballot violations of the secret ballot relative to precinct polling place elections, as well as a broader discussion of mail ballots, see a 2013 newsletter titled “Mail Ballots and Elections — What We Have Lost” by Charles Corry, PhD, noted expert on both electronic voting and mail ballots.
Third Party Delivery of BallotsRegrettably, Colorado law allows a practice encouraging violation of the state Constitutional requirement of a secret ballot, and any semblance of “purity of elections.” This is because Colorado voters are specifically permitted to give their ballots to individuals (in addition to those employed by the US Postal Service, or election officials retrieving ballots from institutional settings) for delivery to a voter service and polling center (VSPC). Without the relative protection of polling place in-person voting, electors can be coerced into handing over their ballots by employers or unions. It is easy to see how third party ballot collectors can violate ballot secrecy or worse; such collecting could result in non-delivery, ballot tampering, and vote buying.
For several years, Colorado has allowed one person to deliver up to ten ballots for others per election, up from a previous limit of five ballots (C.R.S. 1-7.5-107(4)(b)(B)). However, at least at the county level, no enforcement mechanisms limit the number a person can deliver. One person can get away with delivering any number of ballots for others with impunity.
In the video, MAIL BALLOTS AND DIRTY TRICKS: Citizens vs Monied Interests in a Colorado Town, lawyer Alison Maynard is interviewed about her pro-bono representation of citizens in two municipal elections in Castle Rock, Colorado in 1998 and 1999. The video shows how absentee ballots and third party deliveries were used by unscrupulous operatives hired by real estate developers to help defeat two citizen initiatives, the first to put a six-month moratorium on building permits, and the second to replace the six of seven town council members who were pro-development.
ConvenienceVoting by mail has often been touted as a “convenience.” But is it equally convenient for all citizens? Project Vote’s report of June, 2010 would say not: “What some groups may overlook in their enthusiasm about voting by mail is that it does not always serve underrepresented or vulnerable populations as well as traditional polls.…studies show that voting by mail has not been a magnificent success among low-income communities of color (in inner cities and rural areas), because of higher mobility rates and poorer mail service among these populations, among other factors.” The report concludes: “The most challenging or mobile populations have always been the hardest to serve, but it is government’s job to reach them, not to sweep them aside in a rush for ‘progress’.”
The recent re-vamping of polling locations in Colorado, which are now called “Voter Service and Polling Centers, (VSPCs) coincided with all-mail ballot elections. For those wishing to vote in person, the number of polling places has been drastically reduced. There were 288 VSPCs statewide for the 2014 election, as opposed to 2192 precincts, formerly used for in-person voting. Surely, this further inconveniences those without a car or convenient public transportation, in addition to less reliable access to mail ballots.
The video “Mail Ballots and Dirty Tricks…” suggests that mail ballots may prove the greatest convenience to deep-pocketed special interests that can hire operatives to collect voters’ ballots and employ dirty tricks. But the video documented elections in 1998 and 1999. What about today? Do monied special interests have an advantage in use of mail ballots over the less fortunate now as well?
To consider this question, we read media reports about the special municipal election of June, 2014 held in Loveland, CO, where an initiative supported by the citizen group Protect Our Loveland (POL) placed a two-year moratorium on hydraulic fracturing within the city limits. Just as in Castle Rock, there was an opposition group operating locally, known as Loveland Energy Action Project (LEAP). It was financed by natural gas proponents.
There was at least one similarity between the use of mail ballots in the Castle Rock elections and the Loveland election. In both elections, there were third party efforts to collect voted ballots. But more striking were the multiple reports of ballot collection efforts by persons falsely claiming to be city officials; one report said they wore badges. They knocked on residential doors and asked to collect voted ballots to return for counting. The identical scam was used in Castle Rock sixteen years earlier. In Castle Rock it was clearer that the sham officials were working for the special interest (developers), not the citizens. In the case of the Loveland election, both sides denied that the men were associated with their organization. To assign blame to one side or another would take research beyond media reports.
Possible parallels in the behavior of the opposition in both the Castle Rock and Loveland elections include:
- The opposition challenged legitimate petition signatures already approved by the town clerk, which helped stall finalization of an election date.
- The election date was moved because of opposition pressure, to a special election run by the town clerk.
- The majority of the city council members were against the initiative.
- The citizens were vastly outspent by the special interest.
- The initiative was defeated.
Even just the media-published evidence of impersonation of city employees to collect voted ballots for the Loveland election, whether the phony employees were sent out by monied special interests or citizens, suggests that unregulated numbers of 3rd party voted ballot collection comes with dirty tricks and illegal behavior.
Third-party delivery of others’ voted ballots should be limited by statute to one or two ballots given by relatives or close friends, with some proof of the voter’s consent.
Electronic Voting MachinesAfter the 2000 Presidential election, in 2002 Congress passed the Help America Vote Act (HAVA), which included an allocation of funds for states to buy electronic voting machines to replace punchcard and lever machines.
One of the options which HAVA allowed was direct-recording electronic (DRE) voting machines — a very bad choice in terms of election integrity.
Alarmed by the serious inadequacies of DREs for voting, Stanford professor David Dill initiated a Resolution on Electronic Voting which was circulated among fellow computer scientists and others.
The Resolution articulated the need for voting machines to produce a voter-verified paper ballot suitable for audit. It also mentioned that there were safer options than unauditable DREs available for purchase, including “Touch screen machines that print paper ballots” that, like the DREs, have the advantage of “potentially improved accessibility for voters with disabilities.”
Here are excerpts from the Resolution:
“Computerized voting equipment is inherently subject to programming error, equipment malfunction, and malicious tampering. It is therefore crucial that voting equipment provide a voter-verifiable audit trail, by which we mean a permanent record of each vote that can be checked for accuracy by the voter before the vote is submitted, and is difficult or impossible to alter after it has been checked…
“In response to the need to upgrade outdated election systems, many states and communities are considering acquiring “Direct Recording Electronic” (DRE) voting machines (such as “touch-screen voting machines” mentioned frequently in the press). Some have already acquired them. Unfortunately, there is insufficient awareness that these machines pose an unacceptable risk that errors or deliberate election-rigging will go undetected, since they do not provide a way for the voters to verify independently that the machine correctly records and counts the votes they have cast. Moreover, if problems are detected after an election, there is no way to determine the correct outcome of the election short of a revote. Deployment of new voting machines that do not provide a voter-verifiable audit trail should be halted, and existing machines should be replaced or modified to produce ballots that can be checked independently by the voter before being submitted, and cannot be altered after submission. These ballots would count as the actual votes, taking precedence over any electronic counts…
Available Alternatives to DRE Machines
“…At this time, the only tried-and-true technology for providing a voter-verified audit trail is a paper ballot, where the votes recorded can be easily read and checked by the voter. With appropriate election administration policies (for example, ensuring the physical security of ballots), voters can be reasonably confident of the integrity of election results. Two specific alternatives that are available now are:
- Precinct-based optical scan ballots. The CalTech/MIT Voting Technology Project found them to be the most accurate at recording the voter’s intent and not significantly more expensive per vote than touch-screen machines.
- Touch screen machines that print paper ballots. Such systems would have many of the advantages of DRE machines, including potentially improved accessibility for voters with disabilities. There is at least one such machine that is certified in several states.”
It was an uphill battle for computer scientists to be heard on the unacceptability of DREs, as DRE vendors exerted their influence on a number of fronts.
Colorado was one of many states that spent HAVA money on DRE voting machines. HAVA required that accessibility for the disabled could be met by having at least one DRE “or other voting system equipped for individuals with disabilities” per polling place. Yet those of us working for verifiable elections in Colorado remember Secretary of State Davidson and multiple county clerks publically mentioning only the DRE option for purchase with HAVA funds, and not the AutoMark, a touch screen machine printing paper ballots. DREs were vigorously promoted over more a more secure alternative.
One major effort to exclusively promote DREs was the disinformation campaign waged by part of the disabled community. Funded by vendors of DREs, the National Federation of the Blind, and the American Association of People with Disabilities specifically touted DRE machines as a solution to allow the disabled to vote without assistance. (If truth be told, according to computer experts Doug Jones and Barbara Simons, DREs are not actually accessible for severely deaf-blind voters!) In chapter 9 of their excellent book, Jones and Simons give a compelling account of the role these disabled organizations played in steering election officials to purchase DREs rather than the ballot-marking AutoMark, which could be made accessible to disabled voters and which produced a paper ballot suitable for auditing.
On the third page of chapter 9, the authors describe how preeminent apologist for DREs Jim Dickson, accompanied by a group of disabled persons in wheelchairs, stormed a meeting of verified voting election activists and experts in Denver. The meeting was ably run by Al Kolwicz, a Coloradan long concerned with election integrity. Also in attendance were both of the authors, as well as a current CFVI member.
Despite his disruptive arrival, Dickson was treated so cordially that at the meeting’s end, he promised to look into the experts’ criticisms of DREs. However, witnessing Dickson speak at several subsequent gatherings of election experts, the CFVI attendee noticed no modifying of his public crusade for DREs. The focus on the quest for disabled independence in voting was just one strategy to sell the DRE Trojan horse.
For a while, computer scientists concerned about the unauditability of DREs campaigned for the attachment of a printer to the DREs so that voters could check their machine vote for accuracy. Unfortunately, many voters never bothered to look at the paper copy to either confirm or correct their vote. The resulting incomplete paper records could not be used to accurately audit the machine votes.
Election activists in Boulder County succeeded in convincing their clerk and recorder to purchase scanners to count votes entered on paper ballots, but this informed lobbying did not occur often. And since the Colorado Department of State never pursued certification of the AutoMark, there was still the HAVA requirement of one “accessible” DRE voting machine per polling place.
This HAVA requirement is still operative in Colorado, although machines purchased with HAVA funds are now over a decade old and wearing out. Colorado, having recently gone to all-mail ballot elections, has also severely cut the number of polling places in a county.
The state is currently considering the selection of machines for new voting systems. We shall lobby that the new voting systems serve democratic elections better than the last.
It is discouraging to note that after elections with equipment funded by HAVA, the insecurities of our unverifiable voting methods go unmentioned in post-election analyses. It seems that pundits and media do not know or care to mention the extent to which our elections can potentially be hijacked surreptitiously. We election integrity advocates have hard work ahead of us.