Philly ignores cybersecurity and disability access in voting system selection

The Philadelphia commission has not earned much confidence when it comes to election oversight

Published February 16, 2019 5:59AM (EST)

 (Getty/Paul J. Richards)
(Getty/Paul J. Richards)

The original article appears on WhoWhatWhy.org.
WWW-refresh_concept_single

Philadelphia is about to replace its aging voting equipment. This would be good news, except that the city’s election commission has omitted cybersecurity and disability access as relevant considerations in its Request for Proposals (RFP) to prospective vendors.

The three-member commission appears poised to select as Philadelphia’s primary voting system the ExpressVote XL ballot-marking device, which the state of Pennsylvania has panned — on the issue of disability access.

Procuring such a system would fly in the face of the consensus opinion among independent cybersecurity election experts, who recommend hand-marked paper ballots (counted on scanners or by hand) for most voters, not ballot-marking devices.

The Philadelphia commission, which includes two Democrats and one Republican, has not earned much confidence when it comes to election oversight, heightening worries that it may make a bad decision in selecting new voting equipment. In 2017, advocates charged that as many as 17,000 would-be voters might not have made it onto Philadelphia’s voter rolls despite filing timely applications. And in the 2018 midterm elections, it was reported that “at least seven voting locations opened late, and at least 13 other [Philadelphia] locations experienced voting machine problems.”

Philadelphia voters also complained of long lines. One of the commission’s members, Democrat Anthony Clark, has received substantial local media coverage for his failure to vote in five recent elections, including the 2012 presidential election, and for being AWOL at work. According to NBC10 in Philadelphia, Clark “keeps no public calendar, agenda, or attendance record. He doesn’t even have a computer on his office desk.”

Although the commission has not endorsed a specific system, Pennsylvania resident Rich Garella recently expressed concern in an op-ed that the commissioners have “indicated their strong preference for a full-face voting system that displays the entire ballot at once, as our current machines do. Since there’s only one system like that on the market, the ES&S ExpressVote XL, it appears there’s a thumb on the scale for a preferred vendor’s most expensive product. If the ExpressVote XL were the best choice for Philadelphia, this would be less troubling. But compared to other options, this … is the worst choice.”

Garella’s prediction about the commission’s likely selection of the ExpressVote XL aligns with Philadelphia’s RFP, which gives great weight to “the solution’s ability to provide a ballot face and style that accommodates the City’s large candidate pool and offers a familiar look and feel, as well as ease of use.” (See p. 22 of linked RFP.)

The Pennsylvania State Department lists only five systems currently on the market that are certified (or soon to be certified) for use in the state, and the ExpressVote XL is the only full-face option among them.

The RFP’s omission of cybersecurity as a relevant consideration also favors the ExpressVote XL because independent cybersecurity election experts overwhelmingly recommend that jurisdictions move to hand-marked paper ballots. An exception is suggested for voters who are unable to hand mark their ballots.

The expert consensus among independent cybersecurity experts specifically cautions against universal use of machine-marked paper summary cards from ballot-marking devices like ExpressVote XL, which some election officials and voting system analysts misleadingly call “voter-marked paper ballots.” (There is no universal definition of “paper ballot,” which is what allows them to do this.)

The National Election Defense Coalition and Verified Voting, two nonpartisan election integrity nonprofits, likewise recommend hand-marked paper ballots as a primary voting system, as opposed to machine-marked so-called “paper ballots” from ballot-marking devices.

The dangers of the latter system are significant. A recent study shows that most voters don’t review the machine-marked printouts generated by ballot-marking devices, even when instructed to do so. Often, voters who do undertake such a review fail to catch inaccuracies.

This means if the ExpressVote XL were secretly programmed or hacked to change the voters’ selections as reflected on the paper printout, it is likely that most voters would not notice the difference. The same would be true of unintentional programming “glitches.”

Like all touchscreen systems, the ExpressVote XL also depends on power and is, therefore, susceptible to power outages and attacks on the power grid, a vulnerability that does not exist with hand-marked paper ballots.

And unlike hand-marked paper ballots, touchscreen systems predictably cause long lines because they limit the number of voters who can vote at once to the number of working machines at the polling place. Touchscreen systems are also subject to frequent operator error, which should come as no surprise to anyone who’s ever used a touchscreen computer.

In addition, the machine-marked printouts from the ExpressVote XL include barcodes that purport to encapsulate the voter’s selections. These barcodes, which humans can’t read and verify, are the only portion of the so-called “paper ballot” that is actually counted by the scanners.

Although such barcoded printouts also include human-readable text that purports to summarize the voter’s selections, the recent study mentioned above shows that most voters won’t notice if the text has been manipulated to alter their intended selections. According to computer science professor Richard DeMillo of Georgia Tech, the barcodes also can be manipulated to instruct the scanners to flip votes. Adding insult to injury, these barcode systems cost about three times as much as using hand-marked paper ballots and scanners.

Vendors and other proponents of barcode systems, however, sometimes emphasize that such systems can detect errors made by the voters themselves, such as undervotes (races that the voter unintentionally left blank) and overvotes (races in which voters may have inadvertently made more than one selection).

But scanners for counting hand-marked paper ballots can detect these types of errors as well. Moreover, in the Minnesota 2008 hand recount, the intent of all but 14 hand-marked paper ballots out of 2.9 million was resolved unanimously by a bipartisan panel. Compared to machine-marked printouts from systems like the ExpressVote XL, it would also be more difficult and time consuming for anyone to falsify a large volume of hand-marked paper ballots in order to rig an election.

In addition to security concerns, the ExpressVote XL receives terrible marks on the issue of disability access. Pennsylvania’s own certification report for the ExpressVote XL describes three significant problems in this area:

  • “Voters were confused by the automatic selection and deselection that is part of straight ticket voting,” which “in some cases led voters to cast a ballot without knowing that all of the candidates had been deselected.”
  • “In both the visual and audio navigation, there were enough small problems of inconsistency or poor instructions to create a cumulative effect. This issue is most serious for voters using the audio ballot without the visual display.”
  • “Throughout the system, voters can push the right and up/down arrows to proceed forward. But when the user attempts a selection that would result in an overvote, the error message is shown on a new screen, without audio notification of the change of context.”

The ExpressVote XL’s vendor — Election Systems and Software, LLC (ES&S) — has raised eyebrows as well. Since 2013, ES&S has donated more than $30,000 to the Republican State Leadership Committee, whose board of directors includes Christine Toretti, the Republican National Committeewoman for Pennsylvania. And recently, ES&S has come under fire for including election officials on a secret “advisory board” and then paying those officials to attend junkets in vacation destinations like Las Vegas. As reported by Citizens Voice, the election director of Luzerne County, PA., has traveled on ES&S’s dime as a member of this advisory board, prompting the Pennsylvania auditor general to launch a still-ongoing statewide probe into how counties select voting equipment.

In addition, despite initial denials, ES&S admitted last year that it has installed remote access software in central tabulators — the county computers that aggregate electronic precinct totals —  in 300 jurisdictions. Although ES&S won’t identify the 300 jurisdictions, a forensic analysis conducted in 2011 of voting equipment in Venango County, PA, revealed that someone had “used a computer that was not a part of the county’s election network to remotely access the [ES&S] central election tabulator computer, illegally, ‘on multiple occasions.’”

As reported by BradBlog.com, ES&S put the kibosh on further investigation by threatening legal action. It has proven almost impossible to compel independent forensic analyses through the court system, as vendors and counties agree in their contracts that the software is proprietary to the vendors.

No one outside the court system seems to be guarding Pennsylvania’s election hen house, either. The federal Election Assistance Commission, which certifies voting equipment and issues voluntary guidelines for the states, is as susceptible to corruption as any other government agency. Two of its four membersBrian Newby and Donald Palmer — are notorious vote suppressors. The EAC also does not require or conduct penetration testing, which is the type of testing that would determine whether voting equipment is secure.

To be sure, Pennsylvania’s highly publicized “Blue Ribbon Commission” recently published a  72-page election security report. Despite some positive media feedback, the report states only that counties should replace existing voting machines with “systems using voter-marked paper ballots (either by hand or by machine)” (see report, p. 21).

The report thus ignores the advice and reasoning of most or all independent cybersecurity experts, who recommend hand-marked paper ballots for most voters, as opposed to the machine-marked kind. The report also buries its brief criticism of barcode voting in the endnotes, where it states that “the commission does not recommend systems with barcodes or QR codes, as they are not human readable.” As recognized in other contexts, warnings must be clear and conspicuous, or they are likely to be disregarded. The Blue Ribbon Commission’s cursory barcode/QR code warning flunks this test.

Although the co-chairs and members of the Blue Ribbon Commission included both Republicans and Democrats, the three senior advisors to the commission were all Republicans. One of those advisors, former Gov. Dick Thornburgh, recently filed a joint Supreme Court brief with the Republican State Leadership Committee — the recipient of ES&S’s $30,000 largesse — defending the state’s extreme partisan gerrymandering.

In the meantime, the Pennsylvania Auditor General, Eugene DePasquale, stated during a fiery televised press conference on Monday that he has opened a probe into Philadelphia’s selection process, explaining that “Pennsylvania was one of the twenty-one states that the Russians intended to hack in the 2016 election,” that Philadelphia is the largest county in the state, and that Philadelphia was one of nine counties that did not respond by the February 8 deadline for providing him with information about communications the county may have had with vendor lobbyists. DePasquale stated that he wants to know who wrote the Philadelphia RFP and whether anyone “receive[d] a donation or a trip from any lobbyists or election vendor company because this RFP does appear that it was written in favor of one vendor [ES&S].”  As DePasquale emphasized, the Philadelphia contract “may be one of the bigger election contracts in the United States … Whoever wins it, it’s a big deal for that company.”

DePasquale further stated that he recently traveled with a delegation to Israel whose cybsersecurity chief told them “point blank that the Russians are attempting to screw around with their election right now. The idea that they’re not going to try to do anything in Pennsylvania or the United States in 2020 is a fantasy. We’ve got to be ready to make sure that whoever wins the 2020 election … is the legitimate winner.”

Despite DePasquale’s concerns and ongoing probe of Philadelphia’s RFP, the Philadelphia commission’s final decision could be made as soon as Wednesday, during the “sunshine” meeting scheduled for 11 AM on the 6th floor of 520 N. Columbus Blvd. Interested members of the public should attend the meeting to voice any concerns with the commission’s anticipated selection of the ExpressVote XL system.


By Jennifer Cohn

MORE FROM Jennifer Cohn


Related Topics ------------------------------------------

All Salon Cybersecurity News & Politics Philadelphia Voting Whowhatwhy