Paper Ballots Now!

My $.02

Raleigh, NC 12/12/2004

My name is Chuck Herrin, and I'm going to start with something that you might not want to hear.

I'm not up here fighting for a Kerry presidency. John Kerry, who promised to fight for every vote, sent his 10, 000 lawyers and 52 million dollars elsewhere and then quietly gave up the next day. That's not the leader who is going to solve America's problems. Now, don't get me wrong- I'm no Bush fan either, since I am a true compassionate conservative who still believes in quaint ideas like fiscal responsibility, not engaging in nation building, and personal responsibility. If there were any justice in the world, McCain would have won in 2000 or barring that, Clark in 2004. We would have put someone who actually SHOWED UP for duty in charge of our nation in a time of war. But that didn't happen, both parties ran the wrong horses, and so here we are. There were very obviously problems in the recent election, but I would like to say that the recent election was not THE problem. The recent election is a SYMPTOM of the real problem, which is the shocking lack of integrity of our electoral process

I've been following the electronic voting issue for a while now. I had been telling people for a long time that electronic voting was a bad idea, but as usual, no one really listened. Being trained in Information Security is like having Cassandra's Curse from Greek Mythology- she had the ability to tell people of impending disasters, but was cursed by Apollo so that no one would believe her. Nobody will ever listen until it's too late.

Well, they should have. I am no Luddite, afraid of technology. I know of which I speak. I am by all accounts, a computer security expert. I am, by trade, what is known as a "White Hat" Hacker or "penetration tester". Fortune 500 companies across the country pay me to break into their systems to show them their weaknesses, so that we can then make their systems stronger and more secure. I am good at it. I love doing it. I play with computers 8-10 hours per day at work and then come home and fire one up, often until the wee hours of the morning. I have a 4-post server rack in my house. I have a homebuilt intrusion detection system running on my Linux wireless router. At last count, I own no less than 3 desktops and 4 laptops, not counting the one I use for work. I have an antenna and power supply for my laptop mounted in my van.

I am as big a computer geek as they come, and I hold multiple high-level industry certifications in the areas of networking, engineering, auditing, and security, and I am here today with one message.

I want paper ballots.

There is no reason for computers to be involved in our electoral process. They have not solved any problems, but only created new ones. This is not surprising news to anyone involved in the tech industry, nor is it a surprise for criminals. It used to be that you had to put on a ski mask and run down to the bank in person in order to rob it, but now criminals can pull it off using a web browser and free AOL account. Now, these are not new crimes- high tech crimes are merely improvements on old, low tech crimes. New and Improved Fraud, now with anonymity! It used to be that con-men had to show up and lie to you in person to steal your money, but everyone should know that computers make it much easier to commit fraud on a grand scale. One statistic I saw recently showed that last year, $80 million was stolen in paper money, but over $800 million was stolen using computers. There's one thing that everyone can agree on - computers are great for efficiency! You simply can't have high tech crimes without high technology.

Is it a coincidence that within the last 5 or 6 years the exit polls have all of a sudden gotten unreliable and wrong, which just happens to coincide with the introduction of electronic voting machines?

Is it a coincidence that a man convicted of 23 felony counts of theft in the first degree was employed by Diebold as Senior Vice President of Development?

So, some felons can't vote, but they can write the software to count my vote? THAT's a good idea.

Is it a coincidence that at the White House BBQ in 2003, when asked if President Bush was beatable, Congressman Peter King, while on camera with President Bush, said "it's already over, the election's over. We won!" Keep in mind that this was in 2003, and when the interviewer, Alexandra Polosi asked how do you know that?" , Congressman King replied "It's all over but the counting, and we'll take care of the counting." This is on tape, with the President, at the White House, the year before the election. The video clip of that is on the net right now, if you'd like see it.

Now, there is an affidavit signed by a Florida software developer named Cliff Curtis, swearing under penalty of perjury that he was asked by Florida congressman Tom Feeney to create a prototype for vote switching software. The reason? To quote "control the black vote in South Florida".

I'm not making this stuff up, ya'll. Go check it out yourself.

There are more reasons not to trust these systems than I have time to talk about today, but how much evidence is enough before we can stop trusting these machines and use a proven method that everyone can trust?

Now, that's not to say that computers are all bad. We know that computer systems can be made pretty secure if you spend enough on them and train the people involved. But with electronic voting, we have done neither. Established information security standards have been ignored, there is no meaningful certification process, and the machine companies own source code and internal memos talk about changing things after certification, and say "tell the certifiers this- see if they'll believe you." Even once they've been through all this meaningless certification process, they have a long history of not running the certified versions of the software on the actual machines. In Georgia, a patch was rushed to be installed on 22,000 machines, but it didn't have to go through certification because it supposedly was a patch of the operating system, not the vote software. Well, guess what controls modem and network access? Not the voting software- the operating system. There were very surprising results in the election held just after this patch was installed. In California, an audit of 17 precincts found that ALL 17 were running uncertified versions of the software, which if a clear violation of state law. This led to Diebold being banned from California and follow-up investigations.

Before we started using computers, it was unthinkable that you wouldn't have a piece of paper that could be used in the event of a recount- now, when there's a request for a recount, all we hear about is bitching because somebody has to hook a printer up to the machine! And do you know what you get when you recount inaccurate results? A paper copy of inaccurate results.

Have we lost our frickin' minds? We don't even have paper receipts, much less ballots! And it's not just the touchscreens - that's something else that a lot of people are missing. You have to take a step one level back in the tabulation process to the computers that actually do the tallying. That's where votes from touchscreens, as well as optically scanned AND absentee ballots come together to be counted. Don;t get me wrong - these touchscreens suck- but the problem is bigger than just that. Lemme tell you about just one of these systems. It's the General Election Management Software, or GEMS, made by Diebold. You know Diebold, the folks who hired felons, the ones that make ATMs but say they can't put printers on voting machines?

These GEMS machines run on that most secure and stable operating system- Microsoft Windows. Mostly Windows 2000. GEMS is designed to work with Office - it says so on Diebold's site. These machines are connected by modem pools, network connections, or the Internet, and they receive the vote data from the reporting precincts, where it is then "counted". If you would like to see the security of this software, I'd like for you to go to www.chuckherrin.com/hackthevote. I will walk you through how easy it is to change tens of thousands of vote, then show you the time stamped reports and audit logs to prove that it doesn't leave a trace. It's so easy, it's not even really hacking. Anyone who has used MS office has done this before. It's incredible, and Diebold and elections officials have known about it for years. Internet memos reveal that being able to change votes in the backend databases "have gotten people out of a bind," and Gaston County, NC and King County WA are specifically mentioned as having done it in the past. This is known criminal activity, that has gone without action, for years. In my first demo of changing votes in a fictional election, I was able to change 11,963 votes in a couple of minutes, and in my second, called speed-hacking the vote, I changes over 1.6 Million votes in 6 minutes, while generating 3 timestamped "official" reports and audit logs showing no trace of wrongdoing. Computers made this possible. Computers enable criminals and those with evil intent to do more than ever before. Before we started using computers, you couldn't hack paper ballots at a distance. Well, now you can.

How hard would it be for one person to change 11,963 PAPER ballots? How long would it take? Could they do it from a distance?

No. But they can now, and not even leave a trace. Don't believe me? That's fine - check out my site and I'll show you exactly how to do it.

There's a lot more info on my site and elsewhere on the web than I have time to tell you now, so let me sum up what I, as a computer security professional and a voter, would like to see from our elections officials and our elected officials.

I want paper ballots.

This is NOT an unreasonable request! And don't give me that bullshit about "we've already paid for them, we need to use them". You made a mistake, and people will understand that. People understand making mistakes, as long as you do the right thing afterwards. But I have some auditor friends from Author Andersen who can tell you what happens when you try to cover your mistakes up. I'm not asking for anything special- just do the right thing.

I want paper ballots!

If my shiny new car breaks down, I don't sit in it and wait for it to work just because I've paid for it. I call the manufacturer out and say "What the hell is wrong with this thing?", and then I use some other, proven method to get where I need to go. The engineering on these machines is horrible, they are not built to any industry standard, and they are not tamper-resistant, they are tamper friendly. It's not just Diebold - they all have problems, and NONE have been certified using industry standards.

And let's not just assume that computers even have to be used! When I took my exams for the two highest-ranking security certifications in the IT industry that I hold, the CISSP and the CISA, you know what we used? Paper and a number 2 pencil! Know why? Because that test is given by computer security experts! They know that they need to have trustworthy results, and paper is what they use.

The best thing we can do is sell those machines to another state and tell the NC voters that to protect vote integrity we will be using hand-counted paper ballots and there will be NO electronic voting until a manufacturer has met the minimum information security standards used by the rest of the IT industry. These machines aren't saving us time or money - it's a month later, and we're still having to revote! We - the voters - don't trust the results! Elections officials may protest going to paper and have to be dragged back to it kicking and screaming, but guess what? I'm fine with that. They work for US, and NOTHING is more important than vote integrity! Let's engineer a REAL solution for this! There have been numerous studies showing the superiority of paper ballots, and I want paper ballots, right now!

Now, let me just touch on engineering for a second. Responsible engineering is NOT using the latest technology just because it's available. Responsible engineering means using the appropriate technology to solve the problem. Sometimes that technology is a hammer, sometimes it's a brick, sometimes it's a keyfob 2-factor authentication system. It NEVER means sacrificing the integrity or goals of the system just so you can make a change. Let me give you an example of appropriate engineering that we can learn from:

Harm Lagaay was a Porsche designer for 33 years, and the design director at Porsche for more than 15 years. When the Porsche 911 was redesigned, I remember someone asking him why the door design hadn't changed in over 30 years. Know what he said?

"It's a good door."

Change for marketing purposes or just for the sake of change is NOT responsible engineering!

If a computer system were developed that was as simple, reliable, and verifiable as hand-counted paper ballots, it would be hailed as a technological marvel. Some people cite potential for abuse with paper ballots as a reason against their use, without understanding that the only way a paper ballot can be abused is by a person, and that person must have physical access to it! This is NOT a failure of paper ballots - it is a constant for EVERY voting system that has ever been developed! The arguments citing human error and malfeasance concerns with paper ballots are ridiculous, since human error and malfeasance are equally possible regardless of the voting medium used, and are actually amplified by the use of computer systems since physical access is no longer required for tampering. The technology just makes it easier. Efficiency and integrity are often conflicting goals, and there is NO FACTOR more important to the election system than system integrity.

The MIT/CalTech study of 2001 shows that hand-counted paper ballots are the most accurate out of the 5 methods currently used, and Canada hand-counted their last parliamentary election using paper ballots in four hours. Now before you say "Well, we have more people than Canada does", remember that scale works both ways. We have more voters, but we have more counters, too. Speed is NOT an asset if integrity is lacking! I can design a system to count 100 million votes in 45 seconds, but it doesn't mean a damn thing if those votes don't reflect the will of the people!

Know what reflects the will of the people and everyone can understand? Paper Ballots.

Our elections officials, like in Gaston County, have to actually HIRE technicians from the voting machine companies because they don't understand how to set up and administer the computer systems used in our elections! They hire techs from the company and the results from Gaston County STILL don't add up! This is ridiculous - I want paper ballots, NOW.

Closed systems using cryptography and encryption are not the answer. Nobody should have to have a PhD in computer science to know what their vote looks like. Putting our votes into these black boxes means that we are FORCED to trust these shady and partisan companies to do the right thing with our votes, while they have long track records of doing just the opposite!

And as an Auditor, lemme tell you something about trust.... Trust is IRRELEVANT. Election fraud has taken place in probably every election that has ever been held. We need to design a system where we can have an honest election even when there are crooks involved, and there's already one really easy and proven way to get there.

I want paper ballots, and I want them NOW!!