While concerns about privacy and security by other hackers are legitimate, there are good reasons for reviewing voter data and systems – and those they should be frequently reviewed, by the agencies (counties) responsible for them.
My concerns arise from my experience in the design and development of large, and complex databases – in Library Cataloging, Healthcare and Intellectual Property. As a result of my experience in data, and the systems that touch data, the quality of the data is primal.
Garbage In, Garbage Out – a primordial adage of information processing saying that the quality of data out depends on the quality of data input stream.
1. Quality of Data
How many ways can you say IBM? IBM, I.B.M., International Business Machines, Inc., Int’l Bus Machines. Pacer, the federal court litigation database, has them all.
Library patron circulation systems similarly accumulate erroneous or dated patron data (we used to call this the Dirty Patron Report – borrowers who haven’t checked out materials in years).
Over time, databases such as voter registration can get ‘dirty’, the quality of the data deteriorates, possessing duplicates, inconsistencies, incorrect coding, failure to eliminate - or exclude from use – old data, moves to other jurisdictions, deaths of individuals. There may possibly be duplicates of the same person in different states and counties. Surnames may change upon marriage.
2. Quality of the Registration Process
We properly go to lengths to make it easy for people to register to vote: forms are available at city halls, libraries and registration tables at say, farmers markets. How is eligibility checked? Can you verify that at a unique address, say a single family home, that there aren’t 20 people registered?
We properly go to lengths to make it easy for people to register to vote: forms are available at city halls, libraries and registration tables at say, farmers markets. How is eligibility checked? Can you verify that at a unique address, say a single family home, that there aren’t a suspicious 50 people registered?
3. Data Fields Collected in San Mateo County
The San Mateo County voter registration database manages about 100 data fields for each registered voter: some is demographic relating to the voter, and some tracks voter ballot preferences and history, such as in which elections did you vote.
The Menlo Park city and county voter database contains data for close to has close to 22,000 voters. It does not save your voting choices – only that you voted on a particular election.
Among demographic fields are: your email address if you provide it, phone number, and age. (211 people have an age between 100 and 116 years old. News to me also. I suspect residual Y2K (year 2000) bad data.)
There are qualitative fields about your last vote: whether by poll or by mail.
The codes for irregularities in received Vote By Mail (VBM) ballots: VBM Challenged - Too Late, VBM Challenged - Sig No Match, VBM Challenged - Signature, VBM Challenged - Other, VBM Challenged - Household Name, VBM Challenged - Spoiled Ballot, Deceased, or empty envelope.
There is an additional status for "Provisional Voter" and "Early Voting".
I was surprised to learn that there are fields for:
Ethnicity(Asian, Black, Hisp, Nativ, White and Other), which is found in 4770 of the 22,000 records;
Language (Cantonese, Chinese, Danish, English, Japanese, Korean, Maltese, Mandarin, Spanish, Tagalog, Thai and Vietnamese); and
Birthplace – abbreviated to a state or country.
4. Integrity of manual and electronic voting systems used on election days.
There are myriad methods, and combinations of methods, to record votes: levers, paper and pen, touch screens.
One arbitrator is the US Election Assistance Commission. But it’s voluntary:
“Voluntary Voting System Guidelines (VVSG) are a set of specifications and requirements against which voting systems can be tested to determine if the systems meet required standards. Some factors examined under these tests include basic functionality, accessibility, and security capabilities. HAVA mandates that EAC develop and maintain these requirements. ” https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines/
The US Election Assistance Commission
“The EAC’s Testing and Certification program is the critical first step in the process of maintaining the reliability and security of the voting systems used in our nation’s election…” This is a process for monitoring the accreditation of voting systems.
5. Integrity of counting ballots.
Redundancy is one protection. Mail-in ballots have built in redundancy since they are scanned. Electronic voting machines should have a paper audit trail.
6. What the experts say
One may never know the reliability of an electronic product until an independent deep-dive into the software code occurs. I review lots of computer source code in IP litigation. This is a specialized process, and I quip that I don’t really understand the code until I find errors – or better ways of expressing the functionality.
I recently finished a multi-year review of critical banking code that’s been in production and repeatedly modified for over 20 years. (My purpose was not find errors – and I didn’t.)
I know of three computer scientists who study and report on security and voting technology.
Mike Barr is a testifying expert in embedded source code reviews. He conducted the notable and well-publicized work locating and determining the reasons for Toyota’s throttle control problems. His lesson is that software systems could easily have problems, such as those ‘secure’ point-of-sale type vote entry systems.
Barr slides Here
More Barr Here.
Rebecca Mercuri of [email protected] has been referred to as "one of the leading international experts on electronic voting." A technology specialist, Rebecca defended her doctoral dissertation "Electronic Vote Tabulation: Checks & Balances" at the Engineering School of the University of Pennsylvania, just eleven days before the 2000 U.S. Presidential election. Rebecca Mercuri
This summarizes Mercuri’s experience in e-voting.
Here is a 2004 Powerpoint called E-voting in an Untrustworthy World:
C) Lastly, Bruce Schneier is the go-to expert on computer security, and writes frequently on voting technology. I subscribe to his monthly email on computer security. In the aftermath of the November 2016 election he said:
‘Accountability is a major problem for US elections. The candidates are the ones required to petition for recounts, and we throw the matter into the courts when we can't figure it out. This all happens after an election, and because the battle lines have already been drawn, the process is intensely political. Unlike many other countries, we don't have an independent body empowered to investigate these matters. There is no government agency empowered to verify these researchers' claims, even if it would be merely to reassure voters that the election count was accurate….
“Instead, we have a patchwork of voting systems: different rules, different machines, different standards. I've seen arguments that there is security in this setup ¬ an attacker can't broadly attack the entire country ¬ but the downsides of this system are much more critical. National standards would significantly improve our voting process.
Further investigation of the claims raised by the researchers would help settle this particular question.”
See, Schneier Here.
and Here at the: Washington Post