Georgia’s Ballot-Marking Devices

Andrew Appel discusses Georgia’s voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices:

Suppose the polling-place optical scanners had been hacked (enough to change the outcome). Then this would have been detected in the audit, and (in principle) Georgia would have been able to recover by doing a full recount. That’s what we mean when we say optical-scan voting machines have “strong software independence”­you can obtain a trustworthy result even if you’re not sure about the software in the machine on election day.

If Georgia had still been using the paperless touchscreen DRE voting machines that they used from 2003 to 2019, then there would have been no paper ballots to recount, and no way to disprove the allegations that the election was hacked. That would have been a nightmare scenario. I’ll bet that Secretary of State Raffensperger now appreciates why the Federal Court forced him to stop using those DRE machines (Curling v. Raffensperger, Case 1:17-cv-02989-AT Document 579).

I have long advocated voter-verifiable paper ballots, and this is an example of why.

Tags: ,

Posted on February 1, 2021 at 10:09 AM19 Comments

Comments

Petr February 1, 2021 10:52 AM

In the court document the DRE acronym means Diebold AccuVote Direct Recording Electronic voting mechanism.

John February 1, 2021 11:29 AM

Don’t blame the Secretary of State. The court forced the Governor and Legislature to FUND the needed voting changes.

As a voter in Georgia, I’m still pissed we don’t use 100% paper ballots for all voting. The machines just get in the way. In 2020, there were human errors caused by the complexity required to manage the machines. We know how to deal with paper.

Aaron February 1, 2021 2:27 PM

I agree with ^ John, paper ballots only! It simplifies the security of the process. In electronic voting there are a plethora of attack options even if agencies like CISA have said it’s the most secure election ever. I appreciated Canadian honesty when they openly chided us on our election processes while they still only use paper ballots.

Electronic voting is becoming one of those things that fits in the “we can do it, so we did do it but never stopped to think if we should do it” category.

Patriot February 1, 2021 8:54 PM

Old-school methods are sometimes the way to go, especially if you want assurance.

Note that assurance is not thought of as a cryptographic service like non-repudiation. Why is that?

Because there is not a lot of assurance when the system is so complex that no one understands it thoroughly. We would have to grant assurance to codebooks and one-time pads, almost a taboo topic, certainly a very disheartening topic, especially to professional cryptographers. Here I speak of the encryption side of them, not authentication and integrity.

These screens and the magical machines behind them with wondrous crypto give us an assurance of zero and a trust level of zero, especially as one’s country becomes divided into acrimonious camps and defense is neglected. Welcome to interconnected world of magical devices we cannot trust.

Use pen and paper–send a love letter to the NSA.

ghost in the machine February 1, 2021 11:40 PM

“Force the agency to publicly admit a concern, which in turn would undermine confidence in the system.”

The Australian Signals Directorate warned the AEC that IT security problems could not be resolved in time for election day in 2016.
After the election they had an inquiry.

hxxps://parlinfo.aph.gov.au/parlInfo/download/committees/reportjnt/024070/toc_pdf/Thirdinterimreportontheinquiryintotheconductofthe2016federalelectionAECmodernisation.pdf;fileType=application/pdf

There were a few problems. Also political parties should secure their systems as they are insecure (especially minor parties), and a handy list of people to target in social media campaigns for disinformation.

hxxps://www.abs.gov.au/websitedbs/d3310114.nsf/home/Australian%20Statistician%20-%20Speeches%20-%20Census%202016%20Lessons%20Learned

Luckily voting is mostly done with paper and pencil in Australia. They are busy advocating more e-voting machines, for disability is the pitch.

For disclosure, I am not black or disabled, at least not in the flesh. Government records sometimes state otherwise (?) maybe they could fix that, considering they do have my bio metrics and a new e-health system ?

MarkH February 2, 2021 1:38 AM

@Nick Levinson:

It’s not clear to me, which type of system you’re worried about.

For what it’s worth, the touch-screen machines I’ve used contain thermal printers and rolled paper.

When I indicate that I’m finished making ballot selections, the printer lists my votes, leaving the printed “tail” of the paper roll visible behind the verification window.

I then must either confirm the printed record, or that I want to correct it. Regardless of which choice I make at this step, the printer then feeds the paper and cuts it, so that the receipt drops into a collection bin within the machine.

If my selection was to correct the ballot, the printer adds some marking to indicate a “spoil” before cutting the paper, and then the machine goes back to the start of the procedure.

I don’t have an option to keep the paper record, or even to touch it.

JonKnowsNothing February 2, 2021 2:25 AM

@MarkH

re: Thermal Printers

Standard thermal print paper fades in a short time or under heat/hot conditions.

Lots of stores and gas stations use thermal papers to print the receipts. Should you ever have to look up an old receipt you might find it faded to blank.

Perhaps Voting Machines have a fixative to retain the images. If not, then the print output will certainly be less than useful after a short time.

Even if the thermal paper does not fade, the print heads themselves are subject to failure. I’m sure most of us have seen unreadable receipts from stores.

In ancient tech days, there were discussions about the pros and cons of dot-matrix technology vs full strike printing. Laser printers replaced high density dot matrix tech until photo-matrix printing was developed. Photo matrix was more cost effective than laser color printing for common uses and became a staple consumer tech item.

One of the complaints about our COVID-19 School Failures is:

For those students that cannot connect full time to a Zoom Classroom which requires 100% uptime connection, they have to submit their work via printed output. The costs of replacement printer ink cartridges is more than the cost of a brand new printer which includes a set of ink cartridges. The cost being prohibitive for many, no school work is submitted.

Thermal printers for POS (point of sale) are used because they do not use ink and the paper can be formatted to a standard paper roll size. The store is less worried about the receipt fading and uses that feature to limit long delays for returned goods. The store’s copy is already uploaded to their server system, they don’t need the paper beyond deterring register shrinkage.

iirc(badly) all laser printers and copiers have built in barriers to certain types of printing (counterfeiting) and a ID tag that is retrievable by LEAs (printer ID water mark).

I wonder how much of that is included in voting printers. It would not come as a surprise if every thermal printer had a unique ID watermark to prevent printer submit fraud.

MarkH February 2, 2021 4:06 AM

@JonKnowsNothing:

The “magic” of thermal printer paper takes place within its very thin surface coating. There is a much variety in the chemistry and preparation of such coatings, yielding very different properties for thermal papers.

For Point-Of-Sale applications, it makes sense to use the cheapest paper that will do the job. Even that grade of paper will last a few years if stored carefully.

However, there are much higher grades. If you take a look at prescription medications, they often have thermally printed labels (on pill bottles, for example). That kind of paper can withstand exposure to environmental heat and bright light without noticeable fading or blackening.

Print on high-grade thermal paper is supposed to be stable enough for archival purposes up to 10 years.

Again for what it’s worth, the voting machines I used had kind of a silvery matte surface, nothing like any cash register paper I’ve seen.

==============================

Machine Identification Codes (those markings intended to frustrate counterfeiting currency) are limited to color copiers and color laser printers (I don’t know why, the samples of color laser output I’ve seen looked just awful — bank notes printed on them would scream “I’m fake!”).

If you scan a page from such a device and do a little enhancement, the MIC is very obvious.

==============================

I don’t know what the legal requirements are for ballot retention, but it seems to me that there’s no value to keeping them beyond the time frame needed for election certification, which for practical reasons is restricted to not very many weeks.

As to counterfeiting or other tampering, voter-verifiable paper records can be safeguarded at least as easily as hand-marked ballots. They are locked in the “belly of the beast” during the balloting day, and afterward are subject to the usual protocols governing the chain of physical custody.

I’ve no reason to believe that voting machine printers add a graphical code; nor do I see that this would add real value.

Arch February 2, 2021 9:19 AM

It’s interesting that there never seemed to be much concern over the technology or processes tied to voting in the US until the Bush-Gore election. With that election close to 50-50, the margin of victory in the national election was decided literally by statistically narrow margins. And it has remained that way.

While I agree that paper ballots “trump” electronic-based paperless voting in every aspect, running an election for 200+ million voters across 50 states is neither trivial nor homogeneous. Unfortunately technology seemed to come to the rescue as the bright shiny object that was to solve a problem that was either ill-defined or didn’t exist. I bet most technology practitioners are familiar with that scenario.

My county uses pencil marked ballots that are then OCR scanned and tabulated. I’m very confident in the technology and the vote aggregation process, and, there’s a physical audit trail.

Before anyone starts harping on OCR, the next alternative that’s less technical is to dip your thumb in indelible ink when you vote, mark an actual paper ballot, and then manually count 200+ million pieces of paper.

arturo February 2, 2021 9:26 AM

(“Suppose the polling-place optical scanners had been hacked… (Then this would have been detected in the audit”)

… this assertion casually assumes that an audit is always done & done correctly by honest people — assumptions not in evidence.

counting paper ballots (or any ballots by any method) is only effective if all the ballots counted are valid/legitimate to begin with.
That’s another big assumption not in clear evidence.

the Georgia and national electoral systems are actually quite complex, with the outcomes almost totally dependent upon “trusted” system “insiders” who are politically affiliated.

Thunderbird February 2, 2021 2:21 PM

… this assertion casually assumes that an audit is always done & done correctly by honest people — assumptions not in evidence.

It is true that you have to trust the people doing the recount, which is why in the cases I’m familiar with, you have observers from both major political parties. Then, you only have to trust that they don’t trust each other.

anon February 2, 2021 6:06 PM

As a Georgia resident, I don’t trust any of them since the flap at Kennesaw where the voting machines were wiped even though they were physical evidence in a case against an elected official. I think it was an official who currently promotes non-paper voting only because the machines that would have proven his (and the then-governor) guilt were wiped.

Etienne February 2, 2021 10:46 PM

I have never voted for Electors in my life. Historically, the election was normally decided before I voted after work. A hazard of living in the Pacific Timezone.

There was no reason to vote for Electors, so I only voted for other ballot selections.

Generally speaking, I don’t give a damn about Parties, or causes, unless it involves taxes.

However, with mass migrations of Californians to Oregon and Washington, the independent nature of the native born has long since disappeared, and those who saw the writing on the wall, moved to the Mountain Time Zone.

The money changing hands in modern elections shows the total corruption of the American voting system.

Given a choice, I would vote to rejoin Great Britain, sh*t-can the Constitution, and live happily ever after with King William and Consort Kate.

We wouldn’t even have to change the music to the National Anthem.

recherche February 3, 2021 3:42 AM

Re: Inkjet printers, and (loss-leader?) new printers versus high charges for replacement cartridges.

While the “buy new printer instead of buying ink cartridges” was a clever strategy for a while, the manufacturers have fought back: They have suddenly “gotten” (ugh) Very Worried about ink spillage for new printers (whether before purchase, or before use, whatever). Therefore, they’ve decided to deal with the Problem by shipping the original new printers with half-filled ink cartridges.

They’ve even added a new trick: Combine all the colours into a single module. As soon as one colour runs out, the printer will refuse to operate until the entire module is replaced (priced accordingly, of course).

Give me black-and-white laser printers, with eco-friendly manufacturers, any day.

–recherche

ResearcherZero February 3, 2021 5:09 AM

Who ever provided the Trump campaign information prior to 2o16 had very good information of a wide variety, and were really good at analyzing very large amounts of information.

David Rudling February 3, 2021 6:11 AM

@Etienne
“Given a choice, I would vote to rejoin Great Britain, ….. We wouldn’t even have to change the music to the National Anthem.

Fighting talk to many Americans whatever their political party.

It is true that while the words to “The Star-Spangled Banner” are by the Francis Scott Key who witnessed the “Defense of Fort M’Henry” at Baltimore during the war of 1812, the tune is by the Englishman John Stafford Smith and is actually “To Anacreon in Heaven” and was the club drinking song of The Anacreontic Club of London.

That Americans have largely forgiven the origin of the song is greatly to their credit, as is the customary omission of the virulently anti-British second and third verses when the song is rendered.

@Moderator
OK, I apololgize. This is probably way off topic.

Clive Robinson February 3, 2021 7:09 AM

@ David Rudling,

as is the customary omission of the virulently anti-British second and third verses when the song is rendered.

Also a “very English” thing to do… The UK national anthem comes from a time when we were not a united kingdom. Look for the Scots bashing verse about Marshall Wade,

Lord, grant that Marshal Wade,
May by thy mighty aid,
Victory bring.
May he sedition hush and like a torrent rush,
Rebellious Scots to crush,
God save the King.

Marshall Wade, was an officer in the English army sent to halt the advance of the Jacobite troops “in the north”[1]. The lines in the English anthem of the time were later quietly omitted when the song was adopted as the British and later “United Kingdom and Northern Ireland” National Anthem. Of what we currently call “God save the Queen”… Which as with all things will change as time marches forward.

[1] Only a few “Jacobites” were actually Scottish originally much of northern England was Jacobite in name or sympathies. But as time progressed as they found out the hard way being sympathetic and putting your life on the line serious were two very different things, the promised troops from the north of England did not materialize in 1745, thus they were eventually defeated at Calloden in 1746, having retreated north for a whole boatload or lack there of of reasons, not least of which were “French Problems”.

[2] Before any one asks my sympathies are in part ancestral, even though they might not be entirely legitimate.

WhiskersInMenlo February 12, 2021 1:59 PM

On election devices, ballot boxes and more…

One of the tactics still swirling in the context of election fraud has to do with drops of “large” numbers of ballots.

The transport of ballots and results constitutes a big basket of eggs.
The common tamper evident seal is to easy to tamper with by anyone with access and a spoiled seal voids all the ballots in the container, electronic or physical.

We have all seen on TV drama crime scene seals slit by a pocket knife and the hero detective discovers a key bit of evidence that solves the case. Sherlock Holmes never had to deal with fruit of the poison tree except for cases of poisoning.

Software that might abuse the system is likely impossible to audit. A program can delete itself and or parameters that guide actions.
https[://[linuxconfig.org/how-to-force-fsck-to-check-filesystem-after-system-reboot-on-linux and more

Systems with STRONG mandatory access control and modern containers may help. But the time frame necessary to load and deploy machines and the specialized training necessary makes audit near impossible for election boards and elected officials. Takes a computer scientist and perhaps a computer forensic expert depending on known vs. novel attacks without signatures (both are rare).

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.