But Secretary Bowen Says Board of Supes Proposed 'Ground Rules' for Test 'Overly Narrow,' 'Would Prove Little and Give Voters False Sense of Security'
Supervisor Stone's Hope for SoS Participation in '1000 to 1' Bet with Election Integrity Advocates under Unilateral, Unrealistic Restrictions Flatly Rejected by State's New Election Chief...
By Brad Friedman on 2/26/2007, 4:33pm PT  

California's new Secretary of State, Debra Bowen, has flatly rejected a request from Riverside County, CA County Supervisor Jeff Stone to participate in a "hack test" challenge originally proposed to Election Integrity Advocates in response to their concerns about security and accuracy for the county's electronic touch-screen voting machines, The BRAD BLOG has learned.

In a letter sent to Stone last week obtained by The BRAD BLOG (posted in full at the end of this article), Secretary Bowen found that though there was no state law to prohibit such a test, her office would not participate, in part due to the narrow restrictions initially insisted upon by Supervisor Stone.

In her reply to a letter sent in early January to outgoing Secretary of State Bruce McPherson just days before he would leave office, Bowen wrote, "I am not aware of any state law that would prohibit the type of security test that you described in your letter." Unlike Bowen, the former SoS had been seen as far more favorable towards relaxed security issues for electronic voting.

As The BRAD BLOG originally reported last December, Stone had initially challenged local Election Integrity advocates "a thousand to one," during a public hearing, that a programmer would be unable to "manipulate" the county's voting system.

In her letter to McPherson Bowen joined other computer security professionals who had previously rejected Stone's unilateral suggestions for ground rules, calling them "overly narrow," potentially giving voters a "false sense of security." Stone had written to the former SoS that just "15 minutes would be allotted" for the test and the programmer who accepted the challenge --- noted computer security expert Harri Hursti --- would be prohibited from using any tools or reaching around the back of the machine. "In every sense," Stone wrote, "he would be like any voter on Election Day approaching a voting unit at the polls."

Bowen, however, balked at Stone's unilateral ground rules, writing in response...

While I appreciate and applaud your goal of increasing the voters' confidence in the systems they use to cast their ballots, an overly narrow test such as the one you have constructed would, at best, prove very little and, at worst, give voters a false sense of security. Your demonstration, if the results are as you expect, can prove only that it is difficult to successfully tamper with voting equiopment in a limited time frame in a polling place setting if poll workers have the ability to preclude voters from taking certain actions (e.g., reaching around the back of the machine) and/or bringing certain items (e.g., tools) into the voting booth with them.

As you know, voting equipment is subject to tampering in a wide range of settings.

This test you have proposed wouldn't address the issue of whether a someone who can reach around the back of the machine undetected or can bring a tool into the voting booth without being noticed by a poll worker will be able to gain access to the machine.

As well, Bowen also highlighted the point made by Election Integrity Advocates, computer security professionals, and even the Baker/Carter "Blue Ribbon" National Election Reform Commission that made the point that the greatest threat to e-voting security likely comes from election insiders, such as officials or poll workers who have been allowed to take pre-programmed, election-ready systems home with them in the days prior to the election as allowed by Riverside County.

Such insider access is seen as a far greater threat to security than that from voters on Election Day. As Bowen wrote in reply...

More significantly, as I understand the test that you've constructed, it wouldn't address the larger issue of whether someone who has access to the voting equipment before the polls opened or after they closed could interfere with the proper use of the equipment.

Stone originally challenged the Election Integrity advocates from DFA-Temucula Valley's "SAVE R VOTE" project during a public comment period, on video-tape, to bring in a programmer "to verify that they can manipulate" the county's Sequoia touch-screen voting system. "I'm gonna bet a thousand to one that they cannot do it," Stone said.

He went on: "Maybe we should bring the media in and let’s see if your programmer can manipulate that machine. My guess is that it is not gonna happen, but I’m willing to take a chance on that."

Both The BRAD BLOG, and even the local media --- we're happy to report --- has been covering the story ever since.

(Full text transcript of Stone's challenge is here... All of our articles following the "Riverside Challenge" here...)

Days after Stone's challenge, Hursti --- who had previously hacked voting systems made by Diebold in several states, most famously in HBO's documentary Hacking Democracy --- stepped forward to accept the challenge along with a number of Election Integrity advocates who put up $1000 to meet Stone's challenge.

Stone, the rest of the Board of Supervisors, and Sequoia Voting Systems, Inc., has been hemming, hawing, waffling, and attempting to create roadblocks, such as in Stone's letter to McPherson, ever since, in apparent hopes of avoiding a much-needed and legitimate security penetration test.

Bowen's letter will likely make it more difficult now for Stone to either avoid such a test or otherwise admit that even he has lost confidence in the security of Riverside County's touch-screen voting system.

Riverside was the first county in the nation to introduce touch-screen voting. Sequoia's systems have been found vulnerable to hackers and manipulation on a number of occasions, including an accidental hack by a pro E-voting professor in Pennsylvania and the revelation of a yellow button" on the back of each touch-screen voting machine that allows a voter to vote as many times as they wish, and more recently a Princeton University professor announced he was able to gain access to the internals of the company's touch-screen voting systems in less than 10 seconds after purchasing an older system off the Internet for $16.

Earlier today The BRAD BLOG reported that undervote rates dropped some 69 to 85% in minority areas after the state of New Mexico moved from Sequoia touch-screen voting machines to paper ballots in the wake of their disasterous experience with the systems during the 2004 Presidential Election.

This story, no doubt, will continue...

Bowen's February 20, 2007 letter to Stone may be download here [PDF]. The text of the letter follows in full below...

February 20, 2007

The Honorable Jeff Stone
Member, Board of Supervisors
County of Riverside
29995 Evans Road, Suite 103
Sun City, CA 92586

Dear Supervisor Stone

Thank you for your January 3, 2007, letter to former Secretary of State Bruce McPherson concerning your proposal to invite a programmer into Riverside County to test the security of a Sequoia Edge II voting unit with a VeriVote printer.

I am not aware of any state law that would prohibit the type of security test that you described in your letter. While California Elections Code Sections 18564 and 18564.5 prohibit tampering with voting equipment, these provisions only apply to voting equipment used in the context of an actual election, which would not be the case in the exercise you are proposing. I cannot provide formal legal advice, however, so you should seek the advice of your County Counsel if you have questions about the legality of your proposal.

As to your request that the Secretary of State’s office participate in this demonstration, I must respectfully decline. While I appreciate and applaud your goal of increasing the voters' confidence in the systems they use to cast their ballots, an overly narrow test such as the one you have constructed would, at best, prove very little and, at worst, give voters a false sense of security. Your demonstration, if the results are as you expect, can prove only that it is difficult to successfully tamper with voting equipment in a limited time frame in polling place setting if poll workers have the ability to preclude voters from taking certain actions (e.g., reaching around the back of the machine) and/or bringing in certain items (e.g., tools) into the voting booth with them.

As you know, voting equipment is subject to tampering in a wide range of settings.

This test you have proposed wouldn’t address the issue of whether someone who can reach around the back of the machine undetected or can bring a tool into the voting booth without being noticed by a poll worker will be able to gain access to the machine.

More significantly, as I understand the test that you’ve constructed, it wouldn’t address the larger issue of whether someone who has access to the voting equipment before the polls opened or after they closed could interfere with the proper use of the equipment.

As Secretary of State, I intend to begin a thorough review of all voting systems currently certified for use in the State of California. I have asked county elections officials for their help as I develop the protocols for this review, and the public will also have the opportunity to review and comment on the proposed protocols before they’re formally adopted. I will make as much of the review public as possible. Unfortunately, given that much of the voting system software is proprietary in nature, that portion of the review will not be opened to the public.

I believe this review will benefit not only the voters of California, but all election administrators who rely on voting system technology as well, and I invite you to participate in the process.

I appreciate your interest in reassuring voters about the integrity of the election process, and I welcome your help in furthering this goal.

Sincerely,

Debra Bowen
Secretary of State

DGB:elg

[Ed. note: Text version of the above letter edited 3/1/07 to correct minor typographical errors which occurred during our re-typing of the original PDF letter.]