Blogged by Brad Friedman from somewhere in Texas...

"Publicly observable post-election audits are the single most important safeguard we can have for the integrity of elections in this era of computer-assisted voting," according to Livermore National Labs computer scientist David Jefferson.

"They allow everyone, winners and losers alike, to be satisfied that the races are correctly called, but without the need to trust any computers or software," he added in a press release from the California Sec. of State's office released just moments ago (posted in full at the bottom of this item) on the study he led for the SoS Debra Bowen, which examined the effectiveness of --- and made recommendations to improve --- the state's 40-year old 1% manual audit law.

In addition to her stunning announcement on Friday that her team of independent analysts at Univeristy of California, attempting to hack the states electronic voting systems as part of her promised "Top-to-Bottom Review," were able "to bypass both physical and software security measures in every system tested," Bowen has also convened a "Post-Election Audit Standards Working Group" in order to "examine whether California’s post-election audit standards should be strengthened."

Their report has now been released online [PDF].

Among recommendations made by the group (emphasis in original):

• Take a risk-based approach to conducting post-election audits by manually counting a higher percentage of precincts – above the 1% required by law – in close races and in races involving only a small number of precincts.
• Develop an adjustable sample model that fits California’s needs. With an adjustable audit, the size of the random sample for close elections and small races is not a flat percentage, such as California’s current 1%, but is calculated using the margin of victory, number of precincts in the race and other key factors to produce a desired confidence level (for example, 99%) that the winner of the election has been correctly declared.
• Develop a comprehensive approach to verifying election results, including rules for escalating an audit when errors in the machine counts are discovered during the manual count and rules for determining whether to trust the outcome of the election when small discrepancies are found between the manual and machine counts. In California, the law sets no standards when it comes to audit escalation.

"No matter what voting systems California counties use," Bowen said in the statement, "we have to make sure we’re doing meaningful audits of election results to provide voters with the confidence that every vote is counted as it was cast."

The complete press statement on the just-released finds of the "Post-Election Audit Standards Working Group" follows in full below...

CA SoS Debra Bowen's public hearing concerning her "Top-to-Bottom Review" of electronic voting systems carried out by the University of California, takes place at 10am today (Monday) in Sacramento. Her office has just let us know that the hearing will be webcast live here.

VelvetRevolution.us' Emily Levy will be at the hearings and is hoping to live blog them for The BRAD BLOG from the hearing room.

According to a statement from Bowen's office this morning, the hearing will be at "the Secretary of State’s Sacramento building auditorium at 1500 11th Street."

"Secretary Bowen’s decisions on system certifications will come on or before August 3, after her thorough review of the UC team reports and input from voters, voting system vendors and local elections officials," the state says. "Today, the independent UC review teams, led by nationally respected computer science experts David Wagner and Matthew Bishop, will provide an overview of their reports. Voting system vendors will have an opportunity to respond, then public comment will be welcome."

The landmark, independent reports from UC are available online right here.

UPDATE 1:00pm PT: The live webstream out of the hearing is almost completely unwatchable, as they must not have enough bandwidth to accommodate those trying to watch. As well, though Emily is at the hearings, there is no Internet access available in the room. So despite all best-laid plans, we'll have to wait for the her report to be posted here later tonight, and for a video archive of the hearing itself to hopefully be made available later.

UPDATE 11:27pm PT: Emily Levy's tremendous, detailed coverage of the hearing is now finally posted here...

Blogged by Brad Friedman from somewhere in Texas...

We'll certainly have more, from various voices, in the days ahead concerning CA SoS Debra Bowen's landmark independent "Top-to-Bottom Review" of electronic voting systems. The reports from the teams at University of California are now available online here.

As well, Bowen will be taking public statements on these reports both via email at votingsystems@sos.ca.gov and, in person, during a public hearing tomorrow (Monday, July 30) at her office in Sacramento beginning at 10:00am. She'll announce her decisions for decertification or otherwise next Friday, August 3rd. So your input is important, as she mentioned on during a media phone call last Friday.

But even while the results, as Bowen described them on that phone call just prior to their release, found that "the independent teams of analysts were able to bypass both physical and software security measures in every system tested," and as the report on accessibility for disabled voters found that none of the Direct Recording Electronic (DRE, usually touch-screen) voting systems met federal disability standards, Democrats and People for the America Way (PFAW) in the U.S. House were busy hammering out a deal to institutionalize the continued use of such disastrous voting systems into federal law.

Out of touch much? Which part of a transparent, counted, paper ballot (not a "trail" or a "record") for every vote cast in America do these guys not understand?

Late Friday, as Bowen's UC Report was being released, Majority Leader Steny Hoyer (D-MD) and Rep. Rush Holt (D-NJ) finally came to terms, reportedly, on a deal for a revision of Holt's HR 811 Election Reform bill which allows for the use of DREs as preferred, almost exclusively, by PFAW, elections offficials, and voting machine companies. We've been reporting for months that PFAW was the main insider advocacy group moving the ball with this disappointing bill, and Saturday's New York Times confirms that it was "Ralph G. Neas, president of People for the American Way, [who] helped broker the deal" between Holt and House Leadership.

That despite Neas having previously chided me for suggesting that PFAW had the power to make or break this legislation in Congress. As we've also long reported, of course, by their own written admissions, PFAW prefers unaccountable DRE systems to paper ballot voting systems.

And though Christopher Drew's reporting at the New York Times is getting slightly better with each new story, it would be nice if "The Paper of Record" could learn enough about our voting systems so they could accurately report, and help Americans understand what's really at stake here and how the technology actually works.

Drew reported --- misleadingly --- that "The House bill would require every state to use paper records that would let voters verify that their ballots had been correctly cast and that would be available for recounts."

That's just plain wrong. The fact is that adding "cash-register-style printers to...touch-screen machines," as Drew describes it, does not allow a voter to verify that their "ballots had been correctly cast." It allows them only to verify that the paper record of their invisibly-cast electronic ballot accurately matches their intention. Maybe. The fact is: There is no way to verify that a voter's vote is correctly cast on a DRE touch-screen voting machine. Period.

Unless, of course, it's me who is out of touch in presuming that if a "ballot" is "cast" it means it will actually be counted by someone or something. Paper trails added to DRE systems are not counted --- only the internal, invisible, unverifiable ballots are. A "cash-register-style" print-out prior to the ballot being cast and counted internally does not change that.

But more on all of that, and Bowen's UC reports, as we move forward. For the moment, if you'll allow me, I wanted to touch base on a few items I asked Bowen about during the phone call which followed up on several specific issues that we've been reporting on here at The BRAD BLOG over the last several weeks.

Specifically, I asked her whether there had yet been a resolution to the discrepancies in version numbers for LA County's InkaVote system source code as turned in by ES&S, versus the version secretly stored in escrow. And whether or not she could explain the comments reportedly made by Steve Weir, Registrar-Clerk of Contra Costa County, CA and President of the California Association of Clerks and Elections Officials (CACEO), that CA election officials could choose to ignore Bowen's recommendations if they wanted to.

According to Bowen (full transcript and audio below) the ES&S LA County InkaVote issue remains unresolved, and she's unaware of what Weir might have been referring to. A transcript of my questions with Bowen follows, and I hope to have more on Weir soon --- and the adversarial comments he's been making in the media on behalf of CACEO --- but this article has already become much longer than I had intended...

Blogged by Brad from Houston...

Going on air in 4 minutes...But still on line on media conference call w/ CA SoS Debra Bowen concerning her landmark independent "Top-to-Bottom Review" of all voting systems in the state.

I'll have more on the air tonight (see link above), but she has just said "The independent teams of analysts were able to bypass both physical and software security measures in every system tested."

The reports are not yet posted, but should be any moment right here.

As mentioned, more throughout tonight's Peter B. Collins Show which I'm currently Guest Hosting...

UPDATE BY JOHN GIDEON: None of the voting systems tested were found to meet federal mandates for disabled voter accessibility. This may present a problem for the state as they will not be able to allow those systems to be used for accessibility unless the vendors can find solutions for their shortcomings.

EVEN LATER UPDATE (BY BRAD): John and I discuss (and rant about) all of the above, along with more details on the reports findings in this audio clip from today's Peter B. Collins show [appx. 10 mins]...

UPDATE 7/28/07: We'll have much more on this in the days ahead, and we strongly recommend folks read comments below for more details, thoughts from citizens. But in the meantime, here's NY Times' coverage: "Scientists’ Tests Hack Into Electronic Voting Machines in California and Elsewhere" and San Francisco Chronicle coverage: "STATE VOTE MACHINES LOSE TEST TO HACKERS."

Blogged by Brad Friedman from Houston...

Following up on yesterday's report on the latest machinations surrounding the release of CA Secretary of State Debra Bowen's unprecedented "Top-to-Bottom Review" --- including independent hack testing and source code analysis --- of electronic voting systems. The BRAD BLOG has received a few more details on official release dates and timing, including a public hearing in Sacramento next Monday, from the SOS's office [emphasis ours]:

We're in Texas, but hoping those within driving, walking, running distance from Sacramento will show up to the Capitol to give their thoughts on the findings on Monday, as we expect the voting machine vendors to be there in droves, and they may need a reminder that they do not own these elections. The citizens do.

We're also still waiting to hear back from Steve Weir, the Registrar-Clerk of Contra Costa County and President of the California Assoc. of Clerks and Election Officers (CACEO), for details on his published comments indicating that CA registrars may choose to ignore Bowen's findings. The CACEO has blasted Bowen's review of voting systems previously.

Not sure what Weir's legal theory is for such an action, which seems to fly in the face of both the law and the will of the people --- Bowen was elected precisely on her promises to take the actions she's currently taking after both her predecessor in CA and federal agencies had failed completely to properly test these voting systems before certifying them --- but we'll let you know what we learn. We've invited Weir to appear on the Peter B. Collins Show, which we continue to Guest Host through the end of this week. We'd love to hear from him, of course. Stay tuned...

UPDATE 7/27/07 2:40pm PT: Still waiting for the release of the reports, which I'm told by the SOS will be "any moment". When it's released, it should be right here.

Blogged by Brad Friedman from Houston...

The results of California Secretary of State Debra Bowen's landmark "top-to-bottom" review of electronic voting systems in California are due on August 3rd. (UPDATE: The SoS's Office informs us the report will be released this Friday. Details now posted here.) It'll be the first such official analysis, performed by several teams of testers, in which these voting systems have actually been tested for vulnerabilities and failures by "red team" hack/penetration testers, as well as having the system source codes fully and independently tested.

An article by Steve Harmon published in several CA newspaper this week offers a preview of the battle which may be ahead, including one exceedingly disturbing suggestion that California Election Clerks may be preparing to "ignore Bowen's findings and continue to use their systems" no matter what she may find, and whether or not she decertifies the systems for use.

Yours truly is quoted early in the piece, suggesting that "voting machine companies are quaking in their boots," as Bowen is doing precisely what she was elected to do and is fulfilling her campaign promises through the unprecedented series of tests.

John Gordon of Public Radio's Future Tense program followed up that printed report with his own four-minute audio report in which I'm also interviewed:

Of note in both reports, the voting machine company spokesholes are on the defensive, as expected. But the real battle after Bowen releases her findings may lie with the California Association of Clerks and Election Officers (CACEO), currently led by President Steve Weir, who makes some startling statements in the report...

Blogged by John Gideon and Brad Friedman

The results of California Secretary of State Debra Bowen's "top-to-bottom review" of electronic voting systems previously approved for use by her predecessor is still underway. But before any of the findings from her teams of security specialists, software analysts and voting systems experts have been made public, the unprecedented analysis has already revealed a disturbing anomaly which may have far-reaching implications for both state and federal voting systems laws across the country.

As The BRAD BLOG reported exclusively almost three weeks ago --- precisely zero media outlets bothered to file their own reports on this matter until last weekend --- all voting machine vendors certified in California had submitted their source code to Bowen for the review, except for ES&S, America's largest voting machine company.

After their refusal to submit the code as required for the test, Bowen demanded the source code used for the InkaVote Plus voting systems marketed by ES&S, and used exclusively in Los Angeles, be released to the state by the escrow firm which had been holding it as per state law.

Following Bowen's demand to the escrow company, Iron Mountain Intellectual Property Management, ES&S reluctantly agreed to give their own version of the source code to the state.

Oddly enough at the time, the voting machine company, in an arrogant letter to Bowen (posted here in full by The BRAD BLOG), demanded that she withdraw her request to receive the version of the source code already stored in escrow at Iron Mountain. The letter succeeded in keeping our already-raised eyebrows at full perk, as the demand that Bowen not review the code in escrow, but rather look only at the one ES&S was sending, raised several troubling questions. Among them, we wondered at the time if perhaps the version stored in escrow was not the version actually used on the county's voting systems during last year's election. If so, there could be enormous ramifications for the company, and for the idea of escrowed source code for voting systems in general.

Over the weekend, an article in the Los Angeles Daily News, the first organization to jump into this matter following our series of reports, filed a story on the matter which began to validate our suspicions. The paper reported that due to the late submission, the InkaVote Plus system would not be included in Bowen's "top-to-bottom review", presenting questions about which voting system would be allowed for use in 2008, in the country's most populous county. LA County is larger than many states in America.

It's as yet unclear whether Bowen will completely decertify the InkaVote Plus system for use, or whether she will take other steps.

Perhaps more disturbingly, however, the Daily News report includes comments from CA's Deputy SoS for Voting Systems, Lowell Finley, indicating that our concerns about differences in the submitted and escrowed source code may have been precisely on target.

We contacted Bowen's office for more details, and they shared with us the letter sent from Finley back to ES&S in response to the company's curious demands. The letter is posted in full at the end of this article. And if the issue Finley raises is indeed true, there may be a whole lotta trouble ahead...

Blogged by Brad from Nashville after Escaping Atlanta...

"It's been a thriller," said the eponymous host of the Peter B. Collins Show as Friday's live radio debate wrapped up between myself and attorney Lawrence D. Norden, Chair of the NYU Brennan Center for Justice's Task Force on Voting System Security.

Norden made, in our spirited debate, what I believe to be some stunning admissions.

Complete "must listen" audio of the debate is available at the end of this article...

Guest Blogged by John Gideon of VotersUnite.Org

As The BRAD BLOG reported yesterday, voting machine company ES&S has finally relented and agreed to join all of the other companies operating in the state by cooperating with the Secretary of State Debra Bowen's "Top-to-Bottom Review" of all electronic voting systems previously certified by her predecessor Bruce McPherson. After previously refusing to supply the state with source code for the company's InkaVote Plus system used exclusively in Los Angeles County, Bowen had demanded the release of the source code from escrow where it was stored by state law, as we also reported previously.

But has ES&S really relented? Or is something else up?

We asked yesterday why ES&S decided to send their source code, instead of allowing Bowen to pull it from the escrow facility at Iron Mountain, as she had previously demanded. And now, based on a letter from the company which The BRAD BLOG was able to obtain from one of our sources, as sent to Bowen's office when they agreed to supply the source code Monday, the smell of something fishy continues to permeate. The complete ES&S letter is posted in full at the bottom of this article.

On Monday, June 25, ES&S sent the letter to Lowell Finley, California's Deputy Sec. of State in charge of Voting Systems Technology and Policy, agreeing to supply the source code for InkaVote Plus is an amazing example of the company's arrogance even as it continues to beg a myriad of unanswered questions.

ES&S opens the letter repeating their desire for changes to the previously agreed upon Non-Disclosure Agreement (NDA) they have with the state. AS well, they believe the cost of Bowen's "top-to-bottom review" is too high, and they have concerns with some of the researchers who are doing the review. Nonetheless, they agree to cooperate.

Yet, after informing Finley that they intend to finally send the required source code, they instruct him that they expect him to send a letter to Iron Mountain Intellectual Property Management Inc. to release the firm from the state's request for the escrowed source code. Now why would they need to do that?

"As ES&S is providing the InkaVote Plus voting system source code directly to your office, ES&S requests that you send a letter to Iron Mountain retracting your request for the InkaVote Plus voting system source code," writes ES&S' Steven M. Pearson in the letter.

"This will provide the required notification to Iron Mountain that you are no longer in need of the requested source code and allow Iron Mountain to close your request. In addition, this will avoid ES&S from having to issue contrary instructions to Iron Mountain to prohibit the release of the InkaVote Plus voting system source code."

So what the heck is that all about?...

Guest Blogged by John Gideon of VotersUnite.Org

The BRAD BLOG has learned this evening that source code and a check were sent to the state of California by ES&S. Readers may recall that as of last Thursday ES&S had not complied with Sec. of State Debra Bowen's demand for a copy of the source code used exclusively in Los Angeles County.

According to a Secretary of State spokesperson, they received a copy of the source code and a check to cover the expense for the state's "top-to-bottom" review. ES&S finally relented, and sent the code only after Bowen had demanded it be released from escrow as per state law.

Questions still remain and your intrepid correspondent will be following-up with the state.

Why did the code come from ES&S and not from Iron Mountain, Inc., the escrow agent? Is there something in the escrowed code that ES&S does not wish the state to see? How does the state know that the code they got from ES&S is the same code used to build the software running on the machines used in LA County?

Doing twelve things at once today, so no time for analysis at this point. I'll just run CA Sec. of State Debra Bowen's just released statement on her promised, unprecedented, first-of-its-kind in the nation, "top to bottom review" of all of California's electronic voting systems.

The review will include "red team" hack testing for the first time ever. Done as standard operating procedure for similar security-sensitive, mission-critical commercial systems, this sort of penetration testing has never been performed on America's voting systems. Until now.

The one page summary [PDF] of the plan states:

• [University of California] will provide specialists from its campuses, as well as experts from public and private universities and private sector companies throughout the United States to create three teams of experts to conduct the reviews.
• Each system will undergo a thorough document and source code review, red team penetration testing, and a review to determine whether it’s accessible to all voters.
• The review teams will provide an independent technical evaluation of the voting systems that the Secretary of State will use to carry out her statutory duty with respect to voting systems in determining whether the systems comply with current state and federal law.

There are links within her statement below where you can find more details. For example, the State's review teams will include folks such as computer security expert "hacking" Harri Hursti, and blind technology expert Noel Runyan, who has been highly critical of unverifiable touch-screen DRE voting systems.

More on all of this, perhaps, later after I've had time to review the materials myself. But for now, see the statement below for some killer quotes from Bowen...

CA Secretary of State Debra Bowen responds to the Santa Cruz Sentinel's silly anti-democracy editorial last week with an op/ed 01of her own that ran in the paper on Sunday.

Please note that the Sentinel was previously owned by former CA SoS McPherson, the one who approved all of these un-secure, un-transparent electronic voting systems for our state in the first place.

It's good to know that Bowen is standing up for the voters, despite the crush of criticism she's received from the anti-voter Elections Officials in CA

Here's how she begins her piece in response:

...And here's how she ends it:

Kudos to Bowen! Again!

Please note that in the same Sunday Sentinel our own occasional BRAD BLOG Guest Blogger, Emily Levy of VelvetRevolution.us, also has an excellent op/ed in response to their original, ridiculous editorial. Kudos to Emily as well!

Speaking out matters!

And on that note, I'll remind you that if you haven't already, please contact PFAW@PFAW.org NOW! See this article for why it's imperative that you do immediately!

Columnist Thomas Elias gets it right again. Today, he begins this way...

He then reports again on the Jeff "1000 to 1" Stone's apparently-aborted "Riverside Hack Challenge," the dangers of voting machine "sleepovers," former CA SoS McPherson's backing out of an invitation to Harri Hursti to hack Diebold systems in the state last year, and, most importantly, CA's current SoS Debra Bowen's important plan to finally properly test all voting systems used in elections.

If we didn't know better --- and that nothing useful to the MSM is ever reported by those crazy, unreliable, "left-wing bloggers" --- we might have even thought that Elias is a regular BRAD BLOG reader or sumpin'

He concludes his column thusly:

Bingo. The full recommended column is here...

If you'd like to send a thanks for Elias's consistent good work on this issue, he can be reached via email here...

Harri Hursti drove up to Los Angeles last Friday after his appearance that morning before the Riverside County, California, "Blue Ribbon" panel convened to investigate massive problems during the County's 2006 election, and continuing concerns from Election Integrity advocates about both the performance and security issues surrounding the Sequoia Edge II DRE touch-screen voting systems in use down there.

We sat down to interview Hursti for a documentary film for an hour or two on Friday night, and we continued chatting into the wee hours. After getting home around 4am, we suspect we'll be playing catching up for a few days.

The headline from those discussions last night is probably that Hursti, now famous for his hack of a paper-based Diebold optical-scan voting system in Leon County, Florida, in late 2005 (as seen live in HBO's documentary Hacking Democracy), advocates digital optically-scanned paper ballots --- where the image of the scan can then be made available to all on the Internet --- as the most secure and most transparent method of voting for the type of elections we have in these United States.

That may come as a surprise to advocates of Rep. Rush Holt's Election Reform bill, who have been pointing to the "Hursti Hack" as a way to suggest that op-scan tabulation is "just as bad" as Direct Recording Electronic (DRE) touch-screen voting systems. Holt's bill (HR811) would allow for the continued use of DREs, despite the continuing warnings from computer scientists, disabilities and minority rights advocates, and the Election Integrity community that the devices should be banned.

Hursti heartily disagrees with those Holt supporters and told us again that DREs are not safe for use in elections, with or without a so-called "voter verified paper audit trail." He's asked for us to help facilitate a meeting for him with Holt and his staff to discuss the matter, and we are attempting to do just that.

As well, Hursti's position may also come as a surprise to those who have pointed to the "Hursti Hack" in their call for 100% hand-counted paper ballots (HCPB) in American elections. While Hursti said he recognizes that such a system works well enough in other countries where ballots are much simpler, he feels the thousands of ballot styles and pages and pages of candidates and propositions would likely make all HCPB unwieldy here. By contrast, he explained that in Finland, voters go to the poll and cast a single vote for President as the only race on the ballot, which is simple enough to hand count on the night of the election.

He rattled off the many different systems of democracy in many different countries, from Europe to Asia, as well as a history of how America has come to its current mess, going back as early as the late 1800's to discuss the evolution of our modern day system in this country. Clearly, he's done his homework and is well worth listening to on these matters.

Hursti also gave high marks to California's new Secretary of State Debra Bowen for her recent announcement of "red team" hack testing for all of the state's currently certified electronic voting systems, as part of her "top to bottom review" of those systems. Other computer scientists and security experts have lined up to join in praising Bowen for this unique, first-of-its-kind attempt to finally test the security of these systems.

On the other hand, many of the state's elections officials have come out against such testing of their precious, hackable, un-transparent voting systems. And, surprise surprise, so has the Santa Cruz Sentinel --- the paper once owned by thankfully-former CA SoS Bruce McPherson --- in a laughable editorial late last week claiming that "paper ballots carry an even greater risk" than electronic voting systems, and that Bowen's planned test criteria is a "solution in search of a problem."

We're not sure what cave the Santa Cruz Sentinel has been living in, but we're guessing they've been sharing their hard tack and canned spam with their buddy, the gone-but-apparently-not-forgotten McPherson, the one responsible for certifying these god-awful systems in the first place for the state, despite mountains of evidence suggesting it was unwise. We're also guessing they've never sat down to chat with Harri Hursti.

Hursti's visit to Riverside, as we reported here last week, was in response to County Supervisor Jeff Stone's challenge last December that nobody could manipulate the county's Sequoia election system. After Hursti volunteered to take Stone up on that "1000 to 1" challenge, the county has been waffling ever since. So quite a few members of both the public and the press were on hand yesterday for Hursti's testimony before the "Blue Ribbon" panel.

Although Hursti traveled all the way from Finland, Stone and every other member of the Riverside County Board of Supervisors were apparently too busy to make it up the road to meet Hursti and listen to his presentation...

FEATURING: Our One-on-One Debriefing with the Finnish Computer Security Expert on American Elections, Rush Holt's Reform Bill, Debra Bowen, 'Black Hats,' and Why Elections Matter...Pre-details back here...

UPDATE: Story now posted here...