August 10, 2018 --
Reporter: "Does it bother you that what you're showing is humbug?"
PT Barnum: "Do these smiles seem humbug? It doesn't matter where they come from if the joy is real."
I recalled this dialogue from The Greatest Showman as I was observing a pre-election voting machine test in the City of Elroy, Wisconsin on Monday, August 6.
Conducted in every municipality before every election, these tests serve some necessary functions.
But as a safeguard against hacking, they are humbug—as authentic as a bearded lady whose facial hair is hanging from strings looped around her ears.
I've observed more than two dozen of these tests over the years. The ones I observed this week were typical. Even if you're not an IT professional, I'll bet you can pick out why these tests don't protect Election-Day results from hacking—whether the hacker is an Internet cyber-crook or a corrupt voting-machine company insider.
Here, try it. Start by predicting what the hacker might try to do. First, do you think the hacker would make the malicious code miscount every single vote or only some votes?
You guessed 'only some,' and experts agree. When a blue-ribbon election-security task force convened by the Brennan Center for Justice worked out how a hacker would steal a statewide race in the imaginary State of Pennasota, they calculated that no hacker would likely alter more than 7.5% of the votes, or a little more than 1 in every 13. So if you want to detect hacking, your set of fake ballots—your 'test deck'—should contain enough ballots to give each candidate at least 13 valid votes.
But Wisconsin municipal clerks typically create test decks with only one vote for each candidate—enough to catch only hacks that affect every single vote.
Second, do you suppose the hacker might instead allow the machines to count votes accurately all day, and then simply flip the candidates' vote totals at the end of the day to give his guy the biggest total? You probably guessed yes, he might. So you would need to create a test deck that has a winner in each race, a different number of votes for each candidate.
Wisconsin municipal clerks' pre-election test results typically contain a lot of ties--the same number of votes for each candidate in each race. Those test decks would not detect any vote-flipping hacks.
Finally, would the hacker's malicious code kick in whenever the machine was turned on, or only on Election Day? This one is easy. Hacks would never trigger on any day other than Election Day.
This is the fatal flaw of pre-election testing as a safeguard against hacking. Hackers can program their code to trigger only when the calendar says it's Election Day...or only when ballots are inserted at a rate typical of Election Day...or only when the machine has been operating continuously for more than eight hours...or only on some other telltale sign that real votes, not test votes, are being counted. As the Brennan Center Task Force report put it, trying to use tests like these to detect hacking would create a constantly escalating arms race between election officials trying to make the test look like a normal Election Day and hackers finding new ways to detect a test situation.
As a result, the Task Force didn't bother even to mention pre-election testing as a safeguard in its list of six security recommendations.
Many of Wisconsin's pre-election tests do not hide the fact that the machines are running in test mode, not Election-Day mode. The photo at right is a close-up of the voter-verifiable paper trail from an AVC Edge voting machine, programmed by Command Central, being tested in Juneau County before the August 14, 2018 primary. Notice that the voting machine printed "PRE-LAT PAPER RECORD" at the top of the ballot. 'LAT' is the computer professionals' term for "logic and accuracy testing," a basic routine whenever software has been updated. (I don't know why Command Central calls it "PRE-LAT".)
This machine clearly knows it is counting test ballots, not real ones. Operating in test mode doesn't render the test useless for things like catching innocent programming errors. But:
It is humbug for election clerks
to fool themselves, or to fool the public,
into thinking these pre-election tests
provide any protection against hacking.
If we want to stop being fed humbug, we have to stop falling for it. If your local election officials tell you:
- "Election results are protected by pre-election voting machine tests", tell them that you know Wisconsin's pre-election voting machine tests could not detect hacking any less obvious than that which in 2010 elected a cartoon robot to the Washington, DC school board.
- "Election results are protected by keeping the machines unconnected from the Internet," tell them that you know that they have no idea about what happens to the software before it comes into their control.
- "Election results are protected by federal and state certification," tell them you know that the software has been copied and updated many times since it was certified, and that no one has ever or will ever inspect the software that will count your votes on Election Day.
- "Election results are protected by the audits we already do," tell them that audits completed only after the canvass cannot possibly protect results they have already declared final ('certified').
The solution: Contact your county election office. In Milwaukee County, that's the Elections Commission; in other counties, it's the county clerk. Tell them:
"This voter is done with humbug. I know that one and only one safeguard can protect our final election results.
Use our paper ballots to detect and correct any electronic miscounts before you declare election results final. Start this November."
Don't expect your county official to be stubborn; several are already planning to check accuracy before they certify the November results as final. Find out if yours is one.
But if your county officials are not now planning to begin auditing, don't accept excuses. They got a memo on August 1, 2018 from the Wisconsin Elections Commission that made it clear: "A post-election audit is a tool that could be implemented to confirm that results have been tabulated accurately," and "post-election audits of the results may be conducted prior to certification of the canvass." The Commission even gave them basic instructions they can follow.
No more humbug
about election security.
Tell your county officials
today: "Time's up.
You can also help by donating to help Wisconsin Election Integrity get the no-humbug word out to voters, officials, and media through our 2018 publicity campaign.
And you can email the Wisconsin Elections Commission at firstname.lastname@example.org to encourage them to mandate pre-certification audits in every county, at their September 25 meeting.