Some Questions For Our Elected Officials by Chuck Herrin

© 2005 Chuck Herrin

Used with permission


| EJF Home | Where To Find Help | Join the EJF | Comments? | Get EJF newsletter |


| Vote Fraud and Election Issues Book | Table of Contents | Site Map | Index |


| Chapter 4 — Trust Our Election Officials? |

| Next — As Bad As The 1904 Election In Colorado? by Ed Quillen |

Note: Chuck Herrin is updating these as he thinks of new ones — Feel free to blatantly steal and ask your own elected officials any or all of them. Go for it!


Electronic vote counting

Paper ballots

Voting machine security


Electronic vote counting


• Who told you that electronic voting was a good idea?

• What advantage does electronic voting give that is more important than election integrity?

• What is the dollar value of a vote?

• Multiply the dollar value of a vote (above) times the number of votes lost in the 2004 election — did we save taxpayer money by rolling out these machines?

• Whom do you feel the burden of proof rests upon — elections officials to prove that a system is secure or voters to prove that a system is insecure?

Do your actions mirror this?

If not, why?

• Since secret vote-counting is illegal, can you please explain why computer-counted vote tabulation is allowed?

• If the mechanism used to perform vote-counting is invisible or done via a computer, please explain how this does not meet the definition of "secret."

• Please explain how plugging a tape into a tabulation machine qualifies as a "transparent" or "open" tabulation of votes, when neither the vote numbers or data is visible to the observer.

• Given that in 17 out of 17 precincts audited in 2004 in California found uncertified versions of software was installed on Diebold DRE machines, why should voters trust that the certified versions of electronic voting software is installed?

• Since the CalTech/MIT study concluded that DREs are the worst performing solution in every category, please explain their rapid adoption.

• How much taxpayer money will HAVA potentially provide to your state or county to subsidize the adoption of these "blackbox" machines?

• How much money have electronic voting companies spent to lobby you in the last five years?

• How much time and money has been spent in sales presentations, rollouts, training, and investigations of the resulting problems from electronic voting, including today's meeting?

• Why do the same companies make ATMs and vote machines, yet only ATMs provide a paper trail?

• What happens during a power outage where electronic voting is used?

If the voting terminals have battery backups, do the vote tabulation machines or the network infrastructure used for reporting?

• Are politics more important to you than representation?

Is saving face because of a bad decision (adoption of electronic voting) more important than restoring integrity to the voting system?

• Would voters support a system where they walked into a closet, whispered their vote through a curtain, and walked away, hoping for the best? Please compare and contrast this with electronic voting using DREs.

• Can you tell me three ways that electronic voting is more secure than hand-counted paper ballots?

Please answer keeping in mind that arguments re: human tampering and malfeasance are constants regardless of the voting mechanism used.

• Please compare the problems introduced by electronic voting, such as software bugs, vulnerability to remote hacking, intentional backdoors, increased complexity, susceptibility to viruses and worms, hardware failures, increased cost and training requirements, and other problems to the benefits gained by its use and/or problems that e-voting remedies.

• Is using the newest technology better than using a proven technology, if it means an increase in cost, complexity, and susceptibility to abuse, while introducing the ability to compromise the system remotely and eliminating audit capability?


Paper ballots


• What is the best guess as to how much time and effort a hand-counted paper ballot election would have taken?

Compare and contrast with the previous answers.

• Given that Canada hand-counted their last parliamentary election in four hours, do you feel that we are saving time by using electronic voting systems?

• How much faith would your voters place in the results of a hand-counted paper ballot election versus the current results, where according to a recent poll 25% of the American public feels that the 2004 election results are not credible and do not reflect the will of the American people?

From above, is 25% a significant constituency?

• How many votes would normally be lost during a hand-counted paper ballot election?

Compare that to how many votes were lost in the 2004 election.

• Given the fact that a recent CalTech/MIT study showed hand-counted paper ballots have the lowest average incidence of spoiled, uncounted, and unmarked ballots, what is the rationale for moving away from this system?

• How many people working in concert would it take to "hack" a statewide or national election using paper ballots?

• Can paper ballots be manipulated remotely when computers are not used for tabulation?

• Can paper ballots be manipulated remotely when computers are used for tabulation? (See How To Hack The Vote)

• What is more important to the voting process than vote integrity and auditing capability?

• What is the reason for not returning to hand-counted paper ballots, and why would that not be the right thing to do?

• What would be the problem with selling our voting machines to another state and announcing to the public that you are being proactive in protecting the integrity of their vote by going back to paper ballots until a voting machine company meets the normal security standards that are being used by the rest of the IT industry?

That's what Missouri is attempting to do (go back to paper ballots), and I'm sure their voters appreciate it.

As a voter, I know I would.


Voting machine security


• Please define "encryption" and explain how it aids in the open counting of my vote.

• Do you know how to run a cryptographic checksum or hash against system files to verify that the software used is the software that was certified?

If not, how do you propose to prove to the voters that the certified software is what is actually run?

• What happens when voting machines or tabulation computers get a virus?

What would be the estimated cost to re-perform the election if the vote data were corrupted by malicious software?

• Who is more credible on security matters, salespeople or Information Security professionals?

Compare and contrast what each party (security people vs salespeople) had to gain by stating their opinions of the security of these systems.

• What did every information security professional who has ever looked at these systems say, with the possible exception of those on the payroll of the companies in question who were being paid for a certification?

Did they use a meaningful industry standard certification, such as the Common Criteria?

• Are you an Information Security expert?

Why do you feel that every Information Security expert who has examined these systems is wrong about the security of these systems?

• Do you want our voting system to be resistant to fraud?

• Is corruption a problem in our electoral process?

• Why don't electronic voting manufacturers hold themselves to the same standards that the rest of the IT industry does and use the industry-standard Common Criteria for systems security?

• Where we use the Internet for reporting, what happens when the next Code Red, Slammer, Nimda, or other worm takes down Internet service during an election?

• What happens when the WINvote system, using IEEE 802.11B wireless standards, is knocked out by someone turning on a microwave oven or a cordless phone, or any other type of Denial of Service attack?

• When information security professionals recommend against the use of wireless on any system that is business or mission-critical, please justify its use in electronic voting.

• Whose priorities do you represent when you go against the advice of security experts and adopt systems whose security defects are well known and have been described as "stunning" and "blinding" by computer scientists who have examined them? Are they the priorities of the voters?

• What would be the result in the business world if a bank's system were repeatedly demonstrated to be easy to hack, but the officers of the bank continued to rely on these systems, even after the problems were widely known?

• What if the bank refused to provide receipts for their transactions? Would their customers have faith that their money is being handled correctly?

• What if several of the bank's developers and managers were convicted felons? Would that affect the public's confidence in the bank's code of ethics?

• What would happen during the resulting shareholder lawsuits if it were discovered that the bank's officers and board of directors had repeatedly gone directly against the advice of their Information Security experts in adopting these systems, even after serious vulnerabilities were discovered?

Chuck Herrin, CISSP, CISA, MCSE, CEH



| EJF Home | Where To Find Help | Join the EJF | Comments? | Get EJF newsletter |


| Vote Fraud and Election Issues Book | Table of Contents | Site Map | Index |


| Chapter 4 — Trust Our Election Officials? |

| Next — As Bad As The 1904 Election In Colorado? by Ed Quillen |


Last modified 6/14/09