Analytic Insight Net - FREE Online Tipiṭaka Law Research & Practice University
Paṭisambhidā Jāla-Abaddha Paripanti Tipiṭaka nīti Anvesanā ca Paricaya Nikhilavijjālaya ca ñātibhūta Pavatti Nissāya anto 112 Seṭṭhaganthāyatta Bhāsā

May 2019
« Apr    
Filed under: General
Posted by: site admin @ 3:17 am

Contributor -3

India’s EVM are Vulnerable to Fraud

Overview. This site presents an independent scientific study about the security of the electronic voting machines (EVMs) used in India.

Contributor- 4

India’s EVM are Vulnerable to Fraud - Questions and Answers

Q: Why did you study India’s EVMs? A: The Election Commission of India has spoken of India’s EVMs as “infallible” and “perfect”, yet similar electronic voting …

Contributor - 5

India EVMs vulnerable to fraud | The Indian Express

prof behind EVM study deported on arrival. Written by Geeta Gupta | New
Delhi | Updated: December 13, 2010 at 3:46 am. An American computer
scientist,J …


India’s EVMs are Vulnerable to Fraud - YouTube

Apr 27, 2010 - Uploaded by ropgonggrijp
Contrary to claims by Indian election authorities, the paperless electronic voting systems used in India suffer …

EVMs vulnerable to fraud: Experts - IBNLive

Apr 29, 2010 - New Delhi: The electronic voting machines (EVMs) used in India are vulnerable to fraud, and it is important for votes to be counted in a manner …

India’s EVMs are vulnerable to fraud - Livemint

here to watch a video demonstration of two kinds of attacks against a
real EVM. Comment E-mail Print. First Published: Thu, May 20 2010. 05 20

Hacking Democracy: The Fraud of EVMs - Unofficial: Dr …

In 2009, it’s alleged, Congress won around 70 Lok sabha seats by manipulating theEVMs. and also P Chidambaram, of Congress Party won by an EVM fraud..

An EVM that ‘votes’ only for BJP stuns poll staff in Assam … › Lok Sabha Elections 2014

Apr 3, 2014 - It is a defective machine and it was noticed when EVMs were readied in front of representatives of all political … Saradha scam: CBI grills TMC l.

Contributor -6

Indian EVM

Most developed countries have rejected or reformed direct-recording EVMs. Election Commission of … India’s EVMs are Vulnerable to Fraud - Dr. David Dill …


Contributor -7


Use of EVMs is Unconstitutional and Illegal Too! 3. EVM Software Isn’t Safe. 4. …..Nor is The Hardware. 5. EVMs are Sitting Ducks. 6. “Insider” Fraud a Concern.


Electronic voting is the real threat to elections

J. Alex Halderman

Associate Professor of Computer Science and Engineering, University of Michigan

Director, University of Michigan Center for Computer Security and Society,,

Should Britain introduce electronic voting?

Paper ballots in the UK

for a second, that the concept of elections was new, and it was your
job to pitch them to the nation. You start off singing the praises of
democracy, and how it transfers power to the people like never before.

People are looking excited, so you then bring up the concept of a
legislature: all the elected representatives doing the important task of
scrutinising the government, as well as enacting new laws and debating
important national issues.

You’ve pretty much won them over, so now you turn to elections: those
momentous days when the whole nation marks their choices with a pencil
cross on small pieces of paper, which are gathered up, counted by hand
in their thousands, and used to determine who runs the country.

A deathly silence falls. Someone in the back mutters: “Paper?” You
decide that now is perhaps not the time to introduce the concept of
postal voting.

Face it: British elections are ever so slightly anachronistic.

Pencil and paper

The problems with our current, resolutely 19th-century method of
running elections should be obvious. Votes can be miscounted, misread,
or even simply misplaced. Counts consist of thousands of people across
the country, paid overtime to stay up all night manually sorting and
counting those votes. When they go wrong – as happened in Tower Hamlets
during the 2014 local elections – there’s no easy way to trace the
problems back to their source, and no easy way to fix them other than
simply restarting the count.

At this point, one might be forgiven for feeling trapped in the
“before” section of an infomercial. But yes: there is a better way.

Electronic voting machines are used in some of the world’s biggest
democracies, including Brazil, India, and the Philippines, to get around
some of these hurdles. The machines come in all shapes and sizes, from
small touchscreen devices to larger units with physical buttons and a
printed ballot paper on the front.

But those nations that have widespread adoption of electronic voting
are also developing nations with relatively short democratic histories
and their own unique challenges, from inaccessible rural populations to
low levels of literacy.

Addressing those concerns was a driver for the introduction of
electronic voting, but has also led to a perception that the technology
wasn’t necessary in developed nations, according to Antonio Mugica, the
chief executive of electronic voting firm Smartmatic.

“In western Europe, there isn’t a generalised perception that
integrity needs to be improved,” he says. But while it’s true that the
mature democracies of western Europe tend not to see outright stolen
elections, there is still the potential for mistakes. And, after all,
“the fact that there is no crime in this neighbourhood in London doesn’t
mean you’re not going to put a door and a lock.”


that’s not enough of a pitch for many, who – perhaps fairly – take the
view that voting with paper ballots isn’t broken, and doesn’t need to be
fixed. Mugica disagrees. “The reason to bring technology into the
election process is to increase integrity and security, but it has a
series of important collateral benefits.

“One is cost reduction: so I’m sure Britain could spend less per
election if it was using technology, and the security and integrity
would be 10 to a hundredfold better. So you have something that’s a
hundredfold better, and it’s going to cost less.”

The concept of electronic voting has garnered widespread political
support, seen as both a cost-saving measure and a possible way of
boosting turnout in an era of declining voter representation. A Labour
spokeswoman said: “Labour is committed to looking at radical ways of
encouraging more people to vote, by making the process easier and more
in tune with the way people live their lives … Labour will pilot secure
systems for electronic voting, including online voting.”

Not everyone agrees that electronic voting is dramatically better, or
even better at all. The switch does remove some problems inherent to
paper ballots – not least the cost of simply printing and distributing
the millions of ballots required to make an election happen. But it also
introduces its own.

The chief fear of many is that a switch to electronic voting would make electoral fraud easier, not harder.
In the worst-case scenario, rather than forging ballots individually, a
wannabe dictator could simply flip a switch and win the election with no
trail in sight.

Jim Killock, the executive director of the Open Rights Group, says that voting has to be secret, secure and accountable.


is a very hard problem to solve and so far nobody has managed it.
Accountability in most software systems means a clear audit trail of who
did what, which of course would violate the basic question of secrecy.”

And even without ascribing malicious intent, a bug in an electoral
machine’s operating system could alter the vote result systematically.
That’s why many observers, such as ORG, prefer that the machines only
run on open source code, so that independent observers can check the
programming is bug-free.

Smartmatic doesn’t go that far, citing the need to protect trade
secrets, but typically encourages nations to perform a fully independent
code review in the runup to an election, inviting all political parties
and representatives of civil society to check for bugs. The code is
compiled then and there, with a digital signature that individual voters
can use to check that their machine is running the correct software.

As for the audit trail, it’s something that the company takes very
seriously. “We bring, along with the technology solution, a
recommendation to perform 17 different audits, before, during and after
the election,” says Mugica.

Keyboard and mouse

But if those problems are tricky to solve, they’re nothing compared
to the other major form of electronic voting, online voting. Casting
votes over the internet seems like the natural progression of democracy
to the 21st century, but it requires a fairly fundamental rethink of how
the electoral process should work.

In order to let people cast votes from home over the internet, we
have to decide to give up some of the most important principles of our
electoral system, like guaranteeing that a vote cannot be given away,
stolen or forced, and ensuring secrecy of the ballot.

Those problems are so fundamental that, to date, only one country has
really cracked the problem: Estonia, where almost a quarter of all
votes cast in the 2011 parliamentary elections were made online. In
March, the country heads to the ballots again, for its sixth election
where online voting is allowed. And the proportion of votes cast online
is expected to rise even further.

How have they solved the problems? With a mixture of hard work and
smart solutions. On the one hand, Estonian civil society is the most
connected in the world: every citizen has an online ID card, which has
biometric information about them and digital signing capabilities. The
card can be used with a chip-and-pin machine to prove to government
agencies online that its user is a citizen of Estonia.

That solves half the problem, letting voters sign and encrypt their
votes as they transmit them to the polling office, in order to prevent
them being intercepted or fraudulently cast.

But what Estonia can’t do is control the conditions in the home of
the voter. So instead, they get around it another way, explains
Smartmatic’s Michael Summers, who works with the Estonian government to
provide the voting solution. After voting, “a copy of the vote is also
sent to a verification server”. The voter can then check that their vote
has been correctly registered at any time, to ensure that it wasn’t
changed by malware on their computer, for instance.

“If you think about an internet application, the environment which is
hardest to control is the voters’ computer. Anyone who has a laptop
runs the risk of downloading malware, so the purpose of verification is
that we give the voter an opportunity to check that their vote has been
correctly recorded by the server.”


voters can also change their votes throughout the polling period, and
if they vote in person as well, that “overwrites” their online vote. The
idea is to limit the opportunities for coercion, so that even if
someone demands to watch a citizen cast the “correct” vote, they can
easily vote according to their conscience later.

All the same, the opportunities for funny business are higher than
in-person voting. But, argues Summers, that’s the wrong comparison;
instead, online voting should be compared to postal votes, used by 15%
of the electorate in Britain in 2010. That comparison is much more
favourable. When you make a postal vote, after all, “your mechanism for
securing that ballot is a piece of gummed paper. As opposed to a robust
RSA certificate which is significantly harder to crack than steaming
open an envelope by putting it over a kettle”.

But regardless of the correct comparator, the ORG’s Killock argues
that the potential downsides of internet voting are just too great. “You
have the complexity of making sure that internet systems are secure,
that the voting equipment can be trusted despite being attached to the
internet, and that every voter’s machine is not being tampered with.

“Given the vast numbers of machines that are infected by criminally
controlled malware and the temptation for someone to interfere in an
election, internet voting is a bad idea.”

But the tide seems to be turning in the concept’s favour. In January, the Speaker of the House of Commons published a report on digital democracy, which concluded that “online voting has the potential greatly to increase the convenience and accessibility of voting”.

“In the 2020 general election, secure online voting should be an
option for all voters,” said the report. In response, the Electoral
Commission’s chair, Jenny Watson, said: “We will consider carefully the
balance between maintaining the security of the system, whilst making it
as accessible as possible for voters as part of this.”

But Killock remains unconvinced, and uneasy with turning to a digital
solution for what remains a societal problem. “The real driver of voter
participation,” he says, “is the belief that elections are important
and that voting will make a difference”.
    •    OPPOSING VIEW: Paper voting system is broken
not entirely a fantasy. In many states, some voters can already do
both. The process is seductively simple, but it’s also shockingly
vulnerable to problems from software failure to malicious hacking. While
state lawmakers burn enormous energy in a partisan fight over in-person
vote fraud, which is virtually nonexistent, they’re largely ignoring
far likelier ways votes can be lost, stolen or changed.
How? Sometimes, technology or the humans running it simply fail:
March, malfunctioning software sent votes to the wrong candidate and
the wrong municipal election in Palm Beach County, Fla. The mistake was
corrected only after a court-approved hand count.
•In an election in Pennington County, S.D., in 2009, a software glitch almost doubled the number of votes actually cast.
Carteret County, N.C., 4,530 electronic votes simply disappeared in
2004 when the voting machine ran out of storage capacity and no one
noticed until too late.
•In 2010, a University of Michigan assistant
professor of computer science and three assistants hacked into
Washington, D.C.’s online voting system during a test. They manipulated
it undetected, even programming it to play the Michigan fight song.
While inside, the hackers blocked probes from Iran, India and China.
Washington officials canceled plans for online voting.
like these argue for great caution about expanding electronic voting,
but too many states are choosing convenience over reliability. Sixteen
states, for example, use electronic voting devices with no paper backup,
according to a study by the Verified Voting Foundation, Common Cause
and the Rutgers School of Law.
This means there’s no way to know
whether the machine has recorded a vote accurately or, for that matter,
recorded it at all. And there’s no way for elections officials to
conduct a verifiable recount if things go wrong.
It’s far better to
have, as many other states do, machines that generate a simultaneous
paper record that voters can see when they vote, and that officials can
audit to make sure the machines are getting the votes right.
At least
for now, the next frontier in electronic voting seems to be way too
wild. Twenty-five states allow online voting, chiefly for military
personnel and others overseas, which means 3 million people or more
could cast ballots via the Web this fall. But Alex Halderman, who led
the successful penetration of Washington’s online system, warns that
current technology just can’t keep votes safe.
Home computers are
frequently infested with malware, and central systems such as
Washington’s are notoriously hard to secure. Those who claim otherwise
overlook the fact that hackers have penetrated or shut down systems at
the Pentagon, FBI, Department of Homeland Security and CIA. All these
agencies have cybersecurity budgets that dwarf those of any local
elections board.
The danger is as troubling as it is obvious.
Elections can be stolen, without anyone noticing. Some things are best
done the old-fashioned way.
Opposing view: Paper voting system is broken
the 2010 election, 200,000 military voters failed to cast their
absentee ballots, the vast majority because the mail either failed to
get their ballots to them on time, or failed to get them back home in
time to count. That’s no surprise: Mail to remote military outposts and
ships at sea can easily take three weeks each way. It’s bound to fail.
    •    Whitney Curtis, for USA TODAY

Whitney Curtis, for USA TODAY

Sponsored Links
    •    OUR VIEW: Electronic voting still too wild
that same election, though, 46,000 military voters did manage to vote
through electronic voting systems, either receiving their ballot online,
returning it online or both. The number of military personnel using
online systems was triple what it was in the 2006 election, a sign of
the growing effectiveness and availability of Internet voting.
electronic voting systems introduce new risks? Of course. But the
current mail-based system perpetuates a far greater risk of
disenfranchisement. And the most common risks associated with electronic
systems can easily be mitigated.
For example, the military’s
Internet system is constantly monitored for intrusions and infections,
which can significantly reduce the risk of viruses changing voters’
votes. Transmitting the ballots over virtual private networks can ensure
that ballots are not changed by hackers en route.
Washington, D.C.’s
system referenced in USA TODAY’s editorial did not have any of these
protections. It was simply a test by a not-for-profit, not a system
deployed by one of the leading online election vendors.
About Editorials/Debate
expressed in USA TODAY’s editorials are decided by its Editorial Board,
a demographically and ideologically diverse group that is separate from
USA TODAY’s news staff.
Most editorials are accompanied by an
opposing view — a unique USA TODAY feature that allows readers to reach
conclusions based on both sides of an argument rather than just the
Editorial Board’s point of view.
Finally, the sheer diversity and
local control of our electoral system, with more than 7,800 election
jurisdictions, make the payoff of trying to hack these votes unfeasible
given the small number of ballots received electronically in each
election jurisdiction.
In 2002, Congress mandated that the Defense
Department deploy an electronic voting system for military voters. The
department’s Federal Voting Assistance Program presented a plan to
Congress for a secure, reliable electronic voting system by the 2018
President Obama’s 2013 budget cut $20 million for research
on electronic voting; restoring that money might bring such systems
online in time for the 2016 presidential election, 14 years after
Congress ordered it done.
Would such a system be perfect? No. But it would be far better than the broken paper-based system we have now.
Carey is president of the Abraham & Roetzel government affairs
firm. Until May of this year, he was director of the Defense
Department’s Federal Voting Assistance Program.
About Editorials/Debate
expressed in USA TODAY’s editorials are decided by its Editorial Board,
a demographically and ideologically diverse group that is separate from
USA TODAY’s news staff.
Most editorials are accompanied by an
opposing view — a unique USA TODAY feature that allows readers to reach
conclusions based on both sides of an argument rather than just the
Editorial Board’s point of view.
Editorial: Electronic voting is the real threat to elections

how easy voting would be if Americans could cast ballots the same way
they buy songs from iTunes or punch in a PIN code to check out at the
grocery store: You could click on a candidate from a home computer or
use a touch screen device at the local polling place.
Whitney Curtis, for USA TODAY
Election workers in Maplewood, Mo., train
on touch-screen machines in 2010. Sixteen states use electronic voting
devices with no paper backup.
Whitney Curtis, for USA TODAY
workers in Maplewood, Mo., train on touch-screen machines in 2010.
Sixteen states use electronic voting devices with no paper backup.
Sponsored Links
    •    OPPOSING VIEW: Paper voting system is broken
not entirely a fantasy. In many states, some voters can already do
both. The process is seductively simple, but it’s also shockingly
vulnerable to problems from software failure to malicious hacking. While
state lawmakers burn enormous energy in a partisan fight over in-person
vote fraud, which is virtually nonexistent, they’re largely ignoring
far likelier ways votes can be lost, stolen or changed.
How? Sometimes, technology or the humans running it simply fail:
March, malfunctioning software sent votes to the wrong candidate and
the wrong municipal election in Palm Beach County, Fla. The mistake was
corrected only after a court-approved hand count.
•In an election in Pennington County, S.D., in 2009, a software glitch almost doubled the number of votes actually cast.
About Editorials/Debate
expressed in USA TODAY’s editorials are decided by its Editorial Board,
a demographically and ideologically diverse group that is separate from
USA TODAY’s news staff.
Most editorials are accompanied by an
opposing view — a unique USA TODAY feature that allows readers to reach
conclusions based on both sides of an argument rather than just the
Editorial Board’s point of view.
•In Carteret County, N.C., 4,530
electronic votes simply disappeared in 2004 when the voting machine ran
out of storage capacity and no one noticed until too late.
•In 2010, a
University of Michigan assistant professor of computer science and
three assistants hacked into Washington, D.C.’s online voting system
during a test. They manipulated it undetected, even programming it to
play the Michigan fight song. While inside, the hackers blocked probes
from Iran, India and China. Washington officials canceled plans for
online voting.
Experiences like these argue for great caution about
expanding electronic voting, but too many states are choosing
convenience over reliability. Sixteen states, for example, use
electronic voting devices with no paper backup, according to a study by
the Verified Voting Foundation, Common Cause and the Rutgers School of
This means there’s no way to know whether the machine has
recorded a vote accurately or, for that matter, recorded it at all. And
there’s no way for elections officials to conduct a verifiable recount
if things go wrong.
It’s far better to have, as many other states do,
machines that generate a simultaneous paper record that voters can see
when they vote, and that officials can audit to make sure the machines
are getting the votes right.
At least for now, the next frontier in
electronic voting seems to be way too wild. Twenty-five states allow
online voting, chiefly for military personnel and others overseas, which
means 3 million people or more could cast ballots via the Web this
fall. But Alex Halderman, who led the successful penetration of
Washington’s online system, warns that current technology just can’t
keep votes safe.
Home computers are frequently infested with malware,
and central systems such as Washington’s are notoriously hard to
secure. Those who claim otherwise overlook the fact that hackers have
penetrated or shut down systems at the Pentagon, FBI, Department of
Homeland Security and CIA. All these agencies have cybersecurity budgets
that dwarf those of any local elections board.
The danger is as
troubling as it is obvious. Elections can be stolen, without anyone
noticing. Some things are best done the old-fashioned way.
Hacker infiltration ends D.C. online voting trial
week, the D.C. Board of Elections and Ethics opened a new
Internet-based voting system for a weeklong test period, inviting
computer experts from all corners to prod its vulnerabilities in the
spirit of “give it your best shot.” Well, the hackers gave it their best
shot — and midday Friday, the trial period was suspended, with the
board citing “usability issues brought to our attention.”
Here’s one
of those issues: After casting a vote, according to test observers, the
Web site played “Hail to The Victors” — the University of Michigan
fight song.
“The integrity of the system had been violated,” said Paul Stenbjorn, the board’s chief technology officer.
said a Michigan professor whom the board has been working with on the
project had “unleashed his students” during the test period, and one
succeeded in infiltrating the system.
The fight song is a symptom of
deeper vulnerabilities, says Jeremy Epstein, a computer scientist
working with the Common Cause good-government nonprofit on online voting
issues. “In order to do that, they had to be able to change anything
they wanted on the Web site,” Epstein said.
Because of the hack,
Stenbjorn said Monday, a portion of the Internet voting pilot — which
was expected to be rolled out this month — is being temporarily
The program, called “digital vote by mail,” is intended to
allow military or overseas voters to cast secure absentee ballots
without having to worry whether the mail would get them back to
elections officials before final counting. Those voters, about 900 of
them, still will be able to receive blank ballots via the Internet for
the Nov. 2 general election, but they will not be allowed to submit
their completed ballots via the DVM system, Stenbjorn says. Instead,
they’ll have to put them in the mail or send them unsecured via e-mail
or fax.
The security hole that allowed the playing of the fight song
has been identified, Stenbjorn said, but it raised deeper concerns about
the system’s vulnerabilities. “We’ve closed the hole they opened, but
we want to put it though more robust testing,” he said. “I don’t want
there to be any doubt. … This is an abundance-of-caution sort of
Last week, Common Cause and a group of computer scientists
and election-law experts warned city officials that the Internet voting
trial posed an unacceptable security risk that “imperils the overall
accuracy of every election on the ballot.” But board officials said the
system provides security and privacy upgrades over a method of Internet
voting that’s already legal: filling out a paper ballot, then scanning
it and attaching it to an e-mail.
Stenbjorn says he hopes that the
Web-voting system’s security vulnerabilities will be addressed in time
for a D.C. Council special election expected next spring. The board has
spent about $300,000 in federal grant money on the project.
A D.C. Council hearing on elections issues, which will include the Internet voting test, is set for Friday.
5:30 P.M. Verified Voting, another nonprofit concerned with election
integrity, has released a statement that “applauds” BOEE’s decision to
cancel the digital vote return. The release details the hack: “The test
pilot was apparently attacked successfully shortly after it began by a
team of academic experts led by Prof. J. Alex Halderman at the
University of Michigan. The attack caused the University of Michigan
fight song to be played for test voters when they completed the
balloting process.” The group promises “[f]ull details of the hack and
its impact on submitted test ballots … in the coming days.”
group also identifies a separate issue, which it calls a “very serious
vote loss problem that caused voters to inadvertently return blank
ballots while believing that they had submitted complete ballots.” This
affected users of “at least two widely used computer/browser
configurations.” Stenbjorn said Monday that the problem had been
identified as affecting certain browsers using the Macintosh operating
system, which do not support inline PDF forms. Mac users, he said, can
download the file and open it in a standalone PDF reader instead.
CORRECTION, 10/7: The Michigan fight song is “The Victors,” not “Hail to the Victors.” Mea maxima culpa.
By Mike DeBonis  | October 4, 2010; 2:14 PM ET 
Categories:  DCision 2010, The District  

Save & Share:                            
Previous: DeMorning DeBonis: Oct. 4, 2010
Next: For Rhee, staying in D.C. is a ‘hard question’


Hail to the Victors Valiant!
Um…yay alma mater for cyberhacking?
Posted by: gopoohgo | October 4, 2010 3:21 PM | Report abuse
Hail to the Redskins would have been far better!
Posted by: jeffcoud2 | October 4, 2010 4:01 PM | Report abuse
Michigan’s fight song is “The Victors,” not “Hail to the Victors.”
Posted by: Catholepistemiad | October 4, 2010 5:27 PM | Report abuse
this is the right approach. I’m glad to see they’re not just
approaching the problem in the right way through open testing, but also
are acting cautiously about what they do. Combined with robust review
and flaw remediation, secure voting ought to be possible.
In the meantime, it might be worthwhile to set up something for military members to use through nipernet…
Posted by: Nymous | October 5, 2010 1:48 AM | Report abuse
test that is supposed to run over the weekend is shut down by mid day
on Friday due to “usability issues brought to our attention.”? This
shows an apalling lack of awareness of the problems inherent in such a
voting system.
No, the right approach would be to fire the idiots on the
board of elections and hire the students from Michigan.
Posted by: lcollar | October 5, 2010 8:14 AM | Report abuse
consider how often and consistently online systems of all kinds are
successfully hacked. Why would voting systems be different?
The thought of government by those who get into the position by hiring hackers is truly frightening.
Posted by: observer31 | October 5, 2010 8:21 AM | Report abuse
You think you might mention who the vendor is? That seems kind of important.
Posted by: pj_camp | October 5, 2010 9:28 AM | Report abuse
look - it’s DC. You KNOW who’s gonna be elected even before the first
ballot is cast. Why worry about hackers? They won’t make ANY difference
in the outcome. Of course, it’s also obvious that the hacking wasn’t
done by ANYONE who is a District resident. Even WITHOUT the fight song,
it’s clear that the capability is JUST NOT there. Now maybe some folks
in nearby Maryland or Virginia have the capability, but surely not DC!
Posted by: matism | October 5, 2010 11:29 AM | Report abuse
unclear to me that “We’ve closed the hole they opened…” accurately
quotes Mr. Stenbjorn. If it does, he should be fired immediately for his
illiteracy in this matter.
The students did not “open” a hole in this
online voting system. They discovered one that the Mr. Stenbjorn’s inept
staff did not secure.
If Mr. DeBonis is accurately reporting the quote
then this may also indicate a pathological attempt to shift blame from
where it belongs - the morons at DCBOEE - to the students that did them a
Posted by: Megadan | October 5, 2010 11:45 AM | Report abuse
How great is this? So let’s pretend there’s an 800lb gorilla in the room…his name is Acorn, and he’s a hacker.
Care to wager what percentage of e-voters will be shown to be cast for Democrat candidates?
is a huge problem, but not just with e-vote systems. Jokes about dead
people voting isn’t a joke; our voter roles are full of fraud - 3%, 5%,
20%? ID’s should be needed to vote (as in my district), every voter role
should be purged, validated and maintained before every election.
Without it, the gorilla is going to have his way every time.
Posted by: BarryBinInhalin | October 5, 2010 11:49 AM | Report abuse
[and I mean ANY] system can be hacked, and I have no doubt have
electronic [and even mechanical] voting is a gamble. Paper ballots
are also subject to fraud. 
Choose your poison.
Posted by: news41 | October 5, 2010 12:00 PM | Report abuse
I’m really going to trust the vote coming out of DC. Maybe they can
show Chicago how to do it during Rahm’s coronation, oh, I mean election.
Posted by: AnnieP1 | October 5, 2010 12:12 PM | Report abuse
is it that I can safely access my bank accounts, investment accounts,
Ebay, etc. from virtually anywhere on the planet, but I cannot vote
online? Maybe it’s because having found a proven set of tools to rig
elections, the Left is terrified that new technology will erase their
advantage. Seems odd that such a hotbed of political neutrality like DC
would be “proving” the “danger” of online voting. Remember -vote early
and vote often!
Posted by: snipelee | October 5, 2010 12:16 PM | Report abuse
Use of electronic voting is a hideous error.
Posted by: KPosty | October 5, 2010 12:16 PM | Report abuse

to your PUBLIC education YOU are missing the OBVIOUS … VOTING sites
are referred to as POLLING STATIONS … Why you ask? 
Because for
decades now, the government only POLLS THE OPINIONS of ITS public …
Your VOTE has absolutely NO MERIT in the election process … the
Electorial College does ALL the deciding for you - you only convey your
opinion - which is ignored!! This is the just the tip of the iceberg
when it comes to deceiving Americans! Sorry to burst your patriotic
bubble - wake up people - this isn’t your country anymore!
Posted by: ScatScat | October 5, 2010 12:21 PM | Report abuse
is almost nothing more important than insuring the integrety of our
elections. It is sure that it isn’t 100% free of fraud but to allow it
to go on-line kills all hope of keeping the system safe at all.
morons in charge of this test either 1.have NO IDEA how computers work
2. are actively trying to steal elections 3. are just plain stupid or 4.
have NO sense of what their country is about
I don’t see any good on that list!
rlls need to be continuously scrutinized (by people with brains) and
ballot need to be paper only. The last bit of the puzzle? Honesty
Posted by: rleored1 | October 5, 2010 12:23 PM | Report abuse
bad idea beat down. Voting online, Missile defense systems, etc. can
only be truly tested when the real world comes into play. SO, never go
IF banks etc. are not hack-proof, why would we ever want our
elections and our country to be vulnerable by depending on a computer
program which can never be truly tested before it is used.
That’s a
hard way to learn. We should NEVER go there. There are no hack-proof or
bug-free programs when they are as elaborate as would be required for
voting or missile defense. NEVER! Ask any programmer or QA Tester.
Posted by: tojo45 | October 5, 2010 12:27 PM | Report abuse
many D.C. voters that actually VOTE are there serving over seas for our
country? It can’t be more than a hand full. So, I’d love to see how
much the cost per vote is in this $300,000 waste of money.
Posted by: arbogastd | October 5, 2010 12:30 PM | Report abuse
In 2012 a hacked voter system in favor of Obama is the only way he’ll win reelection…
Posted by: mrcyberdochotmailcom | October 5, 2010 12:30 PM | Report abuse
YOU, HACKERS! I can think of few greater threats to liberty than, even
assuming no technology-based corruption or mischief (HA!), by allowing
lazy, livin’-off-the-taxpayer-dime, do-nothings to be able to sit on
their indolent butts while electing their welfare patrons as they watch
another episode of Judge Mathis.
Posted by: jnsesq | October 5, 2010 12:30 PM | Report abuse
d@amn it, there is such a thing as making it too easy to vote. Just as
all in-person voters should be required to present a valid
government-issued ID card in order to vote, so should we also be
carefully review all absentee ballot procedures to maintain the security
of the voting process and the integrity of our democracy. Many of us
Republicans have been screaming about ballot security for years, and
those of us who have actually run campaigns have witnessed real, live
voting fraud around the country. I don’t care if you’re a Republican,
Democrat, Libertarian or Martian, we should all agree that the integrity
of our democracy must be paramount. If we can’t agree on that, and any
party, candidate or interest group can cheat, then we’re on a slippery
slope to becoming Venezuela.
Bottom line: we should put aside on-line
voting until its iron-clad security can be assured. If this debacle had
occurred in a hotly contested swing state in the middle of a
presidential election, this could have caused a national, if not a
constitutional crisis. Think clearly, people.
Posted by: Dirtlawyer1 | October 5, 2010 12:36 PM | Report abuse
Every lab geek at M.I.T. is now on the case. Winner of the next presidential election: Oliver R. Smoot
Posted by: floyddabarber | October 5, 2010 12:37 PM | Report abuse
I figured it would have been CalTech or MIT that would have pulled this one off.

My thoughts are this-
Election Day is Election Day. No “Early Voting” or “provisional ballots.” Absentee balloting is allowed.
Either people do their “Civic Duty” and appear, on Election Day or they don’t deserve to vote.
Casting one’s ballot is serious and these lazy bums that are trying to “reach-out,” for more time, are way out of line.
Posted by: Computer_Forensics_Expert_Computer_Expert_Witness | October 5, 2010 12:43 PM | Report abuse
could understand why liberals want this system.
As republicans
investgate Dem voter fraud they will need a new method to cheat.
Posted by: jpalm32 | October 5, 2010 1:06 PM | Report abuse
All hail online voting! What could possibly go wrong?!?!?
Posted by: Armed_Texan | October 5, 2010 1:12 PM | Report abuse
pretty sure most of Maryland’s votes are rigged, because most of the
state is actually republican bu the democrats always win
Posted by: interloper5 | October 5, 2010 1:27 PM | Report abuse
Can D.C. do anything right?
Posted by: COOLCHILLY | October 5, 2010 1:28 PM | Report abuse
Every lab geek at M.I.T. is now on the case. Winner of the next presidential election: Oliver R. Smoot
Posted by: floyddabarber
As a Harvard alum, I appreciated this posting. LOL.
Posted by: WashingtonDame | October 5, 2010 1:36 PM | Report abuse
state has different laws… In one of the presidential elections I
voted in here in Michigan, we had a machine that reads your pencil marks
on a ballot. I noticed while waiting in line, 2 out of 3 ballots
scanned were rejected as miss-votes - meaning some of their votes would
not be counted. Everyone accepted this. So, when it was my time, I was
extra - extra - extra careful that I did it perfectly. Mine was rejected
too. I took back the ballot and checked again. Everything was still
perfect, so I had them scan it again. This time it took When I quested
this, the election officials said they only test the machine at the
start of voting, so if some dirt gets on the lenses of the scanner, they
will never know. Also, as a voter I was not allowed to request a
re-count. Only a person on the ballot.
Posted by: arbogastd | October 5, 2010 1:37 PM | Report abuse
Since when were Democrats worried about the integrity of the vote???
Posted by: CapsNut | October 5, 2010 1:52 PM | Report abuse
want the internet voting so they can assure their coming wins by
fraud………….dems know that America has had it with their damage to
America and the American way of life
Posted by: M_Algore | October 5, 2010 1:52 PM | Report abuse
security. The only thing you can prove is its “secure” as you are
writing this very sentence. Ten secs from now, it may be hacked. And we
spend hundreds of millions on this.
Wouldn’t a low tech solution be
better, like maybe dipping our fingers into purple dye? It would stop
voter fraud, and would also be env friendly, since you wouldn’t need all
those “I voted” stickers.
Posted by: jcl154 | October 5, 2010 1:56 PM | Report abuse
even bother having elections in DC? If there’s a black candidate, award
the office to him. If both candidates are black, pick the one who’s
most liberal. The outcome will be the same as if they had wasted time
with an election, which would be stolen by ACORN and SEIU operatives
Posted by: p3orion | October 5, 2010 2:06 PM | Report abuse
for God’s sake another idiot who doesn’t understand the electoral
college.It’s more fair, you fool, not less fair. If you allowed only the
popular vote to determine the outcome of a presidential election then
only the most populous states would elect the president. It would be
whomever California wanted as president not whomever the country wanted.
Congressional seats are apportioned by population so that larger
populations can be represented properly in congress but each state gets
two senators to balance that out. Mob rule is dangerous. There has to be
checks and balances.
Posted by: haunches | October 5, 2010 2:08 PM | Report abuse
Of course the internet program was open to being hacked. Don’t these elections officials ever listen to the experts?
Posted by: dubious1 | October 5, 2010 2:15 PM | Report abuse
is a joke, systems can be secured, our banking system is secure enough.
Put some republicans in charge of this and I bet they’ll get the job
done. Anybody notice the Democrats are the only ones trying to shoot
down electronic voting, as if it’s less reliable than a gang of
Posted by: zardinuk | October 5, 2010 2:20 PM | Report abuse
of the voter fraud is in favor of Republicans. Look at Ohio in 2004
when all the votes were run through a computer in Tennessee that was
running GOP software before being sent back to Ohio. Look at the hack in
Florida that nearly caused Gore to concede on election night before it
was revealed. Almost all hacks benefit Republicans. Check it out.
And using the internet is to invite the hackers to have great fun.
Posted by: dubious1 | October 5, 2010 2:24 PM | Report abuse
print the ballots on rolls of free toilet paper so the totally
uninformed, and uninvolved can more easily cancel out your vote.
Posted by: borntoraisehogs | October 5, 2010 2:31 PM | Report abuse
ACORN… really? lol
at least the testing of this system is more transparent than the
testing done on the Diebold systems that are actually in use.
Posted by: AJohn1 | October 5, 2010 2:33 PM | Report abuse
E-Voting was brought to US by Al Goron & the Dims.
Welcome to hanging e-chads!
Posted by: harpotoo | October 5, 2010 2:37 PM | Report abuse
@ dubious1
if the voter fraud is all republicans, why not use electronic voting?
It’s your best bet at eliminating fraud. I know I want to see the fraud
eliminated, tired of seeing the bag of votes someone forgot about
magically appearing, I want electronic voting because it will solve all
of the problems. They leave a paper trail, it’s as good and better than
your preferred paper ballot.
The DNC is afraid of electronic voting
machines because they have relied on the fraud that goes on in the
voting locations for so long. It’s quite clear to me. Your argument
makes no sense whatsoever.
Posted by: zardinuk | October 5, 2010 2:37 PM | Report abuse
Yes one would THINK there should be a way to vote on line for at least
our Military.. however, while they allowed anyone to GIVE IT THEIR BEST
SHOT.. did that include CHINA who seems to LOVE to hack our Pentagon? It
is not just hackers HERE but elsewhere that we have to watch for..
Posted by: lcky9 | October 5, 2010 2:46 PM | Report abuse
God this crack attack has stopped the overseas military from voting.
Everyone knows that those people are the best possible representatives
of their city, and so they shouldn’t be allowed to vote, because they
might cause something good to happen if they could.
In another way,
this is more proof that the District of Columbia is going to get about
another $100 million to “improve its systems.”
Posted by: Extempraneous | October 5, 2010 2:51 PM | Report abuse
Yeah, baby! Saw off another chunk of that federal cash log!
Posted by: Extempraneous | October 5, 2010 2:53 PM | Report abuse
a city so replete with disfunction, where under every rock there is a
corrupt politician and/or contractor, who in their right mind thought
the government could implement a HACKER PROOF on line voting system?
Posted by: Curmudgeon10 | October 5, 2010 2:57 PM | Report abuse
is an easy way to eliminate any voting fraud. Simply require a
biometric when a voter registers and each time he or she votes, with a
system that verifies the biometric. A fingerprint is provided at
registration and the same fingerprint is given when the voter votes.
It’s not rocket science, but the Party of Illegal Voters would fight it
to the bitter end… I’ll leave it to the reader to figure out what
party THAT is.
Posted by: danny70000 | October 5, 2010 3:04 PM | Report abuse
get the money back!!
stop paying these con artists…
seize their assests …
give to my charity…
Posted by: wingdingluey | October 5, 2010 3:08 PM | Report abuse
have never understood the rationale behind changing the voting process.
It worked. The new systems are fraught with the potential for mischief
and criminality. Voting by mail - a terrible idea. How does anyone know
that the ballots counted are truly the ballots received? There’s nothing
equivalent to a precinct where votes are tallied in a public way. And
voting machines? How do we know that they haven’t been hacked (as in
this story), except worse: to provide one party or another with an
advantage - whoever the hacker happens to favor?
Worse - how do we know that the hackers aren’t in the employ of one of the political parties?
want America to go back to the good old paper ballot (no chads). And a
requirement that you be intelligent enough to complete a ballot and live
with whatever careless mistakes you make after you drop the ballot in
the box. The time to correct your mistakes is before you drop it in the
We OUGHT to be a nation of adults instead of winy entitled
spoiled brats who think that the sun shines up their a$$es and makes the
world a better place just because they have the wonderful decency to
show up.
Posted by: harrygett | October 5, 2010 3:12 PM | Report abuse
was a time when the washington post had enough clout to stop something
such as this fiasco long before the taxpayer ever got clobbered. and
internet access from jails and prisons keeps convicted felons actually
serving time from being disenfranchised. i gather the dc experiments are
off limits i.e. politically incorrect targets of the wash post. no
wonder your profits continue to drop. retro back 40 - 50 years if you
intend to remain in business. ps - when are you going to expose the
money pit known as pretrial services. possibly the biggest waste of tax
money on the planet.
Posted by: anonymoose1990 | October 5, 2010 3:22 PM | Report abuse
long as systems can be hacked no vital system - like voting - can be
entrusted to online technology. Even with manual systems if voter
tampering is discovered AFTER an election the results are not
overturned. The perpetrators are prosecuted (maybe) but the election
results are not overturned. Moreover, with cyber tampering it is
extremely difficult to find and prove direct links to the guilty. Add to
that how long it takes to move thru federal courts.
Posted by: aceswild1 | October 5, 2010 3:38 PM | Report abuse
wheelchair bound and have been for a couple years, I was on a chicago
thread yesterday about absentee ballots saying this same thing;
If I
can drag my tired broken azz to the local elementary school like I did
even before while becoming crippled from MS and did to vote against
Obama anyone else can too.
We know online voting is nuts as
we can’t even keep dead liberals from voting the old way ;( , now we
want the CHICOMS, Ruskies and all to be able to as well, because THEY
WILL if they OK this anytime in the near future.
Posted by: chicagoray40 | October 5, 2010 3:50 PM | Report abuse

Wrap a band aid around the nose piece of those geeky glasses, then DeBonis can claim he did it.
Posted by: screwjob21 | October 5, 2010 4:06 PM | Report abuse
it would be fitting to use the anthem of the peoples republic of Ann Arbor
Posted by: jibreelriley | October 5, 2010 4:09 PM | Report abuse
@snipelee, what makes you think that your online access to banking and financial services are safe?
to the hacker.. Go Blue!
Posted by: SpecTP | October 5, 2010 5:07 PM | Report abuse
is nothing in the US more sacred than voting. If one cannot get off the
couch to go to the polls, they should lose their vote!! However, power
is enticing and the Left will not go down quietly!!
Posted by: MadonnaDJ88 | October 5, 2010 5:28 PM | Report abuse
Not good. These were just students. Real pros would have ZERO problem breaking that system.
Posted by: illogicbuster | October 5, 2010 5:39 PM | Report abuse
North Carolina is satisfied and is willing to buy the software unchanged for the November election.
Posted by: James10 | October 5, 2010 6:21 PM | Report abuse
only truly secure system is one that can be audited by the voters.
Voters should be able to log in at any time afterwards and confirm their
vote the same way they confirm their bank account balance.
Posted by: c094728 | October 5, 2010 6:53 PM | Report abuse
any of the students could hack it to change all repub votes to dems and
keep all dem votes, then it would have been a go for
Obomba/Pelousy/Reed express.
The student who hacked needs protection now.
Forget the young men who were murdered so Obama could run for
Donald Young, Nate Spencer, Larry Bland, Lt. Quarles Harris, Jr.
Posted by: LaVie | October 5, 2010 7:05 PM | Report abuse
Non-Taxpayers should not vote
Posted by: LaVie | October 5, 2010 7:11 PM | Report abuse
you Hacker! This just shows how dangerous and vulnerable online voting
is. This person did us a favor. Just think if he can do it what is to
stop the government or a candidate hiring someone to do it. Ever hear of
black ops? These a..holes have the key to every server. Thank you very
Posted by: sdchanman | October 5, 2010 7:24 PM | Report abuse
This is old news. How do you think the Obama Mafia got Barack elected?
Posted by: DigitalBob1 | October 5, 2010 7:41 PM | Report abuse
all you dopes who thought online voting could be relied upon, raise
your hands. Now, put your hands down and go stand in the corner.
JM (Electronics/Computer Systems Engineer with decades of experience)
Posted by: JMinSanDiegoCA | October 5, 2010 7:59 PM | Report abuse
can only imagine Obama sitting up late with his laptop at his side,
trying to figure out how to enlist these folks to rig the 2012 vote. He
should be banging Michelle but have you taken a good long look at her
Posted by: dougonesko | October 5, 2010 8:41 PM | Report abuse
The Democrats will hack the voting process, whether or not computers are involved.
Posted by: Jack64 | October 5, 2010 8:50 PM | Report abuse
I don’t care what song they played to hail the voting system, that’s some funny $hit!
Posted by: jayesouthworth | October 5, 2010 8:56 PM | Report abuse
When will people figure out anything that involves a computer can be
compromised? Especially if it’s online, since the guy doing it doesn’t
have to be anywhere near the actual machines. Some things are just best
kept offline.
At least they tested it openly rather than hoping a
flimsy attempt at security through obscurity would save them, unlike
*some* electronic voting efforts.
Posted by: CppThis | October 5, 2010 11:30 PM | Report abuse
The “system” was compromised in 2008 when DUH WON.
Posted by: LoneWolf1 | October 5, 2010 11:41 PM | Report abuse
Why is it that I can safely access my bank accounts, investment
accounts, Ebay, etc. from virtually anywhere on the planet, but I cannot
vote online?
For one thing, because voting includes a “secret ballot”.
are a number of commercial startups addressing the on-line voting
“market”. Their sites generally contain white papers explaining the
problems and their solutions. Read a few.
Secret ballots are an
example of voting system problems eBay and banks don’t have. The voting
system must be able validate that each counted vote comes from one and
only one voter. But the system cannot know who that voter is. And, at
the same time, the system must be able to prove to you that your vote
was counted one and only one time - and it was for who you voted for.
Except, again, the voting system cannot know who you voted for. Take a
minute to think of a way to do this. :)
That said, it sounds like the
problem with this site had nothing to do with voting and everything to
do with running a secure web site. That also said, it’s one thing for a
few thousand, full time, highly paid, expert specialists to run a secure
web site, and quite another for 10’s of thousands of amateurs to do so.
That means that, unlike a paper system run by amateurs and subject to
the sorts of controls a normal person can understand (try not to let
dead people vote, don’t lose the ballots, etc), on-line voting systems
will either be run centrally by pros (do you trust them? why?) or be
turn-key products produced by pros (do you trust them? why?). And, in
either case, they’ll run like the dozens of computers running in your
new car - outside your knowledge and vision.
And, as another example
of why eBay and banks are not like voting systems: eBay and banks tend
to have custom systems. You break one, the others still stand. Every
county ain’t gonna roll their own, custom on-line voting system. If all
counties buy the same system - well, you break that system, you can
pretty much count on getting that paving contract anywhere you bid for
Posted by: bar_washington_post | October 6, 2010 3:54 AM | Report abuse
are people going to learn that NOTHING online is secure. My god Hugo
Chavez could be elected president with this system. Or worse BHO might
get re-elected.
Posted by: backliner | October 6, 2010 4:57 AM | Report abuse
is very likely a test of the DNC ability to hack the system in
preparation for Massive cheating in the coming elections. NAAAHHH
couldn’t be….thats much too far fetched!
Posted by: rabiddog9 | October 6, 2010 7:05 AM | Report abuse
this online voting ploy be another misguided attempt by Obama’s people
to once again by way of deception insure a victory in the upcoming
November elections? After all, that is the only possible explanation for
Posted by: hindsight2040 | October 6, 2010 7:16 AM | Report abuse
Go Blue!
Posted by: gb11231 | October 6, 2010 1:21 PM | Report abuse
is shameful that the scientific community allows ego driven agendas to
impede efforts to secure the vote counting process. We know open source
and paper ballots are minimal mandatory requirements. Hopefully OVC will
address oversea ballot issues- as they have effectively demonstrated
open source / paper ballot systems for precinct use.. We don’t need
licensing schemes and ego games.. we need election system security !!
Posted by: UnderdogUSA | October 10, 2010 10:22 PM | Report abuse
only ones that seems to be seeing this correctely are JMinSanDiegoCA
and c094728 with a few other interspersed good ideas. There is a world
of difference between an excellent computer scientist and one that
specializes in security. Even if they do correct the problems in the
system it still has excised the most important element - people who can
monitor to make sure things are progressing fairly. There is a reason
polling places have at least both a Republican and a Democrat running
them. Both are there to assure as much as possible voting fairness. If
you don’t like the system then get involved in how to correct it by
being one of these polling control people or blogging about where you
have actual proof the system is failing. It would be nice to also have a
post check to make sure what you voted for actually happened.
As to
the people complaining about the absentee ballot, shame on you. The
people in the armed forces in Iraq, Afghanistan, and other parts of the
globe, many in harms way have just as much right to vote as you do. They
maybe have even more right to vote than you do. I for one want to make
sure they have that right and opportunity to vote. If I was a Democrat
and they were all Republicans I would still want it. Ditto for
vice-versa. This is not a partican issue.
Please, lets keep this
central to the point at issue, which is whether we can trust online
voting. As one of those computer security analysts I have to say the
answer is no. If you see it differently my answer will still be no. The
instant something is open to attacks from the entire world then the more
likely it is to be successfully attacked. Really, they didn’t have the
sucker protected from a shell injection attack? Bad. REALLY BAD!
Posted by: hhhobbit | October 11, 2010 1:22 PM | Report abuse
Post a Comment
encourage users to analyze, comment on and even challenge’s articles, blogs, reviews and multimedia features.
reviews and comments that include profanity or personal attacks or
other inappropriate comments or material will be removed from the site.
Additionally, entries that are unsigned or contain “signatures” by
someone other than the actual author will be removed. Finally, we will
take steps to block users who violate any of our posting standards,
terms of use or privacy policies or any other policies governing this
site. Please review the full rules governing commentaries and

You must be signed in to to comment. Please sign in.

About Bruce Schneier

Bruce Schneier

I’ve been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I write books, articles, and academic papers. Currently, I’m the Chief Technology Officer of Resilient Systems, a fellow at Harvard’s Berkman Center, and a board member of EFF.

Schneier on Security

Amtrak “Security”

Amtrak will now randomly check IDs:

Amtrak conductors have begun random checks of passengers’ IDs as a precaution against terrorist attacks.

This works because, somehow, terrorists don’t have IDs.

I’ve written about this kind of thing before. It’s the kind of program that makes us no safer, and wastes everyone’s time and Amtrak’s money.

Posted on November 19, 2004 at 10:03 AM



Jeremy HillikerNovember 19, 2004 3:04 PM

“It is a ticket verification program, which is not intended to
determine a person’s identity, but to make sure the person who’s
traveling with the ticket is the person whose name is on the ticket,”
Black said.

It’s a business move to stop the resale of tickets by people who
don’t want them anymore. Now you can’t buy the tickets from someone who
needs to dump their’s in the classifieds. This is the same reason that
they check IDs on airlines. It’s not for security, it’s to increase

mindwarpNovember 19, 2004 3:18 PM

Random? My ID gets checked every single time I board an Amtrak bus or
buy an Amtrak ticket. When I buy a ticket after boarding a bus, my ID
is checked TWICE. When are IDs *not* checked?

NickNovember 19, 2004 9:52 PM

So, if you want to travel on AmTrak, you have to have your papers
with you, so you can present them when the guard says “Show me your

Patrick BerryNovember 20, 2004 1:46 AM

Just more of the “look we are doing something” mentality. The
theory that by doing anything, even something incredibly dumb, you have
a non-zero chance of catching a bad guy/gal is just too irresistible I

Bruce, is it just that Amtrak is ignorant of how to enact useful
security measures or do they really think this will a) work or b) be
good PR?

Zak BravermanNovember 21, 2004 2:26 AM

Bruce, you’ll love this.

I live in Japan and whenever I get money wired to me from the US
someone from the Japanese bank branch calls me and asks what I’m going
to use the money for. This is (I’ve asked) to prevent the money from
going to things like the Red Army, N. Korea, or terrorists.

All the Americans I tell about this roll over laughing, but it has never occurred to Japanese people just how stupid this is.

“Darn, I guess you caught me!! I was going to give it to the Red Army. How come you bank people are so crafty?”

SteNovember 22, 2004 4:08 AM

This is probably just another case where “doing something against
terrorism” is used as an excuse to pursue another, completely unrelated
goal (a commrecial one?).

johnNovember 22, 2004 6:50 AM

i am reading ‘the outlaw sea’ now, and the author there, in a similar
situation, points out that if someone were to get found without an ID,
that would probably better demonstrate innocence, since someone up to no
good is obviously going to take care of the details like ID

OliverNovember 22, 2004 9:33 AM

When I recently took Amtrak through Montana, border patrol cops
boarded the train outside Glacier. They claimed to be looking for
illegal Canadians, but as far as I can tell they just wandered up and
down the train glancing at people. I guess they know what Canadians look
like compared to Americans.

pigletNovember 22, 2004 11:31 AM

So it seems that Amtrak tickets are personalized, like plane tickets?
That’s sad. Of course, it only makes sense to put passengers’ names on
the tickets if you intent to verify the ticket holders’ identity, so you
shouldn’t be surprised at all. But why do they put your names on the
tickets? Maybe that’s what you should complain about.

In Europe, at least, where many people travel by train than in North
America, a train ticket is still a train ticket, proof that you have
paid the fare. You have a valid ticket, then you can take the train,
usually any time you like within its period of validity. Many tickets
are nowadays bought at ticket machines. The transaction takes a few
seconds. The idea to put passengers’ names on their tickets hasn’t yet
sugested itself to train operators. Let’s hope they’ll never try to
imitate the American way.

AlisonNovember 23, 2004 7:23 PM

Hey, I was wondering if they are doing this only to give the
“perception of security” which you mentioned in Beyond Fear. Perhaps I
am giving them too much credit.

oyvingNovember 23, 2004 9:17 PM

I took the train from Albany to New York City right after they
implemented this measure. There was a call over the calling system
telling us to keep ID ready in case the conductor would ask for it. The
conductor then proceeded to ask, “If there are any terrorists here,
please tell me now.” Then he proceeded to check our tickets and never
asked for ID.

DaveLNovember 29, 2004 3:10 PM

Very good, but I still haven’t seen anything to match one of the
“security” programs instituted at the Honolulu airport after 9/11, which
still seems to show up every now and then: a couple of security guards
sit outside the parking garage and check the trunk of every incoming
car. Apparently they’re looking for large red boxes that say “BOMB” in
3-inch letters. If you’re smart enough to put your bomb in a suitcase,
no problem, because they’re not doing anything more than taking a
cursory look into the trunk. And don’t even get me started wondering
why a terrorist would choose to bomb the airport parking garage as
opposed to, say, a shopping mall.

Tyree Currie Jr.`December 14, 2004 9:45 PM

Please advise me; How can I receive an application to apply for work
with AMTRAK? I have 30 years of experience in Law Enforcement and

Thank you in advance

Scott MaceDecember 22, 2004 6:06 PM

What’s MOST shameful is that our vigilant U.S. press totally
overlooked this story for 15 days, until I posted a message to Dave
Farber’s mailing list, that I myself was subjected to one of these I.D.
checks November 9 on board an Amtrak train in California, after a stern
warning “papers please” lecture delivered to all passengers on board.

I was only thankful that my father had died the day before and hadn’t
lived to see the liberties he fought for in two wars so thoroughly
trampled upon. “Your papers please” has landed — no one even wanders
the aisles of airliners asking for I.D. It’s not far from here to roving
random law enforcement checks of anyone on foot, anywhere in the U.S.

mattJanuary 1, 2007 10:19 PM

As a former Amtrak employee allow me to provide insight…the purpose
of checking ID’s has a few important purposes: 1 in case of a tragic
event there will be a passenger list with actual names and phone numbers
of pax, 2. as many are unaware amtrak’s many many employees have the
ability to recieve unlimited train tix as a contracted right through
thier union agreements, amtrak is doing this as a means of keeping
employees honest and not allowing the employees to give away and or sell
these free tix to non employees - amtrak does not have any one in
buissiness withem!

keeplosingmoneyMay 28, 2007 8:23 PM

They’re already losing money. Now, people who don’t want to be
harassed won’t ride, so they’ll lose even more money. Good for them.

barbAugust 10, 2007 8:46 AM

as i sat on a amtrak train looking over the beautiful sites of dc, i
suddenly thought how easy could it be to put a bomb on the train! i got
off in philly, had a friend drive two hours to pick me up! I cancelled
my return reservation and had my friend drive me to the cape may ferry,
where I went thru security and had my husband drive 4 hours up and 4
hours back- no moore trains for me!

barbAugust 10, 2007 8:46 AM

as i sat on a amtrak train looking over the beautiful sites of dc, i
suddenly thought how easy could it be to put a bomb on the train! i got
off in philly, had a friend drive two hours to pick me up! I cancelled
my return reservation and had my friend drive me to the cape may ferry,
where I went thru security and had my husband drive 4 hours up and 4
hours back- no moore trains for me!

YONICKFebruary 28, 2008 12:02 AM


CarolineApril 29, 2010 9:12 PM

If it’s for security purposes, let’s say a person has a foreign
passport, would they look at the picture and the name only or would they
check for a Visa too? Someone said terrorists don’t have IDs, but they
would probably still have a passport (assuming they’re foreign, because I
believe there have been terrorists who were born here, which in case
they WOULD have an ID).

AlexMay 30, 2010 2:02 AM

Even if there ARE terrorists in a train, what are they going to do? Hijack the train and crash a skyscraper with it? Hahaha

KeithNovember 28, 2010 4:12 PM

I realize this is and old article but showing ID is meaningless. You
should be able to buy your ticket at a kiosk in any airport or bus
terminal by cash or credit and hop on in less than 5 minutes. This
security theater is a useless waste of time. Checking to see the name
on an ID matches a ticket is moronic and another waste of time. Lock
the cockpit, lock the conductor doors and be done with it. Stop taking
away my right to travel freely by encroaching on the 4th amendment.

LisaMarch 7, 2013 8:02 PM

Actually, amtrak is very generous when it comes to refunding tickets.
So there’s really no need to “dump” tickets on someone else.

New Voting Technology: Problem or Solution?

United States addressing the need to improve its election process

05 October 2007

Polling officer (© AP Images)

In India, a polling officer checks the electronic voting machines before the election in May 2007.

By Paul S. DeGregorio

Like many
other democracies, the United States is addressing the need to improve
its election process to ensure that all citizens can vote freely,
easily, and securely. An election expert describes the actions the U.S.
government has taken to facilitate the casting of ballots across the
country, and he discusses the promise and pitfalls of electronic voting
systems, as technology moves into the mainstream of election
administration. Paul S. DeGregorio is the former chair of the U.S.
Election Assistance Commission, and he has worked for 22 years as an
election expert in more than 20 countries.

During the past
decade the world has experienced a significant focus on the process of
voting. Many countries, rich and poor, developed and not-so-developed,
are using new technologies to select their leaders. Voters in India, the
world’s largest democracy, cast their ballots using electronic
push-button technology, while voters in Haiti, the poorest country in
the Western Hemisphere, present a modern identification card with photo
and thumbprint when obtaining their ballot. Indeed, in Estonia
(E-stonia, as they like to be known) voters can now use a smart card to
cast their ballot over the Internet from anywhere in the world.

the United States more than 90 percent of votes are cast or counted
electronically. Every polling place is now required by law to have a
voting device that allows people with disabilities to vote privately and
independently. Thus, a voter who is blind can put on earphones and
touch a screen or buttons to advance and vote the ballot — in private.
The United States is the only country in the world with this type of

Voters with other special needs, such as those who do
not speak English as a first language, are also helped by this new
technology. In Los Angeles County, California, ballots are provided in
eight languages. It is clear that new technologies can be a major
enabler for those voters who are challenged by physical handicaps or
language barriers.

The majority of these new election
technologies, and more, have been introduced within the past 10 years.
And each year more countries introduce new methods to make voting
accessible to all segments of society.

Do these new technologies
help to achieve greater voter access and to curb poor turnouts? Are they
trusted by all segments of the population? Or do they introduce new
problems and provide an unfair advantage for certain voters? These are
important issues now being debated within individual countries and in
the international community.

Improving the U.S. Election Process

the United States the election process received dramatic attention at
home and abroad after the 2000 presidential election when, during a
six-week period, no one was sure who won the presidency. The terms
“hanging,” “pregnant,” and “dimpled” chad became part of the worldwide
lexicon. The administration of elections in the United States has come a
long way since that watershed event. In 2002 the U.S. Congress passed
the historic Help America Vote Act, known as HAVA, which, for the first
time, provided significant federal assistance to the 50 states, the
District of Columbia, and U.S. territories to improve the election
process. In fact, there have been more election laws and regulations
promulgated in the United States during the past seven years than in the
previous 200 years of American history.

Much like the
Netherlands, England, Japan, and several other countries, all elections
within the United States are local; that is, they are administered by
local officials who make most of the decisions on what method of voting
is to be used by voters in their jurisdiction. HAVA gave state election
officials more authority to oversee and regulate local entities. In most
states, a secretary of state, a state official elected on a partisan
ticket, is the chief election authority. In a few states, including New
York and Illinois, a bipartisan board of elections oversees the voting
process. The United States is unique in the fact that more than 70
percent of local election authorities are elected on a partisan basis,
with job titles such as county clerk, county auditor, and supervisor of
elections. These officials are held accountable by the voters every four

The Help America Vote Act created a federal agency, the
U.S. Election Assistance Commission (EAC), to provide a national focus
on election administration and, for the first time in American history,
appropriated more than $3 billion in federal funds to improve the voting
process. The EAC [], which began its work in late
2003, is a four-member body of two Democrats and two Republicans,
appointed by the president and confirmed by the U.S. Senate. I was among
the first appointees to the EAC and served as chairman in 2006.

New technology helps voters with disabilities (© AP Images)

As required by the Help America Vote Act, new technology helps voters with disabilities to cast their ballots.

In addition to distributing funds, the EAC also set new
standards for the use of technology in voting, standards that are being
followed closely by other countries. Working with the National Institute
of Science and Technology [], the EAC
established significant new voting system guidelines that focused on
security and human factors. These guidelines are helping the states
ensure the integrity and usability of the electronic devices that are
utilized by millions of voters in every election. In addition, the EAC
has focused on the management side of election technology and is
producing several important documents designed to help election
officials manage the important elements of e-voting systems, including
logic and accuracy testing. In recent years the Council of Europe
[] also has embarked on a project to provide similar
standards for e-voting systems, since many European nations are moving
toward the use of electronic voting devices.

Perhaps one of the
biggest challenges for all election officials is the training of poll
workers and voters on the new voting technologies. In the United States,
where the average age of poll workers is 72, the introduction of
electronic devices that have computer memory cards that have to be
checked and moved has resulted in a shortage of the 1.3 million workers
that are required to conduct a nationwide election. Perhaps the United
States might follow the lead of Belgium, where 18-year-olds are
conscripted to run the polls.

Is Internet Voting in Our Future?

the increasing penetration of the Internet throughout the world, and
certainly within many countries, e-democracy is a concept that is
beginning to take hold and spread rapidly. Like the private sector,
candidates, political parties, and governments all are utilizing the
Internet to get their message to the public — and to have the public
respond to them. Several countries, including Estonia, the Netherlands,
Switzerland, and England, now allow their citizens to cast ballots via
the Internet. In local elections held in May 2007 in Swindon, England,
using secure technology developed by Everyone Counts
[], voters could cast their ballot by
telephone, over the Internet, at public libraries, by mail, by paper
ballot, or by using any one of 300 laptop computers placed at 65
locations throughout the borough. It was one of the most ambitious — and
successful — voting pilots ever sponsored by the British government.

in a global and mobile society, citizens of any country who are living
abroad face difficult challenges to participate in elections. This fall,
to meet that challenge, Australian military voters will cast their
ballot for parliament over the Internet. The estimated 6 million
Americans abroad have had a difficult time casting their ballots, with
most having to use a cumbersome postal process to exercise their right
to vote. The Overseas Vote Foundation
[] and the EAC have estimated that
more than one in four of these citizens who attempt to vote are not
having their ballots counted. Efforts by the U.S. Federal Voting
Assistance Program [] to improve the process have
helped, but a recent report by the U.S. Government Accountability Office
[] indicates much more needs to be done.

the United States’ most popular television show, American Idol,
experiencing more votes cast in four hours (73 million) than the number
cast for the winner of the 2004 U.S. presidential election (62 million),
it is not hard to figure that younger Idol voters will demand the use
of some type of mobile technology when they are old enough to cast
presidential ballots.

Along with the increased use of technology
in elections have come increased scrutiny and skepticism about
electronic voting. While Americans have been using electronic voting
devices to cast their ballots since the late 1980s, it has only been
since the passage of HAVA and the spread of e-voting across the United
States and the world that many groups have organized to question or even
oppose the use of electronic voting devices, particularly those without
any type of paper trail []. In Ireland,
where the hand-counting of preferential ballots can take up to a week,
an attempt to introduce e-voting to speed the process ended in failure.

institutions and other organizations involved in monitoring and
assessing elections, such as the Office of Democratic Initiatives and
Human Rights of the Organization for Security and Cooperation in Europe
[]; IFES, formerly the International Foundation for
Election Systems []; the Carter Center
[]; and Electionline
[], have had to develop new methodologies to
determine whether elections involving e-voting are free and fair. It is
one thing to watch paper ballots counted by hand; it is entirely another
to monitor the electronic capture of a vote.

The new election
technology sweeping across our collective democracies has certainly
empowered voters, led to increased participation, and, in many cases,
enhanced transparency by reporting results before they could be changed.
However, has it increased trust in the results? That is a question that
remains to be answered as election reform and the use of new technology
continue to be debated throughout the world. There is no question,
however, that technology will continue to enhance the way we vote — as
it continues to enhance our daily lives.

The opinions expressed in this article do not necessarily reflect the views or policies of the U.S. government.

Read more:

Electronic Voting

Rebecca Mercuri,

Updated 9/1/10
P.O. Box 1166 — Dept.

Philadelphia, PA  19105

notable AT
notablesoftware DOT com
215/327-7105 or

10AM-6PM U.S. Eastern Time, Mon.-Fri.  (Please
try the 609 number first)

contents of this webpage and website are Copyright ©
2000 - 2010 by
Rebecca Mercuri. All Rights Reserved. All material is protected by
copyright attributed to Rebecca Mercuri where she is the sole author,
the original sources otherwise.

I am
for comment, consultation, expert testimony, and lectures on electronic
vote tabulation, and can be contacted via the information at
the top of this page.  Members of the press and researchers
seeking interviews and quotation permissions may find it helpful to
at the guidelines posted here. I
would appreciate it greatly if calls can be limited to the hours of
- 6PM, U.S. Eastern Time, weekdays.

Follow links
to full text of papers and articles. Papers not linked may be available
on request. As this website is rather long, I’ve highlighted certain
“must read” papers and articles using red asterisks (*). For a good overview of the subject, search
for these first and read the text at their adjacent links.


I am
opposed to the use of fully electronic or Internet-based systems for
use in anonymous balloting and vote tabulation applications.  The
for my opposition are manyfold, and are expressed in my writings as
well as those of other well-respected computer security experts. 

At the
present time,
it is my strong recommendation that all election officials REFRAIN from
procuring ANY system that does not provide an indisputable, voter
verified paper ballot.

have gradually discovered that manually prepared paper balloting
systems, augmented with assistive paper ballot-marking devices for use
by the disabled and those with literacy and language issues, can
typically be procured and maintained for considerably less than half of
the price for a Direct Recording Electronic (DRE) with touch-screen or
push-button input, or DRE/VVPAT (DRE with ballot-printer) system.
Ballot-marking devices do not need to be
electronic or computer-based. Opscan-style ballots can (and should) be
hand-counted. Paper ballots increase voter confidence by offering the
best in terms of reliability, usability and recountability, as well as
being highly cost-effective.

Since 2003,
because of unresolvable problems with the implementation and deployment
of the DRE/VVPAT systems, and the difficulties experienced in using the
VVPATs in recounts, I have recommended AGAINST the purchase of these

A detailed
explanation of these points, along with my suggestions regarding the
selection of appropriate voting equipment, is provided in the full text
of this statement, available *here*.

Table of Contents

  • State


Danger to Democracy #1

Popular Vote (NPV) legislation has been creeping into state after
state. Fot those of you who don’t know what it is, NPV, when fully
enacted, would MANDATE that states cast their electoral votes, NOT how
the voters of those states intended, but rather to the winner of the
NATIONAL popular vote. Yup, YOUR electors would be REQUIRED to cast
their Presidential votes to the AGGREGATE US highest vote-getter,
REGARDLESS of who the winner was in the state itself. I can’t imagine
how this could even remotely be deemed Constitutional (remember the
concept of States’ Rights?) but it would likely take a team of
Harvard-educated lawyers to argue this point before the U.S. Supreme
Court. If enough states (they only need a total of 270 electors) are
stupid enough
to allow
their legislatures to pass the bill and their Governors sign it, then
we’re ALL hosed, even if your own state doesn’t sign on.

Here’s what it really means and why it’s on my evoting website –
states that have unauditable voting will be incentivised to increase
their bogus vote totals for President well beyond what they need to do
to win their own state, enough so that they can shift the national
total to the candidate of their choice! This is no problem for places
like Ohio, where observed variations in the number of persons who sign
the polling book from the number of ballots recorded on the machines,
in over 80% of precincts, is somehow considered “normal” — or in
Florida where the citizens vote on paper ballots read by
optical scanners but prohibited from review via manual
recounts. Basically, if NPV becomes law, then the Crooks
are in Control
for sure. To find out the status of NPV in your
state, check
– if it does not say “enacted” yet, then let your State Senator, State
Representative and Governor all know RIGHT AWAY that this is a HORRIBLE
idea that should not become law.

Danger to Democracy #2

The same group that
has been
promoting NPV is also hawking Instant Runoff Voting (IRV). Certainly
not coincidentally, the key founder of the organization behind both of
these absurdities is none other than John “the spoiler” Anderson. IRV
is getting a foothold with naieve communities who would like to believe
the snake oil salesmen’s claims that by making the voting selection
process harder (not easier) this somehow further enfranchises
beleaguered minority groups and third party candidates. The reason why
I’m mentioning IRV here is again because of the voting machines. Heck,
we can’t even prove that these devices (whether DREs or scanners) are
adding 1+1=2 properly. It’s all a trade secret and we’re not allowed to
check the algorithms. How can we ever hope to verify that the
complicated math needed to generate the IRV totals has been programmed
correctly? If you find yourself in a conversation with anyone
supporting IRV, just ask them to show you ON PAPER how to tally the
election and then watch them squirm. Make sure your municipality,
county, and state does not fall for IRV. For more on how to help oppose
IRV, check out

Danger to Democracy #3

Perhaps because Americans are considered to be
notoriously lazy, our election officials would rather find excuses for
not hand-counting all of the ballots in order to verify the results
produced by the computers. Of course, the reasons given for not
checking the totals at each precinct (before the ballots are removed
and have a chance to mysteriously wander away) are often ones of cost
or expedience. As it turns out, a small team of vote counters (perhaps
drafted as for jury duty), using a simple bin (not binary) method
should be able to hand-tabulate all but the most complex ballots in
time for the 11 o’clock news (assuming that the polls close at 8PM).
(For the computer scientists, it helps to recall that a bin sort is
O(n).) Of course there are plenty of mathematics wonks, and even a few
Congressfolk, who would like us to believe that a random percentage
audit is all that is necessary to confirm the electronic tallies. This
is provably untrue. Even so, such formulas require that increasing
percentages be audited if anomalies are detected, so you might as well
just count all the ballots from the get-go to avoid the further hassle.
For a detailed explanation of why partial audits don’t work, see my
post on the CNET Defensive Computing blog at
. Oh, and if someone tells you that if people touch the ballots they’ll
change the votes, just explain that page feeders could be used with
opaque projectors to display the papers without human handling.

Voter Verified Paper Ballots — An
Informational Brochure:

explanatory brochure has been prepared in response to the myths and
misinformation that are currently being circulated by those who are
opposed to independent election auditing.  ”Facts About
Voter Verified Paper Ballots
” can be downloaded, printed on
double-sided paper, and freely distributed (if in its entirety and
Although DREs with
VVPBs are an improvement over DREs without them, because of numerous
issues related to the construction and use of VVPBs (some of which are
noted below), since 2003 I have recommended AGAINST the purchase of
these devices. Ballots should be prepared on paper (not computers) and
counted from the paper (preferably by humans).

Act that did not help
America Vote:

The 2002
Help America Vote Act
(HAVA) legislation authorized $3.8B in
federal spending, with a substantial portion of these funds allocated
to US states and territories for the purpose of replacing their punch
card and lever voting machines and making voting systems accessible to
the disabled.  To obtain the money, an implementation plan had to
be submitted to the Election Assistance Commission by January
1, 2004. States were NOT required to purchase fully computerized
voting systems, they could obtain mark-sense (optically scanned)
products that use paper, but in order to receive certain of the
equipment funds, the
plan had to indicate that the state would replace all of its lever and
punch card machines by the first election for Federal office held after
January 1, 2006. New York was the only state that decided to retain its

Presidentially appointed 4-member HAVA Election Assistance Commission,
addition to approving each of the state plans, was also to be
for administering a host of other tasks, not the least of which
overseeing a 14-member Technical Guidelines Development Committee and a
110-member Standards Board, and making provisions
for “testing, certification, decertification, and recertification
of voting system hardware and software by accredited
The Technical Guidelines Committee was to have produced a set of
voluntary voting system guidelines nine months after appointment,
and it was understood that these guidelines would be the ones used by
the laboratories in their certification and testing processes.

actually occurred was that the members of the HAVA Commission were
appointed nearly a year late and the establishment of HAVA Committees
and Boards were similarly delayed. Thus, the Technical Guidelines were
NOT available by the time that
state implementation plans were due. This resulted in 9
states requesting HAVA extensions, and many others contracting to
purchase voting systems that could not possibly be HAVA compliant,
since no official HAVA standards yet existed. A
further setback occurred at the beginning of 2004, when the National
Institute of Standards and Technologies (NIST) announced that it had to
curtail all work related to HAVA (despite their named role in the
due to Federal budget cuts (funds were later reinstated for the
election project).

Those of us
(including myself) who had worked hard for this bill were sorely
disappointed that the most salient aspects of its implementation were
stalled, while initial equipment purchases were allowed to proceed
under grandfathered and obsolete standards. Many municipalities
(including in California, Florida and elsewhere) purchased voting
equipment that subsequently had to be replaced due to non-compliance,
system failures, and security and auditability concerns. It has taken
years to only partially unwind the many problems caused by the feeding
frenzy generated by overzealous voting system vendors seeking the HAVA
funds, fueled by gullible election officials who were intimidated into
the money out for products that were not yet ready for prime time. Some
of this unnecessary waste of funds could have been avoided, had
Congress merely extended the HAVA deadlines, or had the appointments
and work proceeded on schedule.

vendors said their voting machines were certified:

systems, beginning in 1990, have been certified under a system
originally established by the
Federal Election Commission (FEC) and a private group, the National
Association of State Election Directors (NASED). Testing fees are paid,
by the vendors, to
certain qualified Independent Testing Authorities and examinations are
conducted secretly without any results (other than a final passed
status) issued publicly. This certification was, at first, based on the
FEC guidelines adopted by only 37 of the states and criticized by
technologists as flawed.  (See my detailed comment The FEC Proposed Voting Systems Standard
.)  According to their website, even “the FEC
recognizes that the Help Americans [sic] Vote Act of 2002 will
alter the long term application of the Standards, including
testing.” Some problems with the FEC standard included the lack
of a requirement
that vote tallies be independently auditable, the allowance of
trade-secret code that may not be able to be inspected should an
election contest
question the proper functionality of a voting system, the use of
commercial software products in balloting and tabulation systems
any inspection at all, and no provision for re-examination or
decertification when problems are later identified. Even when
additional state certification inspection has been performed, there may
be no guarantee that any particular system has been appropriately
configured prior to deployment. Revelations that uncertified software
was used in at least two California elections (including the
Gubernatorial recall) led to the mandate that voter verified paper
ballots be added to their fully-electronic voting

Under HAVA,
the certification program was restructured under the Election
Assistance Commission (EAC) and Thomas Wilkey, the
individual formerly
responsible for this task under NASED, was appointed as the EAC’s
Executive Director, where he has continued to perform oversight of the
testing and certification tasks. The EAC generated a new set of
Voluntary Voting System Guidelines, which was approved in December
2005, far too late to have any systems tested and deemed compliant in
time for the 2006 HAVA deadline for replacement of lever and punch card
systems. Though there were some slight improvements, these guidelines
suffered from most of the same problems as did the FEC standard (as
noted above and in my
comment to the EAC
). A proposed revision (including
the MIT/NIST-proposed Orwellian concept of Software Independence –
that a voting machine could contain software but somehow be independent
of it) was issued for public comment in 2009 as VVSG 1.1, but portions
harshly criticized (including
earlier by myself
) and it has not yet been approved.

Many of the voting systems that have been certified under the 2005 EAC
standard were subsequently found to be faulty in actual elections or
via independent studies (reports commissioned by state or local
governments are posted at
). The list of certified voting systems can be found at
these are only the current certifications. Obsolete certifications
cannot be easily checked, nor is the older equipment recalled.

about Internet voting?

voting is risky due to its sociological and technological problems.
Absentee balloting does not provide the safeguards of freedom from
coercion and vote selling that are afforded via local precincts.
Internet voting creates additional problems due to the inability of
service providers to assure that websites are not spoofed, denial of
service attacks do not occur, balloting is recorded accurately and
anonymously, and votes are only cast by the authorized voter themself.
government’s website warned that “it is the citizen’s responsibility to
maintain the latest anti-virus software for their computer” in order to
assure safety, yet they failed to acknowledge the fact that anti-virus
software can only protect against known malware (new ones appear
constantly, and could occur during an election season) and server-based
are still possible. Certainly citizens overseas should have an
opportunity to vote, but perhaps this could be handled by setting up
remote balloting precincts at the U.S. Embassies, or by creating
poll-worker teams on military bases?

Back in
when the U.S.
Department of Defense first tried Internet voting
they spent $6.2M
so that 84 voters could cast ballots.  Subsequently, the DoD
Accenture, the Bermuda-based consultancy arm of the former Arthur
(can we spell Enron?) group at a cost of $22M
to oversee its SERVE project for military personnel and overseas
citizens. Following issuance of an analysis by four computer
who were members of the SERVE Security Peer Review
Group, the Pentagon decided to scrap plans for the use of this
technology to cast ballots in the 2004 Presidential election.  But
it’s far from gone — the DoD dabbled with the concept of Internet
voting prior to the 2008 election and was shot down again
by the same scientists on many of the same grounds. We’ll likely see
some variation of this project surface again as we near 2012.

Need I say
more? (If so, see the World Democracies and Press Quotes sections.)

created the Voter Verified Balloting concept?

the phrase in her comment: “Explanation
of Voter-Verified Ballot Systems
” in The Risks Digest, ACM
Committee on Computers and Public Policy, Volume 22, Issue 17, July 24,
first addressed this concept in her paper:
Verifiability of
Computer Systems
” presented at the 5th International Computer
and Security Conference in March 1992, and a more detailed description
appeared in
her Doctoral Dissertation, defended October 27, 2000. An artist’s
rendering of a “Mercuri Method” voting system
(they need not be so elaborate) appeared in her October 2002 IEEE
Spectrum article, “
A Better Ballot Box.”

The earliest description of a “ballot behind glass” was provided by Tom Benson in The Risks Digest, Volume 2,
Issue 22, March 4, 1986 and elaborated on by Kurt Hyde in
Risks Digest, Volume 2, Issue 24, March 8, 1986. The difference between
these methods and Mercuri’s involves her requirement for a deliberate
verification step, and also the recognition of the paper ballot as the
authoritative record of the voter’s choices (in the event of a dispute,
the paper version would prevail over any electronic data).

design concept was deliberately never patented by any of the inventors
that it could be freely incorporated into election systems. Shortly
after the November 2000 Presidential election, the Avante company
submitted a patent application that incorporated much of this prior art
(including block diagrams very similar to those displayed at Mercuri’s
October 2000 dissertation defense and at a subsequent publicly-attended
ACM talk she presented in November 2000, at the Sarnoff Center,
situated just a few blocks down the road from Avante’s offices). Avante
has tried (largely unsuccessfully) to pursue infringement claims
against some of the vendors who have implemented ballot printers.

Note that a “voter verified paper ballot” (VVPB) is not the same as
a “voter verifiable audit trail” (VVAT). Many vendors and some
scientists believe that an audit trail of electronically recorded
ballots can be made secure (possibly through encryption or other
mechanisms), but no such systems have yet been validated through
rigorous mathematical proofs, nor can they be independently confirmed
for correctness by non-technical poll workers, election officials or
ordinary citizens.

A great demonstration showing why electronic audits
and pre-election testing are inadequate
can be viewed at:
Simply adding paper “receipts” as some have proposed, to
the system, is not sufficient.
The voter must be required to perform an action that confirms that
their choices have been recorded correctly on the paper, hence making
it a verifiED (rather than just “verifiABLE”) ballot in a legal sense.
The paper ballot must not provide any feature that could be used to
violate voter privacy or encourage coercion and vote selling. These
voter verified paper ballots must be used to produce the certified vote
totals and be available for scrutiny in case of election contest or

about it:

  • Scientists had been warning
    for years
    about the devastation that might result from a major
    hurricane on the Gulf Coast. But the U.S. Congress failed
    to provide $35M
    to fully fund previously approved projects to build
    and improve levees, floodwalls and pumping stations in the Lake
    Pontchartrain region. The federal government did (prior to Katrina) allocate
    some $37M
    to Louisiana under the Help America Vote Act, primarily
    for the purchase and upgrade of fully electronic voting systems that
    provide no mechanism for independently auditing ballots and vote totals.
  • The Civil
    Rights Division of the U.S. Department of Justice issued a memorandum opinion
    affirming that voting systems that include contemporaneous paper
    records, allowing voters to confirm that their ballots accurately
    reflect their choices, do not violate HAVA or ADA laws, so long as a
    similar capablility (such as can be provided by audio equipment) is
    for use. This could include tactile
    , an inexpensive (non-computer) alternative for the
    visually-impaired that has been used successfully in Rhode Island,
    Canada, Peru, and Siera Leone.

Mark your

will be conducting a computer forensics seminar/workshop for the
Princeton ACM/IEEE Computer Society on November 13, 2010. One of the
sections of this short-course will overview voting system
investigations. Further information is available at
. Advance registration is required and there is a fee for attendance.

The articles
linked below in my writings section provide an
illustration of the magnitude of problems encountered with electronic
voting equipment
and offer some suggested solutions. My analyses are based on computer
and engineering facts, and are not politically motivated. Please try to
read some of the
*red starred* materials before contacting me
for further
clarification or assistance.

World Democracies

officials in world democracies often want to believe that the
situations in the USA are dissimilar to those in their own countries.
laws and procedures may be different, the computer introduces universal
vulnerabilities to privacy, accuracy, and security in elections.
All democratic nations should be advised to use caution in their
deployment of new systems, and avoid those products that do not produce
a voter-verified paper audit trail.

The United
Kingdom and other European countries have begun initiatives to convert
all or part of their voting to electronic balloting (kiosk/DREs and/or
Internet-based) systems. Europe appears to be rushing ahead to deploy
computer voting technologies with serious sociological
and technological downsides, such as lack of auditability, and
increased opportunities for vote selling, monitoring, coercion, and
denial of service attacks. During mid-October, 2002 I visited England,
on the invitation of the Foundation for
Information Policy Research
, to meet with and brief members of the
UK Cabinet and Parliament regarding this subject, and to provide
technical lectures at the Royal Academy of Engineering and Cambridge
University. My comments to the Cabinet are posted *here.
I also formally submitted an additional
follow-up comment
as part of their “In the Service of Democracy”
consultation, which explains why Internet voting is not appropriate for
UK democratic elections.  Media coverage of my UK tour can be
found over in my press section.
Information on the electronic voting project in Ireland can be found
Thanks to the unflagging efforts of this group and others (including
myself) who strongly protested the change from paper and pencil voting,
in 2009 it was announced that “the Government has decided not to
proceed with electronic voting in Ireland.” Over in the Netherlands,
the Dutch group “We Don’t Trust Voting Computers” successfully hacked a
NEDAP voting machine, turning it into a chess-playing device. On
October 1, 2007, the District Court of Amsterdam decertified all NEDAP
voting computers currently in use there. Further information at .

The Brazilian
government converted to fully electronic voting in 2000, deploying over
400,000 kiosk-style machines.  Although their elections are often
compared to those in the US, they are actually quite different because
the voters cast ballots by using numbers assigned to each candidate
(this is necessary because of a high degree of illiteracy in the
country). Concerns regarding accuracy of the self-auditing systems
caused the legislature to mandate a retrofit of 3% (some 12,000
machines) to produce a paper ballot that the voter could peruse and
deposit in a box for recount (the first large-scale use of the “Mercuri
Method” — described more fully in “A
Better Ballot Box?
“). These paper-trail machines were
successfully used during the October 6, 2002 election, and it is
believed that the rest of their machines will eventually be retrofitted
as well. Further discussion on this subject can be found in the
article: *The importance of
recounting votes
” by Michael Stanton (originally published in
Portuguese as “A importância da recontagem de votos“, on
website of the Agência O Estado de São Paulo, November
13, 2000). There is also an informative website: Brazilian Electronic Voting Forum
by Amilcar Brunazo Filho.

US Voting Rights Act

In the wake
the Florida 2000 election, a number of voting rights bills were
proposed in Congress. On May 22, 2001, the U.S. House of
Representatives Committee on Science convened a Hearing on Improving
Voting Technology: The Role of Standards.  I was joined on the
invited panel by Dr. Stephen Ansolabehere (MIT), Mr. Roy Saltman (NIST
- retired), and Dr. Doug Jones (University of Iowa).

  • A report issued by NIST,
    overviewing the session, is available at
  • The transcript, “Full
    Committee Hearing on Improving Voting Technology: The Role of
    Standards” should be available from the House Science Committee. 
  • Press coverage of the
    hearing can be found here.

These hearings
resulted in House Bill H.R. 2275, the Voting Technology Standards Act
of 2001, issued from the Subcommittee on Environment, Technology, and
Standards on June 27, 2001, which was presented with the bipartisan
co-sponsorship of Congressman Vern Ehlers and Congressman Jim Barcia.
Eventually this bill was incorporated into H.R. 3295, the Help America
Vote Act of 2002. The final version can be
found at
this bill authorized spending of over $4B on new voting systems, it
failed to provide for a voter-verified audit trail, available for
independent recount, of ballots cast. (This is discussed further in the
California section below.) It was hoped that the
related voting system standardization efforts created by the EAC/TGDC,
as authorized by the bill, would provide additional safeguards, but
sadly, the application of these controls has not been universally
mandated in the United States, leaving it up to the states (and in some
cases, municipalities within the states) to decide whether or not paper
ballots should be used or even allowed to be recounted (see Florida below).


The California
State Elections Code
contains a number of sections that are
directly relevant to US and international electronic voting issues.

requires that there be “a public manual tally of the ballots tabulated
by those devices, including vote by mail voters’ ballots, cast in 1
percent of the precincts chosen at random by the elections official.”
This section also notes: “In resolving any discrepancy involving a vote
recorded by means of a punchcard voting system or by electronic or
electromechanical vote tabulating devices, the voter verified paper
audit trail shall govern if there is a discrepancy between it and the
electronic record.” Curiously, Section 15627 on recounts states: “If in
the election which is to be recounted the votes were recorded by means
of a punchcard voting system or by electronic or electromechanical vote
tabulating devices, the voter who files the declaration requesting the
recount may select whether the recount shall be conducted manually or
by means of the voting system used originally, or both.” Section
15629 notes that “The recount shall be conducted publicly” and Section
15630 says that “All ballots, whether voted or not, and
any other relevant material, may be examined as part of any recount
if the voter filing the declaration requesting the recount so
requests.” Given all of this, one would think that the paper ballots
(either the original ones that were scanned, or in the case of the
DRE’s, the VVPATs) would be consulted in all recounts. Unfortunately,
occurred in Nguyen v. Nguyen, Case No. 07CC00407 (2007), Orange County
California Superior Court, the Judge ruled that the Election Code’s
allowance for the selection by the voter requesting the recount, means
that the requirement that the VVPAT always trump any discrepancies can
be disregarded if the requestor chooses to use the recount produced “by
means of the voting system used originally.” This loophole in the law
will likely be opportunistically exploited again until it is closed.
(Numerous YouTube courtroom videos from my 2 days of testimony in this
matter can be found by using the search string: rebecca mercuri

As well,
Proposition 41, California’s Voting
Modernization Bond Act
, passed in 2002, mandates that “a voting
system that does not require a voter to directly mark on the ballot
must produce, at the time the voter votes his or her ballot, or at the
time the polls are closed, a paper version or representation of the
voted ballot; this version shall  not be provided to the voter,
but shall be retained by election officials for use during
a manual recount or other recount or contest.” The key phrase here is
or at the time the polls are closed” — this has been
by vendors and election officials to permit the voting system to
self-generate ballot images from the internal data stored by the
computer during the election, for use in public manual tallies or
recounts. Using such systems, the voter has no way to confirm that the
ballot they intended
to cast is identical to the one recorded by the machine. Hence, such
recounts are only procedural in nature, and not truly validatory. 
Sadly, the U.S. Congress was similarly vague in their definition of
“manual audit
capacity” in the Help America Vote Act of 2002 (Section 301 a. 2), so
court rulings will play an important role in determining the
implementation of when the “permanent paper record” must be produced
(at the time of voting, or after the election is over). 

I have
always maintained that the intention of HAVA, as well as the
California Code, is to allow the voter to view the printed ballot prior
to casting it. Finally, in 2004, California’s Secretary of State agreed
(but only after discovering that uncertified software was used in their
Recall and General elections in 2003) with this interpretation. Your
is needed here — if you are a voter living in a municipality that uses
DREs (with or without VVPATs), request an absentee
ballot prior to the election so that you can cast your vote on paper.
That is the only way you can be assured that a) your vote was submitted
as you
intended and b) the ballot you prepared will be available for a manual
recount. I have been voting absentee since DREs replaced the lever
machines in my County in 2004.

In 2001,
Marie Weber, a citizen of Riverside County, CA, decided to protest
the use of the recently purchased Sequoia Voting Systems’ AVC Edge
direct recording electronic (touch-screen) voting machines in her
She filed a Complaint for
Injunctive and Declaratory Relief
against CA Secretary of State
Jones and Riverside County, CA Registrar of Voters Mischelle Townsend,
under 42 U.S.C. §1983 and the Fourteenth Amendment to the United
States Constitution. This appeared as Case No. CV 01-11159-SVW(RZx)
before the Honorable Stephen V. Wilson in the United States District
Court for the Central District of California.  Weber obtained
testimony (at name links here) from experts Rebecca
, Peter Neumann
and Kim Alexander. The
on September 3, 2002 in favor of the State on the basis of
only written testimony without deposition or cross-examination, and
without providing an opportunity to inspect the voting systems in
question (although he criticized
one witness for not having done so, even though it would likely have
been a felony to perform such an examination in the absence of a court
order), and various appeals also failed. The ruling allowed other
counties to proceed with their purchases of self-auditing voting
equipment. Despite this ruling, the subsequent Secretary of State,
Kevin Shelley, decided
on November 21, 2003 to require that all computerized voting equipment
be equiped with an accessible voter verified paper trail by July 2006.
The next Secretary of State, Deborah Bowen, decided to conduct a “Top
to Bottom Review” of California’s voting systems, which resulted in the
decertification of most of the DREs. Currently only Orange and San
Mateo Counties use DRE with VVPAT. All other Counties in CA use opscan.

Proposition 23, the None of the Above Ballot Option, failed to achieve
enough votes to pass in the March 7, 2000 election. The lack of
a “none of the above” choice for each ballot race (in all states)
creates a dubious dark hole for election auditing. Traditionally, when
one totals all votes cast in each race, these fall short of the
total number of votes eligible to be cast (usually by around 3%). The
“lost vote” (also called “undervote” or “residual vote”) rate tends
to differ depending on equipment and other factors, but it is often
also an indicator of malfunction or tampering. The lack of a definitive
“no vote” allows vendors and election officials to assert that votes
were “not cast” when in fact votes have actually been lost. This
is becoming more prevalent with the introduction of multiple recording
devices within the voting machines, and no real way to determine which
storage unit has the “correct” data. It is unfortunate that the U.S.
Green Party believes that the “none of the above” option is contrary
to their interest in promoting proportional balloting, since they are
among the most vocal opponents of this effective auditing requirement.

See for further
information on initiatives and election equipment data.U.C. Hastings
College of the Law Library maintains a search engine for its extensive California Ballot Propositions
, which is also helpful.


I was
requested by the Democratic Recount Committee to provide a sworn
affidavit regarding the necessity of a hand recount in the disputed
Florida precincts.  The testimony was presented as part of the
brief in the 11th Circuit Court of Appeals, Atlanta, November
17, 2000. The document is linked here
as a pdf file, and can also obtained through direct request to the
11th Circuit Court.  Reference to this affidavit was made in Brief
in opposition for respondents Gore et al. in Nos. 00-836 and 00-837 to
the U.S. Supreme Court.

In August of
2002 I testified in behalf of the Plaintiff requesting a recount in
Florida 15th Circuit Court Case No. CA-02-3667-AE Emil P. Danciu v.
Theresa LePore in her Official Capacity as Palm Beach County Supervisor
of Elections, Boca Raton City Canvassing Board, Palm Beach County
Canvassing Board, Susan Haynie, and Bill Hager. Footage of my
demonstration showing that a selection could inadvertently be made
without actually pressing the touchscreen at the candidate’s name
location, aired on 60 Minutes. Also revealed during the warehouse
investigation was the fact that these voting machines were never
manually checked for all combinations of candidate selections during
the pre-election testing process.

During 2007,
Florida outlawed the use of touchsreen voting (having previously
outlawed the hanging chad punchcard systems) and now uses optical
scanning throughout the state. Unfortunately, in 2004, Florida also
outlawed the right of voters or candidates to be allowed to audit the
electronically-generated results via a manual recount. (This may have been
partly in response to a federal lawsuit by their 19th District
Congressman Robert Wexler
and Palm Beach County Commissioners Burt Aaronson and Addie Green,
citing the equal protection clause of the U.S. Constitution and
claiming that it was unconstitutional for 52 counties in Florida to
a means to conduct a recount, while the 15 touchscreen counties could
not perform one.)
Thus there is no way to
independently confirm that the scanners have been programmed correctly,
are not experiencing anomalous conditions (such as treating certain
types of ink as invisible), and have not been tampered with (as Hari
Hursti showed can alter vote totals). See
for further details. For all of these reasons (plus others related to
voter disenfranchisement), Florida continues to get an F in election

New Jersey

2004-2006, I provided pro bono assistance for the Guciora v. McGreevy
lawsuit, which protested the use of paperless DRE voting machines in
the State of New Jersey on constitutional grounds. The Plaintiff’s Complaint
and Brief
can be found at the links here. I submitted extensive written
on October 16, 2004 that described numerous flaws with
electronic voting systems (lack of provability, malfunctioning that
disenfranchises voters, less accuracy, vulnerability to insider
attacks, lack of transparency, improper vendor responses to software
flaws, inadequate certification, lack of independent ballot audit, and
vendor misrepresentation). My testimony in the remand hearing before
Hon. Linda Feinberg, Superior Court of New Jersey, Law Division, Mercer
County, largely focused on the inability of the vendors to provide a
voter verified paper ballot add-on to the DRE equipment that could be
Federally certified for use, in time for compliance with the newly
enacted New Jersey law requiring same by January 1, 2008. Based on
Feinberg’s findings, the Appellate Division decided to remand the
matter to the Law Division in order to monitor compliance with the new
legislation. Although testimony by numerous individuals was presented
by Plaintiffs, the only comments noted in the Appellate
Division Opinion
were mine, pertaining to the issue that there were
factors independent of the VVPAT that would make it unlikely that the
AVC Advantage DRE would meet the 2002 FEC standards requirements by
December 2007. As I had predicted, and despite monitoring by the Court,
the VVPATs indeed were not ready by 2008 and the Attorney General
issued two 6-month extensions for compliance, also to no avail.

In the
meanwhile, a trial was scheduled and the Court ordered the State and
vendor to supply voting machines and source code for examination.
Information about the review and testimony in the 2009 (and earlier)
hearings can be found at Professor Andrew Appel’s website
and also at the Freedom
to Tinker blog
. On February 1, 2010, Judge Feinberg ruled that the
voting machines must be reevaluated to determine whether they are
“accurate and reliable” and required that additional safeguards should
be put in place to discourage tampering. The statement, which noted
“there is simply no evidence to conclude that absent complete access,
coupled with malicious intent to alter the results of an election, the
voting machines have failed to correctly and accurately count every
vote cast” also indicated that all voting systems have vulnerabilities,
so New Jersey’s unauditable machines seem (at least to the Court) to be
no worse than other methods (such as those involving paper ballots).
Unfortunately, the ruling did not go far enough to require that the
VVPAT law in the state be complied with, so that there might be some
actual proof that the machines were correctly and accurately counting
every vote cast (or not). And so it goes. Personally, I have felt
strongly that the Plaintiffs’ team was missing the boat by focusing on
hacking rather than the Constitutional aspects of assuring verification
and transparency in the election process. Nothing is really proven by
such attack demonstrations, other than that they could potentially
occur — since independent examinations of the equipment directly
following the elections are routinely
prohibited, we’ll never be able to show that tampering was afoot. The
greater likelihood is that malfunctions and misprogramming actually
will (and do) occur. These we have plenty of evidence of, and only with
voter verified paper ballots is it possible to recover from and
mitigate such problems. Perhaps someone else will try to sue on these
grounds, when evidence of machine failure eventually surfaces.

I was asked
to provide comment on New Jersey’s draft Criteria for Voter-Verified
Paper Records for DRE voting machines. My response is attached here.
The final version of the State Criteria is posted at
. The Attorney General’s reports, also available via this website, in
which she (perhaps conveniently?) declines to certify the VVPRS (paper
ballot attachments) for the Sequoia Advantage and Edge DREs, is very
curious, since the AG’s office argued in behalf of Defense in the
lawsuit noted above. The Sequoia Advantage DREs are used in 18 of NJ’s
21 Counties. You might think that since the AG did certify VVPRS for
two other vendors’ voting machines, the Judge might have required that
these be used instead of the Sequoias, but no. Hmmm.

If you vote
in New Jersey, here’s what you can do. NJ has a absentee
where citizens can register to receive paper ballots in the
mail. You will need to re-register as an absentee each year, but it is
a great alternative to using the paperless DREs. Don’t trust the Post
Office? If you take your ballot to the County Election Office and drop
it off there (in its sealed envelopes) during their business hours
(extended to the close of polls on election day), you’ll know that at
least your vote choices have reached the tabulation center, which is
something that the DREs cannot assure. In case of recounts (which do
happen in NJ) these ballots are the only ones that can actually be
checked without computer intervention.

Writings by Rebecca Mercuri
This section includes formal papers, commentary, articles, and other
relevant materials on voting and computer security.  The PDF
versions for some of these writings may be more suitable for producing

Electronic Vote Tabulation Checks
& Balances
,” Ph.D. dissertation, defended October 27, 2000 at
the School of Engineering and Applied Science of the University of
Pennsylvania, Philadelphia, PA. The title link here takes you
to the thesis defense announcement and abstract. UPenn’s Computer and
Information Science Department has (without permission) archived the
University Microfilms version of my thesis at
and it can be downloaded (for free) there. You can also obtain a copy
the thesis through UMI/Proquest by sending an email to  — the thesis number is 3003665.  They
various archival quality formats (hardbound, softbound unbound,
microfiche, and microfilm) of the original double-spaced 235-page
document, they can take credit-card orders, and I’ll receive a small
royalty. Those who are manufacturing or evaluating voting systems will
find it helpful to consider two additional
lists of questions I
developed as part of this thesis research. Some of the wording closely
follows the Common Criteria, whose Level 4 assessment I have
recommended as a minimum benchmark for voting system
security.  Further information about the Common Criteria can be
found at

2002: Sluggish Systems, Vanishing Votes
,” (PDF) Rebecca Mercuri, Inside
Risks, Communications of the Association for Computing Machinery,
Volume 45, No. 11, November 2002.

for Electronic Balloting Systems
,” Rebecca T. Mercuri and Peter G.
Neumann, Chapter 3, Secure
Electronic Voting
, Dimitris Gritzalis, ed., Advances in Information
Security, Volume 7, Kluwer Academic Publishers, Boston, November
2002.  ISBN 1-4020-7301-1

*A Better Ballot Box?,”
(PDF) Rebecca Mercuri, IEEE
Spectrum, Volume 39, Number 10, October 2002.

Computer Security: Quality rather than
,” (PDF) Rebecca
Mercuri, Security Watch, Communications of the Association for
Computing Machinery, Volume 45, No. 10, October 2002. (Note: The
footnote numbering is incorrect in the PDF version.)

vs Mercuri
,” Rebecca Mercuri, The Risks Digest, ACM Committee
on Computers and Public Policy, Volume 22, Issue 26, September 25,
2002. Archived at:

Primary 2002: Back to the Future
,” Rebecca Mercuri, The Risks
Digest, ACM Committee on Computers and Public Policy, Volume
22, Issue 24, September 11, 2002. Archived at:

of Voter-Verified Ballot Systems
,” Rebecca Mercuri,
ACM Software Engineering Notes (SIGSOFT), Volume 27, Number 5,
September, 2002.  Also published in The Risks Digest, ACM
Committee on Computers and Public Policy, Volume 22, Issue 17, July 24,
Archived at:

Voting Interfaces
,” Rebecca Mercuri, Usability Professionals
Association Conference, Orlando, FL, July 11, 2002.

Uncommon Criteria,” (PDF) Rebecca Mercuri, Inside Risks,
Communications of the Association for Computing Machinery, Volume 45,
1, January 2002.

*The FEC
Proposed Voting Systems Standard Update
,” a detailed comment
by Dr. Rebecca Mercuri, submitted to the Federal Election Commission on
September 10, 2001 in accordance with Federal Register FEC Notice
2001-9, Vol. 66, No. 132.

Integrity Revisited
,” (PDF)
Rebecca T. Mercuri and Peter G. Neumann, Inside Risks, Communications
of the Association for Computing Machinery, Volume 44, No. 1,
January 2001.  This was reprinted in the CPSR Newsletter, Winter
2001, Volume 19, No. 1.

and Electronic Voting
,” Peter Neumann, Rebecca Mercuri, Lauren
Weinstein, The Risks Digest, ACM Committee on Computers and Public
Volume 21, Issue 14, December 12, 2000.  Archived at:
This article was also printed in ACM’s Software Engineering Notes
(SIGSOFT), Volume 26, No. 3, March 2001.

Automation (Early and Often?)
,” (PDF) Rebecca Mercuri, Inside Risks,
Communications of the Association for Computing Machinery, Volume 43,
No. 11, November 2000.

,” (PDF) Rebecca
Inside Risks, Communications of the Association for Computing
Volume 36, No. 11, November, 1993.

Suffrage Security
,” Rebecca Mercuri, 16th National Computer
Conference, September, 1993. (See Conference Panels below.)

Business of Elections
,” (PDF)
Rebecca Mercuri, 3rd Conference on Computers, Freedom and Privacy,
March, 1993.

,” (PDF) Rebecca
Mercuri, Inside Risks, Communications of the Association for
Computing Machinery, Volume 35, No. 11, November, 1992.

Verifiability of Computer Systems
,” (PDF)
Rebecca T. Mercuri, 5th
International Computer Virus and Security Conference, March, 1992.

Related Writings by Other

into Vapor
,” Craig Lambert, Harvard Magazine, November-December
2004, Volume 107, Number 2. This succinct piece provides insight into
the mathematics behind the voting system problem, in terms that a
layperson can readily understand.

*“Election Reform and Electronic Voting Systems
(DREs): Analysis of Security Issues,” (PDF),
Eric A. Fischer, Congressional
Research Service, The Library of Congress, November 4, 2003. A
well-balanced overview of voting security threats and vulnerabilities
along with an assessment of strengths and weaknesses of potential

Review of the Diebold DRE system for Four Counties in the State of
Maryland,” (PDF),
Benjamin B. Bederson, Paul S. Herrnson, University of Maryland, 2002.
This study, conducted prior to the Fall primaries, provides an early
indication of machine failures with the Diebold equipment (used in
Georgia as well as Maryland).

*“Secret-Ballot Receipts and Transparent
Integrity,” (PDF),
David Chaum, Draft, May 2002. Chaum, the inventor of eCash, describes a
unique method where voters can positively confirm their ballots, both
at the polling station and also after the election, to be sure
they are correctly entered into the tallies, without revealing their
choices. This groundbreaking work may eventually form the basis
of secure and auditable future elections.

*Opening a Can of
Electronic Chad
,” Bill Sterner, Carol Schiffler. A position piece
against touch-screen voting from the Citizens for Legitimate

How to
Make Over One Million Votes Disappear: Electoral Slight of
Hand in the 2000 Presidential Election
,” Democratic Investigative
Staff, House Committee on the Judiciary, August 20, 2001. (A 50
state report prepared for US Representative John Conyers, Jr., Ranking
Member, House Committee on the Judiciary, and Dean, Congressional
Black Caucus.)

*Voting and
,” Bruce Schneier, Crypto-Gram, December 15, 2000.
(Also read his explanation in the 2/15/01 issue about why Internet
voting is not possible, and his scathing comments about’s
proprietary voting technology claims in the 3/15/01 issue. In the
issue, this expert again confirmed his opposition to Internet

*No voting
machine is going to be perfect — and not just in Florida
,” Rick
Malwitz, Home News Tribune, November 30, 2000. (If you think
that direct-entry computerized voting machines are the answer
to hanging chad, read this.) A confirming follow-up on this story:
says booth proved not so fail-safe
,” Jeff Gelles, Philadelphia
Inquirer, January 15, 2000.

Democracy Under Stress,” Ronnie
Dugger, Los Angeles Times, November 19, 2000.

*“Disenfranchised by design: voting systems and
the election process,” Susan King Roth, Information Design Journal,
Volume 9, No. 1, 1998. (This early study examines usability issues in
various election systems, with the conclusion that newer technologies
are not necessarily an improvement for voters.) The pdf can be accessed

*Security Criteria for
Electronic Voting
,” Peter G. Neumann, 16th National Computer
Security Conference, September, 1993.  *Risks in Computerized Elections,”
Peter G. Neumann, Inside Risks, 5, CACM 33, 11, p. 170, November
1990. (Dr. Neumann has expressed his opposition to fully-electronic
and Internet-based democratic elections since the early days
of this debate. His Risks newsgroup frequently prints reports
of election problems, issues are archived at:

Integrity, and Security in Computerized Vote-Tallying
,” Roy G.
Saltman, U.S. Department of Commerce, National Bureau of Standards
Special Publication 500-158, August 1988. (This classic document
contains highly relevant material for anyone researching or dealing
with voting systems.)

*Reflections on
Trusting Trust
,” Ken Thompson, Communications of the
ACM, Vol. 27, No. 8, August 1984. This important Turing Award lecture
explains precisely how it is possible to conceal nefarious programming
such that it will never be found in a source code inspection.

A Bit of Levity

Digital Democracy,”
Mark Fiore, February 4, 2004. (A fun animation depicting what we are
getting with paperless voting systems. Wait a minute or so for it to
load, don’t press back or next.)

guarantee the outcome
,” Summer, 2003. (If someone told
me I’d be referring folks to Larry Flynt’s website, I would have
laughed, but this parody is great, and G-rated to boot!)

A Renegade Reciprocal Miracle Chad,”
Joel Achenbach, Washington Post, November 17, 2000. (A lighter view of
the punch card problem)

Join My Email Group

I have
a private email group which I am using to send messages regarding
updates to this website and other announcements about relevant
conferences, legislative activities, election litigation and my
talks and media appearances. The group is “send-only” so replies go
to me, not to the other group members. Announcements are sporadic,
only a couple per month. If you are interested in joining, send an

Then follow
the instructions in the reply message that you will receive, and I will
place you on the list. If you join topica (although you don’t need to
do this to be a mailgroup member), you can review all of the prior
messages in the NotableVoting history list at their
website. If you tire of the list, you can remove yourself from it by
sending a message to and your
address will be deleted.

Additional Links

The wealth of materials at these
sites may be helpful to those who are interested in voting technology.
The links here are in no particular order and should not be construed
as endorsements. As web pages and hosts can change rapidly, I take
absolutely no responsibility for the content and/or reliability
of these links.

       - Inside Risks
   - Risks
Forum Newsgroup

Leave a Reply