Electronic fraud in a paper-based system: Request for feedback

The great advantage to a paper-based voting system is that you can hand count the actual ballots in a recount. We know Ohio used paper punch card and optical scan ballots in the VAST majority of its counties. And we know Ohio did a recount where approximately 3% of the ballots were hand counted.

The results from the hand count DID NOT show fraud in such a way as to attract very much of the world's attention.

Yet we KNOW, we feel in our bones that electronic fraud MUST HAVE taken place for a multitude of reasons. We can DISCOUNT widespread ballot box stuffing, because that would require co-conspirators in 88 counties and 110,000 precincts. Therefore it HAD TO BE electronic. ALL the paper ballots in Ohio were tabulated by TWO software companies, ES&S and Triad, both led by Republican donors.

In less than three days, I was able to design a tabulation program that is immune to ALL means of detection EXCEPT one: a full hand recount in a county that I hacked.

That was THE ONLY RISK FACTOR that I was NOT able to protect against, short of examining my de-compiled source code. Yet I believe that risk can be MANAGED, if not eliminated entirely.

So I'm looking for your help in identifying ways this risk can be reduced to the level where it would be worthy of consideration. I want your reaction to the potential methods of reducing the risk of a hand full recount in a particular precinct.

The first quasi-solution is to have the software contain a pre-defined listing of which precincts are "safe-to-hack" and those that are "unsafe-to-hack". If accurate, this would GREATLY reduce the risk of detection. This would require careful analysis by the conspirators. Without getting into too much detail here, I think people who have experience working with BOE officials and possess a wealth of statistical data, could come up with a list of precincts most liable to be chosen for a full hand recount. In many counties only 2, 3, or 4 precincts need be selected to meet the 3% requirement. (As far as we know, only one county chose a truly "random" list of precincts.)

In my study of the Washington County, Ohio recount, the Republican and the Democratic representative agreed to two precincts in which to hand count: one big/urban and another small/rural. It turns out they picked the biggest precinct that had at least one vote for each of the four presidential tickets plus at least one write-in. They also picked the smallest precinct that had at least one vote each of the four presidential tickets plus at least one write-in.

The point here is that by studying human nature (and its inclination to "fairness" -- and distaste for having to count 34,000 more punch cards) it may be possible to predict a relatively small number of precincts in each county that may be more liable to be chosen for the full hand recount. These precincts could then be flagged in the software so it would not hack the tabulation. Then you could evenly "spread out" the number of ballots you want to flip among all the "safe" precincts. I can show that this will be an incredibly small number if you want to swing the election by 3 points statewide.

In fact, the number of ballots per precinct that would have to be flipped is so small, that it leads me to my second quasi-solution: Just spread the number of flipped votes out evenly among all 110,000 precincts. Don't even bother trying to predict which ones may be chosen -- spread the hack out evenly among all 100,000 precincts. This way the discrepancy between the hand count and machine count would be so small that the difference could be easily rationalized by chads falling off or under votes. I have calculated that in the largest counties that only 15 ballots out of 1000 need to be hacked.


In summary, the ONLY risk to be managed in a paper-based system is by having a hacked precinct counted by hand. I have demonstrated a couple of ways that risk can be "managed", i.e., reduced. I want to know if you think its feasible. Can you think of other ways this risk can be reduced? Of course, this is just theory and there's no evidence, but if suspicion of fraud can be proven well enough in another area, we want to have a clue where to look next...

I read the first quarter of your very good post... not sure where you insert electronics into paper systems.

Perhaps you are including punched card ? I am not sure how they work.

In any case, i have read that the ALL PAPER CANADIAN system.. to the best of my amateur knowledge... is seen as clean.

"Scruteeners" from all parties watch hand count of paper ballots, ink marked.

Then i believe, each polling stattion calls in the results.. could be done be each party to avoid fraud at this step... to central tabulation group of all parties watching each other add the incoming data.

Only the phone would be electronic in this set up.

Scruteeners would nix any fraud.

What do you think? End all punched cards, which appear to me IMHO to be blends of hackable electronic counters and paper. Not really sure.

Optical scanners and punch card readers are mostly just mechanical devices that can read the ballots really fast. Their output is basically unreadable so it is fed into a PC that correlates the dots and holes with candidate names and races. The tabulation software I'm talking about runs on these computers.

Studies of elections have shown that the position on the ballot in which one's name appears actually affects the outcome of a race. Therefore many states have ordered that candidate names can't just be listed alphabetically, by last name or party. In other words Kerry must appear on the top line of a ballot just as many times as Bush. So each precinct is assigned a "rotation" order of candidate names.

This means the software at the very least must contain pairings of precinct number and rotation. Another piece or two of other kinds of data can be used to apply the hack...

Seems like yesterday you argued that computer fraud was a Red Herring, and that low level fraud was the place to be. Was it yesterday?
Anyway, it's the little things that mean a lot, i.e is the myriad of the seemingly small interventions in the election process: the voter registration system, the absentee votes and its possibilties for fraud, the rejection of provisional ballots, the allocation of machines in such a way to chase away democratic voters.
("Have you ever seen a picture of white affluent voters standing in line to vote?")

This is how they would do it. Is it feasible?

I don't agree that there must be computer fraud, all the little low-tech things could add up to a substantial percentage of the vote.

but

think along that line and your second proposal, scaled down, fits well. Instead of corrupting 1.5% of the votes during the counting - and being concerned with which precincts will get recounted; just flip 0.5% all over. Let a hand recount find them, but rely on the cost of a full hand count to pressure everyone into accepting 99.5% accuracy as sufficient.

Similarly, a 0.5% mismatch to the poll book (a few ballots stuffed) would not be worth the money to fix, and a 0.5% extra overvote, etc etc etc.

The central-tabulator is intriguing because it lets a small group of people tinker with a large number of votes. Small enables secrecy.

But suppose for a minute that you could provoke a semi-organized response without much organization at all? All the pollworkers belonged to one of two pseudo-organizations in that they (Ohio at least) either identified themselves as republicans or democrats.

So suppose the repubs and dems both informed their pollworkers and elections officials that the other side would be trying to cheat and that they were the front line to prevent the other side from gaining by cheating. I like to think that the Dem elections people would respond by being vigilant and trying to ensure fairness. Is it possible that in the same circumstance that Repubs would react differently and go beyond fair? Creating a disorganized, widespread, rash of minor effects like this due to the actions of thousands of individuals who each consider their actions to be so insignificant or justifiable that their consciences don't even bother them?

I have little trouble believing it considering they vote for Bush with all the broken promises, lies and all. I expect that some dems would also go beyond fair, but disproportionately.

But still, if the recount was fair, it would cost nothing to pick your precints at random in front of observers immediately preceeding the hand counting. So what are they hiding?

punchcard, 10 used e-voting.
Vendors are Diebold, Sequoia, Ess and others.
I compared the total votes (latest on State web is not the certfied count) with the registration by party affilliation.

the percentage imply party turnout +- registered voters
mind you there are 20-30% voters who decline to specify affilliation with any party.

Turnout percentage Kerry Boxer Bush Jones (Boxer seat)
Above 100% 17 20 26 5 counties
Above 90% 8 13 19 20
Above 80% 15 8 9 16
Above 70% 6 11 3 11
Below 70% 12 6 1 6

Kerry had less votes in 44 counties than Boxer
and Bush had more votes in all 58 counties than Jones running for Boxer's seat.

After doing this general spread sheet, I started concentrating on LA County, which used e-voting for early voting, and then Inkadot with Optiscan (centralized)
The software used is unknown to me at this time. I have had not much time to scrutinize the LA data yet... there are about 4500 precincts.

But yes, I believe, any hidden code in the centralized tabulations can and will pad or deduct a candidate's tally.

p.s. (edited) and I believe if it was really done in CA it was done as a "spread" of random percentage points here and there.
CA being considered a "safe" State no one would even question the outcome.

LA County

Who can request
 
 
Any voter of the state may file a request. (E.C. 15620)
 
Timing of Request
 
 
The request must be filed within five (5) calendar days after the completion of the official canvass. The canvass is complete when the elections official signs the Certification of the Election Results. (E.C. 15620)

Exceptions: For statewide contests, the request must be filed within five (5) calendar days beginning on the 29th day after the election.
 
Format of request
 
 
*
The request must be in writing. (E.C. 15620)
 

*
Must specify the contest to be recounted. (E.C. 15620)
 

*
Must state on behalf of which candidate, slate of electors, or position on a measure (affirmative or negative) it is filed. (E.C. 15620)
 

*
May specify the order in which precincts shall be counted. (E.C. 15622)
 

*
May specify the method of counting to be used (computer, manual or both). (E.C. 15627)
 

*
May specify any other relevant material to be examined. (E.C. 15630)
 

*
For statewide contests, may specify in which county or counties the recount is sought. (E.C. 15621)
 


Place of filing
 
   

*
With the county elections official responsible for conducting the election, if the contest is not voted upon statewide. (E.C. 15620)
 

*
If election is conducted in more than one county, the request may be filed with the county elections official of, and the recount conducted within, any or all of the affected counties. (E.C. 15620)
 

*
With the Secretary of State if the contest is voted upon statewide. (E.C. 15621)
 

*
With the City Clerk if it is a city election (or if the city has not consolidated with the county). (E.C. 15620)
 


Notice of recount
 
*
A notice stating the date and place of the recount will be posted by the elections official at least one day prior to the recount and the following persons will be notified in person or by telegram: (E.C. 15628)
 

*
All candidates for the office being recounted.
 

*
Authorized representatives for presidential candidates, if the race for presidential delegates is to be recounted.
 

*
Proponents of any initiative or referendum or persons filing ballot arguments for or against any initiative, referendum or measure to be recounted.
 

*
Secretary of State if the recount is for candidates for any state or federal office, delegates to a national convention, or any state measure.
 


Process of recount
 
  

*
The recount is open to the public. (E.C. 15629)
 

*
Recount must start no later than seven calendar days following the receipt of the request and shall be continued daily, Saturdays, Sundays, and holidays excepted, for not less than six hours each day until completed. (E.C. 15626)
 

*
A manual recount must be conducted under the supervision of the elections official by recount boards, consisting of four voters of the county, appointed by the elections official. (E.C. 15625)
 


Result of Recount
 
 

*
The results of a recount are declared null and void unless every vote in which the contest appeared is recounted. (E.C. 15632)
 

*
Upon completion of a recount, if a different candidate, slate of electors, or position on a measure receives a plurality of votes, the results of the official canvass will be changed and the election results re-certified. (E.C. 15632)
 

*
A copy of the results of any recount conducted shall be posted conspicuously in the office of the elections official. (E.C. 15633)
 


Cost and payment
 
 
The elections official shall determine the amount of deposit necessary to cover costs of the recount for each day. (E.C. 15624)

The voter filing the request for recount must deposit, before the recount commences and at the beginning of each day following, such sums as required by the election official to cover the cost of the recount for that day. (E.C. 15624)

If upon completion of the recount the results are reversed, the deposit shall be returned. (E.C. 15624)
 

 
COST BREAKDOWN FOR MANUAL TALLY

No. of Boards
Cost per Day
1
$2,182
2
$3,545
3
$4,908
4
$6,271
5
$8,453
6
$9,816
7
$11,179
8
$12,543
9
$14,724
10
$16,088
11
$17,451
12
$18,814

*Cost will include labor, facilities, material and personnel. Cost will vary according to type of election and personnel involved.

 
Automatic Manual Recount
By law, a random sample of ballots from every election must be recounted manually to verify the computer count. A minimum of all votes cast in one percent (1%) of the precincts is included in this process. The Automatic Manual Recount is open to the public.
(E.C. 15360)

http://www.nvri.org/about/ohio_serpe_122304.pdf

Inconsistent Standards in Selecting the Initial 3% Hand Count

* Allen: Board pre-selected

* Clermont: picked the 13 smallest precincts

* Cuyahoga: only picked precincts with 550 votes; one east side, one west side, one rich, one poor. This eliminated 92% of precincts from consideration.

* Morrow: picked the one and only precinct in the whole county that had 3% of the total

* Hocking: only picked precincts that were evenly split for Bush-Kerry.

* Medina: picked same two precincts as used in unrelated school levy recount

* Vinton: selected only one precinct that had 3%

* Summit: BOE shuffled deck of all 475 precincts and chose randomly behind closed doors

* Brown: put all precincts with less than 3% in a hat and choose randomly

* Athens: chose randomly

ADDED:
* Washington: picked the SMALLEST precinct that had at least one vote for each of the four tickets plus a write-in and the LARGEST precinct that had at least one vote for each of the four tickets plus a write-in


Could someone have foreknowledge of which way a board would choose precincts for a recount? Could they "count on" counties where they had an insider?

1. If you miscount EVERY precinct. Even 15 ballot difference in the 3% recount, if you're unable to reconcile it in any way, WILL cause a full hand recount. In all the Ohio counties where the hand recount was not done in spite of the initial mismatches in the handcount, the handcount was reconciled eventually. If the machine was intentionally miscounting ballots, no such reconciliation would be possible.

2. If you try to figure out which precincts will be picked for hand-counting and put in code that would correctly count those - remember, there are 88 counties. Let's say you are an amazing guesser, first-rate psychologist etc. and you can predict which precincts will be picked with 99.5% precision in any one county. That's a pretty good prediction wouldn't you say? What are your chances that all the precincts in all 88 counties will be picked "correctly" - that is, match your prediction? That chance is 0.995^88 - or 0.64 - that is, 64%. That means that there is a 36% chance that, in spite of your amazing predictive powers, your scheme will be uncovered. If your predictive powers slip to 99%, the chances of discovery grow to 60%.

Would you bet the "fraud of the century" on the 36% to 60% chance of discovery? I certainly wouldn't.

Why did the hand count not match the first time? What was done to the machine to get it to work right the second time?

More from Serpe:

Monroe: machine count wrong twice so repairman from Triad called in

Fairfield: after machine count mismatch the closed the building and kicked everyone out except Republicans. Four days later they ran the machine count again and it matched perfectly

See her section on the lack of ballot security...

STATISTICS: If the probability is 99.5% in each county, then its 99.5% for all counties. For example, if the odds are 99.9% that you can drive through a stop sign without getting a ticket, on your 100th try the probability is STILL 99.9% that you won't get a ticket. (Don't ask me why, a statistician told me this once...)

and checked the machine, checked the ballots, fixed the chads etc. In some counties the machines were broken (I think that was the Fairfield) and needed to be replaced.

As for statistics - your statistician friend was right, on the 100th try the probability is still the same as on any one of the previous tries - but remember, you know 100% sure that you did NOT get caught the previous 99 times. BUT if the probability of getting caught on ONE stop sign is exactly 0.1%, the probability of getting caught if you do it 100 times in a row (note: the probability is calculated BEFORE you do it 100 times) is (1-0.999^100)=0.10 - 10%. This is not rocket science, this is elementary probability calculations.

Edit: to clarify, if you throw a true unadulterated coin 10 times in a row, the probability of getting heads every time is 1/1024 = 0.09% On the other hand, if you have already thrown the same coin 9 times, and it came up heads 9 times, the 10th time you throw the chance of getting heads is 50%.

In most Ohio counties, they only did a hand recount in prechosen precinct or two. This offers absolutely no assurance of reliability of the vote. Even with a 3% random sample, there is only 3% chance of catching fraud. And even then, its possible given the closed system to cover up most fraud that might have occurred. Only a careful check of the voter logs vs the counts, with a followup survey of voters(who would have to be willing to tell the truth) could provide complete assurance, given the documentation has been locked down in the hands of the potential fraud causers in this case. That much scutiny was unlikely to be accomplished. There has to be reform to make the system more transparent and not controlled by manufacturer reps and partisan officials with no controls.

note: I hear that in one precinct fraud has been proven by doing a survey of the voters in that precinct, but thats going to a lot of trouble.

Here is why.

I live in Hamilton County, home to Cincinnati. Cincinnati the city is actually 43% African American. Once you get outside of Cincinnati and even certain neighborhoods in Cincinnati you get into over 90% white areas. The counties surrounding Cincinnati are considered reliably GOP counties. In these counties people do vote republican.

The Supreme Court Justice race was between Thomas Moyer (R) and an African American female municipal judge from Cleveland named C. Ellen Connaly. She was so underfunded I saw not a single commercial or yard sign, and I live in a democratic precinct. The GOP candidate however did have yard signs all over Butler, Warren and Clermont county AND was endorsed by the Cincinnati Enquirer
http://www.enquirer.com/editions/2004/10/27/editorial_ed1b.html

Yet C. Ellen Connaly an African American municipal court judge from Cleveland got substantially more votes than Kerry in a down ticket race in areas where voting a straight GOP ticket is the norm for a certain percentage of people in those counties. I do not believe that Bush voters accidentally voted for a democratic judge from Cleveland because they could not remember the name of the incumbent GOP judge.

Add to that the lockdown of the vote tabulation in Warren County due to a Homeland security threat that Homeland Security and the FBI have denied and a podunkville county like Warren completing their tabulation so late that Cuyahoga, a county of 1 million people got their tallies in before Warren.

Mama didn't raise no fool. Bush did not get 71% in Warren County.

In Alaska we just had a recount of the Senate race; they agreed to hand recount 10 percent of all precincts. Each of the forty districts had one precinct recounted by hand. These were chosen randomly, from a hat, by us (the people who requested the recount). And then four more, one from each region, because we needed 44. Mostly we use optical scan, except in some smaller communities which still count by hand (those precincts were recounted by machine, and not included, at our request, in the hat picking.)

If Ohio had done what Alaska did, I'd have a lot more confidence! (Also, any ballots rejected by the machines were judged by the director of the Division of Elections, with observers allowed to watch.)

That's great.