GAVV Georgians for Verified Voting
 
 
 

"But None of the Above was a close third -- and nearly made the runoff."


AJC, 10/27/04
 

One in Six Democratic Voters Couldn't Take

the U.S. Senate Candidates Seriously, Says AJC

Editor's Comment: The undervote rate in the U.S. Senate race discussed in this article was higher than that of the U.S. Senate race in Sarasota, Florida in 2006, a race which has been in the national headlines, has been referred for investigation to the Government Accountability Office (GAO), and is still being contested in the courts.

 

by Donna Price (Updated March 4, 2007)

 

Primary voters are motivated.  They keep current on issues and go to primaries with the intention of voicing their preferences. Yet according to the Jim Galloway and Tom Baxter in the Atlanta Journal-Constitution, October 27, 2004: "On the Democratic side of the U.S. Senate race, 625,115 votes were cast . . . nearly 106,000 Democrats — 14% of the total — took a look at the eight-candidate field. And passed." (1)

 

The AJC article fails to recognize that a 14% undervote rate is more likely the result of a malfunction in Georgia's electronic Diebold Election System (DES): an error in programming the ballot definition files, memory chip failure, misprogrammed or corrupted software, other system failure or the result of a malicious hack. [Note: Charles Stewart of MIT testified that it was "statistically unlikely that nearly 13 percent of Sarasota voters chose not to vote in a Southwest Florida 2006 congressional race," mentioned in the Editor's Comment above," Sarasota Undervote Unlikely," by David Royse, The Ledger ]

 

A Few Reasons To Question the Results

Evidence of serious problems with the Georgia DES has been evident from its first deployment in a Georgia election, November 2002. A "Punch List" obtained through Open Records Requests (ORR)(2) reveals problems with the system's performance including:

  • Questions about system certification (this is a continuing problem which will be reported on in future articles);
  • "Inoperable 'Charging' functions on TS units;
  • "Voters' selection of candidate on TS units improperly reflected on 'Summary Screen";
  • Questions about whether the "0808" patch was applied on "all systems";
  • Voting units "found to be defective";
  • "Defective encoder performance";
  • "Training on safeguards to prevent and detect tampering or theft not yet provided";
  • "At least 5 county servers failed prior to Election Day";
  • "Blank cds received from counties were supposed to contain final election results";
  • "L&A testing did not identify possible screen calibration problems or memory error".

Voters were not informed of any problems, rather the contrary. In testimony before the federal Elections Assistance Commission, Kathy Rogers, director of Election Administration, Georgia Office of the SOS stated: "The 2002 General Election was one of the cleanest, most accurate elections ever held in the state of Georgia."

 

Were the Problems Corrected?

Flaws in the system could have been corrected before the 2004 election was held, but evidence suggests otherwise.  In correspondence with Diebold, the state pressed for problem resolution; (3) however, response to two ORRs (4), the SOS's office provided documentation (5) that revealed that Georgia voted on the same software, GEMS version 1.18.15, in the 2002 and 2004 General Elections and the 2004 Presidential Preferences Primary. The only documented changes to the GEMS software was a stipulation in an amendment to the state's contract with DES for the application of the "0808" patch (a security patch). It is not clear when or if the patch was applied to all systems.  If the patch was applied, there is no documentation to indicate that the patched software was nationally re-certified before the 2004 election by the Independent Testing Authority, Ciber. Georgia law requires compliance with applicable Election Assistance Commission (EAC) Voluntary Voting System Standards (VSS), and re-certification by the ITA for changes to the software is a component of complaince with VSS.

 

There is anecdotal evidence that the system had security vulnerabilities of which the state was aware when voters cast their ballots in November 2004. On April 14, 2004, Preston Futrell, X-Force National Emergency Response Team, Internet Security Systems, who worked with local, state, and federal agencies on information technology (IT) terrorism/hacking threats, as well as consulting with corporations around the world on security, spoke at an the 2004 Information Security Awareness (ISA) Conference at Emory University in Atlanta.  After the conference, in answer to questions about the security of Georgia's DES implementation, Futrell said that he had just met with the Georgia Technology Authority (GTA) the previous day.  The GTA was under pressure from Governor Perdue to secure the system.  However, according to Futrell, the voting system could not be secured in time for the November 2004 election.

 

How important is certification? Election officials have confidently and emphatically asserted that mechanisms that ensure secure and accurate elections on Georgia's paperless electronic voting system are in place and can be relied on by voters: citizens can trust the state with counting their votes even though the system is not transparent, and there is no mechanism to conduct audits independent of the software. The state has gone so far as to say that "Recent reports published by academics, computer scientists and software security professionals have raised questions about security with electronic voting systems.  It is important to note that these reports have been written by computer scientists who admittedly know very little about how elections are administered and completely disregard the internal and external security measures in place for Georgia elections."(10)

 

Federal and state certification are the first of the state's four levels of testing. Qualification, certification, acceptance, and logic and accuracy tests are said to provide "overlapping layers of safeguards" that ensure that "attempts to alter the system would be easily detected." (11)

 

Implementing "secure"(12) accurate and reliable IT systems means ensuring that all possible safeguards are in place.  Unusual phenomenon, like the 14% undervote rate in the U.S. Senate race in the state's 2004 Democratic primary raises serious questions that are left unanswered.  Until the voting system in Georgia has a mechanism to conduct audits independent of the software, the legitimacy of election results in Georgia remain in question.

  1. "So Democrats ran No. 1 after all. But one in six voters couldn't take the U.S. Senate candidates seriously," Metro section, Atlanta Journal-Constitution, Jim Galloway and Tom Baxter, 10/27/04
  2. America's Next Election Nightmare, Andrew Gumbel, The Huffington Post, September 27, 2005.
  3. Ray_Urosevich_12_03_02 (pdf); Cox_Urosevich 12_03_02 (pdf)
  4. Letter from Clifford D. Tatum, Assistant Director of Legal Affairs, Elections Division, Secretary of State, dated March 17, 2004; Letter from Clifford D. Tatum dated July 22, 2005 [address redacted].
  5. Cover page of Qualification Test Report, Ciber ITA, 1/03/03, that the SOS's office provided in response to request for system certification documentation. It is for GEMS 1-18-15, a version that has never received NASED approval, as indicated in document below. [Note: For journalists or researchers, GAVV can make copies available of the full test results.]
  6. Georgia elections code requires that voting systems be certified (590-8-1-.01(A).  In Section 590-8-1-.01(D):
    "Prior to submitting a voting system for certification by the State of Georgia, the proposed voting system's hardware, firmware, and software must have been issued National Association of State Election Directors NASED Qualification Certificates from the Election Center....the qualification tests shall comply with the specifications of the Voting Systems Standards published by the Federal Election Commission." [The language does not reflect the change from NASED to the EAC, the entity that has just taken over the certification process].
  7. Letter from Shawn Southwell, ITA Practical Director, to R. Doug Lewis, The Election Center
  8. National Association of State Election Directors, Systems that are NASED Qualified, 5/31/95 to 1/03/03 (pdf)
    National Association of State Election Directors, Systems that are NASED Qualified, 12/05/03 to present (pdf)
  9. Barnes_Moreland letter from 1-30-03 (pdf)
  10. "Security features of Georgia's Electronic Voting System," Office of the Secretary of State, State of Georgia, undated.
  11. There are no absolutely secure IT systems.  Security means an ongoing effort to thwart the latest attacks and attempts to compromise systems.  When it comes to using electronic voting systems in elections, it is difficult, if not impossible, to build a system flexible enough to respond to ongoing security threats. More on this will be covered in other articles.

Archived copy of article in AJC

 

 

 

Copyright 2007 GAVV. All rights reserved.