October 15, 2019

Reexamination of an all-in-one voting machine

The co-chair of the New York State Board of Elections has formally requested that the Election Operations Unit of the State Board re-examine the State’s certification of the Dominion ImageCast Evolution voting machine.

The Dominion ImageCast Evolution (also called Dominion ICE) is an “all-in-one” voting machine that combines in the same paper path an optical scanner (for hand-marked bubble ballots) with a printer (for machine-marked ballots via a touchscreen or audio interface).

Last October, I explained that why this is such a bad idea that it should be considered a design flaw:  if a hacker were able to install fraudulent software into the ICE, that software could print additional votes onto a voter’s ballot after the last time the voter sees the ballot.   I’ll just give one example of what the hacker’s vote-stealing software could do:  In any race where the voter undervotes (does not mark a choice), the hacked software could print a vote into the bubble for the candidate that the hacker wants to win.

The manufacturer may argue that “our software doesn’t do that;” true enough, the factory-installed software doesn’t do that–unless hackers hack into the manufacturer’s network.  They may argue that “our voting machines are not hackable;” well, it’s admirable that they are using modern-day authentication methods for the installation of new software, but in the current state of the art, it’s still the case that practically any computer is hackable.

And therefore, we rely on recounts and risk-limiting audits of the paper ballot as marked by the voter as our ultimate protection against computer hacking.  An all-in-one voting machine, that combines printing and scanning into the same paper path, seriously compromises that protection.

Douglas A. Kellner, co-chair of the New York State Board of elections, wrote on March 7 2019 to his fellow Board commissioners,

Two respected professors of computer science have provided reports that the Dominion ImageCast Evolution voting machine has a “design flaw.” … “after you mark your ballot, after you review your ballot, the voting machine can print more votes on it!” …

[New York State] Election Law § 7-201 requires that the State Board of Elections examine and approve each type of voting machine or voting system before it can be used in New York State…. The examination criteria for certification of voting equipment … requires … “the vendor shall identify each potential point of attack.” …

I have carefully reviewed Dominion’s [submission].  I do not see anything in the submission that addressed the point of attack or threats identified by Professors Appel and DeMillo. …

If there is a serious possibility that an insider could install malware that could program the printer to add marks to a ballot without the possibility of verification by the voter, then the entire audit process is compromised and circumvented. If it was possible for the machine to add a voting mark to the ballot without verification by the voter, the audit is not meaningful because it cannot confirm that the ballot was counted in the manner intended by the voter. …

Election Law § 7-201(3) provides that:  “If at any time after any machine or system has been approved,…the state board of elections has any reason to believe that such machine or system does not meet all the requirements for voting machines or systems set forth in this article, it shall forthwith cause such machine or system to be examined again.” …

In view of the omission of the security threats identified by Professors Appel and DeMillo in the submission by Dominion in support of its application for certification of the ImageCast Evolution, and in view of the absence of any analysis of this issue in the SLI and NYSTEC reports, I request that the Election Operations Unit of the State Board examine again the ImageCast Evolution to consider the vulnerability of the voting system because the printer could be programmed to add marks to ballots without verification by the voter, and that SLI and NYSTEC supplement their reports with respect to these issues.

Comments

  1. John D Stanton says:

    As a Ga. Voter, the growing threats to Equitable Elections by any means other than Hand Marked Paper Ballots is a cause of great concern. Our Elections could be compromised, as suspected currently using old DRE Technology and with the newer BMD’S Unaccountable and Unauditable systems will render Ga. Elections Unacceptable. As noted, I cannot vote, with Full Faith and Complete Confidence on any Electronic Voting Equipment. I respectfully request, henceforth, that the State of Georgia use Hand Marked Paper Ballots. This proven approach of pen and paper is reliable and verifiable for Audits, is cost effective and does not require the use of Corruptible Code and bar codes that could modify votes other than intended by the voter. Please continue the great work to ensure our Votes Count as Cast. Voting Integrity Advocates and Voter’s efforts for Equitable Elections, Thanks you kindly, John D Stanton (Atlanta, Ga.)

  2. Joe Lipari says:

    I really like your posts about the Permission to cheat systems. New York certainly has had it’s issues with voting systems. Is this the machine that had all the issues in New York City? I believe the vendor flat out blamed the election administrators for the issues… I don’t buy that. More responsibility needs to be put on these vendors when they are so critically involved in our democracy. I also heard the NY election board is about to start testing another permission to cheat machine – the ExpressVote. Someone should definitely put a stop to that, we need secure, reliable, and accessible machines for elections.
    Thank you,
    Joe L

  3. NYC has the AutoMark from ESS with autocast feature, which also is certified.

    https://www.elections.ny.gov/NYSBOE/hava/ESSAutoMarkVideoTranscripts.html

    I believe it is also in Indiana.