|Articles: Home All articles on fixing elections, vote fraud, election manipulation|
Other related articles:
Election Fraud, Steal Elections or Fix a Vote, Motivation
How to Hack an Election Audit of Optical Scan Voting! Learn how to break MN audit procedures and get your guy in! This means you Nasty Norm and Inept Al!
A widespread voter suppression tactic this year is the removal of voters from the State controlled election databases.
Depending on which state and county you can be bounced by the State and reinstated by a local county or you are removed with no recourse. Most of the time there is no notice that you have been removed from the rolls.
6 states including mine, Minnesota, have same day registration and so the effect would be to clog the lines at polling places when people re-register and delay will drive down turnout. In the other 44 states you may have to "prove" various poll tests. The effect will be to block voters or have voters vote on "provisional ballots" which means straight to the trashcan with the cheezy "provisional ballots". This will also clog the polling lines with "problem" voters to slow down the voting and delayed voters will leave without voting.
I wrote about this tactic in 2004 and called it the "Kiffmeyer Finesse", after Ex-Secretary of State Mary Kiffmeyer (Republican) rewrote the Minnesota election rules to allow this situation where targeted people can be bounced from the voting rolls too late to correct the "problem" before the election.
Another tactic of State controlled database voter removal will be the election roster books. Printed versions can have people "removed", though actually in the State database, just not in the printed version at the polling place. I can hear it now: "Oops, computer error." Electronic versions of vote rosters can just be fritzed and not work in targeted areas to cause delays or late changes to "lose" people from the rosters. Even "live" changes as the elections are in progress can occur with some computerized vote roster systems.
I expect many more absentee ballot (ballot by mail) problems too. Lack of chain of custody, "fixing" ballots after they have been sent, spoiling of many absentee ballots because of arbitrary rules, and plain old ballot stuffing of absentee ballots. Because there are so many absentee ballots and the chain of custody is poor it allows more opportunity to manipulate the absentee ballots.
UPDATE: 2008 Minnesota Recount
The U.S. Senate Franken-Coleman recount in Minnesota (MN), my home state, is centering on the absentee ballot spoilage rate. The spoilage rate is about 20 times higher than the machine counting spoilage rate, (0.2% according to Joe Mansky from Ramsey County Elections who uses Diebold Accuvote scanners,) and there were problems of not finding registrations in the State registration database as well as arbitrary rule application to qualify absentee ballots. As of today Nov 26, 2008 Mark Ritchie Secretary of State says there are 12,000 uncounted absentee ballots or 12/288 = 4.1%+ spoil rate.
That is huge.
Absentee ballots were close to 10% of total ballots cast this year, much higher than previous years, so this spoiled absentee class of ballots is a large pool of ballots, certainly enough to swing the few hundred difference found in the results certified by the state which triggered an automatic hand recount.
Absentee ballots as done in Minnesota are a weakness in the election system and an attack point for election manipulation as many cases have been seen in the past in many other states. Early voting systems that are in other states remove many of the problems of absentee ballots being used for early voting as is the case in Minnesota. An early voting system that mimics regular voting closely seems to be a better system for voting early rather than using the absentee ballot system that is geared for voting from a distant location.
Are the problems with computerized voting machines or ballot scanning systems are fixed? No, it is probably just as bad this year, or worse, since there are more of them and the problems have not been solved or cannot be solved. High cost, loss of ability of local jurisdictions to run an election, technical errors, opportunities to "fix" elections, all still exist.
Here is an analysis of vote manipulation for stealing elections as a security process, this is part two, Who does vote fraud and motivation is part 1. A real life example of holes in optical scanner voting is described in Ramsey County Minnesota Public Elections Test.As described by Bruce Schneier in the book "Secrets and Lies" security has at least two sides, the attacker and the defender, and the attacks can be analyzed by target selection, analyze a target, access a target, attack a target, avoiding detection and escape. On the other side is protection, attack detection, reaction to attack and remediation of damage. In this section I am looking at the election process as targets of security penetration with the goal of the compromise of fair elections.
- Provisional ballots, no standard for counting them has been established, just that they can be cast. This pool of votes could be exploited like absentee ballots have been or the pool of non-active voters (voting while dead).
- Central database of voters by state allow Secretaries of State to inject their influence into the voter lists. In Minnesota, for example, the Secretary challenges any voter that does not match exactly the names and drivers license/state ID number. Yet instead of using the drivers license/state ID database as the source of voter registration (ultimate motor voter) the voter enters that information separately, a guarantee of data mismatch.
- In Minnesota ES&S reported lobby expense went from $0-2003, $7000-2004, $40,000-2005. http://www.cfboard.state.mn.us/lobby/LobPrincipalExpend_Current.html Because of HAVA, in 2005 all Minnesota counties adopted ES&S ES&S' Model 100 precinct-level ballot counters with an Intel processor, and QNX operating system, and PCMCIA memory cards. and ES&S' AutoMARK Voter Assist Terminals for disabled access, except for the few counties that already had Diebold ballot scanners. Deibold reported no lobbying expenses and sold no machines. The contracts netted ES&S an estimated $39 million of the $44 million in HAVA money for Minnesota, not a bad return on $40,000.
Before HAVA, many of the rural counties used hand counted ballots. Now most of them do not have the staff to run an election, they must use ES&S technical staff. A central point of election tampering has been inserted into the process. A software "update" by ES&S and most of Minnesota voters can be affected. Ballot scanners run software, the software can be cracked, a central controlled non-public technical staff is in place to install the software and is responsible for "counting".
In Ohio in 2004 during a few days just before the election and after the election according to data at netcraft.com the central vote tally systems were switched from the state ip addresses to servers at an Internet Provider (IP), Smartech, controlled by the Republican National Committee, the address block includes same set of servers that Karl Rove seems to have lost the email of the lists of U.S. Attorneys that were fired. The vote tallies were then controlled by partisans, the same trick was done in 2006, why mess with success. RNC controls Ohio Election (Slashdot) This was only possible with the power of the Secretary of State (SOS) of Ohio, the chairman of the Bush re-election campaign, possibly neutral technical staff controlled the tallying servers in Ohio so maybe they switched the servers away from the state to an easier to control environment. This switcheroo was effective, when caught after the fact Ohio has not changed a vote or election result. Soon after the election the tally servers were switched back to State of Ohio. Central tallying as part central control of the state election process allows tampering at a vulnerable choke point.
Because of HAVA expenses and complexity for elections are going up. ES&S Project support, election support, verification testing is over $1000/per day per item with contract minimums of 3 days. Elections are becoming expensive, more than the basic pens and paper ballots, combined with lack of expertise to run elections and you have a restriction on democracy, elections themselves are becoming difficult, much less is the difficulty in stealing them. All the technical gizmos and setup must work for an election to occur, what happens when the process fails and the election process falters and does not complete?
Many targets and methods of attack are not just for election day, as the election process is not a one day discrete act but has operation rules, registration, census taking, re-districting, multiple elections per year for different political units, like school, city, county, state primaries, special elections, etc. As a continual process it can be compromised at any point in the process and many methods of manipulation of election process targets can widely affect all elections as well as just manipulate discrete election results.
Central attack points allow wide manipulation effects in elections. Usually these involve political office holders such as the Secretary of State and the centralization of power to affect the process. The classic example is the year 2000 election when the Florida secretary of state Harris sent out a list of 50,000 voters to the counties to drop from the registration list because of a central access point into the election process. Now, other secretaries of state are using the HAVA federal voting legislation to insert access to the voter lists into the election process.
One example was reported July 23, 2004 when Republican Mary Kiffmeyer, the secretary of state of Minnesota, wrote election rules to supposedly implement HAVA without public hearings. Some of the election rules were overturned by a State Administrative Law Judge. But then they were rewritten without any hearings, again, to do essentially the same thing and became official election rules a month before primary elections. Check Google for "Kiffmeyer election rules."
One set of rules in particular creates very easy challenges of voters who could be barred from voting if the voting information was not exactly matched by "official" databases. So, if the voter data had "Joe X. Blow" but some Department of Public Safety database says "Joe Xavier Blow", a voter could be barred from voting. What is more, if the Secretary of State challenges voters the County auditor must verify the voter in ten days or the voter is barred from voting and must re-register.
A method of distributed denial of service (DDOS) attack on the voting process I will call the "Kiffmeyer Finesse" would be to drop voter participation in targeted precincts by challenging thousands of voters in a county for not matching exact data from the non-specified Public Safety or Social Security databases or other non-specific problems close to the time that the lists must be created for an election. The precincts and the voters are easily targeted because all the election results are also centrally located in the central database. An outside contractor could compare political party donation databases, interest group lists, credit card, finance data (home owner vs renter), health data, etc., to refine the challenge lists to specific political characteristics. The Department of Public Safety databases have other characteristics such as criminal records, general police incident records, court records, physical attributes (brown vs blue eyes), id photos, race data. A finely tuned challenge list is created, shades of Florida, and sent to the counties a day or two before the election roster deadline.
The counties have limited staff, yet are responsible to verify the challenged voters in only ten days, however this is only a day or two before the election lists must be created and the county staff gets overwhelmed and only verifies several hundred of the thousands of voters challenged. The "finesse" is that unlike Florida, the Minnesota county cannot just reject the changes to the list, the master list is now controlled by the Secretary of State of Minnesota with power to add and drop voters and the challenged voters not verified by the county are dropped. The voters then show up at the poll, but surprise, they are not on the list as registered voters and get questioned by judges, slowing the voting process at the targeted precincts and dropping voter participation because as lines grow long people will leave as well as voters that are turned away or marked "provisional" if they cannot convince the election judges that they are proper voters. Meanwhile, in the non-targeted precincts very few such problems occur.
To defend from this attack is difficult, no audit process is in place to prevent the Secretary of State from using any criteria they wish to check a specific set of voters for minor data differences in "official" data sources. Also, the timing is up to the Secretary of State. Masking attack targets by sprinkling challenges across counties and precincts can confuse an audit scheme. Unlike Florida, the county officials cannot just reject the voter challenges by the Secretary of State, but must accept them until proven otherwise by the county.
Many other rules also had the effect of moving the decision power from the county level to the secretary of state, weakening the distributed nature of the election process and making the process vulnerable to central attack points.
Lowering voter turnout, like the example above is a strategic plan, making many attacks on specific tactical targets much easier.
An interesting wide spread attack I noticed in the 2004 presidential election: touch screen voting was used as a vote suppression system. Touch screen vote systems can only process a voter every 2-5 minutes, in comparison a vote scanner system can process a vote in a handful of seconds, at least a magnitude of 10 times faster. Many seemingly targeted precincts had a shortage of touch screen voting machines causing long wait times to vote.
Time in line is a factor in final vote count as is cost to the government (usually county) that implements an election. Touch screen is both more than a magnitude of 10 more expensive AND slower, guaranteeing a suppression of turnout in districts that supporters of touch screen systems want to suppress most, poor precincts that have a history of not voting Republican. If the counties that had touch screen voting and long wait times had bought new ballot scanner systems the final counts would be far different.
Vote scanners are far cheaper and can service huge amounts of people with one scanner in a short time interval, maybe more than 20 per minute vs. as few as a dozen per hour with a touch screen system. Also, scanner ballots can be held and counted later, when a touch screen system is out of commission the vote is very effectively suppressed. This is not to say that vote scanners cannot be manipulated or are a perfect system, but they can count a lot of votes in a short time.
In the USA where voter turnout is very low for primary elections (10%-20%) and commonly less than fifty percent for even a presidential election in many states. A primary may be the target rather than the final election where all real choice is made before the big show. So a target election where the turnout is 10-15% will be affected by a small manipulation, and a small manipulation is easier to hide from detection or evade reaction or avoid remediation. Combination attacks could be very effective, a "Kiffmeyer Finesse", to target opposition precincts with voter challenges, can make effective other narrow effect attacks such as changing some poll stations in the target precincts to confuse the voters, setting up some speed traps or police activity, road closings, shortage of ballots, lack of election judges, some voting equipment problems or electric power outage with plenty of provisional ballots and the combination could effectively change the results of target elections. The fact is that many small manipulation tactics have a better chance of success with little chance of being caught or if caught, little consequence or penalty.
Dropping barriers to actually voting include having paid public holidays during statewide voting, tax incentives to voters, schools and child care available, free public transit on voting days, but nothing has happened for decades. Political advancement in removing the barriers to registration and voting will be difficult as the people who hold power have no incentive to implement any advantages or removing the existing barriers, in fact the barriers are increasing, notably the "provisional vote", which ment that even if you pass the current barriers to cast a vote it gets tossed or manipulated.
Multiple attacks using many methods have been the history of successful manipulation. Each attack method may be a small effect but the cumulation of effects moves the election result to the desired outcome.
For example, multiple voter suppression techniques were used in Ohio 2004 and other elections to suppress participation including rejecting registrations filed on the "wrong paper weight" form, "losing" registrations of target populations with phony registering agents, absentee ballot suppression of targeted populations, "provisional ballot" non-counting of targeted populations, lack of voting equipment in targeted precincts, moving voting locations to cause confusion, etc. Combining the suppression with multiple manipulation of vote counting and about a 5% change from exit polls was effected in several states....
Barriers to registration: - inconvenience to register, make the procedure difficult. - scare people off, make registration intrusive, or in a scary place such as a police station. - onerous side effects of voter registration such as jury duty. - Tests such as property ownership, "literacy", "language" - subjective tests especially aimed at specific classes of people. - legal status of classes of people barred from voting, past or current legal criminal status, high voting ages, age limits. Manipulation of registration data in control of the state: - "lose registrations", computer "error", human "error" - removing classes of citizens from voting lists without verification. - target removal of registrations to special geographical or other data characteristics of voter data. (Names, ages, etc) - Inactive voter pool. - Leave plenty of dead and inactive voters on the lists to allow a large pool of possible manipulation later. A large pool of inactive voters leaves opportunity to scatter a few critical fraud votes over the inactive domain to avoid a detectable pattern. - "Helpful" registration for certain classes of voters but not others - fixing registration forms after the fact. - lax authentication. - automatic registration of certain classes of voters. Attack opposing party organizations: - Bar candidates from the ballot. - Attack the party organizations by denial of service attacks on party offices, phone banks. - Paramilitary raids on headquarters, file trumped up charges, jail party leaders. - Voting day mechanics: - Inconvenient or restricted voting hours, for example a work day that is not a holiday, opens late or closes soon after work hours (7 or 8 pm). - Excessive cold, heat or other stressful conditions in the voting place or weather. - Cause riots or disturbances during voting hours in targeted districts or targeting classes of citizens ( women, racial, clothing type, etc.) Could be perpetrated by military, paramilitary (police) or goon squads. - Declare "civil emergency" alerts (like Government terror warnings or third party bomb threats) to drop voter turnout. Can be targeted to specific districts or regions. - Shortages of: - Ballots - Polling workers - Voting machines - early closing hours Target shortages to specific locations. - Inconvenient polling locations, - difficult to get to (automobile access only, no public transport, not accessible to handicapped, under construction, "hidden" location) - change voting locations often. - power outages to add inconvenience. - construction and detours near polling places, can be done the day of the vote to block participation. - change locations just for special districts or votes. -Ballot manipulation: - complex ballot layout - confusing ballot layout - position of names or issues on the ballot - manipulate wording of propositions, referenda - Shortages of ballots in targeted locations. Voting machines have another access point to manipulation, the technical staff, usually a private contractor that services and programs the voting machinery. - complex machine-human interface exploits - complex ballot layout as a byproduct of machine interface - secret software for machines - access to machines for mechanical or software manipulation - break machines in targeted districts - technical software manipulation widespread, or targeted to specific polling places. - power outages in districts with dependencies on electronic voting machinery. - Cannot verify software used on ES&S Model 100 ballot scanners: http://www.washburnresearch.org/archive/ESSFirmware/ESS-Firmware-001.pdf Vote counting: - change of counts at precinct - change of counts at districts - change of counts at county - Throwing out cast ballots to some manipulated standard. - Provisional ballot count process manipulation. - Absentee ballot count process manipulation. - Lack of control of ballots allowing ballot box stuffing with regular, absentee or provisional ballots.In conclusion, targets can be affected by many strategic and tactical methods of manipulation spanning long intervals of time, not just election day. Protection, detection and reaction are difficult problems.
List of articles on fixing elections, vote fraud, election manipulation