Skip to content


Election Official Accountability in Los Angeles

Some scary comments from a Los Angeles City Beat interview with the infamous McCormack:

On credentials:

CityBeat: How do you respond to the charge by Kim Alexander of the California Voter Foundation that you put 40,000 votes at risk by asking Diebold to alter the software on the eve of the recall election?

Conny McCormack: That woman has absolutely no credentials in elections. It's almost laughable. She says I put 40,000 votes at risk. I would never do that. I wouldn't have a job if I did that.

That is a rather immature logical fallacy. She is attacking the other person's character rather than answer the argument presented to her. And who in their right mind would use "I have not been fired, therefore I must be qualified…" as a defense? That's a high-stakes politicized strategy since she infers that her opinion on any subject will always be "correct" until she gets fired. Because she has been wrong before, and yet still has a job, therefore she may be wrong again and still keep her job. See Donald Rumsfeld for another example of this dilemma.

But, since McCormack brought it up, it turns out Kim Alexander is a seasoned researcher who has focused on voter privacy and computerized voting systems. She was even recognized by the EFF for her efforts. According to her bio:

In 2004 she received the Electronic Frontier Foundation's Pioneer Award, along with computer science professors David Dill and Avi Rubin, for their pioneering work spearheading and nurturing the popular movement for integrity and transparency in modern elections.

And according to the EFF:

In 1999 she served on California's Internet Voting Task Force, which in 2000 issued the first comprehensive study of Internet voting security and concluded that the Internet was not yet a safe place for securely transacting ballots. In 2003, she served on the California Secretary of State's Ad Hoc Touch Screen Voting Task Force. The task force report included a minority opinion of which Alexander was a co-author. The California Secretary of State adopted the opinion, and as a result, California is the first state in the nation to require that electronic voting machines provide a voter-verified paper trail.

[...]

Prior Pioneer Award recipients include Tim Berners-Lee, Linus Torvalds, and Vinton Cerf, among many others.

Impressive credentials indeed! McCormack is clearly not only mistaken about Kim Alexander, but it looks like McCormack may have an axe to grind with her — aside from political battles over state regulations and favored vendors, there may be a pride issue related to Alexander's recognition for leadership and influence.

Back to the interview…here is McCormack on Diebold:

You are friends with Deborah Seiler, Diebold's chief sales representative in California, and L.A. County is now buying equipment from Diebold. Is the friendship appropriate?

I've had a long-term friendship with her. There's nothing wrong with a friendship. Has it influenced my judgment? Of course not. In terms of the Diebold contract for L.A. County, I was not on the evaluation committee. I removed myself from that. But Diebold was the only vendor that met all the requirements for L.A. County. Sequoia wrote a letter saying it could not meet the requirements.

Perhaps because the requirements could not be met securely? People say she is a shill of Diebold and, well, the facts do point in that direction. Why anyone in her position would flaunt friendship with a company like Diebold as "nothing wrong" is downright baffling. "I understand people's concern" would sound more reasoned and mature, but the absolutism in her position belies a defiance of the facts and a lack of propriety. Remember how Randy "Duke" Cunningham insisted he did "nothing wrong" until he entered his plea?

McCormack on certifying software:

Isn't proper certification of election software an issue?

We have been using and patching software in L.A. County for over 30 years. Whenever changes are made, an incredible amount of testing is done — literally thousands of checks. Now, there have been infractions by all vendors, including in L.A. County. We have not been dotting every "i" and crossing every "t" to certify all the software. But it would be the biggest irony, to me, to have someone say that because we hadn't done it by such-and-such a date we couldn't do it.

Wha? Huh? Whoa Bessie! Release known flawed elections software because it is capable of being fixed in the future? She really takes the concept of risk management to new lows. The threat (T) is high, the value of the assets (A) is high, and yet she wants to ignore the vulnerabilities (V)? If you accept the formula "Risk = T*A*V" then I find it impossible to tell anyone the risk is low when the vulnerabilities are not dealt with appropriately. My comments on this topic ended up on Bruce's blog.

And finally, McCormack on proprietary software:

Isn't there a problem with the software being proprietary, making it almost impossible for the Secretary of State's office to examine it?

They have the authority to examine it, or they can go to court and ask a judge if they can examine it. Proprietary software has always been used in elections in this country. That doesn't mean it is evil, or that there is anything wrong with it. It is just a way of preventing competitors from coming in and stealing it.

She's deferring the question to later, perhaps with full intent to block any attempts to expose proprietary software. Who would be able to convince a judge to let the public take a look at the source code and under what terms? What would such a challenge look like?

In other words, she is apparently more concerned with the likelihood/ability of someone challenging the software's security than with someone breaching its security. And so I support Bruce Schneier's criticism that this election official has foolishly and apparently carelessly confused secrecy with security.

Another expert counter-point is provided in Ed Felton's recent testimony (PDF) on Electronic Voting Machines to the US Congress:

Intuitions developed with older technologies can mislead when applied to computerized systems.

[...]

Getting the details of voting right is difficult, especially in today's high-tech polling place. But failure is not an option. The stakes are too high, and the risk of malfunction or fraud too great, to make our current course tenable in the long run. We need to work harder and smarter, exploiting the knowledge of both election experts and technical experts.

Very eloquently stated.

Posted in Security.


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word