Everyone calm down. No one is voting twice. No one is being purged.

The Wisconsin Elections Commission is working on a project to contact voters who have more than one home address on state government databases. If the voter has moved within Wisconsin, the WEC wants them to register at their new address. If they haven’t moved, WEC wants only to confirm their voting address.

In our current political climate of eager fearfulness and lunging-at-each-others’-throats, this is causing controversy, even a lawsuit. But the facts are neither as the partisan Republicans or the partisan Democrats fear or want you to fear.

Last October, the WEC checked the addresses on the voter registration database against other State of Wisconsin databases and found 234,039 mismatches–mostly with the Department of Transportation. They sent postcards to the voter-registration address to make sure the voter was registered to vote at the right address. Everyone involved–the WEC, the voters, the local clerks–has plenty of time to resolve this before the next election. That’s why the cards went out in October, when there was a long lull between elections.

The practice of checking registration rolls for people who have moved is widely recognized as prudent maintenance. It’s routine and useful for preserving election integrity and WEC is going about it as carefully as any other state.

Personally, I don’t think it adds value to election integrity beyond appearances, but I won’t go to the mat to defend that belief. It has no effect on voter fraud because the voters are registered to vote at only one address. If they are attempting fraud, they are being so clumsy we don’t need to worry that they will succeed. Slightly inaccurate voter-turnout statistics is the only drawback I see to leaving movers on the rolls until they register someplace else or fail to vote for four years.

For Republicans: NO ONE IS REGISTERED TO VOTE TWICE. In addition, no one has voted twice. There’s not even any evidence that any of them are trying.

There are plenty of non-fraudulent reasons why people have different addresses for their vehicle registration and their voter registration. Small business owners might register their car from their business address. Same for people who own two homes–don’t we want them to vote? Tax evaders who live in cities that levy wheel taxes might register their cars at their relatives’ homes. (Okay, that might be fraud, but it’s not voter fraud.)

And give a thought to those individuals’ freedoms. Why shouldn’t a man who owns a home in Waukesha and cabin in the Northwoods be able to choose which he’ll use to register his cars and which he’ll use to register to vote? Leave the guy alone. If you force the WEC to remove people like him from the registration list every time they register a new car, you’re causing him trouble and causing the WEC to divert effort from real problems.

And now that we’ve resolved that, Republicans, consider this. A law firm is spending donations from people like you to force the State of Wisconsin to spend your tax dollars to respond to a frivolous lawsuit that won’t have any effect on voter fraud even if it succeeds. Surely there are better things to do with both the donations and the tax dollars.

For the Democrats: NO ONE IS BEING PURGED. In fact, the postcards might be preventing problems for some voters.

Since the postcards went out, 13,267 of the voters registered to vote at their new location. That’s 13,267 voters who won’t have to clear this up the next time they go to vote.

Another 1,666 responded to the postcard saying that they hadn’t moved. Their voter registrations were confirmed. No harm, no foul, good to go.

As of mid-November, 54,234 postcards had been returned as undeliverable, confirming the voters no longer lived at the address where they were registered. In the future, if any of those voters show up at a polling place anywhere in Wisconsin, they will be able to re-activate their registration right then and there and cast a regular (not provisional) ballot. That’s not a smidgen more work than they would have had to do if WEC had not removed them from the voting rolls.

The remaining 164,873 voters have been flagged on the registration database. If in 2020 they show up to vote at their old polling place, they will be told they have two home addresses listed with the State and asked to clarify the right address for the voter-registration database. If they say, “This is my voting address. I’m in the right place,” they will be allowed to sign the poll book and vote. It’ll take them maybe five seconds longer to vote than it would have taken them had the computer not flagged them.

If they show up at some other polling place or if the court decides to force the WEC to remove them from the registration rolls right now, the next time they show up at a polling place, they will be able to re-activate their registration right then and there and cast a regular (not provisional) ballot. It’ll take them maybe five minutes longer to vote than it would have taken them had the court not ruled against them.

And now that we’ve resolved that, Democrats, consider this. Imagine you’re a marginal, disenchanted would-be voter. What will you feel when you see social media spreading the message: “Lawsuit could affect the ability of 234,000 Wisconsin voters to cast ballots”? Suspecting you might be one of them isn’t going to make you any more eager to show up at the polls to find out.

Spreading fear of routine election-administration practices can be nearly as effective at suppressing votes as actual purging would be. When there really is nothing to fear, use your words and energy to spread that message instead. There are other alarms to be raised about the real threats to our democracy.

Verifying a statewide election could be this easy and cheap.

Photo: Michigan election officials assess the results of a manual count of a sample of ballots for a risk-limiting audit in 2018. Photo credit: Berkeley Institute for Data Science, UC-Berkeley


Think of “risk-limiting audits” as low-effort exit polls.

Exit polls determine who won by asking randomly selected voters “Who did you vote for?” Risk-limiting audits work on the same principle to confirm the correct winners, but they skip the sidewalk conversations and phone calls.

Instead, they pose the question directly to randomly selected paper ballots.

Either way, a small sample can provide statistical proof of who really won the election, independently of the vote-counting computers.

No one in Wisconsin now does risk-limiting audits. Sometimes local officials spot-check a few randomly selected voting machines, but those efforts do not ensure that any outcome-altering miscounts will be detected and corrected before preliminary election results are made final. Risk-limiting audits do.

There’s no one correct way to do a risk-limiting audit. Our election officials could sample individual ballots (less work) or entire polling places (more work). They could do nothing more than confirm the correct winner in one race (less work) or they could answer other questions at the same time (more work).

A risk-limiting audit of a statewide election in Wisconsin could be this easy and cheap:

1) After they close the polls on Election Night, poll workers would record how many ballots they seal into each bag. Using this information, the municipal clerk would create a “ballot manifest” (e.g., City of Abbotsford: Bag #1 – 234 ballots; Bag #2 – 122 ballots).

It’s unlikely anyone has ever counted, but a fair guess is that a big election produces around 4,750-5,000 sealed ballot bags statewide. One bag can contain a maximum of around 300 ballots but might contain fewer than 10.

2) The day after the election, every municipal clerk would send their ballot manifest to the Wisconsin Elections Commission. The WEC could create an online reporting form to make this task easy and quick. It wouldn’t need bullet-proof security if the municipal clerk also mailed a hard copy of the manifest to WEC, and WEC staff later verified them against each other.

3) The WEC would then assign a number to every ballot in the state. For example, ballot numbers 1-234 would be assigned to the first bag from the City of Abbotsford; numbers 235-356 to the second bag, all the way up to the last bag from the Town of Yuba, which might be assigned the numbers 2,673,149 – 2,673,308.

4) WEC staff would examine the preliminary election results for the statewide races and enter the results for the closest race into a statistical tool that has been endorsed by the American Statistical Association, tested, and used in other states. This would generate a sample size for the audit.

The size of the sample depends upon the Election-Night margin of victory. If the margin is large or normal, the sample size will be small. For example, the 2018 contest for the US Senate was neither close nor a landslide: 55.4% to 44.5%. A risk-limiting audit of that race would have needed an initial sample size of only 401 ballots across the entire state. However, officials could choose to select a larger sample to provide voters with ’emotional’ confidence in addition to statistical confidence.

An extremely close election such as the 2018 Governor’s race (49.5% to 48.4%) would have needed an initial sample of 37,841 ballots (out of almost 2.7 million cast). But it’s these races that officials legitimately need to be most careful about, and it’s the very close races that, when left unaudited, provoke the most candidate resentment and voter suspicion.

Wisconsin election officials have already demonstrated they can handle larger sample sizes. For comparison, the voting-machine spot-checks conducted after the November 2018 election required officials to count votes from 135,712 ballots — more than 3.5 times the number of ballots they would have needed for a risk-limiting audit. But because of the way WEC selected that sample and their instructions that auditors ignore voter intent, that effort did not confirm the correct winner in any race.

Wisconsin election officials counted 135,712 ballots in the random voting-machine spot-checks after the November 2018 election, but used a method that did not confirm the winner in any race.
A risk-limiting audit of the same election would likely have verified the correct winners in the statewide races with only 37,841 ballots.

And because races from the same ballot (as those two races were) do not need separate samples, a risk-limiting audit could have verified all the statewide contests on the ballot in that election–an accomplishment of enormous value to election security and voter confidence.

5) WEC would randomly select ballot numbers and then use the statewide ballot manifest to identify the bag in which each of the selected ballots is stored. For example, if ballot #284 turned up in the random sample, the WEC would know it is in the second bag from the City of Abbotsford. If the random selection turned up ballot #2,673,193, they would know it is in the last bag from the Town of Yuba.

6) At this point, WEC could ignore the hypothetical numbers they assigned to each ballot and tell the municipal clerks only the number of ballots to be randomly selected from each bag.
For example, the WEC would tell the City of Abbotsford clerk to randomly select one ballot from the second bag. The instructions for random selection could be something like: “In the presence of observers, pull the ballots out of the bag, set them in a stack on the table, let an observer from each political party cut the stack several times like a deck of cards, cut the stack two more times, and select the ballot at the bottom of the last cut.”
Other methods could be prescribed for jurisdictions that use machines that print flimsier forms of paper ballots.

7) The municipal clerk would display the selected ballot to the observers; fax it to the WEC; mark it with red ink indicating it was the ballot selected for the audit; put it on the top of the stack of ballots; and reseal the bag.

8) The WEC would conduct a publicly observed manual count of the faxed ballots and enter the results of that count into the standard risk-limiting audit formulas. If the proportion of votes for the Election-Night winner in the manual count is close enough to the proportion reported on Election Night, the result is confirmed. The audit would be concluded and the county canvasses could conduct their certification process as normal.

If the proportion of votes for the Election-Night winner differed too much, an additional sample would be drawn and counted. That process would be repeated until statistical confidence in a winner was established.
The WEC would need to adopt policies to govern what will happen in the rare event that the sample has to be expanded more than twice, or if the confidence level declines as the sample is enlarged. Likely, WEC would stop the audit, declare a lack of confidence in the preliminary Election-Night results, and order a full recount on its own initiative.

Other states’ election officials think their voters’ right to self-government through secure elections is worth at least that much time and effort.

If you think Wisconsin elections are worth the effort it takes to conduct a genuine risk-limiting audit, contact your county clerk and the Wisconsin Elections Commission to tell them so.

Wisconsin’s Election Security Council sees the gorilla.

The first meeting of the Wisconsin Elections Commission’s new Election Security Council was both reassuring and scary.

First, the good news. I’m genuinely not sure whether WEC created the council more to promote belief in security or to promote security itself. But whatever WEC’s intention, the members of the new council are there to promote security.

They uniformly exhibited a desire for actual security. Understandably, they showed some legitimate interest in appearances, but their primary concern seemed to be for real security.

Hang on to that idea as I describe the bad news. I do think intention matters.

The second piece of good news is that the members did not seem to share—even slightly—WEC’s hesitance to include voters on the council. (See note at the end of this post.)

A bit of background: the state election agency’s longstanding attitude toward citizen participation is not normal. After 30 years working as a state bureaucrat in three agencies and auditing dozens of others for the legislature, I know “normal.” Even agencies running unpopular programs like septic-tank regulation or state-forest timber harvest seek citizen participation as a routine matter of course.

In contrast, the WEC runs a popular function—people like elections—and yet they hide under their desks when someone mentions voter participation. I’ve never understood why; it makes no sense. I sincerely think that, overall, their objectives are in line with those of the voters.

Fortunately, the council members know normal. When WEC administrator Meagan Wolfe asked whether they wanted to add voter representatives to the council, the members’ brief discussion can be summarized: “Well, duh.”

The representative from the Wisconsin Counties Association, whose name I didn’t catch, pointed out that legislative advisory councils routinely include representatives from citizen groups. Then, after Wolfe said she would bring a detailed proposal for selecting voter representatives to the next meeting, Governor Evers’ representative, Jenny Dye, said that would be too late. The council’s work was “already short on public input,” she said, and it wouldn’t do to have the public members miss the first two meetings. WEC agreed to work out the details and get voters’ representatives to the table by the council’s December meeting.

Okay, now the bad news.

The level of naivete in the room was frightening. Among the utterances that made me shudder:

  • In the limited discussion of specific threats to election security, I heard reference only to external hackers. I detected no awareness that insider corruption (e.g., a rogue employee of a voting-machine company) is the single greatest threat to vote-counting security—one that our election clerks have no reliable defense against. When a representative from the Wisconsin Statewide Intelligence Center listed the threats to look for, he described only external threats. Later, WEC Assistant Administrator Richard Rydecki explained to me that was because external threats are the only ones WSIC has noticed. Well … yes … that is why the other threats are more serious. Wisconsin officials don’t have any way to detect unauthorized remote-control software in the county election-management computers or dicey Serbian programmers working for Dominion.
  • Hearing Mike Davis from the League of Wisconsin Municipalities open his question with “I don’t know much about elections administration, but…” Yikes! Municipalities run Wisconsin’s elections! (On the other hand: his ‘but…’ led into a question about what we do with our paper ballots—displaying that he has good intuitive sense about how we could be securing our elections from that rogue programmer or service technician.)

Ignorance doesn’t have to be a problem. No one was born knowing this stuff. They can learn.

However, WEC’s conduct of the meeting gave me some concern that the council members might not get the education they need.

Put it this way: If you convened a new council to get advice on election security, how would you have opened the first meeting? If it had been me, I would have started by describing the basic elements of a secure election system. Then, I would have given the council a quick overview of Wisconsin’s strengths and weaknesses vis-a-vis these elements–which are covered, and where are the weak spots or holes?

Instead, WEC staff presented a rosy overview of all the good things. When they were done, I’m guessing some council members were wondering why they were there, given that things are already as good as can be.

Wolfe wasn’t making stuff up–a lot of good security measures are already working. She was leaving stuff out—specifically, stuff relating to voting machines.

One fact is critical to understanding election security: Two separate systems must be secured. (See the chart below). These two systems have practically no overlap. They have different creators and different owners. They operate on different computers, managed by different agencies. They face different threats and require different safeguards.

WisVote–the voter-registration system–is secure, thanks to the good, hard work of the state elections agency. I wouldn’t trade our voter-registration system for any other in the nation.

Security for the vote-tabulation system–that is, our voting machines–is closer to an honor system.

Yet Wolfe danced over the tabulation system so lightly I’m not even sure she said the words “voting machine.” For example, one of her Powerpoint slides listed the steps in an “End-to-end Election Administration System.” The list went right from “prepare the poll lists” to “report results to the State.” I wonder whether any of the council members noticed the missing step: “Count the votes.”

I’ve seen this tunnel-vision focus on WisVote security from WEC staff many times before. Whenever they are asked about “election security” (with or without specific reference to voting machines), they respond by describing safeguards that protect only the WisVote system. Dozens of reporters have failed to notice.

But for some reason, I didn’t expect it to be on full display in the meeting today. Perhaps I was thinking that creating an advisory council was something like going to a therapist. You want help, right? So be honest about the problems that bring you there.

(Spoiler alert. If you’ve never taken the selective perception test where you watch a brief video and count the number of times a white-shirted team passes a basketball, do that before reading further. I don’t want to spoil anyone’s opportunity to experience this phenomenon firsthand.)

I’m not a mind reader and so cannot say how much of this relentless tunnel vision on WisVote security is strategic, and how much stems from the fact that tabulation-system security is simply not the WEC’s job.

But as I listened, I started to see WisVote as WEC’s white-shirted basketball team. They are so intently focused on it—absolutely, fully engrossed—that they cannot see the gorilla that is the tabulation system.

Here’s my best hope, and I think it’s a real possibility: I think this council might be able to provide WEC staff with more guidance and education than they realize they need.

After WEC staff had shared all the lovely information about WisVote security, they turned the microphone over to the council members. They asked each member to say a few words about their organization and describe how they see their role in election security over time.

The county clerks went first—and promptly ignored the instructions. Instead, they immediately started to talk about voting-machine security and the fact that they are not getting the IT support they need. Then the League of Municipalities representative popped in with his question about the role of paper ballots in securing election results.

The WEC staff may not see the gorilla, but it was the first and only thing council members wanted to talk about.

In summary, this seems like a good bunch of sensible people. In addition, on my way out, I had a quick but solid discussion with Rydecki about some nuts-and-bolts details regarding the sort of risk-limiting audits that could work to secure Wisconsin election results.

So progress is underway, and I’m okay with that.

* * *

NOTE: After reading this blog post in mid-November, Assistant Administrator Richard Rydecki reached out to explain what had appeared to me to be WEC’s hesitance to include members of the voting public on the new Election Security Council. Our conversation was easy and pleasant and provides a window into WEC’s thinking about its various stakeholders.

The idea to form such a council is not new. In early 2019, the WEC created its first election-security advisory committee, limiting membership to county and municipal clerks. So in March, both Wisconsin Election Integrity and the League of Women Voters of Wisconsin publicly urged the WEC to seek election-security advice from additional stakeholders. We suggested that they either expand that committee to include public representatives (particularly those with security expertise), or to form a separate election-security advisory group with broader membership.

I cannot speak for the LWV-WI, but WEI received no response. If the WEC gave the proposal even momentary consideration, it was quickly forgotten. Rydecki made no mention of it when he explained that the idea for this new election-security advisory council arose in June, in discussion among government officials at a Department of Homeland Security training exercise.

Apparently, the officials who proposed its creation did not mention anything at the time about public members. Nevertheless, Rydecki said, WEC staff did consider how public input might be handled. Some clerks “were not terribly enthused” about having public members on the Council and might not have agreed to participate if public members were included.

One option, according to Rydecki, was that officials’ trepidation might be accommodated by allowing a short period for public comment at the beginning of each meeting, as the Elections Commission itself does.

But ‘professional courtesy’ required WEC staff to refrain from making a ‘unilateral decision’ on how or whether anyone who is not a government official would participate. So WEC formed the council exclusively with government officials and then presented it with the question of how or whether it would have public participation.

I’ll let the reader decide whether that information supports or contradicts the observations I made, above, about WEC’s attitude about citizen participation.

This is what secure tabulation looks like

Up to now, the Wisconsin Elections Commission’s interest in elections security has focused on the voter-registration system (WisVote), rather than the vote-tabulation system (the voting machines). When the Commission has paid attention to concerns about voting-machine security, it typically has been for only as long as it took commissioners to ask the vendors “Tell us how to refute these concerns.”

The Commission has also made a habit of limiting its own information sources. Earlier this year when they felt the need for advice on election security, they convened an Election Security Advisory Panel consisting entirely (not making this up) of county and municipal clerks. That was a revealing indication of the Commission’s level of interest in seeking advice from anyone else … say, disinterested IT professionals or highly interested voters.

This image has an empty alt attribute; its file name is CAPQuote.jpg

But the Commission’s interest in voting-machine system security may be showing signs of life.

Last week, the Commission announced the formation of a new Elections Security Council of “federal, state and local partners” that will “formalize collaboration between these key groups and the public to improve communication and maximize election security.”

As usual, the Commission’s idea of “key groups” is limited to government officials. It’s also possible their idea of ‘communication’ remains limited to outgoing messages to reassure voters that all is well.

Oh, well, it’s a start. Give the new council a chance to join the fight for voting-machine security. We’ll know more after their first meeting on October 16, when they will discuss whether and how they want to involve any stakeholders.

Realistically, though, it’s possible this new council will — as the Commission itself has always done — focus its efforts exclusively on the voter registration system (WisVote) rather than voting-machine system security. Nothing in the press release specifically indicated the Commission is looking to expand its election-security efforts beyond WisVote.

Nevertheless, just in case this council represents an awakening, its members should know what a secure tabulation system would look like.

So here’s a welcome gift to the new Elections Security Council:
A list of what would be in place if our voting-machine system was secure.

Most of the elements listed below are common sense, not rocket science. It’s just sensible, prudent management of a highly critical IT system. Some elements are present for Wisconsin. Others are missing. State and local election officials cannot create all the missing elements, which means they need to look for ways to make up for their absence.

If any members of the new council are curious to know which of these elements are in place and which are missing, multiple nationallyrespected electionsecurity authorities stand ready to share critical insights. Those experts’ interest in security is unaffected by financial interests and by any reflexive defense of the status quo.

In a secure vote-tabulation system:

Voting equipment manufacturers would…

  • Manufacture only those systems that are as secure as possible given current technology and customers’ budgets.
  • Manufacture only systems that use or produce ballots that voters have verified as accurate records of their intent, and that allow local officials to verify the votes were tabulated accurately.
  • Cooperate fully with the federal Department of Homeland Security monitoring of the companies’ own computers and security practices.
  • Cooperate fully with state and local governments’ security requirements.

The federal government would…

  • Promulgate strong, clear, and frequently updated regulations for secure, auditable voting systems, and for the independence of private testing labs.
  • Actively and rigorously apply those regulations when certifying new systems or updates.
  • Actively monitor and enforce compliance with those regulations.

The state government would…

  • Through law and regulations, implement strong security and auditability requirements for voting systems used in this state, and rigorously enforce those through certification.
  • Provide guidance and technical assistance to local governments related to voting-machine system security, so that vendors are not their customers’ only source of information and advice.
  • Adopt laws and regulations for local governments’ voting-system security practices.
  • Monitor local compliance with required voting-system security practices, and have the ability to correct poor practices.
  • Coordinate strong post-election tabulation audits, involving all the counties’ boards of canvassers, that verify the correct winners in all statewide races before certification.

County government election officials would…

  • Follow federal and state requirements for securing county elections-management system hardware and software.
  • Have professional IT staff capable of and assigned to working with the voting-system vendor on security-related matters. (If not county staff, an independent contractor who is unaffiliated with voting-machine sales and service.)
  • On Election Night, obtain electronic election records (including CVR and digital ballot images) from municipalities. Maintain strong internal control and to support voter confidence and ballot security, post digital ballot images to the internet within 24 hours of poll closing.
  • During the county canvass, use the paper ballots to verify that the computers identified the correct winners. If problems are found, correct results before certification.
  • Between elections, audit various election-security practices and take action to improve whenever any issues are found.

Municipal government election officials would…

  • Maintain year-round strong internal control of marked and unmarked ballots; other election records (e.g., CVR, digital ballot images); and voting-system hardware and software.
  • Maintain equipment according to manufacturer recommendations. Routinely and reliably inspect equipment inside and out for signs of tampering or malfunction; take action to correct any issues noted.
  • Conduct strong pre-election testing of both tabulators and ballot-marking devices; take action to correct any problems noted. Make sure all voting machines are equally reliable and operable.
  • Train election workers in how to maintain security; how to notice trouble signs; how to document and respond to trouble signs or lapses.
  • Monitor performance of elections workers to ensure that no bad habits develop, that any departures from standard procedures are quickly noted and corrected.

Voters would…

  • Volunteer to serve as poll workers and hand-counters for audits.
  • Pay attention to election security issues, getting neither too excitable nor too complacent.
  • Be willing to hold their local officials accountable for verified accurate election results.

WEC to voters: Voting machines use binary code, so you don’t need to be able to decipher your ballot.

No, you’re not crazy. It doesn’t make any sense.

Today the Wisconsin Elections Commission once again took up a voting-machine vendors’ request to market a new product here. Once again, the Commission confined voters to five-minute comments and then invited voting-machine vendors to sit down at the table with them to pitch their products.

Once again, the Commission discussed the voters’ concerns only for the purpose of asking the vendor to refute them.

And then the Commission once again approved a ballot-marking device (BMD) that records our votes as barcodes we cannot read.

The machine in question today is called the ExpressVote. Designed primarily for voters who cannot use a pen, BMDs require voters to use a touchscreen to indicate their votes. The computer then prints a marked paper ballot. Increasingly, BMDs are being promoted to voters without disabilities, particularly early voters.

Some BMDs print ballots that are nearly indistinguishable from hand-marked paper ballots. The ballots cast by voters with disabilities look just like everyone else’s. Both voters and tabulators look at the same input to read the votes.

Bad BMDs, like the ExpressVote, print ballots that look like large cash-register receipts. On these ballots, votes are recorded as barcodes. This prevents voters from verifying their votes were printed correctly. It violates voters’ privacy when a polling place has only one or two voters with disabilities. (More about barcoding BMDs here.)

But why?

You might ask (most people do) why anyone would build such a feature into a machine.

You might ask, but the Wisconsin Elections Commission doesn’t.

Commissioners never asked the vendor: “Why? Why are you offering us a machine with this weird feature, when we know you can manufacture machines that perform all the desirable functions and none of the dicey ones?”

Whatever the answer is, it must not make the barcoding BMDs look good.

The vendor’s defense attorney

At one point, Chair Dean Knudson sympathetically acknowledged that voters who use barcoding BMDs can independently verify their votes only if they bring a barcode reader to the polls. He wisely noted that’s too much to expect of voters.

But beyond that, the commissioners’ questions on the barcoding issue could all be paraphrased: “How can we refute the voters’ stupid concerns?”

“Motivated reasoning” is the chop-logic that appears when people pick a conclusion first and go looking for reasons to justify it afterwards. For example, commissioners and staff repeatedly reminded each other: “We saw no problems when the barcodes were tested/audited/recounted. Therefore, we conclude the system is safe.”

That’s a textbook case of motivated reasoning. People wearing their thinking caps know that hackers don’t avoid any system that worked well during the manufacturer’s demo or the customer’s test.

People with unclouded vision know that computers do not earn magical immunity from future problems by working well on a previous occasion.

People who are seeking to build voter confidence know it’s a bad idea to give every questionable voting system one freebie botched election before rejecting it.

Commissioner Mark Thomsen, in particular, took it upon himself to play defense attorney for the vendor. He acted insulted that voters had implied the barcoding BMDs are “hackable.” But that wasn’t the voters’ point. Of course the barcoding BMDs are hackable; all computers are. If Thomsen had been listening to understand rather than listening to refute, he would have understood the issue was not “hack-ability,” but that barcodes remove voters’ and officials’ ability to detect hacking.

Most bizarrely, Thomsen repeatedly reiterated one laughable argument made by the vendor. The argument is this: Because the tabulators read all votes as binary code, voters have no reason to object when the printer makes their votes indecipherable to humans.

Thomsen has more than enough intellect to understand that users need to be careful to feed computers only accurate information, so he understands why voters need to be able to tell whether their intended votes were faithfully recorded on their paper ballots.

The voter registration system, like the voting machines, processes information as binary code, but I have no doubt Thomsen would immediately see the problem if anyone suggested that WisVote render each voter’s registration record unreadable to the voter.

But for some reason he pretended he didn’t understand.

Thomsen even went on to argue in favor of another type of BMD that WEC staff had wisely recommended rejecting. This machine combines a ballot-printer and a tabulator in one machine, creating a feature independent elections-technology experts ridicule as the “permission to cheat” feature. Fortunately, the other commissioners acted as a wise jury, so the notion of overriding the staff recommendation to reject that component went nowhere.

Voters shouldn’t give up.

The commissioners are neither stupid nor crooked, as far as I can tell. They do a fabulous job, for example, when they’re working on security for WisVote (the voter-registration system).

It’s only when the questions involve the tabulation system that they become more interested in making excuses for security flaws than in fixing them. They suspend their common sense only when the voting-machine vendors sweet talk them. But whatever the reason, siding with the voting-machine vendors against the voters is something of a habit for them.

As voters who want to protect our own votes and our communities’ elections, we’ve got work to do. We need to show up and object every time the Commission considers idiotic equipment. I see too much common sense on that commission to believe they will keep these particular blinders on forever.

The other suggestion on the table is a lawsuit. Wisconsin law requires that voting systems “permit an elector to privately verify the votes selected by the elector before casting his or her ballot.” If the WEC admits the barcodes are the only marks ever counted as votes, they will be admitting that the BMDs don’t comply with the verifiability requirement. On the other hand, if the WEC argues that the voters can verify the human-readable text on each barcoded ballot, they will be stuck with no explanation of why that text is never counted as votes. Therefore, if we can find a lawyer willing to defend election security and voters, we could make an argument that barcoding BMDs are already illegal in Wisconsin. If the Commission wants to build voter confidence and enhance security, it will adopt this line of reasoning even without a lawsuit.

Contact Senators NOW about election security

A coalition of national pro-democracy groups is calling for a national day of action for election security. Wisconsin voters need to respond. On or before Tuesday, Sept. 17 contact our two senators to let them know Americans deserve secure elections! Important legislation is stalled in the US Senate, and the senators need to MOVE.

Here is Ron Johnson’s contact page. Ask him to support election security action and to pressure Mitch McConnell to allow votes on the election-security legislation passed by the House.
Here is Tammy Baldwin’s contact page. Thank her for supporting election-security legislation.

Wisconsin has paper ballots, but our election results are not secure. Our county clerks do not use those paper ballots to verify the Election-Night results before they certify the final results. Several other states don’t even have paper ballots. That threatens us all.

The risks are real. Evidence is overwhelming. In 2016, Russian operatives hacked and probed American political campaigns and voter registration systems. But Russia isn’t the only problem–maybe not even the worst. Why would it be? American elections are an attractive target for many around the world and in our own country.  Hackers in China and Iran are showing interest and have launched thousands of attacks not just in the U.S., but in 26 countries, according to Microsoft, which has been helping detect and deter attacks for democracy-supporting organizations of all stripes. 

Many in the US Congress appreciate the need for REAL election security–and NOW. The House of Representatives has passed federal legislation that would make it possible for every state to have:
1) A voter-verified paper ballot for every vote; and
2) Robust ​manual​ election​ ​audits that detect and correct any false outcomes before election results are declared final.

But the US Senate isn’t working.

The House passed $600 million (in H.R. 3351) in election security funding for states and localities to use to secure our vote. While Republicans and Democrats had different proposals, nearly every representative in both parties voted to designated hundreds of millions of dollars for election security. Now it’s time for the Senate to write and pass its funding proposal.

But Mitch McConnell said. “I’m not going to do that.” He and his obedient cronies are blocking the legislation that would allow the states to protect our federal elections in 2020.

Every single U.S. Senator must stand up for democracy now. The Senate must pass funding for election security. They must include the House bill language so that the counties that are the most vulnerable are able to get the funds they need to secure our elections for all. 

The House voted to provide the states with funding for:

  • Paper Records: Every voter can ​​mark​ ​a paper​ ​ballot​ by hand or with an assistive device and verify their vote, so that there is a paper record of every vote cast.
  • Checking the Results: Officials subject ​machine-counted​ ​results​​ to​ a robust ​manual​ ​post-election​ ​audit,​ that can detect and correct false outcomes.
  • Secure Voter Data: Voter databases should be backed up offline, monitored and secured using best practices. Poll workers should be trained to ensure that voters can cast a vote in case of a hack or error.
  • Election websites and election management systems, as well as the vendors themselves also need to be more secure and resilient in the face of possible hacking attempts and computer error. 

FAQ

Q: To what extent can Mitch McConnell hold up the funding?
McConnell can fully block the funding if he wants to. But his spokesperson recently said they have not ruled out an appropriation for election security so national election-security advovates believe there is an opening. At the end of September the government must be funded so the Senate either must pass appropriations bills or agree to a continuing resolution with the House leadership. In either case, $600 million in election security funding for states and localities can and should be included.

Q: Isn’t this a federal mandate on state elections? 
States and localities have been pleading for funding from Congress for years now, and every state wants to be able to secure its elections. The House passed a strong bill with $600 million requiring the funding be spent on the areas of greatest vulnerabilities.

Q: The states got $380 million for election security in 2018 and they haven’t spent it all. Shouldn’t we wait until should spend it before getting more money.
States and counties are spending down the funds, they expect to spend 85% of the funds by the 2020 election. But in too many places it wasn’t enough to do a lot of the serious work. We want them to proceed quickly, but carefully so they actually are able to use the funds to make our elections more secure.

Q: My election official says the voting machines are not connected to the internet, how can they be hacked?
Sadly, our local election officials cannot promise that–they simply cannot know. They don’t have control over the security of the voting-machine manufacturers, where the software is developed. Election officials have no way to know whether those companies’ computers are on or off line. And if the software has been compromised before it even reaches the local officials, it doesn’t matter whether the local clerk keeps it secure.

In addition, it’s just not true that the voting machines are never connected to the internet. Local election officials often don’t understand what the voting machines are doing when they transmit results on Election Night. Almost all of our voting machines and the county elections computers use the internet during pre-election tests and then again for election-night reporting of the results. And on top of that, national cybersecurity sleuths recently found that nine Wisconsin counties had left their county elections computers on line continuously for as much as a year!

Q: We already have paper ballots, what do we need this funding for?
Paper ballots are only decorative if no one ever uses them to verify the voting machines’ accuracy. As things now stand, after a Wisconsin voter casts his or her ballot, chances are it will never be looked at again. It will be sealed up on Election Night and will stay sealed until it is destroyed two years later. In the meantime, the voting-machine tape will be assumed to be correct.

Unless the paper ballots are used in rigorous post-election audits comparing the votes on the paper with the numbers the machine reported, we can’t know for sure if the outcome of the election was correct.

The one huge hole in Wisconsin’s election security is that our officials do not routinely audit the results. The state elections agency could use this money to fund efforts to develop practical, reliable audit practices that fit with Wisconsin’s unique election-administration practices.

About those Russians…

In the past two weeks, three reporters have asked me to comment on Russian interference in US elections. Do I believe the Russians interfered with the 2016 election? Do I think they will try in 2020? And my least favorite: Do I think Russians are the worst threat to the voting machines?

I’ll answer the ‘worst’ question first: What the hell does it matter?  All threats are threats. Will it be a boring news story if our election is stolen by a Canadian anarchist living in his grandmother’s basement, or by a random computer glitch?

I’ll tell you what the worst threat is. It’s the threat that is literally the sum total of all other threats. Wisconsin county clerks are STILL not using the only safeguard effective against every voting-machine threat including the Russians: Using our paper ballots in prompt, routine, hand-counted audits that verify the correct winners.

The simple truth should be obvious. It is ridiculous to allow any computers to make any big decision unless you have a reliable way to detect and correct serious computer errors.  

Can you think of any other government agency that relies on computers and doesn’t have some way to notice if the computer screws up a big operation? No, you cannot. There isn’t one. Only election officials trust their computers that blindly, and demand our trust, too.

When Wisconsin’s county clerks declare election results final without verifying the correct winners, they are allowing computer programmers to pick the candidates who will govern us.1 They don’t supervise these programmers. They don’t know even know who or where they are.2

As to the other questions:  I don’t know whether the Russians or anyone else tampered with the voting machines in 2016 and 2018. No one does.

We don’t know because Wisconsin election officials didn’t check. 3 How is that not scandal enough?

Wisconsin’s election officials just seal our paper ballots on Election Night and leave them sealed until it’s time to destroy them two years later. No one ever knows if the paper ballots tell a different story than the computer tapes.

And I don’t know whether Russian criminals are planning to mess with the voting machines in 2020. I know that it is wise to assume they are. Most importantly, I know it will be criminally negligent if our county clerks make no effort to detect and correct any hacks that might get by the security system.

Call your Wisconsin County Clerk today and say: “Surely you understand that you cannot guarantee the security of our voting machines. Too much is outside your control. The only thing you can secure is the election results, and you can do that only by using our paper ballots in hand-counted audits during the county canvass to make sure you certify only the correct winners. Get busy now on developing audit procedures for the 2020 elections.”

– – –

1 A few Wisconsin county officials claim they “program their own voting machines” and imply that provides security. They don’t, and it doesn’t.
The county clerks ‘program’ the machines only in the sense that you ‘program’ a new cell phone with your personal address book and settings. If any are messing with the actual tabulation software, they are breaking federal law. Truth is, these county officials rely on the voting-machine company in the same way you rely on Samsung, Apple, or Nokia.

2 Example: In 2016, election-security advocates noticed that Dominion—the nation’s second-largest voting machine company, which counts many Wisconsin votes—was recruiting programmers in Serbia. The company’s official response was: “Like many of America’s largest technology companies, which develop some of the software for their products in places like Asia, India, Ireland and the Mideast, some of our software development is undertaken outside the U.S. and Canada, specifically, in Serbia, where we have conducted operations for 10 years.”

3 In the 2016 recount, half of Wisconsin’s presidential votes were “recounted” only by running the ballots back through voting machines programmed by the same people who programmed them for Election Day. These were the ballots in the state’s largest counties (except Dane)–the counties most at risk of hacking.
In the half that was hand-recounted, the recount found that more than 1 in every 170 votes had originally been miscounted. These errors were not deliberate and affected both major-party candidates equally. As a result, they did not change the outcome and the news media didn’t report it.
But notice this: even when that many votes had been miscountedup to 30% in some individual wardscounty clerks did not notice it in their regular canvass. They detected the incorrect vote totals only when forced to check their work with a recount. Unless our county clerks adopt routine audits, the same will happen when hackers put the Election-Night results outside Wisconsin’s microscopic recount threshold (0.25%). There won’t be a recount and the hackers will have successfully pulled off their crime.

What will happen when election hackers get to Wisconsin? A black comedy

Last week, a reporter and I were discussing election hacks that might happen in Wisconsin. He has done his research and understands the threats. He posed an interesting question: What if hackers wanted only to create chaos and distrust, rather than change the outcome of a statewide election?

Hmmm…what would happen? I thought through the likely chain of events and realized it is not possible to create distrust by hacking a Wisconsin election — but not for the reason you would hope.

If this was a movie, it would be a black comedy with a twist ending. The big gasp would come when the election thieves (along with the viewers) realize the fatal flaw in the plan …

Scene 1 opens in the messy office of computer hackers. They are working for a foreign government that has its eyes on the US presidential election. They are celebrating because they just succeeded in compromising a small voting-machine service company in eastern Minnesota.   

Scene 2 takes place in the Intelligence Headquarters of the foreign capital. The hackers are reporting their progress to the chief.

“The good news,” they say, “is that we know how to make that company provide compromised software to all its customers. Local election clerks will never know. They never inspect the software and their cute pre-election tests cannot detect hacks that activate only on Election Day.”

“The bad news is that the company controls only some of Wisconsin’s voting machines. They don’t have enough votes to deliver a statewide race.”

The hackers are surprised when the intelligence chief doesn’t care.

“No worries,” he says. “If we show we can hack the machines, we will destroy trust in the process. Whoever wins won’t have legitimacy.”

“Go for it,” he says. “Pick whoever you want to win. Just as long as it’s not the candidate the voters want.”

Scene 3 is back in the hackers’ office. The hackers are gleefully developing their plan.

As voters cast their ballots, the hackers will let the voting machines count their votes correctly.

But on Election Night, when the poll workers push “tabulate,” the computer will quickly flip the vote totals of the top two candidates in each primary. The voting machines will give the biggest vote total to the second-place finisher, and make the voters’ choice come in second. Not a single polling place in the entire area will report accurate results. 

Scene 4 takes place on Election Night, April 7, 2020. Poll workers are gathered around a voting machine in a small city in western Wisconsin. The chief inspector pushes a button on the back as others eagerly watch the poll tape emerge. Expressions of surprise.

Cut to the Associated Press Election-Night newsroom. Much excitement. An editor shouts to a reporter: “Go figure out what’s up with Wisconsin’s rural voters! That’s not what anyone predicted they would do, in either party primary.”

Scene 5 consists of a montage of cable-news soundbites on Wednesday, April 8, 2020.

Questions abound:  “What’s going on in rural Wisconsin? Why did the voters in both major-party primaries confound expectations?”  

Guesses tumble out: Maybe voters lied to the pollsters about who they would vote for, or whether they would vote at all. Maybe hostile cross-over voting went both ways…maybe the leading candidates were too confident…

In Scene 6, viewers get the shocking revelation.

It’s now two weeks after the primary. A county clerk and two senior citizens sit in a drab conference room in a small county courthouse. They are finishing up the official canvass. The clerk says: “I printed out the certification statement. This is one election we won’t forget.”

They pass the paper around. Each one signs it. The hacked results are now official.

One of the board of canvass members remarks: “I’ve been doing elections work for 35 years, and voters still surprise me. Well, let’s go for a beer.”

Cut to the Intelligence HQ in the foreign capital. The Chief is furious; the hackers stare at their shoes. 

The Chief slams his fist on the table: “You idiots chose a state where no one would even notice an election hack!!! Why didn’t you do this in Colorado or New Mexico?

“Are you nuts? How did you expect your hack to be noticed when Wisconsin’s paper ballots are sealed up on Election Night and never seen again?

“Didn’t you know that Wisconsin election officials never audit the primary elections?

“Didn’t you bother to notice that Wisconsin never recounts unless results are virtually tied?

“You bozos! Get out of my sight!”

The hackers leave. The chief smiles and picks up the phone.

“Mr. Secretary, good news. We just confirmed the people in Wisconsin trust whatever their computers tell them. No one will notice — not officials, not reporters, no one. Senate, Governor, President, whatever you want. ”

He hangs up the phone and calls his assistant in. “Contact the team who has compromised that big company, ES&S. Tell them to add Wisconsin to the list for November.”

* * *

Wisconsin’s local election officials do not stand a chance against sophisticated international cybercriminals. Too much is outside their control. Too many vulnerabilities, known and unknown, threaten the tabulators. Securing Election-Night results is a wishful fantasy.

But Election-Night results are preliminary and unofficial. Final results are the ones that matter and that could be secured — relatively easily, too. County clerks could use the paper ballots and their administrative authority to order hand counts. Simple audits could verify the winners while the clerks still have time to correct any miscounts.

But Wisconsin county clerks refuse to do that, so our elections continue largely on an honor system.

The Wisconsin Elections Commission orders scattered audits of individual voting machines after November elections. That’s grounds for some hope. But even with improvements made in 2018, if these audits ever detect a miscount, they are as likely to cause chaos as to prevent it. They are not rigorous enough to verify the correct winners and are not binding on final results. Officials have no agreed-upon procedures for what they will do if auditors detect that the Election-Night results were miscounted.

Contact your Wisconsin County Clerk. Tell him or her to develop written canvass procedures — NOW — to verify the correct winners in the 2020 elections before they certify the final results.

Support nonpartisan redistricting for Wisconsin. Now’s the time!

This just in from Common Cause of Wisconsin:

For Release: Monday – July 15, 2019

“Iowa Model” Redistricting Reform Legislation Publicly Presented

Tuesday, July 16th at 10:30 AM – Assembly Parlor, State Capitol  

On May 8th, Wisconsin Republican legislative leaders, Assembly Speaker Robin Vos (R-Rochester) and State Senate Majority Leader Scott Fitzgerald (R-Juneau), and their GOP minions on the Legislative Joint Finance Committee (JFC) stripped the redistricting reform provision proposal that Gov. Tony Evers had inserted in his 2019-2021 state budget proposal.   That measure is based on Iowa’s redistricting process which was developed and enacted into law in Iowa by Republican Governor Robert Ray and a Republican-controlled Legislature (both chambers) in 1980.

Now, out of the state budget, the “Iowa Model” redistricting measure has been introduced, with bi-partisan support, in the Wisconsin Legislature as stand-alone legislation and on Tuesday, July 16th, it will be formally “rolled out” by the lead sponsors at 10:30 AM in the Assembly Parlor of the State Capitol. CC/WI Chair, former State Senator Tim Cullen will speak in favor of the measure on behalf of CC/WI.

In the State Senate, the lead sponsor is Sen. Dave Hansen (DGreen Bay), who has introduced Senate Bill 288. In the Assembly, the lead sponsor is Rep. Robyn Vining (D-Waukesha), who has introduced an identical measure, Assembly Bill 303.   They will speak at the press conference with Cullen and other reformers.

Illustration credit: Isthmus

You can attend the press conference, too, if you are available and would like to join us.   It is vitally important for you to do your part to help make ending partisan gerrymandering a reality in Wisconsin before 2021, when the next redistricting process will occur, following the 2020 Census.

This week, contact both your state senator and your state representative and demand that they co-sponsor and support Senate Bill 288 and/or Assembly Bill 303. If you are not sure who your state senator and/or state representative is, go here.  

These measures have overwhelming citizen support all throughout Wisconsin. Now, state legislators need to adhere to the demands of their constituents to defy Vos and Fitzgerald and do the right thing. Support fair maps!

Some legislators and their staff may tell you the U.S. Supreme Court has now said that their current, partisan gerrymandering system is the only way the redistricting process can occur. 

That is a bald-faced lie! They absolutely could and should adopt the fair, non-partisan legislation (SB 288/AB 303), now ready for a public hearing and consideration by the full Wisconsin Legislature tomorrow, if they put the public interest ahead of their narrow, partisan interest.  

For your information, you can watch this very recent video (taped July 11th) about the June 27th U.S. Supreme Court decision on partisan gerrymandering and the path forward for ending it Wisconsin on Wisconsin Eye, featuring CC/WI Director Jay Heck and UW-Madison Professors David Canon and Rob Yablon.   Take action. Make your voices heard. Never, ever surrender. On Wisconsin!

Voters ask for security. The Wisconsin Elections Commission gives only reassurances.

Summary: The WEC should be pressuring manufacturers to improve insecure election equipment, not pressuring voters to accept it. But they are doing the opposite. 7-minute read.

* * *

June 27, 2019 – Imagine two friends walking down the street when a masher starts to hit on the woman—even tries to get her into his car.   

The woman’s friend doesn’t need to throw any punches. But he should at least say: “Hey, buddy. You’re out of line. Move on.”

The last thing you expect him to do is to tell the woman: “You need to trust. This guy’s offer sounds legit. He’s got a nice car. Go ahead; get in.”

Voting-machine companies have been acting like the masher. They are pressuring voters to take risks with elections equipment that has built-in security flaws:

  • Some models of ballot-marking devices (BMDs) print ballots with the votes recorded in barcodes, rather than in marked ovals beside candidates’ names. BMDs are necessary for people who cannot mark their own ballots. The problem is that barcoded votes make it impossible for voters to verify which candidates will get their votes. Even a voter carrying a barcode reader wouldn’t be able to tell whether 02060101 was the right candidate. The barcoded ballots also print the candidate’s names as text, but the computers count only the barcoded votes.  The Commission has approved two barcoding BMDs:  the ES&S ExpressVote and the Dominion ICE.
  • Hybrid voting machines combine a ballot-marking device and tabulator in one machine, which sounds okay until you know that, after a voter has inspected the ballot and inserted it back into the machine for counting, the machine passes the ballot back under the printer head. As a result, the machines can be mis-programmed to print additional votes on the ballots or to make marks that invalidate the ones the voters made.  Like barcoding, that makes voter verification impossible. Dominion ICE is the only hybrid voting machine currently in use in Wisconsin.

The Wisconsin Elections Commission has been telling voters to go ahead and get into the car. 

Manufacturer ES&S recently asked the Commission for permission to sell an updated voting system that includes both a safe BMD (the Automark) and a barcoding BMD (the ExpressVote).  The Commission took the matter up at their June meeting.

In advance of that meeting, dozens of voters contacted the Commission, asking them to deny approval to the barcoding machine. After reading the voters’ emails, the commissioners saw a problem, but it wasn’t the security flaw. The problem they saw was voter resistance to the security flaw.  (With one exception–see the footnote)

When they met on June 11, neither staff nor commissioners were coy about the purpose of the meeting. Administrator Meagan Wolfe introduced the staff who “conducted the campaign to approve the voting equipment.” (At 11:30 in this video recording of the meeting.)

Commissioner Mark Thomsen was equally clear about what he wanted from the meeting:  “I’d like to be reassured about any security issues and that the public knows that we don’t have a problem there.”  (38:38 in that video)

Were these mere figures of speech? Did Wolfe and Thomsen instead mean to say that they wanted to conduct a rigorous assessment to reduce or eliminate the risks?

Nope. Watch that video and you will see staff, commissioners, and ES&S sales representatives working together with shared purpose: To convince each other and the voters that all is well.

Had commissioners come to the meeting ready to grapple with and resolve the security issues, they would quickly have posed the obvious first question, given the controversy: Why are barcodes used at all? Particularly when it is demonstrably possible to manufacture a machine with all the desirable features of the ExpressVote but without the barcodes? What benefit do the barcodes provide, to whom, that justifies degrading voter verifiability like this?

But no one asked that. So no one answered.

That wasn’t the only important question unasked and unanswered. Tony Bridges, the Commission’s Election Security lead, reassured the commissioners that the votes recorded as text, rather than the barcodes, will be counted in recounts and audits.  (Starts at 48:12 in the video linked above.)

The Commissioners know — even if Bridges does not — that in 2016 the Commission testified in court that statutes give counties, not the Commission, authority to decide whether to recount by hand or by machine. The judge agreed. So Commissioners know they cannot require the recount method Bridges described. Yet no one corrected him. The stated purpose of the meeting was to increase confidence in election security — and Bridges’ misstatement did that.

Several commissioners are lawyers. If they had been engaged in assessing risks rather than excusing them, they surely would have also noticed that no Wisconsin statute anticipates that votes will be recorded twice on the same ballot. That creates a rat’s nest of legal questions around barcoded ballots: Which is the ‘real’ vote?

What does it say about the validity of results in un-recounted races when the Commission insists, as Bridges suggests, that only those votes recorded as text are reliable enough to decide a recount? One of the candidates in the next contested recount might suspect he or she got more votes from the barcoded ballots. When that candidate challenges the hand-counting counties, what legal argument will the Commission suggest to those clerks to defend Bridges’ method against pressure to recount by machine?

Bridges’ proposal is just as problematic for voting-machine audits. For years, the Commission has repeatedly asserted that this state’s audit law, s.7.08(6), Wis. Stats., requires auditors to read the votes the way the machines are designed to read them. Reading only the text votes from barcoded ballots cannot fulfill that requirement, because the tabulators don’t use those votes. So Bridges’ proposed audits do not qualify as s.7.08(6) audits. Yet those are the only audits the Commission has authority to order.

None of that came out in the meeting, however, because the commissioners were wholly fixated on defending the barcoding BMD. Having built up the illusion that officials will routinely check the barcodes for accuracy, Bridges’ testimony was on script and accepted.

The manufacturer’s claims were also accepted without question. None, however, stand up to even simple critical examination.

  1. The manufacturer’s first argument is: “The voters can verify the votes that are printed as text.”
    Commissioners working to protect voters would have said: “We cannot consider something that’s never counted to be a ‘vote.’ So we don’t see the value in verifying the text. It’s the votes that will be counted that must be verifiable to comply with the law that says that voters must be able to privately verify the votes selected.”  
    No commissioner said that.
  2. The next argument is: “Audits and recounts will notice if the barcoded votes differ from the printed text.”
    Commissioners working to protect voters would have told the manufacturer that is irrelevant in Wisconsin. Here, very few races are protected by recounts because recounts are allowed only when preliminary results are too close to have been hacked (Manipulated results will surely have a victory margin larger than 0.25%.) Audits protect even fewer races because the Commission has no authority to correct election results even if an audit detects a problem in the sampled machines.  
    No commissioner brought that up.
  3. Manufacturers offer a third defense when they are forced to admit the votes printed as text are merely decorative. They have built a feature into the BMDs that allows a curious voter to reinsert the ballot into the machine that printed it, which will read the barcode and display the votes on a monitor.
    Commissioners working to protect voters would have pointed out that’s not verification. It requires a voter to trust the machine once to print the correct votes, and then trust it again to read back the correct votes. If a barcoding BMD is programmed to print the wrong votes in the barcode, it will also be programmed to read the right votes back to the voter.
    No commissioner pointed that out.
  4. For their final line of defense, ES&S falls back on obfuscation. The manufacturer explains that the tabulator uses the same set of codes to interpret both marked ovals and barcodes. For example, the code assigned to a candidate whose oval is located in the second row of the sixth column on the first side of the first page of a printed ballot would be 02060101. The barcoded votes for that candidate contain a reference to that same spot—02060101.
    Commissioners working to protect voters would have scoffed and said, “If the voter hasn’t verified it, we don’t care how the tabulator reads it. Stop yammering about irrelevant technicalities and bring us a BMD with the good features of the ExpressVote and voter-verifiable ballots.”
    None of the commissioners scoffed.

Staff contributed additional weak arguments to help make ES&S’s case: 

  • Staff pointed out that they found no problems with the barcodes when they tested the systems. They did not mention that the machines used by Election-Day voters will be at risk of mis-programming, while the machines provided by ES&S for testing were not.
  • Staff said that previous recounts and audits found no problems with incorrect barcodes in past elections. They did not explain how that protects future elections.
  • Staff told commissioners that local officials often test the machines before each election. They did not explain that pre-election tests provide no security against malicious code, which would be designed never to reveal itself before Election Day.

No surprise: After this discussion, the Commission voted unanimously to approve the machine, and instructed its staff to reassure the voters.  A few days later, every voter who had urged caution got an email from Public Information Officer Reid Magney.  Following the commissioners’ instruction to convince voters that barcoded votes are “a perceived problem, not a real one,” (43:32), Magney uncritically repeated the manufacturer’s claims and even used the opportunity to distribute an ES&S marketing brochure.

So here’s a direct plea to the Wisconsin Elections Commission and their staff: Stop seeing it as your job to make the companies’ case to the voters. Start making the voters’ case to the companies.

When you hear manufacturers’ claims, make skepticism your default attitude. When you hear voters’ concerns, default to curiosity.

When a law or regulation can be interpreted either way, go with the common-sense interpretation that favors the voters’ interests. Don’t devote extra effort to wresting out an interpretation that favors the voting machine companies’ interests. (I’m looking at you, Staff Attorney Michael Haas—1:27:00.)   

Demand security from them, not trust from us.

In short, WEC, come over to the voters’ side where you belong.

Footnote: Chair Dean Knudson’s line of questioning, which starts around 50:00, was responsive to concerns about pre-election testing. However, to be fair, that line of questioning challenged only election officials to reduce the risks of barcodes. He did not challenge the manufacturer to eliminate them.

* * *

Note to the media:  Voters could use your help in getting the WEC to work on tabulation security, rather than to continue working on reassurance.
The security problems with barcoding and hybrid BMDs are being taken very seriously outside Wisconsin. Federal election-security legislation has been introduced that would prohibit their use. Senator Tammy Baldwin is co-sponsoring the Senate bill, SB 1472; Representative Mark Pocan voted for the House bill, HR 2722.
If you ever ask WEC about election security, be prepared to receive a list of measures they have taken to protect the voter registration system, WisVote. The list will not explain–unless you press–that those measures don’t protect the tabulation system.
The WEC might also list some things they have done related to securing the tabulation system. Before you file your story, notice which are guidance rather than binding requirements, and notice that none resolve the risks created when voters cannot verify their ballots, such as in barcoding BMDs or a hybrid voting system.