The usual rule is never attribute to malice that which can be explained by incompetence. But CalPERS choice not just to implement internet voting, but to press eligible voters to use it over clearly safer methods, is obviously dodgy given the post-2016 focus on hacking elections, and worries about the ability to tamper with electronic voting. Remember that “electronic voting” is light years more secure than Internet voting, since the voting machines in electronic voting are not usually open to the Internet.
But of course, the big risk in election integrity doesn’t come from scheming Rooskies, but from insiders trying to assure a win for their candidate by suppressing or tampering with votes.
And why might we think that CalPERS motives in implementing voting by Internet and phone were less than pure? The vendor CalPERS is using for those two methods, Everyone Counts, does not provide a paper trail to allow for any pretense of independent verification of its tallies.1 Everyone Counts is also not certified by the Secretary of State.
And we aren’t exaggerating when we say that CalPERS is pushing the most tamper-friendly method hard.
First, the Election home page tells eligible voters to “Vote Now” before it gives them any other information:
And if you click on the little icon in “Vote Now” above, you go to this page:
And if you didn’t get the message, CalPERS flogs insecure Internet Voting later in the same page:
CalPERS’ CEO Marcie Frost has said she wants to eliminate paper balloting entirely. The justification, that this would save costs, is a convenient cover for the real aim, that of suppressing votes by retirees, who have a higher level of election participation, and have also been strong supporter of board members who have the temerity to ask questions and demand accountability, like Margaret Brown and former board member JJ Jelincic. In other words, even before you get to the opportunity to engage in nefarious conduct, the motive is to give the unions even more sway over the board.
The balance of the post will discuss:
Experts agree that Internet voting is not secure and recommend against it
Internet voting is explicitly illegal under California law
CalPERS’ chosen vendor, Everyone Counts, has a poor track record and cannot comply With CalPERS election regulation
CalPERS told more whoppers in its voter FAQ
Experts Agree That Internet Voting Is Not Secure and Reject Its Use
The National Academy of Sciences, Engineering and Medicine released a new report, Securing the Vote: Protecting American Democracy, the result of a two-year effort led by a committee that “included computer science and cybersecurity experts, legal and election scholars, social scientists, and election officials:” From the press release:
Internet voting should not be used at the present time, and it should not be used in the future until and unless very robust guarantees of secrecy, security, and verifiability are developed and in place. Currently, no known technology can guarantee the secrecy, security, and verifiability of a marked ballot transmitted over the Internet. (The Internet is an acceptable way to transmit unmarked ballots to voters as long as voter privacy is maintained and the integrity of the received ballot is protected.)
Some of the supporting detail from the report proper:
Election administrators face a daunting task in responding to cyber threats, as cybersecurity is a concern with all computer systems…
There are many layers between the application software that implements an electoral function and the transistors inside the computers that ultimately carry out computations….As a result, there is no technical mechanism that can ensure that every layer in the system is unaltered and thus no technical mechanism that can ensure that a computer application will produce accurate results. This has several important implications for election systems:
• all digital information—such as ballot definitions, voter choice records, vote tallies, or voter registration lists—is subject to malicious alteration;
• there is no technical mechanism currently available that can ensure that a computer application—such as one used to record or count votes—will produce accurate results;
• testing alone cannot ensure that systems have not been compromised; and
• any computer system used for elections—such as a voting machine or e-pollbook—can be rendered inoperable.
Election systems are especially vulnerable when they are connected to the Internet, telephone network, or another wide-area network.
A hot take on the report from Fast Company:
Paper ballots should be used to help guarantee election security, and digital voting machines that don’t produce a paper trail should be replaced as soon as possible, according to a new report from the National Academies of Science, Engineering, and Medicine.
As we noted earlier, Everyone Counts, the vendor conducting the Internet voting for CalPERS, does not provide a paper trail.
In the interest of keeping this post to a manageable length, rather than providing more excerpts, below are links to other authoritative sources on the inherent failings of Internet voting:
Internet Voting Leaves Out a Cornerstone of Democracy: The Secret Ballot MIT Technology. As we’ll discuss below, this violates the California constitutional requirement that “Voting shall be secret.”
Online voting is impossible to secure. So why are some governments using it? Computer Security Online. Subhead: ” If you thought electronic voting machines were insecure, wait ’til you meet online voting.”
David Dill: Why Online Voting Is a Danger to Democracy Stanford Engineering. Subhead: “A Stanford computer scientist says Internet voting would be ‘a complete disaster.'”
Internet Voting Verified Voting. “There is no way to guarantee that the security, privacy, and transparency requirements for elections can all be met with any practical technology in the foreseeable future. Anyone from a disaffected misfit individual to a national intelligence agency can remotely attack an online election, modifying or filtering ballots in ways that are undetectable and uncorrectable, or just disrupting the election and creating havoc.”
And even the mainstream media is leery: Online voting could be really convenient. But it’s still probably a terrible idea. Washington Post
Internet Voting Is Explicitly Illegal Under California Law
The fact that Internet voting is not and cannot be made secret means it violates a central provision of the California constitution: “Voting shall be secret.”
CalPERS has implicitly acknowledged that it needs to comply with that requirement. Last year, we criticized CalPERS for having a non-secret ballot by having voters sign the face of the ballot. The board approved changing procedures for this election to return to the old system of having voters sign the envelope only, which will then be separated from the ballot before the count is made.
Not only does Internet voting fail to meet this standard, it is also not a permitted voting method in California. We pointed out a year ago:
However, voting by Internet is very rare in the US and is explicitly illegal in California. From the Secretary of State’s website:
Additionally, pursuant to Elections Code section 19205, no part of a voting system shall be connected to the internet at any time. Nor shall any part of a voting system electronically receive or transmit election data through an exterior communication network of any type.
Indeed, the statue is terse and the Secretary of State had cited it word for word in his overview:
No part of the voting system shall be connected to the Internet at any time.
In a FAQ embedded at the end of this post, CalPERS contends that its election process is hunky-dory because CalPERS governing statute allows it to set its own election procedures. However, the Legislature was very clear in stating that any changes to the election method required new law.
In a classic example of CalPERS’ General Counsel Matt Jacobs’ school of lawyering, the FAQ cites a court case that in fact does not clearly support CalPERS’ claim that it has the authority to implement Internet voting (among other things). The ruling bizarrely took the position that the disputed changes, like going from “winner of a plurality wins the election” to “only a plurality winner means CalPERS will hold a runoff” to be changes in procedure, as opposed to changes in method, without ever discussing the criteria for determining if a rule change rose to the level of being a change in method. However, the court cited this section of Proposition 162 as support for its ruling in CSEA v. CalPERS:
The integrity of our public pension systems demands that safeguards be instituted to prevent political ‘packing’ of retirement boards.
In fact, the insecure, audit-trail-free Internet and phone voting run by Everyone Counts looks to be tailor-made for political packing by CalPERS to assure that only its cronies will win.
Another proof of the dubious legal status of Internet voting is the unprecedented qualified certification given by the Secretary of State last year.
Here is the sort of certification the Secretary of State issued for CalPERS elections before the pension fund took up Internet voting:
Contrast that image with the certifications issued for last year’s elections:
It appears that the Secretary of State, which for obvious reasons could not cause a political firestorm by not ratifying an election by a major state agency, instead tried to distance himself from the process. Needless to say, a search of recent CalPERS election certifications shows that none prior to last year contain a disclaimer by the Secretary of State about the election methods.
We spoke to a former general counsel to the Secretary of State. He said when he was in office, under a different Secretary of State, that they would not have approved CalPERS’ use of Internet voting.2 He also thought a legal challenge to CalPERS’ vote-by-Internet scheme would have good odds of prevailing.
CalPERS’ Chosen Vendor, Everyone Counts, Has a Poor Track Record and Cannot Comply With CalPERS Election Regulation
CalPERS engages in sleight of hand by depicting the elections as being run by “IVS/Everyone Counts”. As we explained last year, “IVS” is Integrity Voting Systems, which is a brand name for the vote-counting services of K&H Printing, which has a large ballot and envelope printing business. Everyone Counts is an Internet voting company which also offers phone voting. IVS and Everyone Counts teamed up to manage the CalPERS election, but each voting channel is run by a separate vendor.
As we wrote last year:
My, why are we hearing that “Everyone Counts” name only now? Why has it been kept under wraps, with nary a mention to the board? Could it be because a web search would have revealed unflattering information about Everyone Counts overhyping its pet initiative, voting over the Internet? From a 2016 article in the Atlantic, which among other things, discusses an Internet voting fiasco in Estonia:
“They’re pretending like voting is no different than buying a book on Amazon, and they’re completely, by virtue of ignorance or malice, ignoring the truth of the world,” said Joe Kiniry, a cybersecurity researcher. “The simplest way to check the veracity of their statements is to call up any security researcher in the world that you find online who has made public statements about end-to-end verifiable elections and ask them. And you will find that 999 out of 1000 will tell you that [the likes of] Everyone Counts, [other online voting venders], and Estonia are full of shit.”….
Note that Everyone Counts has no election certifications whatsoever from the California Secretary of State.
Moreover, no matter what assumptions you make about how the paper ballots are being counted, it cannot comply with CalPERS’ own regulation:
§ 554.8. Ballot Counting and Runoff Election.
On the date specified in the Notice of Election at the location designated by CalPERS, the validated paper ballots shall be tabulated publicly by an independent, neutral agent appointed by CalPERS for that purpose. Online and telephone votes will be tabulated on the date specified in the Notice of Election and be auditable by an independent, neutral agent appointed by CalPERS for that purpose…..
Finally, the regulation calls for the online and telephone votes to be “auditable by an independent, neutral agent appointed by CalPERS for that purpose”. That means auditable by a party separate from the one that does the tabulation, which is Everyone Counts.
However, in the meeting with the candidates, Everyone Counts said it does not produce paper records. This means its process cannot be verified. Even in more secure voting via voting machines, ones that produce paper records are the only type that can be audited properly. As NBC News pointed out:
Breaches in Arizona and Illinois, tied to Russian hackers by intelligence officials, involved Internet-linked registration databases, not the manipulation of voting or tabulation machines, which are offline….
“I really think it’s negligence for a secretary of state anywhere in the country now not to have a paper trail for their votes, not to have some backup system, because the risks are just too great in this cyber Wild West,” Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee, said last month.
Back to the current post. Oh, and if you read the FAQ below, CalPERS has the chutzpah to mention a “successful online pilot” run by Everyone Counts in Los Angeles. If Everyone Counts considers Los Angeles to have been a success, I shudder to think what they would define as a failure.
An LA CityWatch article described the online election that Everyone Counts tried to run for the LA Neighborhood Councils. It had to be terminated and the process rebooted with paper ballots. And our concerns with the inability to audit results were borne out. From LA CityWatch:
A major issue with online voting was the impossibility of doing election verification after the election. No actual ballots were kept for the online votes and no final tally that reconciled the ballot count issued.
CalPERS Told More Whoppers in Its Voter FAQ
If you look at the FAQ we’ve embedded at the end of this post, you’ll see we’ve already exposed some of the misrepresentations and misleading statements, like depicting CalPERS’ election methods as perfectly legal, when that idea is quite a stretch. For instance:
California law allows CalPERS to offer electronic voting.
Section 554.7 of the California Code of Regulations, provides:…..
CalPERS is merely citing its own regulation. Regulations can only promulgate statue. They cannot create new law. CalPERS’ regulations continue to run afoul of the requirement for secret voting, and could also be separately challenged for violating the election code by providing for Internet voting.
Some other examples:
We protect the privacy of the voter no matter which method is used….All votes are kept in confidence by IVS/Everyone Counts to protect the secrecy of the vote.
As numerous experts said earlier, that is flat out false. There is no way to assure privacy in Internet voting. The most secure way is paper ballots.
IVS/Everyone Counts’ ballot facility has been certified by the California Secretary of State….Paper ballots are placed in a secured caged storage area that meets the requirements of the California Secretary of State for manufacturers of ballots.
This is a lie. There is no “IVS/Everyone Counts” facility. There is a K&H Printing facility in Everett, Washington, and an Everyone Counts facility in La Jolla. Neither company is on the list of certified voting technology vendors. The “K&H Integrated Print Solutions” facility is Washington is certified only for printing of “Dominion Imagecast,” “ES&S Unity,” “Hart eSlate,” “Premier AccuVote-OS,” and “Sequoia OpTech” ballots. Last year, there was no IVS sign on the facility nor did any employees have IVS business cards. The “Integrity Voting Systems” part of the operation was very much an afterthought.
More important, the Secretary of State does not certify third-party vote counting services of any kind.
And the blather about ballot cages is designed to mislead. The standards, such as they are, for protecting mass printed blank ballots and perhaps also the envelopes to send them to voters are irrelevant to the procedures that need to be in place once voters have voted and sent them back to be counted.
Moreover, why should we believe CalPERS assurances as to how the completed ballots are stored? Last year, at a site visit, then board candidate Margaret Brown found ballots out in the open, and employees said they were kept overnight in boxes. This year, since CalPERS has stated that the public can visit the K&H facility during business hours while the election is on, they’ll presumably do a better job of keeping up appearances. But even if the employees can grandly show some unopened ballots in cages, a visitor will have no way of knowing whether this is some or all of the ballots received to date.
Finally, the FAQ loftily announced that “public viewing will be allowed” of the vote count of paper ballots in Washington, followed by the electronic tally of the phone/Internet votes in La Jolla. The latter is a complete sham, since the system will have been keeping a running total throughout the election. Even worse, as we recounted last year, the “tabulation” took place with two sheets of glass and a corridor between the observers and the Everyone Counts employees supposedly working on the election with their laptops screens turned away from the public. Anyone who has seen vote counting in a system run with real integrity has repeatedly watched observers, particularly officials of the competing parties, hover over the people tabulating the votes. The idea that seeing employees play with their laptops amounts to adequate election supervision or transparency is pathetic, but CalPERS is so devoid of shame that it does not mind showing that its election procedures are a joke.
This continuing insult to CalPERS beneficiaries is yet another example of Frost’s ineptitude as a manager. It was more than a year ago that board candidate Margaret Brown visited the K&H operation in Washington and saw how the paper ballots were being kept in an insecure manner, open to all employees of the firm. She and fellow candidate Mike Flaherman obtained a copy of the election contract and demanded answers. The election contractors told demonstrable lies and eventually admitted to poor practices that violated CalPERS’ regulations.
Frost has had a year to fix this. All she did was address the most glaring problem, that of having voters sign ballots that also had a bar code on them. The rest has been public relations and per the FAQ, lying. Given the ease of tampering with Internet voting and the lack of an audit trail, CalPERS’ heavy-handed promotion of it looks like a way to make sure its clearly favored candidate wins no matter how the votes really shake out.3
1 As we’ll discuss, audit trails for Internet and phone voting aren’t such a great control anyhow, since those records would be digital and therefore subject to alteration. But not even making a gesture in the direction of verifiability is awfully cheeky.
2 CalPERS almost certainly
arm-twisted conferred with the Secretary of State before implementing Internet voting.
3 The reason this charge is not as extreme as it might seem is that CalPERS refuses to disclose voting results by channel, that is, for paper ballots versus phone voting versus Internet voting. This information would allow independent observers to see if the voting on one channel was implausibly out of whack with another, since you would expect the results in each channel to be broadly similar. For instance, if mail-in ballots coame in 60% to 40% in favor of candidate 1 while Internet and phone ballots were 75% to 25% in favor of candidate 2, it would strongly suggest vote tampering. But CalPERS refuses to provide any data of this sort.Calpers board election process