The Boston Progressive - Under The Fold

Recycled news and (hopefully) original commentary from a New England Progressive perspective -- the full text of items shown on the main page

Friday, December 02, 2005

DeLay's Redistricting Master Stroke illegal? **Gasp!!**

Part of Rep Tom DeLay's (R-TX) "legacy" was the redistricting plan that was forced through in Texas, and that "gave" the GOP extra seats in the House of Representatives.

At the time, it was controversial on several fronts:
  • - It was designed and implemented between census cycles. By itself this is not illegal, but poor choice, because (in theory) redistricting is meant to provide fairer representation, not just Gerry-mandering, and the demographics may have shifted significantly since the census reporting (which is presumably why the redistricting was done, due to shifts from the *prior* census cycle)

  • - The plan was seen as a strictly partisan effort to maximize the number of seats the GOP could win, not to provide a fairer distribution that could more fully implement the "one-man one-vote" test

  • - In what was seen as a symbolic, and very public, move, the Democratic members of the Texas legislature refused to take their seats for the vote, thereby depriving the legislature of a legal quorum. They even went so far as to absent themselves from the state of Texas entirely, so they could not be arrested and compelled to attend the session

  • - In a move that proved very embarrassing to Delay, when it was fully disclosed, Delay tried to use the services of the Department of Homeland Security to track down where the truant legislators had gone, and to send officers of the Department of Texas Public Safety (the "Texas Rangers") to arrest them, only to have the officers find that they could not so arrest the legislators, because the Rangers were out of their jurisdiction and they could not find a judge sympathetic enough to grant them jurisdiction

  • - The redistricting plan, as devised, was very similar to one that had already been struck down by the courts as being in violation of mandated corrective measures

  • - Many thought that the redistricting plan shouldn't pass muster, as it appeared to violate several points of law, but the Department of Justice declared that it was legal and met all the requirements of federal law

  • Except, that maybe, it really didn't meet those requirements, and maybe it really shouldn't have been approved by DOJ.

    The Washington Post is reporting that the DOJ lawyers tasked with reviewing the redistricting plan unanimously (six lawyers and two other advisers) recommended against the approval, but were overridden by senior officials at DOJ, who approved the plan (Justice Staff Saw Texas Districting As Illegal)

    This tactic, in a voting rights/representation case, of the career staff being overridden by the political appointees senior staff should sound familiar -- it's the same actions that were taken in Georgia, when the senior DOJ officials "pre-approved," over the objections of the career staff, the change in the voter-identification process. (See my earlier article here) Texas, as in Georgia, must submit any changes in voting procedures or redistricting to DOJ before they can be implemented.

    This information is just now coming to the fore because a previously undisclosed memo, where the career staff detailed their analysis, has been obtained by the Washington Post (the .PDF file of the 73-page 12/12/03 memo is here)

    A perusal of the memo can be something that can put you to sleep, until you run into some real nuggets. For example, after 7 pages of detail on how the State's proposed redistricting would "allow for more choice" in electing candidates one comes across this: (page 11 of the PDF)

    Of the 55 African American and Hispanic legislators in the legislature, 53 voted against the redistricting plan..... Of the minority legislators to whome we talked, all but two opposed the redistriting plan. Of the local minority elected officials to whom we spoke, all but one opposed the redistricting plan.
    We have also received comment letters from six other state legislators, who did not attend any meetings or speak on the telephone with any staff. of these legislators, four are Hispanic and two are Anglo. Thirty-six (36) locally-elected officials from around the state sent comment letters. In total, the Section received 335 comments against the proposed plan, none in favor of it.

    Also noted in the memo is an egregious "bait and switch" process -- when minorities objected to earlier versions of the new voting maps on the grounds that the new districts diluted representation for minorities, the redistricting committee agreed to make changes that would mitigate that criticism.

    However, when the final redistricting plan was voted out of conference before the final vote, most of the objectionable reapportionments had been reinstated. (P 13)

    Minority legislators also complained aboiut being "shut out" from the committee and conference decison-making process.

    The State of Texas created an analytical model that purported to show how the new "districts" would likely vote, by block, with imputed "elections" of current representatives. This analysis was meant to show that there should be no dilution of the voting power of minority groups.

    The effects of this analysis takes up a large portion of the document, with the authors maintaining that the "retrogressive" effect of minorities losing representation in some districts was not offset by probable "wins" in other districts.

    The memo also notes that (page 62)
    "Four of the five minority-preferred candidates who would love their seats under the proposed plan have substantial seniority experience in the House and serve on influential House Committees."

    Both opponents and supporters of the proposed change agree that the *purpose* of the proposed redistricting was not to, a priori, reduce minority representation, but to maximize GOP seats in the U.S. House (page 70):
    "...both proponents and and opponents of the plan agree that the main objective in redistricting was to increase substantially the number of Texas congressional seats held by Republicans. Even Minority leaders opposed to the redistricting plan recognize that partisan gain drove the redistrictying process and it's result, at times consciously overriding other considerations."

    The Voting Rights law, however, does not rely only upon "intent" when reviewing whether or not a proposed change should be "precleared" or the subject of an "objection," but that *effect* on minority representation needs to be carried into effect.

    If the Texas Legislature had been able to craft a redistricting plan that allowed for even the same amount of representation of minority voters, while still increasing the number of GOP seats in the U.S. House there would have been no grounds for objection, under Section 5.

    Supporters of the redistricting plan point out that an appeals court upheld the plan. However, the court very likely gave much weight to the fact that the DOJ had issued a "preclearance" to the plan, and those bringing suit against the plan were denied access to this memo, so they were unable to show the courts just what the DOJ detailed analysis said.

    From the Washington Post article:
    Mark Posner, a longtime Justice Department lawyer who now teaches law at American University, said it was "highly unusual" for political appointees to overrule a unanimous finding such as the one in the Texas case.

    "In this kind of situation, where everybody agrees at least on the staff level . . . that is a very, very strong case," Posner said. "The fact that everybody agreed that there were reductions in minority voting strength, and that they were significant, raises a lot of questions as to why it was" approved, he said.

    J. Gerald "Gerry" Hebert, one of the lawyers representing Texas Democrats who are challenging the redistricting in court, said of the Justice Department's action: "We always felt that the process . . . wouldn't be corrupt, but it was. . . . The staff didn't see this as a close call or a mixed bag or anything like that. This should have been a very clear-cut case."

    Hebert said the Justice Department's approval of the redistricting plan, signed by Sheldon T. Bradshaw, principal deputy assistant attorney general, was valuable to Texas officials when they defended it in court. He called the internal Justice Department memo, which did not come out during the court case, "yet another indictment of Tom DeLay, because this memo shows conclusively that the map he produced violated the law."

    (Just remember, here, that Herbert is representing the opponents of the DeLay-crafted redistricting plan)

    And what does DOJ have to say about this memo?

    About what we have come to expect, unfortunatly.

    Some exerpts from an AP article:(Gonzales defends call on Texas plan)
    WASHINGTON -- Attorney General Alberto Gonzales defended the Justice Department's decision to ignore staff lawyers' concerns that a Texas redistricting plan orchestrated by former House Majority Leader Tom DeLay would dilute minority voting rights.
    Senior agency officials, appointed by President Bush, brushed aside concerns about the possible impact on minority voting and approved the new districts for the 2004 elections.

    Gonzales, who was not attorney general when the agency reviewed the redistricting plan, said it was approved by people "confirmed by the Senate to exercise their own independent judgment" and their disagreement with other agency employees doesn't mean the final decision was wrong.

    The decision appears to have been correct, Gonzales said, because a three-judge federal panel upheld the plan and Texas has since elected one additional black congressman.

    But again, there is that question, would the appelate court have ruled that way if it had been allowed to see the document?
    The memo released Friday had been sought by lawsuit plaintiffs before going to court, but the Justice Department declined to surrender it then.

    "All decisions made by the Justice Department involve thoughtful rigorous analysis of the law," said spokeswoman Tasia Scolinos. "There is no place for politics in this process and to suggest otherwise is unfortunate and just plain wrong."

    Eight department staffers, including the heads of the Voting Rights Division, objected to the redistricting map, according to the memo which was first reported in Friday editions of The Washington Post.

    The Justice Department said Sheldon Bradshaw, then principal deputy assistant attorney general in the civil rights division, made the final decision in the Texas case.

    Hebert said when a case is a close call staff lawyers usually include counterpoints to their conclusions in their memo. But he said there is nothing in the 73-page memo suggesting a plausible reason for approving the map. "So that raises a lot of suspicions about the motives" of the senior officials who are political appointees, he said.

    Sunday, November 27, 2005

    North Carolina and Voting Machines. Again -- UPDATED

    (Note -- see update near the bottom of this article)

    Having worked in MIS/IT for most of my life, I'm usually aware, when someone claims that "he computer made a mistake" that someone is actually referring to a defect in design, or are attempting to cover up a manual error or deliberate action.

    Oh, there certainly are times when there are equipment malfunctions, or sometimes very subtle errors in underlying OS(operating system) or driver design ("Drivers" are the subprograms that actually make hardware pieces like the network card, or modem, printer or keyboard work, and allow the hardware and OS to "talk" to each other).

    Those defects are the grand exception, however.

    And something that really is absurd is the proclamation that something that is really quite simple, and straightforward, is that "too difficult" or "too expensive" to do in an automated system.**

    An infamous example was the claim, during the recent election cycle, that providing a physical audit trail of votes cast would be "too expensive" in terms of equipment and development effort. ANd the further claim that "it wasn't needed." A claim that was put to the test, and failed, when a special election in Florida was close enough to trigger the mandatory recount required by law.

    January 2004: Florida. In a special election for the State House District 91 seat, with only one item on the ballot, ES&S electronic voting machines showed a total of 134 undervotes – that is, 134 ballots in which voters did not select a candidate even though it was a single-race election.

    The winner received 12 more votes than the runner-up. Florida law requires a manual recount of invalid votes when the winning margin is less than one-quarter of one percent. However, election officials determined that no recount was required because the 134 invalid votes were cast on electronic voting machines, and there is no record of the original votes.

    (EFF - Electronic Voting Machine Information Sheet Election Systems & Software — iVotronic)>

    Because there was no verifiable audit trail, they could *not* do the recount.

    In 2003, in an election in North Carolina, where there was only one issue on the ballot (a bond inititive), 354 undervotes were recorded. In both these cases, the undervotes point to problems with the voting machines, as it is extremely unlikely that hundreds of voters would show up for a single-issue election, and then purposely cast blank ballots.

    In allied news, in 2003, Maryland election officials requested that Diebold, one of the most prominent vendors of e-vote machines, provide printers to each voting kiosk in order to provide voter-verifiable audit trails. In a leaked memo, one of the Diebold staffers stated that they hoped that the company would "..charge them out the wazoo" to add printers.

    The general reliability and security of the automated process, sometimes called "Black Box Voting" (BBV) has been shown time and again to be sadly deficient, with failures of physical security, the discovery of "back door access" to software, the proof, again and again, that these machines are not "ready for prime time."

    On the matter of simple security of the code, most of these BBV systems are built around the WIndows CE (Compact Edition) OS, which was not designed to be either a crypographically robust or exceptionally secure system. (Windows CE is the OS designed for use in so-called "palmtop" computer systems -- these systems are almost always being used for personal purposes, primarially as "personal Information Managers' (PIMs) and not as secure end-point terminals or systems).

    Additionally, the various vendors have refused to allow for independent audit of the code used, claiming that the code represents "trade secrets" and that nobody, even bonded memebers of the various state agencies that will be charged with using or interfacing with the machines, can see the code. The companies often claim that this will enhance the security of their systems, because of the theory of "protection by obscurity," where the code is "protected" from hacking because the code is hidden from view. This view of "security" is basically flawed, because of the quite well-advanced techniques for "Black box analysis" that can reveal the paramters of input used to the system that will create a particular result, often allowing for analysis of the underlying logic involved in the system processes, even without access to the source code. Indeed, these companies have managed to make, as part of their contracts, silence on the part of officials involved with the decision-making process as to just what factors were involoved in the decisions to purchase, or the details of any process used to "certify" the machines as complying with any "industry standard" or legislative requirement.

    A 2005 report from the federal Government Accountability Office (GAO) issued a report with the unweildy, but telling title General Accountability Office Report GAO-05-956:ELECTIONS
    Federal Efforts to Improve Security and Reliability of Electronic Voting Systems Are Under Way, but Key Activities Need to Be Completed

    The GAO report had over 40 recommendations in the areas of product development, acquisition by electoral commissions and agencies, operations of the equipment and systems, standards, testing and overall management/oversight. The report noted, however, that most of the recommendations would not be able to be put in place in time for the 2006 election cycle, even if the efforts to put impliment the recommendations were to commence right away.

    IN 2003, however, some of the source code for one of the Diebold systems was retrieved from a public FTP site that Diebold had, and the code was subsequenjtly examined by a number of computer scientists whose disciplines require them to view the suceptability to hacking, "insider" manipulation and general robustness of computing systems and their interfaces, both to other computing systems and to humans. One of these studies was published in the IEEE Symposium on Security and Privacy 2004, which accepted only referreed submissions. The paper here cited ( Analysis of an Electronic Voting System) examined the source code for vunerabilities, and with an eye to malicious manipulation of the systems.

    This paper found that the language used for the system code was used in a manner that made it very vunerable to outside attacks (such as the "buffer overflow" hack that can allow "foreign" code to install and run "new" code in the targeted system), that there were insuffcient safeguards against the "insider" attacks that could cause alterations of the vote counts, and that the internal audit safeguards against repeated voting were non-existent. The researchers also found grave problems with the "security" of the smart-card technology used that was supposed to stop an individual voter from casting more than one ballot. From a code auditability/verification standpoint, there apperared to be no evidence that there was any sort of formal change control process to track changes to the source code, and to enforce restriction of just who could commit changes to any modules in the source code repository.

    As I noted above, there have been numerous problems with these BBV systems, and, slowly, some of the various states that have these machines in place, or are anticipating purchase, have begun to require more vigorous oversight and requirements for performance. One of the requirements is to have the final version of the source code to be used in the machines be placed in "escrow" locations. This will allow for recertification that the code, in the escrow repository, matches the code actually executed in the voting terminals. Another purpose of "code escrow" is to protect the investment of the machine purchasors in the event that the vendor either goes out of business or exits the vote tabulation industry.

    One of the states that made such a legislative requirement is North Carolina, which anticipates that the one-time costs for upgrading and standardizing the voting equipment currently used will be between $43M and $93M. Part of the legislative requirement was (added emphasis is mine) Senate Bill 223:Public Confidence in Elections
    State Board of Elections' Role in Purchasing. -- Effective with any upgrade or new voting system purchased beginning August 1, 2005 and effective for any voting system used in the 2006 elections, the State Board of Elections is directed to develop a Request for Proposal (RFP). The RFP would have to include the following requirements:

    • Posting a bond or letter of credit to cover damages from defects in its voting system, including the cost of a new election.
    • Compliance with federal law.
    • The capacity to include in precinct returns the votes cast by voters outside the voter's precinct as required by law.
    • For electronic voting systems, the system must generate a paper record of each individual vote cast, which paper record shall be maintained in a secure fashion and serve as a backup record for purposes of hand-to-eye counts, hand-to-eye recounts, and other audits.
    • For DREs [Direct Recording Equipment], the paper record must be viewable by the voter before the vote is cast electronically, and the system must permit the voter to
    correct any discrepancy between the electronic summary of the vote and the paper
    record before the vote is cast.
    • Review of source code by the county, the State Board of Elections, the NC Office of Information Technology, and the Chair of any legally recognized political party in NC.
    • A statewide price for each unit of the equipment.
    • An agreement by the vendor that if it breaches
    the upkeep part of the contract or goes into bankruptcy, it will permit the software to be turned over to the county for continuing use during the term of the contract and for review by the people who have a right to review the source code.

    Requirements for Voting Systems Vendors. -- Effective with any upgrade or new voting system purchased beginning August 1, 2005, vendors of voting systems in
    NC must escrow their relevant source code, keep the escrowed source code up to date and swear that it is the code used in operating voting systems, maintain an active office in NC, and notify the State Board of any known defect in a voting system used in NC. This section also provides that a willful violation of any of the requirements is a Class G felony and that substitution of software into a voting system without notifying the State Board is a Class I felony.

    Other violations are punishable by civil penalties of up to $100,000.

    Even though the state has mandated these steps in the RPF (Request for Proposal) process, Diebold has decided to contest them, and has received, via a temporary restraining order (TRO), extra time to prepare arguments and extend the time past the previous deadline to submit the RFP. Central to the Diebold objects are the requirements to post the non-performance bond, the code escrow, and the identification of all persons who are authors of the code. (see Diebold in Non-compliance with NC Election Laws). They also received a bonus in the TRO, that was extended to all vendors submitting proposals in response to the RFP, that these vendors would be held exempt from all civil and criminal penalties as outlin3ed in the applicable North Carolina law.

    The Electronic Freedom Foundation filed a motionon Nov 16 seeking to have the temporary restraining order vacated, on the grounds that the restraining order is too broad, and that it directly contravenes the letter, intent and effect of the applicable North Carolina law. As noted above, one of the central tenets of the N.C. law was the requirement for code escrow. Because of the effects of the temporary restraining order, that effectivly voids all penalties of the NC legislation, at least one other vendor, who waqs not going to file a bid, because of the escrow requirement, may file a bid after all, if the courts hold that the penalties for not filing code escrow cannot be enforced. The TRO, as it now stands, would leave the state of North Carolina with no redress if the eventual bid winner were to default on any portion of the contract, such as supplying the voter-verifiable printed record or changing the code used in the voting terminals with new, uncertified versions.

    This just points up the validity of the saying that what matters in an election may not be who *casts* the votes, but who *counts* the votes.

    UPDATE -- On Monday (11/28/05) Diebold's request to be shielded from the legal penalties of the North Carolina law was rejected by Wake County Superior Court Judge Narley Cashwell.

    From an AP story:

    ..But because no one has yet to accuse Diebold of breaking the law, Wake County Superior Court Judge Narley Cashwell declined to issue an injunction that would have protected the company from prosecution. Cashwell also declined to offer an interpretation of the law that would have allayed Diebold's concerns.

    "We need to comply with the literal language and the statute," Cashwell said. "I don't think we have an issue here yet." ..

    ...The dispute centers on the state's requirement that suppliers place in escrow "all software that is relevant to functionality, setup, configuration, and operation of the voting system," as well as a list of programmers responsible for creating the software.

    That's not possible for Diebold's machines, which use Microsoft Windows, Hanna [Doug Hanna, a Raleigh-based lawyer representing Diebold] said. The company does not have the right to provide Microsoft's code, he said, adding it would be impossible to provide the names of every programmer who worked on Windows....

    Hanna is being both misleading and untruthful, here.

    According to SB223,

    Effective with any upgrade or new voting system purchased beginning August 1, 2005, vendors of voting systems in NC must escrow their relevant source code, keep the escrowed source code up to date and swear that it is the code used in operating voting systems

    The langauage of the bill is quite clear, even toa non-lawyer. The code escrow/identification does not refer to Windows. It refers to the code that is used to run the "voting" and "counting" portion of the "voting system," not the underlying OS that the "voting system" is placed on top of.

    - EFF - Electronic Voting Machine Information Sheet Election Systems & Software — iVotronic
    - General Accountability Office Report GAO-05-956: ELECTIONS
    Federal Efforts to Improve Security and Reliability of Electronic Voting Systems Are Under Way, but Key Activities Need to Be Completed

    - Analysis of an Electronic Voting System - IEEE Symposium on Security and Privacy 2004. IEEE Computer Society Press, May 2004
    - Senate Bill 223: Public Confidence in Elections
    - North Carolina Electronic Voting in the News -Miscounts and Crashes
    - Diebold in Non-compliance with NC Election Laws
    - 11/16/2005 EFF "Motion to Modify or Vacate Temporary Restraining Order"

    - 11/28/2005 N.C. Judge Declines Protection for Diebold


    **The first time I was really struck by this absurdity in the public arena was almost a decade ago, when the Congress was taking testimony from members of the U.S. banking industry about the (then new) fees being charged to customers who used an ATM machine from a "comptetitor's" network.

    What raised my eyebrows were not the fees themselves. Although I still view the front-and-back fees as "double-dipping" for the ATM network owners [they get paid once with the "not our customer" fee and again by the bank that issued the debit/credit card]. And the fees by both the network owner and the issuing bank represent a respectable source of profit.

    No, What caught my attention was the claim, by the banking industry, that they shouldn't have to give even a notification, on the ATM display screen, or on a
    placard physically attached to the ATM itself, that a "foreign user" fee would be charged, and that the issuing bank might also charge an extra fee.

    It is certainly absurd to try to claim that it would be "too expensive" to affix a sign to the front of an ATM itself. If the transaction volume traffic for a location is too low to make the placement of an ATM uneconomical the network won't put them there. ANd, as I recall, the members of the congressional committee also found it an absurd statement.

    Equally absurd, but allowed to pass without comment by that committee, was the claim that it would be too expensive in programming time and terms of regular updates (if the fee amount were to change) to even put a disclaimer on the screen about the fees. On the face, it sounds reasonable, except when you reflect upon the fcat that the ATM owners continually update the screen displays every time their banking "products" such as mortgages, home equity loans and checking accounts are touoted, with constantly changing interest rates -- all of whch require much more frequent updates than the imputed fee disclaimer would require. (I don't know if such disclaimers are now required by banking regulations, or the banks thermselves have figured out that the bad customer relations outweighs the profit from the surprise or hidden fee - but every ATM in the US that I've seen in recent years has either the physical sign, an on-screen display or both)