Verified Voting strongly endorses the recommendations from the SBE Chief Information Officer that the SBE should immediately decertify AVS WinVote voting machines in Virginia.
As with all DREs, AVS WinVote machines provide no voter-verified record of cast ballots so that there is no independent way to check the accuracy of election results to safeguard against machine failure, human error or tampering. For this reason, the Virginia General Assembly has banned the purchase of new DREs since 2007.
AVS WinVote is especially vulnerable to security incidents since it is the lone system that uses WIFI for configuration, potentially allowing outside parties to disrupt or tamper with an election. AVS uses the weak WEP protocol for encryption that has long ago been shown to be extremely vulnerable. There are many other serious security flaws in AVS WinVote – well described in the comments from my colleague Jeremy Epstein.
Current Virginia statute and Federal EAP guidelines prohibit wireless communication for new voting systems precisely because of the many security vulnerabilities that wireless communications present. Unfortunately, there is no realistic way to disable the WiFi capability on AVS WinVote machines since they require those features to setup and close elections.
There have been several serious incidents with AVS WinVotes in Virginia elections. In March 2010, an AVS WinVote reported obviously incorrect results at the end of a Fairfax County special election. During the canvas, the memory sticks inside the DRE contained different results that at least fell within the expected range. Without a paper audit trail, the local electoral board had no way to verify whether the results were correct, but chose to accept the internal memory stick results. The error was never explained, and to this day no one knows why the system reported incorrect results or whether the problem exists in other AVS machines.
In November 2010, 2 AVS WinVote DREs failed to report results at closing in Fairfax County. The next day during the canvas, the DREs were able to produce a closing report. Again without a paper trail, there was (and is) no safeguard against software failure or tampering.
During every election, there are frequent reports of AVS WinVotes recording votes for candidates other than the voter selected, most likely due to touch screen calibration issues.
In the incidents described above, Virginia has so far dodged the bullet since the errors have not yet led to a spoiled or overturned election, at least as far as we can tell without the evidence a paper ballot would provide.
Many organizations across the political spectrum have explicitly called to replace paperless DREs with voting methods such as optical scan tabulators that provide a voter verified record of the ballot that can be examined in case of machine failures, recounts or audits. The DNC and DPVA have both passed resolutions calling for voter verified paper audit trails. General Assembly members from both parties studied this issue in depth, including with a 2-year commission led by Del. Tim Hugo, before changing state policy to prohibit additional DREs.
AVS WinVote machines have serious security flaws and are rapidly aging. The vendor has long since gone out of business. I realize you are hearing from election officials who are resistant to change, but the remaining localities using AVS WinVote will need to purchase new machines at some point soon in any case. The prohibition against new DRE purchases was instituted almost 8 years ago, so the localities have had many years to plan and budget for replacement machines.
We strongly urge the SBE to follow the recommendation of its CIO and decertify AVS WinVote. Ensuring the integrity of all Virginia elections is the essential priority and should trump the convenience of election officers to wirelessly configure machines, or the desire of localities to risk our elections with aging vulnerable equipment simply to avoid change. With statewide elections coming in 2016, this issue affects all Virginians, not just those using DREs.
Respectfully,
Alex Blakemore, Ph.D. (Computer Science)
Co-founder Virginia Verified Voting
Reston, VA
