LOS ANGELES — California is conducting a months-long investigation into audit logs inside the state's electronic voting systems after reports of serious flaws with the logs — including the ability for an election official or someone else to delete votes without leaving an electronic trail.

The investigation is examining what the audit logs record and whether they can be easily altered or deleted, according to Secretary of State Debra Bowen.

The investigation stems from a serious problem discovered in January with voting systems made by Premier Election Solutions (formerly Diebold Election Systems). Investigators found that the tabulation software used with all of the company's touchscreen and optical scan machines failed to record crucial events, including the act of someone deleting votes from the system on Election Day. The logs also failed to record who performed an action on the system and listed some events with the wrong date and timestamps.

The investigation is just the latest critical look at e-voting machines, whose proprietary inner workings have led voting rights activists and computer scientists to question the integrity of the country's voting processes. The company's software is used to count votes in more than 1,400 election jurisdictions in 31 states, including Maryland and Georgia, which use Premier/Diebold voting systems exclusively.

Bowen, appearing at an event Wednesday evening to discuss an open source voting project in development, told Threat Level that the state contracted with David Wagner, a computer scientist with the University of California at Berkeley, to investigate fully what the logs on the Premier/Diebold system, as well as every other voting system used in the state, do and don't record.

Deputy Secretary of State Lowell Finley is currently examining a draft report of the investigation that is "as thick as you would imagine (it would be)," said Bowen, who indicated that she has not yet read it herself.

Audit logs are required under federal voting-system guidelines, which are used to test and qualify voting systems for use in elections. The logs are supposed to record changes and other events that occur on voting systems to ensure the integrity of elections and help determine what occurred in a system when something goes wrong.

But a Premier/Diebold representative admitted at a California hearing in March that none of the logs in its Global Election Management System (GEMS) – the software that tabulates votes – records significant events, such as when votes are intentionally or unintentionally deleted. Justin Bales, general service manager for Premier/Diebold's western region said that the GEMS logs had been the same since the software was first created more than a decade ago.

"We never ... intended for any malicious intent and not to log certain activities," Bales said. "It was just not in the initial program, but now we’re taking a serious look at that."

Bowen called the audit logs "useless" at the time and told Threat Level that her office would investigate the issue further and determine if audit logs in other voting systems – such as those made by Election Systems & Software, Sequoia Voting Systems and Hart InterCivic – had the same problems.

Bowen wouldn't discuss what steps the state might take if it turns out that all voting systems have the same audit log problems found in Premier's system.

Threat Level uncovered problems with the GEMS logs in January after obtaining copies of logs through a public records request.

The state confirmed the problems in a report it released about a month later in which it also found that some versions of the GEMS software had a Clear button that allows anyone with access to the system to permanently delete certain audit logs "that would be essential to reconstruct operator actions during the vote-tallying process."

Interest focused on the logs after election officials in Humboldt County, California, discovered that its GEMS tabulation software had randomly deleted a batch of 197 ballots in the days after the November 2008 presidential election.

Although a receipt printed from the state's optical-scan machine clearly showed that the ballots had been scanned into the system, the ballots later disappeared from the tabulation totals. The tabulation software's audit logs showed no sign that the ballots had been deleted or had ever been in the system.

Threat Level discovered in August that Premier/Diebold quietly fixed the audit log problem in a new version of its GEMS software that was recently tested and certified for use.

The new version of the software does record such events as the deletion of votes, and includes other security safeguards that would prevent the system from operating if the event log were somehow shut down, according to iBeta Quality Assurance, the Colorado testing lab that examined the software for the federal government.

It’s not known if Premier/Diebold has offered the more secure version of its tabulation software to election officials who purchased previous versions. Diebold sold its Premier voting system division to Election Systems & Software in September. A spokesman for ES&S said he would look into whether election officials have received an updated version of the software.

See also: