LA County is Tabulating Votes with QR Codes. Security Experts Think It's a Bad Idea

Tami Abdollah

Tami Abdollah was dot.LA's senior technology reporter. She was previously a national security and cybersecurity reporter for The Associated Press in Washington, D.C. She's been a reporter for the AP in Los Angeles, the Los Angeles Times and for L.A.'s NPR affiliate KPCC. Abdollah spent nearly a year in Iraq as a U.S. government contractor. A native Angeleno, she's traveled the world on $5 a day, taught trad climbing safety classes and is an avid mountaineer. Follow her on Twitter.

LA County is Tabulating Votes with QR Codes. Security Experts Think It's a Bad Idea

After $300-million and 11 years, the nation's largest county rolled out the first publicly-owned voting system earlier this year, promising "transparency, accessibility, usability, and security."

Los Angeles County's new voting system — dubbed "Voting Solutions for All People," or VSAP — has raised concerns from election security experts. Dozens of advocacy groups have warned California's top election official that the electronic touchscreen system used for in-person voting relies on QR codes to tabulate votes. QR codes are vulnerable to hackers and system malfunctions and cannot be easily verified by most voters, U.S. government and outside experts have found.


A coalition of 36 election-security experts and advocacy groups wrote in a letter last month to Secretary of State Alex Padilla that they were "gravely concerned that [L.A. County's recently certified system] uses QR codes for tabulation" and urged him to stop relying on QR codes to tally votes at least by the 2022 primary election.

After voters make their ballot selections on their screens, the machine spits out a printed-out ballot-like receipt to review, along with a QR code.

"Although voters can easily verify the selections that the [voting system] prints on their ballot in their own language, they cannot easily verify the QR codes that [it] will actually use to tally votes," the letter said.

After voters make their ballot selections on their screens, the machine spits out a printed-out ballot-like receipt to review, along with a QR code. Officials have said this gives voters an easy way to verify their selections. But what a voter sees in plain text on the receipt, is not what the tallying machine counts. The county's new system scans the QR code to unpack and count what a voter has selected. If the system is hacked or wrongly records a voter's selections while electronically encoding it into the QR, there's no quick and easy way to tell.

Election administrators expect record turnout for the November 3 presidential election, which has already seen high levels of mail-in ballot participation. Intelligence officials warned lawmakers earlier this year that Russia is again trying to meddle in the U.S. election process, as it did in 2016. On Thursday, U.S. officials announced that Russian hackers targeted dozens of state, local and tribal networks, successfully stealing data from at least two unnamed victim servers; as a result, "there may be some risk to elections information housed on" those government networks. But there is no evidence that the integrity of elections data has been compromised, the government alert said.

L.A. County's new voting system, manufactured by Smartmatic Corp., a voting technology company that has been scrutinized for ties to the Venezuelan government, was first used for the presidential primary in March. The voting process was mired with technical problems that led to lengthy wait times and multiple after-incident reviews. L.A. County has since said the issues with its roughly 30,000 voting-machine system have been addressed and the new system was officially certified, as long as county officials abide by certain security conditions, by Secretary of State Alex Padilla earlier this month.

But even for those who understand how to scan a QR code, trying to verify the accuracy of their vote can be confusing and time-consuming.

Here's an example of what shows up when you scan your QR code, according to a document buried on the Los Angeles County Registrar-Recorder/County Clerk's website:

VER:A.SEL:4N/4E/H/J/3C/3K/35/4S/45/3Z/4A/X/3Q/3S/3U/3W/3Y/N/Y. BMD:0000046.SIG:4R57D5C44QKEJRS3OBF33PL0Z6U9THBR74NTA1VVH K09E6NFDH4DWXPY8Q9ZF6VD0LAQ1E6IY6AGQC1S4TG095N8NEN3AFOET12."

The first line represents the selections a voter made, with each letter and number combination corresponding to a particular candidate or measure. For example, a vote for the Joe Biden ticket is coded as 3G8 while Donald Trump is 3G9. It is up to voters to decode and match each of alphanumeric values to the actual plain-language choices they made on their ballots.

Michael Sanchez, a spokesman for the registrar's office, said that voters can go online to find a document for decoding their ballot. Sanchez later supplied the crucial direct link via email, which is otherwise difficult to find online.

For voters who are older, disabled, simply not tech-savvy, or just unwilling to take the time, verifying your ballot selections in L.A. County is an incredibly "burdensome process," said Susan Greenhalgh, senior advisor on election security for Free Speech For People, a nonpartisan public interest group. "The person can't look at it and know what it says, they have to jump through all these hoops."

Kim Alexander, president of the nonprofit, nonpartisan California Voter Foundation noted that the difficulty with verifying the older punch-card ballot system is why post-election audits were done in the first place.

"We were using these ballots where people couldn't verify their choices," Alexander said. "Now we've come full circle. We have these QR codes that some tiny population of L.A. County has the wherewithal and ability and smarts to decode and verify (their) ballot. Even if you're able to do that, you're not done decoding the code. You have to then do another round of decoding."

In the world of election security, the use of barcodes and QR codes is generally viewed as problematic by experts Photo by Markus Winkler on Unsplash

QR Codes Stir Debate

The QR code has made a bit of a comeback to daily life during the pandemic, especially in place of restaurant menus.

But in the world of election security, the use of barcodes and QR codes is generally viewed as problematic by experts who say it inserts a machine — and its own code that's indecipherable to humans — between a voter and their vote. Because the QR code on the ballot cannot be easily verified for its accuracy, computer scientists say it makes them an easier target for hackers.

The county's YouTube video illustrating how to use the new voting machines skips over any explanation of how to check the QR code for accuracy. Instead, the county shows a voter quickly scanning their finger over the lines of plain text reflecting their votes. In reality, the QR code, not the text, is what is actually counted.

"It's really ugly, it is not usable at all," said Eddie Perez, an election administration and technology expert with the nonpartisan, nonprofit OSET Institute, about L.A.'s system. "If you're placing a very high value on accessibility and the idea that every single voter, regardless of their condition or disability, should be able to verify their ballot — if you really believe that, and are going to put $282 million behind those goals, then it's fair to ask: 'Is the process you're leaning on to check your QR code accessible?' I literally don't know [what happens] if someone is blind."

Sanchez, the registrar's office spokesman, said the county's ballot-marking device lets voters who are blind listen to a read-back of their on-screen selections. But that doesn't account for the encoded QR.

QR codes, which are a type of barcode, also have the potential to become legally thorny ground.

"There's an inherent problem with the use of barcodes or QR codes in voting systems because the ballot contains two records of voter intent, and one needs to be established as the legal record of voter intent," Greenhalgh said. "If the human-readable text is the legal vote of record, that means that something other than the legal vote of record is counted. If the QR code is the legal voter of record, that dissolves any pretense (that) this is a voter-verifiable ballot."

How to vote on the NEW Ballot Marking Devicewww.youtube.com

National Debate Leads to First Ban

Such barcode-based devices also "raise security and verifiability concerns," according to an election-security report released by the National Academies of Sciences, Engineering, and Medicine last year. And the U.S.'s National Institute of Standards and Technology noted that barcodes could result in a voter being presented with different ballot selections than what the machine reads.

"If barcodes are used for tabulation of cast ballots, any modification of a voter's ballot selections may go undetected and impact the election results," NIST wrote.

All of this is especially problematic, experts say, because a recent University of Michigan study on voter behavior found that few voters check or detect errors on their ballots.

The debate over barcodes has figured heavily in battleground states like Georgia, South Carolina, North Carolina and Pennsylvania where they are used by some jurisdictions, but it's received much less scrutiny in California. In September 2019, Colorado became the first state to ban the use of barcodes or QR codes on ballots due to security concerns after using a system similar to California's.

Colorado's Secretary of State Jena Griswold said in a news release at the time that "although voters can see their vote choices, they cannot verify that the QR code is correct" and the QR codes "could be among the next target of an attack and are potentially subject to manipulation."

Griswold said Colorado will stop using machines that use barcodes or QR codes to count votes after 2021. The state has been a national leader in adopting election security best practices, including practices like risk-limiting audits to verify election results.

Auditing to Ensure Voter Confidence

California's Secretary of State Padilla gave L.A. County's voting system conditional certification earlier this month. Among the additional security requirements is that the county must conduct one of two types of audits to ensure the QR codes match the human-readable section of the ballot.

L.A. County has elected to conduct a traditional manual tally of 1% of its votes, which election security experts say is a less comprehensive method for ensuring ballots have been tabulated correctly.

In recent years, so-called risk-limiting audits have been deemed best practice for providing confidence in an election result. California has an ongoing risk-limiting audit pilot program. Such audits rely on statistically-based techniques such as auditing more ballots if the margin in a race is narrow. Looking at a fixed percentage regardless of the margin of victory, however, can lead to missed problems.

Perez called L.A. County's decision to do a 1% fixed audit "cutting a corner, given the fact that L.A. County has claimed to set such a high bar on the voting experience."

Sanchez, the registrar's office spokesman, said he didn't immediately know the reasoning behind the decision to not conduct a risk-limiting audit on the presidential election. The California Secretary of State's Office did not respond to a request for comment.

In a news release touting the certified system this month, Padilla called the VSAP system a "historic milestone in election administration" and said that for in-person voters it will "provide an accessible, secure voting experience."

*This story was updated Thursday afternoon to reflect U.S. officials announcement that Russian hackers targeted dozens of state, local and tribal networks, successfully stealing data from at least two unnamed victim servers.

___

Hit me up if you have any other election and voting-related questions. My DMs are open on Twitter @latams You can also email me at tami(at)dot.la, or ask for my contact on Signal, for more secure and private communications.

Subscribe to our newsletter to catch every headline.

Cadence

How To Startup: Part 5 - Minimum Viable Product

Spencer Rascoff

Spencer Rascoff serves as executive chairman of dot.LA. He is an entrepreneur and company leader who co-founded Zillow, Hotwire, dot.LA, Pacaso and Supernova, and who served as Zillow's CEO for a decade. During Spencer's time as CEO, Zillow won dozens of "best places to work" awards as it grew to over 4,500 employees, $3 billion in revenue, and $10 billion in market capitalization. Prior to Zillow, Spencer co-founded and was VP Corporate Development of Hotwire, which was sold to Expedia for $685 million in 2003. Through his startup studio and venture capital firm, 75 & Sunny, Spencer is an active angel investor in over 100 companies and is incubating several more.

Minimum Viable Product
Image by Master1305/ Shutterstock

When thinking about tech giants like Facebook, Amazon or Google, it’s hard to imagine their weak and humble beginnings. When going from nothing to something, the founders of these companies all had similar startup journeys - they started with a minimum viable product or MVP. In the same way you can’t build a house without laying the foundation, you can’t create a successful product without building an MVP.

The Purpose of MVP

One of the biggest reasons startups fail is because founders design their initial product based on assumptions. As an entrepreneur, you don’t want to put an enormous amount of time, effort and money into a product the market may not even want.

Quibi - yes, that Quibi - is an excellent example of this. After spending upwards of $63 million, Quibi never quite found its footing among TikTok, YouTube and its many streaming competitors. The company never ran an MVP or any experimental public beta to test what kind of content and features resonated well with audiences, and simply built a product that nobody wanted or needed. After raising $1.75 billion in venture capital, the company shut down less than a year after its initial launch. This is why starting with an MVP is so important.

How To Build An MVP

By definition, a minimum viable product is a product with enough features to attract early-adopter customers and validate a product idea early in the development cycle. It allows founders to collect the maximum amount of user feedback with the least amount of effort. When building an MVP, you’ll want to keep the following things in mind:

- Answer the right question. It’s important to determine what your central hypothesis is. When Airbnb’s founders wanted to see if they had a viable idea, they didn’t rent out space or buy new beds. They simply tested the question “Will strangers pay to stay in my apartment?” by providing a free lodging experience in their living room with the promise of networking with like-minded people.

- Decide which metrics matter. Identify what will define the success of your product. Common MVP metrics include churn rate, customer acquisition cost, average revenue per user and lifetime value of a customer. However, the data collected should include both qualitative and quantitative insights about how your product is used and what customers actually think about it.

- Actively measure what you are testing. It is important to continuously test, measure and learn until the product is finalized.

- Build internally if possible. It’s easier to meet internal needs and challenges first. For example, the original Twitter prototype was designed for internal users at (the now closed) Odeo as a way to send messages to other employees and view them on a group level. After initial internal testing and positive feedback, Twitter launched publicly in 2006.

- Do things that don’t scale. In this early stage, you have nothing to lose. Create a great experience for initial users and cater to their needs. Put in the extra amount of effort while you continue to build confidence. Talk with every user and every customer, and do things that would never scale once the company gets bigger. For example, Yelp’s founder Jeremy Stoppelman famously went to every bar in San Francisco to pitch them on Yelp in the early days.

Not Great But Good Enough

When launching Zillow in 2006, we had to decide how good is good enough to launch. The first version of the product had Zestimates on 40 million homes with about a 12% margin of error. When launching, we knew that the Zestimates weren’t going to be entirely accurate and mainly just wanted to see how Americans would react to being able to publicly view valuations and information about homes.

We actually held up the Zillow launch by about two months to avoid angry and upset consumers. We spent this time building out an extra feature called My Estimate that allowed users to modify the estimates of their home with information Zillow didn’t have, such as for things like remodeling or significant changes to square footage. We were worried people might not be happy if the estimate was incorrect and they couldn’t do anything about it, which is why we held off. It was a difficult decision to push back the launch, but worth it in the long run. When striking this balance between our MVP and V1, we knew it didn’t have to be great but just good enough to entice users. Now, 15 years later, Zillow has upwards of 100 million homes with about a 3% margin of error, and the product is much more fully evolved.

Key Takeaway

The key takeaway here is that MVP allows organizations to start small, and slowly build up to the best version of their product. When starting Hotwire, we started by just selling airline tickets from a few carriers. Later we expanded to include more airlines, additional flight options, and eventually hotels, rental cars and cruises. But the early MVP was as stripped down as possible. See below for Hotwire’s beta site in 2000. About as bare-bones as it gets.

Image from HotwireAn MVP of Hotwire sold airline tickets from just a few carriers.Image from Hotwire

https://twitter.com/spencerrascoff
https://www.linkedin.com/in/spencerrascoff/
admin@dot.la

At VidCon, Investors Are Still ‘Betting Big’ on the Creator Economy

Kristin Snyder

Kristin Snyder is an editorial intern for dot.la. She previously interned with Tiger Oak Media and led the arts section for UCLA's Daily Bruin.

Vidcon 2022
Photo by Kristin Snyder

The creator economy is the bedrock of this week’s VidCon convention, which is drawing creators, companies, investors and fans alike to Anaheim to discuss the rapidly growing realm of digital content and entertainment.

To discuss how investors, in particular, are viewing the booming creator landscape, Thursday’s “Betting Big on the Creator Economy” panel featured the likes of MaC Venture Capital partner Zhenni Liu, Investcorp managing director Anand Radhakrishnan, Team8 Fintech managing partner Yuval Tal and Paladin co-founder and CEO James Creech.

Read moreShow less

Netflix Lays Off Another 300 People

Christian Hetrick

Christian Hetrick is dot.LA's Entertainment Tech Reporter. He was formerly a business reporter for the Philadelphia Inquirer and reported on New Jersey politics for the Observer and the Press of Atlantic City.

Netflix Lays Off Another 300 People
Photo by DCL "650" on Unsplash

Netflix has imposed its second round of layoffs in less than a month, cutting another 300 people from its staff.

“Today we sadly let go of around 300 employees,” a Netflix spokesperson confirmed to dot.LA. “While we continue to invest significantly in the business, we made these adjustments so that our costs are growing in line with our slower revenue growth.”

Read moreShow less
RELATEDEDITOR'S PICKS
LA TECH JOBS
interchangeLA
Trending