Former Jacinto City Mayor Chris Diaz still appears to be the Democratic nominee for Harris County Precinct 2 constable following a Monday recount in his razor-thin runoff with Precinct 2 Sgt. Zerick Guinn.
Diaz’s 17-vote margin is unofficial, county Democratic Party Chairman Lane Lewis said, adding the party plans to finalize the results Saturday.
Diaz actually gained a vote after the recount. Unless Guinn wants to pursue this in the courts, the matter is basically settled. Stace has more.
That’s the basic news about this. Do you know how the county handles a recount like this? I had no idea, until Dan Wallach, who wrote that guest post on Tuesday, sent me the following eyewitness account:
I was invited by the Harris County Democratic Party to be an observer of the Guinn-Diaz recount, which ran all day on Monday. This race, in the Democratic primary election, was to select the Democratic candidate for Constable, Precinct 2. There were some procedural errors during the initial tally. At one point, the two candidates were separated by all of 3 votes out of just over 11 thousand cast. By the time they included the absentee ballots, roughly 28% of all the votes in the race, the margin of victory was 16 votes.
I showed up at the recount with my camera, hoping to take lots of great pictures. Several people promptly came running at me saying that it was illegal to take pictures during a recount. (Dear lawyers who are reading this: really?) Instead, I’ll just have to do my best to describe what I did and what I saw.
For starters, Harris County uses the Hart InterCivic eSlate, a paperless electronic voting system, which stands out from other DRE-type systems by having a local network in the polling place. For each group of eSlate terminals, there’s a single controller (a “Judge Booth Controller” or JBC) that connects to the eSlates. Three copies of each vote are recorded: one in the eSlate where it was cast, one in the JBC’s internal memory, and one on a PCMCIA flash card (a “mobile ballot box” or MBB) that’s removable from the JBC. If you want to learn a lot more about the eSlate architecture and its security vulnerabilities, you might enjoy the California “Top to Bottom” report, which I co-authored in 2007.
On election night, the process is that they remove the MBBs from the JBCs and use computers to read them and tabulate the data centrally. Part of this process is for the centrally-tabulated data to then be reported on the Election Day Results webpage, or in this case, misreported. It wasn’t the tabulated results that were wrong, just the reported results. That’s another story, although it would be nice to have a detailed explanation of what went wrong.
If the initial counts were done from the MBBs, how about the recount? For this, they used the JBCs: 115 of them were sequestered for the recount, each connected individually to a single computer that copied their contents. (This computer runs Windows 2000, the only “certified” configuration available; at least there was no network connection.) All of this occurred before the recount itself began. No party or candidate representatives witnessed this part of the process. Johnnie German, the county’s administrator of elections, told me that the process took five hours and needed to be done in advance so the recount could complete on time. More on this below.
The recount was an involved process. There were three and later four tables of counters. Each table had five people. Each table gets a stack of every paper ballot for a given precinct which they then tabulate. In the case of absentee ballots, these were original, hand-marked papers. In the case of eSlate-cast ballots, these were printed on site by a laser printer from the aforementioned computer that collected JBC data. The tabulation process has one person, in the center, who picks up a ballot from the stack and reads out who got the vote. On this person’s side are two people (representing the candidates) who double check this. Across the table are two separate people who keep count. With this many eyeballs on the task, the inevitable errors are caught. When a stack of ballots was completed, everybody at the table would agree on a summary sheet, they signed it, and it came over to where I was sitting.
Our table had four people: myself, the election administrator, and one observer for each candidate. I picked up each stack of ballots and called out the precinct number and totals. The election administrator typed those numbers into an Excel spreadsheet. The observers made sure we got the numbers right.
The results? Unsurprisingly, for all the eSlate-cast votes, the hand tabulation exactly equaled the original machine tabulation. For the absentee ballots, we had one precinct with single absentee ballot that somehow didn’t show up for the recount. The election administrator made a phone call to the downtown site, where absentee ballots are kept in a vault, and arranged for somebody to go dig out that ballot and bring it back to us. (That particular ballot was an undervote, so it didn’t impact the result.) We also discovered a precinct that had an extra absentee ballot that somehow wasn’t tabulated at all in the initial machine-scanned tally. Where did it come from? Why wasn’t it counted beforehand? We don’t know. (This ballot favored Diaz, increasing his lead from 16 to 17 votes.) Otherwise, there were no discrepancies or changes to the election outcome. The process started at 8am and ended at 4pm with a one-hour lunch break.
What’s interesting is what we didn’t do in the recount. There was no attempt to audit the original electronic systems, perhaps looking for unusual behavior in the original tallying systems’ logs, or perhaps comparing the in-person poll books or absentee envelopes against the number of cast votes. We didn’t have access to the scanned ballot images, so there was no opportunity to do any sort of risk limiting audit (comparing the scanned ballot images to the physical ones to make sure they’re the same). Also, the only way to get electronic data out of a Hart InterCivic tallying system is in PDF format (example results). There is no way to get all the raw data in a format that’s convenient to bring back into a computer for subsequent analysis.
As I mentioned above, the JBCs’ data was downloaded in advance, giving us no opportunity to observe this process. So far as I could tell, the boxes that hold the JBCs have no security seals, which could have at least provided some evidence of chain-of-custody maintenance. Absentee ballots, for contrast, are transported in plastic tubs with numbered plastic security seals, and there’s a process for documenting those numbers when the seals are broken. A corresponding process for JBCs would be a good idea to adopt.
I’m also a bit sad that we didn’t have a counting scale that we could use in the recount. In addition to enabling clever audits, we could have used them to simply double check the number of papers in each stack of ballots. Apparently the election warehouse does have one, but we weren’t allowed to use it, even to double check our manual tallies. (Dearest election lawyers: really?)
One lesson from this is that political candidates understand the concept of a recount, and there’s plenty of election code that talks about what a recount entails. What’s less clear is how well the election code can bend to support the idea of audits. Printing sheets of paper corresponding to electronically cast ballot records, then counting them by hand, is both wasteful of resources and unlikely to discover anything valuable. Instead, I’d like to see counties offer a menu of options (at different prices, of course) to the candidate requesting a recount. A candidate might then choose to pay for a full tally of absentee ballots and for various audits to reconcile the totals. If a candidate wanted to double-check a sample of the eSlates, to make sure they had the same votes as in the election night tallies, that should be easy and cheap to do.
Another important lesson is that future voting systems (electronic or otherwise) need to be explicitly engineered with recounts and other sorts of audits at the core of their functionality. Of course, we also want the sorts of voter verifiability security properties that DRE systems like the eSlate lack, but this experience made it clear to me that we have a lot of room to improve basic recounting and auditing procedures. At the end of the day, the goal is to convince the losing candidate that he or she genuinely lost. I don’t know whether this particular candidate was convinced.
So now we know, and I thank Dan for the detailed information. I like the suggestions about enabling audits and giving candidates different choices for how to conduct recounts. What do you think?
“So far as I could tell, the boxes that hold the JBCs have no security seals, which could have at least provided some evidence of chain-of-custody maintenance.”
As an election judge, I know that on election night the JBC box is sealed at the polling site, transported to the central counting station, where the seal is taken off. I presume the boxes are in guarded storage from then until the recount, but have no personal knowledge of this.
Pingback: Big Jolly Politics Weekend Link Post and on the air with Mark McCaig – Big Jolly Politics
Pingback: No time for trial in Guinn election lawsuit – Off the Kuff