No one with any sense at all believes Alvin Greene won the South Carolina primary fairly. It doesn't pass the smell test, not even the argument that his name was at the top of the ballot and was simply chosen by its place. There was a similar situation in my district in 2008, but the winner didn't win by 17 percentage points! Any way you slice this, it stinks.

Leave aside the question of how the hapless Mr. Greene found a checking account and over $10,000 for a minute. The machines used in the South Carolina primaries are ES&S IVotronic voting machines. These machines have quite a history.

Flipping, Missing, Uncounted and Uncountable Votes

In September 2002, spot checks showed that machines failed to record any votes of Miami-Dade voters in several precincts. When the main tabulations were compared with a backup, discrepancies emerged. In October, 2002, Texas voters reported that the vote flipped from one party's candidate to the other. In May 2003, software bugs invalidated votes in a North Miami Beach runoff election. The results could not be audited, recounted or certified. In January, 2004, ES&S machines recorded 134 undervotes in an election where the winner received 12 more votes than the loser. The loser requested a recount but because the votes were cast on electronic voting machines, there was no paper trail. Election officials determined that no recount was required. (VerifiedVoting.org) In 2008, voters complain that ES&S IVotronic machines flip votes from Democratic candidates to Republican. Also in 2008, ES&S machines added 5,000 phantom votes to the total count in Rapid City, South Dakota.

ES&S IVotronic Machines Proven Vulnerable to Hacks, Viruses, and Failures

A security evaluation of ES&S voting systems was performed at uPenn in 2007 (PDF) at the request of Jennifer Brunner. The 13-page evaluation should have served as notice to remove all ES&S machines immediately. While numerous problems were reported, I want to focus on two that could have affected the outcome of the South Carolina primary.

1. Altering data via the touchscreen interface

   This is perhaps the most serious practical threat to the iVotronic firmware. As discussed in Section 4.2, errors in the iVotronic’s PEB input processing code allow anyone with access to the PEB slot on the face of the terminal (including a voter) to load malicious software that takes complete control over the iVotronic’s processor. Once loaded, this software can alter the terminal firmware, change recorded votes, mis-record future votes, and so on throughout the election day and in future elections.

2. Viral compromise
   

   A compromised iVotronic can modify a PEB such that it carries a malicious payload which infects other iVotronics on which it is subsequently used. This iVotronic to iVotronic propagation can happen, for example, while a master PEB is being used to run Logic-and-Accuracy tests on the iVotronic terminals being used in a particular election.

Now keep those two possibilities in mind while I outline the specific irregularities that have come to light in South Carolina.

More votes than voters or just enough votes

Via FiveThirtyEight.com:

...in South Carolina the weird stuff is not limited to the Democratic side of the aisle because there are "three counties with more votes cast in Republican governor's race than reported turnout in the Republican primary." He said there may be more but the GOP gubernatorial primary "is the only race I've looked at so far other than the Democratic Senate race." Those three are Darlington, Horry and Marlboro, and there are two others, Bamberg and Fairfield, with zero residual GOP votes (i.e., the total number of GOP voters in the county is identical to number cast in the GOP gubernatorial), which McDonald informs me is very, very rare.

In addition to the weird Democratic outcome, we now have counties with more votes cast than turnout and other counties where the number of voters is exactly equal to the number of votes cast.

Numeric patterns that do not occur randomly

Vic Rawl, the Democratic Party favorite (and most qualified candidate) asked for a county-by-county analysis of the specific vote counts to see if they fit accepted statistical numeric patterns. (Nate Silver has a great explanation of Benford's Law here).

Dr. Mebane performed second-digit Benford’s law tests on the precinct returns from the Senate race. The test compares the second digit of actual precinct vote totals to a known numeric distribution of data that results from election returns collected under normal conditions. If votes are added or subtracted from a candidate’s total, possibly due to error or fraud, Mebane’s test will detect a deviation from this distribution. Results from Mebane’s test showed that Rawl’s Election Day vote totals depart from the expected distribution at 90% confidence. In other words, the observed vote pattern for Rawl could be expected to occur only about 10% of the time by chance.

That's a pretty powerful result. Flipping that last bolded statement around, 90% of the time, the observed vote pattern would NOT occur randomly. While Dr. Mebane is careful to say that result in itself could reflect corrupted vote counts or some vagaries in turnout, when combined with the knowledge that ES&S IVotronic machines were used in South Carolina, with all of their known vulnerabilities, the smell test is starting to weigh in on the side of rotten.

Strong disparities between absentee ballots and election day ballots

Dr. Miller performed additional tests to determine whether there was a significant difference in the percentage of absentee and Election Day votes that each candidate received. The result in the Senate election is highly statistically significant: Rawl performs 11 percentage points better among absentee voters than he does among Election Day voters. “This difference is a clear contrast to the other races. Statistically speaking, the only other Democratic candidate who performed differently among the two voter groups was Robert Ford, who did better on Election Day than among absentees in the gubernatorial primary,” Miller said.

Both of these results are results described in the uPenn report as possible outcomes with compromised iVotronic machines. Further, it only takes one machine to compromise the entire system.

In both optical scan and DRE configurations the system suffers from vulnerabilities that can be relatively easily exploited by individual poll workers or voters (at precincts and under election conditions) that not only compromise the results from individual machines, but that can inject arbitrary malicious code into the back end tally system that reports the official county-wide election results. Several closed viral loops are present, allowing, under some conditions, a single compromise of a single precinct machine to permanently control the entire county election system. Audit mechanisms that might detect and recover from such attacks are easily defeated or not present at all. For example, there is no mechanism for extracting and auditing the firmware installed in an iVotronic or M100.

Worse yet, those viral infections can be present from the last election where the voting machines were used.

What happens in a situation where they can prove compromise of the machines? Do they disqualify Greene? Do they hold another election? Doubtful.

If ever there was a case for voting by mail or absentee ballot, this is it. Here are the states that still use these machines: Arkansas, Colorado, Florida, Indiana, Kansas, Kentucky, Missouri, Mississippi, North Carolina, Ohio, Pennsylvania, South Carolina, Tennessee, Texas, Virginia and Wisconsin. If you're in one of those states, vote by absentee ballot and bypass the machines.