CalPERS Fiasco 2: Confidential Member Data at Risk by Letting Company With No Contract Have Access; CalPERS Apparently Still Has No Deal With Any Vendors for Upcoming Elections

CalPERS has managed to outdo itself in terms of screwing itself up, and in this case, its beneficiaries too, by flouting contractual arrangements in its board member elections.

CalPERS chose to outsource a core government activity, the administration of its elections. It then got caught when one of its vendors pulled out at the worst time, while the 2018 election was underway. That left CalPERS over a barrel.

While this situation would be difficult even for a well-run government agency, CalPERS has been cavalierly incompetent in dealing with it. Not only has CalPERS painted itself in a corner, but it has put sensitive identifying information of hundreds of thousands of its members at risk.

CalPERS had no legal agreement with the party that handled the close of CalPERS 2018 board election, an Internet voting company called Votem Corp.

That means part of, and potentially the entire CalPERS member database, one of CalPERS’ crown jewels of intellectual property, was in the hands of an outside party where CalPERS had no contractual protection of any kind, most importantly of the confidential treatment of member data.

Would you give someone you barely knew the keys to your house? That’s effectively what CalPERS did with vast amounts of sensitive beneficiary information.

While it may not seem as sexy, CalPERS being left in the lurch by its old election vendor, Everyone Counts, defaulting on its agreement via effectively going out of business, also meant CalPERS has no one legally authorized to manage its 2018 election. Everyone Counts sold virtually all of its assets to Votem right before the CalPERS election finished. Votem handled the 2018 closing hours of the election and the vote count on an unofficial, extra-legal basis.

For basic legal reasons that we’ll cover, CalPERS still has not been able to assign its old agreement with Everyone Counts and a second company, K&H Printers, that used the name of Integrity Voting Systems (IVS), to Votem. CalPERS’ conduct here looks a lot like that of Theresa May in dealing with the European Union, of refusing to abandon a negotiating approach that is clearly never going to get anywhere.

Yet even though the board is set to approve the 2019 election notice at its February meeting, CalPERS hasn’t switched to the obvious Plan B of entering into a new contract or contracts, and is persisting with the non-starter of trying to assign the dead agreement.

CalPERS will likely try to divert attention from this massive screw-up by asserting that Votem has good security. That’s irrelevant and not even necessarily true.

Information obtained via a Public Records Act request shows that CalPERS did zero in the way of due diligence on Votem’s operations. They simply ran some searches and had a couple of chats with Votem, and checked three not-impressive references.1

This mess sits squarely on CEO Marcie Frost’s desk. She is setting up Doug Hoffner, whose name is on the signature line of the yet-to-be-signed contract amendment, to get a massive raise, from roughly $187,000 to as much as $312,500. It appears he is to be rewarded for his burgundy-wearing enforcement of staff showing support for Frost having lied about her education, which was evident in an earlier Public Records Act response, and other demonstrations of loyalty. His failure to take notice of and do damage control for this fiasco show that he regards the substance of his job as unimportant. And that is likely an accurate reading of Marcie Frost’s priorities.

First, some stage setting so you can appreciate what a complete mess this situation is. We will cover:

How CalPERS implemented insecure, tamper-friendly Internet and phone voting

How CalPERS’ election vendor Everyone Counts defaulted on its agreement

Why CalPERS’ pet remedy of an amendment to a dead agreement has not worked and will never work

Why the company that bought Everyone Counts’ assets, Votem Corp., looks shakier and shadier than Everyone Counts did

How CalPERS’ board vehemently refused to supervise the staff’s administration of the 2018 election even after candidates Margaret Brown and Mike Flaherman documented many problems in the 2017 election

We asked K&H Printing, a second election contractor to CalPERS (using its dba Integrity Voting Systems, or IVS) and Votem for comments. K&H did not respond. Votem’s Stefanie Histed wrote:

Thank you for contacting us. It is our policy to not comment on our clients or any specific electoral events in which we support them. We do hope you understand!

Since CalPERS cannot be a client of Votem, since they have no contractual relationship, this gives you an idea of Votem’s honesty.

How CalPERS Implemented Insecure, Tamper-Friendly Internet and Phone Voting

As we have described at length in earlier posts, CalPERS’ board approved voting by phone and Internet in 2016 even though voting by Internet is explicitly prohibited by the California election code. CalPERS CEO Marcie Frost said that she intended eventually to get rid of paper ballots. This plan flies in the face of the overwhelming evidence that Internet voting is much less reliable than paper ballots. It also ignores the strong possibility that no online voting vendors will survive the next few years, as the vulnerability to hacking continues to garner press attention and further diminishes already weak public support.

As with private equity, CalPERS is going in the opposite direction of best practice. For instance, consider the subhead of a May 2018 article in CSO [Chief Security Officers]: “If you thought electronic voting machines were insecure, wait ’til you meet online voting.” Key section of the story:

The purpose of an election is not just to select a winner, but to convince the loser, and their supporters, that they lost. Trust in the voting process is, therefore, an essential element to any voting system. “Voting over the internet is not secure enough to be trusted for government elections,” [cryptographer Dr. Vanessa] Teague tells CSO. “It’s not verifiable.”

CalPERS also chose to ignore how security experts are unified on their objections to Internet voting…which CalPERS should have found via a basic Google search on Everyone Counts. Authenticating a voter, yet preserving the anonymity of his vote is a problem that still hasn’t been solved. From a January 2016 Atlantic article:

“They’re pretending like voting is no different than buying a book on Amazon, and they’re completely, by virtue of ignorance or malice, ignoring the truth of the world,” said Joe Kiniry, a cybersecurity researcher. “The simplest way to check the veracity of their statements is to call up any security researcher in the world that you find online who has made public statements about end-to-end verifiable elections and ask them. And you will find that 999 out of 1000 will tell you that [the likes of] Everyone Counts, [other online voting venders], and Estonia are full of shit.”

One concern of cybersecurity experts is protecting both the anonymity of a voter, and allowing the voter to prove that their vote was actually cast….

“Voting is different from banking because of the privacy issue,” said [Commissioner Christy] McCormick [of the Election Assistance Commission, a federal agency that develops voluntary voting-system guidelines and a system for accrediting voting system testing laboratories]. “The bank has to know who you are when you deal with them in banking. But when you vote, you still have to make sure that person still has the right to secrecy of the ballot. That part we haven’t figured out yet.”

Concerns about security have led to more and more explicit recommendations against Internet voting. For instance, from a March 2018 article in LA CityWatch:

Last week, in a rare bi-partisan move, the U.S. Senate Intelligence Committee directed all U.S. states to replace any voting system that doesn’t create a paper ballot, and cease and desist from using any election system that connects through the Internet.

CalPERS’ big motivation for defying these authoritative warnings appears to be to suppress retiree votes and give the unions more sway over the elections. Retirees are believed to have a stronger preference for voting by mail than current government employees.

JJ Jelincic was the lone board member to object to weakening CalPERS election procedures.

When CalPERS solicited interest for vendors to run CalPERS elections, which would include mailed paper ballots plus voting by Internet and phone, they received multiple responses, but most of the interested parties wanted to handle only one or two election channels, not all three. It’s not clear how K&H Printing-Lithographers, via its Integrity Voting Systems persona, teamed up with Everyone Counts, Inc. Nevertheless, they presented themselves as a single party to bid on the “opportunity” as CalPERS specified it and were the only “one” to bid.

In fact, despite the repeated handwaving about “joint venture” in the agreement below, the two vendors have admitted that all they have is an operating agreement.

If you read the document at the end of the post, K&H is clearly the dominant party: it ran the negotiations, acted as the project manager and is in charge of receiving and disbursing payment and keeping the financial records related to performing on the contract.

K&H is a very large and sophisticated printer, certified to print many of the ballots used in California elections, Everyone Counts was a much less substantial firm. I am chiding myself for failing to write up what I had noticed: that Everyone Counts had an awful lot of employees relative to the the business it appeared to be doing. However, it was venture capital funded. VCs can tolerate losses for a long time if they are taken with an enterprise’s high concept.

As we chronicled at length in 2017 and 2018, the newfangled elections were plagued with problems. A partial list:

Lack of any audit trail for Internet voting, which should have made it completely unacceptable

Everyone Counts’ use of contractors who worked out of their homes rather than employees to handle calls about phone voting and to get replacement ballots and PINs for Internet and phone voting. These temps had access to Everyone Counts’ copy of the CalPERS’ member database 2

Long hold times for to reach the phone reps and vote by phone

A very confusing script for voting by phone which looked designed to suppress votes for challenger Margaret Brown

Lack of secret ballot, as paper ballot voters were required to write their names on the ballot card itself, and a barcode associated with each voter’s name was also printed on each ballot

Failure to secure paper ballots

Paper ballots being impermissibly scanned daily, which raised the question of whether CalPERS staff was impermissibly keeping a running tally of results. The reason that is of concern is that CalPERS staff had clear preferences among the candidates in the 2017 election. The staff could have alerted unions and other allies to get out the vote for the candidates they liked if the election looked close enough to sway in the final days

How CalPERS’ Election Vendor Everyone Counts Defaulted on Its Agreement

Documents that CalPERS provided in response to our Public Records Act request #4133 show that Everyone Counts blindsided CalPERS and K&H Printing by notifying them in July 2018 that Everyone Counts intended to sell its assets to a company called Votem Corporation and close the deal on August 11.

Recall that in 2018, CalPERS had a contested election for one board seat, that of the so-called Public Agency board member. Ballots for that election were to be mailed on August 31, which meant they had to be printed and processed in August.

This was an astonishingly high-handed move. With the election so close to starting, Votem and Everyone Counts were clearly out to muscle CalPERS to accept a party that K&H and likely also CalPERS had previously never heard of to step into Everyone Counts’ role. And Everyone Counts further proposed that K&H, CalPERS, and other Everyone Counts clients agree to the substitution.

What may not be obvious to all of you that if Votem had bought the stock of Everyone Counts, CalPERS and K&H would have no say in the matter unless their agreements gave them rights in the case of a change in control of Everyone Counts. However, Votem was only going to buy the assets of Everyone Counts, leaving its liabilities and legal entity behind. Votem could not assign an Everyone Counts contract to itself because it would lack the legal right to do so.3

Why CalPERS Pet Remedy of an Amendment to a Dead Agreement Has Not Worked and Will Never Work

Regardless of other legal issues, the proposed amendment to substitute Votem for Everyone Counts has proven to be a non-starter for a very simple reason: K&H Printing rejected it as legally non-viable. K&H also sensibly proposed that Everyone Counts finish the current election, which would mean at a bare minimum completing the count of the election according to the election schedule, on October 2.

If you are used to reading corporate communications, the terseness of K&H President Darren Loken’s cover e-mail to the Everyone Counts CEO, James Simmons, is Not a Good Sign. And as we’ll explain, K&H’s executives would be completely within their rights to be furious.

The documents provided by CalPERS show that a Doug Hoffner direct report, Chief of Operations Support Services Division Kim Malm, who was in charge of the elections, went to the state of Washington on September 30 so as to be there October 1, a day before the the ballot opening and scanning was to start. The plan was for Malm to get K&H Printing to sign the contact amendment. But K&H didn’t.

Moreover, it turns out CalPERS could not have executed the amendment then even if K&H had been game. Votem was not registered with the California Secretary of State to conduct business of any type in the state. That meant CalPERS could not possibly have contracted with Votem before that happened, which was on October 3.

The need to get the registration appears to be the reason for moving the tabulation back from October 2 to October 4. In the meantime, CalPERS election database was sitting with an outside party CalPERS could not possibly have tied down contractually. And CalPERS evidently still has yet to do so.

As indicated, K&H did not sign the amendment on October 1. E-mails within the Operations team on October 24 and November 5 show K&H still hadn’t executed the document. I e-mailed Brad Pacheco, the CalPERS head of Communications and Stakeholder Relations, asking it if had been signed, and got this reply on January 8:

In answer to your last question, the amended contract with the Joint Venture (Votem/Integrity Voting Systems) has not been signed and executed to date.

As you can see from the embedded document below, CalPERS isn’t endearing itself to K&H, which goes as Integrity Voting Systems or IVS for its ballot-processing services. IVS was quite insistent about having its name first in references to the “joint venture” presumably because it was the lead player.

And on a much more basic level, the amended contract is a non-starter because there is as of yet no new “joint venture” between K&H (as IVS) and Votem. And even if there were to be one, K&H does not seem keen about pretending it has a time machine and representing that an operating agreement that didn’t exist before 2019 contracted with CalPERS in 2016. What CalPERS is trying to push through is awfully reminiscent of the sort of document fraud readers remember from the foreclosure crisis, like back-dated mortgage assignments.

Shorter: if the amendment hasn’t been executed after months of CalPERS, Everyone Counts and now Votem pressing K&H, it’s a safe bet K&H is not going to sign it.

K&H is of the view, which we share, that Everyone Counts voided the “joint venture” when ceased operations by selling its assets to Votem. That means the agreement can’t be assigned. The old “joint venture” is dead because one of the two parties to it is unable to perform on it. Votem, by not having acquired the Everyone Counts legal vehicle, cannot act on behalf of the former Everyone Counts (although it can confuse not-very-alert parties like the CalPERS board by invoking the Everyone Counts name).

An influential stakeholder cut to the chase: “Even a high school student who took a business class would know you can’t amend an agreement with Votem because they were not on the original agreement.”

Even if K&H were willing to enter into a new agreement with Votem (and bear in mind K&H may be trying to maneuver CalPERS to enter into separate contracts with K&H and Votem), the parties appear to be hung up on a new joint venture. Darren Loken, the President of K&H, sent this e-mail to CalPERS:

It’s not hard to imagine why K&H and Votem would be at an impasse. Votem may not be keen about an arrangement that puts K&H so clearly in charge.

But as important, K&H has ample reasons to distrust Votem and be leery of going into business with them. Votem screwed K&H via buying only the assets of Everyone Counts. As you can see from the embedded document at the end of this post, the old “joint venture” provided for the parties to be jointly and severally liable. So if Everyone Counts took a questionable action and CalPERS or another party can assert a claim, K&H is now totally on the hook, since all that it left of Everyone Counts is an empty legal shell.4

So K&H might want Votem to pick up the liability for Everyone Counts in the former “joint venture” and Votem would not doubt try to fight that. And it’s not hard to come up with plenty of other reasons why K&H may not relish the idea of going into business with Votem and is setting its negotiating posture accordingly.5

Why Votem Corp. Looks Shakier and Shadier Than Everyone Counts Did

It’s a safe bet that Everyone Counts was on the verge of bankruptcy. It’s hard to come up with any other reason for defaulting on the “joint venture” when it would have taken Everyone Counts only a few days more to complete its obligations to CalPERS for the 2018 election.

The apparent business failure of Everyone Counts should have alerted CalPERS to the fact that Votem, a smaller company with what looks like weaker backing, could also default on any agreement due to running out of money. Yet CalPERS did no financial due diligence on Votem whatsoever. 6

As we indicated at the top of this post, the press has taken up near-universal expert concerns about the integrity of mere electronic voting, meaning the use of equipment not connected to the Internet in local polling stations, as being so tamper-friendly as to necessitate that they generate paper trials or be replaced with voting systems that do. If neither of those can happen, officials need to reinstitute paper ballots to assure election integrity. Internet voting is obviously leagues more risky.

That means that Votem now faces a hostile environment and a contracting market for its services. Governments, far and away the biggest targets for Internet voting, are rapidly backing away from insecure voting systems. Parties that run private elections have to be reading the RussiaRussia! press. Many of them won’t want to risk criticism by taking an Internet voting flier any time soon. And it is unlikely Internet voting will stand up to more tires-kicing. 7

Everyone Counts was a vastly more substantial business than Votem is. Everyone Counts was founded in 1997, had estimated annual revenues of $15 million, and roughly 90 employees. It also had $30 million of funding. And it had a much higher press profile, as witness that it featured prominently in the Atlantic story we cited earlier.

Votem was founded in 2014. It had 24 employees before acquiring the assets of Everyone Counts.8 It appears to have raised under $3 million in funding: “less than $1 million” from founder Peter Martin. The Fast Facts” sheet it gave to CalPERS said it raised $1.2 million in a Series A round from 14 individuals and roughly $360,000 in a Bitcoin-like “initial coin offering” (ICO) from five individuals.

Using an ICO for fundraising for development of its voting platform is a huge red flag. It says Votem had to resort to a gimmick which is widely regarded as a scam and which the SEC has decided to crack down on aggressively, in a marked departure from its usual complacency.

Mind you, Votem did make a Form D filing with the SEC saying it was making an unregistered securities offering with its ICO. However, the SEC is taking a very tough stand and has subpoenaed many ICO issuers over whether they complied with the usual exemption cited for making an unregistered offering, that of selling the securities only to “accredited” investors, meaning individuals with over $1 million in net worth or $200,000 in annual income. The SEC is seeking disgorgement and payment of fines in the event of violations.

While CalPERS did ask Votem about past and pending litigation, it didn’t ask whether the SEC had subpoenaed Votem, another due diligence lapse.

And even if Votem did comply fully with SEC requirements, there is still cause for concern. Votem didn’t do a conventional funding with its current investors or try to expand the base of investors in its company. That does not speak well to the confidence of Votem’s investors in its business.

On top of that, at least one of Votem’s major investors might deter others from joining. We obtained the names of all 14, which Votem did cough up when CalPERS insisted. Earlier, Votem had identified only its “>5%” investors, in addition to its founder/CEO Peter Martin.

Top of that list of major investors, and out of alphabetical order, implying it was the largest, was:

Greg Landegger (Parsons Whittemore Family Office)

Parsons & Whittmore is an Alabama paper mill family. The patriarch of the Parsons & Whittemore family, George Landegger, pled guilty in 2015 to a Federal criminal charge of hiding assets in a Swiss bank account. It is very likely that some, and probably most, of the money managed by the family office comes from George Landegger.

As our Clive pointed out:

Even if we’re generous and say Votem has $3M in funding, that barely covers worker comp. Thirty employees earning £100k a year would burn that in a year. Or sixty people drawing $50k a year [remember, Votem has said it will take the Everyone Counts employees that were serving them, it likely has to make similar commitment to the other four Everyone Counts clients it hopes to convert]. The ICO prospectus lists over ten employees just on the coin side of the business which has no discernible income stream.

They’re likely going to need additional funds to survive to the end of 2019, unless they get some significant sales volumes coming through on the electronic voting platform.

And then we get to the wee problem that we have seen very little of Votem in action, yet what too often it hadn’t been on the up and up. Recall that Votem’s “marketing specialist” falsely depicted CalPERS as a client of Votem. In refusing to respond to a part of our Public Records Act request, Votem’s general counsel Deena Giordano Ullom parses contractual terms when it had no contract with CalPERS.9

But more consequential are the lies Votem has told to the wider world. Votem did not accede to a cheeky CalPERS request that Votem use Everyone Counts letterhead for its report on the tabulation screw-up at a November board meeting, a full month after Everyone Counts was effectively dead. Nevertheless, Votem misled the board by pretending it has a contractual relationship with CalPERS and was legally authorized to count the election, when that was false.

Votem continues to flagrantly misrepresent its purchase of “substantially all” of Everyone Counts’s assets. At the top of the landing page of Votem’s website:

At this point, we should not have to belabor the obvious, that Votem didn’t acquire the “company, Everyone Counts.” Votem seems desperate not to depict the deal accurately. Votem could have played this honestly by saying it had acquired the business of Everyone Counts, or alternatively, the operations of Everyone Counts. But as we observed in our companion post, Votem’s willingness to fib may be one reason CalPERS is willing to do business with them. A scrupulous vendor might not be sufficiently pliable.

How the CalPERS Board Vehemently Refused to Supervise the Staff Administration of the 2018 Election

The CalPERS board is culpable for this fiasco for not only failing to supervise staff, but also for criticizing board member Margaret Brown for wanting to engage in modest oversight by attending the public viewing of hte election count. Some of the embarrassing remarks from board memebers:

Board Member David Miller: I think my view is that have a great deal of confidence in our I’m — I professional staff…. I personally don’t see the need for the Board to have a presence. I have total confidence in our staff to oversee that process..

Board Member Henry Jones: I think, you know, many times we approach these kind of issues where we’ve delegated to staff the responsibility to carry out a function, and then we tend to try to ease back in and try to usurp some of that delegated authority… but I don’t think we should have a delegated authority process, and then make decisions about, you know, interfering with that process on a case-by-case basis.

This is a flat-out declaration by board members that they are unwilling to do the work of a fiduciary, which is be ultimately responsible for the prudent management of beneficiary funds. Henry Jones’ channeling of Pontius Pilate, that he and other board members can wash their hands when they’ve delegated authority to staff is bogus, particularly in light of the fact that, as we discussed above, the 2017 board elections were plagued with vendor problems. Perhaps Miller and Jones should have a chat with the board members being sued personally in the Kentucky Retirement Systems fiduciary duty suit, Mayberry v. KKR, and find out how well that “We delegated the matter to our trusted staff” defense is working out for them.

We now know that the tabulation breakdown was only the tip of the iceberg of a monstrous security and operational failure that CalPERS has yet to address.

At a minimum CalPERS has to abandon the legally-unworkable idea of amending a defunct contract and start the process of entering into new agreements with election vendors. It appears that the operations empire’s desire to cover up this sorry affair has now put the election timetable in jeopardy. How can CalPERS’ board authorize the election notice in February when it has no one signed up to run it?

But on top of that, this fiasco show that CalPERS is completely incompetent at due diligence and contracting. And CalPERS still flatters itself that it won’t be taken completely to the cleaners in its pending private equity outsourcing scheme.

___

1 These were not impressive references. Votem could not even produce three clean, relevant references. One was for the Rock & Roll Hall of Fame, where Votem had to ‘splain away a site crash and other problems, and another was Washington D.C., where Votem did not handle an election, merely online voter registration and absentee ballot requests.

CalPERS also appears to have placed way too much faith in Votem’s promises that it would keep the Everyone Counts personnel and technology that it had used on the CalPeRS election. First, as we point out later, Everyone Count was a bigger company which had raised more funds that Votem has. Yet the sale appears to be the result of financial distress. Votem’s promises about retaining staff and operations can’t be taken seriously unless Votem commits to that contractually. We didn’t see CalPERS saying it would require that, and since there is still no contract, that can’t have happened yet. Second, how does CalPERS know whether former Everyone Counts employees remained? Employees of an acquired business know they are more vulnerable to being fired than those of the buyer. The better Everyone Counts employees are likely to have started looking for new jobs.

2 We could not ascertain whether all or some of the phone reps were temps, but the ones we managed to get to speak to us were contractors.

3 In theory, this was not an unsolvable problem. Everyone Counts could have transferred its rights in the CalPERS election agreement to Votem prior to the closing of the sale of its remaining assets. But Everyone Counts, even in what one presumes is a financially stressed state, would not be so dumb as to transfer something of value to Votem without getting consideration for it. That would require agreeing on a price and papering it up. That’s a lot of brain damage, particularly since the point of the deal from Votem’s point of view was to take advantage of Everyone Counts. Its owners would not have accepted a sale of assets as opposed to a sale of stock unless they were desperate.

4 Well, there may have been a few assets that Votem didn’t want, like old computers and office equipment, but it’s pretty certain nothing of meaningful value was left behind and whatever there was has been sent off to liquidators.

5 Just a few possibilities: “Integrity Voting Systems” is a sideline business for K&H. K&H may have concluded that it’s not worth the bother. K&H may have decided this “joint venture” isn’t a good idea and if it’s going to enter into one, it wants more stringent terms, when Votem would take the position that at most, it would accept the former Everyone Counts pact. Strategically, K&H may recognize that the US policy is moving solidly against Internet voting, and it sees no reason to help a competitor for its print business.

6 Obtaining names of investors does not amount to financial due diligence, which is an assessment of the company’s financial soundness. There is nothing in the short list of due diligence questions about whether Votem was profitable or cash flow positive or given the small amount of funds it had raised, how it would support a much higher expense base by taking on some Everyone Counts employees, as it had said it would doe for CalPeRS

7 Despite all the whiz-bang razzle-dassle about blockchain, Votem and Everyone Counts systems are insecure due to the overall design. So what if you have encryption of certain parts? You have individuals working out of their homes in bathrobes and bunny slippers with access to sensitive CalPERS’ member information and the voting system. And Internet voting system are a failure in a second sense: poor ability to verify that the person who cast a vote is the one entitled to vote. As our Clive explains:

You can, like Votem does, over-engineer the management of the vote and the recording and tracking of a vote through the tabulation mechanism. But that’s the easy bit of a vote. The hard stuff is being absolutely sure that you’ve enrolled every single voter who has the franchise while purposely excluding anyone who is ineligible to participate in the poll.

You then have to capture every vote which has been validity cast but rigorously screen out votes which have been invalidated — and there are many reasons why a vote which has been cast by a registered and authorised voter might be deemed invalid, plus the possibility that the vote has been cast by someone other than an eligible voter.

That’s why you stumble to the end Votem’s outpouring of technical-sounding buzzwords unable to answer the simple enough question: how do we get our voters onto the Votem platform in the first place?

If even Votem can’t explain it, it’s probably because it can’t be done. A voting platform which can’t offer a facility to build the electoral roll is fatally flawed from the get-go.

8 Our colleagues volunteered that the assets of Everyone Counts had very little value, so it’s not as if Votem had to write a big check.

9 Votem was within its rights to decline the part of our request that CalPERS forwarded to Votem, but to have an attorney tell such a ham-handed falsehood is not a good look.

00 Execution Joint Venture Agreement IVS Everyone Counts Final 6.30.16
Print Friendly, PDF & Email

16 comments

  1. vlade

    Well, the GDPR is a blunt tool, but at least the EU citizens have a tool. I thought that California had pretty strict privacy laws too? Would not someone have standing to sue?

    To me, dragging CalPERS through the courts and the whole discovery phase is now the only way how to at least start getting it cleaned up – the political will does not seem to be there (but they will feel it too, once it starts, and start it will!).

    It’s an expensive tool, which is likely to cost beneficiaries/taxpayers, but the alternative is IMO even more costly.

  2. David in Santa Cruz

    This utter and complete fail to understand basic contract law is about par for the course at an agency led by a General Counsel who is a White-Collar Criminal Defense/Mob Lawyer brought aboard to run a cover-up in the wake of a massive kick-back scandal. Fortunately, beyond these Board of Administration elections, CalPERS has no need of expertise in contract law.

    Oh. Wait a minute…

    Follow the money!

  3. Clive

    If CalPERS get taken in by hucksters like Votem, which is “only” a penny ante hoodwinking, what else are they wasting beneficiaries money on?

    A well-informed competent staff (which has any fear of a board* that might at least censure errant staff) and a state legislature which is even vaguely interested in what grifting is afoot in Sacramento would have stepped in and stopped phoniness like the Votem shenanigans which as a minimum create a risk to CalPERS and potentially expose CalPERS to legal sanctions.

    Can someone give me a $300bn fund to manage, and, having handed over the money, then take no appreciable interest whatsoever in what I’m doing with it?

    * there are of course a couple of determined board members trying to stop the rot, but more are needed like them

  4. flora

    Information obtained via a Public Records Act request shows that CalPERS did zero in the way of due diligence on Votem’s operations. They simply ran some searches and had a couple of chats with Votem, and checked three not-impressive references.

    Sounds very like the due diligence CalPERS did for the Asubonten hire.

  5. The Rev Kev

    “Rafferty’s Rules”
    /ˈrafətɪz/
    noun informal • Australian/NZ
    unpunctuated: Raffertys rules; plural noun: Rafferty’s rules

    No rules at all.
    “the campaign was fought according to Rafferty’s rules”

    Also known in the US as prosecution futures.

  6. Trustee

    It is a very sad commentary that staff feels free to hide this. “Votem” doesn’t even show up in the transcripts for the Finance and Administration Committee for 2017 or 2018 or the Board of Administration for 2018.

    Clearly staff felt no need to inform the Board of what was going on.

  7. Tom Stone

    I know I shouldn’t laugh about this, but it is so over the top I can’t help myself.
    CalPers appears to be approaching critical mess, it’s going to blow up sooner than later and land in Gavin Newsome’s lap unless his handlers get off the stick.
    Our Governor is a big money machine politician, not very bright and severely dyslexic.
    As Mayor of SF he was famous for snorting coke off of his married secretary’s ass…
    and not much else.
    If the new administration gets an investigation going in the next two months he’ll have a shot at the Senate, otherwise he’ll be one and done as Governor.

  8. EoH

    Votem Corporation is the sort of company that any well-run organization would run the hell away from. That would be true regarding normal service contracts. It is even more true about something as important as managing an election. Contracting with it is a corrupt act.

    CalPERS was blindsided when an important vendor apparently went bankrupt. It had little time to resource the work. A rational actor would have sought to have VC adopt the contract – with approval by other parties – so that it stood in exactly the same position as Everyone Counts.

    No one apparently wanted that, another red flag, given how big a potential client CalPERS could have been to an inadequately funded and staffed start-up like VC. Now they’re a headline.

    I would describe parties in this circumstance who attempted to use a back-dated “amendment” to solve the missing party problem as committing fraud. Votem is as much a shell as the defunct Everyone Counts. K&H is doing what CalPERS should have done. Instead, CalPERS gives us another example that its board has no clue and cares less about fulfilling its obligations. It seems to think its only job is to support Marcie Frost in whatever she does, rather like Lindsey Graham’s view of Donald Trump.

  9. The Rev Kev

    So I’m looking at Votem’s team at https://votem.com/our-team/ and frankly I have seen better heads on a glass of beer. Their stated mission? “Our mission is to have 1 billion people around the world vote through the Votem platform using their mobile device by 2025.” What gets my neck hair tingling though is the fact that one of this team is a Senior Fellow with the Atlantic Council. As far as I am concerned, that is a red flag that there is more to this than meets the eye. I note too without comment that one of their case studies was when during the 2016 election they were part of the voting infrastructure for the District of Columbia. And this was only about two years after they came into being. Quite a coup that.

      1. The Rev Kev

        Spotted that and should have been more specific in my comment. My mistake. Still a remarkable contract for a company to be awarded with all the others when it had not even existed only two years previously. Reminds me of that company that post-Brexit has been awarded the ferry contract although it has no ships or experience. Such things cause me to look askance at such new outfits.

    1. Lambert Strether

      > What gets my neck hair tingling though is the fact that one of this team is a Senior Fellow with the Atlantic Council.

      Good catch. Here is Peter Haynes’s bio, and here is an article by him. He is a more impressive figure than I would expect to find on the board of a company that bought Everyone Counts. I don’t like the incongruity.

      From that article, “Hacking the Internet of Everything”:

      For the Internet of Everything to be acceptably hack-resistant, manufacturers must adopt a set of principles that include “security by design”—systems where the software has been designed to be secure from the ground up. They must ensure that any device attached to the Internet of Everything is capable of adapting in real time to emerging threats. There is also an urgent need to develop truly global security and trust frameworks for intelligent objects—the Internet of Everything knows no borders. And just as the verification of personal identity is crucial for many of the things we do on the Web (such as banking and shopping), the intelligent objects that make up the Internet of Everything must also have a foolproof means of digitally exchanging authenticated claims about their identity.

      “Designed to be secure….” Except for the back doors, of course.

      There’s also no good reason I can think of for the Atlantic Council to take a view on electronic voting at all. Yet it is. From Open Source Election Technology in 2014:

      For our elections official stakeholder community, I thought we’d pass along our “take” on yet another recent study about online voting. But this one, from a respectable think tank [BWA-HA-HA!!!!!] in Washington D.C., shouldn’t make election administrators worry too much. No need to brace for a legislative blunder, so long as this paper is taken seriously, as it should be. On the other hand, there doesn’t yet appear to be a replacement for your DRE machinery – for those of you still relying on them.

      This report, “Online Voting: Rewards and Risks,” by Peter Haynes and Jason Healey of The Atlantic Council’s Brent Scowcroft Center on International Security is moderate and balanced in tone. (Some may recall Brent Scowcroft was President George H.W. Bush’s centrist, pragmatic national security adviser.)

      It acknowledges the desire in an interconnected world for easy voting by laptop or smart phone, but it also goes a long way toward explaining why that is a hard goal to realize given the current state-of-the-art of elections technologies….

      “For the digital generation, unsupervised polling via mobile devices may be the ‘killer app’ of e-voting,” the authors note. “For that to become a reality, device security will still need to be strengthened. Biometrics (such as fingerprint scanning) and two-factor authentication (such as when a bank requires a customer to enter both a password and a code sent to his or her mobile phone) could help solve these issues. Beyond enhanced security and auditability, greater public acceptance of and trust are also essential.”

      Ultimately, the authors assert, “the growing percentage of voters who have grown up with digital technology will likely tilt the balance towards online voting—even if that shift initially manifests itself as a mix of online technologies and paper verification to reassure individuals that their vote has been cast and counted as they intended.”

      It’s still very hard for me to imagine why the Atlantic Council thought this was a suitable topic for the investment of resources. What’s the payoff?, as JJ Jelincic would ask.

      One might also ask a question we ought to be asking about a lot of other systems: Is e-voting Jackpot-hardened? I don’t think so.

  10. Katherine McNenny

    Much like CALpers, the Los Angeles’ “Department of Neighborhood Empowerment” aka “DONE” is basically in the same predicament in terms of still being contractually connected to Everyone Counts for future online “neighborhood council” elections. But, this level of scrutiny has sadly not been applied in LA. There were online neighborhood council elections planned for 2019, but “Votem” was not ready yet…with the merger and all…

    Thing is, there is still a contested and very murky online election that happened in 2017 (for Skid Row in Downtown LA) that Everyone Counts was involved with- meaning the election tally has STILL not been proven in term of number of voters that were SAID to have voted vs. number (list) of voters that the City of LA has given to Petitioners (yes, this is now a lawsuit).

    And yet, the City of LA is aggressively moving forward with plans to fund even more online neighborhood council election. Recent Public Records Requests prove that the LA City Clerk’s Office, at the behest of the City Council, was planning a new “online pilot” program for 2019 which would include 10 LA neighborhood councils. Only a wrench got thrown in the plans for this pilot because Everyone Counts was in the middle of the “Votem” merger, creating a bit of disarray. Votem apparently uses something called “blockchain” technology for voting, something Everyone Counts did not use. An email dated November 19, 2018 from Richard Truong, the IT Director at the LA City Clerk’s Office to Midori Connolly at Votem (previously Everyone Counts) reads:

    “I completely understand and if E1C/Votem is not comfortable with this pilot project, we should pull the plug on the 2019 pilot sooner rather than later. In addition, we have not seen the Votem system and have some concerns on our end as well.”

    Does the City of Los Angeles even understand what blockchain voting is? Certainly, this new voting system was never revealed to the Public in LA. This email raises all sorts of questions as to why the City would be so eager to use something sight unseen considering all the many problems with past online neighborhood council elections.

    It seems that the City of LA and CALpers both seem to favor this bs.

    1. Yves Smith Post author

      Two points:

      1. Votem admitted in its CalPERS due diligence that it does not have its own blockchain technology, that’s what the Initial Coin Offering was funding. So they are selling vaporware.

      2. Blockchain is unsuitable for voting because every transaction on the blockchain is logged. It means voters are not assured of having confidentiality. It would appear to violate the California constitutional requirement that “Voting shall be secret.”

      1. flora

        …and blockchain tech can be hacked*. All the woo about blockchain eliminating corruption is nonsense but great pr for blockchain tech.

        *https://coincentral.com/blockchain-hacks/

Comments are closed.