Navigation
Topics
Log In
Log Out
:
Special Search
New Today
New This Week
Advanced Search
Tree View
Your Account
Edit Profile
Register
Forgot Password
Tools
Help/Instructions
Policies
...
|
| 12-13-05: Devastating hack proven - L... |
|
| Author |
Message |
    
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 76
Registered: 01-2005
Best of Black Box? 
Votes: 64 (A keeper?) | | Posted on Tuesday, December 13, 2005 - 3:42 pm: | 
|
UPDATE Dec. 16: Volusia County (FL) joins Leon in dumping Diebold. Due to contractual non-performance and security design issues, Leon County (Florida) supervisor of elections Ion Sancho has announced that he will never again use Diebold in an election. He has requested funds to replace the Diebold system from the county. On Tuesday, the most serious “hack” demonstration to date took place in Leon County. The Diebold machines succumbed quickly to alteration of the votes. This comes on the heels of the resignation of Diebold CEO Wally O'Dell, and the announcement that stockholder's class action suits and related actions have been filed against Diebold by four separate law firms. Further “hack” testing on additional vulnerabilities is tentatively scheduled before Christmas in the state of California.
Finnish security expert Harri Hursti, together with Black Box Voting, demonstrated that Diebold made misrepresentations to Secretaries of State across the nation when Diebold claimed votes could not be changed on the “memory card” (the credit-card-sized ballot box used by computerized voting machines.
A test election was run in Leon County on Tuesday with a total of eight ballots. Six ballots voted "no" on a ballot question as to whether Diebold voting machines can be hacked or not. Two ballots, cast by Dr. Herbert Thompson and by Harri Hursti voted "yes" indicating a belief that the Diebold machines could be hacked.
At the beginning of the test election the memory card programmed by Harri Hursti was inserted into an Optical Scan Diebold voting machine. A "zero report" was run indicating zero votes on the memory card. In fact, however, Hursti had pre-loaded the memory card with plus and minus votes.
The eight ballots were run through the optical scan machine. The standard Diebold-supplied "ender card" was run through as is normal procedure ending the election. A results tape was run from the voting machine.
Correct results should have been: Yes:2 ; No:6
However, just as Hursti had planned, the results tape read: Yes:7 ; No:1
The results were then uploaded from the optical scan voting machine into the GEMS central tabulator, a step cited by Diebold as a protection against memory card hacking. The central tabulator is the "mother ship" that pulls in all votes from voting machines. However, the GEMS central tabulator failed to notice that the voting machines had been hacked.
The results in the central tabulator read:
Yes:7 ; No:1
This videotaped testing session was witnessed by Black Box Voting investigators Bev Harris and Kathleen Wynne, Florida Fair Elections Coalition Director Susan Pynchon, security expert Dr. Herbert Thompson, and Susan Bernecker, a former candidate for New Orleans city council who videotaped Sequoia-brand touch-screen voting machines in her district recording vote after vote for the wrong candidate.
The Hursti Hack requires a moderate level of inside access. It is, however, accomplished without being given any password and with the same level of access given thousands of poll workers across the USA. It is a particularly dangerous exploit, because it changes votes in a one-step process that will not be detected in any normal canvassing procedure, it requires only a single a credit-card sized memory card, any single individual with access to the memory cards can do it, and it requires only a small piece of equipment which can be purchased off the Internet for a few hundred dollars.
One thousand two hundred locations in the U.S. and Canada use Diebold voting machines. In each of these locations, typically three people have a high level of inside access. Temporary employees also often have brief access to loose memory cards as machines are being prepared for elections. Poll workers sometimes have a very high level of inside access. National elections utilize up to two million poll workers, with hundreds or thousands in a single jurisdiction.
Many locations in the U.S. ask poll workers to take voting machines home with them with the memory cards inside. San Diego County (Calif) sent 713 voting machines/memory cards home with poll workers for its July 26 election, and King County (Wash.) sent over 500 voting machines home with poll workers before its Nov. 8 election.
Memory cards are held in a compartment protected by a small plastic seal. However, these simple seals can be defeated, and Hursti has found evidence that the memory card can be reprogrammed without disturbing the seal by using a telephone modem port on the back of the machine.
The Hursti Hack, referred to as “the mother of all security holes” was first exposed in a formal report on July 4. (http://www.blackboxvoting.org/BBVreport.pdf).
Diebold has insisted to county and state election officials that despite Hursti’s demonstration, changing votes on its memory cards is impossible. (Public records from Diebold, including threat letter to Ion Sancho:
http://www.bbvforums.org/forums/messages/2197/10535.html)
On Oct. 17, 2005 Diebold Elections Systems Research and Development chief Pat Green specifically told the Cuyahoga County (Ohio) board of elections during a $21 million purchasing session that votes cannot be changed using only a memory card. (Video of Pat Green: http://www.bbvforums.org/forums/messages/2197/14298.html) Over the objections of Cuyahoga County citizens, and relying on the veracity of Diebold’s statements, the board has chosen to purchase the machines.
According to Public Records obtained by Black Box Voting, Diebold has promulgated misrepresentations about both the Hursti Hack and another kind of hack by Dr. Herbert Thompson to secretaries of state, and to as many as 800 state and local elections officials.
Stockholder suit filed by the law offices of Stull, Stull & Brady and also by Scott and Scott.
Stull Stull & Brady lawsuit: http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/8/15603.html
and http://www.bradblog.com/archives/00002153.htm
Diebold CEO resigns: http://www.informationweek.com/news/showArticle.jhtml?articleID=175001748
Volusia County dumps Diebold too
Orlando Sentinel
DELAND -- Diebold voting machines will soon be history in Volusia County. After a nearly five-hour hearing today, County Council members voted to replace its Diebold machines with an entirely new system manufactured by Election Systems & Software.
The move, which will cost more than $2.5 million just for the equipment, was prompted by a federal mandate to buy at least one handicapped-accessible voting machine per precinct by Jan. 1. But the only such devices approved for use in Florida are ATM-like touch-screen machines that don't use paper ballots. But a majority of County Council members want devices that use paper.
The agreement approved Friday on a 4-3 vote allows the county to trade in the paperless touch screens for an ES&S-supported ballot-marking device with an accessible touch-screen called AutoMark if it gets approved for use in Florida. That would cost an additional $150,000.
If AutoMark certification doesn't happen by April 1, the county has the option to get out of the entire contract with ES&S and get a full refund.
Chairman Frank Bruno, Art Giles, Carl Persis and Dwight Lewis voted for the ES&S contract. Council members Joie Alexander, Bill Long and Dwight Lewis opposed it.
The vote ends a nearly year-old debate in Volusia County about how to comply with the federal Help America Vote Act, which mandates accessible voting devices.
KUDOS TO SUSAN PYNCHON, Florida Fair Elections Coalition
Permission to reprint granted with link to http://blackboxvoting.org
|
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1321
Registered: 12-2004
Best of Black Box? 
Votes: 4 (A keeper?) | | Posted on Tuesday, December 13, 2005 - 4:05 pm: |
|
Wow.
And what with the securities fraud lawsuit just filed against Diebold, it's like a one-two punch.
Surely the media will find this difficult to ignore. Let's make sure they don't. |
Joseph Hall
Voting Rights Forum Participant
Username: Joehall
Post Number: 27
Registered: 01-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Tuesday, December 13, 2005 - 5:16 pm: |
|
This is pretty significant guys... will there be a tech. report of sorts from BBV on this event? (Something we can cite/point to that lists the specifics of how this experiment was conducted.) best, Joe |
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 77
Registered: 01-2005
Best of Black Box? 
Votes: 2 (A keeper?) | | Posted on Tuesday, December 13, 2005 - 5:22 pm: |
|
You BET there will be a full report. This is just the preliminary heads-up.
Also: this was all done without getting any passwords for any system. All we had was the same degree of physical access that any mid-to-high level elections staffer or official would have. In any county you can figure there will be at least three people (the top guy in the department, the top tech guy and his backup) with enough access to do this and often more. It only takes one being corrupt to pull this off.
And that's in counties that are least trying for a reasonable level of security. All too often they either allow Diebold on-site employees/contractors too much access or they practically turn the whole process over to Diebold. The latter is more common in smaller/rural counties but not unheard of in bigger.
In such cases the number of potential fraudsters goes up. |
John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush
Post Number: 101
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Tuesday, December 13, 2005 - 7:06 pm: |
|
This is a great day...the best news I have heard in a long time. Three cheers, and 100 more, for Bev, Harri, Jim, and everyone else involved in this fight.
John
Deserter, brain is fried, no WMDs, yada yada yada. No wonder we clowns laugh.
|
Lara Marks
Voting Rights Forum Participant
Username: Meowomon
Post Number: 1
Registered: 12-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, December 13, 2005 - 11:56 pm: |
|
The media in Tallahasse ignored this. I live here in Jeb's back yard and when I called the editor at the Tallahasse Democrat, she argued with me that the Diebold CEO resignation and impending lawsuit were not significant. I then called Ion Sancho, Supervosor of electios and he told me of the plan to dump the Diebold machines. See my blog, http://www.sendthelesbianstocanada.com
It is still not being reported in the Tallahassee Democrat. Please email them to let them know you are disappointed in the lack of media response. |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2935
Registered: 12-2004
Best of Black Box? 
Votes: 3 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 1:34 am: |
|
The Tallahassee Democrat has done very good coverage of this. They have already published articles earlier, and this project was completed after deadline today. I expect you will see it appear tomorrow or the next day.
Thanks, Lara, for your voice in this matter. Keep the tone positive, because you will see mainstream media coverage. The press deadline was well past when we finished at 7 p.m. tonight.
Love ya,
Bev Harris |
Lara Marks
Voting Rights Forum Participant
Username: Meowomon
Post Number: 2
Registered: 12-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 10:48 am: |
|
Bev, as I have posted on the Brad Blog, The Tallahassee Democrat was traded by Knight-Ridder for a strange deal with Gannett. The new editor decided to put national news and other new items on the back pages and wrote and editorial as to why this was their "editorial" decision. Since then it has had (IMHO)nothing but fluff pieces and recipes on the front to pacify the Bible thumpers who have taken over the politcal spectrum of this area. I LIVE HERE! So don't tell me to stay positve when I feel as if my Constituional Right to a free press has been usurped by the right wing political forces in this country. I will not be silent and I will not put a "positive" SPIN on anything as long as our Constitutional Rights (like the one to vote) are being stripped everyday! I live as an out Gay person in this area and have lost employment because I will not be silent! I have had violence perpetuated on me and friends because I am Gay and I will not be silent and I will not be "positive" when there is little or nothing to be pos}itive about. |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2939
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 11:16 am: |
|
Was it traded after July 2005? Because the Tallahassee Democrat provided some of the first coverage of the Hursti hacks in Leon County. You'll find their articles by clicking the "News" tab (top left) at this site.
This is a very controversial issue and sometimes newspapers report on things that are negative -- like the Florida Supervisors saying the Voting Rights Act is unneccessary -- but that doesn't mean the reporter shares those beliefs. It is very important to report those negative things and get them on record. I can't speak for their coverage on other issues, as I don't follow that.
On this issue, their recent coverage is less pleasing than their earlier coverage, which is why I wonder when the corporate governance changed. There are also big difference among reporters as to perspective and "spin."
Coverage by Tallahassee Democrat:
http://www.bbvforums.org/forums/messages/8/9516.html- August 2005 - I'd give this article a negative rating, but it reflects more on the Florida Supervisors of Elections than the newspaper that reports this.
http://www.bbvforums.org/forums/messages/8/9379.html - July 2005 - This article is misleading and I give it a poor rating
http://www.bbvforums.org/forums/messages/8/6672.html - June 2005 - rather nasty coverage, but reflects on Diebold more than the reporter I think, though it would have been nice for him to get quotes from relevant people on both sides of the issue. This story pertains to Diebold's threat letter to Ion Sancho.
http://www.bbvforums.org/forums/messages/8/6609.html - June 2005 -- good story, good coverage, balanced
http://www.bbvforums.org/forums/messages/8/1483.html Jan 2005 -- good story, balanced |
John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon
Post Number: 200
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 11:47 am: |
|
When will there be an announcement from Leon County about this situation? Is Ion Sancho going to put out a media release of some type?
Information Manager, VotersUnite.org
|
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 2025
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 12:04 pm: |
|
For now there's this from the Leon County Supervisor of Elections web site, http://www.leonfl.org/elect/SpecialReport.htm
<start>
Wednesday, December 14, 2005
Special Report: Black Box Voting Attempts to Penetrate The Leon County Florida Optical Scan Voting System.
In January of this year Leon County Supervisor of Elections Ion Sancho was contacted by representatives of Black Box Voting .org, a non-partisan elections advocacy group, to see if their computer experts could successfully circumvent the security of the Leon County voting system. Supervisor Sancho agreed to this proposal and in three separate attempts over a four month period, computer experts Dr. Herbert Thompson and Harri Hursti visited the Leon County Elections Office in their efforts to penetrate the county voting tabulation equipment and alter election data.
The tests focused on two areas: outside or external hacks, specifically examining the modem and any lines going to the vote tabulation computer, and simulated inside or internal penetrations. The results were clear. No outside hack was accomplished. This was not the case however when the hacker was physically present at the vote tabulation computer terminal.
Granted the same access as an employee of our office, it was possible to enter the computer, alter election results, and exit the system without leaving any physical record of this action. It was also demonstrated that false information or instructions could be placed on a memory card (the device used to program the individual voting machines and record the voter’s votes) and create false results or election reports.
What conclusions can be drawn from this exercise? First, the optical scan voting system was resistant to external penetration, including using the modems which transmit election results from the precincts to the central vote accumulator. Outside hacking is seen as one of the greatest potential threats to undermining citizen confidence in the election process. The Leon County Supervisor of Elections is tremendously relieved that such penetration was not accomplished.
Secondly, the potential for internal sabotage does exist. It is imperative that security protocols be developed which limit access to the central voting computer and memory cards in election offices. Limited access, video surveillance, and tight controls on the use and distribution of memory cards, all practices currently in place in the Leon County Election Office, are vital to ensure unauthorized actions do not compromise the integrity of the elections process.
Finally, the ultimate insurance that Leon County’s votes are counted correctly resides in the paper ballots of the voters themselves. If the public or election official has any question over the results of an election, a hand count of the optical paper ballot provides the truth. No internal manipulation of any computer or memory card can alter the votes on these paper ballots.
Based upon the data developed out of this exercise it is the opinion of the Leon County Supervisor of Elections that any effort to limit or remove the manual examination of paper ballots to confirm the correctness of election results is not in the public interest.
<end>
I'll see what I can dig up in the way of remarks Ion has made to the press in the last 48 hours.
PAV ;-) |
Linda Franz
Frequent Voting Rights Forum Participant
Username: Linda_franz
Post Number: 174
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 12:06 pm: |
|
Way to go guys.
Can we ever thank Ion Sancho enough for his courage and dedication to the truth?
Opportunities abound, not only with poll workers taking machines home, but also in the lack of real chain-of-custody for the cards. If the cards aren't uploaded at the polls, if a card has a "problem" and is taken somewhere else for resolution, if the cards are not witnessed in the entire process of taking them out of the machines and uploading the results......I'm sure there are more opportunities.
And if the card hack does not require a bona fide computer expert at the point of the hack? In other words, since the cards can be programmed ahead of time, it might only be necessary to "follow instructions" to accomplish the card hack? Or programming on the official card that the election officer is unaware of? Then the potential of the hack for more widespread distribution.....well, it's not a pretty thought.
Not only has it been curious and frustrating encountering the resistance to a voter verified paper record/trail/ballot, which now seems to be going the way of paper (verifiability)- but the next huge fight against any form of auditing elections to verify the accuracy of the machine count is just nuts. This should be a red flag and a clue to journalists to start digging. |
John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon
Post Number: 201
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 12:34 pm: |
|
Pat, that statement on the Leon Co. site has been there for awhile. Thanks for doing the search. I've been looking on and off all day today.
Information Manager, VotersUnite.org
|
BBV Admin
Board Administrator
Username: Admin
Post Number: 2940
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 12:38 pm: |
|
Nope, what's listed above is not the media release. The date automatically updates on that, but it's from a long time ago.
Black Box Voting followed exactly the same procedure with disclosure of the story today that we did in May. However now both Harri Hursti and Ion Sancho are so much more high profile -- and with general interest raised due to the California hack, Wally O'Dell's resignation, and the stockholder lawsuit -- the press is all over this.
I'm sure Mr. Sancho will issue a statement as soon as he can prepare it the way he wants. Mr. Sancho may have been surprised at the immediacy and intensity of the media inquiries, since the confluence of events produced a much hotter press environment this time than we experienced last May.
Although Black Box Voting has his announcement on videotape, and his statements are direct, to the point, and clear as a bell, the press needs the confirm to come directly from him before they can run with it.
That's the problem with media. At first it ignores things and then a tipping point is hit -- then it smacks everyone in sight against the wall like a ship in gale-force winds.
Ion Sancho is a national hero. Other elections officials are coming forward now, but it is Sancho who had the courage to lead. |
Lara Marks
Voting Rights Forum Participant
Username: Meowomon
Post Number: 3
Registered: 12-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 1:09 pm: |
|
Yes, The Tallahassee Democrat was traded after July. Just back in October 2005. And they are notoriously Right Wing, or as they call it "family friendly" They even posted an editorial on why they were no longer putting World news on the front page.
I live here in the heart of Jesusland (not in Leon County anymore where I was a resident for almost 15 years) and I have been a victim of right wing prejudice because I refuse to live my life in the closet. Now I find out that when I voted in 2000 in Leon County the machines may have been hacked by a REPUBLICAN controlled corporation whose CEO has been accuse of saying he will deliver REPUBLICAN votes to Ohio. My Constitutional right to vote may have been violated. Have they (REPUBLICANS) really stolen the election electronically? I don't think we will ever know the truth. But I do know that with the REPUBLICANS in control, my rights have been taken away in many other ways.
I do know that Mr. Ion Sancho, in my humble opinion, as far as I have known him or of him is a fine example of integrity and honesty. I don't say that about very many people whether elected or not. |
John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon
Post Number: 202
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 2:07 pm: |
|
Bev, you say "the press is all over this". Where is the press all over this except for the blogosphere? There is NOTHING in the MSM about this test or any statements from Ion. I would love to be able to send something out to my mailing list of Wa. state legislators about it but I need an MSM story about it.
Information Manager, VotersUnite.org
|
BBV Admin
Board Administrator
Username: Admin
Post Number: 2941
Registered: 12-2004
Best of Black Box? 
Votes: 2 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 2:19 pm: |
|
Yes. The press is all over this. Why would you expect interviews taking place today to be online right now?
I haven't been able to get off the phone, and I'm just a bit player.
USA Today is covering O'Dell's resignation.
I am seeing a general lack of understanding about typical news timelines in the mainstream media. Internet media is much quicker.
The mainstream media can cover O'Dell's resignation, but that's not a major story unless it has a tie-in to something else. They can't speculate about it being due to voting machines, they'd have to have a source or proof or a statement from Diebold.
They can cover the stockholder's suit and they will, but they usually wait until they have a copy of the lawsuit in hand, and they go over it and make a few phone calls to sources for quotes. Take away all political stuff and let's say this is a normal news story -- I'd expect that to take 2-3 days.
Obviously, there are quicker turnarounds, but it depends on how "hot" the story is. To make it "hot" you need tie-ins with other breaking news or you need it to be one of those feeding frenzy stories that everyone's trying to scoop each other on.
For the hack story, they need a direct confirm from Ion Sancho. Since this happened after deadline last night, that means they couldn't get that quote until today for tonight's news. They'll get a more thorough story if they get Ion Sancho's formal press release, and they'll wait for that.
It's not at all unusual for the media to take 3-4 days on a story. Yes, often a story is covered same-day, and this would have been if we'd invited the press to stand there and watch, offering a chance to interview Sancho and Hursti afterward, but the complexity of organizing everything, including bringing people here from other countries and around the U.S., did not lend itself to adding to the zoo. There was discretion about the schedule, and even I did not know exactly when it would take place yesterday until a couple hours before.
Therefore the effort was to document it meticulously and release the information afterwards. |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2943
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 4:41 pm: |
|
The difference between the May 26 Hursti Hack and the Dec. 13 Hursti Hack:
On May 26, Hursti did three exploits:
1a) Changed report of the votes without changing the internal data (votes themselves). In this version he kept the program size the same, on the theory that Diebold might have code that checks to see if the program was the wrong size, and therefore possibly tampered. No error message was produced and a tampered report was produced.
1b) Same as above, but with the program a different size. No error report was produced and a tampered report was produced
2) Pre-stuffing the ballot box -- changing the vote data itself, without changing the report of the votes. This produced a "zero report" (a correct one) that showed the pre-stuffed votes.
----------------------
Yesterday, Hursti:
- pre-stuffed the ballot box with plus/minus votes
- altered the code to produce a hacked zero report (similar to 1b above).
This produced a zero report despite the fact that there were votes in the ballot box.
- Ballots were run through the scanner.
- Results report was run from the scanner
- Votes from the memory card were uploaded into GEMS
- Ran results report from GEMS
No error reports were produced at any time.
Whereas the tests on May 26 proved that it is possible to manipulate voting machine results reports and proved that you can pre-stuff the ballot box, we still had not achieved proof of concept for the theory that you can falsify a zero report at the same time as pre-stuffing the ballot box, nor had we yet proved that the pre-stuffed ballot box will work properly after running ballots through the machine, nor had we yet proved that such altered data could be uploaded into GEMS without triggering error messages.
On Dec. 13, Hursti proved that the entire system can be compromised without producing error messages and without leaving a trace, using nothing but a memory card. |
Patricia Tavormina
Voting Rights Forum Participant
Username: Patty
Post Number: 37
Registered: 04-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, December 14, 2005 - 5:18 pm: |
|
No offense, Bev, but I always feel like the reports we get on this very important issue are the final smoking gun. I felt that way in February, and again in May, and again now. Then the next report comes out, and it points to why the previous reports were incomplete (as you illustrate above.) I feel like, quite frankly, I was fed a line about some tipping point being reached, only to wait, and wait, and wait.... and eventually learn that the previous report was not conclusive. A big part of the problem is my lack of technical understanding of these machines. But another part is that you aren't telling us the shortcomings of each report, or issues that haven't yet been ironed out.
Can you tell me what chinks exist in the present report? IOW, what would Diebold throw at you to say "Yes but, you still couldn't X, Y, or Z."
What is the X, Y, Z that hasn't been shown yet?
Notwithstanding, thank you for your very hard and tireless work.
from Bev: Patty -- The original report is very clear as to what was tested and what was not. It explicitly marks the items we have proof of concept on vs. those that we recommend for further testing. http://www.blackboxvoting.org/BBVreport.pdf). The test yesterday consummated one of the items recommended for further testing. However, the report is 32 pages, so I summarized the differences here for people who are new to Black Box Voting and haven't seen the report. -- Bev |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2945
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, December 15, 2005 - 3:01 am: |
|
For a mainstream media article about this story, see the Miami Herald's piece: http://www.miami.com/mld/miamiherald/news/13410061.htm |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 2027
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, December 15, 2005 - 3:14 am: |
|
Hi Patricia,
I'm not sure what you mean by "the final smoking gun" or why you would expect any one piece of this puzzle to be the 'final' anything. I certainly don't get that impression from reading these reports.
These reports are just what they are, reports, from Black Box Voting.org to their members and other interested persons who request them. This report deals with a successful hack performed in Leon County, Florida on Wednesday, December 13. The report gives full details of the hack performed, the witnesses present, and the conclusions expressed by Ion Sancho. See snips below.
"This videotaped testing session was witnessed by Black Box Voting investigators Bev Harris and Kathleen Wynne, Florida Fair Elections Coalition Director Susan Pynchon, security expert Dr. Herbert Thompson, and Susan Bernecker, a former candidate for New Orleans city council who videotaped Sequoia-brand touch-screen voting machines in her district recording vote after vote for the wrong candidate."
<snip>
"Leon County (Florida) supervisor of elections Ion Sancho has announced that he will never again use Diebold in an election. He has requested funds to replace the Diebold system from the county."
As you can see, this report is as complete as it needs to be for what it is and concerns only one manufacturer of voting machines and in only one location. It says nothing about ES&S, Sequoia, Hart Intercivic or any other manufacturer nor does it in any way purport to be a "smoking gun" that will change everything or anything, other than the opinions of the elections officials who authorized and witnessed this test.
It is however a "devastating" hack for Diebold's reputation in the sense that Diebold made numerous claims about the security of their election systems after the earlier Leon County hack that have now been proved false by expert witnesses who can be called into legal disputes that may arise from the false claims made to elections officials in Leon Co. and elsewhere. This is just one more small step in a long march to reclaim our elections.
Any 'feelings' that anyone may develop about the significance of these reports to the overall problem of 'election fraud', beyond what the reports actually say, are purely their own.
If you're expecting some magical 'smoking gun' to surface that will end decades of election fraud conducted by some members of all political parties, then I'm afraid that you are going to be sadly disappointed.
Election fraud takes many forms and the vulnerabilities of the voting machines are but one of them. Diebold is just fraction of the overall problem and we here all know this. No one here would be foolish enough to make any claims to the contrary. I see no such claims in this or any other report from BBV.org.
You ask about "chinks" in the present report, "issues that haven't been ironed out", and how Diebold would respond.
Let me address that by pointing out that Black Box Voting.org has been the only public organization that has managed to get the cooperation of any elections officials in any jurisdiction to allow a demonstration or testing on actual equipment in use in elections. That in itself is quite a feat.
You seem to feel that "the previous report was not conclusive". I beg to differ. In fact, the previous report most certainly was conclusive as this latest test just proved. Harri's hack works whether the machine is hacked on it's own or as part of the entire system. Once the totals have been manipulated there is nothing in the rest of the system that can tell that the results have been modified, despite Diebold's claims to the contrary.
At first, all BBV.org could do was demonstrations on standard computers that showed that the software could be hacked. Diebold responded with a pack of lies and claimed that it was nothing more than the equivalent of a "magic show" and that the hacks demonstrated wouldn't work on their equipment.
BBV.org was able to convince Ion Sancho to allow a test on an actual machine that proved that Diebold had lied.
Diebold then changed their claims and threatened Leon County with voiding their warranty for allowing the machine to be hacked! Their claim then became that BBV had only hacked a part of the system and the hack wouldn't work on a fully configured election system.
This latest test proves, once and for all, that Diebold LIED about their security once again. I fully expect them to continue to lie in the hope that no one will notice. I can assure both you and Diebold, we here will notice and Black Box Voting.org will continue to work to expose their lies.
A few words about the press to those reading this thread.
As far as the press is concerned, my bet is that BBV.org winds up getting more 'main stream media' to report on this latest test than the weeks old GAO report has garnered in the 'MSM' so far. Both are important developments to our fight and BBV.org is in an excellent position to raise the issue of the underreported GAO report as this story develops.
Let me end by saying that we post here under our own names for a reason. It seems that every time BBV.org exposes another factual piece of this complex puzzle, a small but vocal group of extremists, from both major political parties, show up on several popular political web sites to bash Bev and BBV.org. They hide behind assumed screen names and make absurd, easily refutable claims.
They claim that "Bev stole other peoples research and claimed it was her own" when she wrote the Black Box Voting book. To refute that claim all one needs to do is read the book. It's free and available in pdf format on the front page of this site. I challenge anyone to read the book and point out a single line in it that is not properly attributed to the original source within the text, the hundreds of end notes, or on the acknowledgments page in the back of the book.
They claim that this is all a "scam" and "Bev is only in it for the money". If that's the case, then Bev and company are 'accidentally' exposing more factual information about what is really happening in our elections than any other 'legitimate' election reform group that I'm aware of. At the same time, Bev apparently managed to get some of the worlds best computer security experts to go along with the scam. (Damn I'm impressed! Well I would be if it were true that this is a scam.)
They make claims that "Bev hasn't produced anything! Well, that's a totally believable claim, if you just ignore the facts that;
A) Bev found the Diebold source code on an open, unprotected server and made it public starting this whole debate about Diebold's honesty concerning their security. (Diebold and some of these same people who bash BBV.org initially claimed that the software was not the same as that currently used in elections but that claim has since been proved to be false.)
B) Bev made public thousands of internal Diebold memos and e-mails, supplied by an insider, that demonstrate a pattern of lies and deceit on the part of Diebold management when dealing with various elections officials. (Again, the initial claim was that the documents were fake, that is, until a Diebold attorney accidentally confirmed that they were indeed real!)
C) Bev and Kathleen orchestrated the largest public records request ever, to gather audit records from over 3000 jurisdictions, for a single election. (I know for a fact that boxes of these records have been turned over to John Conyers staff and other prominent politicians in several states and they are still being actively investigated. Thousands of these documents are available in the Document Archive on this site for anyone to view if they so desire.)
D) Bev has spurred more newspaper, magazine & Internet articles, and radio & television segments that have raised public awareness, than anyone from any other organization out there. (I've been archiving these stories and appearances for several years now and I'm confidant that any search engine out there will confirm this as FACT. Bev and BBV.org are certainly not the only people out there raising awareness but they have been the most proficient at it in terms of reaching the general public.)
E) Bev Harris and Kathleen Wynne personally raided dumpsters to collect evidence of everything from forged ballots and poll tapes to financial documents that show unreported payments to lobbyists. They have also personally videotaped potentially incriminating statements made by key players in this drama. (See above and also check the Video Archives section of this site if you don't believe it.)
I could go on and on but I think I've made my point. Don't trust everything you read that's posted by nameless people on partisan political web sites. Many people on those sites share a common trait, they refuse to see the evil done by their own party and blame all the problems on 'the other guys'. History and the courts prove otherwise. The election fraud 'business' is an equal opportunity employer.
It's a shame that so many people who consider themselves part of the "reality based community" are so blind to the reality staring them in the face.
Sorry for the rant. I just get tired of reading this kind of crap on sites that are so scared that we might challenge their view of reality that they've banned us from responding to the lies they post or allow to be posted on their sites. I figured that since many of those people seem to be paying particular attention to this thread they might want to comment on what I've posted here.
Perhaps someone can explain why BBV.org has been able to get the cooperation of election officials to allow testing of actual systems in both Florida and California if, as they claim, "no voting officials will have anything to do with Bev Harris or BBV.org".
I'd also like them to explain why Bev and Jim March seem to get invited to speak at voting rights events with so many other activists when, according to the same few people, "no voting rights activists will have anything to do with Bev or BBV.org".
They might also want to check out the list of participants in our recent 'think tank' link located on the front page of the forums section. Do they contend that those people aren't really voting rights activists and elections officials or are they implying that we just made all of their comments up?
From what I've witnessed I'd have to conclude that their reality check bounced!
Pat A. Vesely ;-)
Proud Charter Member
Black Box Voting.org |
Kathleen Wynne
Frequent Voting Rights Forum Participant
Username: Kathleen_wynne
Post Number: 125
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, December 15, 2005 - 3:22 am: |
|
To all,
Believe me, while it was an honor and an experience I will never forget to witness this event and to be able to videotape the entire process, it was also a heartbreaking experience as well. Seeing theory put into practice and realizing that what many have suspected for such a long time now is actually true, was sobering and sad. What we all witnessed was the harsh reality that our election process is in great trouble and in dire need of citizen oversight and involvement, not only in our elections themselves, but in the process of deciding the best solution to the numerous problems that plague it at so many levels.
I hope what was learned at the Leon County Elections Warehouse on December 13, 2005 will open the door and make way for the real election reform that so many citizens have been fighting for, for so, so long.
Our work is just beginning. Let's get to it!
Kathleen Wynne |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2947
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 4:01 am: |
|
Pat --
Thank you so very, very much. And to those who are new to this site, Pat Vesely has been on this issue from the start. When I released the Diebold source code into the wild for the first time on June 16, 2003, Pat Vesely was one of the technicians who analyzed it and provided perspective on what it contains. A snippet from his original comments on the Diebold code is in my book under the name "Goody Two Shoes" -- because in the beginning, we were being threatened for looking at the Diebold files and most of the technicians used pseudonyms to post their comments.
It is now acceptable to examine our voting system. In Chapter 12 of the Black Box Voting book (http://www.blackboxvoting.org/bbv_chapter-12.pdf) you can get a feel for the very early perspectives of individuals who, operating under screen names, provided the first public examination of secret voting system code.
Thanks again, Pat.
Bev Harris |
Patricia Tavormina
Voting Rights Forum Participant
Username: Patty
Post Number: 38
Registered: 04-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 6:21 am: |
|
I never said that I don't support your work.
I find the way these reports are written, to be misleading.
I'd like to know what shortcomings have not yet been addressed by this week's test. I see that this single question from my earlier post has not been answered. *This* is the sort of thing I am talking about. The implication is that the case is rock solid. If you're not trying to imply that, then please be straight about what has yet to be tested. Can someone help me out here?
If Diebold were to argue you on this issue, what points would they throw at you to continue to make the claim that their machines are safe?
My tone is not hostile. It is intended to give you some small feedback into how one part of the public reads these reports. I would greatly prefer to see the remaining shortcomings/etc, listed in each report as it comes out. Something like Bev's succinct paragraph here:
"Whereas the tests on May 26 proved that it is possible to manipulate voting machine results reports and proved that you can pre-stuff the ballot box, we still had not achieved proof of concept for the theory that you can falsify a zero report at the same time as pre-stuffing the ballot box, nor had we yet proved that the pre-stuffed ballot box will work properly after running ballots through the machine, nor had we yet proved that such altered data could be uploaded into GEMS without triggering error messages."
...for a report, as it comes out. It makes the report stronger, and it makes it clear that you are not trying to hide anything. |
Justin Moore
Voting Rights Forum Participant
Username: Jdmoore
Post Number: 4
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 6:36 am: |
|
Diebold would probably argue that this is an issue of procedure, not computer security, and that of course someone can hack a machine if you let them swap out the memory cards. But they know that all counties using their equipment are good little election localities and would never let an unauthorized person insert an incorrect memory card. This is an issue of human management and security, and in no way an indication of the quality of their computer security -- which is, by the way, completely airtight and impeccable. (Did you know they built their reputation on 144 years of making safes, ATMs, and other great security products? Just look at this great glossy handout with color pictures!)
For the kicker: that's why they can't have scaaaaaaaaary people like Bev and Jim -- or any other citizen -- observing the count, because who knows what they might try to do? |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2949
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, December 15, 2005 - 8:04 am: |
|
For Patricia: Please read the Hursti report before commenting further about what you describe as its problems. Your description actually shows that you have not read the report.
This report is not misleading, but your posts are misleading to those busy individuals who have not had the time to read the technical report, which clearly addresses your issues, as does Jim March's answer that a formal technical report will follow.
News (journalistic) style differs from academic (research) style. The articles here are in journalistic style, and the Hursti Report and the upcoming technical report on this are more in the line of research style.
But as for this:
"The implication is that the case is rock solid."
Yes. The case proved in a rock solid way that the Diebold 1.94w election system with the GEMS 1.17.17 tabulator can be hacked simply by swapping a memory card, in such a way that no reports will reveal the manipulation.
This also proves in a devastating way that Diebold has lied to public officials including at least one secretary of state and a county board of elections during the course of efforts to make a $21 million sale.
The letter containing the lie, obtained in a Black Box Voting public records request from the state of Arizona, is published here and a link is in the article. A videotape of the Diebold Elections head of Research and Development, taken by Black Box Voting in Cuyahoga County during a procurement meeting, is published here at Black Box Voting and linked to the article.
Diebold made formal statements in a clear manner without leaving themselves any way out, to regulators and during procurement.
That's called fraud.
>Be straight about what has yet to be tested
The only remaining step is replication in another location, which Black Box Voting formally requested in California using EC 19202, and which is in negotiations now.
|
BBV Admin
Board Administrator
Username: Admin
Post Number: 2950
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 8:05 am: |
|
This story has now made the Associated Press. It is being picked up nationwide. |
Patricia Tavormina
Voting Rights Forum Participant
Username: Patty
Post Number: 39
Registered: 04-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 8:50 am: |
|
Thank you Admin. I appreciate the information about replication.
(I tried several times to slog through the Hursti report and got lost quickly, every time. I actually assume this is another problem that your organisation faces, as I am well-educated (though not much computer expertise) - and so hope of informing the public in my opinion should address the possibility that the wording of the Hursti report makes the information somewhat inaccessible. But, I thought one complaint was enough at a time.  Again, I support your work, and thank you for answering my question.) |
Jo Anne Karasek
Voting Rights Forum Participant
Username: Jo_anne_karasek
Post Number: 82
Registered: 08-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, December 15, 2005 - 11:28 am: |
|
I slogged through the Harri Hursti report on Diebold optical scans. I have very little technical knowledge, and I am sure I do not understand a number of parts. But I clearly picked up information such as that no fractional audit can be counted on to catch errors in the count with the Diebold optical scan. There has to be a full hand count. And that can be the case with other voting machine manufacturers.
So it is worth slogging through even though much of it is Greek to me. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1324
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 12:11 pm: |
|
I too found that the main concepts of the Hursti Report came across clearly, even without understanding all the technical details. I was quite impressed with the report's readability.
The last sentence or so that mentions--almost casually--that DREs and different brands of optical scanners may have the same defect--is something that might have been mentioned right upfront, in the first paragraph or so, and highlighted in some way. I wish something about the potential vulnerabilities in more-than-just-the-Diebold-scanner could have been expressed in the title or subtitle or flagged early on.
Too many election officials got the report and threw it away because they thought it didn't pertain to them since they didn't have any Diebold equipment. This could also have been mentioned in follow-up letters from BBV to force election officials to deal with the potential security issues, even if they didn't have Diebold equipment, and suggesting they quickly get a second copy if they no longer had the original they'd received from BBV via registered mail. (At least this way that wouldn't be able to escape scrutiny by claiming they should be forgiven since they didn't have Diebold scanners and so they assumed the report wasn't relevant to them.)
(Message edited by catherine_a on December 15, 2005) |
Patricia Tavormina
Voting Rights Forum Participant
Username: Patty
Post Number: 40
Registered: 04-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 2:11 pm: |
|
To be clear, the flaws in Diebold technologythat were identified in the Hursti report were fairly easy to glean from the short (nontechnical) report. The technical report, which was issued afterwards, reinforced to me that those flaws existed. This is why I thought it was essentially the "last word." That it was released on July fourth, and that it was claimed to be a tipping point, was what led me to expect the story to be picked up by all the media outlets.
I certainly didn't come away from it in May/June/July feeling like "OK, obviously they need to achieve proof of concept for the theory that you can falsify a zero report at the same time as pre-stuffing the ballot box. They also need to prove that the pre-stuffed ballot box will work properly after running ballots through the machine. They also need to prove that such altered data could be uploaded into GEMS without triggering error messages."
Catherine and Joanne, are you saying that upon reading the Hursti report, you realized these three points needed to be addressed? Are you saying that you saw, upon reading the Hursti report, that the case wasn't closed yet? If so, I most heartily applaud you!
I attempted the technical article, reading for comprehension, several times. It was too much. I would be delighted to learn that I am unusual in this regard, but having sent the article(s) on to almost every interested party I know, and posting it on several political message boards (with links to BBV as requested) and seeing zero interest in it, NO responses except things like "Please don't email me at work with this stuff," I am left with the feeling that the implications of this sort of fraud is not evident to most people. Why is that?
I am glad to see a forthright statement that the hack needs to be replicated. I *assume* that other types of machines need to be analyzed.
I am skeptical that much will change, and I am sick at the state of democracy in this country.
I am glad to see that there are dozens of MSM reports on this issue in the news at present. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1325
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 3:04 pm: |
|
The Hursti Report was about what was done on that occasion--how it was done, and what the results showed. The results were significant, since they showed that both the scanner and central count computer could be altered using a memory card and ensure that the results would agree with one another.
This was indeed a "tipping point": it was the first time this vulnerability was demonstrated on real election equipment, with the consent and supervision of an actual election official. It was a crucial turning point.
This event made possible the most recent test, and it will undoubtedly lead to yet more tests. As these accumulate it becomes increasingly impossible for the media to ignore, and it makes it feasible/advisable/obligatory for other conscientious election officials to demand similar tests.
Sounds like you interpreted "tipping point" to mean that you expected the election world to change overnight. This is not likely to happen under any circumstance.
Expect Diebold and other vendors to continue to try to raise the bar higher and higher--"You didn't test xxx. You didn't test yyy. Zzzz would never happen in a real election office. You can't prove that bbb has ever actually happened in a real election. What about aaaa piece of equipment--it is perfectly secure and you should believe us."
Expect vendors to spread plenty of disinformation and confusion to both election officials and the media. They have shown the willingness to lie repeatedly and knowingly, and the PRRs BBV has obtained are proof of this.
It will take awhile for the general public to wake up, but with your help and the help of many others eventually we will create change. |
John Washburn
Frequent Voting Rights Forum Participant
Username: Johnwashburn
Post Number: 299
Registered: 04-2005
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Thursday, December 15, 2005 - 3:24 pm: |
|
RE: Expect Diebold and other vendors to continue to try to raise the bar higher and higher--"You didn't test xxx. You didn't test yyy. Zzzz would never happen in a real election office. You can't prove that bbb has ever actually happened in a real election. What about aaaa piece of equipment--it is perfectly secure and you should believe us."
I have gotten some traction here with the WI State Elections Board with the statement: "I want a system no worse than paper." This had some effect in changing the burden of proof back to where it belongs; the vendor.
Paper works, is well understood and has well-known and well-identified flaws. Any replacement system should first have to demonstrated the new system is no WORSE than the paper ballot system.
For the you did not try ZZZ, I have begun countering with: "The memory card swap problem alone proves the system is less secure than paper. It should not be considered until the system is at least as secure as paper".
Too early to tell if this works well or not
(Message edited by johnwashburn on December 15, 2005)
John Washburn
Only bad software is delayed by good testing.
|
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 78
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 3:24 pm: |
|
Well it was Diebold that pounded on the "but they didn't change the actual electronic votes" theme literally all over the place since the release of the first Hursti Report. Bev had the brilliant idea to do public records requests to a whole slew of state and local elections offices asking for any memoranda related to the Hursti report.
We cast a broad enough net that while many agencies ignored it, enough didn't that we have a VERY complete picture of what Diebold's spin on the Hursti report consisted of.
In many ways, this "Hursti test part two" was set up to debunk Diebold's rather blatant mistatements since Hursti report pt. 1.
--------
Now as to other machines, there's a tantalyzing clue left behind in the technical report by consultant Steve Freeman's report to the California Secretary of State.
Freeman didn't set out to completely duplicate the Hursti Report 1 findings. But he reported "glimmers of them" - see for yourself:
---------
13. ABasic Files. AccuBasic report files are used to configure AccuVote-OS and AccuVote-TS report contents and printing in precinct count mode. They are actually loaded into the memory cards for the AV-OS and AV-TS where their logic is executed. There are 24 report files supporting modifications to the reports for different states and jurisdictions. A few of these may provide options that are attractive to local jurisdictions as they provide variations on what summary reports are printed optionally or automatically and the order they are prepared. At the current time, the Federal testing only uses one of these files and does no source code review, leaving this to the states to verify. Within our state testing, we only verified the reports for the same file, 194US.abo, revision 1.15, and have checked the source files. Since the source file is not reviewed in the Federal testing, we have no absolute verification that the installed file found in the witnessed build (forwarded by Ciber) was created from these source files but signature information in the .abo file matches what would be expected from the source file.
The source code I was given clearly does not directly affect stored votes or even the voting result content of the reports. It just sets up the report options that will be available to the operator and some operator display information that sets up the options. The .abo file given is without risk to the election results.
The actual file used is selected in the AV-OS Options window of GEMS from the pulldown list in the Report field so the local user could potentially select any of these files or a modification of that file. The risk occurs in the opportunity to replace the verified file with some other .abo file (prior version, one the other existing versions installed in the GEMS/ABASIC directory, or by replacing the current code with rewritten code performing other operations.) In a certification report last year, we recommended that the unverified report files be deleted from the GEMS directory leaving only the verified files. The California Use Procedures should specify which files are approved for use and provide information so that the approved files may be verified.
The risk involved with these files suggests that jurisdictions using this system should safeguard these files, as well as the election definition media that is used load these files to the voting machines.
Note: underlinging is original to the text, boldface is text marked as particularly noteworthy by Jim March
Source:
http://www.ss.ca.gov/elections/voting_systems/consultant_report.pdf
---------
Note the use of the term "other operations" - I read this as Freeman's roundabout warning that altered Accubasic can do more than just the legitimate functions. It can also act as a hacking channel as the Hursti 1 report showed.
Note too that Freeman says this is an issue for Diebold's optical scan ("OS") and touchscreen ("TS") systems. Freeman had his hands on touchscreen systems, we haven't yet. He seems to be saying that this issue exists on both platforms.
This is particularly scary when you realize that Georgia, Maryland and Lord knows where else still have the paperless Diebold DREs *and* that the memory card read/write device isn't a "Cropscan" or similar item or a non-standard use of the actual voting terminal. It is instead an ordinary laptop with a standard PCMCIA slot in the side - the TS/TSx family uses a far more common memory card format making this sort of hacking that much easier if it's otherwise similar to the optical scan system from a software point of view.
We definately want to try all flavors of the "Hursti style memory card hacking" with a Diebold touchscreen, as is reflected in our 19202 request to the California SecState.
The one they're "thinking about" now that our lawyer has bugged and prodded them recently... |
John Washburn
Frequent Voting Rights Forum Participant
Username: Johnwashburn
Post Number: 300
Registered: 04-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 3:41 pm: |
|
Since the BRC/ES&S/Sequoia OptiTech Eagles and the GES/Diebold AccuVote OS scanners were designed by the same team (Bob and Todd Urosevich) it is likely both systems have the same core architecture; vital executables on removable, mutable media (memory cards).
It is reasonable to perform this test on current versions of the BRC/ES&S/Sequoia OptiTech Eagles scanners to see if this equipment also has the same security defect uncovered by Harri Hursti.
John Washburn
Only bad software is delayed by good testing.
|
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1326
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 3:49 pm: |
|
John, you point out the likely similarity in several flavors of optical scanners. As Steve Freeman said the flaw exists in both Diebold OS & TS systems, are there ESS DREs that are also likely to have similar flaws in DRE architecture to the Diebold DRE family? |
John Washburn
Frequent Voting Rights Forum Participant
Username: Johnwashburn
Post Number: 301
Registered: 04-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, December 15, 2005 - 4:27 pm: |
|
I infer this because of 3 things.
First, this defect is related to the architecure of the system not the programming per se.
Second, design teams reuse a "working" architecture as much as possible.
Third, these 2 breeds of optical scanners were desined by the same team.
My inference would be the same this. Assume it becomes public, the foundation of every the Georgian houses built by John and Richard Washburn over the last 10 years was poured badly due to our unusual, but inexpensive system of foudation construction, for multi-storied Georgian houses. It would be reasonable to examine the foundation of every Georgian house poured by John and Richard Washburn regardless of the name of the businesses we were using at the time the foundations were poured. It does not matter if the specific houses built upon these foundations are built with wood, brick or engineered steel.
Regardless, of the company names used at the time, Bob and Todd Urosevich designed both optical scanning systems; BRC/ES&S/Sequoia Eagles and GEMS/Diebold AccuVote OS.
It is reasonable to suspect the core architecture may have been reused and thus the 2 system are similar enough to make testing for the Hursti defect worth doing. It does not matter in what language (C++, PASCAL, or AccuBasic) the programming is done. The foundation of the architecture is the same: vital executable portions of the system on removeable media.
(Message edited by johnwashburn on December 15, 2005)
John Washburn
Only bad software is delayed by good testing.
|
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1327
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, December 15, 2005 - 4:40 pm: |
|
What I was asking was,
--given that the architecture of BRC/ES&S/Sequoia Eagles and GEMS/Diebold AccuVote is likely to be the same and that therefore the Hursti defect may be present in some or all of these optical scanners,
--and given that Steve Freeman appears to indicate or imply that this same defect is present in the Diebold touch screen (TS) DRE,
--is it likely that both Bob & Todd Urosevich might have designed touchscreens using the same architecture, and therefore likely that DREs other than Diebold also share the Hursti defect?
Or to ask this another way, did Bob & Todd Urosevich only design similar scanners or did they possibly also design similar touchscreens? Do we know anything about possible similarities in DRE architecture between different companies? |
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 79
Registered: 01-2005
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Thursday, December 15, 2005 - 8:27 pm: |
|
At the same time we filed the 19202 request to examine the Diebold memory card systems, we filed a second one to examine the same on ES&S machines.
That request was denied by the California SecState's office.
http://www.equalccw.com/19202requestess.pdf
We're not forgetting this issue, but...we're going to see how it goes with 19202 and Diebold. Once that's done we'll revisit this issue and talk about Sequoia, ES&S, heck what does Hart Intercivic and some of the others use?
---------
For the record: any "electronic ballot box" involving read/write memory cards is insane to start with. At least one company I'm aware of is handling this issue of the "electronic ballot box from the precinct terminal" correctly: Avante burns the data to CD-R which is a "write once, read many, can't erase" sort of media. To their credit, OVC's draft proposals so far involve the same concept. There may be others. This isn't the only thing needed to run a secure election and please don't read this as a blanket endorsement of anybody, but...it's a good way to quickly gauge who's at least TRYING to do this stuff sanely, you know?
(For those not aware: basic CD "burner" drives have become extremely cheap, down around $10 wholesale or less. Blank CD-R media is less than 25 cents a pop. So this is a very viable solution on all fronts. Also note that "CD-RW" is a different disk type that CAN be erased and would be as bad as Diebold's/ES&S's/etc. moronic memory cards. But telling the difference between CD-R and CD-RW is fairly easy and disabling CD-RW compatibility at the drive mechanism would be simple enough to avoid any possible confusion.) |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 2033
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, December 15, 2005 - 8:39 pm: |
|
Looks like this is going to get very interesting.
From WESH TV in Orlando.
http://www.wesh.com/news/5542983/detail.html
<snip>
Sancho began investigating the problem after watching the votes come in during the infamous 2000 presidential election. In Volusia County precinct 216, a memory card added more than 200 votes to George W. Bush's total and subtracted 16,000 votes from Al Gore. The mistake was later corrected during a hand count.
After watching his computer expert change vote totals this week, Sancho said that he now believes someone on the inside did the same think in Volusia County in 2000.
"Someone with access to the vote center in Volusia County put it on a memory card and uploaded it into the main system," Sancho said.
<more>
http://www.wesh.com/news/5542983/detail.html
UH OH!
PAV ;-) |
John Washburn
Frequent Voting Rights Forum Participant
Username: Johnwashburn
Post Number: 302
Registered: 04-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, December 15, 2005 - 8:51 pm: |
|
RE:
Or to ask this another way, did Bob & Todd Urosevich only design similar scanners or did they possibly also design similar touchscreens? Do we know anything about possible similarities in DRE architecture between different companies?
I think puting the executable code on the removable media is an inexpensive (but insecure) way to design a system which can print any kind of report in any format for any jusisdiction. I think Bob and Todd are not the only designers to opt for the inexpensive approach.
But to your specific questions: No one knows. More distressing no one with access enough to answer the questions is looking for answers.
John Washburn
Only bad software is delayed by good testing.
|
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 80
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 15, 2005 - 9:36 pm: |
|
Ion is right.
The Volusia County hack of 2000 where there were 16,022 negative votes for Gore and over 4,000 positive for Bush appears to be a version of the Hursti memory card hack. The similarities are striking.
Now...whoever did that in Volusia knew the modification would be caught. The point wasn't to throw the election itself so much as (apparantly) to get Al Gore to concede on election night once it was known this was going to be a nail-biter.
According to various reports, approximately an hour or a bit less before Gore was going to concede his campaign got the news of the hack attempt in Volusia...basically "barely in time" to prevent Gore from conceding.
So what we seem to have here in Volusia is an "unusual vote hack" that was DESIGNED TO BE REVEALED, but too late to prevent Gore throwing in the towel. It almost had that effect and it would have been embarassing for Gore to back out.
If this is true, and the evidence borders on overwhelming that it is, then:
1) This sort of hack isn't just theory, it's "in the wild" AND HAS BEEN FOR FIVE YEARS NOW!
2) Hacks on a much smaller scale that are designed to be stealthy may never be caught at all. |
Dan K
Voting Rights Forum Participant
Username: Mcwebber
Post Number: 1
Registered: 12-2005
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Friday, December 16, 2005 - 5:49 am: |
|
Has there been any documented hack of the iVotronic touchscreen system? e.g. http://www.srqelections.com/ivotronic/ivotronic.htm |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2954
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, December 16, 2005 - 6:09 am: |
|
Some of the news articles and op-ed pieces being released regarding the recent hack in Leon County by Harri Hursti are claiming that a "paper trail" would provide the necessary protection against this kind of hack.
I wish it could be that simple. At one time, we all thought the VVPAT was the solution to our ability to audit any questionable machine counts. However, due to what we've learned about the machine's security vulnerabilities from both the Hursti and Thompson hacks, we now know that one person (with moderate inside access) could hack the system and change the votes, which would also match the machine generated reports, without detection or even leaving a trace.
Based on these new findings, the question that has to be addressed with regard to the intended safeguard the VVPAT is supposed to be: "how would we know when a hand recount of the ballots would be necessary, if all the reports generated in an election show that the machines have tallied the votes correctly?"
More importantly, how could we have a meaningful recount of those DRE's that have no paper trail, and produce only machine generated reports?
I know of no state that allows an election official to randomly call for a hand recount, without being given the authority by their SOS, which would not be even considered unless the reports generated during the election show discrepancies.
Until we can honestly answer this question, we no longer can rely on the VVPAT as THE solution to this problem.
Kathleen Wynne |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2955
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, December 16, 2005 - 6:20 am: |
|
A few responses here ...
The statement about Volusia County is important.
Volusia remains one of the strongest cases that actual tampering in a real election has occurred.
The correspondence between the Volusia County memory card vote deduction and the calling of the presidential race is in the CBS report. The timeline is in Chapter 13 of Black Box Voting: http://www.blackboxvoting.org/bbv_chapter-13.pdf.
Jim March is correct that it appears to have been attempt to get Gore to succeed, and Gore did concede, privately, to George W. Bush, who was very annoyed when the concession was revoked. Gore was two blocks away from the public location where he was going to concede to the nation when he pulled his concession after learning about Volusia County and other anomalies.
By the way, the 4,000 votes added to Bush were in addition to the negative 16,000 for Gore in Volusia, but that 4,000 votes took place in Brevard County -- ironically, Dr. Herbert Thompson's home county. He was surprised when I told him that. To expand on the irony, the Brevard County 4,000 votes was attributed to the central tabulator -- the component that Dr. Thompson hacked in Leon County. (Dr. Thompson's book, "The Mezonic Agenda -- Hacking the Presidency" was written before he learned about Diebold or saw the Central Tabulator. He was amazed to learn that some of the fictional methods to hack the vote in his book -- ie. password replacement by cut and paste of the hash code -- actually exist in the Diebold system.)
As for the architecture being the same between ES&S and Diebold op-scans
I don't think it is. Though the companies shared key personnel (and ES&S was co-founded by the two Uroseviches, with one moving over to Global Election Systems, now Diebold), I think there is a difference in architecture.
The Diebold (was Global) architecture was developed in Vancouver, Canada during the late 1980s by Guy Lancaster and Talbot Iredale, enhanced by Jeffrey Dean in the early 2000s.
The ES&S Eagle architecture (also Sequoia) came from BRC, a Texas-based company. When BRC divested itself of its elections division, ES&S bought it but had to share the scanners with Sequioa due to an SEC antitrust decision.
That being said, we do know at least some components were alleged to be the same, because ES&S filed a copyright infringement lawsuit against Global at one point. Both Sequoia and ES&S systems should absolutely be examined!
Global Election Systems was run by a Howard Van Pelt, another Texan, until Urosevich took over. There are some very interesting features about the confluence of time when Global bought I-Mark Systems from Urosevich and others, then installed Urosevich as its head, and the ES&S acquisition of BRC, with Sequoia scooping up part of the dessert.
Jim, Kathleen and I are working on sorting some of that out right now.
As for Dan K.'s question about the iVotronic, that information is being looked at, but Black Box Voting probably has less information than Doug Jones, David Dill et. al., who I understand have had some access to examine the system.
Bev Harris
(correction: Jim March correctly pointed out to me that the lawsuit was patent infringement, not copyright infringement.) |
John Washburn
Frequent Voting Rights Forum Participant
Username: Johnwashburn
Post Number: 303
Registered: 04-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, December 16, 2005 - 9:08 am: |
|
Thank for the correction on my mis-information on the common design teams.
I was wrong. as to my reason to look at ES&S next.
ES&S should still have priority as next in line for a separate reason. simply The BRC/ES&S/Sequoia Optech Eagles have been in the market place longer. The time available for for election officials with programming expertise (e.g. Julietta Henry her in Milwaukee, WI) to develop attacks has been longer. With the longer time the more likely a successful attack has been developed.
John Washburn
Only bad software is delayed by good testing.
|
David L. Dill
Voting Rights Forum Participant
Username: Davidldill
Post Number: 3
Registered: 01-2005
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Friday, December 16, 2005 - 9:37 am: |
|
Congratulations on the amazing work in Leon county, including both this and the previous hack.
To respond to a mention of my name above, I don't know of anyone besides Thompson and Hursti who are doing this kind of work. I'm not attacking real machines (although I've been helping to develop threat descriptions). I heard that Election Sciences Institute was doing something with the iVotronic in Franklin County, with the cooperation of the local election officials, but I haven't heard anything about that in months.
The common thread that links all voting equipment is the ITA process. The kinds of things reported here should never have been certified. That suggests that other equipment from other vendors has similar problems, because they can get them past the ITAs, too.
My examination of the iVotronic in San Juan County, New Mexico, really just consisted of looking at some data and casting some test votes on the machines. I don't have the skills or experience in "hacking," or the time, to do the kind of work that Thompson and Hursti are doing. Also, source code for other vendors is not available like Diebold's is. Releasing that software was a great public service!
One lesson that I would like election officials and the EAC to learn from this is that these kinds of "open-ended" tests are needed as part of the routine security evaluation that should occur prior to certification. The draft standards recently developed by the EAC don't require it, even though their advisory board voted to do so (apparently, the standards they just approved aren't publicly available (!?), but I doubt that open-ended security evals were included). We need these kinds of tests to be done for EVERY machine BEFORE jurisdictions can buy them. |
Patricia Tavormina
Voting Rights Forum Participant
Username: Patty
Post Number: 41
Registered: 04-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, December 16, 2005 - 9:44 am: |
|
I see in one article, that Gov. Bush says that the test is not as damning as it seems, because Hursti had the source code. The implication is that poll workers (even those high enough in the ranks to hack the machines) wouldn't have all the necessary information to hack the machines, because they presumably wouldn't know the source code.
Is this a legitimate counter-argument? |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 2034
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, December 16, 2005 - 10:46 am: |
|
Patricia,
Someone should point out to Gov. Bush that Microsoft doesn't release their source code yet hackers have developed thousands of exploits of their systems.
What does that tell you?
PAV ;-) |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2971
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, December 16, 2005 - 11:16 am: |
|
Patty - Well let's see now. Diebold put the source code on an unprotected Internet site and left it there for six years. Then it was released into the wild on June 16 2003 by me. Then it was again released into the wild by arrangement between me and New Zealand's Alastair Thompson on July 8, 2003. It is STILL available on this site.
In short, by now there is nothing secret about the source code. People have been able to use the Diebold source code to learn how to manipulate elections since the late 1990s.
But suppose you don't have the source code. You can see that the memory cards contain executable code by reviewing the Diebold memos (available in their entirety here:
http://www.bbvforums.org/forums/messages/2197/9447.html)
All this information is widely available on the Internet. Therefore, to say it doesn't matter, or that Hursti had some special privileges, is quite ridiculous and irreponsible.
Heck, people in Bombay have access to the source code and memos, and probably people in prison as well.
As Hursti wrote in his report, the files he used were widely circulated publicly.
Jeb Bush needs to come up with a better answer.
-------------------
David Dill --
I stand corrected, then, that you would have information on the ES&S machines. As I understand it you were in Miami (and so was Doug Jones); don't know if that was at the same time, but I have had reports that you examined the voting system while you were there, and you examined an ES&S system in New Mexico.
Much can be learned about the architecture from even limited examinations. If you're still here, perhaps you can clarify what I've heard from sources, whether you were spending time in Miami, or at least Florida, pertaining to voting machines and their examinations. Can you please share your findings, here or in some other public location?
Thank you for the complimentary information on the research sponsored by Black Box Voting. You are correct that the ITAs need to be looked at very carefully, as well as every piece of equipment they "recommended" for certification.
In fact, everyone who knew, or should have known, but failed to make it public for whatever reason needs to be looked at very carefully. |
David L. Dill
Voting Rights Forum Participant
Username: Davidldill
Post Number: 4
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, December 16, 2005 - 1:04 pm: |
|
I posted because I wanted to clear up any misunderstandings about what I'm working on. I hope someone is trying to show that other machines can be hacked, but I'm not working on it.
I was not involved in the inspection of the Miami machines. I have worked on analysis of audit info from the machines, which were sent to me on CDs (this information was obtained under open records requests). I posted on BBV saying I had a perl script that I could use for analysis, and helped one person who came to me with data from another locality.
I spent a day in New Mexico with Jeremiah Akin and Lowell Finley. That's what I described earlier on this thread. Compared with the work that Thompson and Hursti have been doing, this is superficial. (Even so, we noticed a couple of significant problems and caught them on video.)
It takes serious cleverness and lots of time to do the kind of work Thompson and Hursti are doing, and it's very helpful to have the source code and an executable you can play with. That's why it's difficult to find people with the combination of skills and time to do it, and why we're all lucky that Thompson and Hursti are working on it.
I know a certain amount about how the iVotronics work from the documentation, from seeing the machines, and from analyzing the audit log data. But I don't have information about the feasibility of attacks like the ones that started this thread. I have no reason to believe they're NOT possible -- heaven knows, the ITAs aren't going to prevent them.
I have always been most worried about insider attacks by the vendors. I know a zillion ways that machines could be corrupted by the people who have legitimate access to the software, and don't need a demo to see that it can happen and that there is no real defense. It's somewhat surprising to me that the design on these machines are so insecure. It really helps the debate to demonstrate these weaknesses graphically, but its sad that it's even necessary to do it, given the obvious problems with handing over counting of votes to unaccountable corporations.
When I'm talking about the availability of source code, I'm just explaining one of the many reasons I'm not spending time attacking voting machines. It is COMPLETELY BOGUS to argue that lack of source code is a reasonable protection against hacking of machines. That's a very basic principle of computer security. Hacks can be discovered by reasoning about how the machines might work, based on seeing them in action; by reverse engineering executable software without the sources; or by obtaining the source by illegitimate means (e.g., dumpster diving or bribing a sys admin). |
Jose Ivey
Voting Rights Forum Participant
Username: Urbanvoyeur
Post Number: 90
Registered: 11-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, December 16, 2005 - 1:08 pm: |
|
I wonder, at what point do Diebold and others walk away from their troupe of programming clowns and start a clean slate?
The incompetence of their coders has got to obvious to them by now.
And judging by the shoddy quality of the work and testing, I can't imgagine all that much money has been invested in the development of these products.
Rather than try to defend the inedefensible, Diebold, Sequoia et al, should mea culpa and start fresh. Possibly for going any attempt to re-enter the market place for several years.
If they persist on these weak code bases and systems they could be the target of devasting class action suits after the next general election. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1329
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, December 16, 2005 - 1:16 pm: |
|
Why do you assume the defects have anything to do with incompetence or "weak" code bases and systems? Those who have examined the code said that it is actually quite complex--appearing at first glance to be messy but actually quite sophisticated. Furthermore, they have said that it actually took a lot of skill to keep the specific open doors in place as the code went through various versions.
There may well be sloppiness, incompetence and/or collusion elsewhere in the company, in the ITAs and among election officers--but I don't think it's necessarily due to a lack of intelligence or skill, and certainly not by the top programmers. Everything about the history indicates that these crucial security vulnerabilities were intentional, and that keeping them in place has been high on the company's priority list. |
David L. Dill
Voting Rights Forum Participant
Username: Davidldill
Post Number: 5
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, December 16, 2005 - 1:41 pm: |
|
One more question to answer: The most interesting findings in Miami-Dade County have been published by Prof. Martha Mahoney of the U. of Florida law school and the Miami-Dade Reform Coalition. One of those was that 85 votes were added into the totals 3 times because of a machine crash that happened during vote collection in one precinct. She's working on another paper.
I don't have any findings on the security or hackability of the iVotronics. There are a lot of problems with the audit logs, such as scrambling of entries, etc. that indicate bad coding and machine design to me. But no one has done a serious security eval of these machines that I know about. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1330
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, December 16, 2005 - 1:47 pm: |
|
David,
Do the "bad coding and machine design" seem like they are accidentally done or on purpose?
Can you say more about what you are finding of interest in your perusals of the audit logs?
Are there things you'd particularly like to find out if you had the opportunity? |
Jose Ivey
Voting Rights Forum Participant
Username: Urbanvoyeur
Post Number: 93
Registered: 11-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, December 16, 2005 - 2:07 pm: |
|
Catherine
You have a very good point. I don't know that the defects were not intentional.
I assumed that because they were so obvious, competent systems architects and coders would have made sufficient, in some cases simple, safeguards against many of the problems we now see.
The programming issues that these defects expose are not unique to election systems and there are a variety of widely known, sound solutions to them. I encounter & solve some of them (audit trails, data verification, etc) on a regular basis in the systems I work on.
This of course lends support to the idea that the defects are not the result of incompetence but intent.
Difficult to prove, easy to believe.
(Message edited by UrbanVoyeur on December 16, 2005) |
Joseph Hall
Voting Rights Forum Participant
Username: Joehall
Post Number: 28
Registered: 01-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, December 16, 2005 - 6:51 pm: |
|
As you undoubtedly know, the scientific community is loathe to jump on something for which we aren't reasonably sure about. Bad things happen then (such as the case has been with the recent S. Korea stem cell paper). This is why you're likely seeing even more interest from us surrounding this most current demonstration. Not only have you shown that your findings hold, but that they hold given the subsequent rebuttal of the vendors. That's very important to us.
Berating us for being conservative about what we accept as proven and how quickly we accept it is not useful. (Again, when you use the BBV Admin account, I can't tell if this is Bev, Katherine or Jim or if it's written on behalf of BBV to those of us who have "dropped the ball".)
In the end, we're working to the same broad goals that you are: ensuring that our elections and our democracy are sound. We are different, come from different perspectives and have different ways of doing things. |
Chaim Finkelman
Voting Rights Forum Participant
Username: Chaimf
Post Number: 1
Registered: 12-2005
Best of Black Box?
Votes: 4 (A keeper?) | | Posted on Friday, December 16, 2005 - 7:58 pm: |
|
Does it have to be an insider who runs this hack?
I live in Alameda County California and have the privilege and honor of trying to vote on a Diebold machine. During our last election I voted in a combined poll site. Two polling precincts in the same room. I observed that there were little silver stickers over the key whole on the top right of the machine hidden from the view of poll workers. The other key hole on the side of the right side of the machine had no sticker. I don't know what is locked up but I thought that if one key whole is tagged both should be. So I looked at the machines for the other precinct. They had the rivers. I pointed this out to poll workers who said that key hole were supposed to be tagged. No one had noticed that there are two of them. So to sum up my first point if I were voting in the other precinct, I could on election day have hade unobserved access to a Diebold machine in use. Is the memory card under that panel? Could I change it then cause the machine to power off close the panel and then go to the poll worker and say "I don't think this machine is working, can I vote on another?" Could I simply steel the card?
I also work for a company that has it's office in a church that has a poll site. I have a key to the church so do many of other people. I have had unauthorized access to machines after a vote was over and I think I could get in the night before a vote if the machines are not watch all night.
The machines are stored in a dolly with a chain pad locked through the handles. It looks like you can't open the boxes because there is no room. How ever if take one of the machines and rotate it around the chain so that it is on top of the other machines instead of inline with them you can open the machine. This is not theory I did this much. Now I could have hours of unobserved access to both key wholes with what every I want and no more authority then I work in the same building as a poll site. |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 2036
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Saturday, December 17, 2005 - 4:19 am: |
|
Hi Chaim, welcome to BBV.org.
I live south of you in Felton, Santa Cruz County, where we still vote on paper ballots that have a receipt attached with a serial number for each ballot. We use Op Scan machines to count them but at least we have something to hand count as a backup.
As far as your local machines go, look at the bright side, at least they were chained up.
I guess if you really want to hack an election all you have to do is volunteer at the polls in San Diego and they'll give you a machine or two to take home with you along with the extra seals needed to cover your tracks.
We had a guest during our 'think tank' here last September named Jennifer Hamilton who was the youngest poll worker in California during the last Presidential primary election. The officials at her precinct asked her to bring machines home with her and she was never even asked for any identification. Worse yet, they gave her extra security seals to take home with her in case she broke one! You can read more about her at this link.
http://www.bbvforums.org/forums/messages/9954/10096.html?1125595846
You don't need to steal a memory card for a TSx machine, they're standard, cheap, and plentiful. If you can get access to the machine long enough to boot it up you can plant any virus, worm, or trojan horse program you want on it and chances are that it will never be discovered because the software on the machines is rarely, if ever, checked. Remember, right here in California, all 17 counties that were using Diebold machines were running uncertified software and no one even noticed. (Well almost no one!)
PAV ;-)
(Message edited by Pat_Vesely on December 17, 2005) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1331
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Saturday, December 17, 2005 - 4:35 am: |
|
Hi Chaim,
Very interesting to read about your experiences.
It just goes to show how insecurely these machines are often stored. But election officials keep talking about how their particular location is impenetrable. Your comments show just how unrealistic this is. |
Jose Ivey
Voting Rights Forum Participant
Username: Urbanvoyeur
Post Number: 94
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, December 17, 2005 - 7:10 am: |
|
Is it possible to design stupidity into a system?
Or rather, did management choose safeguards and oversight so lax and full of holes that it is all but impossible to track or detect the fraud the management intends to perpetrate. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1334
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, December 17, 2005 - 7:39 am: |
|
What I gather about the Diebold programming is this: Under normal circumstances, as the products evolved through various program versions it would have been natural to clean up apparently messy software programs. But this had to be avoided carefully (involving a lot of extra work) so as to perpetuate the evidently desired security vulnerabilities.
This has been commented on by a number of computer experts familiar with the Diebold code. |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2979
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Saturday, December 17, 2005 - 8:10 am: |
|
Pat and Chaim,
Alameda County sends the voting machines home with poll workers too.
Bev
For the post above from Joe Hall, it is in response to a very frank communication from me that I deleted, in order to promote harmony. However, two things must be addressed here:
When the scientists began promoting themselves to the media via a site called "evoting-experts.com" or some such thing this gets into new ethical and procedural territory. (I leave it up to others to get the names of the scientists on that site, and I may have the hyphen or something wrong; it may warrant a look via archive.org)
This "evotingexperts.com" site or whatever it was began during 2004, and was used to attract the press to specific scientists, who then steered the press away from the most urgent problems, like central tabulator hacking via visual basic scripts (which we now know is all she wrote for absentee votes, which have no memory card or poll tapes in the Diebold system). Reporters were effectively steered away from watching the COUNTING of the vote in favor of watching the voting, because some of these experts were steering the press to Election Protection and its watch-the-voting strategy. Reporters were effectively steered away from remote access vulnerabilities, even though the touch-screens use RAS, and many of them did not have crypto in place during 2004 to protect votes in transit.
In science, we assume that the scientist is speaking only to what he has studied or to the studies of colleagues. The promotion of the evoting-experts site opened the scientists up to all kinds of other questions, and effectively misled America as to the real risks.
I'm looking at end results here. I don't think what happened can be protected under scientific methodology, because scientific method does not involve pitching yourself as the spokesman for a broad topic to the media.
Now, in response to a comment by David Dill above, the visual basic script hack, as Dr. Herbert Thompson says, can no doubt be created by an eighth grader. While I have the highest regard for the cleverness of Dr. Thompson, his very point was that it DOESN'T take very much time or cleverness to hack GEMS. He finds the situation scary.
The hack done by Harri Hursti is cleverer, but also quite findable. What Hursti said over and over after his first hour looking at the code was "why hasn't anyone said anything about this?"
Now, the source code was downloaded by Avi Rubin. He downloaded precisely the same module that Hursti used. The question remains -- why wasn't anything said about this BEFORE the 2004 election, especially since this "evoting-experts" site was set up to lead the media to these particular scientists?
I'm not berating, but I am saying this has public policy implications. If they did not find the information that Thompson and Hursti each found in less than a day, or they knew but didn't tell, either way, that is not the criteria the American people want in the individuals chosen to set "best practices" or find "solutions."
We truly need and expect people who will tell it like it is, and if they don't know, will dig in and find out what it is. There was enough information in the published source code and the published memos that these vulnerabilities could be seen, and at the very least, the scientists could have discussed the problems limiting it to the information seen in memos and source code publicly available. But they did not. |
Patricia Tavormina
Voting Rights Forum Participant
Username: Patty
Post Number: 42
Registered: 04-2005
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Saturday, December 17, 2005 - 8:23 am: |
|
Another question.
My recollection from last year's presidential election, was that at one point in the evening, three states that had been leaning Kerry in exit polls (see footnote), suddenly switched to Bush.
In the current report, above, the card is loaded before the election begins.
Could the card be loaded during the election?
Would it re-count votes that had already been counted (act retro-actively)?
Another question. I vaguely recall a report that people could access the counting process from a separate location. Something about the votes being uploaded to .... a media agency, and that the people at that agency could in theory send information the other direction, back to the .... tabulator? Does this ring any bells and is it related in any way to the memory card issue, or is it a separate vulnerability?
-Patty
Footnote: It may not have been from exit polls, but from X number of precincts reporting. The details are fuzzy; I recall that around 6:30 we were feeling optimistic from the TV reports, and shortly thereafter several states were being tentatively called "the other way." It smacked of "Only rig the results if absolutely necessary." Is such a pattern (if my memory is correct) consistent with the memory card hack?
|
BBV Admin
Board Administrator
Username: Admin
Post Number: 2980
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, December 17, 2005 - 8:24 am: |
|
Joseph,
I greatly appreciate your explaining the position of the scientific community and the differences that exists between that community and that of the citizen's. I respect that and understand the point you were trying to make.
On the other hand, while I do understand the precarious position it would put anyone in the scientific community to be proven wrong should they "jump in too soon", the problem I have with that scenario is that because of that restriction, our democracy is now in great peril.
Citizens entrusted the entire process of testing and overseeing the implementation of these machines into the voting process to that very scientific community, because we were told we were not qualified to participate in that process. Yet, ironically, it was the citizens who took the bold action necessary, accepted the risks, endured much criticism and sacrificed so much of their personal lives, in order to expose the truth about the sham our election process has become. My question to you is, do you agree that citizens should now be very skeptical in relenquishing our central role ever again over to the "experts" in defining how our election process should be structured in order to protect and preserve its integrity?
My fear is that the scientific community, who while welcoming our discoveries, will once again conclude that citizens need to step aside and let them handle it from here, because citizens are not "qualified" in figuring out what the solution should be.
I agree that both the scientific community and citizens alike are fighting to achieve the same goal, and because of that fact, is it possible for the scientific community to open their door to ALL voting rights organizations, activists and citizens (and not just a select few) in resolving this issue. IMO, such an act would create the environment necessary for preserving our democracy because it would tear down the walls that would only limit what the scientists and a diverse group of citizens could achieve by openly working together.
In any event, I think the lesson learned thus far is, because of the requisite conservative approach imposed upon the scientific community in order to maintain their credibility, citizens must now always be a part of the election process from beginning to end, at every level and from every angle, if we are to ever achieve real election reform and maintain it for generations to come.
Kathleen Wynne |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2984
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Saturday, December 17, 2005 - 10:02 am: |
|
Patty:
I believe you are correct about the exit poll information, but I would refer you to Bruce O'Dell's site or to USCountvotes.org, which is now a 501c(3), for more on that. There is so much to do, and Black Box Voting is not the most qualified organization for statistical studies or exit poll analyses.
You write: In the current report, above, the card is loaded before the election begins.
Correct.
You write: Could the card be loaded during the election?
It could be swapped immediately after the election but before the votes are transmitted, in most locations. Inexplicably, California was urged by Dr. David Jefferson at a VSPP meeting to run the report from the voting machine BEFORE transmitting results, but California rejected this procedure, and San Joaquin County Registrar Deborah Hench was dead-set against it.
You wrote: Would it re-count votes that had already been counted (act retro-actively)?
A swapped memory card will do anything you want it to. This is admitted in communications from Diebold engineers. The Hursti Report links to one such memo, where they say "you can do just about anything with it" or some such thing.
You wrote: Another question. I vaguely recall a report that people could access the counting process from a separate location. Something about the votes being uploaded to .... a media agency, and that the people at that agency could in theory send information the other direction, back to the .... tabulator?
I've heard this, but don't have a lot of confirmation on it. We have confirmed, and videotaped, that the votes are often transferred to a depot (also called by many other names). In Volusia County, most of the discrepancies trace back to the Daytona Speedway Depot. What happened in this location is under study right now.
Now that the venerable Susan Pynchon and the Florida Fair Elections Coalition are through with lawsuits and have persuaded Volusia County to dump Diebold, we once again have the Volusia County records. We are preparing to send this information to the Securities Fraud class action lawyers for the fraud case against Diebold. We're going into the office over the weekend to start this process, and hopefully will have them online shortly for all to see, along with several other Florida Diebold records.
The whole thing that culminated in Leon County, for us, was prompted by our finds in Volusia County. There we learned that poll tapes and memory cards played some murky role that no one seemed to want us to know. From that point on, Kathleen and I were on the Diebold optical scan system used in Florida like two dogs on a hunt. We were quite honest with folks about our dilemma: We are not computer experts. We did not quite see exactly what they were doing with their memory cards and poll tapes, but we knew they were doing something.
This is exactly why the "swarm" method of attacking this issue is so valuable. While others swarmed at getting paper trails, and still others swarmed at the disability/HAVA issue, and others swarmed at statistical analyses and setting up better predictive databases, Black Box Voting focused on the money trail and what the heck one can do with poll tapes and memory cards.
Besides, you can't behead a swarm. Though it does feel scattered and cantankerous sometimes, it's the only way we can regain oversight of our own elections. We're seeing the swarm sting frequently now. |
David L. Dill
Voting Rights Forum Participant
Username: Davidldill
Post Number: 6
Registered: 01-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Saturday, December 17, 2005 - 10:47 am: |
|
I can't think of anyone on "our side" in the scientific community who has said that citizens should "step aside" and defer to experts on matters of trust.
The people who say "we're the experts" are insiders in the election community, starting with the vendors, but including (some) election officials at all levels, organizations like the Election Center, and some people involved in the standards writing and certification process.
What originally motivated me to get involved was that I saw obvious problems, and I didn't think the "expert" reassurances I was hearing rang true, based on my knowledge of computer systems.
When a vendor is standing in front of the Board of Supervisors explaining how their system is totally secure, "certified", blah blah, it makes a difference to have a bunch of PhD computer scientists backing up non-technical people who know equally well that it's BS, but don't have the professional credentials to say so with confidence.
I don't see how anyone at Diebold, however evil, would benefit from deliberately producing obviously bad software. Backdoors could be done much more with much more subtlety, while preserving the argument that "it was just a mistake", and greatly reducing the chance that someone would catch them.
I don't know whether the iVotronic problems I've seen were incompetence or malice, but I suspect incompetence explains everything I've seen -- because I don't see any advantage and lots of potential problems for someone who produces audit trails that are evidently garbled. |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2986
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Saturday, December 17, 2005 - 12:32 pm: |
|
The following is exactly why the citizens needed scientists to tell what they know, the whole story, not just the noncontroversial parts:
When a vendor is standing in front of the Board of Supervisors explaining how their system is totally secure, "certified", blah blah, it makes a difference to have a bunch of PhD computer scientists backing up non-technical people who know equally well that it's BS, but don't have the professional credentials to say so with confidence.
The citizens didn't get that.
The US scientific community remained silent on the GEMS defect and also on the ability of memory cards to execute self-modifying code, and also on the RAS setup. When citizens went to their public officials, at first it wasn't just to discuss purchasing, it was to urge them to set up more stringent procedures before the 2004 election!
We all needed the backup of the U.S. scientific community on specific, immediate vulnerabilities like the GEMS defect and the remote access issues and the executables on the memory card, but we didn't get it until AFTER the election, and then, only AFTER we found our own expert from Finland to tell us what was in the memory cards.
Before the election, the scientists knew full well that a Visual Basic script could alter results on the central tabulator, but did not back up the citizens. Scientists were interviewed by 60 Minutes, and were asked specifically about this vulnerability, but did NOT come forward with it before the 2004 election.
I personally arranged for Dr. Thompson, the only scientist who was telling it like it is about GEMS, to come to California and I was there as he went over the problems with Visual Basic scripts and remote access face to face in August 2004 with a well known scientist who is supposedly an election integrity advocate, along with people from the secretary of state's office and the attorney general's office.
Imagine my surprise when not a single one of these individuals said ANYTHING about either the GEMS defect or the RAS vulnerabilities before the election. At first, I thought maybe they understood (correctly) that it was a national security issue, so (surely) they hastily put beefed-up procedures in place to at least partially mitigate the risks. But now we know they did not even warn elections officials at all, and did nothing to mitigate the risks they had been made aware of.
This was not information that was difficult to find, it did not take lots of time, both the source code and the executable programs had been available for over a year, and it did not require great "cleverness" to confirm.
When you blame things on election officials, how can you expect them to believe something other than what the vendor says when our own scientists did not tell what they knew?
The issue isn't just telling what they knew in the context of procurement. It was even more urgent to tell what they knew in order to protect the presidential election.
I have asked each of the main scientists why they did not tell what they knew. I'll be gentle here and avoid printing the e-mails I have, or calling people out by name, but these are the excuses I was given:
1) If I told what I knew I wouldn't be invited to be on panels, testify to congress etc.
2) If I told what I knew I'd risk my personal assets
3) If I told what I knew I'd violate a nondisclosure statement I signed
4) It depends on the definition of the word "knew."
None of the above excuses hold water, and if there are any questions about why such arguments are deeply flawed, I'll answer them in another post.
-- Bev
|
BBV Admin
Board Administrator
Username: Admin
Post Number: 2987
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, December 17, 2005 - 1:07 pm: |
|
Now, as to the idea that scientists are telling ordinary citizens to step aside --
Let's get to something even more basic than that. I'm seeking an explanation why the very scientists who failed to inform the public about the memory card's ability to execute self-modifying code, the central tabulator's ability to be hacked via MS Access or a Visual Basic Script, and the RAS (remote access) vulnerabilities are the same people who are:
1) Asked to represent us to create "best practices"
2) Asked to represent us to testify in Congress
3) Asked to represent us in legislative planning
4) Asked to represent us in setting additional standards (Note that the 1990 and 2002 standards were not followed anyway.)
Now, when I ask about why ordinary people are not invited, I never hear the scientists invite anyone but one individual closely allied with them and a couple of lawyers that are on the boards for the nonprofits they run.
I expect we will see two more things from these very people who failed to warn election officials and the public about specific risks in time to do something about them to safeguard the 2004 election:
1) They will be asked to be expert witnesses in legal cases (most likely for a fee)
2) They will propose solutions.
But what trust can be earned when you don't tell the truth when it counts the most?
-- Bev |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2988
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Saturday, December 17, 2005 - 1:07 pm: |
|
Here are some more points I disagree with:
- As to not seeing how anyone at Diebold ("however evil") would benefit from deliberately producing obviously bad software.
The software made by Diebold provides a combination of obvious back doors and subtle back doors. And let me make a prediction: When someone reverse engineers the code, they will find that supposedly clumsy software contains tripwires for reverse engineering, a feature requiring rather elegant sophistication. When interviewing sources inside Diebold, it is clear that various kinds of knowledge is closely compartmentalized. The more obvious back doors may be lower level people, but I believe there is one or two people at most who know more.
As Hopsicker says, you can make some money selling elections equipment, but you can make a lot of money selling elections. You go where the opportunity leads you. These companies, like Global Election Systems which Diebold bought, were cash-strapped and in debt. They're going to take advantage of the opportunity they have, and it looks like that's just what they did when they brought an embezzler in to rewrite GEMS.
And last, because people always bring this up:
The scientific method is used to defend scientists who did not tell the whole truth. Yet, when the same scientists expound on the likely motivations of programmers of a company that makes voting software ("I suspect incompetence"), doesn't that venture over into territory that has nothing to do with the area of scientific expertise, much less research?
A forensics person would be better suited to address the likely motivation of a programmer for a company founded by three stock market manipulators that hired an embezzler for its chief programmer and a narcotics trafficker for its ballot printing.
David Dill, we are in real pain here. We, the citizenry, needed you and your colleagues to tell all you knew before the Nov. 2004 election. You chose not to do so.
This whole thing is starting to smell like the Warren Report to me. Remember, I had the good fortune to work with legendary reporter Jack Anderson for a short while, and during that time put out an updated version of his report, "Who Killed JFK?" In that, he describes how the Warren Report ended up sidelining the truth because it was considered too damaging for the American people to handle (specifically, Castro's involvement).
What I believe will happen with this issue is that when the people themselves continue to force it into undeniable reality, little pods of "experts" and "experienced officials" will work on "fixing" and "framing" the issue so the full truth never comes out. Because you know, "we can't handle the truth." It will be sanitized and contained into a slightly less intimidating reality.
I'm already seeing the Democrats struggle mightily to frame whatever does come out as a Republican ploy. However, the presidential tampering is just a toxic byproduct of the rotten core at the middle: The long-term corruption in a growing patchwork of local elections jurisdictions, the enabler for presidential tampering.
There's a lot at stake for a lot of people here.
Bev Harris |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1336
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, December 17, 2005 - 1:37 pm: |
|
I really appreciate this important discussion, Bev.
Can you please say more about the 4 reasons you were given, maybe addressing each one in a separate post? I have heard other people bring these up as if they were reasonable excuses to keep their mouths shut, so it's important to go through all of them. (Maybe each one could have its own thread to facilitate discussion.) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1337
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Saturday, December 17, 2005 - 1:46 pm: |
|
That's also an important point about the need for scientists to stick to their own area of expertise when expressing an opinion. Yet the opposite is what happens. As soon as we put someone on a pedestal for specialized knowledge in a given area, all too often they take upon themselves added authority for proffering opinions relating to areas about which they have no facts, specialized knowledge or expertise--and yet we (including the media and government officials) allow them to get away with this.
We are very well trained to give away our power to so-called "experts". In fact, it is encouraged at every step. Just like the media who are trained to phone someone "important" to get a quote or for other corroboration--regardless as to whether or not that person is informed or has self-vested interests. Or just like those who advise government officials based on expertise in a different area. |
David L. Dill
Voting Rights Forum Participant
Username: Davidldill
Post Number: 7
Registered: 01-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Saturday, December 17, 2005 - 4:01 pm: |
|
Bev, your posts on this thread are a perfect example of why none of the people you are slandering are interested in working with you.
I gave it a good go; now I'm out of here. |
Lora Cove
Voting Rights Forum Participant
Username: Lora
Post Number: 52
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, December 17, 2005 - 4:03 pm: |
|
There has been a lot of funny science in a lot of areas other than elections lately...just look at the FDA. Scientists there have begun speaking out, after the fact, of suppression of scientific studies that did not support big business interests or certain strong political interests. Their jobs and careers were on the line. Clearly scientists and "science" can be bought, and real science can be suppressed fairly easily. Discrediting and making someone look like a crackpot seems to be a common ploy these days. Probably the worst thing you can do to a legitimate scientist is to make him/her look like a crackpot. That person's career is over. I'm thinking that's what would likely have happened to a a few true scientists who spoke the truth about elections. There would have been a concerted and focused attempt to discredit them and brand them a crackpot. Then not only would their career be over, no one would even look at their ideas without sniggering. No wonder they are careful. It takes a great deal of courage, support and backing to make a scientific claim that would piss off some very powerful people.
Talk about framing though: It doesn't take a PhD to make a scientist. You (We) ARE scientists and experts, PhD or no. That's why I suggested writing a journal article. That's what gives scientists legitimacy. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1338
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, December 17, 2005 - 4:45 pm: |
|
David,
"I gave it a good go; now I'm out of here." Is that all you have to say?
You assert that Bev's comments are slanderous--a pretty serious accusation. If you really believe this, then why not back it up by supporting it with something factual rather than simply making a blanket allegation?
Bev's comments make it clear she is talking about specific individuals who in some cases she knew first-hand had specific information--nothing hypothetical (please correct me if I'm wrong about this, Bev). In other cases individuals had extensive time with access specific parts of code--which she knew because she'd sent it to them personally. Later Thompson and Hursti said this code showed blatantly obvious security vulnerabilities--so obvious that other experts' not seeing it would imply a degree of incompetence or inattention that doesn't seem likely with their acknowledged expertise. (Again, correct me Bev if I am misinterpreting what you stated.)
If Bev Harris is factually incorrect then why not explain this clearly and back it up? Why is no one filing lawsuits against her if she is saying slanderous things as you claim? Have any lawsuits been filed against her for slander?
Your point of view could possibly shed some light on this, at least from your personal perspective. Why is an open dialogue on these things so out of the question? It is inevitable that there are at least two sides to any story--why not share yours?
Catherine, your comments are accurate. I am not slandering, I am questioning some scientists, but not all of them. It needs to be questioned. Our election system belongs to We, the People, and we have every right to ask questions of those who are setting best practices and inventing their own "solutions." His comments indicate that he believes it is appropriate to banish and shun anyone who asks questions about why this information was not made public before the election. Yes, as Lora Cove mentions, it would involve professional risk. But telling the truth also advances careers. It was not a difficult matter to assess what was true. -- Bev |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2992
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Saturday, December 17, 2005 - 6:14 pm: |
|
Clarifications of concerns raised at another forum by Neil B Forzod
"The problem with the Leon County test is that it doesn't actually test a real-world scenario."
There are certain manipulations you can make if you have access to the main server.
Insiders have access to the main server, and inside access is a significant concern. Also, in small counties, the vendor has access to the main server. That being said, at no time did Hursti's hack require use of the main server at all.
Diebold points out (they have a paper on their site) that manipulations at the server would be detected via the built-in checks and balances in the system, namely the comparison of results from the report tapes produced by the voting machines to the data in the central tabulator.
The Hursti report has very little to do with the server. At no time does he manipulate the server. It is Dr. Thompson's hack, a different situation entirely, where the server is manipulated.
In the event of a discrepancy (there will be one, if you only manipulate the server) you investigate and take whatever steps are necessary to resolve (e.g. recount the affected ballots, etc.)
As reported on Black Box Voting, absentee votes, which constitute 2/3 of all votes in Washington state and 40 percent of California votes, and approximately 10 percent of the vote where laws discourage absentee voters -- absentee votes do not produce a poll tape on the Diebold system at all. Hursti's hack does not involve the central server, but Thompson's hack does. If you use Thompson's hack on absentee votes, no poll tape will catch it because there is no poll tape.
Technically, ensuring detection of any tampering is actually enough to assure the integrity of your results (in the optical-scan, or DRE-with-VVPAT case at any rate), and that's their model.
How do you ensure detection when there are no poll tapes with absentee and mail in ballots?
Obviously that causes a problem if you can manipulate all components of the system such that your tampering wouldn't be detected. If you can do that, then you have a problem with the system. That's the question here, and it doesn't have a good answer because of the way Sancho went about conducting the test.
You need only a one-step manipulation to do Thompson's hack with absentee and mail in votes, and you need only a one-step manipulation to do Hursti's hack with polling place votes.
1. An attacker with free access to the main server can manipulate the results in the database (whatever its form) and change them. Right? Not really, because you'd notice the difference between the results printed from the server and the results printed from the voting machines.
Not if there are no results printouts from voting machines (absentee and mail-in votes) and not if you don't have a procedure to compare all the results (for example, Alameda County compares only one percent of the poll tapes.)
2. Suppose the results are transmitted from the voting machine to election central via unencrypted modem transfer. A man-in-the-middle can intercept and modify the results in-transit. But that's just a variation of (1) above -- you'd detect it trivially because the server would print different results from the voting machine.
He is shifting the argument to something that isn't being discussed in the Hursti report. It doesn't deal with remote access.
3. An attacker could modify the results on the memory card after voting is completed, but that's tough to do logistically because the results are probably printed before he gets the chance.
1) It can be done before the voting begins
2) There is no reason to believe it can't be done after the voting, particularly in locations where poll tapes are not signed by poll workers, or reports are not run until you take it to the depot.
Or the machine might have a redundant internal copy of the results and be equipped to detect the manipulation.
"If" stands in the corner stiff. The machine does not have a redundant internal copy of the results and the machine does not detect the manipulation.
Certainly you could incorporate a post-election procedure in which you dump the internal copy and compare to what was uploaded from the memory cards on election night.
Coulda shoulda woulda. They could but they don't and they might, if we ask for it but they have refused. No such procedure exists, but if it did, it is still unlikely that it would detect the latest Hursti hack.
Anyway, you probably get the point -- there's a discrepancy in the system that you can detect.
Where?
4. Suppose an attacker finds a way to manipulate both the memory card and the internal copy of the results undetected after the election. That's pretty problematic! But even then, you have a discrepancy with the physical ballots or the VVPB records, and a big enough audit of those will detect any systematic tampering.
What is a "big enough" audit? Most states don't even have a one percent manual spot check; those that do often omit the absentee ballots or make the selection nonrandom. And if you have a full random spot check of one percent, the perpetrator has a 99 percent chance of getting away with it. And heaven only knows we have enough documented situations where the voting machine got it wrong. Call it a "glitch" and give reporters some nonsensical answer and you're good to go.
In all of the examples above, it's possible to tamper with various parts of the system and still accomplish nothing because the tampering is detected (or at least "detectable", which is an important distinction -- it implies you need to actually perform the appropriate verification/auditing procedures).
Election officials would rather pull out their eyelashes than do any extra verification/auditing procedures, and these are not in place in normal canvassing anyway, and would in many cases require changing legislation in order to invoke them?
As to the Leon County test. The short description of the test is as follows:
Hursti is able to manipulate the contents of an optical-scan memory card using a memory card reader he was able to purchase on the internet. Fair enough. He specifically performs the following manipulations:
a) replaces the reporting script with one he created himself, and/or
b) modifies vote totals on the card prior to the start of voting;
c) ignores all pre-election testing, or manipulates that testing such that it appears to pass
d) after the polls are closed and results are uploaded from the modified card, he modifies the results at the main server (this step is required for attacks based on (a) above)
He's reading the report from May 26, not addressing what happened on Dec. 13.
That all sounds pretty bad, and may in fact constitute a problem that should be addressed. However, in order to perpetrate his attack in the real world you need:
a) free access to the main server, before and after the election;
Not for the Hursti hack on Dec. 13.
b) control of all pre-election machine testing, in order to either ignore the incorrect results that show up there from card manipulation or to manipulate the test results to match what they're supposed to be;
Nope. Just get the machine as a poll worker when they tell you to take it home. Or at other times. The L&A test is performed in "test mode" remember. Set conditional logic so that the manipulation occurs only in election mode.
c) access to all the target memory cards after they've passed testing, been locked in the machines and protected with tamper-evident seals, and had their counts reset, as well as sufficient time before the election to manipulate them, and a way to cover-up the destruction of the tamper-evident seals;
Except that thousands and thousands of poll workers take the machines home with them, sometimes for up to a week. This takes place AFTER the machines have passed all their testing. The tamper-evident seals aren't proven to be tamper-evident. We have many reports of unsealed machines and broken sealed machines being used anyway. And the evidence indicates that you can go into the machine and reprogram the memory card without breaking the seal by using either the telephone port or the serial port. See Diebold memos where the programmers pat themselves on the back for adding the functionality to reprogram cards while they are sealed in the machine, by telephone.
d) access to the main election server on election night as results are coming in, in order to manipulate any results before any reports are printed;
Hursti's Dec. 13 report automatically altered the results going to the main election server, using only the memory card.
e) control over any mandatory audit procedures (e.g. California's 1% manual audit) that would detect the discrepancy in the results; and
Can we have a show of hands of all citizens who believe that offering a 99 percent chance of getting away with vote fraud is a good way to run elections?
e) (for the sake of completeness) access to the targetted memory cards after the election, in order to go back and erase any evidence of the tampered report script.
The memory cards are typically erased in the next election; no procedure exists to check them, and elections workers would need to go buy a Cropscan machine to do so; and the Dec. 13 Hursti hack is unlikely to be caught in such an examination because the integer overflow self-deletes the evidence.
Bev Harris will hand-wave much of that away, because that sounds pretty bad (for her) when you point it out.
Why does it sound bad for me? It is Hursti's hack, which Black Box Voting sponsored after a vote from the Board of Directors. The work is credible.
Realistically, no single person has that level of opportunity and inside access throughout the entire election life cycle -- there are typically a lot of people involved in setting things up, and most don't have all the required access. And the people with the most access, i.e. access to the main server, are typically "trusted" election officials. Of course, maybe some of them are (or should be) untrusted.
Red herring. We're talking about altering an election using only the memory card. We're not talking about doing it with the central server.
But the reality is that if the people running your election can't be trusted, you have bigger problems than your choice of election equipment.
Whoo-ee. Let's change banking surveillance and procedures to make them match the one guy in the central server office and see how that flies. One guy, 24-hour access to the bank vault with no one looking and no way to check what he does by anyone else. One guy only who gets to do the bank bookkeeping to account for all the money.
Public oversight is our right and we must reject out of hand any explanation that forces us to rely on "trust." That is unfair the voters, ignores a documented history of vote fraud, and puts an unfair burden on the IT guy as well as the elections official who must excerise clairvoyance in order to guess whether to trust the guy with access to the central server.
Take absentee ballots. What makes you think this untrusted person will actually count your ballot when it comes in, if you've voted for the wrong person?
Accounting procedures, which need beefing up. But at least they log how many ballots arrive at the elections office, and that number is compared with how many are counted. We sure don't have to just "trust."
Take memory cards. Why manipulate them at all? Why not just create fake ones for the machines you want to manipulate, and ignore the real ones when they come in?
Exactly. That is a concern, especially in counties like Volusia, where they hoarded 57 extra memory cards in the 2004 election. Even Diebold asked them what the heck they were doing with all those extras.
Bev Harris will tell you the system is wide open and can be easily manipulated by pretty much anyone, without any special inside access.
I find it particularly annoying when people quote me or guess what I would say and it's just something they made up. If he wants a quote, he should come here and get one, as long as he keeps it in context and links to the source. I've seen more words put in my mouth than I could speak in a year if I talked nonstop at the pace of an auctioneer on a caffeine high.
For my part, I personally think the Leon County test was silly and not especially valid. I also think Diebold should close a couple of the described avenues of attack. Instead what we get is a lot of erroneous PR on both sides, and a lot of misinformation that serves nobody any use. That's just my own 2 cents.
Then, Neil comes in with this addendum:
I was combining a discussion of their earlier tests and the current one, which probably confuses things.
Yes, it does.
In their first test from several months ago, they'd need access to the GEMS server to modify the election results to match the incorrect results printed as a result of their fake reporting script (because the reporting script itself has no ability to actually modify the results, despite Bev Harris' original claim -- you'll have to take my word for it that people have verified that, and that some of us just did it without issuing a press release ).
Why not issue your findings? Secrecy is not helpful. If you have done testing on this, please write up a report and make it public. What is the point of keeping it secret?
In their new test, they don't necessarily need access to the GEMS server (if I interpret their posts correctly, and if their posts reflect reality).
Correct. No access needed. In fact, Harri Hursti stayed outside the room and simply peered in through a glass window as the test was conducted.
They just need access to the memory card after any testing has been concluded and after the counts have been cleared.
Or a memory card that is minty fresh, purchased off the Internet of purloined from the box where officials sloppily keep the cards with dead batteries, which we found sitting on an unmonitored table next to the telephone, lunchroom, and restrooms. Why not just program a new one and swap it?
In the real world, memory cards are locked in their corresponding machines by that point, and protected with tamper-evident seals. Removing the card to mess with it requires breaking the seals, and basic procedures provide for inspection of the seals before opening the polls to check for any tampering.
See below. Neil likes to put his faith in two-penny seals.
Ion Sancho didn't bother with any of that and simply said "here's the machine, here are the cards, here's the GEMS server if you want, go to town".
No, he didn't. I was there.
Bev Harris will undoubtedly claim that nobody inspects the seals.
More guesswork.
Or that she can get by the seals by unspecified magic.
No, when I discuss this I usually specify the ideas which should be tested, which aren't magic.
The seals break in a predictable spot, right at the indented location where the piece fits in. First thing to test is pop, break it, then dab the superglue into the indent, stick it back together and tidy it up a bit.
Next test: It doesn't appear that the type of plastic used is the kind that discolors when you melt it back together,
Next test: Getting a laser cutting device to make a tidy incision.
Since the seals cost just pennies, this sounds like a worthwhile pastime, so we'll have proof of concept answers on videotape for Neil, who trusts (but apparently hasn't tested) that breaking and fixing the seals can't be done.
Additionally, testing should be done on the use of the telephone jack or serial port to reprogram without disturbing the card in the memory card bay.
I should note one thing. When I visited a poll worked who had voting machines sent home with her, she showed me the seals. They sent extras home with her.
Or that she can go to the store and buy new tamper seals, and some tamper-tape with the right serial numbers on it,
Not the store. The Internet. The manufacturer is listed on the back of the seal, and you can order seals in any color with any range of numbers you select.
or how an insider can easily just get around all that in some unspecified way.
If the seals really are easily bypassed, then buy better ones (there are some good metal crimp-style ones available).
That's a good idea. And while we're at it, let's do the suggestions Hursti made while in San Diego recently, which they ignored: Seal the telephone jack, the modem port, and the serial port as well.
Or reset the counts immediately before opening the polls instead of after successful testing, closing the window of opportunity for pre-loading data on the card before the polls are opened.
Okay. If you say so. That introduces other vulnerabilities.
Or revise your chain-of-custody procedures to prevent access to the machines in the sensitive time period.
It is interesting that he is suggesting all kinds of changes in procedures, most of which we have asked for an have been denied, by the way. He also is quite enamored of the perimeter defense and doesn't seem to be bothered by the fact that self-modifying code is prohibited by FEC 1990 standards and interpreted code is prohibited altogether by 2002 standards. These machines are in violation of even the most archaic standards. How did that happen? Shouldn't we find out a bit more about that before we *shrug* as Neil likes to do?
Or whatever. You get the idea... identify the weak point in your protocol, and modify the protocol accordingly.
The weak point is the architecture itself, which violates FEC standards because it is inherently insecure.
(And by all means, bring the issue to the vendor's attention, if it's a concern to you as an election administrator. Write a letter to your sales or support rep, saying that you understand the problem (or asking clarification, if need be) and that while you understand that operational procedures are designed to mitigate the risk you still give some credence to the reported vulnerability and would like an update to the system that would also help to mitigate the risk.
They did. The vendor told them there is no executable code on the memory card and that it is impossible to alter votes on the memory card.
Escalate as required until you get a satisfactory response -- sales and support flunkies (for any vendor of anything) are instinctively inclined to deny any problems because they don't want to admit that no system (least of all theirs!) is perfect.)
Denying during a sales presentation is fraud. That's what they did. It wasn't the sales personnel, it was the chief engineer who denied it.
I don't see this behavior as trivial. |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 2037
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, December 17, 2005 - 6:50 pm: |
|
Dr. Dill, I too would like to point out that your admission here that you never looked into the security of these systems in any meaningful way as something that scares the hell out of me.
For the last several years I've had the names Dr. David Dill and Doug Jones thrown in my face repeatedly by elections officials and reporters alike along with the names of prestigious institutions like "The Department of Computer Sciences at Stanford University" and "Kenneshaw State University" when they ask me "who the hell are you" and "why should I listen to you when the experts don't see a problem".
Whether you wish to acknowledge it or not, your reputation and the reputation of the institution you work for are being used to bolster the claims by elections officials across the country that these systems are safe and have been examined by "leading computer professionals". While it may be technically correct, it is quite misleading to the general public as to the scope of what you've been testing.
I, for one, have been left with the impression that I could trust that someone with a hell of a lot more education than I have has been 'watching the store' for us since I don't have that privilege officially.
Now I find that as a high school dropout* with absolutely NO academic computer training, and NO official sanction to do so, have done more actual security testing and analysis on this system than the degreed computer scientists whom I had been assured were doing so.
As a 'self taught', non degreed professional, I was successfully able to spot one glaring security flaw in less time than it took to browse the directory tree in the 'tar ball'! The lack of 'referential integrity' in the database was so easy to spot that any high school student with a basic course in MS Office usage should have spotted it.
The rather curious 'programmer comments' in some of the source code modules were practically a road map to other stunning security flaws in the software. When I read comments that say things like 'the XX flag appears to be broken' my sense of intellectual curiosity kicks in and I just have to find out what that flag is supposed to do, what it actually does, and why it's not working.
These are the kind of things I had been assured that "the experts" such as yourself were doing.
To find out that neither you, Doug Jones, Shawn Southworth and the ITA's or anyone else being paid to "examine" these systems are doing any serious security testing scares the hell out of me as it should you.
If I were you, I'd be just a little upset that my name and reputation, and that of the institution I represent, are being used to give people a false sense of security. Your role in testing these systems seems, to me at least, sort of like VoteHere putting Avi Rubin on their Board of Directors calling him a 'consultant' while never asking him to vote on anything or actually 'consulting' with him. Mere window dressing in order to list your resume and make themselves look good.
I think you were used.
(* I have a 186 IQ and dropped out of Brooklyn Tech to get an education on 'state of the art' equipment in a rapidly developing field rather than sit in classes where I was learning nothing new at the time. Over the last 30+ years I have designed and developed computer controls and instrumentation for products from nuclear cameras for medicine, radiation detectors, electric and hybrid electric vehicles, high speed automated assembly, test and measurement equipment [ATME] and a host of other applications.)
Pat A. Vesely ;-) |
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 92
Registered: 01-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Saturday, December 17, 2005 - 7:08 pm: |
|
Dr. Dill,
After the release of the initial Hursti report regarding Diebold optical scan systems, you went in front of the Carter-Baker commission and praised the virtues of optical scan.
You would have to have known that if the Hursti report is accurate, given the low level of spot-checking of the original paper ballots (most states don't do any, and it's *illegal* in six states) that optical scan isn't necessarily so praiseworthy.
Ignoring data doesn't appear to be a valid scientific method in any field EXCEPT voting system criticism and analysis, in which case it's the norm for any data that goes against the prevailing trends.
-----------
Within the last two months or so, the ITAs (esp. Ciber and Wyle in Huntsville AL) have come under major fire from various academics. Avi Ruben just blogged on this subject extensively:
http://www.huffingtonpost.com/avi-rubin/the-dirty-little-secrets-_b_12354.html
The California Technical Advisory Committee led by David Jefferson had some pithy comments to that effect in the document analyzing the failure of the Diebold TSx in the San Joaquin volume tests:
http://www.ss.ca.gov/elections/voting_systems/vstaab_volume_test_report.pdf
To quote:
Under one possible interpretation of the standards, the failure rate observed during these
tests was more than 10 times higher than permitted by federal standards (which require a
163-hour MTBF). The failure to detect this fact during the ITA’s testing process appears
to be due to serious defects in the testing methodology specified by federal standards.
One lesson of this analysis is that the testing performed during the federal qualification
process is apparently inadequate to ensure that voting machines will be reliable enough
for use in elections.
At the recent "top secret for insiders only hush hush" event sponsored by the California Secretary of State's office, failures by the ITAs was a leading topic of discussion.
Well isn't that nice. The academic community is finally starting to talk about what the activist community realized (and was publicly commenting on) back in 2003: that the ITA process was badly broken.
To state the obvious, if you jam a pocket calculator halfway into a banana and give Shawn Southworth of Ciber or his equivelent at Wyle enough money, you can get it declared a "modern and approved voting technology".
Here's what I personally was saying about the ITA process in September and October of 2003:
http://www.equalccw.com/sscomments1.pdf
http://www.equalccw.com/sscomments2.pdf
I was documenting how Diebold defrauded and subverted the ITAs. And I was by far not the only one, it's just easiest for me to remember the URLs to my own work of the period, I know for a fact I was mainly just expounding on Bev's work.
I consider Bev a leader and have acted consistently on that belief since July of 2003.
Dr. Dill, this separation of both contact and information flow between the activist community and the academic community has to stop. At present it is by and large the activist community that has taken the lead on this issue and taken the political and personal flak for it.
From our point of view, the academic community has sat and watched as we battered ourselves against brick walls of bureacracy and stupidity while the scientists by and large "tisk tisk" at our willingness to risk professional alliances to get the difficult truth out there.
We recognize that both "insiders" and "outsiders" are necessary, measuring both from the point of view of the various bureacrats in the state and local elections mechanisms. However, us "outsiders" are necessary to make the public aware of the extent of this disaster. We didn't wait until it was politically feasible to attack the ITAs.
The problem is that we also had to weather attacks by the academic community. It is hardly appropriate to now criticize us for being right.
Jim March
|
Patricia Tavormina
Voting Rights Forum Participant
Username: Patty
Post Number: 43
Registered: 04-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, December 17, 2005 - 7:25 pm: |
|
Ummm....
I have to say that you're all giving Dr. Dill the short end of the stick here.
Maybe it has to do with how academia "works" ...and it sure doesn't "work" by jumping on every bandwagon that comes along.(Consider some of the "crackpot" theories that are constantly put forth - from crop circles to alien abductions to faked moon ladnings etc)
Academic research works on evidence. And funding.
The idea of electronic vote fraud occasionally falls into the "tin foil hat brigade" category - whether rightly or no - because to learn that it may actually be occuring on a scale large enough to affect who is sitting in the white house, the most influential person in the world, leader of the world's only remaining superpower, etc etc etc....
challenges some very basic identity that every American holds.
Unfortunately, you at BBV start with a very high burden of proof, and no "expert" sets up his personal research group (and his time, and his resources) on the basis of demonstrating tin-foil hat scenarios.
At this point you have generated some momentum, and legitimacy. Please don't alienate people who could be very strong allies.
Dr. Dill, please reconsider sharing your expertise here, and on this important project.
(Message edited by Patty on December 17, 2005) |
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 93
Registered: 01-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Saturday, December 17, 2005 - 9:19 pm: |
|
Dr. Tavormina,
Point one, we have never attacked anyone who hasn't attacked us first. Apparantly there's a double standard in play.
Point two, once we had Bev's download of 40,000 Diebold files partially understood by around Oct. of '03, and their 13,000 internal EMails pretty well chewed on by around the same time, we were clearly WAY past talking conspiracy theory here.
Before that time period you'd have had a point but by at least December of '03 when the California audit showed a zero compliance rate on software certification by Diebold, when combined with the available data...oh hell no.
The only possible reason to ignore all that data was because it wasn't convenient to do so.
Avi Rubin studied one SMALL portion of it (the touchscreen source code), to his credit. But that makes his ignoring the rest all the harder to understand and his disdain for Bev and company incomprehensible as she was the source of the code he studied and he knew that full well.
You tell us to behave, after we've suffered years of being belittled and then we dare to comment on said mistreatment. Us activists have been treated like dirt by the academic community. Should I discuss how Greg Dinger and Ellen Theisen were treated, and by whom? Or which academic ridiculed me behind my back to a fellow activist because I tend to wear a bolo tie!?
Ye Gods.
Can you see how we'd possibly have a problem with this behavior? Esp. when even though we absolutely prove that hard issues exist, our work is either ignored or disparaged by the same academics physically in the room when we presented the proof!?
But we're supposed to "behave".
Dr. Tavormina, the sort of personality who CAN keep pounding away at monsters like Global/Diebold for literally years isn't the sort to tolerate being told to "be polite to our betters no matter what"...the message we repeatedly get.
You want us to act like sheep. Sheep won't bring these bastards to their knees. You NEED wolves and then you get upset with us when we won't tolerate being abused?
No.
There needs to be some mutual understanding all right. Part of that understanding is that somebody needs to go kick some ass and isn't likely to take an asskicking from anybody regardless of academic credentials. You think we're going to roll over and show our bellies to anybody? Do you really want us to? Or do you want people around who are able to drive the genuine crooks completely nuts?
The academics have made it dead clear that kicking ass and taking names isn't in their bag o' tricks. So throw us out of the process and which asses don't get kicked?
Jim March |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2993
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Saturday, December 17, 2005 - 10:14 pm: |
|
To Patty:
Maybe it has to do with how academia "works" ...and it sure doesn't "work" by jumping on every bandwagon that comes along.
But Patty, let's review. The GEMS defect was verifiable in five minutes by looking at publicly available code, and was written up (by me, with the aid of a still-protected source named "Cape Cod" who identified the problems with referential integrity, the double set of books, the strangeness of the AccuBasic programs and how a zero report could be altered.) The GEMS portion of that was written up on July 8, 2003 leaving a road map for anyone who chose to verify it. The AccuBasic source code files that control the zero report were in the cvs.tar directory used by Avi Rubin for his famous study.
There is absolutely no reason to call this "jumping on a bandwagon" because it came with a road map and proof. The GEMS findings were subsequently replicated skillfully by Chuck Herrin in 2004, and we now know were also replicated by the Aug. 18 CompuServe report.
Academic research works on evidence. And funding.
Well, here's the rub. The evidence was provided right along with the article containing the road map. It was available for anyone to replicate and it would take only about 5 minutes to see the truth, simply by looking at the program. No funding whatsoever was needed for it -- download the Diebold files (which we know they did), run it, double-click MS Access, check the vote database and it's there for everyone to see.
The idea of electronic vote fraud occasionally falls into the "tin foil hat brigade" category - whether rightly or no -
We aren't talking about electronic vote fraud, when it comes to the scientists. They aren't forensic experts or detectives. It's not their job to find fraud, any more than it is their job to pronounce the absence of evidence of fraud.
We are talking about electronic voting security, and that has been so thoroughly backed up with hard-core evidence that it is incomprehensible why there was such silence, particularly about the GEMS defect, but also about remote access (use of RAS) and self modifying interpreted code on the memory card, before the 2004 election when that information was of critical importance to the United States in federal election.
because to learn that it may actually be occuring on a scale large enough to affect who is sitting in the white house, the most influential person in the world, leader of the world's only remaining superpower, etc etc etc....
challenges some very basic identity that every American holds.
Again, it is not appropriate for scientists to withhold that information because they are trying to protect the American citizens' sense of self.
All we asked of the scientists was to tell us what they saw in the computer code.
Unfortunately, you at BBV start with a very high burden of proof, and no "expert" sets up his personal research group (and his time, and his resources) on the basis of demonstrating tin-foil hat scenarios.
What in the world is "tin foil" about confirming the GEMS defect when given a road map and the executable program plus the actual vote databases from real elections?
To imply that this takes an army of grad students and a large grant is absurd, not to mention astoundingly ineffecient. If this is the case, it would be a compelling reason not to depend on academia to set standards, best practices, solutions or anything else.
Then consider this: During the time scientists were saying nothing about the GEMS defect, RAS, or executable programs on the memory card they seemed to have the time to help write legislation (a questionable use of computer science expertise), sit on various committees, travel around the country testifying to congress, and write books about this subject.
At this point you have generated some momentum, and legitimacy. Please don't alienate people who could be very strong allies.
We generated considerable momentum when we wrote up the GEMS hack and arranged for the release of 40,000 program files. What transpired was a pattern of exploitation, while scientists explained to us we were too unworthy to even rub shoulders, and at the same time took our findings and our research.
This behavior reminded me very much of how African-Americans were treated not too long ago. Invent something great like a refrigerator and the white guys would say "you do understand, don't you, that no one will take you seriously so I'll handle your invention."
We were patted on the head, asked to turn over information, then told to go away and sit quietly while the real men handled things.
The problem is, when it came to the most important security issues, they didn't handle it.
----------
And look at this, from another forum:
Neil B Forzod
Bev is angry at the academics because:
a) none of them take her seriously;
b) they actively refuse to reference "Bev Harris" or her "work" when they speak to the media; and
c) They didn't offer to include BBV when they submitted their ACCURATE research grant request, and they don't plan to share any of the $7 million with BBV or Bev Harris.
As for points "a)" and "b)" "Anger" isn't the right choice of words. "Frustration" is a better word for what I feel, and the frustration stems from a desire to get as much traction as possible on an issue that needs work urgently.
The frustration stems from the very real roadblocks we faced before the 2004 election when we could not get the scientists to come forward on some of the most critical security issues. A botched election was the result.
As for point "c)" we at Black Box Voting have no interest in such a grant, as we feel it would compromise our independence, and we also don't feel that the ponderous pace of that project matches the urgency of the current need for reform. Were anyone to offer us that money, we'd turn it down.
Same goes for the HAVA educational fund money that some groups are going for. We feel we can best serve the needs of the American citizenry if we are supported directly by the citizens themselves, rather than becoming beholden to a major funder who will tell us what we can and can't do.
...
The academic community largely views "Black Box Bev" as a crackpot who damages their credibility at every opportunity.
Whatever.
Bev views the academic community as a bunch of opportunists who got a bunch of money to study an issue that she feels she's responsible for publicizing, and she thinks she's entitled to commensurate recognition and a share of the cash.
Neil
I notice that Neil likes to tell everyone what I think. I've never met this man.
I don't look at the academics as opportunists. My concerns are policy-oriented. Conflict of interest (running a non-profit and doing an NSF grant that will make recommendations that can benefit or harm one's own nonprofit); Being forthcoming with information rather than withholding the very information that was needed to help produce a valid election in 2004, as we've been discussing here.
And as for publicity, everybody should be publicizing this. Note that the first major news blast we did after election 2004 was the "Be Your Own Media" blast, which can still be found in these forums. The more the better, as long as it's going after the truth. I've always advocated the swarm method.
As far as recognition, each person should be recognized for their contribution regardless of whether they are a scientist or not. All ordinary citizens who do good work should be credited for it. Susan Pynchon, Susan Bernecker and I were just discussing this, and Pynchon pointed out that the correct scientific way to handle this is to cite the original author and then replicate or confirm the work with whatever adjustments or qualifications are needed in discussing the findings.
I speak with many advocates for election reform who are dismissed because they don't have certain credentials. Their names are omitted from their own work. That's just not right.
Everyone in this movement who has done good work deserves to be credited by name. And, if names and credit are not important, then no one should put their name on anything. |
Lora Cove
Voting Rights Forum Participant
Username: Lora
Post Number: 53
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, December 17, 2005 - 11:44 pm: |
|
When the truth is plain to see and easy to find and damaging to those in power, then it will be ignored, obscured, and discredited. Isn't this what has happened here?
Brainwashing can happen to scientists as easily as anyone else. And now they can't admit that it happened to them. I believe that the "crackpot" status happened here just as it has happened in other scientific endeavors.
Thimerosol and autism, for one. The medical and government establishments have come out in unison dismissing any link between autism and vaccines preserved with mercury. Anyone coming out now, stating there could be a link will be seen as a "crackpot." Yet there is some very compelling evidence and also scientific studies that should have been done but weren't. Similar arguments were presented: No money. No way to do the studies. Waste of time. All untrue.
Millions of doses of flu vaccine contain this mercury preservative that is today being injected into infants and pregnant women at home and abroad. Who benefits from not thoroughly and honestly exploring this problem? Drug companies, making huge profits. Who stand to lose? Our children. And scientists who should know better have let themselves be lulled, bought, or brainwashed to accept the establishment line.
Some of the more honest scientists think that by keeping out the "crackpots" they will keep science pure and pristine and respectable. The less honest ones fudge the results, spin the conclusions and help label the "crackpots."
But we, like the parents of children with autism, are not crackpots and we are not giving up. |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2996
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Sunday, December 18, 2005 - 12:44 am: |
|
A bumper sticker I saw over a year ago seems to be relevant to the dialogue on this forum:
"If You're Not Outraged, You're Not Paying Attention!"
Based on the overwhelming evidence detailed by Bev, Jim and Pat above regarding what was known or should have been known in 2003 by the academic community concerning the security flaws that existed within the voting machines being used in over 800 counties and jurisdictions across the country, there's plenty to be outraged about and no one should begrudge us that outrage.
When BBV facilitated both Dr. Thompson's and Harri Hursti's tests on the security of the GEMS software and the memory cards, I thought for certain the academic e-voting experts would stand up and cheer and support our efforts totally, so that we could move the ball forward in a significant way. Afer all, they've always told us this isn't about who gets credit, right? Instead, what we got from them was silence.
Another thing, this isn't a competition between the citizens and the academics to see who comes in first in bringing about real election reform and being viewed as a hero, it's about saving our republic. It shouldn't matter who got there first in breaking new ground on the state of our elections. Perhaps, the reason for their silence was that they weren't expecting us to do so well. Well we did. So, the way I see it, Bev shouldn't be accused of being difficult to work with by Dr. Dill, when none of the academics have ever tried to work with her in any meaningful way from the beginning. Dr. Rubin told her he couldn't work with her because they needed someone who could testify before Congress! What does that have to do with the cost of tea in China? Whether they realize it or not, if they have kept a distance because they are afraid of being viewed as "advocates" in the election movement, well, they are. They are advocates for fair and honest elections, just like we are. They, of course, had no problem taking the Diebold files and any new information discovered by her and BBV though. A similar situation occurs in academia often where the graduate students do the research and write the paper for their professor, who puts his name on it and thanks them for their "help".
The real world is not academia and shouldn't be treated as such.
There are so many unaswered questions that have yet to be addressed by them..."why didn't the academic community speak out about the security flaws before the 2004 election?" "What were they waiting for?" "How was it in our country's best interests to remain silent?" "Why should we accept their silence as there being no other choice?"
Thank God, Ion Sancho didn't feel that way!
Some of the reasons given for their reluctance to speak out more boldly about what they knew regarding the lack of security in the Diebold voting systems (we can only speculate about the other vendors, but based on Diebold's record, they certainly deserve to be investigated too) was their fear of loosing credibility; jeopardizing federal grant money; losing access to the power elite; not being called upon to testify before Congress -- or, if they did speak out, they might be replaced by somebody worse. These reasons alone were cause for them to recuse themselves immediately. These restrictions on their ability to speak out openly and honestly was a clear conflict of interest in their role as an e-voting expert.
What we've learned as we slowly, but surely, moved the ball forward these past couple of years is that we cannot afford to compromise for any reason at all when it comes to the security and integrity of our votes. What's at stake here is of far greater importance than anyone's career, it's about the greater good of putting the best interests of the many over the few.
Let's be honest here. Does anyone really believe that BBV would ever have gotten this far in exposing the hard truth about these flawed machines had we always been "polite" and "politically correct"?
Any progress we hope to make will be a result of bold, decisive, uncompromising action, if we truly want to take back our country and put it where it belongs...in the hands of the people.
Kathleen Wynne |
Patricia Tavormina
Voting Rights Forum Participant
Username: Patty
Post Number: 44
Registered: 04-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, December 18, 2005 - 10:13 am: |
|
Please let us keep in mind that we all have the same goal ... fair elections. :
It appeared that this was Dr. Dill's first (or almost first?) venture to participate with your group. I would love to see such potentially effective collaborations nurtured. But there seems to be some undercurrent of "us vs. them" and this is something of a death knell for such collaborations.
Frankly, I don't quite know why academics would need to be part of the process at all. I presume it is because they carry more weight in front of Senate panels, etc, than other citizens. I am sure that having respected computer scientists from top - notch schools helping to argue your case, will give the issue (even) more credibility than otherwise. I understand that you have had some bad 'dealings' in the past.
My personal goal is to have fair elections, and to that end I would like to encourage cooperation between what appears to be two complementary groups.
The idea that one has to be an activist to put the country back in the hands of "the people," seems to miss the point that most of "the people" who could help get to this end, are being alienated through the very process. There must be a way to encourage "the experts" to help out, while protecting your ownership of the information, and not putting off good honest people in the process.
As I have taken this thread off topic I will respectfully bow out of the conversation now. I'll read any responses you may wish to make, but I don't wish to keep this off-topic tangent going. Thank you again for working on these hacks. I am glad to see Volusia county joining Leon County, and I hope that counties in other states start picking up on this. |
Roger Fox
Voting Rights Forum Participant
Username: Fogerrox
Post Number: 74
Registered: 06-2005
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Sunday, December 18, 2005 - 6:02 pm: |
|
A question occured to me way upthread about architecture--
I dont know enuf about it-- but dont all, or close to all of the Big 3-- Diebold ES&S & Sequoia: DREs & OPscans use portable Media--
(is that the right term?) Like a PCMCIA card?
If this voting equipment is designed to cheat-
TO steal our votes-
If it was me--
& I owned the voting machine company--
I would be designing the ability for me-- or my people to do the inside HACK.
It seems to me that the Leon County hack- was just this, the inside hack. SO--- Assuming that these big 3 vendors wish to steal out votes-
It might make sense that with a common purpose--
All this equip. would have a common architecture-
I realize I have taken a simple view here--
But in general terms- the transmission from a Hi performance BMW might have more in common with a hi performance Mercedes, than a Ford Focus.
Because the BMW & Mercedes have a common purpose (racing).
And thusly a common architecture. |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2998
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Sunday, December 18, 2005 - 8:14 pm: |
|
Roger --
There are some differences, using your theory. Diebold's selling point was that county election officials could program the removable media themselves. ES&S kept that procedure in house (rather horrifying, actually).
Hart Intercivic also does that, from what I understand.
The architecture differs considerably with Hart, mostly because their voting equipment is of a later vintage and didn't have the "legacy issues" (didn't have to be backward compatible with obsolete stuff).
The architecture of ES&S and Sequoia Eagle optical scanners comes from BRC. That is a company that election officials have flat-out told us was crooked.
The architecture of ES&S and Global Election Systems (now Diebold) touch-screens must have something in common, because ES&S had that patent infringement suit against Global.
The architecture of the Sequoia touch-screens does seem different from the other vendors. This is why it is so important to continue with the 15004 examinations in California. That will tell us a lot.
Bev |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1339
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Sunday, December 18, 2005 - 8:25 pm: |
|
Bev,
When you say "Hart Intercivic also does that", do you mean that Hart lets election officials program the removable media themselves like Diebold, or that Hart keeps the procedure in house like ES&S? |
BBV Admin
Board Administrator
Username: Admin
Post Number: 3001
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Sunday, December 18, 2005 - 9:37 pm: |
|
Hart keeps the procedure in house like ES&S. |
Roger Fox
Voting Rights Forum Participant
Username: Fogerrox
Post Number: 75
Registered: 06-2005
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Monday, December 19, 2005 - 5:04 pm: |
|
Sequoia may both, -- In NJ, Essex county, SOE Casciano told me, Sequoia will train his people to write the ballots etc.
I understand about the opscanners-- from BRC, Warren County in NJ has used the optech III P Eagles--for about 15 years, now.
---------------
Another question I thought of-- I was told that Sequoia & ES&S uses a second cpu for the audio ballot. I'm assuming this person was talking about the older-- Advanatge, and Ivotronic, which was originally From Election Products, IIRC. This person isnt the most computer savvy person and wanted to relay this to me.
Anybody hear about this chip upgrade for audio ballots-?
If The Diebold TS and ES&S Ivotronic are similar-
Diebold may have also done the upgrade to accomodate the audio ballot. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1341
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Tuesday, December 20, 2005 - 1:07 am: |
|
If any vendors did upgrade/change/add a cpu for the audio ballot, wouldn't the whole system have to be retested and recertified by the ITAs/NASED? |
Michael Copass
Voting Rights Forum Participant
Username: Votes_with_paper
Post Number: 30
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, December 21, 2005 - 12:39 pm: |
|
Diebold Insider Trading - interesting tool
go to Finance.yahoo.com enter "DBD" for symbol
click on insiders link on L side
http://finance.yahoo.com/q/it?s=DBD
(note that this is NOT updated in real-time... witness Mr Bush's harken trade report delay) |
Robert Munyer
Voting Rights Forum Participant
Username: Munyer
Post Number: 1
Registered: 12-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, December 29, 2005 - 8:22 pm: |
|
Pat A. Vesely wrote:
quote:For the last several years I've had the names Dr. David Dill and Doug Jones thrown in my face repeatedly by elections officials and reporters alike along with the names of prestigious institutions like "The Department of Computer Sciences at Stanford University" and "Kenneshaw State University" when they ask me "who the hell are you" and "why should I listen to you when the experts don't see a problem".
Mr. Vesely, I would like to see more detail about what these officials and reporters said to you, because it conflicts with what I've already heard about these two professors. I've never heard of either of them ever saying that they "don't see a problem" with any kind of unaudited voting: not the kind where you have no paper ballots, nor the kind where you have paper ballots but no one ever bothers to secure them and audit them.
In fact, if I understand correctly, their argument since the beginning has been that the computerized election equipment cannot be shown to be infallible and incorruptible, therefore the election must be protected by an audit which cannot be subverted by the computerized equipment, therefore the paper ballots must not be eliminated.
Is it possible that whoever told you that Jones and Dill "don't see a problem" was simply misrepresenting them?
quote:Dr. Dill, I too would like to point out that your admission here that you never looked into the security of these systems in any meaningful way as something that scares the hell out of me.
I'm not shocked (or even surprised) that he hasn't closely examined Diebold's equipment-- because, as far as I know, he has always said that Diebold's equipment should not be trusted. You don't need to have detailed knowledge about a person or machine, in order to say that the person or machine should not be given unlimited power.
I can say, with certainty, "Larry Rhodes should not be given the power to choose the winner in every election," even if I have never met Larry Rhodes, or heard him speak, or read anything he wrote.
quote:I, for one, have been left with the impression that I could trust that someone with a hell of a lot more education than I have has been 'watching the store' for us since I don't have that privilege officially.
Your store analogy seems appropriate; I'll continue with it.
Dr. Dill's job is not to watch the store. His job is to tell us if the vendors are being truthful when they claim that the locks are unpickable so the store can be left unguarded all night. Dr. Dill (and thousands of other computer experts) told us that the vendors' claims are false, the locks are easily pickable, there is no technology in existence which can unpickably lock this particular kind of store, therefore we must guard the store at all times. |
BBV Admin
Board Administrator
Username: Admin
Post Number: 3047
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, December 29, 2005 - 10:12 pm: |
|
Dear Robert,
Welcome to Black Box Voting, and thank you for presenting another side of the story. Your insights are informative and appreciated.
My biggest frustration has been a tendency among scientists to pronounce opinions on forensic areas where they have no expertise -- like saying there is no indication of fraud without studying any of the evidence first, or applying computer science principles to areas like accounting procedures, without a full understanding of that discipline. For example, I've heard that the double set of books in GEMS is explainable from a computer science standpoint. Well, that's apples and oranges. A double set of books -- lacking referential integrity, allowing one to enter transactions out of balance and create hidden transactions -- is ALWAYS inappropriate from an accounting standpoint.
Computer science is just one discipline, and doesn't make one qualified to craft legislation, determine the likelihood of bribery, or pontificate about accounting.
Of course, writers like me are "broad but shallow." We pontificate on everything but lack the depth of perception in a single specialized area.
We will achieve much towards cooperation between disciplines when diversity of expertise and style is valued and actually sought out by those who have expertise in a single area.
Bev Harris |
richard delaney
Voting Rights Forum Participant
Username: Guitarstar
Post Number: 1
Registered: 01-2006
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Saturday, January 21, 2006 - 8:02 am: |
|
i think it's dangerous to allow a company that manufactures gambling machines to also make voting machines.
and foolish for any local, state, or federal entity to use that equipment, unless of course they were trying to defraud the voters in the first place.
after all, doesn't the "house" always win in vegas?
we need to get diebold out of the election business, and go back to paper ballots like the the old days, with two copies, one for the election officials, and one for my pocket, just in case there are any questions later on about the results, we could have an accurate re-count.
didn't i just see a zillion iraqi's running around with colored ink on their fingers?
if it's good enough for them, it's good enough for me, get rid of diebold and ANY chance of "gambling" with my vote!
thanks for your hard work..
richard |
Samuel Scharff
Voting Rights Forum Participant
Username: Abacus
Post Number: 30
Registered: 08-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Monday, March 6, 2006 - 11:45 pm: |
|
Yes - some of us really want all hand count no machines paper ballot systems...
But don't underestimate Las Vegas. Their control over gambling machines probably exceeds CIA, NSA and military security <g>
See the NY Times article:
Gambling on Voting
Published: June 13, 2004
Abacus
|
Robert Munyer
Voting Rights Forum Participant
Username: Munyer
Post Number: 18
Registered: 12-2005
Best of Black Box?
Votes: 273 (A keeper?) | | Posted on Tuesday, March 7, 2006 - 8:19 pm: |
|
Samuel Scharff wrote:
quote:don't underestimate Las Vegas. Their control over gambling machines probably exceeds CIA, NSA and military security <g>
On several occasions they have caught, and convicted, people who stole money by tampering with the software in the gambling machines. They didn't detect the crimes immediately; the criminals got away with it for a while but eventually were caught and convicted.
Two things to consider:
(a) The gambling machine tamperers we know about are the greedy ones, who repeated their crimes until they were caught. If they'd stopped after the first time, they wouldn't have been caught. There are probably others we don't know about, who committed similar crimes, but were less greedy and stopped before their crimes were detected.
(b) If you tamper with voting machines, and get your crony elected as Governor or President, your crony will have enough power to obstruct the investigation so you won't be caught. If you somehow get caught anyway, your crony will have the power to PARDON you!
In summary: the Las Vegas computer security strategy is NOT good enough for elections. |
Samuel Scharff
Voting Rights Forum Participant
Username: Abacus
Post Number: 38
Registered: 08-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Monday, May 29, 2006 - 9:25 pm: |
|
Robert,
Valid points...
Concur about perps being caught due to greed.Of course we don't know if Las Vegas caught other miscreants and didn't mention it...
Too true about Governors/Presidents...
But I didn't say Las Vegas system is ok for voting, just that it's better than ITAs etc.
And my main point stands: only hand count paper ballot systems can do the job
Regards |
|
|
