Navigation
Topics
Log In
Log Out
:
Special Search
New Today
New This Week
Advanced Search
Tree View
Your Account
Edit Profile
Register
Forgot Password
Tools
Help/Instructions
Policies
CLICK STATE TO SEE:
"WATCH LIST"
Marked with: 
"OPEN & HONEST"
Marked with: 
...
|
| 4-6-06: Utah Lt. Governor's office ad... |
|
| Author |
Message |
    
Bev Harris
Board Administrator
Username: Admin
Post Number: 3981
Registered: 12-2004
Best of Black Box? 
Votes: 1 (A keeper?) | | Posted on Thursday, April 6, 2006 - 8:51 am: | 
|
(Outstanding work by Utah citizen Joycelynn Straight)
Date: Wed, 05 Apr 2006
Dear Ms. Straight,
Mr. Cragun asked me to respond to your questions...
6. Is your office aware of the existence of any voting machine or voting equipment, including memory cards, purchased by the State of Utah that has had it's external serial number switched and/or the serial number on the machine's/card's internal memory changed?
[Utah's answer] "Yes, the acceptance testing process identified some units on which the serial number recorded in the memory was incorrectly entered and thus did not match the serial number affixed to the unit housing. In those cases technicians adjusted the number recorded in the memory to match the number affixed to the unit.
[NOTE from BBV: Perhaps the serial number was "incorrectly entered" or perhaps the physical number was an incorrect piece of information. If the number was entered incorrectly, a record of each number should be kept on file.]
Here is the complete text of the Utah elections division statements:
1. Have any changes or addendums been made to the State of Utah's Voting Equipment Purchasing Contract with Diebold Election Systems, Inc. DESI) since I picked up a copy of the contract's equipment cost sheet from you at your office last fall?
[answer] No.
2. Has the State of Utah, or, to your knowledge, any counties in the state, made any other written or verbal contracts or agreements with DESI, or any sub-contractor, regarding the acquisition (rental or purchase) or testing of voting software, voting equipment and/or voting equipment parts?
[answer]: No. However, at least three counties have purchased additional voting machines and at least 14 counties have purchased voting equipment supplies under the state contract with DESI.
3. Do you have a list of the serial numbers for the approximately 6000 voting machines that the State of Utah purchased from DESI?
[answer]: Yes.
4. Is this statement, which is attributed to you in the March 30, 2006 edition of the Salt Lake City Weekly, accurate? "The lieutenant governor's office observed testing of all Diebold voting machines delivered to Utah before they were sent to individual counties and was satisfied all were in working order, said Cragun."
[answer]: Yes, as is the subsequent statement: "State election officials additionally asked each county to test their allotment of machines once they arrived, he said."
5. Is your office aware of the existence of any used or uncertified voting equipment or unauthorized versions of election software in the state of Utah that was purchased under the state's contract with DESI or any extension of said contract or through any other verbal or written agreement with DESI or any sub-contractor?
[answer]: No.
6. Is your office aware of the existence of any voting machine or voting equipment, including memory cards, purchased by the State of Utah that has had it's external serial number switched and/or the serial number on the machine's/card's internal memory changed?
[answer]: Yes, the acceptance testing process identified some units on which the serial number recorded in the memory was incorrectly entered and thus did not match the serial number affixed to the unit housing. In those cases technicians adjusted the number recorded in the memory to match the number affixed to the unit.
7. What is your office's stance on how the October and November 2005 elections in Farmington were handled and were any problems reported to your office about those election or the November 2005 election in Brigham City? If any problems were reported, what were they?
[answer]: Lieutenant Governor Herbert is very happy with the elections conducted by Box Elder and Davis Counties for Brigham City and Farmington. He is particularly pleased that voters, poll workers, observers from other counties, and most importantly the Brigham City and Farmington recorders, who were responsible for running the elections, gave the system high marks.
Paper Jams experienced in Brigham City were quickly corrected by election officials. Under its warranty obligation, Diebold Election Systems, Inc. replaced defective printer housings that caused the paper jams before final delivery of Box Elder County's equipment in December 2005.
I hope that you find this information useful. You are welcome to contact the Office of the Lieutenant Governor during normal business hours with further questions.
Sincerely,
Ashlee Cutler
Special Assistant to the Lieutenant Governor |
John Washburn
Voting Rights Forum Participant
Username: Johnwashburn
Post Number: 69
Registered: 02-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, April 6, 2006 - 9:34 am: |
|
RE: In those cases technicians adjusted the number recorded in the memory to match the number affixed to the unit.
How?
The point of serial numbers is immutability. How is a number burned into a piece of silicon able to be changed to match the number stamped into a metal plate?
Answer: The serial number is not in ROM but RAM and, thus, intrinsically mutable. I would also bet the serial is printed not stamped on to the metal plate. Al the easir to "update" equipment and "correct" discrepancies.} |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 492
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, April 6, 2006 - 11:01 am: |
|
It could be flash memory. |
Christopher Hooten
Voting Rights Forum Participant
Username: Bigfoot
Post Number: 26
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, April 6, 2006 - 4:00 pm: |
|
It should at least be flash memory, but instead, it is shit memory that requires batteries just to retain the info (ballots) on them. However, memory like this would be convenient to "reduce" the turnout in democratic leaning areas. With weak batteries, some cards are sure to fail, losing or corrupting all the information (votes). As would scrubbing voter registration lists, and reducing the number of machines available, again in democratic leaning areas.
Nah! Couldn't be true.
What? Maybe it is? Hmmmm. Troubling...
You mean it probably happened? Frightening...
Oh, crap it really happened? How do we legally get rid of them?
bigfoot
From BBV admin: Hi, Christopher -- The stereotype that election manipulation is just against Democrats is not supported by the evidence. As with many other things, we benefit by dropping the stereotypes. |
Jim March
Frequent Voting Rights Forum Participant
Username: Jimmarch
Post Number: 143
Registered: 01-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, April 6, 2006 - 6:08 pm: |
|
Worst of all: if you can change the serial number in software, it means you can temporarily set up any TSx to "spoof" any other? Change the date and time too, and you can maybe create what looks like a valid poll tape after the fact for any voting machine you want?
This is THEORY talking, not based on testing yet. OK? But the ability to switch a TSx serial number on the fly does lead to such questions. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 3992
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, April 6, 2006 - 6:23 pm: |
|
The Diebold memos contain mixed signals about the ability to switch serial numbers. Apparently Wyle objected to change-em-as-you-go serial numbers and a series of memos (for the earlier TS machines) indicates that once the serial number is entered, it cannot be changed.
But then another series of memos describes how to change the serial number on a machine.
So there you have it. |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 493
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, April 7, 2006 - 4:33 am: |
|
How that memo reads may include indications as to what kind of memory that is, does it say anything about the memory being battery-backed up? |
Bev Harris
Board Administrator
Username: Admin
Post Number: 3997
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, April 7, 2006 - 8:20 am: |
|
As I interpret the following documents, the machine serial number (once set during the initial setup), is not supposed to be able to be changed later.
From the TSx System Overview sent to Wyle Labs:
quote:System Setup
The setup function allows the user to set machine related options. In particular the following items can be defined:
MachineSN: This is the machine serial number and is recorded in the audit log when the system starts up, and is printed on all results reports.
Smart Card: This is the port the smart card is connected to.
Printer Port: This is the printer port the printer is connected to.
System Directory: This is the directory where system files reside.
Main Directory: This is the directory for the removable election media.
Backup Directory: This is the directory for the backup results files.
Network: Network-related configuration information may be defined in this function.
Calibration: This function allows the touch screen to be calibrated.
Date: This allows the user to set the system date.
The system Diagnostics are also accessed from the Setup function. The Diagnostics include the following options:
System Overview Test Printer: This allows the printer to be tested. The output to the printer is a 'barber pole' pattern of characters.
Test Serial Port: This allows testing of the systems serial ports, requiring a loopback connector to be plugged into the unit’s serial port. If hardware flow control is specified, then the loopback connector must include the hardware control lines.
Test Card Reader: This is used to test the smart card reader. It performs the test by writing and reading a pattern of characters to the smart card. This will erase all the data on the smart card.
I am attaching that document, from the Diebold TSx Technical Data Package for Wyle (this is date of Jan. 2003, not the latest one).
Here are a series of Diebold memos talking about how Wyle Labs wants them to make the serial number unchangable. The following caveats apply: We are in 2006. The technical data package, above, is from 2003. The memos below are for 2002. The document above refers to the TSx and those below refer to the earlier TS models (but still the Ballot Station program). The info below is carefully put into the context of the user (election official's) being prevented from changing the serial number. The release notes, however, imply that the ability to change it has been disabled altogether, and not just as verbiage.
And note that Wyle felt this issue of changing serial numbers was a dealbreaker, though they negotiated a "verbiage" solution which sounds hinky to me, but perhaps better minds can correct me.
quote:-----Original Message-----
From: owner-rcr@dieboldes.com
On Behalf Of Jeff Hallmark
Sent: Monday, March 11, 2002 2:10 PM
To: rcr
Subject: re: AVTS Ballot Station Setup Serial Number
Jim Dearman has requested a verbiage change to the AVTS Setup Screen "MachineSN" The change should encompass all instances of the verbiage. He wishes to eradicate the connotation of serial number from this screen and all reports..
He will accept "MachineID" or "Machine No."
The request stems from an end user's ability to change the MachineSN, even if via Administrator privilege, from within the Setup Module. If we comply to the verbiage change he will not pursue the issue further.
Jeff Hallmark jeffh@dieboldes.com
Diebold Election Systems
Followed by this:
quote:-----Original Message-----
From: owner-rcr@dieboldes.com
On Behalf Of Ken Clark
Sent: Monday, March 11, 2002 4:44 PM
To: rcr@dieboldes.com
Subject: RE: AVTS Ballot Station Setup Serial Number
You need to be a little careful here, as we currently use the term Machine ID to mean the logical unit number of the machine within the polling place. Typically 1, 2, 3, etc. This is different than the machine serial number, which means just that. The logical unit number can migrate from machine to machine. You can think of the machine id as the identifier of the PCMCIA card within the voting center. If a machine goes down, you can take the PCMCIA card out of one machine and put it in another, and the machine ID follows. The serial number, conversely, remains tied to the physical unit.
The second verbiage option that was offered "Machine No." will do as well.
We can change the verbiage to anything you/he likes within reason, but you'll need to separate the two meanings. Let us know exactly what changes to what verbiages you want, and we'll make the change. That is, itemize "all instances of the verbiage" and let us know the new verbiage.
Now as to defining every occurrence of the "MachineID" string and any possible derivative where the label portion could vary slightly, you are of course the one who has the source code and therefore the master of the hunt.
For what it is worth, I think you might be better off attacking this from the "user's ability to change the serial number" viewpoint. The serial number needs to be set *somehow*. How would he like it set, if not in setup? This verbiage only solution was negotiated with Jim from this perspective, initially the prospect was complete certification failure for Ballot Station 4.1.10, due to this issue.
Ken
Followed by this from Talbot Iredale:
quote:To: <rcr@dieboldes.com>
Subject: Re: AVTS Ballot Station Setup Serial Number
From: "Talbot Iredale" <tiredale@dieboldes.com>
Date: Thu, 14 Mar 2002 15:05:26 -0800
Jeff,
This field refers to the number on the side of the unit that is labeled "SN". Therefore this field IS the machine serial number. I have breifly checked the FEC regs. and cannot find anything that prevents us from using the label the way we are. If Jim knows of some section of the FEC regs. that we are contravining please let me know. If you would like me to talk directly to Jim about this I will be more than happy to, just send me his phone number.
Tab
Followed by this from Talbot Iredale:
quote:To:<rcr@dieboldes.com>
Subject: Re: AVTS Ballot Station Setup Serial Number
From: "Talbot Iredale"
Date: Fri, 15 Mar 2002 13:30:45 -0800
We will change the Machine SN so that it cannot be changed once a number has been entered.
Tab
Followed by this from programmer Whitman Lee:
quote:To: <rcr@dieboldes.com>
Subject: Re: AVTS Ballot Station Setup Serial Number
From: "Whitman Lee"
Date: Fri, 15 Mar 2002 14:55:55 -0800
The "MachineSN" box is now disabled if the number is 1000 or higher. This feature will be in v4-1-11.
Whitman
And then this:
quote:To: <rcr@dieboldes.com>
Subject: Re: AVTS Ballot Station Setup Serial Number
From: "Whitman Lee"
Date: Fri, 15 Mar 2002 15:46:37 -0800
The "MachineSN" box is now disabled if the number is higher than 1. This feature will be in v4-1-11.
Whitman
Disabling the ability to change the serial number shows up in the Release Notes:
quote:To: "Software Announcements"
Subject: Ballot Station 4-1-11
From: "Dmitry Papushin"
Date: Fri, 15 Mar 2002 17:59:44 -0800
Ballot Station 4-1-11 for Windows CE and Windows NT are ready. The passwords are:
BS_CE-4-1-11-0.zip lqbdqjhnatqbc
BS_NT-4-1-11-0.zip a1bnujmbot3zw
4.1.11.0 Mar 15 2002
- Fix problem with RTFCell not setting white hightlight background to current background.
- Fix problem with print VCenter KeyId rather than VCenter Id on label after download.
- Fix problem when VIBS_Undervote audio played for the races that have no candidates to vote.
- Fix problem when keyboard loses focus after touching the hide window during voting.
- Disable MachineSN if it is greater than 1.
Dmitry
Why, if Wyle Labs wants that Serial Number to be something you can't change -- well how can they then change the Serial Numbers in Utah? And of course, in view of the sloppy test lab procedures we are seeing in the transcripts from the California hearing, note that the labs initially appear to have negotiated a solution that is verbiage only.
Now, do these various documents conflict, or what am I missing?
 Diebold memo from Ken Clark re: Changing serial number
msg00016.html (5.1 k) |
Diebold memo re: serial number from Talbot Iredale
msg00033.html (4.0 k) |
Diebold memo: Cannot change s/n per Talbot Iredale
msg00036.html (4.1 k) |
Diebold memo: Ability to change S/N changed if higher than 1000
msg00037.html (4.5 k) |
Diebold memo: Can't change S/N if higher than 1
msg00038.html (4.5 k) |
Diebold memo: Release notes show S/N cannot be changed
msg00002.html (5.3 k) |
|
Bev Harris
Board Administrator
Username: Admin
Post Number: 3998
Registered: 12-2004
Best of Black Box? 
Votes: 3 (A keeper?) | | Posted on Friday, April 7, 2006 - 8:54 am: |
|
More on the issue of setting serial numbers (all of the following refer to the earlier version, the TS):
quote:Subject: RE: Touch Screen Calibration with BS Software
From: "Ken Clark"
... Calibration will be part of the initial setup proceedure. Just like date and serial number. All touch devices for example the Jornada work like this. Well, except for ours currently.
Granted, manufacturing is ultimately going to need under the hood now and then. This will probably involve something more drastic though, like a magic PCMCIA card or something...
From Nel Finberg:
quote:To: "Support"
Subject: AccuVote-TS machine serial number
From: "Nel Finberg"
Date: Tue, 9 Jul 2002 13:45:40 -0700
When is the AccuVote-TS machine serial number assigned within Ballot Station System Setup?
Nel
Here it says the serial number is put into the system at the manufacturer:
quote:To:
Subject: RE: AccuVote-TS machine serial number
From: "Ian S. Piper" >
Date: Tue, 9 Jul 2002 16:03:38 -0500
At manufacture, after the finished AV-TS R6 unit is powered up and the serial number for the unit can be read from the label on the base.
Ian
Unless...
quote:To:
Subject: Re: AccuVote-TS machine serial number
From: "Tari Runyan" >
Date: Tue, 9 Jul 2002 16:37:32 -0600
unless you upgrade the os - then it is in the startup of the next bs you install
clarification please...
quote:
To: <support@dieboldes.com>
Subject: Re: AccuVote-TS machine serial number
From: "Nel Finberg"
Date: Tue, 9 Jul 2002 15:43:43 -0700
Tari, can you elaborate on 'Startup'? Do you mean it is dislayed when the AccuVote-TS boots, but only after upgrading the operating system?
Nel
(Note: Nel Finberg is the technical writer and also has worked with ITA labs and done tech support. Tari Runyan is a field tech)
quote:To: <support@dieboldes.com>
Subject: Re: AccuVote-TS machine serial number
From: "Tari Runyan"
Date: Tue, 9 Jul 2002 16:54:56 -0600
References: <012401c2278c$192fe870$3701af0a@ian>
yup is that elaborate enough-
Here are instructions pertaining to setting up new operating system This is in the context of a flurry of patches done in connection with the whole rob-georgia thing, and pretty much shoots to heck the theory that Wyle Labs has that Windows CE was "COTS" (Commercial off the shelf and not altered in any way by the vendor):
quote:Note about Upgrading Windows CE
To: "Support \(E-mail\)"
Subject: Note about Upgrading Windows CE
From: "Ian S. Piper" <ian@dieboldes.com>
Date: Fri, 12 Jul 2002 13:16:02 -0500
I've recently become aware of an issue when upgrading between different WindowsCE versions. Please see the details below.
Upgrading from WinCE 2.1.2 (the original version first released) to WinCE 3.0 (any edition.)
When upgrading from WinCE 2.1.2 to WinCE 3.0, the settings are lost for the ELO touch panel calibration, the timezone, the daylight savings flag, and the unit Machine ID. After upgrading between major WinCE levels, you must re-enter these settings.
- Enter the Supervisor Functions\System Setup. (a Manager/Supervisor Card is required.)
Calibrate the ELO Touch Panel.
- On BS 4.1.11, enter the "Calibrate TS" function. (The targets appear twice, once to set and a second time to verify the first settings.)
- On BS 4.0.11, you'll need a keyboard attached so that you can gain access to the C:\Windows\Control Panel\ELoVa icon. (Execute this icon and the calibration targets will appear.)
- Input the correct the Machine SN ID setting using the touch keyboard on the System Setup Screen (look for the serial number on the black serial number label on the left side of the unit base).
- Set the timezone and daylight savings flags. Enter the "Set Date" function.
- After setting these values, press the "Apply" button. (The time may automatically change to something different.)
- Now set the time and date, if necessary.
After setting the time and date, press the Apply button. (The time should remain the same as you had set it.)
- Press either the small OK button or the "X" button on the Set Date window.
Press the Large OK button at the bottom of the System Setup Screen. This is extremely important as this action actually saves the settings you have just made to the persistent internal Flash memory on the system. (An hourglass icon should appear in the center of the screen and rotate to indicate it is busy saving the settings to Flash.)
Upgrading from WinCE 3.0 (June 7th edition) to WinCE 3.0 (July 5th edition.)
When upgrading from the June 7th edition of WinCE 3.0 to the July 5th edition of WinCE 3.0 (we're ignoring the July 2nd and July 4th editions), the settings should remain in the internal Flash memory. The only thing that is required is to set the time and date correctly.
Set the timezone and daylight savings flags. Enter the "Set Date" function.
- After setting these values, press the "Apply" button. (The time may automatically change to something different.)
- Now set the time and date, if necessary.
After setting the time and date, press the Apply button. (The time should remain the same as you had set it.)
- Press either the small OK button or the "X" button on the Set Date window.
- Press the Large OK button at the bottom of the System Setup Screen. This is extremely important as this action actually saves the settings you have just made to the persistent internal Flash memory on the system. (An hourglass icon should appear in the center of the screen and rotate to indicate it is busy saving the settings to Flash.)
- A bug in the Jun 7th edition of WinCE 3.0 didn't allow the factory to set the date and time. Units were still shipped with the understanding that the Jul 5th edition would correct the problem and that a field upgrade would be done before use. The ELO Touch Panel calibrations and serial number machine ID were not affected by this bug.
Upgrading from WinCE 3.0 (July 5th edition) to WinCE 3.0 (any future edition.)
When upgrading from the Jul 5th edition of WinCE 3.0 to an edition of WinCE 3.0 that may become available in the future, the settings should remain in the internal Flash memory.
Sincerely:
Ian S. Piper
Diebold Election Systems, Inc.
972.542.6000
|
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2037
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, April 7, 2006 - 9:13 am: |
|
Did you notice all the comments about setting Date & Time, and that the machine might show something different (?!), so an additional step is required to once again put in the Date & Time in order for it to "take"?
Does it make you wonder about any of those tapes with wrong dates & times?
OK it was different equipment I think, but just seeing this issue spelled out so explicitly has to make you wonder. (It's just one more possibility among many for why those dates were incorrect.)
The Serial No. is serious. It could allow you to swap "special" machines in and out w/o anyone knowing, if there is a way to change the SN after it's been set. |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 495
Registered: 01-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, April 7, 2006 - 10:20 am: |
|
If these are PC motherboard based (as I've previously gathered) there is a default time in the system until someone initially sets it (as a person who's installed many new motherboards, I've run into this myself).
That you can change time and date on a PC is a trojan horse on a vote recording instrument, and you can. This shouldn't be allowed it be prevented by a modification to the operating system and should be tested by the testing authority previous to public use.
There are two different values being touted as "below this value you can change the serial number", 1000 and I read 1 as a value as well (maybe incorrectly written?) and I can understand that as something that they'd do in production (the 1000 value, not the 1 value) as this would various values to differentiate unfinished product from finished. You shouldn't see a customer system with a serial number less than 1000 then (worth checking?), though.
This thing about a version of WinCE getting out without being able to set the date and time points to really lousy QA validation by somebody, though, and I'd be hard-pressed to think that Microsoft wouldn't check something that obvious (as bad as they sometimes are), so I would bet this WinCE is a special Diebold flavor, in no way COTS.
It sounds more like they're doing a re-install and not a upgrade with the older versions of WinCE, and if they allow it to reformat the flash (IF they're using the flash as a flash-disk) then this would make sense, although it's sloppy procedurally. If that's not the case, why do they have to re-do the machine's serial number after an opsys 'upgrade'?
It also looks like you can't keep the serial number through an older operational system upgrade, but can through a newer one, which leads to the impression that Win CE is awfully intimate with their product's particulars. This should not be true of COTS software.
Anybody else notice that Ian is talking about WinCE version 2.1.2 to WinCE 3.0 and doesn't go into the secondary suffix at all (Win 3.0.what?)? This strikes me as odd. |
Steve Armstrong
Voting Rights Forum Participant
Username: Starmstr
Post Number: 5
Registered: 03-2006
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, April 7, 2006 - 10:41 am: |
|
These multiple versions of WinCE 3.0 might be instances of what some Microsoft OS observers call 'slipstreaming'. It may occur on the OEM Vendor side as well as Microsoft side.
Sometimes, an OEM vendor may come up with a clever hack that makes something work where Microsoft had goofed up, and Microsoft decides to incorporate their fix, without fanfare, announcement, etc. Such a vendor might find themselves a Platinum partner by giving such cooperation.
So, we can have subtle changes slipped to the production OS codebase and the releases go out without changing any identifying release numbers. The dates on a few files and perhaps file size or changes to other internal property changes, even function lookup tables, are the only clues there's been such a change.
You would have to be able to compare files on multiple units to learn that this has happened and have the tools that can do a directory comparison and a binary file by file comparison.
A directory comparison might show different or additional DLL, OCX, DRV, SYS or EXEs, etc. The binary file comparison might show updated or modified typelib files, changes to internal function structures, and other properties of executable or 'library' code.
One programmer's tool to help track changes to binaries is performing and recording 'checksum' CRC calculations against each binary file. Keeping a record of the CRC values for each binary file should be something we'd expect a good testing agency to do.
One may Google on 'DLL Hell' to see what sort of problems this practice of slipstreaming -- changing binary files without updating file properties or release information -- has inflicted upon Windows desktop and server OS versions, since these mysterious dependency issues can be very vexing to resolve.
Perhaps even font changes could be construed to fall in this 'slipstream' category, but they're not strictly OS features. But they have caused screen and printer issues to appear or go away. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2038
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, April 7, 2006 - 12:39 pm: |
|
Steve, if changes can be slipped in with different versions of WinCE, then isn't it also possible that non-WinCE changes could also be slipped in?
Your testing suggestions could reveal whether changes had been made, but is there any way of determining where those changes originated? It seems unlikely.
Since WinCE is apparently designed to be modified by developers, who could say for sure whether the difference in checksums or file size was due to a WinCE change or one of the developers? If there's a claim that "it was a Windows change" how could one prove it, or prove that it wasn't?
If someone had malicious intent, burying code in WinCE would seem like one obvious tactic. |
Christopher Hooten
Voting Rights Forum Participant
Username: Bigfoot
Post Number: 27
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, April 7, 2006 - 5:34 pm: |
|
Re:
From BBV admin: Hi, Christopher -- The stereotype that election manipulation is just against Democrats is not supported by the evidence. As with many other things, we benefit by dropping the stereotypes.
--
I do think the majority of RECENT manipulation has been to the benefit of the Repubs. It just seemed so blatant in the last few elections. Maybe I am mistaken. Irregardless (I know, but it sounds better), the possibility of ANY manipulation is unacceptable. I am an Independent, BTW...
Plenty of "jackasses" in both parties... 
-- Bigfoot |
Christopher Hooten
Voting Rights Forum Participant
Username: Bigfoot
Post Number: 28
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, April 7, 2006 - 5:44 pm: |
|
I am afraid I must have mixed up the tsx with an earlier model, As the specs seem to indicate flash memory. My bad. Is there any way to change that in my first comment? It may be misleading.
-- Bigfoot |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4000
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, April 7, 2006 - 7:33 pm: |
|
Christopher, just write a post the way you want it and clarify what you wanted to say. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2039
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 8, 2006 - 2:20 am: |
|
Christopher,
At the top right corner of your post you'll see a few icons. The first of these, which looks like a notebook and pencil, is the one to click in order to be able to edit your own post. You may have to scroll down to see the "Post" box into which you can enter your changes. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4002
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 8, 2006 - 5:58 am: |
|
 Edit functions only last for a short time after posting, however. I have made that as long as several hours, but when the trolls show up I reduce it or sometimes eliminate it so as to capture the troll posts intact and save them.
Unlike most forums, we don't give trolls a free pass by just booting them off. If we learn their real names, we expose them for who they are, along with any credibility issues they may have, like prison records or ties to the industry. |
ed hill
Frequent Voting Rights Forum Participant
Username: Ed_hill
Post Number: 107
Registered: 03-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 8, 2006 - 2:13 pm: |
|
Hello folks
Brant, for once we are in complete agreement.
The seriel number shouldn't be changeable .
The text in the memos through circumlocutions seems to say that the lab is really looking for interface changes only. This by the repeated reference to "VERBIAGE'.
>>>>
----- Original Message -----
From: "Jeff Hallmark" <jeffh@dieboldes.com>
To: "rcr" <rcr@dieboldes.com>
Sent: Monday, March 11, 2002 2:10 PM
Subject: re: AVTS Ballot Station Setup Serial Number
>
> Jim Dearman has requested a verbiage change to the AVTS Setup Screen
> "MachineSN"
> The change should encompass all instances of the verbiage. He wishes to
> eradicate the connotation of serial number from this screen and all
> reports..
>
> He will accept "MachineID" or "Machine No."
>
> The request stems from an end user's ability to change the MachineSN, even
> if via Administrator privilege, from within the Setup Module.
> If we comply to the verbiage change he will not pursue the issue further.
>
>
> Jeff Hallmark jeffh@dieboldes.com <mailto:jeffh@dieboldes.com>
> Diebold Election Systems
>
>
As I've written here before. This illusory safeguard is open to anyone with a Hex editor, keyboard and caffiene.
I suspect that there are a fair number of adolescent game crackers who could re-write these serial numbers in a few minutes.
If these s/n were tied to the binary's by being signed together with a PGP type key it'd at least force the culpret down to hardware. As it is the effort is laughable. Cracking at this level wouldn't challenge a hobbyist.
Very good thread. You are breathing clean air and casting bright light into a very dark place.
best regards
ed
(Message edited by ed_hill on April 08, 2006) |
Pat Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 155
Registered: 02-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 8, 2006 - 2:57 pm: |
|
I've never quite understood why they don't just use the microprocessor's unique 'burned in' serial number or other information that is 'unique' to each machine to create a " GUID" (Globally Unique Identifier) to track the machines.
There's even a Visual Basic command written to pull that serial number.
Would doing something like that make sense?
Pat A. Vesely ;-) |
ed hill
Frequent Voting Rights Forum Participant
Username: Ed_hill
Post Number: 108
Registered: 03-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 8, 2006 - 3:20 pm: |
|
Only if your objective were to reliably identify the system's cpu. Easy to pop a cpu in and out anyway.
It looks to me as though the objective is more to provide comfort than actual security.
Changing the language on the interface does exactly that and nothing else.
blissful ignorance.
ed |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2042
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 8, 2006 - 3:24 pm: |
|
Ed: "It looks to me as though the objective is more to provide comfort than actual security."
And that is the consistent pattern throughout. Whenever a problem is identified, the proposed solutions are only window dressing.
Same thing for almost all proposed legislative changes, as Bev has addressed elsewhere here today. They provide comfort and the illusion of security in our elections--which is arguably more dangerous than when there is general awareness of the lack of security. |
ed hill
Frequent Voting Rights Forum Participant
Username: Ed_hill
Post Number: 110
Registered: 03-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 8, 2006 - 3:42 pm: |
|
Catherine, to some extent it may be that window dressing is all the security that computer use in elections ever allows.
A computer is from concept on created to manipulate a signal.
It's fundamentally wrong for this job.
ed |
Pat Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 156
Registered: 02-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 8, 2006 - 4:11 pm: |
|
Ed, I understand what a joke the language change is and I think you missed my point about generating a GUID number for each machine. Although you can change CPU's quite easily, the same goes for whatever memory chip you store the S/N in. (assuming it's socketed)
By pulling the CPU's internal S/N and combining that information with other configuration information from any particular machine, you can create a true GUID number that would change if you merely swapped the processor.
In effect, you could generate a 'fingerprint' of each machine, and then generate a GUID number that would make any such swap noticeable. Since a GUID is a rather long (128 bit) number, you can generate a 'hex' checksum value for that number that would serve as the serial number for the unit. It not only would identify the physical unit, but also it's configuration to some extent.
I'd rather just throw them all in the bay and go back to hand counted paper ballots. I'm only pointing this out to show that there are ways they could have addressed the problems if they really wanted to attempt to make these machines secure.
Catherine in correct, they offer only window dressing when pressed for real answers. Always have and always will.
Pat A. Vesely ;-) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2043
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 8, 2006 - 4:28 pm: |
|
Pat,
I'm starting to get a feel for what you mean by a GUID number than can include info on the physical configuration audit.
It reminded me of the serial number of a car, which includes coded info about the engine type, body type, color, etc.
If I understand you correctly, a GUID could include info such as the serial no. of the CPU and other crucial bits of hardware, so that it would form a unique ID for the overall machine and also for its internal components.
Question--if there were a legitimate need to change a CPU during the lifetime of a machine, how would you deal with this, since the GUID would no longer match? You'd need a proper trail of documentation, presumably. But if it weren't there, then rather than assume there's a serious problem, you'd just hear, "human error--someone just forgot to record the change."
The boat anchor option sounds better and better every week that goes by--if it weren't for the pollution impact, that is. It wouldn't be fair to make the fish cope with all the toxic components. |
Pat Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 157
Registered: 02-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 8, 2006 - 4:49 pm: |
|
Yes! Very much like a 'VIN' number. (Vehicle Identification Number) No two alike.
quote:Question--if there were a legitimate need to change a CPU during the lifetime of a machine, how would you deal with this, since the GUID would no longer match? You'd need a proper trail of documentation, presumably. But if it weren't there, then rather than assume there's a serious problem, you'd just hear, "human error--someone just forgot to record the change."
Correct, you'd need a proper trail of documentation. Any time a machine is opened and critical changes are made that may impact it's functionallity, it should be fully re-tested and issued a new number. All of this should be fully documented.
About those poor little fishes, perhaps we should post the parts list and configuration info for the machines on SlashDot and hold a contest to see who can come up with the best, most creative, non polluting, use for these things when their dumped.
I'm sure that would be fun!
Pat A. Vesely ;-) |
ed hill
Frequent Voting Rights Forum Participant
Username: Ed_hill
Post Number: 111
Registered: 03-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 8, 2006 - 9:21 pm: |
|
Pat you nailed it.
I did miss your GUID idea. That's new to me. Sounds like this documentation would get pretty costly.
Sorry if I appeared to be assuming ignorance. Never a wise thing in present company.
Has anyone approached this from the perspective of cost per ballot counted? I'm guessing yes, if so what was the vendor defense?
The cost difference between hand and machine counting must be obscene. And that's before election rigging litigation costs.
Regards
ed |
Linda Franz
Frequent Voting Rights Forum Participant
Username: Linda_franz
Post Number: 231
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, April 9, 2006 - 12:27 pm: |
|
The argument against paper has been framed in the context of the "cost of paper" and the "cost of workers."
However, seems a few counties are now discovering the continuing cost of electronic elections- maintenance, storage, updating,.... it has become a Catch-22 and a never ending source of income for vendors. And at times, the hassles over elections, "glitches," etc., continue on for a long time.
I also note with interest the recent "problems" with getting optical scan ballots printed correctly in some areas of the country. For cryin' out loud, it's a paper ballot- not rocket science. Makes you wonder at times if the motive is still to try and steer officials away from paper, especially since the vendors also control the ballot printing? Hey, what's up with that? Printing is not rocket science, either.
In fact, localities should bid it out to local or state facilities. Special paper, fine. Special watermarks, fine. Special ink, fine. The idea that a vendor is the only one that can keep this stuff under wraps or "safe" is ludicrous.
It takes the functions away from one entitiy and spreads the control out. Actually puts some control back with the counties.
Like the "paper chad" of punch cards, watch out for the "bad op scan paper ballots."
Can't have that paper out there because, well, it COULD be recounted- by hand.
And hand counting is where we should be at.
I live in a county that did just fine with punch cards.
This same county now uses the Sequoia optical scan that seems to be causing so much trouble eslewhere- and it's working just fine.*
*Which is never to be construed that continual audits don't need to be performed or that it is preferred to hand counting. But the shakedown election with these machines came with an audit, at the request of BOTH parties, in great cooperation, in our county. I hope that both parties continue to cooperate in asking for the audit available to them by state law- until a better law can be passed that will at least require vigorous hand auditing of any electronic system.
Bev has written elsewhere of the difficulties of getting adequate legislation in a timely manner. The "system," no matter how hard you try, is set up, especially at the federal level, to tweak legislation into something it was never intended to be, if it hit the mark in the first place. |
ed hill
Frequent Voting Rights Forum Participant
Username: Ed_hill
Post Number: 112
Registered: 03-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, April 10, 2006 - 11:56 am: |
|
Then we can't rely on legislative assistance.
ed |
ed hill
Frequent Voting Rights Forum Participant
Username: Ed_hill
Post Number: 113
Registered: 03-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, April 10, 2006 - 1:57 pm: |
|
please read
http://hnn.us/articles/23297.html
i'm not not alone in seeing our current situation as frighteningly beyond the bounds anticipated by those who designed our system of government.
The corrosion of the carefully engineered balance of human greed and ambition written into our laws now has us literally on the brink of using nuclear weapons.
The promise judicial or legislative correction is at best vestiginal.
With a groundswell of public action, always within the law. This could be brought into balance. But it will be citizens, not Judges or poltico's who heal our nation.
The end of the article speaks of promise and is chilling in it's clarity.
"If Madison's reliance on the ambition of other office holders has failed us, we need to look elsewhere. Can what Thomas Jefferson called the "common sense and good judgment of the American people" help us now? In the past, they have been a critical last resort when our leaders endangered the constitutional checks and balances that have made us the world's oldest democracy. But first the public must wake up to this constitutional crisis."
Gary Hart
regards
ed hill
(Message edited by ed_hill on April 10, 2006) |
Kathleen Wynne
Moderator
Username: Admin_ii
Post Number: 233
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, April 10, 2006 - 5:03 pm: |
|
I'm with you, Ed.
The farther we go into this Alice in Wonderland "rabbit hole" we call election reform, I am more convinced than ever that the change we are all fighting hard to achieve must come from the citizens.
The American people have always been at their best when circumstances were at their worst. Let's face it, the circumstances can't get much worse!
The time is now for us all to rise to the occasion and accept that "we are the people we've been waiting for..."
Kathleen
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
ed hill
Frequent Voting Rights Forum Participant
Username: Ed_hill
Post Number: 114
Registered: 03-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, April 10, 2006 - 7:24 pm: |
|
Still awaiting response from the AACCCLLU on crumple.
best I can probably expect is legal defense.
I'll call the Bosston office tomorrow and ask some questions.
meanwhile if anyone has a better idea for engaging and empowering the electofrate I'm alll ears.
Megards
ed |
|
|
Diebold TSx System Overview
