Black Box Voting : 5-11-06: Three-level security flaws found in Diebold touch-screens

SHORTCUTS: How to find what you're looking for

Navigation
  Topics
  Log In
  Log Out
:
Special Search
  New Today
  New This Week
  Advanced Search
  Tree View

Your Account
  Edit Profile
  Register
  Forgot Password

Tools
  Help/Instructions
  Policies

  ...

5-11-06: Three-level security flaws f...

Black Box Voting » Latest Investigations from Black Box Voting » 5-11-06: Three-level security flaws found in Diebold touch-screens

« Previous Next »

Author

Message

Bev Harris
Board Administrator
Username: Admin

Post Number: 4556
Registered: 12-2004

Best of Black Box?
Votes: 37 (A keeper?)

Posted on Thursday, May 11, 2006 - 12:34 pm:

Due to the nature of this report it is distributed in two different versions. Details of the attack are only in the restricted distribution version considered to be confidential. Fewer than 50 words have been redacted in the version below.

Overview

Click "more" for link to full report

Note: Please refrain from speculation or public discussion of inappropriate technical details.

This document describes several security issues with the Diebold electronic voting terminals TSx and TS6. These touch-pad terminals are widely used in US and Canadian elections and are among the most widely used touch pad voting systems in North America. Several vulnerabilities are described in this report.

One of them, however, seems to enable a malicious person to compromise the equipment even years before actually using the exploit, possibly leaving the voting terminal incurably compromised.

These architectural defects are not in the election-processing system itself. However, they compromise the underlying platform and therefore cast a serious question over the integrity of the vote. These exploits can be used to affect the trustworthiness of the system or to selectively disenfranchise groups of voters through denial of service.

http://www.blackboxvoting.org/BBVtsxstudy.pdf (327 KB)
Critical Security Alert: Diebold TSx and TS6 voting systems
by Harri Hursti, for Black Box Voting, Inc.

Three-layer architecture, 3 security problems

Each can stand alone or combine for 3-layer offense in depth

As an oversimplification, the systems in question have three major software layers: boot loader, operating system and application program. As appropriate for current designs, the first two layers should contain all hardware specific implementations and modifications, while the application layer should access the hardware – the touch pad, memory card, the network etc. – only via services and functions provided by the operating system and therefore be independent of the hardware design. Whether the architecture in question follows these basic guidelines is unknown.

Based on publicly available documentation, source code excerpts and testing performed with the system, there seem to be several backdoors to the system which are unacceptable from a security point of view. These backdoors exist in each of these three layers and they allow the system to be modified in extremely flexible ways without even basic levels of security involved.

In the worst case scenario, the architectural weaknesses incorporated in these voting terminals allow a sophisticated attacker to develop an "offense in depth" approach in which each compromised layer will also become the guardian against clean-up efforts in the other layers. This kind of deep attack is extremely persistent and it is noteworthy that the layers can conceal the contamination very effectively should the attacker wish that. A quite natural strategy in these types of situations is to penetrate, modify and make everything look normal.

Well documented viral attacks exist in similar systems deploying interception and falsification of hash-code calculations used to verify integrity in the higher application levels to avoid detection. The three-level attack is the worst possible attack. However, each layer can also be used to deploy a stand-alone attack. The TSx systems examined appear to offer opportunities for the three-level attack as well as the stand-alone attacks.

It is important to understand that these attacks are permanent in nature, surviving through the election cycles. Therefore, the contamination can happen at any point of the device's life cycle and remain active and undetected from the point of contamination on through multiple election cycles and even software upgrade cycles.

Here is a rough analogy:

- The application can be imagined as written instructions on a paper. If it is possible to replace these instructions, as it indeed seems, then the attacker can do whatever he wishes as long as the instructions are used.

- The operating system is the man reading the instructions. If he can be brainwashed according to the wishes of the attacker, then even correct instructions on the paper solve nothing. The man can decide to selectively do something different than the instructions. New paper instructions come and go, and the attacker can decide which instructions to follow because the operating system itself is under his control.

- The boot loader is the supreme entity that creates the man, the world and everything in it. In addition to creating, the boot loader also defines what is allowed in the world and delegates part of that responsibility to the operating system. If the attacker can replace the boot loader, trying to change the paper instructions or the man reading them does not work. The supreme entity will always have the power to replace the man with his own favorite, or perhaps he just modifies the man’s eyes and ears: Every time the man sees yellow, the supreme being makes him think he is seeing brown. The supreme entity can give the man two heads and a secret magic word to trigger switching the heads.

In the world of the Diebold touch-screen voting terminals, all of these attacks look possible.

The instructions (applications and files) can be changed. The man reading the files (Windows CE Operating System and the libraries) can be changed. Or the supreme entity (boot loader) can be changed, giving total control over the operating system and the files even if they are "clean software."

Specific conceptual information is contained in the report, with details and filenames in the high-security version which is being delivered under cryptographic and/or personal signature controls to the EAC, Diebold CEO Tom Swidarski and CERT.

1) Boot loader reflashing
2) Operating system reflashing
3) Selective file replacement

In addition, the casing of the TSx machines lack basic seals and security, and within the casing additional exploitations are found.

Conclusions and Recommendations

Because there is no way of having chain of custody or audit trail for machines, the machines need to be reflashed with a known good version (assessing the risks potentially inherited). Ideally this should be done by the proper governmental authorities rather than being outsourced.

After that, extensive chain of custody management has to be established to make sure that machines do not potentially get recontaminated. Less than five minutes is required for contamination.

The bootloader needs to be re-engineered.

The cases need to be properly and permanently sealed.

Further study is warranted around these issues and others in the May 15, 2006 Supplemental Report for the Emery County TSx study.

While these flaws in design are not in the vote-processing system itself, they potentially seriously compromise election security. It would be helpful to learn how existing oversight processes have failed to identify this threat.

A secondary report will be released on May 15, 2006. This report contains approximately 12 other areas of secondary concern to the problems described in this initial report.

PERMISSION TO REPRINT GRANTED, WITH LINK TO http://www.blackboxvoting.org

Black Box Voting is a nonpartisan, nonprofit 501c(3) organization focusing on investigations related to ensure accurate and fair elections. This organization is supported entirely by citizen donations.
To support this work:
http://www.blackboxvoting.org/donate.html
Mailing Address:
Black Box Voting, Inc.
330 SW 43rd St Suite K
PMB 547
Renton WA 98055

Jody Holder
Voting Rights Forum Participant
Username: Holder

Post Number: 16
Registered: 11-2005

Best of Black Box?
Votes: 5 (A keeper?)

Posted on Thursday, May 11, 2006 - 1:18 pm:

Bev:
I am unsure what you mean by "public discussion of inappropriate technical details". Do you mean among voting activists or at public presentations?
What this means is that another election should not be conducted on a Diebold voting system until all the required fixes have been accomplished. Yet elections are going on all over the country currently, and there is no time to do the fixes prior to many of those elections.
It also means that an attack could have already occurred several years ago and no one would know.
My great thanks to Black Box Voting, and those patriots who have stepped forward in defense of their country. Also to a patriot of the world, Harri Hursti.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4558
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 1:41 pm:

CORRECT: What this means is that another election should not be conducted on a Diebold voting system until all the required fixes have been accomplished. Yet elections are going on all over the country currently, and there is no time to do the fixes prior to many of those elections.

CORRECT: It also means that an attack could have already occurred several years ago and no one would know.

And by inappropriate public speculation, we mean do not speculate about the specific filenames or tools regardless of whether you think they are already discussed or easy to find or simple to guess.

No file names should be named. Or other details.

Pat Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely

Post Number: 308
Registered: 02-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 1:48 pm:

Hi Jody, Some of us who are more familiar with the inner workings of the Diebold software and computer systems in general can reasonably deduce what the "redacted" portions may contain. I think Bev may have added that line to remind us NOT to speculate in public and make an already bad situation even worse since we know that some jurisdictions will still try to use these machines in upcoming elections.

It's bad enough that the 'pros' will be able to figure it out, no sense in giving every 'script kiddy' on the Internet more clues than we have to.

Pat A. Vesely ;-)

John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon

Post Number: 219
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 1:57 pm:

Does anyone have an unredacted copy of the SAIC security report done for Maryland? Was this problem found by SAIC?

Bev Harris
Board Administrator
Username: Admin

Post Number: 4561
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 2:02 pm:

If it was found by SAIC it is not possible to fathom why entire states are taking delivery on machines with these vulnerabilities three years later.

John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon

Post Number: 220
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 2:05 pm:

The SAIC report that was released is redacted. The question is whether the SAIC report found this problem and whether Maryland and Diebold kept it quiet and just told SAIC that they had fixed the problem. There was no follow-up by SAIC, to my knowledge.

Let me be clear that I am not accusing anyone of covering-up a security problem like this one. I am only asking the question.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 237
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 2:06 pm:

Pat,

"It's bad enough that the 'pros' will be able to figure it out, no sense in giving every 'script kiddy' on the Internet more clues than we have to. "

Pat, that is one of the most responsible and profound statements I think I've ever read, and why I never felt that "open source" was the solution to anything. Bravos, Pat, bravos.

Kurt Bellman

Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam

Post Number: 768
Registered: 06-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 2:26 pm:

What is most distrubing about this report summation is the following:"It is important to understand that these attacks are permanent in nature, surviving through the election cycles."
This means that if such has already occurred, the machines are fatally comprised and ,it would appear from the summation, all such machines would have to be examined and then redone.
It would be good to undersand whether this "The bootloader needs to be re-engineered." is referencing the ntldr module or referncing bios firmware.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4564
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 2:44 pm:

This kind of speculation is requested not to happen here.

Jean-Baptiste Biard
Voting Rights Forum Participant
Username: Jbbiard

Post Number: 1
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 2:54 pm:

Kurt,

- First of all, my first post here, great to be allowed to do that, thanks BBV.
- Second, about your "open source is not a solution" remark: the same rule used here ("do not expose a vulnerability while no fix is available") is routinely used in the open source community. Open Source does not changes much there, except that fair scutiny is much easier and fixes often more quickly provided...
- Third, about the bottom of the matter: would not it be sadly "nice" to find modified machines. Any machine that is "flashed" will erase potential tampering proofs. That is fine for the coming votes, but this amounts to destroying proofs. How are you coping with that?

Jesse Weinstein
Voting Rights Forum Participant
Username: Jessew

Post Number: 1
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 4:06 pm:

I (using pdftohtml-0.38 ) have made an HTML version of the report. If it would be acceptable to the authors of the report, I'd be delighted to upload it here, or on my personal webspace if that would be preferred. (although I'd prefer if it was here, for bandwidth cost reasons ;-) )

Marian Beddill
Voting Rights Forum Participant
Username: Uu7thprinciple

Post Number: 28
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 4:15 pm:

Jesse;
Send it to me and I'll post it on my webspace:
http://noleakybuckets.org/

Marian
<beddill@nas.com>

Bev Harris
Board Administrator
Username: Admin

Post Number: 4566
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 4:21 pm:

Thanks, Marian. All we require is a live link to http://www.blackboxvoting.org on its front page.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 238
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 4:23 pm:

Jean-Baptiste,

Welcome. Glad to have you here.

"Open source" means many people have ability to do mischief. Propreitary means few do, but fewer still have the ability to detect mischief. Tough call.

As a slightly sardonic aside, "open source" also typically connotes "I don't like Microsoft much." In that, we agree, but not because I'm an open sourcer. Actually, I'm a Macintosh man at heart.

About the "bottom of the matter":

What you have stated is a fairly perfect conumdrum. What to do? Do we attempt to prevent future harm by erasing potential evidence of past wrongdoing?

The answer to that depends on what brings one to the table. If one is motivated by retribution and "being right", the choice is far more difficult. If "letting it go" is impossible, then that choice is torture. If, on the other hand, you are motivated by fear for the future, and you don't believe you've seen enough to make you distrust what has come before, the choice is easy. You must flash, just to be extra sure, if only to reassure the electorate that voting can still matter.

Marian Beddill
Voting Rights Forum Participant
Username: Uu7thprinciple

Post Number: 29
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 4:39 pm:

Bev;
I have created a prominent link on my front page at http://noleakybuckets.org/ , with direct links back to BBV, and a copy of your PDF.

(Nothing like having a backup.)

Marian

Joseph Hall
Voting Rights Forum Participant
Username: Joehall

Post Number: 82
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 4:53 pm:

The debate over source code is much more complicated. I have a paper on access to source code and open source in e-voting in this summer's USENIX/ACCURATE workshop... I should be able to have a shareable version of that paper when finals and such are over here.

Note that there is evidence of this design flaw dating back to 2002 without having to see the 2/3 of the redacted part of the SAIC report. If I know you (John, Kurt and BBV crew, of course) and you have a GPG/PGP key, I can send you what I've got. You know my email. best, Joe

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2368
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 5:03 pm:

I really appreciate the clarity and simplicity in these explanations. That is not an easy thing to achieve.

Bravo and thanks to everyone involved in this project.

John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush

Post Number: 363
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 6:30 pm:

Yes, bravo and thanks to everyone involved!

Samuel Scharff
Voting Rights Forum Participant
Username: Abacus

Post Number: 31
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 8:01 pm:

If I may be forgiven for a bit of irreverence -- and , please, all hands have my great respect and thanks -- this reminds me of the old arguments about how many angels can dance on the head of a pin...

A small voice for hand counted paper ballots? [I know some of you arfe sympathetic...]

sheila solomon
Voting Rights Forum Participant
Username: Sheilas

Post Number: 1
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 8:11 pm:

Hi - I have read the redacted report. We are fighting the battle right now in Pima County Arizona. and have a board of supervisors who will make a decision in less than a week.

I have quite a bit of security experience but the challenge I have is translating this information into something I can concretely demonstrate to local politicians for maximum effect.

Is there any way we can provide more complete information under secrecy directly to their IT staff?

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 301
Registered: 08-2005

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Thursday, May 11, 2006 - 9:12 pm:

Samuel,

quote:
this reminds me of the old arguments about how many angels can dance on the head of a pin

This report is not an argument, it's undeniable proof. The contents of this report makes change more possible than it's ever been before.

Citizens now have leverage they didn't have before too. We've proven that the certification process and the Diebold voting machines have failed miserably. No other report before this one has gotten the election industry to sit up and pay attention the way this one has. That's because it's the most devastating report of a voting system ever.

As a result, citizens are now in a position to call into question all the other voting systems and work toward having them independently tested in order to find out whether they too possess similar security flaws as the Diebold voting systems.

The next step is for those citizens, for example, who are advocates for hand counting our ballots to develop and present realisic, well-thought out arguments that address all the issues and concerns expressed by election officials and politicians, who are still resisting the change to hand counts (which is pretty much the majority). Fortunately, JoAnne Karasek and Sheila Parks, two members of BBV, along with many other dedicated citizens are working diligently to develop such a plan and to build a critical mass of support for hand counting paper ballots. I support their vision because their goal is to make certain citizens are dominant in every phase of the voting process and that the process has a transparency that allows average citizens to judge for themselves whether it's working or not.

What this report shows us is that we can no longer outsource our elections to vendors and experts to oversee the process on our behalf ever again. So, at the end of the day, those citizens who make the best case in their plan for change, will have the better chance of garnering the necessary support for implementing it.

More importantly, I sincerely hope this report will be a motivating factor in getting citizens involved in the election process again. That it gets citizens believing that it is they who can make the difference in bringing about the change we've all been fighting for.

This is cause for celebration, IMO.

Kathleen

(Message edited by admin_ii on May 11, 2006)

* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html

Michael McKay
Voting Rights Forum Participant
Username: Seaan

Post Number: 1
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 11, 2006 - 11:25 pm:

From the top post:

It would be helpful to learn how existing oversight processes have failed to identify this threat.

and from Kathleen Wynne:

What this report shows us is that we can no longer outsource our elections to vendors and experts to oversee the process on our behalf ever again.

I have several thoughts on this topic. In no particular order:

* I've generally found that formal security reviews (my experience is with FIPS 140) don't find many design bugs. The main point of the review is to establish that your product does what your documentation says it does. If your design has subtle logical flaws, they probably won't find it.

* There are exceptions - usually in areas where the nature of attacks are well understood. For example the security labs that I've worked with for FIPS 140 accreditation are very good with testing and evaluating physical security claims (tamper detection, etc.).

* I don't know which labs are performing the eVoting evaluations, but from my experience with the financial industry I'm not too worried about the industry funded aspect of the evaluation labs. Granted the financial industry has much more of a track record, but at least it shows an example of how impartial reviews can be done. The labs I've worked with are willing to help the testee get the product passed, but this is by making the product better.

* The certification labs depend a lot upon standards, and this is an area where I can see a practical method of improving. By having better standards, we can significantly improve the eVoting evaluations. While standards won’t prevent all design flaws, they can rule out various unsafe practices and mandate other good practices; which collectively can greatly increase the level of security.

* The standards are the real place where knowledgeable experts, representing the voters, can make a difference. This won’t be easy, for example standards almost always take a long time, so changes won’t happen swiftly. The system is also rigged (perhaps on purpose) against non-sponsored participants. For example, in the ANSI X9 financial standards (x9.org) you don't get to vote unless you pay the higher membership rates. Combined with travel requirements, and the amount of work it takes to keep up with the standards, this is just not the type of thing a typical individual can afford to do on their own.

* I think the mid-term solution (over the next 4-5 years) is to have NGO sponsored experts participate in the eVoting standards, where the NGO serves as a proxy to represent the interests of the voters.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 239
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 4:27 am:

I have a question. What is the central "crux" of this Diebold problem, the main element?

Is it that the machines will boot from a memory card and potentially then rewrite all three layers? Is that the central problem?

And if it is, isn't it fairly likely that all of the new generation of DRE's have used the same technique? Once you read the report, it doesn't really look like something that would be especially unique, or am I missing something?

Kurt

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2372
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 4:38 am:

It may not be unique at all. But so far BBV hasn't been able to arrange for similar tests of equipment made by other vendors. (And/or the computer scientists who have seen some of the others are gagged because they signed restrictive Non Disclosure Agreements.)

John Burik
Voting Rights Forum Participant
Username: Jburik

Post Number: 1
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 6:46 am:

Kathleen wrote above:

What this report shows us is that we can no longer outsource our elections to vendors and experts to oversee the process . . ..

My continued hope is for growing interest among average citizens and the corporate media. I pointed out to a number of reporters in Ohio that the Secretary of State's own consultants' report indicated that memory cards were not reviewed (Diebold report, 4/15/2005, http://www.sos.state.oh.us/sos/HAVA/hava.aspx?section=4). They said, "Thanks," and did not follow up.

Perhaps with Hursti II and national attention we are beginning to really get somewhere useful.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4569
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 7:24 am:

for Joe Hall: I saw the excellent piece you wrote on your blog, but it appears to contain information that is not quite accurate regarding the recovery method.

Is it not true that you cannot clean a contaminated boot loader with itself?

It appeared to me that your blog was saying you could.

Joseph Hall
Voting Rights Forum Participant
Username: Joehall

Post Number: 83
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 12:27 pm:

You're right Bev... that is an issue with my post... I'll clarify that right now.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4570
Registered: 12-2004

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Friday, May 12, 2006 - 7:27 am:

Kurt: To the best of our knowledge, Diebold has the only DRE using Windows CE as the platform. You are correct that the problem could exist elsewhere, and that should ABSOLUTELY be studied.

We very nearly got access to an iVotronic last month, but at the last minute the elections official was blocked by another public official.

However -- building a DRE on Windows CE is especially dangerous because the sheer number of people who understand how to exploit Windows is huge.

The boot loader is the biggest problem of all.

Yuri Bertsch
Voting Rights Forum Participant
Username: Yuri

Post Number: 1
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 7:41 am:

Pat, that is one of the most responsible and profound statements I think I've ever read, and why I never felt that "open source" was the solution to anything. Bravos, Pat, bravos.

I have to completely disagree on your position about keeping the flaw details confidential. This is information that has to be widely distributed so that people are aware how insecure these systems are. Most script kiddies aren’t going to have access to the physical machines and I can’t see many of them resisting the temptation to make their hack obvious.

The people who do have physical access or even systematic physical access will know exactly what you are redacting anyway.

Seeing that King George III (or even Bevus & Butthead) win an election in someplace would be wonderful.

Additionally, without the particulars, Diebold will be able to more effectively downplay or dismiss the problems.

Given the scope of the problem, I can’t see there being a real chance of making these systems secure short of total replacement. There is nothing on the machine that is secure—from the case, to the motherboard, to the OS to the software.

Patrick J. Kobly
Voting Rights Forum Participant
Username: Pkobly

Post Number: 11
Registered: 12-2004

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Friday, May 12, 2006 - 8:44 am:

RE: Open Source vulnerabilities and the decision to use Windows CE

Kurt:
'"Open source" means many people have ability to do mischief. Propreitary means few do, but fewer still have the ability to detect mischief. Tough call.'

This statement relies on two major assumptions:
1) Attackers typically use source code to craft their attacks
2) Attackers do not have access to the source code of these machines

We do not know whether assumption 2 is valid in this instance. In this particular context, we must adopt a security posture that defends against inside attacks. Any security decisions to be made wrt these machines must assume that the attacker we are protecting against has access to the machine, its source code and documentation. We must be even more concerned about the potential influence of the insider, as insiders have greater opportunity for attack, having access to machines for extended periods of time (for exploration and exploitation of vulnerabilities) often in a private setting where the risk of discovery is minimal.

We know empirically that assumption 1 is not generally valid. In particular, attacks are continually and routinely generated against closed-source software. Attackers seem to have found it far more efficient to find vulnerabilities through black box testing methods than code examination. This squares nicely with the tomes of research that observe that code inspection (including automated) is relatively ineffective for discovering faults that are not known a priori to exist. Techniques used by attackers to discover flaws are asymmetric with techniques used by white hats to detect and mitigate or repair flaws.

Open Source does not magically have less defects. By your argument, one would expect the pattern of vulnerability discovery in OSS software to be different than that of closed source software, as you posit that different methods are used to discover vulnerabilities (source code examination for OSS, black box for closed source). Empirically, we see this is not the case. The conclusion we must draw from this is that attackers are using the same techniques to discover flaws in OSS as in closed source - namely black box testing, fuzzing, etc. This is an effective technique for discovering vulnerabilities to exploit, but a less effective technique for discovering vulnerabilities to mitigate / repair.

Open Source helps us in a few instances here:
- When a vulnerability is found, it can be unambiguously proven to exist, and can be shown to continue to affect other versions (regardless of whether unrelated changes have obscured the behaviour).
- When a defective behaviour is found, it can be replicated, localized and fixed quicker and easier, as there may be an order of magnitude more people addressing issues.
- It allows a larger number of white hats to have the same advantages of access to source code, as we have already accepted that some number of black hats do.
- I would posit that there are more potential white hats than black hats who would be benefitted by the exposure of the code. This is because any attack by a non-insider on this system has an extremely high risk of detection (as they only have access for exploitation in a public setting). This has a significant deterrent effect on non-insiders that does not exist for insiders.

Bev: "However -- building a DRE on Windows CE is especially dangerous because the sheer number of people who understand how to exploit Windows is huge."

This should really be phrased as "building a DRE on Windows CE is especially dangerous because" it exhibits a large number of known (but unfixed) vulnerabilities. I would suggest that building a DRE on an OS proprietary to the vendor and not known in the community is just as (if not more) dangerous, as it has not been exposed to evolutionary improvement by being fixed after being subjected to scrutiny and attack in other applications. It would be far preferable for these systems to be built on a more general purpose OS (exposed to more attacks) where the OS vendor is actively responsive to security concerns. Windows CE appears to fail wrt the second point (responsive vendor), while systems built on vendor proprietary OS's fail wrt the first (broad exposure in multiple contexts).

Patrick J. Kobly
Voting Rights Forum Participant
Username: Pkobly

Post Number: 12
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 9:03 am:

"If one is motivated by retribution and "being right", the choice is far more difficult. If, ... motivated by fear for the future,... You must flash, just to be extra sure, if only to reassure the electorate that voting can still matter."

Except that the forensic information that could be derived from a proper examination of the machines could reveal specific attack vectors used. These attack vectors could include ones that we have not yet discovered, and that thus would not be resolved by a destructive reflash.

Furthermore, the report seems to cast some level of doubt on whether _any_ reflashing process could definitively fix existing and already compromised machines.

Look, I understand the political imperative not to be viewed as "sore losers," and not to be tied to a specific political agenda, but that forensic information can serve to protect the future, and throwing it away would be irresponsible.

Dan Beutel
Voting Rights Forum Participant
Username: Dbeutel

Post Number: 2
Registered: 02-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 9:05 am:

On the open vs. closed sources discussion. So-called "security through obscurity" is NOT security. In addition, the statement that many hackers use source code to craft their attacks is also in error. Keep in mind the number of Windows exploits there have been over the years. Most of these have not been a result of hackers pouring through thousands upon thousands of lines of code.

I work for a software company that takes security very seriously, and have participated in threat modeling exercises, data fuzzing testing, and the like. Relying on people not knowing about your weak points isn't only irresponsible... it's just plain stupid.

(Message edited by dbeutel on May 12, 2006)

Dan Beutel
Voting Rights Forum Participant
Username: Dbeutel

Post Number: 3
Registered: 02-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 9:07 am:

Heh... should have refreshed the thread before replying. It appears that Patrick made my point, albeit in a bit more detailed manner. Carry on :-)

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2374
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 9:32 am:

Patrick, that's one of the best (and most comprehensive) explanations I've seen for why Open Source is not The Answer for solving the voting machine problems(and I am an Open Source advocate).

In particular I echo your point that most exploits do not rely on source code.

I appreciate your clarity on the advantages and disadvantages depending on whether a potential hacker is an insider or an outsider.

Dan, thanks for putting in your two cents worth, too. It's helpful to hear about your experience.

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 303
Registered: 08-2005

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Friday, May 12, 2006 - 9:38 am:

Michael,

Welcome to BBV!

I read through your comprehensive list regarding your experiences with testing of technology in machines used in the financial world; however, let me ask you this, have you read the transcripts of the testimony given by 2 of the 3 testing labs (Wyle and Systest) who test these voting machines in the recent hearing held in California?

If you haven't, I urge you to do so. Black Box Voting has commented throughout the testimony in response to what the representatives from both labs had to say when questioned by State Senator Debra Bowen about their testing procedures.

The original transcript with comments is 155 pages. So, in the interest of time, you might first take a look at the 6 page briefing paper BBV made available on our home page at the top right hand corner under the Hursti Report II. It will give you a taste of what we are dealing with when it comes to the procedures used by these labs when testing voting machines (as opposed to those machines used in the finance world). After reading this briefing paper, I think you'll have a better understanding for my concerns about outsourcing.

In the interim, let me simply say that what I meant by stating the report shows that we shouldn't be outsourcing our elections over to vendors and experts any longer was in response to the testimony given by the testing labs. It also stems from the statement given in the Conclusions and Recommendations of the report itself:

quote:
It would be helpful to learn how existing oversight processes have failed to identify this threat.

It was citizen intervention that made it possible for us to find out that these security flaws had not been identified by the experts we entrusted to oversee the process. In fact, these flaws have existed for years without detection!

Based on these findings, BBV's position is that there should be no compromising of citizen oversight in every phase of the election process with any solution that will be offered in response to the reports findings. As it stands now, it's virtually impossible for citizens to have any real oversight in a process that's non-transparent and technically complicated, forcing citizens to be totally dependent on a testing labs thoroughness and competence, the vendors' integrity and the experts' expertise and willingness to tell us whether the process is working or not. It is that very dependency that helped facilitate the mess we find ourselves in now. It should never have happened, if the process was working as we were told it was. Obviously, it wasn't, so what do we do about it?

I say, let's not make the mistake of going down the same road on the same horse, but just a different color. Otherwise, we will end up right back where we are now and will have gained nothing from all the time, money and effort spent in bringing the truth about how broken the voting process actually is to the public's attention.

My analysis of the situation is that it will take citizen oversight of the highest form in order to make certain this sort of thing never happens again.

Kathleen

(Message edited by admin_ii on May 12, 2006)

Jerry Berkman
Voting Rights Forum Participant
Username: Jerry

Post Number: 2
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 10:27 am:

I support open source partly to stop vendors
and officials from claiming letting citizens
look at the data violates proprietary rights
or trade secrets or security.

With open source, or even publicly disclosed
source, those claims would be mute.

Jim March
Moderator
Username: Jimmarch

Post Number: 171
Registered: 01-2005

Best of Black Box?
Votes: 2 (A keeper?)

Posted on Friday, May 12, 2006 - 10:38 am:

Three points:

* Slashdot has picked up the story and the tone of the conversation has mostly been both civil and technically accurate:

http://politics.slashdot.org/article.pl?sid=06/05/12/1228203

* On open source: just like the Diebold machines, a key concept is to make sure nothing is tampered with after the fact. In the TSx you flat-out cannot do so. It might be possible to set up an open source system built from the ground up on a better operating system than anything Microsoft has built, and then at the same time build a "checker routine" that could be downloaded by citizens and burned to CD to inspect the machines. Another possibility that has been kicked around is to have the entire operating system and application suite load from a CD-ROM disk held in one drive and burn results to a second. That way, on election morning the boot CD could be pulled out and checked on anybody else's machine, owned by the county, a political party, a citizen, whatever.

That might eliminate "rootkit and hacked bootloader" problems. Either type of malicious software can mask what's really going on (read: "what is REALLY on the disk?") but it has to be memory-resident to do so. The voting machine might have something memory resident but, for example, my personal laptop I'm typing this on hasn't been touched by Diebold or the like. So by putting the CD boot disk in my machine (not BOOTING off it mind you!) I can run hashes on it or do file compares with a known-good code set on my hard disk and be pretty sure I know what's going into that voting machine.

Sounds great, and certainly better than what Diebold does, but it still doesn't eliminate "funky stuff in the motherboard's hardware-resident bootloader". Only inspection following by sealing the case like a mini Ft. Knox would eliminate that...danged if I know how to make that practical.

Cause hey, it's only the security of the free world we're talking about...

* On efforts to seal up the TSx cases:

Elections officials in California and Pennsylvania seem to have figured out the implications of the eight standard phillips screws. This isn't going to be easy to "mitigate".

One, it may be a matter of closing the barn door after the horses have decided on a vacation. If the machines are already goofed with...oops. See, it's possible to plant a "general purpose hack enabler" up to years before. As one example, you could set up a weird combination of touchscreen points that when hit in order, brings up a menu to the effect of "OK, how do you REALLY want this to turn out?" right there in the voting booth or at any time the machine is turned on before the election and after the election setup info (candidate list and the like) is loaded. This window of opportunity is up to a week or more long.

Two, locking the case down isn't easy.

The finish on the TSx plastic cases isn't dead smooth, it's got a bit of a "satin roughness" which makes anything sticky less likely to stick. So the "tamper evident seal tape" has to be very delicate or it can be gently peeled and re-applied. But if it's too delicate it may not survive basic transit to and from the polling place. If enough of the seals "just break" then any fraudster knows that breaking the seal will be dismissed as irrelevent.

And then the tape itself has to be guarded like money in a bank vault, because anybody getting ahold of it can mess with machines.

The best way I can think of to seal a TSx involves putty epoxy across one or two of the screw-hole openings and then using some sort of small metal "branding iron" heated to melt into both plastic and epoxy putty in some pattern - county seal, whatever. Or on the cheap, have the elections official sign their name across the top with a soldering iron, melting into both plastic case and epoxy. Either way the time constraints are just crazy, you have to apply putty, wait for it to dry, then do the imprint. Might work OK in a small county such as Emery where Bruce only has 40 machines; in Alameda CA with 4,000 or San Diego with over 10,000? No way.

What they'll probably do is replace at least a couple of screws per box with "security oddball screws". My cellphone for example has weird three-pointed "phillips type" screws with "hooks" at each end...only a very strange proprietary screwdriver could get them out. (This is to cut down on cellphone "cloning".) Still, if I was motivated and had access to some medium grade steel and a Dremel tool (less than $30) I could carve a good enough tip to work.

The reality is that the Diebold cases were not designed to be sealed. They were designed to be easy to access. This was their decision, one of a number of questionable security-related choices.

Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam

Post Number: 770
Registered: 06-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 11:15 am:

Kathleen, you wrote "As a result, citizens are now in a position to call into question all the other voting systems and work toward having them independently tested in order to find out whether they too possess similar security flaws as the Diebold voting systems."
1. Since activists have been calling the Diebold systems into question with little results except to be labelled 'nutcases'(or terrorists in Arizona), how and why does this latest report really change anything since the 'problem' is one of politics, not technology?
2.What is the 'position' you reference? How is it any different from the previous 'position' given that ,for instance, in CA, McPherson deliberately left out the Technical Panel's admonition to never leave the machine(s) attended to by just one person in his 'conditional certification for use'?
3.What does BBV suggest to prevent the machines-at least the Diebold machines given the report- from being used in an election since such vulnerabilities may be already present and cannot be determined in a timely enough manner before elections are held(or have been held); in other words, given this report, what is an 'activist' to do in the short term?
As a for instance, I challenged the San Diego Union Tribune to print the 'insidebayarea' report and they have not met that challenge. And the CA SOS still has nothing in terms of a press release or annotation to the 'voting systems' webpage addressing this reports findings.
Nor is there anything on Debra Bowen's website regarding this report and it's information and implications.
I just don't see how this report-and this is NOT to denigrate in any manner whatsoever all the effort and contributions and sacrifices made by those involved in producing this report-changes anything.

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2375
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 11:56 am:

Bruce those are spot-on fantastic questions.

You're in a better position than me to make suggestions as to strategy. At the very least, one key thing that this report changes is general public awareness of the issue, and knowledge by the technically-aware of just how severe the problems are.

This will ripple through the political landscape, even if it does not happen as fast as we would all like.

It will bring more scrutiny to the certification process, to the incompetence of the ITAs, to the unethical behavior of vendors and lobbyists, and to the irresponsible behavior of our politicians.

It will hopefully motivate more members of the public to tell their election offiicials and elected representatives that this is unacceptable, and to express this in whatever way is true to their spirit.

It shows how ill advised government is when they mandate a major IT project without any idea what they are doing.

It cannot be ignored by the media as usual. The story is already spreading beyond the blogosphere.

If election officials or their superiors keep using these completely insecure machines even after they know about the irreparable vulnerabilities then they will have no one to blame but themselves if Donald Duck gets elected someday or if they are held legally responsible for any future problems.

I'll go back to the most important benefit: AWARENESS. Without awarenss of the depth of the problem no change is possible.

Jerry Berkman
Voting Rights Forum Participant
Username: Jerry

Post Number: 3
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 1:49 pm:

Bruce,

Our Board of Supervisors is already likely to reject any contract with Diebold. We told them a year ago that Diebold was untrustworthy, and the Registrar said Diebold would be certified in a few weeks. Then his successor said the same thing. Now she's leaving and the Supervisors who didn't believe us in the beginning are starting to figure out we had it right. Every bit helps, and perseverance is the key.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4571
Registered: 12-2004

Best of Black Box?
Votes: 2 (A keeper?)

Posted on Friday, May 12, 2006 - 2:49 pm:

Bruce:

quote:
1. Since activists have been calling the Diebold systems into question with little results except to be labelled 'nutcases'(or terrorists in Arizona), how and why does this latest report really change anything since the 'problem' is one of politics, not technology?

This report changes everything. Diebold is trying to spin it -- we now have their list of talking points which I will post below this post. This time, Diebold will be facing the entire U.S. scientific community, CERT, NIST, and the press.

quote:
2.What is the 'position' you reference? How is it any different from the previous 'position' given that ,for instance, in CA, McPherson deliberately left out the Technical Panel's admonition to never leave the machine(s) attended to by just one person in his 'conditional certification for use'?

We expect to see many public officials ATTEMPT to use "workarounds" to address this.

If they do not address it at all in a meaningful way, this time they have made a career choice.

If they address it in an inadequate way, most likely we will release the unredacted version of the report.

quote:
3.What does BBV suggest to prevent the machines-at least the Diebold machines given the report- from being used in an election since such vulnerabilities may be already present and cannot be determined in a timely enough manner before elections are held(or have been held); in other words, given this report, what is an 'activist' to do in the short term?

We know this has been a long, horribly frustrating fight. Black Box Voting has one more report to release, which will come out Monday. It, too, will have to pull a few file names.

Start the wires buzzing on this, folks. There is a mitigation. I have discussed it with several people at many levels and it is getting generally good reception -- but to implement a real solution instead of 60 percent workarounds, pressure from citizens and the press will be needed. I think it is doable.

Next Wednesday I would like to host a conference call among the top public organizing groups. At this conference call I will propose a specific plan of action.

We will need to have a second conference call on Monday or Tuesday the following week. In this call we need to put together our own emergency response team for the specific purpose of nuking the Diebold touch-screens and getting the replacement executed.

As everyone knows, Black Box Voting is generally incompetent as a lobbying or organizing arm. This is why it is so critical for the election reform community to work TOGETHER to execute this. Black Box Voting is generally effective at strategic initiatives and we have been visionary in the past, and we have the great good fortune to have had the opportunity to spend a couple hundred hours schmoozing with Hursti and friends to vet out real solutions achievable both politically and technically.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4572
Registered: 12-2004

Best of Black Box?
Votes: 2 (A keeper?)

Posted on Friday, May 12, 2006 - 3:10 pm:

Diebold's talking points so you can strike pre-emptively:

Here they go.

1. "These machines have been certified and tested both federally and at the state level."

(Refer to http://www.bbvreports.org/bowenhearing.pdf - the labs do not appear to have examined either the boot loader or Windows CE.)

2. If elections officials follow proper procedures and "best practices" this is not a risk. They just have to be careful that only the right people have access to the machines.

(Current practice is to send the machines home with poll workers for up close and intimate contact for a week or so. 'nuff said.)

3. We seal the memory card bays.

(But not the case. Opening the case renders the memory card bay seals impotent.)

4. An L&A test is does before and after the election and will catch any manipulations

(? Sound bytes for this old shoe fail me at the moment)

5. You can only do it one machine at a time.

(This is a tricky wicket. Untrue, and some scientists have sketched out concepts on the most efficient delivery mechanisms, but then jettisoned those for the same reasons we at Black Box Voting have decided on a policy to refuse to discuss them at this time. The fact that a self-altering boot loader is designed into the system at all is intolerable. For the same reason it would be inappropriate to publicly speculate about the most efficient mechanisms for delivering sarin gas into a crowd, we are not going to have a discussion about how to best achieve mass contamination of the system.

(

Hursti: Anthrax sent through the mail was delivered one person at a time but no one said "Well then, don't worry about it.)

6. There have not been any incidents proven that any tampering has been done

(Let's step away to an entirely different exploit category, the Leon County hack. In that case, the elections supervisor was in the room and watching but could not spot it and it did not show up on any audit trail or report. Hursti was not in the room and was given no password.)

Mr. Petrocello from Los Angeles County also had this to say:

7. There is not wireless capability in the Diebold touch-screen machines.

(He cannot know this unless he cracks open the case and if he cracks open all the cases he invalidates the warranty. The truth is he doesn't know whether all of his machines are wireless-enabled, some of them, or none of them.)

8. (When I explained to him there are at least two different mechanisms built into the motherboard ready and waiting) He said that those things are probably there just like any TV or whatever, they are just generically put in there.

(These are voting machines, not TV sets, and everything in a voting machine is put there specifically for the purpose of use in a voting system.)

When asked if Los Angeles County had implemented any of the California emergency procedures he sounded like he was caught flat footed. He had no idea what those procedures are and appeared not to know whether they were even on the way.

Joseph Hall
Voting Rights Forum Participant
Username: Joehall

Post Number: 84
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 3:15 pm:

404 on the link in the last post to the ITA report.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4573
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 3:24 pm:

doh. Fixed the url.

http://www.bbvreports.org/bowenhearing.pdf

Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam

Post Number: 771
Registered: 06-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 4:52 pm:

Bev, I can only address San Diego. Mikel Haas,et al, HAVE staked themselves on this ground with the blessing of the County CAO(Chief Admin. Officer, who is the one who really runs the show; the Board of Supervisors has 'oversight' but there are MANY obstacles to them even having a conversation between staffs of the CAO and the BOS).
And McPherson was recently down here for a 'dog and pony' and the County Attorney's worked long and hard on mcPherson to do the conditional cert.
I will be sending the latest PDF to the BOS but I did the same thing with the initial Hursti Hack report and recieved deafening silence. It was also given to the Grand Jury-who said it wasn't in their purview to investigate)and the County DA who didn't respond at all.
I also copied the City Council reps, the City DA,Bowen,Umberg,all the other members of the committee who were deciding about subpoeaning the ITA's,the legislative analyst for the Senate committe on election reform,etc. with a cd of all my findings on the opscans used in the CA Nov. Special election 2005 (which show that the machines do NOT conform to the standards they supposedly were confirmed to AND other errors, including 'unknown memory cards being loaded into the central tabulator) ALL to no avail or interest on ANYONE'S part.
What is also VERY frustrating is that SD county has the right to cancel all contracts with Diebold after the June 6th election WITHOUT ANY PENALTIES but that idea/knowledge seems not be something the ROV ,CAO,BOS,et al want to consider.
I have started a 'meetup' group here in SD for election reform and hopefully will have someone available for your calls; I'm glad Jerry's BOS is slowly 'seeing the light' but until I see someone like Bowen calling news conferences and jumping up and down and screaming about this (why isn't just the costs associated enough to warrant outrage?)I'm one of those who 'believe it when I see it'.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4577
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 6:22 pm:

Bruce, yes.

When I talk to wonderful citizens like Susan Pynchon in Florida, my heart and soul is thrown into scandal overload within 30 minutes. San Diego, Los Angeles County, San Bernardino County and Riverside County are much the same.

Isn't it interesting that there is a common thread amongst those three counties: Conny McCormack.

She was registrar of San Diego County before become registrar of Los Angeles County (but after being pretty much railroaded out of Texas while being investigated for election manipulation by the Texas Attorney General). The former Riverside County Registrar is doing a consulting business with the former San Bernardino County Registrar Scott Konopasek who, apparently, is Conny McCormack's brother-in-law.

The situation we all face is overwhelming. But once, when I referred to it as a giant beast to Harri Hursti, he told me no, it is a smaller beast. The number of people at the very core of this problem is smaller than most of us have been thinking.

I'm open to that line of argument. It underlines the importance of the next endeavor: Learning who knew what and when.

Linda Franz
Frequent Voting Rights Forum Participant
Username: Linda_franz

Post Number: 319
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 12, 2006 - 9:07 pm:

"4. An L&A test is does before and after the election and will catch any manipulations

(? Sound bytes for this old shoe fail me at the moment)"

Unfortunately, what the latest Hursti report shows is that the systems are also VERY vulnerable during an L & A test.

Who's there, who's watching, and who's inputing to those machines?

What does the "test" mode really do?

And as I've pointed out before, an L & A test only tests a point in time- not an election.

An L & A test can only "verify" the L & A test.

The only "verification" possible for an election is a rigorous hand audit of the voter verified paper ballots.

John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon

Post Number: 221
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 12:55 pm:

What is Pennsylvania doing? I have been told that nothing has changed. TSx machines have been sent home with elections officials in preparation for the primary. No sequestering or lockdowns. One county election official has read the NYTimes article and is convinced that there are 5 passwords on the machines so no one can hack them. No security needed. End of story. Their primary is Tuesday.

I thought PA was going to be the poster child for all of this new security. Instead, it appears, they are doing nothing extra.

Jason Aaron Osgood
Voting Rights Forum Participant
Username: Zappini

Post Number: 9
Registered: 12-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 1:02 pm:

Harri, Bev, Kathleen, Jim, Anyone I've missed-

Good work. I'm not surprised by anything I read in the report. It's great to have it all public now.

I fully support your decision to withhold critical details. As you know, how to properly disclose exploits is an ongoing debate in the geek world. Since there are no institutions in place to handle the escalation of these issues, I think the precautionary principle applies.

Also, it's just plain smart. In the war of perception, you don't want to be tagged as irresponsible for letting the cat out of the bag.

The bootloader as supreme being metaphor is kind of funny. Has everyone here seen the movie Tron? If yes, then you may remember the efforts to take over the Master Control Program.

Glenn McGahee
Voting Rights Forum Participant
Username: Glennmcgahee

Post Number: 2
Registered: 12-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 1:30 pm:

Dear Bev and crew, I just sent you an article from Ft. lauderdale's Sun-Sentinel that was attributed to the Associated Press. This regards delivery of new and improved Diebold voting machines to 5 counties in Florida. The problem is that these are not the machines that were ordered and apparently that means they are UNCERTIFIED. These were delivered without notice that they were different with added features(?), and I guess that we have Susan Pynchon, of Florida Fair Elections Coalition, to thank for the heads up. Gonna make some calls but anyone have any idea what type of questions we should be asking about? And issues to raise? Here is a link to the article:
http://www.sun-sentinel.com/news/local/florida/sfl-fvote13may13,0,3071264.story

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 250
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 5:16 pm:

John:

I can field that one for you from PA. Pennsylvania has always sent all materials home with Judges of Election on the Saturday before the election. The only exception has been really large voting machines (levers, Sequoia Advantages, Danaher 1242's) which are delivered to polling places in the whole week before an election. Of course, all those big machines have redundant serial numbered seals, keys, the whole schmeer. Some Danahers stay in polling places up to 8 days before an election. Whoever takes delivery of them puts them somewhere safe until the election. The seal number documentation is part of election startup.

Everything else, paperwork, poll books, etc, gets picked up the Saturday before an election. It has been that way FOREVER. That includes the old punchcards, ballots, everything.

Pennsylvania counties simply have no infrastructure in place for "election morning delivery" of the machines. The two options are 1) leave them potentially unattended in polling places, or 2) leave them in the hands of the precinct Judges of Elections.

I don't know what kind of cases these machines are in. Judges of Elections know it is a criminal offense to open a voting machine before election morning.

I'm not sure what else they could have done, with this short notice.

Besides, if we are at the point we suspect precinct Judges of Elections of being the perpetrators of an "inside job" we're all screwed anyway. By and large, these people are mostly making "final arrangements" with overpriced AARP life insurance advertised by Alex Trebeck, not tweaking boot loaders with PCMCIA cards.

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2390
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 5:30 pm:

Are Judges of Elections actual professional Judges?

Joseph Hall
Voting Rights Forum Participant
Username: Joehall

Post Number: 85
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 5:38 pm:

No, Catherine, it is a specific type of poll worker that is somewhat like a "supervisor" for each polling place.

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2392
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 5:49 pm:

Thanks, I always wondered about that.

I think it would be unrealistic to expect all Judges of Elections to be bastions of integrity, even though I'm sure many or most are. The election system should be robust enough to confound any who are not as wholesome as they ought to be.

Even if an Election Judge is perfectly upstanding, an election machine that sits in their home is not going to be under tight security. The person would probably be out working most of the day, for example.

MH
Voting Rights Forum Participant
Username: Runner

Post Number: 1
Registered: 05-2006

Best of Black Box?
Votes: 3 (A keeper?)

Posted on Saturday, May 13, 2006 - 7:01 pm:

I’m a computer scientist and an election clerk who has helped many tens of thousands of citizens cast their vote on Diebold's AccuVote-TS (Touch Screen) voting machines through several election cycles.

Focusing on the voting machine “chain-of-custody” issue may be like worrying someone will break down your relatively secure back door to rob your house while ignoring the fact that your house has no front door at all and is open to the world. There may be a more accessible and innocent-looking security issue in the AccuVote-TS machine that some concerned computer scientists have disregarded because they have not observed an actual election with these machines. The Diebold system’s use of “smart-cards” provides an open door for any voter or poll work to commit vote fraud. Johns Hopkins University computer science professor Avi Rubin discusses “smart-card” issues in his voting machine security analysis ( http://avirubin.com/vote.pdf ) report.

What are smart-cards?

Smart-cards look like a credit card, but have an imbedded computer chip with data storage memory. Smart-cards and smart-card read/write devices are widely used in industry and government. The technology’s specifications are commonly available as are the cards themselves and card programming guides. It is the smart-card, as used by the Microsoft Windows PC based AccuVote-TS voting system, that offers an opportunity for a motivated person or group of people with some technical skill to commit voter fraud.

A smart-card read/write device on the Windows-based AccuVote machine is just another standard Windows controlled PC device, just like a PC’s hard drive or phone modem connecting it to the Internet. Anyone smart enough to hack a virus into Windows through an Internet browser or email could likely hack a virus or other code into Windows and/or the AccuVote-TS voting application itself through a smart-card read/write device with a specially prepared smart-card.

Why are smart-cards used for Diebold AccuVote-TS voting system?

The Diebold AccuVote-TS voting application is a "smart-card" activated, multilingual touch screen voting system that records votes on a removable internal flash memory card. As yet this Microsoft Windows PC based application does not produce a paper “ballot” receipt that voters can verify and deposit in a ballot-box for later “recount” verification of election results. If a voting machine’s flash memory is corrupted during an election then the election vote count is also corrupted on that machine.

In the AccuVote-TS voting procedure smart-cards are encoded with a "virtual" election ballot and given to each voter as they enter the polling place. Poll workers individually encode the smart-cards with the appropriate “ballot style” according each voter’s precinct number, political party and language after confirming the voter is properly registered to vote. The card is encoded via an AccuVote-TS machine and its standard smart-card read/write unit or small calculator-sized card-encoding device. The smart-card “virtual ballot" then defines the candidates and propositions for which the voter may cast their vote.

The voter then takes the smart-card to a Touch Screen voting machine and inserts it into the machine’s smart-card read/write device. The machine reads the smart-card and displays the voter’s election ballot image on its Touch Screen to allow voting. The voter then touches the check boxes by the candidate names to make their selections. Headphones for computer generated voice instructions and keypads are available for visually-impaired voters to privately cast their vote on the AccuVote-TS machine too. Before the ballots are finally recorded to the flash memory card the voter is given a final chance to review and change their selections.

When satisfied, the voter completes the voting process by touching the “cast ballot” button. When the cast ballot button is touched the vote is recorded on the flash memory card in the machine. The voting machine then writes a “voted” code on the smart-card, to ensure that it can only be used to vote once, and ejects it out of the card reader with a loud clunk. The voter then returns the smart-card to a poll worker who then re-encodes it with a virtual ballot for the next voter in line. Keep in mind that voters have physical possession of these smart-cards in private at the voting machine for up to several minutes.

When the polls close, a poll worker or election administrator uses a smart-card to put each machine into a post election mode where it no longer record votes. At this point, the administrator may instruct each machine to read its flash memory, where votes have been recorded, to tabulate and write a vote count summary on a cash register-like tape.

Depending on the local voting jurisdiction’s procedures the “virtual ballot box” flash memory cards are removed from each machine at the polling place and taken to a central tabulation facility or the voting machines are taken to the tabulation facility where the memory cards are removed. At the tabulation facility vote counts are read from each memory card and written into a central computer database where precinct votes are tabulated and aggregated. Some voting jurisdictions also allow the administrator to link the AccuVote-TS machine to phone jack to use the machines dial-up modem to transmit its vote data to the central tabulation facility. The flash memory card data and any printouts from the voting machines then become part of the official record of the election.

Why do smart-cards open the door to vote fraud?

Clandestine, but “properly registered,” voters could enter polling places normally, accept their legitimate ballot smart-card from a poll worker, go to a voting machine and simply insert their own “specially pre-prepared” smart-card into the voting machine rather than the legitimate ballot smart-card. When finished, the clandestine voter would return the legitimate ballot smart-card to a poll worked and exit the polling place.

A clandestine voter could insert a smart-card specially prepared with something as simple as a common Windows virus that would “crash” the voting machine. Poll workers typically are not trained to reset machines back into election mode so “crashed” voting machines would be closed until a technician could be summoned to “fix” the problem.

Such an attack, if mounted by multiple people, could temporarily shut down or slow voting at one or more polling places. For polling places in an area considered to favor one candidate over another, the attack could benefit the opposing candidate by deterring a large number of potential voters from voting.

Even more troubling - specially prepared smart-cards could possibly implement a programmed interface that delivers software code into the voting machine to change votes or other functions. Specially programmed smart-cards used by clandestine voters could, for example, change vote counts on voting machines. Simple software code that subtracts votes from one candidate and adds those votes to another candidate yields the same total vote count. This leaves no evidence or red flag to even suspect this simple vote data change occurred because total votes recorded in memory matches the total number of voters who entered the polling place.

A few voters at a few key polling stations near the end of the Election Day could carry out this type of smart-card attack. There would be nothing out of the ordinary to raise anyone’s concern that an election had been stolen. Malicious program code possibly could even be propagated to the central tabulation machine as it reads a voting machine flash memory cards infected via the same technique.

It is the simplest and most innocent-looking security breach that is often the most successful. Voting fraud using the smart-card, I think, qualifies as both simple and easy with a little advanced planning and preparation.

Any malicious-mind person could envisage this vote fraud scenario during a legitimate voting experience with this voting system. Anyone with a little technical savvy and understanding of Microsoft Windows could likely, in an afternoon, google all the information necessary to plan this type of attack. Smart-card blanks and smart-card read/write devices can be ordered over the Internet in a couple of days.

All the best chain-of-custody procedures, voting machine guards and security seals will not stop smart-card vote fraud hacks. Want more proof? Avi Rubin discusses various smart-card vote fraud hacks in greater in his security analysis ( http://avirubin.com/vote.pdf ) report.

Diebold can make this front-door security issue much less onerous by simply adding a data encryption and password protocol to the smart-cards and the voting machine software that reads and writes the smart-card data – it has none today!. A paper “ballot” receipt that voters can verify and deposit in a ballot-box for later “recount” verification of election results would be good too.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 252
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 7:36 pm:

Catherine,

MH is right. The chain-of-custody of the machine is the least of many worries. Most Judges of Election are retirees, and for the few that are not, we're talking about one work day, the Monday before the election.

One other point - these Judges of Election are not hired or appointed by the county unless it is to fill a vacancy. Normally, they are elected by the people of their precinct, in a partisan election held the year after the Presidential year. The current Judges of Election in Pennsylvania are just at the beginning of a new term. There will be vast numbers of brand new ones this year. Vacancies due to death or resignation are quite common. Reelection of incumbents running is almost at 100%.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 253
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 7:48 pm:

MH,

How much information is "out there" about what is on a legitimate "smart-card"? I mean, wouldn't I have to have intimate knowledge of what's supposed to be on there before I could even get the machine to accept it?

The PCMCIA attack seems to require the compromised card to be in the machine at boot-up. Wouldn't the smart-card vector likely require the same?

The one I do see as a BIG problem is the "crash it" approach to take out the machine in a precinct that is strong for the opposition.

Two other questions, MH, what is the actual typical time a voter spends at a TS? And how long (number of races) is a typical ballot in your state?

Jim March
Moderator
Username: Jimmarch

Post Number: 173
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 9:25 pm:

MH: the smartcard issue is most definately a potential "vector" for fraudulent code or data.

What's needed is real scrutiny of the source code, with a lot of eyeballs. The California senate elections committee hearing of 3-29-06 had Wyle and Systest basically confirming that they're not doing adequate code review.

North Carolina was poised to open the source code to at least some outside scrutiny. Diebold eventually backed completely out of that state. California is pondering a "forced public code disclosure law" and with the fallout from the 3-29-06 hearing there's a fair chance they'll get it.

If that in turn causes Diebold to pull out of the California market, I for one suspect that the political fallout will be more than they can take and still stay in the elections biz.

Then we'll look at the rest.

The real issue isn't so much the vendors, it's the test labs that passed all this sillyness. Once it's clear the labs are dysfunctional, it drives a stake into the credibility of all the vendors, not just Diebold.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4604
Registered: 12-2004

Best of Black Box?
Votes: 2 (A keeper?)

Posted on Saturday, May 13, 2006 - 9:38 pm:

John Gideon,

I, too, am hearing that they did nothing in Pennsylvania. To get to the bottom of this, one of the first questions to ask is how many machines total they had to re-flash and seal cases on.

Was it 1,000 machines? 10,000 machines? 500?

Knowing that number will tell us a lot just by doing the math.

Another way we can learn a lot is by finding out from the poll workers what was done to seal the case properly -- not the memory card bays, the case itself. I understood that there were to be six seals affixed to the casing itself, but that was second-hand info that may not be correct.

I'm sure the pollworkers will be able to see changes in sealing the casing, because if done properly it needs to be very obstructive.

Susan Pynchon of Florida Fair Elections Coalition gave us a very good analogy that can help the public understand just what is wrong here.

The bootloader problem can be imagined as the foundation of a house. The operating system problem can be imagined as the house itself, and the application (Ballot Station) as the furnishings in the house.

You can replace the furnishings with all new ones, as Michael Shamos claims to be doing, and you can even clean and repaint or renovate the house itself, as Michael Shamos claims he is doing by replacing the operating system.

But if the foundation of the house has at some point in the past become contaminated with radioactive waste, replacing the furniture, painting and remodeling doesn't do a darn thing to make it an acceptable place to live.

Pennsylvania was never going to deal with the potential radioactive contamination of the foundation. Their best plan was to remodel and paint and put in brand new furniture.

Still, it would be nice to know if they did even that.

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2393
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 10:09 pm:

That is a wonderful analogy!

sheila solomon
Voting Rights Forum Participant
Username: Sheilas

Post Number: 2
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 13, 2006 - 10:48 pm:

A note on people being less concerned about chain of custody. Early voting For a month?
Thats a pretty long chain.
and a chain is only as strong as its weakest link.}

MH
Voting Rights Forum Participant
Username: Runner

Post Number: 2
Registered: 05-2006

Best of Black Box?
Votes: 2 (A keeper?)

Posted on Sunday, May 14, 2006 - 7:03 am:

Reply to V. Kurt Bellman’s question: How much information is "out there" about what is on a legitimate "smart-card"? I mean, wouldn't I have to have intimate knowledge of what's supposed to be on there before I could even get the machine to accept it?

Answer: It's too easy to obtain information about what is on a legitimate "smart-card." There are several ways a malicious-mind person could learn the protocol between smart-cards and voting machines.

After legitimately voting a malicious-mind person, instead of returning the canceled smart-card to a poll-worker, could return a fake card and take real card to reverse engineer the data on it. Actually, during a busy election when poll works are distracted with crowd control, some could just walk out with a card after voting.

Or, a legitimately voting person could take a commonly available calculator-sized card reader device to the poll and read the card before and after inserting it into a voting machine card reader – this yields what and how data changes during the voting process. On the “chain-of-custody,” if you think the machines are vulnerable, access to smart-cards, both voter cards and administrator cards, is even more likely – cards could be stolen or just read via a commonly available calculator-sized card reader device.

But, why go to that much effort to get the smart-card information...... Source code for Diebold’s AccuVote-TS voting system was posted on the Internet. This public posting is even discussed in Bev Harris’ book titled, Black Box Voting. Once posted on the internet the horse is out of the barn – the source code is in circulation to be found and used by a malicious-mind person or group. In fact, Johns Hopkins University computer science professor Avi Rubin’s voting machine security analysis report (http://avirubin.com/vote.pdf) has parts of the source code listed with explanations of how its used in the voting application – this includes the data found on the smart-card and the voting machine source code for “smart-card” data management. That makes it just too easy!

(Message edited by runner on May 14, 2006)

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 254
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 7:43 am:

Sheila,

I don't know if your question and/or comment is directed at Pennsylvania, the main focus of this conversation, but if it is, Pennsylvania has no early voting at all on machines. NONE!

Kurt

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2398
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 7:55 am:

I thought her point was about the challenge of having a secure chain of custody of the (presumably) paper ballots used for early voting, if early voting was possible for a one-month period of time.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 255
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 8:09 am:

Catherine,

The only chain of custody in PA for early voting is the mail process of the absentee ballot, or voting your ballot at the county courthouse itself, in the Election Office. There is no satellite location early voting of ANY kind in Pennsylvania.

Kurt

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 256
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 8:13 am:

Bev,

The State of Pennsylvania has 16 counties using Diebolds, which comprise 1137 precincts. Only five counties are of decent size: Lehigh, 145 precincts; Lycoming, 86 precincts; Northumberland, 94 precincts; Schuylkill, 167 precincts (way too many for the population there); and Washington, 184 precincts.

The other 11 Diebold counties are severely rural backwoods areas - deer hunting country.

Kurt

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2399
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 8:14 am:

The simplicity or complexity would depend on the tightness (or lack thereof) of the procedures for handling absentee ballots. E.g., degree of bipartisan observing whenever ballots are collected, stored, logs of who has access, bipartisan observers whenever the key to the ballot storage area is accessed, etc.

PA may have excellent chain of custody procedures but most places do not.

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 318
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 9:04 am:

Jim,

quote:
The real issue isn't so much the vendors, it's the test labs that passed all this sillyness. Once it's clear the labs are dysfunctional, it drives a stake into the credibility of all the vendors, not just Diebold.

For sure the ITA's did not do their jobs and proved the certification process is a joke. However, it is my understanding that Diebold never disclosed the supreme entity feature to the ITA's. Wouldn't such an omission clearly make Diebold a bigger part of the issue than the ITA's? (I know it's a close race).

I accuse Diebold of the greater offense because of the way the architecture is designed like swiss cheese which could be construed as an attempt to keep the supreme entity hidden from detection not just from the bad guys but from everyone. Even if they say it was hidden this way in order to obstruct anyone from trying to exploit the system or for flexibility reasons, it still doesn't explain why they never told the ITA's about it. At least that's how it looks to a non-technical mind.

If it can be proven by the ITA's that Diebold never disclosed this feature to them, then doesn't this call into question whether this omission was intentional and therefore calls into question its intended purpose?

Wouldn't such an ommission be a case for the ITA's to sue Diebold for damaging their reputation? Now wouldn't that be ironic?

Kathleen

(Message edited by admin_ii on May 14, 2006)

Paula Nelson
Voting Rights Forum Participant
Username: Paulagem

Post Number: 30
Registered: 01-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 9:13 am:

Catherine: "If election officials or their superiors keep using these completely insecure machines even after they know about the irreparable vulnerabilities then they will have no one to blame but themselves if Donald Duck gets elected someday or if they are held legally responsible for any future problems. "

We've already got Goofy in the White House, Donald might be an improvement.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 257
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 10:27 am:

Catherine,

Now that I am no longer there, there is no bipartisan anything in my old county election office. Absolutely everyone in there is a Democrat. No Republicans, No Independents, No Non-Partisans. The Board of Elections has a Republican on it, but there is zero day-to-day involvement by the Board members. Bipartisan? Ha!

Kurt

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2402
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 10:34 am:

If not bipartisan (or maybe nonpartisan?) at least there should be 2 observers signing logs for any access to keys, voting machine equipment or ballots.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 258
Registered: 04-2006

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Sunday, May 14, 2006 - 10:53 am:

Catherine,

That won't happen either. The new Director not only is a former Diebold sales rep, but she is married to a man who was convicted in a job selling scheme when he was a county elected official. He did quite a few years in federal prison.

She will be programming the DRE's by herself, without observation, she will design the absentee ballots by herself, without observation. She will be printing ballot sheets and programming cartridges for the DRE's over night or on weekends, by herself with no observation.

All because the county will not hire more staff for that office under any circumstances.

Only the L&A tests will be available for bipartisan observation, but no one will attend, because the county has 17 years experience with DRE's and everyone trusts them.

Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam

Post Number: 777
Registered: 06-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 1:04 pm:

So Kurt, are you indicating that NO Diebold technicians program the DRE's ballot styles or memory cards? Hmmm.
And what 'counts' those ballots associated with "the mail process of the absentee ballot, or voting your ballot at the county courthouse itself, in the Election Office." A Diebold opscan machine perhaps?

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 260
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 1:12 pm:

Bruce,

Nope. All are counted by hand. No scanners.

They are counted at the precinct at election night close, and again in the central office by hand, with observers invited, during the official canvas that begins the Friday after the election.

And yes, I am saying that Diebold reps are NOT programming the databases. The news stories from last week in the Allentown Morning Call said as much.

Kurt

Kate Spark
Voting Rights Forum Participant
Username: Maroon1

Post Number: 1
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 1:17 pm:

To Bev:

Hello. I am new to the board, and I am sure I know far less technologically about the machines you are discussing than all of you do. However, I do live in Washington, PA, the seat of Washington County. Washington County is the new "proud" (tongue in cheek) recipient of 700 new voting machines, the Diebold AccuVote TSX. I am less than thrilled with the way our local officials are handling the most recent security issue. We will be having a "tapedown" of the memory card slot on May 16, Primary Election Day. As far as I can tell, from what our local paper states, that is about all that is going to happen to ensure an honest vote.

The City of Washington itself is populated by a little ouner 15,000 residents. Washington County, in most recently documented census figures, sports a population of roughly 265,00, if I am not mistaken.

Our local paper, The Observer-Reporter, printed an article yesterday entitled,

"The joy of being a guinea pig"
http://www.observer-reporter.com/main.asp?SectionID=6&SubSectionID=15&ArticleID= 18610

and I was infuriated at the lackadaisical tone of the article. Our paper allows comments at the end of an article. My husband and I both submitted comments regarding the problems with the TSX, and voicing our concerns that the local paper was not covering the issue properly - that perhaps local officials appeared to lack the proper knowledge or remedies. We stressed the problems, as addressed by Avi Rubin and Michael Shamos, in hopes that the paper could relate to the CMU connection. We also indicated that this is an issue being reported on nationwide, by many news organizations including AP, Reuters, WSJ and NY Times. Alas, our comments have not been printed and I believe I know why; the local officals seem to view these machines as not having any kind of serious problems, despite numerous objections to their purchase and use by many within the community. Our local paper also does not respond well to what they view as "radical" opinions, or "conspiracy theories". Ahem. However, the biggest problem is that the overhwhelming majority of people here seem to be uninformed, which is precisely why I noted to the paper they had a responsibility to report the security issues with the TSX properly and accurately.

We had previously written to the Washington County Commissioners about our concerns, and received a form letter in response, explaining how "intuitive" the machines were, and how they county had to comply with HAVA. The local election official, Larry Spahr, is clearly in over his head. From what I have read in the Pittsburgh Post Gazette, so is Pedro Cortes of the State of PA Elections, who rates the most recent security problems as "a low risk of potential security". We cannot get anyone at a local or county level to take this situation as seriously as they should.

I feel no confidence whatsoever in the ability of our local officals to address these situations. I will be unable to vote in the primary, as I do not affiliate with any party. My husband will not be able to vote either. At this point, we wish we could, so we could see how the voting machines operate and how poll workers handle any problems that may occur. We woulkd also like to view the machines on Primary Day. I know they have reduced the number of workers for the evening of the election and have also reduced the number of paper ballots that will be available the day of voting.

I have a list of local articles that demonstrate well my concerns over our community's ability to receive a fair election. The articles relate how Larry Spahr is handling the new voting situation and any anticapted "problems" with the TSX, if anyone is interested. There is one article I cannot find, which described a recent "problem" with the building housing the voting machines. I truthfully cannot remeber what the problem was - if it was damage to the building, or something else. I just know that at the time I read the article, it was of concern to me because of these machines being housed there.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 261
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 1:21 pm:

Wow, I am stunned by the relative silence now.

Here we have a firsthand account of a county election director, married to a convicted felon on corruption charges, running an office that is all single party, who will have no observation of what she is doing in, on, or around the DRE machines, and no one seems to care, because that single party is Democratic?

Is that what this is all about?

Does no one feel ashamed by the double standard?

This county, Berks County, Pennsylvania, has a more direct evidence of a corrupt situation than anything that happened in Ohio, and no one hereabouts gives a damn.

Shame.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 262
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 1:44 pm:

Kate,

I know Larry Spahr. I have served on boards with Larry. Larry is a decent honest career public employee. He has never struck me as particularly adept in technological matters. He will likely repeat what he is told, and not investigate things himself. He is good about "not making waves" when his superiors tell him something.

He had no role in choosing Diebold other than arranging for the presentations of the various vendors. Your Commissioners chose Diebold.

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2416
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 1:47 pm:

Kurt, I thought it spoke strongly for itself! It is horrible--I thought that was obvious from what you posted. I do not appreciate that you sometimes infer partisan responses that are not there.

I assume from your response that there would be no legitimate chain of custody of the ballots, though you never addressed this directly. So much for any validity of the early voting ballots.

Without a well-documented chain of custody, the fact that they are hand-counted is irrelevant. If this person has such complete control over access and there are no requirements to have at least a log and 2 people, how can anything ever be assured?

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 319
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 1:47 pm:

No, Kurt. I honestly doubt the silence has anything to do with partisonship. Give it a little time. Since, this is Mother's Day, I bet many of our members and visitors are probably spending time with their Mothers instead of posting on BBV!

Since you are here, check out what Kate Spark of PA had to say about the reaction by the local media and the election officials in her County to the Hursti Report II. Sounds like these election officials are not getting it and are happy to remain willfully ignorant of what they are dealing with regarding the TSx machines and how vulnerable they are. I find the newspapers' decision not to post Kate's response to the news article very telling also. An all too familiar scenario that occurs among local media, election officials and citizens throughout the country.

Any comments on what she had to say about it?

Kathleen

John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush

Post Number: 398
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 1:47 pm:

Well, I need to jump in for a moment.

It certainly is ridiculous, regardless of party, but has anyone verified it?

Kurt, can you provide links for verification?

John

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 320
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 1:49 pm:

Kate,

Welcome to BBV! Thanks so much for letting us know about your experiences in PA after the Hursti Report on the TSx machines was released.

I have to rush out right now, but when I get back I would like to respond to your post and maybe ask a few questions as well.

Kathleen Wynne

Bev Harris
Board Administrator
Username: Admin

Post Number: 4611
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 1:53 pm:

Kate,

If all they are doing is taping over the memory card bay (without sealing the case of the machine about 10 different ways) then the whole exercise is pointless.

It was somewhat pointless anyway, but here's what has to happen next:

Evidence.

Get evidence.

Somebody needs to get photographs of these machines and exactly what was done to seal the casing -- NOT the memory card slot, the casing.

Evidence, in the form of a written yes or not response from public officials, needs to be obtained as to whether they reloaded the operating system and the software from a pristine version.

Not that that does much good if the bootloader has been contaminated at any time in the life cycle of the machine.

Also -- evidence -- get the serial numbers of every machine in your county and/or in Pennsylvania. That is a public record. We have now identified the serial number block that corresponds to machines delivered to California in 2004 and we have now confirmed that a percentage of the machines delivered elsewhere are throwbacks to the 2004 California serial number block.

The relevance of the serial number blocks is twofold: The longer the machines have been around the more opportunities there have been to contaminate the bootloader -- and remember, that contamination will affect the machine for life.

Also, there was a 100 percent correlation between the Emery County machines with something else loaded on them (no memory storage left) and a specific serial number range.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 263
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 2:10 pm:

John:

Links? The local newspaper won't even print the facts about the Election Director's marriage to the corrupt former elected official. Only insiders even know about it. She continues to use her maiden name, even though she has been married to him since before he was incarcerated. Those who have pointed it out on local talk radio have been bleeped out with the 7-second delay. The local media is "over-the-top" pro-Democratic.

The Reading Eagle (newspaper) does not consider any of it to be relevant. They also touted her "vast experience" as a benefit to the county. That vast experience was as a sales rep for Advanced Voting Solutions (she sold Fairfax Co., Virginia) and later Diebold.

The party of registration of the election office employees is a matter of public record, but not on the web.

That she will do all these things by herself is actually a matter of county policy, and the fact that the only other non-union employee who could also work overtime to observe, refuses to do so. The county will not authorize overtime for union employees.

Barbara Bellows-TerraNova
Voting Rights Forum Participant
Username: Bellterr

Post Number: 1
Registered: 05-2006

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Sunday, May 14, 2006 - 2:18 pm:

I'm writing from Salt Lake City, Utah, the state where Bruce Funk requested this examination and report.

Yesterday, Saturday, my husband and I went to the Utah Democractic Convention with 100 copies of the report to distribute to state party officials, candidates, campaign managers, and delegates, along with this accompanying article:

The time has come, Democracy said, to talk of many things:
Of Diebold, Funk, Ohio’s Ney,
Of Abramoff buying kings–
And why HAVA cannot matter–
Since the warnings that Hursti brings.

Okay, no more beating around the Bush – this week Utah’s Emery County Clerk, Bruce Funk, is redeemed.

Perhaps you’ve heard of him. His March 23rd announcement that he would not use the Diebold voting machines Lt. Governor Herbert sent him caused an emergency closed-door meeting on March 27th with Diebold, the Emery County Commissioners and Counsel, and Michael Cragun, Elections official from Lt. Governor Herbert’s office – but not Funk.

When the doors were finally opened, Funk was told to use the Diebold machines. Unwilling to accept responsibility for their security, he threw it back on the Commissioners, who later insisted that was his resignation.

This all happened after the March 18 posting at www.blackboxvoting.org of an initial independent evaluation of Diebold’s TSx by Harri Hursti, Finnish computer security expert, and Security Innovation (consultant to Symantec, McAfee and Microsoft), based on their examination of two of Funk’s 40 machines, at his request.

For that, Diebold punished Emery County with a $40,000 fine. Yet none of this was reported by Michael Cragun on April 19, before the State Government Operations Interim Committee, updating the legislature about the voting machines implementation, with Bruce Funk seated nearby.

But this week, the final report from Hursti/Security Innovation is out, again at www.blackboxvoting.org, detailing “multiple backdoors built into the system”, and Bruce is mentioned, with great respect.

Last weekend, Brad Friedman of BradBlog.com, the uniquely diligent investigative blogger, reported that early word on Hursti’s report prompted Pennsylvania voting system examiner Dr. Michael Shamos to force acknowledgement of the problems out of Diebold. Pennsylvania Secretary of State Pedro Cortez then issued a Security Alert for the Diebold machines and a lock down of the equipment before this week’s primary.

The jig is up. Diebold machines, currently creating chaos in primaries, allow voting results to be altered – easily, quickly and undetectably, without passwords.

For several years, computer scientists have warned the technology isn’t ready yet, especially because the vendors’ work harder at securing large contracts than securing election integrity.

Those large contracts have been prompted by HAVA, the Help America Vote Act. Notice it isn’t called the Help America’s Votes Get Counted Act.

In fact, Congressman Bob Ney, of recent Abramoff infamy, was a co-sponsor and author of HAVA, just when Diebold paid $275,000 to Abramoff at Greenberg & Traurig, to push for electronic voting machines in HAVA – with no verifiable paper trail. Meanwhile, Diebold donated heavily to The National Federation of the Blind, pushing accessibility before security.

Compliance with HAVA may be impossible, requiring the disabled to have “the same opportunity for access and participation (including privacy and independence) as for other voters”.

Ponder this: Can a voting system that serves individuals who are blind, also serve those who are deaf, as well as those in wheelchairs, and with dexterity issues? – And without assistance with no chance of someone seeing their votes.

So, HAVA was written with absurd standards by a corrupt Congressman, under the influence of cash from a corrupt lobbyist, paid by Diebold, a company that corruptly sold uncertified software to California for the 2004 election (and settled out of court for $2.6 million), whose machines are revealed to be corruptible – with Bush’s most important election, legacy-wise, only months away.

New York State has demanded and received postponement of its HAVA compliance from the Department of Justice. Utah needs to do the same.

(Barbara Bellows-TerraNova is a working mom whose side-mission it is to know more, and then share it – So, in October 2004 she performed her One Person Patriot Act, "Know Bush: Launching Facts That Shock and Awe" in Salt Lake City.)

Sources:
Initial Hursti/Security Innovation Evaluation, dated March 18, 2006: http://www.bbvforums.org/forums/messages/1954/19673.html?1144430968
Security Innovation clients: http://wwwsecurityinnovation.com/pdf/credentials.pdf , page 11
News of Upcoming Hursti/Security Innovation Report, Pennsylvania, Shamos & Cortez:
http://www.bradblog.com/archives/00002787.htm#More and
http://www.mcall.com/news/local/lehighton/all-1schuylkillmay04,0,7235865.story?c oll=all-newslocallehighton-hed
Hursti Diebold TSx Evaluation, May 11, 2006: http://www.blackboxvoting.org/BBVtsxstudy.pdf
Abramoff/Ney/Diebold connection: http://www.freepress.org/departments/display/20/2006/1702 and
http://www.rollingstone.com/politics/story/9519825/meet_mr_republican_jack_abram off?rnd=1144952282375&has-player=true
HAVA Requirements: http://www.eac.gov/docs/HAVA%20Programs-HAVA%20Use%20Restrictions.pdf
New York Delaying HAVA Implementation:
http://www.votetrustusa.org/index.php?option=com_content&task=view&id=1246&Itemi d=113
Diebold settlement with California: http://www.nctimes.com/articles/2004/11/11/news/state/19_50_1411_10_04.txt and
http://www.diebold.com/news/newsdisp.asp?id=3118
Interview with Bruce Funk 03/31/06 and Present at Committee meeting 04/19/06.

I believe what's essential is to get this information out. Even in Salt Lake, the coverage is extraordinarily limited. But we can change that. . .

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2419
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 2:34 pm:

Hi Barbara, this is outstanding. It is very impressive how you're able to highlight so many key issues with clarity and just a few words.

Keep us posted what kind of response you get.

John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush

Post Number: 404
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 2:56 pm:

I agree, Barbara, that's an excellent summary! Best of luck in the fight!

John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush

Post Number: 405
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 2:57 pm:

Kurt, if you would email specifics to me at sluggojd@sbcglobal, I'll try to verify it within 48 hours.

ON EDIT - for the record, I'm a Dem, and I will always be a Dem. But this issue should be and must be non-partisan.

John

(Message edited by Bozosforbush on May 14, 2006)

Kate Spark
Voting Rights Forum Participant
Username: Maroon1

Post Number: 2
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 2:59 pm:

Hi Kurt!

I realize Larry did not choose the machines - I am very well aware our commissioners made that decision. The issue at this moment is not who chose our machines, but how the elections will proceed. I feel Larry is unable to appreciate the problems which may occur. This has absolutely nothing to do with his personal character; it has everything to do with the ability of all involved here to participate in a fair election process. Based on Larry's recent comments, it makes me question whether he knows what is really "going on" with the new machines. And, as you state, I believe he is "repeating what he is told" by the State's Election Officials. But, that also does not address the problems.

I should add, my husband works for a worldwide networking company, in the main computer room of their world headquarters, as a computer operator/analyst, and his concerns over voting in Washington are grave. We intend to exercise our right to address the decisions made in selecting this voting machine on Election Day in November, through careful selection of candidates. If necessary, it will be through the use of absentee ballots.

So far, before Election day, this is what has occurred:

"After receiving a directive from the Pennsylvania Secretary of State, Washington County found through testing that two of its 700 new Diebold AccuVote TSx touch-screen machines had to be fixed to avoid a potential security problem.

Secretary of State Pedro A. Cortes notified counties that purchased the Diebold touch-screen machines last week of a "potential security vulnerability in the system installation and upgrade mechanism" that could allow unauthorized software to be loaded into the system. Larry Spahr, Washington County elections director, said the problems were found during logic and accuracy procedural testing.

"They had the wrong motherboard," Spahr said. "Both were corrected.

Leslie Amoros, spokeswoman for the Department of State in Harrisburg, said Cortes issued the directive "as a proactive step. Diebold notified the department that there was a very low risk of a potential security vulnerability.

"The department issued the directive to ensure all precautions are taken to have a secure and accurate election."

Washington County will be delivering voting machines to the polls and local election officials on Friday and Saturday. State law says the machines are to be delivered no later than 24 hours before the May 16 primary.

Memory card doors on the machines are to be kept locked until unlocked by the local election board.

The slot designed to accept the voter access card for the Diebold system will be sealed with tape, to be removed by judges of election between 6:30 and 7 a.m. Tuesday, when voting begins."
05/10/2006

"Scott Fergus, Washington County director of administration, said the usual 50 ballot inspectors will be replaced during the May 16 primary by 15 election night workers who will be paid $75 each. Majority commissioners formerly had the opportunity to appoint 30 ballot inspectors, while the minority commissioner could appoint 20.

With the advent of electronic touchscreen machines, each county commissioner will be able to choose five election night workers.

The canvass board, formerly numbering 12, will be reduced to nine. Workers, commonly known as the "recount board," who begin their task the Friday after the election, will be paid $50 per day.

Larry Spahr, Washington County elections director, said the canvass board will no longer have to decipher handwriting for write-in votes because write-ins will be cast by touching the screen. The canvass board still will have to record official results for each race in each precinct in a docket and check absentee and provisional ballots.

Washington County elections officials performed diagnostic testing on all 700 of the Diebold TSx touchscreen machines they received. Six machines that were found deficient will be replaced before the primary.

Spahr said one screen didn't work and two machines had no audio capacity. He was unsure about the types of problems encountered with the remaining three machines.

"Six replacements will be sent," Spahr said.

In case of an emergency at the polls, Spahr said, each precinct will be given 50 Democrat and 50 Republican paper ballots. The ballots would be counted by an optical scanner.
05/04/2006

"Susan Ruether, president of the League of Women Voters and a local election board member who has trained in the use of the machine, announced at the beginning of the forum in the Chartiers Township building that the demonstrator model wasn't cooperating.

"The encoder will not let us get into the machine," an embarrassed Ruether told the crowd of the card system that is part of the touch-screen machine.

And although a league member tried repeatedly to activate the device as Democrats Paul Walsh and Jesse White and Republican Paul Snatchko spoke during the hourlong forum, the machine, which was not equipped with a power cord, eventually succumbed to a dead battery.

To cast a vote, each voter receives an ATM-like card encoded for the primary as a Republican or Democrat ballot. A diagnosis Tuesday at the Washington County elections office showed the encoding device was in fact to blame for the hang-up.

"They get bounced all over the place," said Washington County Elections Director Larry Spahr on Tuesday afternoon, noting that the demonstrator machine will soon be headed to Carbon County, in Eastern Pennsylvania, which also has purchased the Diebold AccuVote TSx.

Washington County took delivery of 700 of the machines last week, and none of the newly manufactured models will be used as demonstrators, Spahr said.

Local elections boards, however, will receive two encoders for the May 16 primary so that each precinct has a back-up. On primary day, the machines will be plugged into electrical outlets, and back-up batteries are supposed to allow the machines to be used during an outage.

No one knew for sure where the problem lay Monday night, but the fact that the machine's debut at the candidate forum was inauspicious didn't sit well with some vocal members of the electorate.

"I was very disappointed, but not surprised," said Benita Campbell of Burgettstown, who said the presence of the new voting machine was a big factor in her decision to attend the forum.

"I'm just astounded no one has truly challenged the fact that our voting system has become privatized. The vendor is counting the votes, the vendor knows the source code. I think that is very troubling for our democracy."

Campbell said she plans to cast an absentee ballot in the primary.

Andrew Schrader, a Democratic committeeman from Cecil Township, had attended a previous get-acquainted meeting at Courthouse Square for those curious about the new voting machines.

"I just have questions about it," Schrader said. "What happens tonight is what scares everybody. Everybody has a computer in their home that freezes or crashes.""
04/26/2006

These issues are from only 3 recent articles on the machines. Given the lack of apparent knowledge by our county officials, as indicated in the articles, I feel I have to question the process, no matter who personally is involved.

I am sure these problems could be worse (from all I have read), but adversely, they do not inspire a feeling of trust and security about voting. I decided to post, as people were asking how the counties in PA using the TSX were handling the issues. And unfortuntely, Washington, PA is not a garden party lately. Washington County currently employs a veteran DA being investigated by the FBI, charges unknown by the public. Local officals, local authorities, the police, etc. have been questioned but no further information will be given out on the matter. Community members have recently expressed public dismay and concern over corruption and abuse of authority in our area.

Given the last (or two most recent) Presidential elections, I have little confidence in public officals, and I have major concerns over the voting process here and across the country.

Kate Spark
Voting Rights Forum Participant
Username: Maroon1

Post Number: 3
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 3:17 pm:

Hi Bev!

Thank you for your instructions. One question for you - if I am not voting in the primary, do they have any right to turn me away from "viewing" the machines, to photograph them?

I have not heard of the casings being addressed as an issue by the officals here in Washington at all.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 264
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 4:02 pm:

Kate,

I think you're right. Larry might be in over his head.

"They" do have a right to turn you away from viewing or photographing the machines in a precinct. Unless you are a voter in that election, the only way you may be in a polling place if you are not working on the precinct election board is if you are carrying a "Watcher's Certificate" which must be issued to you by a candidate on the ballot. If you have one of those, you may be inside the polling place, but may not bring a camera.

There is no way any "unaffiliated" or "independent" person may observe anything in a polling place in Pennsylvania. No out-of-county, out-of-state, or international obervers are EVER allowed, unless they are Department of Justice observers authorized by a court.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 265
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 4:28 pm:

John,

Your email address has no domain suffix.

Kurt

Kate Spark
Voting Rights Forum Participant
Username: Maroon1

Post Number: 4
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 4:34 pm:

I want to say, if I did not before, "Thank You" to Kurt, Kathleen and Bev, and anyone else as well, for the welcome. I turned to your website in deep frustration after hearing of the Hursti/Security Innovation Report, and the subsequent "lack of a response" from the local paper.

I would appreciate any ideas you may have that can help me obtain this machine information/get photos. I am trying to think of who I know (well enough to ask this of them) who is registered by party, and who would also have the ability to comprehend what in the world I am talking about, lol. Oh that sounds so sad... but true.. Another question: is Westmoreland County using Diebold? I had that information previously, but my old hard drive crashed a couple of week ago and it is on there . I have not yet finished retrieving the data from the drive.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 266
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 4:51 pm:

Kate,

I'll think about the pictures thing. Will a picture of the county office demo unit do? I assume not. You're looking for "real world" stuff, I'd guess. Maybe in November.

Westmoreland is NOT using Diebold. They are using the ES&S iVotronic. That might be better; it might not.

For a comprehensive Pennsylvania map, see:

http://www.dos.state.pa.us/voting/cwp/view.asp?a=1218&Q=446365

Kurt

Kate Spark
Voting Rights Forum Participant
Username: Maroon1

Post Number: 5
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 5:18 pm:

Kurt,

Thanks for the map, it is greatly appreciated. I am wondering if a cell phone with picture capability would do the trick for photos. I cringe to think of waiting until November. We have "supposedly" brand new machines here right now. It would be better, in my opinion, not to have to wait. And I have little precious time to find a way to accomplish anything before the primary in two days.

Our 3 commissioners chose Diebold ONLY as a cost issue over other systems. Unbelievable - cost! If anything goes wrong on Tuesday, I hope the public is aware of their part in making these decisions. I feel they made the worst possible choice. I have never spoken with Larry personally - my husband and I have been expressing our concerns to the commissioners and the local media. We started in on the issue long before the Hursti report came out, but we got nowhere. Trying to accomplish anything or find out anything in Smalltown PA, that goes against the current community edict, is like pulling teeth.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 267
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 5:28 pm:

Kate,

_Some_ people on this site seem to have a hard time believing that "the majority" of people aren't concerned about this issue. I take from your tone that you are becoming quite frustrated about this? Can you confirm for some of the readers of this site just how "sheeple"-like Pennsylvanians can be? It seems getting anyone aroused by electronic voting has to get in line WAAAAY behind property taxes, the legislative pay raise, $3 gas, "The Stillers'" draft choices, abysmal pay increases, job outsourcing, and about a million other things. Those of us who care about this issue are a rare breed indeed in my experience here. And I used to DO the job Larry does for Washington Co., here in Berks. No one seems to care, and I don't know fully how to interpret that.

John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush

Post Number: 407
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 6:05 pm:

LOL, I knew I needed a nap.

sluggojd@sbcglobal.net.

Samuel Scharff
Voting Rights Forum Participant
Username: Abacus

Post Number: 32
Registered: 08-2005

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Sunday, May 14, 2006 - 6:17 pm:

Why people don't see?

An interview

Cesca: why is it so unthinkable that machines can be manipulated to influence the outcome of a presidential election?

Miller: Because it can't happen here. That's the creed we're up against -- a creed based on an absolute estrangement from the wisdom of the Framers. The republic's founders understood that "it" can always happen anywhere, including here. That, indeed, is why they had the wit, and took the trouble, to devise our system with its checks and balances. They would have been amazed that anyone could be naive enough to say that "it can't happen here." As that notion is based not on reason or on history but on ideology, it doesn't matter if the risk is wholly plausible--not even if you have a wealth of evidence to make the case that it has happened here. In fact, resistance to that case seems to grow more intense the stronger it becomes. It's a faith-based notion, and so evidence and logic by themselves cannot dislodge it. The only way around the problem is to give up merely arguing with those who keep refusing to believe it, and to take the case directly to the people, insofar as that is possible. I think the people grasp that what has happened here has really happened here. It's those who have a strong material and psychological investments in the status quo--politicians, media types--who won't accept reality.

A Conversation With Mark Crispin Miller
HuffPo 12/12/05 Bob Cesca
http://www.huffingtonpost.com/bob-cesca/a-conversation-with-mark-_b_12134.html

Regards

Kate Spark
Voting Rights Forum Participant
Username: Maroon1

Post Number: 6
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 6:19 pm:

Kurt,

Bah, Bah... it is so true, sadly so. I am not originally from PA, my husband has lived here all his life. I am from RI and New Englanders are a world away from Pennsylvanians. When I moved here, my husband said, "Welcome to PA. Set the clock back 200 years". And, he was correct.

Everyone here is "go along to get along", everyone is so "nice". One time, a comment in the paper criticized the Town Treasurer, who was the wife of the Mayor (both in office together, huge financial mess). Reader after reader furiously wrote in to respond "how dare they criticize her, she is my friend, she is my neighbor, she is the Mayor's wife... she is so NICE". The "critic" was assessing her inability to perform her job even adequately. The "critic" had not attacked her as a person. People lost their minds. This is the mindset here, folks.

I have grown a mild aversion to the word "nice" since moving here. It is overused and overrated. They are not "that" nice - they are truly sheeple. They are all still drinking the Kool-Aid, seriously.

I was always a Democrat, but I do not party affiliate; I am moderate. I choose individuals, usually Democrats. I grew up in a hugely Democratic, Catholic dominated state, bordered by other hugely Democraict states. I know Democrats when I see 'em. The Democrats here are like "little Republicans in disguise"; they vote traditionally Democratic as their parents did. Their parents were often blue-collar, union workers or farmers. They do not want to "violate" the family party. But these Democrats are a strange new breed to me; they espouse many values of conservatives/Republicans, are very Faith-Based, and are almost always pro-life and pro-gun, the "hot button" issues. Not tring to get into partisan politics, but I am trying to explain the people here.

This explanation, hilariously enough, was provided to me by a commissioner, who I asked one day to help me with my confusion over why these Democrats were so far removed in theory and practice from those I lived around all my life.

The local paper will deny partisanship, but it is very Republican, in a "Democratic" town. Go figure. I still do not get it somedays, and get very frustrated, especially over important issues.

In PA, the issues are exactly and all of what Kurt stated, just add in "Seniors" issues, Medicare, Prescription Drugs, Health Insurance, Farming/Argriculture, Poor Roads and Bridges, and WEATHER! Weather is the biggest deal here than I have ever witnessed elsewhere. Steelers Football is GOD.

Trying to engage someone in a conversation on National Issues is pathetic. Often many do not have a clue what you are talking about and many could not care. If they do care, they always possess what to me is a radical view. Yet, they view me as the radical, because I dare take on issues, or "complain".

I am one of the only mothers in the school district who will dare take on the school. We had a recent "beating" in the high school - brass knuckles were used, a clear weapons violation under state and federal law. I could not get the paper to report on it, so the community was not informed of the event. It was not in the Police Report in the paper. It was not reported, so far as I have been able to ascertain, to the Dept. of Ed. It is a "stick your head in the sand" issue. The boy who got the "beating" was related to the Mayor and a school board member. You would think they would make a big public deal out of it, but no. Not a word has been spoken. I am the only parent demanding openness on violence in our schools. We need serious change before situations escalate.

I hope these examples, though a bit far from the original subject matter, help to demonstrate why people around here could care less about the voting machines. Only those employed in the tech sector have spoken up (and have been soundly quashed) on the issue. My husband and I are in the vast minority here who agree with this website.

I hope this explains a bit why people here are not "involved" and seemingly, do not care. They truly do not see it as a problem at all.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4612
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 14, 2006 - 7:52 pm:

Thank you to all, and Kurt -- thank you for providing your insights on Pennsylvania. I am just coming up for air for a sec. -- have another report coming out shortly.

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2428
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 12:17 am:

I have never underestimated the degree of apathy and unawareness in the general public. A prolonged media-imposed entertainment stupor is one problem, but not the only problem. A distance from elected representatives and from meaningful participation in locl-level decision-making is another part of the problem, and that we are "educated" (brainwashed) to submit to authority without question.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 269
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 4:21 am:

Catherine,

Here we are less than 24 hours from our Primary, and the only voting most people care about around here tomorrow is American Idol phone voting.

Adam Stiles
Voting Rights Forum Participant
Username: Ajs726

Post Number: 1
Registered: 05-2006

Best of Black Box?
Votes: 2 (A keeper?)

Posted on Monday, May 15, 2006 - 5:22 am:

I'm from Great Britain, where hand-counted paper ballots are still used. Frankly, it amazes me that anyone would think it legitimate to elevate anything, least of all a corporation's right to keep secrets, above the integrity of the democratic process.

Every single aspect of the election process must be absolutely open to public scrutiny, otherwise there is no democracy.

It's for this reason that I think mandating Open Source software, while it is a noble aim, does not go far enough. Anyone can examine it, but only a minority of people -- competent programmers -- can gather any useful information from examining it. Yes, a programmer might be able to see from the Source Code that a voting system is tamperproof. But to anyone but a computer scientist, Source Code is next to meaningless; a message, written in a strange language, and said by speakers of the language to constitute some sort of guarantee.

I believe that all technology used in the course of an election should be comprehensible to a school leaver with passing grades. Anything less harms democracy, by making it harder for the general public to understand how the system is absolutely immune to interference.

Josef Stalin was reputed to have said "Those who cast the votes decide nothing, those who count the votes decide everything". This is why the counting of the votes must be done in the open, so that those who cast the votes can see that the votes are counted correctly. If only scientists of a particular discipline can understand the process, then there is less openness.

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2434
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 5:33 am:

Hi Adam,

To add to your point about Open Source, (I agree that it's not a solution for the reasons you mention--it can't be "observed" by those who are not programmers), the recent Hursti II Report revealed that the OS and bootloader vulnerabilities would make the integrity of the voting machine programming completely irrelevant. Both the Windows CE and--even more seriously--the bootloader have vulnerabilities that would override the software program. It would be impossible to ever be certain that a voting machine had not been compromised.

It's like using ballot boxes with several unlockable trap doors. There's no way to ever know what, if anything, is in the secret compartments behind the trap doors, and no one can ever prove conclusively whether votes had been added, removed, or left untouched.

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 321
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 7:08 am:

Adam,

quote:
it amazes me that anyone would think it legitimate to elevate anything, least of all a corporation's right to keep secrets, above the integrity of the democratic process.

Welcome to BBV!

It amazes me too. I agree with everything you said. Imagine, corporations are given the right, in America no less, to keep secrets from citizens when it comes to the democratic process? Such absurdity is the only transparent part of the election process we presently have, IMO.

Despite all the evidence to the contrary, why is it that millions of Americans and a majority of election officials and politicians still believe the machines are just fine and think hand counting our votes is more vulnerable to manipulation and, therefore, cannot be trusted!

Have the colonies gone insane? England seems to have a more transparent election process than America!!

Kathleen Wynne

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 322
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 7:51 am:

Catherine and Kurt,

Kurt said:

quote:
I hope this explains a bit why people here are not "involved" and seemingly, do not care. They truly do not see it as a problem at all.

Catherine, I agree with your analysis to Kurt's post. However, I think another reason citizens don't participate in the process is because they are intimidated by these machines (even those who don't immediately submit to authority figures). They feel unqualified to participate in the election process with any confidence because they simply don't understand how to oversee a voting machine in a way that qualifies as meaningful citizen oversight. It's more like citizen watching because the process has been rendered so non-transparent and in most cases obstructed, they don't even know what it is they're watching.

Introducing technology into the election process is akin to that analogy where a frog is in a pot which slowly begins to boil and the frog doesn't realize he's about to be cooked until it's too late.

Voting machines have slowly but surely been boiling transparency and citizen oversight right out of the election process altogether. We are definitely at the boiling point.

Kathleen

(Message edited by admin_ii on May 15, 2006)

John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon

Post Number: 222
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 8:46 am:

The question I have been asking is; "Did the SAIC report find this security hole?". Well, I was asking the wrong question. Instead I should have been asking about both SAIC and RABA. Page 19 of the RABA report:
http://www.raba.com/press/TA_Report_AccuVote.pdf

3. Load a PCMCIA card with an update file. The PCMCIA card can be used to update
the software on the AccuVote-TS terminal. This can be done by placing a PCMCIA
card with an update file into the terminal and rebooting the terminal. The update file
allows an attacker to overwrite any file on the system. Furthermore, by using this
technique an attacker can install his ow n version of the ballot station software giving
him the ability to completely invalidate all the results on that terminal. If he
compromises the AccuVote-TS terminal used as the accumulator 25, he can
compromise the entire precinct results.

This report is dated Jan. 20, 2004 and all security issues identified in this report were supposed to have been mitigated, as I recall. It is apparent that Diebold did not care to fix their problem then. Why are we to believe they will fix it now?

Kate Spark
Voting Rights Forum Participant
Username: Maroon1

Post Number: 7
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 9:06 am:

Good Morning/Afternoon!

I have a couple of questions regarding our machines for tomorrow's primary.

So far, I am unsuccessful on finding a way to (at the very least) "view" the machines and the casings. But, I would like to know where to ask for a copy of the documents recording the serial number information? Is that done through State Elections officals? I would prefer asking them, as the list would be comprehensive for the state (I would hope), not just the serial numbers from Washington County, if I requested information locally.

""Oddly enough, Diebold sent Washington County five TSx units set up for a voter-verified paper audit trail, a device that hasn't been certified for use by the Pennsylvania Department of State. "

One other thing I have learned, that was queried by Glenn in a previous post... We have also received machines that were not what we ordered, different in that they have the VPAT. I believe we have 5 of them, too.

However, the state does not certify these machines for usage. Right at this moment, I have no way of knowing if they will be used tomorrow. As per the quote below, is simply disabling the VPAT then making the machine "be in compliance" as a certified machine under my states laws? Or should these machines not be used? If they are used, have they then been "legally" certifed by PA, and what, if any, would the implications be?

"Advocates of the paper audit trail have been quite vocal in their support of a VPAT system, but optically scanned ballots are the only type the state has certified."

"Any machines with VPATs must have that system disabled before the voting machine is used in an election. The Department of State has expressed a concern that what are supposed to be secret ballots could be traced to the voter."

Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam

Post Number: 778
Registered: 06-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 9:12 am:

Kurt's posting of Posted on Sunday, May 14, 2006 - 01:12 pm:; well, let's hear for this aspect of PA election laws/codes,that they handcount all absentee ballots. Requiring such in CA would bring such a cry of outrage from the local election officials,citizens of PA would hear them. Especially since almost 40% of all votes cast are by early/absentee ballots.
And it's amazing that -at least in San Diego,CA- the ROV absolutely relies on Diebold technicians to program both opscan and DRE's but that all the PA election officials manage to do it on their own;hmmm.

Adam Stiles
Voting Rights Forum Participant
Username: Ajs726

Post Number: 2
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 9:14 am:

Well, if voting machines were to be running Open Source software, they would have to be running 100% open source software. That's an open source bootstrap loader {LILO or GRUB}, an open source operating system {GNU/Linux or BSD} and an open source application stack. I think such a setup would be acceptable for a ballot of competent programmers.

I have actually designed a voting system, based the British system. It's a direct-recording electromechanical device {so no recounts are possible} which doesn't use any principle which a school leaver would not be able to understand {assuming passing grades in maths and physics}.

The lack of an audit trail is mitigated somewhat by the machine's design. As long as the Presiding Officer is exercising due diligence, an uncounted vote can always be spotted. The faulty machine can then be withdrawn from use, put into a mode in which it will accept no further votes without being unsealed and reset, and replaced with a spare; all within a minute or thereabouts.

No software is used at all, and the human interface is adaptable to various disabilities. Note that in the UK, a disabled person is entitled to bring an able-bodied carer of their choosing {and so presumably whom they trust with their vote} to the polling station with them.

Anybody interested in a fuller description?

MH
Voting Rights Forum Participant
Username: Runner2

Post Number: 1
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 9:51 am:

May I ask if the Black Box Voting Organization is giving any consideration to publicizing the Smart-Card security hacking issue, described here in an earlier post, just as it has publicized the chain-of-custody hacking issue?

Given tens-of-millions of voters and thousands of poll workers have direct access to the smart-card data read/write device on Diebold voting machines across the U.S., this is at least as critical a security issue as the chain-of-custody issue!!

At the very least, poll worker across the U.S. should be notified to watch for unusal card handling activity as voters and other poll workers use the voting machines.

Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam

Post Number: 779
Registered: 06-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 9:53 am:

Posted on Sunday, May 14, 2006 - 09:04 am: by Kathleen
"If it can be proven by the ITA's that Diebold never disclosed this feature to them, then doesn't this call into question whether this omission was intentional and therefore calls into question its intended purpose?"

Per the 1990 FEC standards-I have to check the latest EAC/FEC 'guidelines'-the vendor is REQUIRED to disclose all vulnerabilities to the ITA's who are supposed to test them and report such to the election officials. I think there is enough proof from the ITA testimony to indicate Diebold violated the 1990 -at the least- FEC standards.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 271
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 10:43 am:

Bruce,

I can give you a little insight on why we count absentees by hand. We have a very low percentage of absentee ballots, unlike many other states.

We are an "excuse required" absentee ballot state. You may not get an absentee ballot merely because you prefer to vote that way. You must either be away from your municipality all day on Election Day, or you must have a disability or infirmity that makes voting at the polls unduly burdensome. If someone in good health is seen in his municipality on Election Day, his absentee ballot may be challenged and voided.

The typical precint tomorrow will have 2-6 absentee ballots. In a Presidential November, that balloons to maybe 50+ per precinct on average. If we had "no excuse" absentees, we'd probably get scanners, too. Both would require legislation.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 272
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 10:49 am:

Bruce,

Also, do not give too much undue credit to PA for having its ROV's, or E.D.'s, program the machines.

I believe the "plan" was for the vendors to do it initially here also. For the other vendors, they may still be doing it. The "old DRE" counties (Danaher, Sequoia Advantage) definately do their own with some guidance from vendors for technical questions. Diebold, to their partial credit, recommended that counties do their own programming when the security alert came out.

Now if it really went down that way....

For all I know, ES&S may still be doing it for their counties.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4635
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 12:10 pm:

John Gideon:

I don't know. Perhaps the state voting machine examiners and the scientists should be asked why they never checked.

It appears that now, after Avi Rubin and Doug Jones both said "this is new" to the New York Times and other publications, they are now saying "this is old."

Since they've all read the RABA report and the SAIC report, one wonders why they changed their tune on this.

I simply forwarded their messages to Hursti.

This is an excellent idea for why citizens should never, never, never trust a group of scientists to design, oversee or decide public policy on voting machines.

They didn't know. They knew but forgot. They never looked. They can't remember.

All the while, they are saying to keep on using those touchscreens. Way to go, guys.

New mantra: Who knew what and when?

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 323
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 12:25 pm:

It's up to citizens to decide who's bull******* and who's not regarding the Hursti Report II.

Kathleen

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 275
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 12:32 pm:

Kathleen,

"It's up to citizens to decide who's bull******* and who's not regarding the Hursti Report II."

Yes it is. But my question is, "And do what with it?" March in the streets? Carry signs on overpasses? I'm not making fun of people who do that, but does it accomplish much, especially in the short term?

This is a long slogging battle. No one will be able to declare victory any time soon. People need to know there are very few easy or quick answers. This will be a battle of attrition. It may never be the kind of thing where election reform advocates can go have a "we won" party.

This journey is not for the faint of heart or weary of spirit. Be prepared for setbacks and advances.

Robert Sawdey
Frequent Voting Rights Forum Participant
Username: Rsawdey

Post Number: 129
Registered: 01-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 12:46 pm:

You've said enough for me, Adam... if it's neither recountable or auditable it's unacceptable... Especially since it's based on a mechanism whose correct functioning can't be observed, and whose design is only understandable by 'experts'. Do some reading in the forums here which discuss system designs...

Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl

Post Number: 563
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 1:10 pm:

Regarding a post of Jim March's previously: If you boot a system from a known-good CD you can eliminate threats for everything except the BIOS and whatever construction has been made of the CPU resident microcode. The BIOS threat would remain the most cogent to doing anything except making the machine fail to function at all. (The CPU resident microcode is essentially the code that tells the processor how to decode numeric instructions and then execute them, much to fine to create the type of problems that you'd use to crook an election without other level support.)
If the boot sequence is set to try the CD before the other machine resident hardware, and we're talking about the on-disk loader for the OpSys, this lets you get ahead of that. If you're talking about the bios bootloader, then you're still stuck. Interesting distinction, isn't it?

John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon

Post Number: 223
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 1:23 pm:

Bev,
Doug Jones was the first who asked about the SAIC report. He has clearly never read the full report. In fact, he is being a lot more vocal against Diebold than are some of the other computer scientists.
I suspect that many are looking at this issue as if it was just another security problem with some software/firmware and not that it is something far worse than that. They are being far too conservative in their thinking. I do not believe that Jones can be included in that group.

Robert Sawdey
Frequent Voting Rights Forum Participant
Username: Rsawdey

Post Number: 130
Registered: 01-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 1:48 pm:

Brant, as mentioned in the latest report, it's possible for a hacker to replace the bootloader with one that won't allow itself to be replaced by that mechanism anymore... so a special solution has to be used to assure replacement of such lowest level code in the full mitigation procedure.

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 324
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 1:50 pm:

Kurt,

You're right there isn't going to be a slam dunk solution and we've got a ways to go before we get there.

My point was that citizens have to make a conscience decision as to whom they can trust to give it to them straight.

So far, it looks as though the 180 degree turn made by Jones and Rubin stating that the Hursti Report II shows nothing new that they didn't already know before is questionable on its face and deserves more explanation and proof before accepting it as absolute fact. Moreover, it also confuses things unnecessarily (or was it on purpose?)

Surely, the seriousness of the bootloader issue is one of such a magnitude that I can't imagine Jones and Rubin forgetting about it and had to be reminded by David Allen of the RABA report's findings on this issue! From what I understand, and this will be checked out for accuracy, is that this particular issue was covered in just one paragraph in the RABA report, while Hursti's report was much more extensive in what was found. Something's very wrong with this picture.

Another thing that needs to be considered as well. One of the authors of the RABA report, Dr. William Arbaugh, reportedly stated in an interview that while there were serious problems in the software, these problems could be easily mitigated.

Harri Hursti states in his report that this is not possible.

Which one's got it right? Hursti or RABA?

When all the facts are brought out, the people must decide which one is right.

Kathleen

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 278
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 2:26 pm:

Kathleen,

Based on what I've read, I believe both. Rubin and Jones probably never thought much about the boot loader, thinking that attackers would attack the obvious place - the application program level (sounds reasonable to this layman).

Hursti obviously thinks at a deeper level. He seems correct about the vulnerability at the boot loader and OS level, as an engineer should.

What seems to be unspoken here is that the vulnerability is old. The implications of what it could MEAN may be new, and previously unthought of.

Any of that make any sense? To me, they're kind of both right.

It's like this:

"Hey, look at this problem!"

"Yeah, we knew about that."

"Do you realize what you could actually DO with that??!!! Here!"

"Oh my ........!!!"

Marian Beddill
Voting Rights Forum Participant
Username: Uu7thprinciple

Post Number: 30
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 2:44 pm:

This note is a head's-up.
Brazil uses DRE's without paper, purchased and controlled by their Federal Elections agency (the TSE). They are evidently built by Diebold.

I am in the process of translating from the portuguese, a specific report from a citizen activist there, tying their experience to the Diebold risks here. It will take me some time - it looks like a thorough report.

Perhaps it should be placed into its own topical thread??

Marian

John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon

Post Number: 224
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 2:44 pm:

Kathleen,
BBV, Harri Hursti, et al did a great job on this. It should be greatly appreciated by everyone. However, please do not belittle the RABA report. It found the same problem over 2 years ago. That information is powerful for us because it shows that Diebold, Maryland, and NASED knew two years ago that this vulnerability existed. Diebold did nothing with it. That is a fact that we can use to our advantage.

If, on the other hand, we denigrate the RABA report and the computer scientists in some quest to make it seem that these vulnerabilities were never before reported, then we are doing a dis-service to ourselves and our issue. I know for a fact that one Georgia activist knew about this same problem four years ago but she couldn't get anyone to listen.

Let's get beyond the issue of who gets credit, because it is not important in the long run, and let's not shoot those who should be our allies. Doug Jones is on our side. He has been since last week. Let's keep him as a friend and not an enemy.

Let's use the knowledge that RABA found the issue; though it did not describe it as well as Bev has and it did not give it enough importance; as our ammunition and not let it be used against us.

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 325
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 2:56 pm:

Kurt,

quote:
What seems to be unspoken here is that the vulnerability is old. The implications of what it could MEAN may be new, and previously unthought of.

This still doesn't address whether these mitigations have been implemented or not. If not, why not? Who, in the scientific community, entrusted to keep track of this was responsible for making certain these recovery paths were implemented? We shouldn't be so quick to give them a pass on this without proof to back it up. Any scientist should understand that.

Also, Mr. Hursti should be allowed to weigh in on Jones' an Rubin's change of heart. They haven't explained why they didn't say this in the first place. Instead, what was reported after the release of the report was that this security hole was a nuclear bomb. How could this be said at all, if this was old news?

There are still many questions that must be answered by Jones and Rubin and Hursti should be allowed to weigh in on this as well, before we draw in final conclusions.

Personally, this has the air of "butt covering" to me in order to preserve credibility of the scientists.

Kathleen

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 326
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 3:22 pm:

John G,

quote:
Let's get beyond the issue of who gets credit

This isn't about credit, it's about truth.

I'm not belittling the RABA report, I merely pointed out that it has only one paragraph on this security issue, while Hursti's was more in-depth. We need to compare what the differences are in the two reports as to Hursti's analysis of the security vulnerabilities as opposed to Rubin's and Arbaugh's in the RABA report.

What has been implied by Jones and Rubin is that the same analysis found in the Hursti report is exactly what was found in the RABA Report. Is that true? Such a statement can be misleading and it undermines the findings of Hursti Report, if it's not true. Hursti should be given a chance to respond to Jones and Rubin's assertion before any final conclusions regarding the similarities of both reports are arrived at.

Can you state with absolute certainty that these easily applied mitigations, as described by Dr. Arbaugh, have actually been implemented? If not, why not? If so, who implemented them and who was there to oversee the implementation of these mitigations?

Can you also explain exactly what these mitigations are so that they can be compared with what was found in the Hursti report and whether they would actually mitigate the security vulnerabilities described in Hursti's report regarding the bootloader's self-contaminating capabilities?

Without answers to these and other questions, we are being asked again to accept with blind faith what the scientists tell us. I think we've proven that to be unwise.

If the Jones is on our side as you say, then answering these questions shouldn't be a problem.

Kathleen

Dean Michaels
Voting Rights Forum Participant
Username: Deanmichaels

Post Number: 1
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 3:41 pm:

I signed up to this message board after reading the post yesterday about how easy it is to load virus or program code to a Diebold voter station using a smart card on election day.

It looks like a really bad security problem, so it crossed my mind to talk to our county elections manager about it. However, today I notice the smart card post has been ignored on this board while all focus remains on the bootloader news. The smart card security problem, if true, is something that has not been considered down here, I don't think, while the a bootloader thing is kind of old news.

Is that smart card posting the real deal?? BBV seems not to be very worried about it, so I don't know if its worth talking to the elections manager after all. Please advise.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4640
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 3:44 pm:

John Gideon,

The RABA report only exposed #3, replacement of software.

As Brad Friedman writes, correct attribution is not about who gets credit, it's about truth.

Vulnerability #1 is the bootloader. This was not in the RABA report.

Vulnerability #2 is the operating system. This was not in the RABA report.

Vulnerability #3 is software replacement with a PCMCIA card. This was in the RABA report, but the report didn't say what was found in Utah -- that the file on the PCMCIA card is never authenticated. Put your high school term paper on there with the right filename and off it goes, trying to replace the software with your term paper. A bit of an oversimplification, the details are in Hursti Report II, but certainly an added bit that goes beyond RABA. We aren't belittling that report -- it was great.

It just didn't cover the exploits #1 and #2, and of course it didn't cover the problems with the motherboard mechanisms which can be used instead of the PCMCIA card to contaminate the system.

Go back, read both reports, and I think you'll agree that RABA touches on one of the three exploits in a single paragraph, but misses the other, bigger ones.

John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon

Post Number: 225
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 4:24 pm:

Kathleen,
The RABA Report was done by RABA Technologies. It is not the Johns-Hopkins Report that was done by Rubin, et al. Two different reports by two different groups using two different means of getting at the security vulnerabilities. The RABA Team used a "Red Team" scenario where they went in and attacked the machines to find vulnerabilities.
To my knowledge Jones has never made the statements you attribute to him. He has, to some extent, questioned the plan to sit on this and hope that Diebold will take care of it themselves. He is contrary to some of the other computer scientists in this; or seems to be anyway.
Kathleen I don't understand why you have chosen to make Jones, Rubin, etc. out to be the enemy. That was my point in my original post. The enemy is Diebold and the states who ignored this issue even though they knew about it. Oh! and the ITAs and NASED because this is all in violation of the 2002 VSS Volume One Section 6.4.1(c).
We need to use the RABA report to our benefit. Yes, it only reports one of the three vulnerabilities. It does report ONE and that is an important thing for us to know and use.
Hell, Bev's interview with Rob Behler talks about the same PCMCIA issue. That was in 2003.
If we, all of us or just Bev for that matter, can just decide to release the whole report without redaction. There is nothing, except maybe some promises by Bev, that keeps that from happening.
But we need to understand the ramifications of doing that. What valuable help will we lose from our camp? What credible voices will we lose?
Is it going to be worth it to win this fight if we end up losing the battle later?

Bev,
Thank you for the clarification of what the RABA Report says as compared to the Hursti Report.

Jenny L. Hurley
Voting Rights Forum Participant
Username: Bolivar

Post Number: 12
Registered: 12-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 4:33 pm:

TO MARION:

If the report is on the Internet - All you need to do is bring up the report, RIGHT CLICK the Mouse in the document and then CLICK on TRANSLATE INTO ENGLISH. It is wonderful they way they do that. I have used it many times. Thanks a lot. Jenny

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 328
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 4:56 pm:

John,

I stand corrected on the RABA report authors. However, it was Jones and Rubin who came out and said the RABA report was the same as Hursti's, which was my main point.

Bev, obviously, cleared up the RABA findings as opposed to the Hursti findings for you.

Also, I don't consider either Jones or Rubin the enemy. You seem to translate extreme skeptism into something it's not.

Why didn't both Jones and Rubin first check with Hursti before going public with what they thought was old news? That would have been the more responsible thing to do, rather than support statements that weren't necessarily true.

In fact, Rubin's responded to the way BBV handled the release of the Hursti Report by calling it "classy". Being classy is also waiting to find out all the facts before making such a statement that could easily be misconstrued and undermine the truth.

Kathleen

(Message edited by admin_ii on May 15, 2006)

Jim March
Moderator
Username: Jimmarch

Post Number: 181
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 5:02 pm:

John,

Thank you for your guidance on how our organization should handle the release of this information. However, it's not you or any org you're connected with that is at risk if we don't follow responsible procedures in this matter.

Recently a confidential EMail from Michael Shamos was leaked to a large mailing list; the leaker didn't even know all the names of the people on the list, and the information contained an error. This is an example of the sort of mistake we're trying to avoid.

By the way, the second part of the Hursti II report covering additional findings from Emery County has been postponed until Wednesday, in part due to delays caused by responding to mischaracterizations of the Hursti II report (part one). Hursti has requested a copy of the smears posted on Democratic Underground and elsewhere. It is unfortunate that we have to waste time in this fashion.

Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam

Post Number: 781
Registered: 06-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 5:03 pm:

Kurt, in the interest of 'education' see here:
http://en.wikipedia.org/wiki/Rootkit

This Diebold statement "A company spokesman has admitted the flaw was actually built
into the system to allow election officials to upgrade their software." is really amazing; it basically shows that the 'spokesman'(and spokesman ARE reflective of the company) doesn't understand what ITA approval/certification is all about; the 'software' can't be upgraded without going thru the ITA and State Certification process all over again; so why would they "allow election officials,etc."?
No, sorry, it's what's called a 'backdoor'.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4642
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 5:06 pm:

Again, the uploading of software is only exploit #3. Exploits #1 and #2 are much more serious.

Interesting that everyone chooses to focus on the least important item.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4643
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 5:17 pm:

Dean Michael,

The smart card is a delivery mechanism. The bootloader, Windows CE and Ballot Station applications each contain back doors that can be exploited by smart cards, memory cards, hardware connectors or networking.

The root problem is the bootloader. Until that situation is dealt with, the possibility exists to rig a machine with all kinds of gadgets, including simply your finger.

Since there is an election tomorrow, it would be irresponsible to discuss the smart card delivery mechanism in detail. It is true that a single smart card could be used to infect every machine in the precinct, but the smart card is just the little man that walks in through the back door.

As long as the back doors are open, if it's not a smart card little man, it might be the hidden button man or the SD network card man or the hardware connector man. Any man will do, as long as back doors are open, and as the Hursti report says, there are multiple back doors -- at least one in every level.

John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon

Post Number: 226
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 5:17 pm:

Jim March,
Thank you for misrepresenting my position and my statements.
Please don't forget that it is the voters in this country who need you to follow proper procedures in this matter.

Phil McCracken
Voting Rights Forum Participant
Username: Phil_mccracken

Post Number: 20
Registered: 01-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 5:49 pm:

Bruce Sims:

"And it's amazing that -at least in San Diego,CA- the ROV absolutely relies on Diebold technicians to program both opscan and DRE's but that all the PA election officials manage to do it on their own;hmmm."

That is an inaccurate statement Bruce - Ask the County of San Diego. You have been to the office on Election Day. You have seen the office and the server room. You know the county programs the election, not Diebold. Diebold technicians are onsite for answering questions and assisting in helping the county, not for any sinaster activity. The county is quite capable of programming the election. Please check out your statements prior to posting, Bruce.

Joseph Hall
Voting Rights Forum Participant
Username: Joehall

Post Number: 86
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 6:32 pm:

Well, there's no way I can possibly read all of this thread. I've read a bit of it.

(speaking for myself only, which isn't much)

I think all of the academics are kicking themselves that 1) they didn't see this for what it was in the first place and 2) being so naive as to think something like this that is so blatantly in violation of the VSS/VVSG could have made it through the federal process. I mean we knew ITA certification was BS for security, but this is astounding.

In Avi's defense, I don't believe he had a full working system, just the code. I'm not sure if that would be enough for this or if they were just so excited to have any of it that they only examined the application code.

I don't think a single scientist is saying that this is old news. What we've done is asked two questions building off of this important work by BBV and Hursti: 1) What other systems could suffer from this gaping COTS hole (sytems that use WinCE or other embedded systems like QNX) and 2) how far back should we have seen this?

I think those are the spirit in which Jones' coments have been made... how do we make sure this never happens again?

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 279
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 7:00 pm:

Mr. Hall,

I'll ask you the question I asked before. Is this PCMCIA booting scheme likely unique, ubiquitous, or somewhere in between? In other words, is it likely that all PC-based DRE's are capable of this, even though they do not use CE?

John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush

Post Number: 416
Registered: 12-2004

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Monday, May 15, 2006 - 8:00 pm:

It's time to speak my mind,

This is to John Gideon, but others are free to chime in and comment.

It's clear, as the sun sets on this fine Monday, that the Hursti report contains specific information above and beyond the information contained in a single paragraph regarding vulnerability of software.

It's equally clear that neither RABA not SAIC identified any problems with the bootloader or operating systems, among others - even more serious problems than the vulnerability of software.

Clearly, the Hursti report is full of new information, that apparently none of you knew, proving once and for all that Diebold machines cannot be trusted.

This should be a time for extreme joy and hope, and a logical person, such as myself, would think that everyone involved in the effort to rid the world of these machines would express their thanks to Hursti, this site, and anyone else involved in the latest research.

But instead, there are people, supposedly on the same side, who not only have not expressed a single bit of joy and hope, but have done everything they can these past few days to negate the findings of the report.

I believe that we have a group of phony voting activists on our hands, playing people against each other. Since you are clearly on the good side here, allow me to show you how you have been played.

BTW, sometimes it's really hard to tell who is on the good side, and who is on the bad side...but sometimes, it's easy to tell...

1. This morning at 8:46 AM PST, you posted this message here, in this very forum:

http://www.bbvforums.org/cgi-bin/forums/show.cgi?tpc=1954&post=22302#POST22302

You copied the paragraph from RABA. I wonder if you mind explaining why you did this, and who you had contact with prior to doing it.

2. 13 minutes later, at 8:59 AM, this post appeared at Democratic Underground, written by a person who should have lots of reasons to be joyful and full of hope right now - if in fact he is one of the good guys in this battle:

http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=203 x428008#428115

He posted the same exact paragraph from RABA that you did, at almost the exact same time! And he went on to make a big deal out of how he contacted Doug Jones, and Doug said this and that, all written in such a way as to bring doubt on the Hursti findings.

3. Now, this poster has been posting up a storm of late - full of intrigue and mystery that would no doubt make a best-selling fiction story, and yet he hasn't posted a single comment expressing happiness over the latest Hursti findings.

It doesn't take a rocket scientist to figure out why.

4. John, at 2:44 PM you posted this comment on this very forum:

http://www.bbvforums.org/cgi-bin/forums/show.cgi?tpc=1954&post=22356#POST22356

In it, you clearly fixated on how RABA "found the same problem over 2 years ago." You didn't say a thing about the more serious and new problems discovered (bootloader, operating system, etc.)

You also went on to say this: "I know for a fact that one Georgia activist knew about this same problem four years ago but she couldn't get anyone to listen."

We know of whom you speak - Roxanne Jekot, aka Boredtodeath and Maddy McCall at DU, aka Vgebert at Daily Kos, and so many other names. You said you knew for a fact that she knew about this FOUR years ago - if this is true, doesn't this mean that YOU ALSO KNEW FOUR YEARS AGO?

Prior to RABA, prior to Rob? She knew? You knew?

Because you certainly could not know it for a fact, unless you yourself knew it FOUR YEARS AGO!

I'm sorry but it sures makes people suspicious around here when they see things like that, and compare and contrast them with statements like this, written by that very same activist that you state you know for a fact blah blah blah...on July 12th, 2004:

"First, understand that Bev doesn't have the baton. You see, she has nothing of value. The specialists who DO have the baton allowed her to use it because they thought she could move it forward. We misjudged."

"But, have no doubt, we've been working quietly and diligently in Bev's wake to move the baton forward without her FOR MORE THAN A YEAR NOW."

BTW John, Roxanne wrote this less than 9 months after she quit assisting Bev. NINE MONTHS.

http://bartcopnation.com/dc/dcboard.php?az=show_topic&forum=2&topic_id=301636#30 1921

5. Like I said before, a logical person, such as myself, would think that even Roxanne Jekot would be full of joy and hope and happiness about the latest Hursti findings.

Please go here and look and see if you can find a single expression of joy, or hope, or happiness:

http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=203 x428008#428115

Like I said before, sometimes it's hard to tell the good guys from the bad guys...but it is certainly time for the good guys to all be on the good side, and push those bad guys off to the side, and into the gutter where they belong.

I could go on and on, but I'm sure I've made my point.

Don't you agree John?

John Dean

(Message edited by Bozosforbush on May 15, 2006)

Joseph Hall
Voting Rights Forum Participant
Username: Joehall

Post Number: 87
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 8:08 pm:

Call me Joe.

While I write code, I don't know much about system software architecture, so I wouldn't know about the prevalence of this kind of vulnerability. A few people out there do know a fair bit about other systems and I hope they can speak up. The ES&S iVotronic uses a proprietary operating system, Hart eSlate uses Precise MNX ( http://www.mqxembedded.com/products/mqx/ ) and the Sequoia Edge seems to use a proprietary system that is "DOS compatible". (all that is from the compuware report from OH... which is from 11/2003 so could be old and/or inaccurate).

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 281
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 8:34 pm:

Thanks Joe.

As for the sniping going on elsewhere in this thread from people I assumed were supposed to be on the same side, it's all getting a little too "intramural" for my tastes.

Who the **** cares who gets credit for finding this, whether it's new or a rehash of an old finding? It had apparently escaped the collective consciousness of those who previously might have known some part of this, and no one held Diebold's feet to the fire to change any of it.

And as for the old "so and so has no credibility" garbage, I'm sorry to inform all of you but ALMOST nobody in the election reform movement has serious credibility with election administrators, because most of them only think the vendors have credibility, as weird as that sounds.

It is only by treating this as outside of a partisan issue, and documenting the bejabbers out of everything that any credibility can be gained. Now that may be fair or not, but it just IS.

A good start is for people like Bev and people like Dr. Shamos to be communicating. Lose that and we all lose a lot.

I'm at a loss to explain the intramural sniping. Maybe someone can enlighten me.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 282
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 8:38 pm:

With that, I will be leaving you until at least Wednesday. I will be voting on a Danaher DRE tomorrow morning at 7AM in Berks County, and then I am going to Lehigh County, using Diebolds, to stake out a large polling site for a candidate I like for State Rep., and to have Diebold horror stories to relate to you all on Wednesday.

Good night to all.

John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon

Post Number: 227
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, May 15, 2006 - 9:38 pm:

It's time to clear the air here. I want everyone to attempt to understand this.

Late last week, or this past weekend, I began asking the question about the SAIC report. I never got a response to my questions, as I recall.

I am on mailing lists with all kinds of voting activists and the fact that the RABA report had a portion of what the Hursti report has. That is important information because it means that Diebold and, at least, the state of Maryland knew about this vulnerability over two years ago and they have ignored it. That blows a hole in Diebold's claim that they just found this vulnerability.

I have no idea what is in the SAIC report because it is heavily redacted. Does Bev or Kathleen or John or Jim or anyone else at BBV have an un-redacted copy of the report?

At 03:44 PM today Bev made it clear that RABA only covered a small part of what the Hursti report covered and I thanked her for pointing that out.

Again, the fact that RABA and (hopefully)SAIC reported any part of the Hursti report is big news. There is no reason that anyone here has to be defensive about that.

That information needs to be used as part of the whole picture.

And I am not, in any way, telling anyone how to handle any announcements, plans or anything else.

I hope this is all clear. I'm not going to defend anything that I did because it does not need defending.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4645
Registered: 12-2004

Best of Black Box?
Votes: 3 (A keeper?)

Posted on Monday, May 15, 2006 - 9:43 pm:

Harri Hursti has asked me to pass along that he would like to see Roxanne Jekot's evidence that she knew about this four years ago. I'm sure he will be happy to know someone else spotted this stuff and he would like to congratulate Roxanne, if indeed she knew of the information in this report (beyond just the PCMCIA card issue, which everybody knew).

This is not quibbling. This is quite serious. Hursti asked me several times if it is true that Jekot knew this information and, if so, would she please post it publicly or distribute it to the scientific community. Hursti is generous with attribution.

However, on this matter I agree with John Dean. Trying to attribute Hursti's work to Roxanne Jekot won't hold any water unless she produces the goods. If she puts up, I say give her accolades (along with a couple questions as to whom she gave this national-security grade information to). If she doesn't put up, it's Hursti's catch.

Kurt, attribution is about credibility. Harri Hursti is now world-renowned for his acumen in testing voting systems precisely because his findings in Leon County were properly attributed. Black Box Voting was invited to Emery County for this earth-shaking study precisely because we (mostly) received proper attribution for our work beforehand. Credibility counts.

It's about credibility and yes, that is important. Credibility is what gives the bravest elections officials courage to ask to have their machines examined. Credibility is what gets organizations the funding required to do these studies.

Let's not confuse proper attribution with infighting. I say, if Roxanne Jekot knew of this, she must step forward with the evidence. If she does, she should get credit and if she does not, there should be no more discussion of Roxanne's claim, which would (without proof) be pretty inappropriate.

Very simple -- put up or pipe down, but it is unfair to Hursti to say that Roxanne Jekot discovered Hursti's findings if she can't substantiate that.

I do agree that the aggression in election reform efforts is not cool.

Adam Stiles
Voting Rights Forum Participant
Username: Ajs726

Post Number: 3
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 3:02 am:

Robert,

My point is specifically that one need not be an expert to understand the operation of the machine I designed. It is based entirely on principles that a school-leaver with passing grades in mathematics and science should be able to understand.

Whenever not required for an actual election, the machines can be made available for public scrutiny -- with all seals removed -- and observed in operation. The inability to cast a vote without a deliberate action by the Presiding Officer, the correct functioning of the recording mechanism and the integrity of the STOP mechanism {which prevents the recording of any further votes} can all be verified while the machine is thus unsealed. It is possible to make a further integrity check at any time after the result of a completed election has been recorded.

Lack of an audit trail is an inevitable consequence of the simple recording mechanism. Counting and anonymisation are performed together in real time: each vote is recorded instantaneously as it is cast, in a manner which leaves it indistinguible from any other vote for the same candidate.

The addition of the ability to generate any kind of audit trail would unduly increase the system's complexity, simultaneously making the machine harder for an ordinary person to understand and introducing more opportunities for errors. In the worst case, if an anomaly is discovered between the "main" and "audit" records, we still do not know which {if either} is correct and so have to call a new election. {Cf. Segal's law: "He who has a watch always knows what time it is; he who has two watches is never sure".}

One has to take it on faith that the machines are functioning correctly on the day of the election. This machine is designed from the outset in a way which ensures that such faith is well justified.

Kate Spark
Voting Rights Forum Participant
Username: Maroon1

Post Number: 8
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 3:40 am:

It is 6:30 AM, eastern time, in Washington PA, which I believe is the largest county in the state using Diebold. The polls open at 7 AM.

My local paper finally DID print online the comments regarding Diebold TSX that my husband and I made about an article in which the paper appeared to sound "giddy" over this new voting system. However, the posting of our comments occurred over 72 hours after we submitted them, and the headline article we addressed is only available now through a search on their site. Too little too late for local readers to understand the voting issues of today, at least for the primaries. Readers here usually do not view much that exists beyond current headlines.

There is little I can do to observe and take photos of the cases as I am not registered along party lines; I spent a large part of yesterday trying to find someone I know well and TRUST who could do this for me, to no avail. It is a sad day for the elections process in PA. Surrounding counties will be using iVotronic, Sequoia and a couple of other systems.

I really wish I had a bit more guidance, in how to proceed today and afterwards - as to what I can do as a citizen. But I must admit, the "situation" on this board yesterday took me aback quite a bit. I am new to the board, and am truthfully very fearful on how our vote will proceed today. I am sick over the whole issue.

I will find out what I can about how the vote proceeds and what problems are encountered by voters of the City of Washington. I have three appointments in town today, so I will be out and about and will do what I can to check out the voting situation. Usually people here tend to focus on the positive, and not highlight problems, so I am not too sure what will be addressed. It is pouring rain, which should reduce turnout, as that is normally the case here. The local TV news is speculating, in postitive fashion, that the new voting machines will perform well, and they think there should be few problems.

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2449
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 3:53 am:

It would be great if you knew one person (either party) who could use your cell phone to take photos of the outside of the voting machine case. Or a couple different people.

Also, you could ask a few people going in to check if there are any seals on the machine at all and if so, where they are, including the back of the machine. Then you can wait till they come out and write down their observations (and hopefully get their name and contact details).

Congratulations on getting your letter into the paper! That is a huge achievement. Now you see that it can be done and it is not rocket science.

Since a time delay is inevitable between the original article and any response, if you think it's important for your readers you can quote a few statements from the original that you're responding to in your own letter.

You have already been very successful. More people may read your letter than you think; in some places that is a popular section of the paper.

Maybe in the next couple of days your group can submit a press release commenting on how no common citizens are allowed to observe the voting and counting and how objectionable this is. If it's short and clear they might use it as a space filler. Make sure your contact details are on the press release.

And/or your group can write a press release about how no seals were observed on the CASE of the voting machines (if none are seen, that is) and how this shows that a major security vulnerability has not been addressed.

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2450
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 4:17 am:

Kate, I'm probably getting overenthusiastic. I wouldn't want you to think you were "supposed" to do more than you already are.

Take things at your own pace--you're doing great work!

Congratulations again on your success. It'll be interesting to hear how the day goes for you.

Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl

Post Number: 565
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 5:09 am:

Robert, you said "Brant, as mentioned in the latest report, it's possible for a hacker to replace the bootloader with one that won't allow itself to be replaced by that mechanism anymore... so a special solution has to be used to assure replacement of such lowest level code in the full mitigation procedure."

Perhaps you didn't read my post carefully enough. I said if you can boot from a CD (and yes, that may be a big 'if', but if you can) then the bootloader that is sitting somewhere else, not running, is irrelevant. It is storage that can be wiped and re-written as any other storage may be.

Patrick J. Kobly
Voting Rights Forum Participant
Username: Pkobly

Post Number: 13
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 9:13 am:

Brant,

Yes, once again, I'm going to post the link to Thompson's Turing award speech:

http://www.acm.org/classics/sep95/

This speech is critical to security in general, and _very_ applicable to this particular set of vulnerabilities. The hazards of transitive trust are very real. Further, we are often not aware of all of the links in the chain of trust.

re: boot from a CD

What piece of code is it that allows the computer to talk to the CD in order to boot from the CD? What puts the CD's boot image into memory and starts it executing? Has this code been "certified"? Can this be subverted to put something other than the CD into memory? Probably...

RE: Sniping / credibility / attribution
There is an awful lot of talking at cross purposes here. This sniping will detract from our credibility in the media. It seems this is because we are looking at this issue sideways, and not explicitly laying out goals and implications, and playing to our strengths in the situation as it exists (rather than trying to mold the situation to what we think we want it to be).

Yes, it is easier to get coverage if the vulnerabilities are newly discovered (and are perceived as such). However, even if the vulnerabilities are not seen as sufficiently new, the fact that the vendors, ITAs and obstinate elections boards have claimed they were fixed or mitigated (but we can show that they were not) makes this newsworthy. Honestly recognizing and identifying when and by whom related vulnerabilities were discovered by others only serves to improve our credibility with the outside world. Noting where new discoveries differ (and where we are merely providing another viewpoint) also improves our credibility.

We need to fight a critical perception: "These machines are trustworthy." We don't need to spend time fighting a perception and shifting opinion on a tangentially related subject: "These are not new vulnerabilities." To fight "these machines are trustworthy," we need to establish only "these vulnerabilities currently exist," not necessarily "these vulnerabilities currently exist and are new."

Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam

Post Number: 783
Registered: 06-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 10:18 am:

To Phil McCracken; I am quoting exactly from the security procedures response to the SOS from the San Diego ROV regarding Diebold technicians programming the machines,ballot styles,etc.
The ROV states that such is 'done under the supervision of ROV employees'; take it up with the ROV and understand I do check out stuff before I post; I also make public records requests; what do you do but question my integrity?

Samuel Scharff
Voting Rights Forum Participant
Username: Abacus

Post Number: 33
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 11:18 am:

Patrick Kobly: Thanks!

Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl

Post Number: 566
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 1:20 pm:

re: boot from a CD

Patrick J. Kobly said: "What piece of code is it that allows the computer to talk to the CD in order to boot from the CD? What puts the CD's boot image into memory and starts it executing? Has this code been "certified"? Can this be subverted to put something other than the CD into memory? Probably...", yes, Patrick that's why it's important to know whether they're talking about the 'bootloader' that is part of the BIOS or the 'bootloader' that is part of the operating system, as I said.

However, if you hard code the writing to disk (don't use BIOS service subroutines) and overwrite both the BIOS and the bootloader for the operating system, you can cleanse the system. This was pretty much the point that I was heading toward. I was trying to get a better feel for where the problem was.

Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam

Post Number: 787
Registered: 06-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 1:44 pm:

In the interests of clarifying for those who just use computers,not 'live' them:
http://en.wikipedia.org/wiki/Bootloader

A bit of history:
http://www.birdhouse.org/beos/byte/30-bootloader/

And examples of why it's so important:

http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla:en-US:offici al&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=bootloader+windows+ce&spell=1

Kate Spark
Voting Rights Forum Participant
Username: Maroon1

Post Number: 9
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 5:57 pm:

Well, PA has been interesting today.

In Allegheny County - iVotronics Model 650 ..."120 machines wouldn't produce "zero-count" printouts to start the day confirming there were no votes registered in the machines"

" nine machines had their screens cracked during transit to the polling places (they said these would not be used)..."

easily 12+ polling places had problems... paper ballots had to be used

In Washington County - Diebol Accuvote TSx ... "Larry Spahr said 20 or 25 of Washington County's 185 precincts reported problems. Mr. Spahr is director of elections.

"Most of our problems have centered around the printer on each unit," he said. "The lids on printers have to be locked tightly [for the zero-counts] to print. In most of the instances, the problems we had were with that printer, where folks didn't have the lids snapped down tightly. Paper has to be pulled through that hole. As far as the units working to their optimum, everything else has been fine. "Our poll workers were instructed how to properly set that printer up, but that's where the problem is."

And Philly - Danaher - "100 voting machines broken
Philadelphia Daily News

More than 100 voting machines are reported to be broken across the city, the Daily News has learned.
Apparently, the machines were broken when polls opened this morning -- they keep spitting out the paper tape that keeps the tally of the vote. It is the largest breakdown since we started using the new voting machines.
The broken machines were first reported in the weblog for TheNextMayor.com." (please read at this site, very interesting)

I find this very interesting... 3 different areas, 3 different machine types, and same problems with each?

Any incite from you folks?

Kate Spark
Voting Rights Forum Participant
Username: Maroon1

Post Number: 10
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 6:04 pm:

Sorry, meant "insight", LOL, long day and am trying to pay attention to too many things at one time...

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 285
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 6:23 pm:

Kate,

"incite"?????????????

Dr. Freud, call your office.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 286
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 6:31 pm:

Kate,

I've been hearing the same thing in Berks as Philadelphia (also Danaher). Since these machines have always been rock solid, it's got to be their HAVA firmware update package.

Kurt

Kate Spark
Voting Rights Forum Participant
Username: Maroon1

Post Number: 11
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, May 16, 2006 - 6:33 pm:

LOL, sorry Kurt... I did not even realize I spelled the word wrong, that is how tired I am. I have been up since 4 AM - early for me - and a long, long day for many reasons that had nothing to do with the electon.

Jody Holder
Voting Rights Forum Participant
Username: Holder

Post Number: 20
Registered: 11-2005

Best of Black Box?
Votes: 3 (A keeper?)

Posted on Wednesday, May 17, 2006 - 12:51 am:

I am very distressed going through this thread. I am sure that Diebold and the other vendors are pleased.
It appears that some of what has occurred is miscommunication or misunderstanding what has been communicated.

I have read different statements attributed to Doug Jones and Avi Rubin, but have not seen any in which they claim that what Harri Hursti found had been found before. David Allen is the one who reported that all this was "old news" that had been regurgitated. His only piece of evidence is the paragraph from the RABA Report which reported a risk that the activist community already knew existed. I thought the most telling illustration of his true purpose was his snide irrelevant asides contained in the first paragraph.

Doug Jones did react when shown the paragraph from the RABA Report that it did appear to sustain Hursti's findings. I did not see that as supporting the position that Hursti found nothing new, just that RABA had pointed out a similar vulnerability. Doug Jones has been a diligent taskmaster towards voting machine vendors. In August 2003 he presented a paper calling for th de-certification of Diebold's AccuVote-TS voting machine. You can read the paper here:
http://www.cs.uiowa.edu/~jones/voting/dieboldusenix.html

What is interesting is his concluding statement in that paper:

Consequences for the Larger System

I want to emphasize that this story represents more than just a black eye for Diebold. As I said in my 1997 letter, it represents a black eye for the entire system of Voting System Standards promulgated by the Federal Election Commission and the National Association of State Election Directors. Not only did the I-Mark/Global/Diebold touch screen system pass all of the tests imposed by this standards process, but it passed them many times, and the source code auditors even gave it exceptionally high marks. Given this, should we trust the security of any of the other direct recording electronic voting systems on the market?

His question that day is even more in need of an answer than it was that day. The public officials responsible for protecting American citizens from voting systems that could corrupt or deny the voting franchise failed to do their job.

I would urge people to read his report, and his many other contributions to the cause of voting integrity that appear on his website.

Avi Rubin and Ed Felton also wrote a response that I found on the Security Focus website:
http://www.securityfocus.com/print/news/11391

My thoughts on the prior reports:
Every one of the prior reports found security risks, both low, medium, and high. Some of the examiners had access to the machines, and others did not. The Hopkins study and the California Technology Board study did not have access to an operating machine. Instead they were confined to checking source code. Why the teams who actually had access to the physical machines did not find what Harri found I do not know. If they did (such as the SAIC Report, which did choose to redact a majority of the report) why did they not sound the warning bell?

The point is that the computer scientists consulting to the states regarding voting systems failed to do their job. In fact, they were some of the strongest defenders of these voting systems whenever activists raised alarms.

It is through the efforts of BBV.org that the voting integrity community was finally able to have an actual deployed voting machine examined, have that examination documented, and then have a final report written by a computer scientist who has established his credibility. I would heartily concur with Bev's statement above regarding credibility.

We now have the proof that has been denied for years. Prior to this we had snippets of information, Inferences gleaned from the FTP site, Diebold Memos, Public record requests, second-hand information gleaned from reports that for the most part were commssioned and paid for by the very government agencies who wanted to buy the machines. This time the examination was conducted independently of the prior special-interests.

Our war is against vendors who value money over democracy. Who see voting as a means to make money. Our fight is with those electon officials who have abdicated their responsibilities to the voter for the siren call of the vendors promising expediency. Our fight is with any one who claims there is no problem, because if there is no problem, there is nothing to fix.

Black Box Voting and the Hursti II Report have provided the irrefutable evidence. It should be the rallying point around which the troops should gather. On June 6 in California over 12,000 Diebold TSx voting units will used to vote in a federal election. These units have sat in warehouses since the fall of 2003. They have been worked on by many locally hired technicians during that time. There is no way to know if these machines have been compromised or not.

This election is important to this issue. This is the Primary in which the electorate will choose either Bowen or Ortiz to run for Secretary of State against McPherson. McPherson and Ortiz have already gone on record as supporting business as usual in the conduct of elections in California. If either becomes the next SoS we can be assured of the same problems. Bowen understands and fights for voting reform. Yet this election will be decided on Diebold touchscreen machines.

We need all the troops we can muster. Then we must work as a team. There is too much at stake to allow in-fighting, personal differences, or past misunderstandings or even fights to sidetrack us. Siblings fight, but still will come together when the time calls for it. That time is now.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4674
Registered: 12-2004

Best of Black Box?
Votes: 2 (A keeper?)

Posted on Wednesday, May 17, 2006 - 5:41 am:

Thanks, Jody. Yes, the "spin" team is out in force, and can be identified by their words, not their identities (some of them are supposedly working on election reform while attacking the Hursti study and BBV). Oldest trick in the book is have some members of the spin team placed inside the activism community itself.

Don't worry about it. The citizenry's B.S. meter is alive and well!

Some final thoughts on "part 1" of Hursti II, before "part 2" of Hursti II is released:

Diebold knew, because Diebold DESIGNED the back doors into the system. What you have is three levels with separate back doors designed into each of the three levels. If someone spots one, closes it, you can always use one of the other back doors to go right back and reopen it.

Or, in the politician's sound byte, "It's the DESIGN, stupid!"

One reason Diebold is admitting this so quickly and "fixing it" is that they want to get the press reporting "Diebold is fixing its system" instead of the even more fundamental question, "How did this get in there in the first place?"

Who designed this in? How can we subpoena that person and get them under oath for public questioning in front of TV cameras?

The importance of Watergate-style hearings is this: To implement REAL election reform, the American citizenry needs to see these lying, spinning bastards doing their obfuscation before congressional examiners. Taking a page from the tobacco industry expose's, it may be more feasible to do this at state levels and compile together results, since the federal level lacks the will to do the people's business.

It's going to take public hearings and exposure of the pattern of false claims and lies to galvanize the public to FORCE representatives at the federal level to take appropriate action.

It is, of course, inaccurate to depict the Hursti II study as repeating the RABA study -- it breaks new ground with several stunning developments. Among these are that there are three different back doors built into three different levels -- the PCMCIA card software delivery is one of the delivery mechanisms, but the report describes others as well, including the use of a (redacted) hardware connector and the use of a hidden SD card built into the motherboard.

The importance of the Emery County study performed by Hursti and Security Innovation is that it takes away all excuses and produces real evidence, not theories or snippets from memos or words from interviews, but demonstrable evidence that these back doors are designed in to the latest systems delivered just weeks before the study.

I believe Hursti has done our republic a great service by proving, once and for all, that these machines contain multiple delivery mechanisms which can enter through multiple back doors on at least three different levels, built in.

Let's keep our eye on the ball: The question now is not "can Diebold redesign it" but "who put this elaborate system of back doors in?"

You see, if the back doors are designed in by a Diebold programmer, you have to get the guy under oath and learn straight from his lips what he thought he was doing. This is not a situation where the PR team should be answering those questions. If a Diebold programmer did this, perhaps we should think twice before asking him to "fix" his own back doors.

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 329
Registered: 08-2005

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Wednesday, May 17, 2006 - 7:35 am:

If the political will (whether it be state or federal) is not there to conduct a public, televised hearing to question this Diebold programmer to find out why and who authorized a design of this kind for an elections software...that, in and of itself, will give us an idea how deep the rabbit hole goes on this issue and perhaps an idea of who the rabbits are that live there.

If the absolute need for this hearing doesn't galvanize citizens to unite and work together to make it happen, then I can't imagine what will.

Kathleen

(Message edited by admin_ii on May 17, 2006)

Linda Franz
Frequent Voting Rights Forum Participant
Username: Linda_franz

Post Number: 347
Registered: 12-2004

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Wednesday, May 17, 2006 - 9:18 am:

Put a bandaid on the problem or cure the problem?

If someone keeps getting sick, doctors can treat the symptoms but the illness will never be cured until proper investigation and diagnosis is undertaken.

Allowing a "fix" to these machines is just putting a bandaid on an open wound that won't heal.

If the underlying system is not healthy, or easily compromised, problems will keep recuring.

This has to go all the way back to who designed the systems, why they did what they did, and why security seemed to be the very last consideration.

Joseph Hall
Voting Rights Forum Participant
Username: Joehall

Post Number: 88
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Wednesday, May 17, 2006 - 9:43 am:

We need a Congressional oversight hearing with the spectre of subpoenas.

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2461
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Wednesday, May 17, 2006 - 10:18 am:

Or state-level hearings under subpoena in many states, as Bev suggested previously. It would be easier to generate interest in the public on a state-wide basis about their local election problems.

State-level inquiries are more likely to be effective than the US Congress. The national government has already shown that it is not interested in real reform (just remember HAVA!) and is likely to provide lip-service and more cover-up.

Jenny L. Hurley
Voting Rights Forum Participant
Username: Bolivar

Post Number: 13
Registered: 12-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Wednesday, May 17, 2006 - 11:25 am:

The AEI (American Enterprise Institute) and Brookings have several articles on their joint website - newsletter@electionreformproject.org
INTERESTING because AEI is Repub and Brookings leans Dem.

I get their email - but don't have time to read it today. THANKS for all you do. You all work your tails off for this DEMOCRACY. I appreciate it very much. Jenny

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2465
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Wednesday, May 17, 2006 - 11:59 am:

Hi Jenny, thanks for the link to the article and for the encouragement.

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2466
Registered: 12-2004

Best of Black Box?
Votes: 62 (A keeper?)

Posted on Wednesday, May 17, 2006 - 12:52 pm:

Samuel Scharff
Voting Rights Forum Participant
Username: Abacus

Post Number: 35
Registered: 08-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, May 18, 2006 - 12:31 pm:

Catharine

This list is great

Thank you!

Bev Harris
Board Administrator
Username: Admin

Post Number: 4716
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, May 19, 2006 - 3:51 pm:

Catherine, you did a fabulous job with the summary. You are a wonderful asset to the worldwide election reform movement.

Barbara Bellows-TerraNova
Voting Rights Forum Participant
Username: Bellterr

Post Number: 4
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 20, 2006 - 5:11 pm:

If I am submitting my earlier article to a local monthly magazine ("Catalyst, Resources for Creative Living") that likes visuals, is it possible to offer one or two of the pictures from the first, more casual, report on Bruce Funk and Hursti. What does BBV require -- credit and a link? Or more?

By the way, the Salt Lake Tribune went back and forth and then finally emailed me Thursday with the following:
"...and we decided yours will not be published. It rehashes a lot of information that we have already dealt with in our news pages and in editorials. You don't present personal experience or specific expertise on the subject.
I am sure you have done a lot of reading about this, and we appreciate your interest in contributing to the Opinion pages."

Yikes! I may have no expertise, but I sure know more than enough to inform with concern. And this used to be our "Independent" (from the LDS Church) newspaper - but was bought up by Dean Singleton (Bush Ranger).

For the record, the Salt Lake Tribune has not, to date, told the story of the released Hursti report at all. There was merely a minor editorial suggesting rural areas vote by mail.

Anyway, please let me know about the picture. I was particularly thinking of Hursti and Bruce at the open machine and/or Bruce receiving the machines.

Any idea when the final section is coming out? I'm checking many, many times daily.

Bev Harris
Board Administrator
Username: Admin

Post Number: 4739
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Saturday, May 20, 2006 - 8:37 pm:

from e-mail by Dr. Doug Jones to Bev Harris:

They've pushed several new versions of the TSx firmware through certification since then, so they can't claim that they didn't have the opportunity to correct anything yet.

David Allen's editorial comment that he appended to what I'd said fails to capture this. I don't understand why he feels inclined to add such a putdown, because it's certainly not how I read what he quoted of my E-mail response to him.

Barbara Bellows-TerraNova
Voting Rights Forum Participant
Username: Bellterr

Post Number: 5
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 21, 2006 - 12:16 pm:

A question:

If God chose Bush, why does Diebold even need to be hackable?

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2549
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 21, 2006 - 12:40 pm:

Well--I'm speechless!

Barbara Bellows-TerraNova
Voting Rights Forum Participant
Username: Bellterr

Post Number: 6
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 21, 2006 - 2:58 pm:

Catherine:

Don't panic. It is a joke. My daughter's assignment for school is to write a bumper sticker that relates to science.

She's going with, "For Healthy Forests, thin out the Bushes".

Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a

Post Number: 2550
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 21, 2006 - 3:28 pm:

OMG!

Robert Sawdey
Frequent Voting Rights Forum Participant
Username: Rsawdey

Post Number: 134
Registered: 01-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 21, 2006 - 4:17 pm:

Ah hahahaha... well, I'd definately give her a high mark!

Pruning shouldn't be confined to the 'shrubs' though... acorns don't fall far from the tree... and Papa's Carlyle Group is involved up to their eyeballs!

Barbara Bellows-TerraNova
Voting Rights Forum Participant
Username: Bellterr

Post Number: 7
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Sunday, May 21, 2006 - 8:48 pm:

Robert:

That's why it's "the Bushes" - we're quite familiar with this American Dynasty.

V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir

Post Number: 325
Registered: 04-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Wednesday, June 7, 2006 - 5:12 am:

Apologies for slightly OT post

Bev,

You mean the foreign ownership thing on Dobbs, right? Not the same substance, but I guess...

Keep this in mind. I don't know this for sure, Bev, but I'll just bet that the same software issues Shamos found in PA's certification for the Sequoia Advantage applies to the Sequoia Edge as well. It's possible they use a completely different tabulation program than the Advantage, but I doubt it. It wouldn't be an efficient use of resources. Every other company uses a unified software suite for tabulation. Hell, ES&S even calls theirs "Unity". Has anyone ever checked anew on the Sequoia Edge's tabulation SW to see if it's the same one that Montgomery County, PA could not use on May 16 for the Advantage?

Robert Sawdey
Frequent Voting Rights Forum Participant
Username: Rsawdey

Post Number: 144
Registered: 01-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Wednesday, June 7, 2006 - 11:52 am:

Speaking of great bumper stickers, how about "Practice Political Abstinance: No Dick, No Bush"... hahahaha

The public must be able to see and authenticate these four essential steps for an election to be public, democratic, and valid: (1) Who can vote (voter list); (2) Who did vote (3) The original count; (4) Chain of custody.