Navigation
Topics
Log In
Log Out
:
Special Search
New Today
New This Week
Advanced Search
Tree View
Your Account
Edit Profile
Register
Forgot Password
Tools
Help/Instructions
Policies
...
|
| 7-30-07: An Open Letter to Calif. Se... |
|
| Author |
Message |
    
Bev Harris
Board Administrator
Username: Admin
Post Number: 6496
Registered: 12-2004
Best of Black Box? 
Votes: 7 (A keeper?) | | Posted on Monday, July 30, 2007 - 11:25 am: | 
|
Comments On The Recent "Top to Bottom" Review
by Jim March, Member of the Board of Directors, Black Box Voting
Secretary Bowen, your office has as of this date completed a review of certified voting systems. This review was welcome with the obvious exception of ES&S's lack of involvement, which we'll address at our closing.
While the goals of this effort were laudable, our organization is concerned about its execution.
Your agency's review only partially examines the risks of inside manipulation with these systems. Procedural remedies can be circumvented by those with some level of inside access: roving technicians, programmers, and the IT staff of local elections jurisdictions. In fact, we would contend that the most high risk scenario of all is that of inside manipulation, and we would also contend that the systems used in California cannot be secured from inside tampering, leaving the citizenry of California in the inappropriate position of being forced to trust the government to count their votes in secret. This does not secure and protect the rights of The People in the state of California.
The security analysis for all of the products was incomplete. As one glaring example, nobody checked into the area of "data theft" for any system. "Data theft" is mainly an issue between the time the mail-in vote scanning begins a week or more pre-election day and the close of polls. Can "insiders" find out who is winning, long in advance of polls close? Such data is politically and financially valuable and is far more accurate than any "Zogby" or similar poll. In Pima County AZ, a review of old Diebold audit logs found a pattern of such theft going back through 2004 to present. This illegal activity could have been covered up with ease, but until the Pima County Democratic Party brought me in to check, no review of audit logs was occurring so the thieves didn't bother. Such data theft is possible in the Diebold environment with ease; we strongly recommend checking the others.
A bigger issue involves basic honesty.
In the case of the Diebold overall system, no effort was made to establish whether or not the Federal certification was actually completed in an honest fashion on Diebold's part. Significant evidence exists that Diebold defrauded the Federal oversight process, declaring customized code within the Windows CE ("Compact Edition") operating system to be "Commercial Off The Shelf". See also:
http://www.blackboxvoting.org/wincefraudwalkthrough.pdf
http://www.blackboxvoting.org/rrlee-wincedeclaration.pdf
http://www.blackboxvoting.org/thenasedblues.pdf
Your agency had the opportunity to investigate this with access to all of the Federal certification documents, but appears not to have done so. It was imperative to examine the source code for Diebold's customized Windows CE operating system, yet we do not see any evidence that this was done by anyone, or any note taken of that fact.
In your "Red Team Attack" notes on Sequoia, your own investigators note that Sequoia's statements as to their security processes repeatedly turned out to be inconsistent with reality:
The Sequoia documentation states that the firmware is stored in ROM and that checksum-based mechanisms are used to determine if the firmware has been modified maliciously. However, in reality there is no secure, hardware based mechanism to ensure that no corrupted firmware gets loaded and executed.
This pattern repeats itself throughout your own report.
This points to a systemic problem, national in scope.
Fraud throughout the certification process at the Federal and state levels has gone unchecked by any authority. Diebold has been caught brazenly lying since at least 2003 with no consequences from your agency under past elected administrators or any other, so additional fraud in the process by any vendor cannot come as a surprise.
To restore trust in the democratic process, we urge you to take a "zero tolerance" attitude towards fraud or misleading statements by voting system vendors. You now have enough examples of this regarding Sequoia and Diebold in your own documentation to toss them out of this state forever. Per your own statements previously, ES&S has been acting with equally low regard for basic ethics.
Sadly, the ethical failures don't stop with the vendors.
We have recently had cause to question the legality of a voting system used in Virginia, Mississippi, Pennsylvania and others. The AVS Winvote was allegedly being shipped by the vendor in unqualified hardware configurations. I went to the EAC offices in DC personally and was informed that since the Winvote was certified under the prior NASED regime, the EAC had no paperwork on that system. No lists of certified components existed outside the vendor's control that could be cross-referenced against hardware less than 20 miles away in Virginia.
If so much as a hint existed that a Boeing 747 was flying in commercial air service with parts uncertified by the FAA, it would be grounded and checked in a matter of moments. Paperwork would be cross-referenced against installed hardware. Yet as a matter of policy, the "Election Assistance Commission" rendered itself incapable of basic professionalism.
You cannot base the California certification process on a diseased Federal oversight system, one that deliberately cripples itself at every opportunity for fear that something will visibly unravel if made public – such as, for example, the entire previous NASED-based certification process which the EAC is scared to support for admittedly good reasons. Nonetheless, bureaucratic fears are not good cause to abandon all oversight for previously certified systems as the EAC is on record as doing.
Secretary Bowen, you must take a stand. You are California's election watchdog. You must blow the whistle and declare the entire current process and systems broken. If that throws the state's election infrastructure into visible chaos, so be it: better to see the madness made visible than to hide corrupt, incompetent and unprofessional processes. Full reform today is hampered by the veneer of legality and professionalism installed inappropriately by the Federal oversight process. We ask you in no uncertain terms to break that veneer, decertifying both the systems and the process that spawned them.
Secretary Bowen, work with the legislature to build something new, in California, from scratch – system(s) and certification process. Make this state a model others can turn to, abandoning the morally bankrupt Federal oversight process and "black box" privately owned systems in their entirety. No other state has the combination of resources and political will necessary to do so. Where you lead, even the Governor must follow on this issue, along with the legislature.
Please consider taking more aggressive action. Decertify everything, citing the obvious failure of Federal oversight as the primary cause.
Jim March
Black Box Voting
Link to Secretary of State reports:
http://www.sos.ca.gov/elections/elections_vsr.htm |
Bev Harris
Board Administrator
Username: Admin
Post Number: 6498
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Monday, July 30, 2007 - 11:48 am: |
|
There are two gigantic elephants in this living room that few people are talking about:
1) The work fails to really address manipulation by insiders, which is the most likely scenario. There's a reason that's taboo: as Paul Lehto says, "you can't secure your laptop from yourself".
Those who have a vested interest in keeping technology in elections tend not to address this.
Next elephant:
2) The study does not call the ITAs and NASED/EAC certification people on their bullshit. How is it that a chimpanzee, two old women, a gun nut, a Finnish entrepreneur, computer programmers of all descriptions, can quickly find the flaws in this stuff but ITAs and certifiers have consistently missed this information for more than a decade?
The answer is as plain as the nose on your face: corruption.
A limited number of people are involved in ITA testing and EAC certification. They need to be hit with subpoenas and real, meaningful cross examination, along with the programmers of these systems. Until that is done, we won't begin to heal. |
John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush
Post Number: 921
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, July 30, 2007 - 12:52 pm: |
|
Jim, that's an outstanding letter.
My state is supposed to be the trend setter. This is one area where we really need them to come through.
John
Deserter, brain is fried, no WMDs, yada yada yada. No wonder we clowns laugh.
|
Russell Novkov
Frequent Voting Rights Forum Participant
Username: Rnovkov
Post Number: 214
Registered: 02-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, July 30, 2007 - 1:53 pm: |
|
The votes were rigged by Diebold.
Russell J. Novkov
|
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3976
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, July 30, 2007 - 2:12 pm: |
|
Great letter, Jim.
Typo alert--please fill in the missing word(s) in this crucial sentence and send the corrected sentence to Bowen as well:
quote:Your agency's review partially the risks of inside manipulation with these systems.
I'd love to know what that sentence was supposed to say.
from BBV admin: my fault, dropped a couple words when copying it to the forums. Should say "only partially examined" - thanks for catching that. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 6501
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Monday, July 30, 2007 - 8:26 pm: |
|
Emily Levy's letter to Debra Bowen:
Secretary Bowen,
Thank you for the strength and courage that has brought you to this moment.
What can I add to the superb testimony we've heard so far today?
I fear that, even after months of testing, there's still an elephant in the room that has not been tackled. Even if you and your staff could plug every hole in physical and software security, and the voting systems were made fully compliant with the accessibility requirements of HAVA, it would still not be safe to use these systems. Why not? Because even if they were absolutely protected from hacking, the systems and therefore our elections could still be rigged. There is no way to provide an absolute safeguard against electronic voting systems being delivered to the counties and presented to the voters already compromised. For this reason alone, these systems and others like them must never again be used in our elections.
The irresponsibility and lack of ethics of the vendors has been amply shown:
The have misrepresented their products.
They have installed uncertified software.
They have cut corners in developing the security of their systems.
Clearly they are not guided by ethics or commitment to the public good. Clearly they have other priorities.
Is so unbelievable, then, that they might rig an election?
We shouldn't be thinking of how we can make these systems work, we should be thinking of how we can make our elections work.
We have a crisis in voter confidence that can only be solved by creating a true basis for voter confidence. Only transparency and publicinvolvement can save our democracy now.
Perhaps more than any other human being in this country, you, Secretary Bowen, are in a position to take bold, decisive action that will reverberate around this nation and turn it in its tracks. The next step is to decertify these machines, to send these vendors packing and tell them not to come back. Not with another promise, not with another model, and not with another roll of toilet paper.
The people of California, the people of the United States, the people of the world are counting on you.
Emily Levy
Velvet Revolution
|
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3977
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, July 30, 2007 - 11:56 pm: |
|
Wow, Emily, that's a fantastic letter. Really hits the nail on the head.
To restate and expand on the points you raise,
--There is no way to know whether compromised machines have been delivered to counties (and which could still be in active use--despite any so-called "certification" by any organization)
--Vendors have consistently shown themselves to have a terrible record in terms of product design and quality
--Vendors have consistently shown themselves to be utterly disreputable in terms of ethics
--Vendors, acting singly and as a group, have consistently acted to obstruct the obtaining of even basic product information in ways that would never be tolerated in other industries where the public good or public safety is involved |
Bev Harris
Board Administrator
Username: Admin
Post Number: 6504
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, July 31, 2007 - 8:55 am: |
|
housekeeping item from BBV admin
the equalccw Web site maxed out on bandwidth. Jim provided new copies of the links by e-mail. I have uploaded them to Black Box Voting and I replaced the original links, which had stopped working, with new working links. |
Jody Holder
Voting Rights Forum Participant
Username: Holder
Post Number: 34
Registered: 11-2005
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Wednesday, August 1, 2007 - 3:34 pm: |
|
Jim:
An excellent letter in all aspects. I consider vendors and election officials who deliberately subvert the electoral system, either by overt or covert actions, to be domestic terrorists. Those public agencies whose duty it is to protect the interests of the citizens of this country, and abdicate that role for any reason, are aiding and abetting this attack upon our form of government (giving material support).
I consider the RoV from Napa County, and the other RoV's who took part in the attack upon Secretary Bowen at Monday's hearing, to be complicit in that attack. I will no longer give them the benefit of the doubt. What they do they do with knowledge and by choice.
Here is a copy of my comments at the hearing yesterday. First though is the statement made by the Napa County RoV:
Video time stamp:
05:15:00:
I'm John Tuteur, the Napa County Assessor Recorder County Clerk and Registrar of Voters.
05:17:25
The top to bottom review has no relevance to the real
world conduct of elections within the framework I have just discussed and has wasted almost one million dollars of scarce federal funds. This top to bottom review deserves the same admonition that I gave to former Secretary Kevin Shelley after his decertification fiasco [Since when is upholding the law a fiasco?].
Secretary Bowen, you should know better than to erode the public's confidence in California's fair and accurate elections process for crass political purposes. [He turns to face Secretary Bowen]
Shame on you.
His contact information is:
Napa County
John Tuteur, Registrar of Voters
900 Coombs Street, #256
Napa, CA 94559
Phone: 707-253-4321
Email: elections@co.napa.ca.us
My comment:
CALIFORNIA SECRETARY OF STATE
HEARING
SACRAMENTO, CA
July 30, 2007
President Eisenhower warned us of the dangers of the military-industrial complex. After four years of activism and research I can say the election industry presents an even greater danger to our republic, for it puts at risk the very foundation of our form of government: the right of the people to choose who shall govern them.
Today our elections have become captured by vendors that care more about their bottom line than about the accuracy or security of our elections, and too many local election officials that care more about expediency and convenience, and their self-interest, than their duty to the voter.
This review has shown just how fearful the election industry is of scrutiny, and how incestuous the relationship is between vendors and election officials. The orchestrated campaign by both the vendors and local election officials attacking the Secretary’s review is not just revealing, but outrageous. Those election officials who have participated in those attacks should be ashamed.
During the last four years we have repeatedly seen deliberate efforts by election officials to obstruct public oversight of our elections. That must end.
While I welcome this review, it is not a top-to-bottom review. A top-to-bottom review would include unannounced forensic inspections of actual deployed systems. This would determine what firmware and software are actually installed, what lines are actually connected, and what communication links and drivers are activated. It would include a review of recent election event and audit logs.
I am very disturbed that LA County’s voting system was not examined. That county alone can determine the outcome of any statewide race or proposition.
After what I have experienced and observed over the last several years involving election officials and vendors, I do not trust the election industry. It is as self-serving as the military-industrial complex.
Electronic voting is inherently vulnerable. No amount of procedures, seals, or locks can provide the degree of confidence that we as citizens demand. We must know that we are being governed by the will of the majority, not the will of some hacker, fanatic, or incompetent programmer.
Procedures are no better than implemented.
Given the fact that every examination of every electronic voting system by an independent team has shown its unfitness for its intended purpose, I ask the Secretary to de-certify all electronic forms of voting. The Attorney General can then investigate possible legal actions based upon fraudulent business practices by the vendors.
Local election officials must stop defending the interests of the industry, and defend the interests of the voters instead. They must stop hiding the process if they are to restore our trust.
I want to thank Secretary Bowen for starting to review these voting systems. I would warn her that there are people within the Elections Division that have and will subvert her efforts.
Secretary Bowen was elected on the platform of restoring the voters’ trust in the electoral system. Any election official who does not adopt that same principle should resign or be fired.
I am adding a PS: John Tuteur should be the first in line for resigning. It is RoV's with his attitude that have perpetuated this mess. He has abdicated his oath of office and should be ashamed. Check out VotersUnite.org's website and see the 27 page list of Sequoia failures from around the country. That is what has eroded the public's confidence. That and RoV's that keep lying and stating that all is well. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 6507
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, August 1, 2007 - 3:51 pm: |
|
Jody, your testimony was outstanding. To all who are reading: We need to keep telling the truth. As Paul Lehto has said, "It's a one-way street. Once people see the truth, they never reverse course."
It is our duty to tell the truth about what's happening to our elections to everyone who will listen (and even to those who don't want to listen.) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3985
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, August 1, 2007 - 3:53 pm: |
|
Awesome letter, Jody.
I hope that SOS Bowen hears and understands. Her important initiative is revealing only the tip of the iceberg of the problems. The tip of the iceberg that we can now see is horribly dangerous. Refusal to acknowledge how much deeper the problems go would be sheer insanity if one has any respect at all for "the very foundation of our form of government: the right of the people to choose who shall govern them." |
Bev Harris
Board Administrator
Username: Admin
Post Number: 6516
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, August 1, 2007 - 5:18 pm: |
|
Letter from Al Kolwicz
Dear Ms. Bowen:
Thank you for taking the initiative and the heat. We absolutely concur with your notions of what an election system is to achieve. Your opening comments were wonderful.
In Colorado, the Secretary of State may decertify equipment and immediately authorize a temporary use of the decertified equipment.
If you do nothing else, we hope that you will decertify the equipment. We also hope that you will not allow its use, but at least decertify the equipment.
Please consider this. It was proven in district court that Colorado voting equipment was not properly certified. The judge ordered recertification of the equipment but did not order decertification. Consequently, even if the equipment fails the re-certification tests, the equipment can still be used and new equipment of the same type can still be purchased. In other words, nothing happened. See MYRIAH SULLIVAN CONROY, ET AL., v GINETTE DENNIS, IN HER OFFICIAL CAPACITY AS COLORADO SECRETARY OF STATE, Case No.: 06 CV 6072.
This equipment was not designed to meet the standards for which it is being marketed. It should be considered unfit for merchandize.
At a minimum, please protect the purity of elections. Please decertify this equipment.
Al Kolwicz
Colorado Voter Group |
Bev Harris
Board Administrator
Username: Admin
Post Number: 6517
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Wednesday, August 1, 2007 - 5:30 pm: |
|
letter from Paul Lehto
Dear Secretary of State Bowen:
As you know, you are statutorily authorized to conduct this top to bottom review for the purposes of assessing the suitability of voting systems for use in California. As an election lawyer with some litigation experience in California elections, I wish to offer the following comments supporting complete decertification of all electronic voting systems in use in California for the reasons stated below, particularly emphasizing your own inability, on account of vendor resistance and delay, to even complete and accomplish your own duties of inspection and review on account of vendor opposition to producing any and all information.
1. It is clear that the Secretary has authority under Elections Code section 19203 to* "make all arrangements for the time and place to examine voting equipment proposed to be sold inthis state." You made those arrangements, you know the manner in which they were not complied with was numerous and egregious. This alone prevents you from forming a belief that you have properly inspected those voting systems such that you can approve them. You would be speculating as to software not provided or reviewed, and information withhold. Thus, the information required to be provided by vendors is insufficient to form a finding that the systems comply with California. Accordingly, this alone requires decertification.
2. Under elections code section 19205, the software is required to be suitable for the purpose intended. However, all vendor contracts of which I am aware routinely disclaim the implied warranties of merchantability and fitness for a particular purpose. This constitutes a signed statement for each vendor DENYING that their voting systems will work for their usual purpose (the general legal definition of merchantability) and it constitutes DENYING that the systms will work for the particular purpose intended, namely elections in California Counties (the general definition of fitness for a particular purpose). These denials are, standing alone, sufficient
evidence not only to decertify, but to conclude beyond any doubt that the anufacturers themselves do not believe in and do not stand behind their roducts, and do not in fact think they are suitable for the purpose of California elections in a way that is meaninfully relevant to the public's goals of transparent and accurate elections. See my legal white paper on
this at:
http://www.wheresthepaper.org/ZeroGuarantee0707.pdf
3. The security papers adopted by the Secretary as contractually or legally demanded by vendors constitute significant if not total (in some instances) restrictions on the discretion of the Secretary to inspect and evaluate voting systems. These requirements, be they from trade secrecy or contract, constitute additional conditions blinding the eyes and limiting the ability of the Secretary to do her job and support the public interest.
4. False Statements and Fraud by Vendors.
http://www.sequoiavote.com/bAVCEdge.php states as follows, and has so stated since at least August 2004, and constitutes a warranty and representation that inheres in the contacts Sequoia signed, since it is an express warranty
it is not waivable:
Unmatched Security
The AVC Edge(r): provides nothing less than 100 percent accuracy, privacy
and security.
The Audit Trail provides an unalterable electronic record of all votes cast during an election
For reasons clearly established in the Top to Bottom and red team reviews, this statement is false and fraudulent. This constitutes an independent basis for rescission of contract under the law of fraud and false pretenses
because the records ARE alterable, and the systems are NOT 100% accurate, private, and secure.
5. History of Inaction. I personally sued Sequoia in April 2005, on issues including the "yellow button" that, pressed twice, allows unlimited manual voting. Sequoia has proven an intense pattern of recklessness by taking no action on this, despite all the notice one could possibly have of this problem See www.votersunite.org/info/lehtolawsuit.asp (choose "complaint" near bottom)
6. Diebold represented to the NH Ballot Commission on videotape that they would do whatever the California SOS required. They did this to obtain a NH approval. Obviously this was a false statement. Diebold, and all other
vendors, are NOT LISTENING nor do they sincerely wish to have their code vulnerabilities corrected. This is an additional reason, in the nature of "other good cause" sufficient for decertification.
7. Decertification can and should be sought also under Election Code section 19214.5. (a) [...] *for an unauthorized change in hardware, software, or firmware to any voting system certified or conditionally certified in California." This should include a prohibition on doing business in California for 3 or more years, and refund of money under subsection (4).
8. Local elections officials are also prevented by vendors from doing a proper inspection every two years, and this is supporting cause for decertification under Elections Code section 19220. The elections official of any county or city using voting or vote tabulating equipment shall inspect the machines or devices atleast once every two years to determine their accuracy. IT IS IMPOSSIBLE To determine accuracy under conditions of secret vote counting or trade secret software. Most certainly any TIMELY determination of this accuracy, prior to certification of the election result is not possible, especially when local elections officials claim to be too busy to provide whatever very limited information they do have access to. Here again, it is impossible for the Secretary of State, or any rational human being, to form a rational belief that a complete top to bottom review has been had. Secret vote counting defeats this entirely.
Please decertify the non-transparent, secret vote counting software from all vendors, as it completely prevents and defeats the democratic
accountability of elections. Whenever the private power exceeds the government power, as FDR specifically noted, we have met the definition of fascism. To approve any of these systems is to accept that private power of corporations is greater than the public interest in transparency, since they insist on secrecy in vote counting. I do not believe that you could, consistent with your oath of office, allow any vendors to continue to do business, since you would be violating your duty to uphold the Constitution and laws of the state of California and its people, in favor of corporate power, and implicitly finding that power superior to the sovereignty of California. This is impossible, if we remain a democracy.
Very truly yours
Paul R Lehto
Attorney at Law |
Jerry Berkman
Voting Rights Forum Participant
Username: Jerry
Post Number: 69
Registered: 05-2006
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, August 2, 2007 - 8:32 pm: |
|
The transcript of the July 30 hearing is on line!!!
That is only three days ago. It used to be we had
to wait two or three weeks. The transcript
includes an Index starting on page vi, so you
can find where a speaker is, e.g. Stephen Weir
starts on page 103, Michelle Gabriel on page 196,
mine starts on page 226, and it all ends
on page 264.
Also, the hearing will be replayed tomorrow
on the California Channel on cable (channel
26 in Berkeley) starting at 9:30 a.m.
Check for your local cable channel at:
http://www.calchannel.com/carriage.htm |
Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam
Post Number: 1018
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, August 2, 2007 - 8:41 pm: |
|
I applaud and thank all those who have posted their letters here. I completely concur with all they have written, from Jim's superb letter to Paul's eloquent letter.
I chose a bit different route focusing on the 'practical' aspects of decertifying that would minimize criticism or her decision to decertify:
(submitted via the email link and automated response of reception received)
I strongly urge Secretary Bowen to de-certify these systems.
Besides the vulnerabilities found, which implied even greater vulnerabilities to be found if more time was available, and the lack of any testing regarding the accuracy of such voting systems, I find the basic logic for such a decision being the following facts:
THE important point is the finding that none of the systems met the HAVA requirements ('current law') for usage in an election.
It is HAVA that dictated that ONE voting machine per precinct be implemented.
And it is HAVA which is paying for these systems (read our tax monies).
And only 40% of the HAVA monies allocated for the States has been spent.
And most contracts have clauses related to non-performance, San Diego's included !.
And Counties/States CAN return such monies even if they have already been distributed.
So there is NO rational for using voting systems that violate the law; or is the law going to be further demeaned in California ala the Bush Administration modus operandi? |
Jerry Berkman
Voting Rights Forum Participant
Username: Jerry
Post Number: 70
Registered: 05-2006
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Thursday, August 2, 2007 - 8:42 pm: |
|
Bev,
I think the biggest elephant in the room is that it would
be impolite or tin-hattish to say someone would even think
about stealing an election. Supposedly we are all upstanding
citizens with integrity, especially poll workers and elections
staff.
If everyone is so honest, why is California going broke
supporting its prison system?
And the vendors and Registrars distort or lie, e.g. Deborah
Seiler's testimony. |
Jerry Berkman
Voting Rights Forum Participant
Username: Jerry
Post Number: 71
Registered: 05-2006
Best of Black Box?
Votes: 3 (A keeper?) | | Posted on Thursday, August 2, 2007 - 8:59 pm: |
|
Here is my letter I sent to Debra Bowen yesterday.
It is also posted, and may be easier to read, at:
http://election-reform.org/california_review/comments_final_jb.html
- Jerry
Comments on Results of Top-To-Bottom Review
Jerry Berkman, August 1, 2007
Secretary Bowen and Deputy Secretary Finley:
I am Jerry Berkman, a retired computer programmer at U.C. Berkeley, with an interest in and a certification in computer security earned from the SANS Institute [1] in 2003.
Thanks you very much for performing the Top-To-Bottom Review of Voting Systems. It was much overdue.
Claims vs. Reality
The registrars, vendors, and supporters of the DRE election systems make claims which do not seem to be based on reality.
One part of the problem may be that the DRE supporters may feel we need only to defend against amateur attacks. If someone wants to fix a Gubernatorial race, or U.S. Senate race, they will probably have millions to spend, and be able to hire real talent, not amateurs.
Supporters claim you can feel confident due the integrity and effort of our elections officials and workers.
But:
- Two election workers from Cuyahoga County, Ohio are now in jail for sabatoging a recount; [2]
- Their supervisor, Michael Vu, is now Assistant Registrar of Voters in San Diego County. He defended his workers. He must have been complicit or clueless. Either way, his hiring does not inspire confidence. [2]
- The former ROV of Monterey County, Tony Anchundo, is now in jail for 43 charges of forgery, misapplication of funds, embezzlement, falsification of accounts, and grand theft of nearly $80,000 of County money. [3]
- A major part of San Diego Registrar Deborah Seiler's testimony was that the Top-To-Bottom Review only reviewed 3 of the 9 systems in use, and if a system is decertified, counties might switch to a non-reviewed, less secure system. [4] The Review press release states: [5]
quote:"Five other currently certified voting systems were subject to examination under Secretary Bowen's top-to-bottom review. In four of those cases, vendors opted not to subject their systems to the top-to-bottom review because they don't intend to have any county use those systems in California elections after January 1, 2008.
Why is Registrar Seiler misleading us?
- Los Angeles Registrar Connie McCormack said to the Los Angeles Times: [6]
quote:"All of us have made changes to our software - even major changes - and none of us have gone back to the secretary of state. But it was no secret we've been doing this all along."
Supporters claim you can depend on the vendors.
But:
- Diebold was decertified in 2004 for installing unauthorized patches without notifying the Secretary of State,
- The Top-to-Bottom Review reports mentions many features do not work as documented,
- Security vulnerabilities such as hard coded passwords and vulnerabilities to election databases which were discovered years ago have not been fixed, [7]
- Continuing to use Windows as a base system, instead of more secure systems such as Free BSD or Linux, calls into question the vendor's commitment to security,
- When a system has undisclosed logins and logins without passwords, this again calls into question the vendor's commitment to security.
Supporters claim the red-team testing was unfair because hackers wouldn't have physical access to systems for that long a time.
But:
- Researchers have been able to buy Diebold and Sequoia machines on eBay. [8]
- Machines can and have been stolen, e.g. six Diebold tabulation machines and a touch-screen voting terminal were stolen from a Ramada Inn in Macon Georgia in June, 2002. [9] (It took Kathy Rogers, then head of the Georgia State Elections Division, two years, until Sep. 2004 before she would acknowledge the theft. [10] She is now Director of Government Relations for Diebold Election Systems and wrote the Diebold statement presented at the public hearing Monday.)
- Machines are lost; there are reports of machines turning up in odd places after elections, e.g. turning up on the streets of Baltimore. [11]
Does anyone really think that organized crime could not get a few DREs and tabulators?
Supporters claim the red-team testing was unreasonable because hackers can't get the source code.
- The Diebold source code was found unprotected on the Web.
- Someone may be able to hack the vendors network to get the source code.
- Social engineering, bribing a vendor programmer, or bribing someone for a copy of the daily backup tapes may work.
- If Los Alamos can't control it's classified computer programs, why do we believe Diebold, Sequoia, and Hart InterCivic can?
Supporters claim these are well tested systems.
But:
- When I looked at the Riverside Statement of Votes Cast for the last general elections, in the race for Governor, I found 11 precincts which it listed as having zero registered voters and one vote for Governor [12]. How can that happen?
- There have been many reports commissioned to look at the security of the voting systems Each one finds new vulnerabilities [13]
- The ITAs test functionality, not security [14].
- The ITA testing system has been found to be lacking and Ciber, a major ITA, being denied initial accreditation by the EAC. [15]
- Many parts of the source code which were supposed to be examined by the ITAs were withheld by the vendors, e.g. Windows CE being claimed as COTS (Commercial Off The Shelf) software, even though it is not.
Supporters claim if a system hasn't been proven to be hacked, then it is secure.
This has proven false with:
- Kryptonite locks for bicycles were once regarded as the ultimate in security, until an article was published on how to open them quickly and easily with a Bic pen. [16]
- Door locks: easily opened with "bump" keys available for a few dollars on the Internet. [17]
- RFID keys for cars: these can be bypassed by a series of pulls on the emergency brake [18] and the supposedly unreproducable keys can be reproduced. [19]
The Current Situation
Currently, the systems:
- The systems are not secure.
- The systems are not HAVA compliant.
- The systems are not California Elections Code compliant.
- The vendors resist any attempts at oversight.
- The vendors act in a half hearted manner to address these issues, e.g.:
- Diebold makes voting terminal stands which are too narrow to be approached by a voter in a wheel chair. The legs are only only 19" apart, while the VVSG calls for 30" apart. Even without the VVSG, 19" is obviously too narrow.
- None of the vendors show evidence of using modern security practices such as designing in security from the beginning, never using hardcoded passwords, always validating input, etc.
- The systems keep changing, forcing ROVs to keep upgrading their systems.
- The systems are very expensive to buy, maintain, and run.
- Each election, there are new problems, e.g. Sarasota's 18% undervote in the Attorney General race, Charlotte County, Florida's 25% undervote, minority undervotes, etc. The system needs simplifying.
In addition, there is not enough money in the election systems market to cause the vendors to react and fix the problems, or for new vendors to emerge.
Another problem is the vendors development timetables. According to the Elections Technology Council, [20] the timeline:
for a minor software change to a voting system is 18 months,
for a minor hardware change to a voting system: 24 months,
for a major software change to a voting system: 36 months,
for a major hardware change to a voting system: 42 months,
for a new product to a voting system: 54 months.
These are too long. In fact, it has taken Diebold 1 and 1/2 years to fix the problems found in the previous Secretary's term, and these fixes are not yet California certified.
Conclusions
To keep doing what we are doing, and expect better results has been called the definition of insanity.
So:
Decertify immediately any system not reviewed.
Decertify the reviewed systems. Recertify them for 2008 only, with stringent conditions, including:
- They are to be used only for accessibility, with a maximum of one DRE per polling place.
- Recertify the Hart InterCivic system only after the software components Hart withheld are supplied and tested.
- SOVCs must be posted in a usable format for analysis on the web.
- The public must be given meaningful observation rights. Being in the room while an activity is being conducted and being told "you can observe the process", is no substitute for getting close enough to see and hear what is happening.
- All central servers (tabulators, high speed optical scanners) will have their event logs posted on the web.
Other states, such as New Mexico, have switched from DREs quickly and painlessly. And, in fact, the undervotes for minority communities plummeted after the switch from DREs in New Mexico!
The optical scanners also have many problems; recertify them or switch to hand counting. The February, 2008 primary could easily be counted via hand, as there will be only one partisan race plus, possibly, a few initiatives.
Miscellaneous
Many of the Registrars in weird situations try to count votes as the voters intended. However, that is not in the Elections Code. It should be amended to fix that.
The Elections Code allows a maximum of 5 minutes time in the booth with a DRE, 10 minutes for optical scan ballots. The accessibility report showed about 10 minutes average for visual usage, 20-40 for audio usage. The Elections Code should be amended to realistic numbers.
The accessibility report stated there is a need for better privacy. This is true for all voters. Cameras are so small and can zoom from such a distance that privacy must be protected. There should be curtains around the booths as in the old days.
Footnotes:
[1] SANS Institute
[2] North County Times, "San Diego County hires Vu as assistant registrar", April 11, 2007
[3] BradBlog, "Monterey County, CA, Registrar Tony Anchundo Pleads 'No Contest' To 43 Criminal Charges", Dec. 21, 2006
[4] Testimony during TTBR Public Hearing, July 30, 2007
[5] Press Release, July 27, 2007
[6] The Connie McCormack quote is cited several places, including:
Kim Alexander: http://www.calvoter.org/issues/votingtech/pub/0707KACOMremarks.html
Doug Jones: http://www.cs.uiowa.edu/~jones/voting/nist2003.html"
ACM Risks: http://catless.ncl.ac.uk/Risks/23.03.html"
LA City Beat: http://www.lacitybeat.com/article.php?id=863&IssueNum=47"
[7] GEMS Central Tabulator 1.17.7, 1.18, August 31, 2004
[8] "Sale on eBay exposes vote security flaw", Jan. 31, 2007.
"Lou Dobbs: Voting Machines Available On Ebay"
"Keeping an eye on the count", June 2, 2007, Princeton professor Andrew Appel bought six Sequoia machines on eBay for $86.
[9] "Steal This Vote", Andrew Gumbel, 2005, page 235.
[10] "Steal This Vote", Andrew Gumbel, 2005, page 236.
[11] "Mysterious touchscreen voting machine found", USA Today, 9/29/04,
[12] Riverside SOVC, Nov. 7, 2006, 27.9 MB. The following precincts with 0 registered voters had 1 vote each for Governor: 11971, 14028, 23019, 30073, 35709, 35735, 37675, 37924, 40910, 45041, 46006, 46815, 50023, 50043, 50831, 59005
[13] These include the SAIC, RABA, CompuWare, and Berkeley reports. One exception is the Alameda County report which was referenced in the public hearing, but that report was done without examining the source code and without testing the machines.
[14] Remarks of ITA testers and other panelists at the Secretary of State's Voting Systems Testing Summit, November 28-29, 2005, Sacramento, CA.
[15] New York Times, "U.S. Bars Lab From Testing Electronic Voting", Jan. 4, 2007.
[16] Wired, "Twist a Pen, Open a Lock", Sep. 17, 2004.
Bike Forums, 36 second video demonstration.
New York Times, "The Pen Is Mightier Than the Lock", Sep. 17, 2004.
[17] Lock Bumping in The News, Video of TV news programs on "lock bumping".
A bump key source
[18] "Pinch My Ride" , Wired.
[19] Code breakers beat security scheme of car locks, gas pumps, Science News, Feb. 5, 2005.
[20] "Comments on HAVA Amendments", Elections Technology, page 10. |
Mark E. Smith
Voting Rights Forum Participant
Username: Markesmith
Post Number: 2
Registered: 06-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, August 7, 2007 - 9:33 am: |
|
My concern is with Bowen's conditions for recertification of Diebold's "tamper-evident seal." All Bowen asks is that the vendor demonstrate that the seals are serially numbered (they are) and provide a photograph of the placement of the seal.
My guess is that Diebold may have written those conditions, as they have lots of those full-color photographs in their marketing department. The only thing the photographs DO NOT show is the fact that the seals can be by-passed with a screwdriver and a pair of pliers, as Bev demonstrated. The Diebold machines (I think this was the op-scan) can be opened up, the memory card removed and reprogrammed or replaced, and the machine closed up again, all without ever touching the "tamper-evident seal," which then remains completely intact and shows no evidence of tampering. These seals are worthless. If they were subjected to any test at all, they'd fail.
If the vendors meet Bowen's conditions for recertification, it is very likely that the machines used in San Diego will be unsecured. San Diego elections officials claim that they cannot hold an election without sending the machines home with pollworkers for "sleepovers" up to three weeks before an election. It only takes a few minutes to tamper with a machine and unvetted pollworkers have weeks in which to accomplish this.
Bowen's conditions stipulate a "two-person rule" for the custody of the machines. But according to Bruce Sims, at least as I understand it, the CA election code allows elections officials to violate the law with impunity if they need to do so in order to hold an election. So if Bowen does not grant San Diego a waiver from the two-person rule that will allow sleepovers, it is very likely that San Diego will simply ignore the rule, as there does not appear to be any legal penalty for doing so--all they have to do is claim that they needed to break the law in order to hold the election.
Would you buy a used car AS-IS if the dealer didn't let you examine it or test-drive it, and would say only that it has a vehicle identification number (VIN) and let you look at a photograph of it? If Debra Bowen is going to accept the worthless "tamper-evident seals" on that basis, we're in big trouble. |
|
|
