Navigation
Topics
Log In
Log Out
:
Special Search
New Today
New This Week
Advanced Search
Tree View
Your Account
Edit Profile
Register
Forgot Password
Tools
Help/Instructions
Policies
CLICK STATE TO SEE:
"WATCH LIST"
Marked with: 
"OPEN & HONEST"
Marked with: 
...
|
| 11-21-05: Diebold violates court order |
|
| Author |
Message |
    
BBV Admin
Board Administrator
Username: Admin
Post Number: 2785
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 21, 2005 - 9:26 am: | 
|
On Dec. 16, 2004 Judge William A. McKinstry issued a court order on case RG03 128466 forcing Diebold Elections Systems Inc. to honor certain security protocols.
Black Box Voting has learned that Diebold has been violating that court order.
Black Box Voting investigator Jim March and Black Box Voting founder Bev Harris, lead plaintiffs in Alameda Superior Court Case RG03 128466, filed a claim against Diebold for making false claims to the state of California. Diebold entered into a settlement of this case, agreeing to a penalty of $2.6 million to reimburse California taxpayers, and also agreeing to court ordered procedures.
Among the terms of the court settlement: Diebold agreed not to cross-connect a Diebold central tabulator to the Internet, and a requirement that Diebold strip the Windows operating system of any Internet connectivity programs/drivers/etc from use unless doing so would cripple system functionality.
On Nov. 21, 2005, Jim March filed a declaration at the Diebold certification hearing in Sacramento, attesting to personally witnessing evidence that both these provisions were violated by Diebold.
In San Diego, Internet connectivity was enabled both physically and by software so as to auto-update the county’s Web server with election results. March obtained this information from county officials while in San Diego on July 26, 2005, shortly before he was arrested for attempting to view the vote tallying.
California Election Code 15204 expressly requires election officials to allow the public to view all aspects of vote tallying.
In Los Angeles, Bev Harris was prohibited from watching the vote tallying on Nov. 8, 2005. She interviewed tally center officials, who stated that the tallying was transferred through a private network to the Web and elsewhere, including a mainframe computer in the neighboring town of Downey, a location on the sixth floor of the Los Angeles division of elections in Norwalk, and from computers on the sixth floor into the secretary of state’s office, the Internet, and elsewhere.
Little else could be learned in Los Angeles, because no viewing of crucial tally locations was permitted, and Los Angeles also stonewalled the Libertarian Party's request under Election Code 15004 to examine the voting machines before the election. (Los Angeles simply sent a nonresponsive response to the request, claiming that inviting the Libertarians to a Logic and Accuracy test should suffice.)
In San Diego, Internet connectivity was enabled both physically and by software so as to auto-update the county’s Web server with election results. March was told this happened through a firewall by Nokia and configured by SAIC with Diebold’s cooperation.
While a properly configured firewall helps prevent outside interference, it can be beaten in one of two fashions: by outside hacking inward, or even more easily by inserting a call-out program within the central tabulator to “phone home,” establishing a two-way connection from behind the firewall.
It is precisely because of these risks that Judge McKinstry issued orders banning Diebold from Internet connectivity. Not only is Internet connectivity banned by the Agreement, but such connectivity is also banned by Diebold’s certified procedures manual for the system, which can be found here:
http://www.ss.ca.gov/elections/procedure_items_5c.pdf (see item 7.4.7)
The second violation of the court settlement was found in San Joaquin, Calif. During the course of an examination performed for the Libertarian Party of San Joaquin, March obtained printouts of installed drivers and connectivity programs, and found that no extraneous networking bits were removed. San Joaquin appears to be using a standard Windows 2000 installation.
This should immediately be investigated further to confirm configurations in all California counties. If true, this would be a violation of the court settlement of some gravity.
Diebold’s continuing penchant for making misleading statements to public officials and violating court orders and violating regulations should result in this company’s removal from the elections industry.
If the state of California continues to certify Diebold Voting Systems, those public officials responsible for such failure to act must be considered as participants in a series of corrupt actions.
Letter to Calif. Attorney General's office on this matter |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1207
Registered: 12-2004
Best of Black Box? 
Votes: 1 (A keeper?) | | Posted on Monday, November 21, 2005 - 9:43 am: |
|
What are the potential repercussions when a court settlement is violated? |
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 62
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 21, 2005 - 10:32 am: |
|
The court retained jurisdiction through 2006. In theory, this is something very much akin to (if not exactly like) a "violation of a restraining order".
Whether this will rise all the way to the level of "contempt of court" or not, I don't know.
We're filing a formal complaint backed by declaration with the California Attorney General's office today. We think that's a good first step. If they take no action, we'll complain directly to the judge.
We'll post the contents of the formal complaint to the AG's office and my declaration soon...should be tomorrow. Bev and I are on the road in Sacramento today.
Jim |
Michael McCrohon
Frequent Voting Rights Forum Participant
Username: Mmiixx
Post Number: 145
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 21, 2005 - 7:10 pm: |
|
Are any "logs" obtainable ? |
Jay Varner
Voting Rights Forum Participant
Username: Vrdatadude
Post Number: 1
Registered: 10-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, November 23, 2005 - 9:49 am: |
|
Frivilous. The networks and associated connectivity to external LANS/WANS are controlled and configured by the county, not the vendor. If Diebold sent a single sentence in an email to the county recommending that internet connectivity not be allowed in any form (and I know they have), they've covered their bases. Ultimately, the county's network configuration is beyond their control, and a court will support that.
It's not that I disagree with your intent, but I don't see this succeeding... |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2808
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, November 23, 2005 - 2:45 pm: |
|
Jay -- Thanks for your insights, and you make good points which need to be further evaluated.
By the way, (2:44 p.m. Pacific time Wed. Nov 23) I just posted several additional links to documents within the original article.
Bev |
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 63
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, November 23, 2005 - 2:50 pm: |
|
In one sense you have a point, but there's a part you're missing regarding how California certification works.
Setting the "court order" issue aside, under normal practices Diebold writes a "procedures manual" to go along with their systems. BOTH the system and it's procedures manual are certified by the SecState, which is why California had the VSPP: "Voting Systems and Procedures Panel".
If the county isn't following the procedures, the system is uncertified. Basically, Diebold's procedures manual as approved by the SecState has force of law in California. If violated, and if Diebold knew the certification wasn't being followed, it IS Diebold's problem.
Here's the manual for the current certification in San Diego:
http://www.ss.ca.gov/elections/procedures_items_5c.pdf
(And yes, we've confirmed that this is the manual in use for San Diego and other optical scan counties.)
Look at section 7.4.7 on page 40:
---------
The GEMS server should not be connected to any network that has an external Internet connection. All network connections shall be local.
---------
Diebold can't get involved in any situation that violates this provision, which has the force of law in California. Not when they've already been caught installing uncertified software all over the state.
I think Diebold *is* responsible for ensuring that the certified procedures are used, because if the procedures are violated the software is uncertified, and they've already been punished to the tune of $2.6mil for installation of uncertified software.
Next, in a situation such as San Diego where they knew networking was going on in violation of both the court order and section 7.4.7 of the certified procedures manual, do you really think it likely that Diebold wrote a "don't do this!" memo which San Diego elections officials ignored?!
I rather think not. The county would be taking on a horrific legal burden if such a document came out because there's a big difference between accidentally breaking a law and *deliberately* doing so.
(Which is why all manner of corporate and government malfeasance cases often focus on memos showing deliberate intent - very often investigators can prove something went wrong, but proving intent is another matter.) |
Edward Robles
Voting Rights Forum Participant
Username: Tedeger
Post Number: 3
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, November 27, 2005 - 8:36 am: |
|
Is Ken Lay on the Board of Diebold? |
Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam
Post Number: 648
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, November 27, 2005 - 8:41 am: |
|
Regarding 'Frivolous' as stated by Jay; the following has occured and is in violation of the court order:
z. Notify the Secretary of State and the counties in which
GEMS servers are to be used in California elections of any Microsoft security
patches that DESI recommends be installed on GEMS servers.
u. DESI shall not connect, cause any county customer or county employee to connect, or assist any county customer or county employee in
connecting, any voting systems to any network that is not both logically and physically isolated and protected. This provision is not intended to prohibit the counties' transmission of unofficial election results, including election night
results, using a public telephone system.
y. In the event a county does not request the GEMS reconfiguration described in subparagraph 6.3.x., DESI shall, upon request of the county, bear the cost of and provide written instructions and recommendations in order to enable the county to configure GEMS servers to be used in California elections with the following characteristics: (1) all network services and network ports are to be turned off, except those explicitly required to run the GEMS software; (2) the autorun feature in Windows is to be disabled; (3) the boot order is to boot from the hard drive first; and (4) the BIOS is to be password protected to prevent changes to the boot order.
z. Notify the Secretary of State and the counties in which GEMS servers are to be used in California elections of any Microsoft security patches that DESI recommends be installed on GEMS servers.
Having issued a public records request for all documents -including written and electronic communications-,contracts, and contract amendments
between San Diego County and diebold and received those documents including statements by the San Diego County Counsel that there are no other such documents and having gone though those documents, I can state unequivocally that such did not happen.
And since SD County did NOT request "the GEMS reconfiguration described in subparagraph 6.3.x.," NOR is there any documentation indicating DESI informed SD County of the court ordered configuration changes, that says all that needs to be said.
As an aside, I'd been calling for a prr of the SOS as towards reporting requirments of the court order; I should have been saying a PRR of the State Attorney General's office lor Alameda District Attorney regarding these reporting requirments. |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2840
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 8:27 am: |
|
Outstanding, fantastic work, Bruce.
Jim and I are going to have to get our butts into court on this.
Bev |
|
|
